Type a vendor name or a vulnerability id.



All the vulnerabilites related to OpenSSL - OpenSSL
cve-2024-4603
Vulnerability from cvelistv5
Published
2024-05-16 15:21
Modified
2024-08-13 15:11
Severity
Summary
Excessive time spent checking DSA keys and parameters
References
URLTags
https://www.openssl.org/news/secadv/20240516.txtvendor-advisory
https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397patch
https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0dpatch
https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740patch
https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7epatch
http://www.openwall.com/lists/oss-security/2024/05/16/2
https://security.netapp.com/advisory/ntap-20240621-0001/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:47:41.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20240516.txt"
          },
          {
            "name": "3.0.14 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397"
          },
          {
            "name": "3.1.6 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d"
          },
          {
            "name": "3.2.2 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740"
          },
          {
            "name": "3.3.1 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/16/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0001/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "openssl",
            "vendor": "openssl",
            "versions": [
              {
                "lessThan": "3.0.14",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "3.1.6",
                "status": "affected",
                "version": "3.1.0",
                "versionType": "semver"
              },
              {
                "lessThan": "3.2.2",
                "status": "affected",
                "version": "3.2.0",
                "versionType": "semver"
              },
              {
                "lessThan": "3.3.1",
                "status": "affected",
                "version": "3.3.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-4603",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-16T18:27:25.638098Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-834",
                "description": "CWE-834 Excessive Iteration",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-13T15:11:57.009Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.0.14",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1.6",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.2.2",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.1",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "OSS-Fuzz"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tomas Mraz"
        }
      ],
      "datePublic": "2024-05-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Checking excessively long DSA keys or parameters may be very\u003cbr\u003eslow.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the functions EVP_PKEY_param_check()\u003cbr\u003eor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\u003cbr\u003eexperience long delays. Where the key or parameters that are being checked\u003cbr\u003ehave been obtained from an untrusted source this may lead to a Denial of\u003cbr\u003eService.\u003cbr\u003e\u003cbr\u003eThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\u003cbr\u003evarious checks on DSA parameters. Some of those computations take a long time\u003cbr\u003eif the modulus (`p` parameter) is too large.\u003cbr\u003e\u003cbr\u003eTrying to use a very large modulus is slow and OpenSSL will not allow using\u003cbr\u003epublic keys with a modulus which is over 10,000 bits in length for signature\u003cbr\u003everification. However the key and parameter check functions do not limit\u003cbr\u003ethe modulus size when performing the checks.\u003cbr\u003e\u003cbr\u003eAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\u003cbr\u003eand supplies a key or parameters obtained from an untrusted source could be\u003cbr\u003evulnerable to a Denial of Service attack.\u003cbr\u003e\u003cbr\u003eThese functions are not called by OpenSSL itself on untrusted DSA keys so\u003cbr\u003eonly applications that directly call these functions may be vulnerable.\u003cbr\u003e\u003cbr\u003eAlso vulnerable are the OpenSSL pkey and pkeyparam command line applications\u003cbr\u003ewhen using the `-check` option.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue."
            }
          ],
          "value": "Issue summary: Checking excessively long DSA keys or parameters may be very\nslow.\n\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\nexperience long delays. Where the key or parameters that are being checked\nhave been obtained from an untrusted source this may lead to a Denial of\nService.\n\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\nvarious checks on DSA parameters. Some of those computations take a long time\nif the modulus (`p` parameter) is too large.\n\nTrying to use a very large modulus is slow and OpenSSL will not allow using\npublic keys with a modulus which is over 10,000 bits in length for signature\nverification. However the key and parameter check functions do not limit\nthe modulus size when performing the checks.\n\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\nand supplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nThese functions are not called by OpenSSL itself on untrusted DSA keys so\nonly applications that directly call these functions may be vulnerable.\n\nAlso vulnerable are the OpenSSL pkey and pkeyparam command line applications\nwhen using the `-check` option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Excessive Iteration",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-16T15:21:20.050Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20240516.txt"
        },
        {
          "name": "3.0.14 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397"
        },
        {
          "name": "3.1.6 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d"
        },
        {
          "name": "3.2.2 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740"
        },
        {
          "name": "3.3.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/05/16/2"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0001/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Excessive time spent checking DSA keys and parameters",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2024-4603",
    "datePublished": "2024-05-16T15:21:20.050Z",
    "dateReserved": "2024-05-07T11:44:02.196Z",
    "dateUpdated": "2024-08-13T15:11:57.009Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3511
Vulnerability from cvelistv5
Published
2014-08-13 23:00
Modified
2024-08-06 10:43
Severity
Summary
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue.
References
URLTags
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.htmlvendor-advisory, x_refsource_SUSE
http://linux.oracle.com/errata/ELSA-2014-1052.htmlx_refsource_CONFIRM
http://secunia.com/advisories/60221third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21682293x_refsource_CONFIRM
http://secunia.com/advisories/61184third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/60022third-party-advisory, x_refsource_SECUNIA
https://www.openssl.org/news/secadv_20140806.txtx_refsource_CONFIRM
http://secunia.com/advisories/61017third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2015-0197.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/60377third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142350350616251&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59887third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21683389x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142791032306609&w=2vendor-advisory, x_refsource_HP
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htmx_refsource_CONFIRM
http://secunia.com/advisories/60890third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-201412-39.xmlvendor-advisory, x_refsource_GENTOO
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142495837901899&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/60803third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59700third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id/1030693vdb-entry, x_refsource_SECTRACK
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/95162vdb-entry, x_refsource_XF
http://www.splunk.com/view/SP-CAAANHSx_refsource_CONFIRM
http://secunia.com/advisories/60917third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142350350616251&w=2vendor-advisory, x_refsource_HP
http://www.tenable.com/security/tns-2014-06x_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.ascvendor-advisory, x_refsource_NETBSD
https://kc.mcafee.com/corporate/index?page=content&id=SB10084x_refsource_CONFIRM
http://secunia.com/advisories/60493third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59710third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60921third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/69079vdb-entry, x_refsource_BID
http://secunia.com/advisories/61043third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60810third-party-advisory, x_refsource_SECUNIA
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=280b1f1ad12131defcd986676a8fc9717aaa601bx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240x_refsource_CONFIRM
http://secunia.com/advisories/61100third-party-advisory, x_refsource_SECUNIA
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://secunia.com/advisories/61775third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142495837901899&w=2vendor-advisory, x_refsource_HP
http://www.debian.org/security/2014/dsa-2998vendor-advisory, x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=143290437727362&w=2vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/61959third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59756third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=1127504x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142624590206005&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=143290522027658&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2015-0126.htmlvendor-advisory, x_refsource_REDHAT
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.ascx_refsource_CONFIRM
http://secunia.com/advisories/58962third-party-advisory, x_refsource_SECUNIA
http://www.arubanetworks.com/support/alerts/aid-08182014.txtx_refsource_CONFIRM
http://secunia.com/advisories/60938third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60684third-party-advisory, x_refsource_SECUNIA
https://support.citrix.com/article/CTX216642x_refsource_CONFIRM
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.htmlmailing-list, x_refsource_MLIST
https://techzone.ergon.ch/CVE-2014-3511x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686997x_refsource_CONFIRM
http://secunia.com/advisories/61139third-party-advisory, x_refsource_SECUNIA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:06.344Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2014:1052",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
          },
          {
            "name": "60221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
          },
          {
            "name": "61184",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61184"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "60022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60022"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20140806.txt"
          },
          {
            "name": "61017",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61017"
          },
          {
            "name": "RHSA-2015:0197",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0197.html"
          },
          {
            "name": "60377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60377"
          },
          {
            "name": "SSRT101818",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
          },
          {
            "name": "59887",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59887"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
          },
          {
            "name": "HPSBMU03304",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
          },
          {
            "name": "60890",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60890"
          },
          {
            "name": "GLSA-201412-39",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "HPSBMU03260",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "name": "60803",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60803"
          },
          {
            "name": "59700",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59700"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "name": "1030693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "name": "openssl-cve20143511-sec-bypass(95162)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95162"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAANHS"
          },
          {
            "name": "60917",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60917"
          },
          {
            "name": "HPSBMU03216",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.tenable.com/security/tns-2014-06"
          },
          {
            "name": "NetBSD-SA2014-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10084"
          },
          {
            "name": "60493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60493"
          },
          {
            "name": "59710",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59710"
          },
          {
            "name": "60921",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60921"
          },
          {
            "name": "69079",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69079"
          },
          {
            "name": "61043",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61043"
          },
          {
            "name": "60810",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60810"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=280b1f1ad12131defcd986676a8fc9717aaa601b"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
          },
          {
            "name": "61100",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61100"
          },
          {
            "name": "FreeBSD-SA-14:18",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
          },
          {
            "name": "61775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61775"
          },
          {
            "name": "SSRT101894",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "name": "DSA-2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2998"
          },
          {
            "name": "HPSBMU03263",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
          },
          {
            "name": "FEDORA-2014-9301",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
          },
          {
            "name": "61959",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61959"
          },
          {
            "name": "59756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59756"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127504"
          },
          {
            "name": "HPSBMU03267",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
          },
          {
            "name": "HPSBMU03261",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
          },
          {
            "name": "RHSA-2015:0126",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0126.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
          },
          {
            "name": "58962",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58962"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/support/alerts/aid-08182014.txt"
          },
          {
            "name": "60938",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60938"
          },
          {
            "name": "60684",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60684"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://techzone.ergon.ch/CVE-2014-3511"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
          },
          {
            "name": "61139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61139"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a \"protocol downgrade\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-14T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2014:1052",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
        },
        {
          "name": "60221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
        },
        {
          "name": "61184",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61184"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "60022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60022"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20140806.txt"
        },
        {
          "name": "61017",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61017"
        },
        {
          "name": "RHSA-2015:0197",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0197.html"
        },
        {
          "name": "60377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60377"
        },
        {
          "name": "SSRT101818",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
        },
        {
          "name": "59887",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59887"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
        },
        {
          "name": "HPSBMU03304",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
        },
        {
          "name": "60890",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60890"
        },
        {
          "name": "GLSA-201412-39",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "HPSBMU03260",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "name": "60803",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60803"
        },
        {
          "name": "59700",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59700"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "name": "1030693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "name": "openssl-cve20143511-sec-bypass(95162)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95162"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.splunk.com/view/SP-CAAANHS"
        },
        {
          "name": "60917",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60917"
        },
        {
          "name": "HPSBMU03216",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.tenable.com/security/tns-2014-06"
        },
        {
          "name": "NetBSD-SA2014-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10084"
        },
        {
          "name": "60493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60493"
        },
        {
          "name": "59710",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59710"
        },
        {
          "name": "60921",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60921"
        },
        {
          "name": "69079",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69079"
        },
        {
          "name": "61043",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61043"
        },
        {
          "name": "60810",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60810"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=280b1f1ad12131defcd986676a8fc9717aaa601b"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
        },
        {
          "name": "61100",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61100"
        },
        {
          "name": "FreeBSD-SA-14:18",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
        },
        {
          "name": "61775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61775"
        },
        {
          "name": "SSRT101894",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "name": "DSA-2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2998"
        },
        {
          "name": "HPSBMU03263",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
        },
        {
          "name": "FEDORA-2014-9301",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
        },
        {
          "name": "61959",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61959"
        },
        {
          "name": "59756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59756"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127504"
        },
        {
          "name": "HPSBMU03267",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
        },
        {
          "name": "HPSBMU03261",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
        },
        {
          "name": "RHSA-2015:0126",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0126.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
        },
        {
          "name": "58962",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58962"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/support/alerts/aid-08182014.txt"
        },
        {
          "name": "60938",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60938"
        },
        {
          "name": "60684",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60684"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://techzone.ergon.ch/CVE-2014-3511"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
        },
        {
          "name": "61139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61139"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3511",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a \"protocol downgrade\" issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2014:1052",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1052.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
            },
            {
              "name": "60221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60221"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
            },
            {
              "name": "61184",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61184"
            },
            {
              "name": "SSRT101846",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "60022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60022"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20140806.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20140806.txt"
            },
            {
              "name": "61017",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61017"
            },
            {
              "name": "RHSA-2015:0197",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0197.html"
            },
            {
              "name": "60377",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60377"
            },
            {
              "name": "SSRT101818",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
            },
            {
              "name": "59887",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59887"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
            },
            {
              "name": "HPSBMU03304",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
            },
            {
              "name": "60890",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60890"
            },
            {
              "name": "GLSA-201412-39",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
            },
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html",
              "refsource": "CONFIRM",
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html"
            },
            {
              "name": "HPSBHF03293",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
            },
            {
              "name": "HPSBMU03260",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
            },
            {
              "name": "60803",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60803"
            },
            {
              "name": "59700",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59700"
            },
            {
              "name": "FEDORA-2014-9308",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
            },
            {
              "name": "1030693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030693"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
            },
            {
              "name": "openssl-cve20143511-sec-bypass(95162)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95162"
            },
            {
              "name": "http://www.splunk.com/view/SP-CAAANHS",
              "refsource": "CONFIRM",
              "url": "http://www.splunk.com/view/SP-CAAANHS"
            },
            {
              "name": "60917",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60917"
            },
            {
              "name": "HPSBMU03216",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
            },
            {
              "name": "http://www.tenable.com/security/tns-2014-06",
              "refsource": "CONFIRM",
              "url": "http://www.tenable.com/security/tns-2014-06"
            },
            {
              "name": "NetBSD-SA2014-008",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10084",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10084"
            },
            {
              "name": "60493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60493"
            },
            {
              "name": "59710",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59710"
            },
            {
              "name": "60921",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60921"
            },
            {
              "name": "69079",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69079"
            },
            {
              "name": "61043",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61043"
            },
            {
              "name": "60810",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60810"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
            },
            {
              "name": "61100",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61100"
            },
            {
              "name": "FreeBSD-SA-14:18",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
            },
            {
              "name": "61775",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61775"
            },
            {
              "name": "SSRT101894",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
            },
            {
              "name": "DSA-2998",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2998"
            },
            {
              "name": "HPSBMU03263",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
            },
            {
              "name": "FEDORA-2014-9301",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
            },
            {
              "name": "61959",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61959"
            },
            {
              "name": "59756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59756"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1127504",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127504"
            },
            {
              "name": "HPSBMU03267",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
            },
            {
              "name": "HPSBMU03261",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
            },
            {
              "name": "RHSA-2015:0126",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0126.html"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
            },
            {
              "name": "58962",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58962"
            },
            {
              "name": "http://www.arubanetworks.com/support/alerts/aid-08182014.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/support/alerts/aid-08182014.txt"
            },
            {
              "name": "60938",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60938"
            },
            {
              "name": "60684",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60684"
            },
            {
              "name": "https://support.citrix.com/article/CTX216642",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX216642"
            },
            {
              "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
              "refsource": "MLIST",
              "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
            },
            {
              "name": "https://techzone.ergon.ch/CVE-2014-3511",
              "refsource": "CONFIRM",
              "url": "https://techzone.ergon.ch/CVE-2014-3511"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
            },
            {
              "name": "61139",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61139"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3511",
    "datePublished": "2014-08-13T23:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:43:06.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-2068
Vulnerability from cvelistv5
Published
2022-06-21 14:45
Modified
2024-09-16 19:41
Severity
Summary
The c_rehash script allows command injection
References
URLTags
https://www.openssl.org/news/secadv/20220621.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
https://www.debian.org/security/2022/dsa-5169vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/vendor-advisory
https://security.netapp.com/advisory/ntap-20220707-0008/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.279Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20220621.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
          },
          {
            "name": "DSA-5169",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5169"
          },
          {
            "name": "FEDORA-2022-3b7d0abd0b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220707-0008/"
          },
          {
            "name": "FEDORA-2022-41890e9e44",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Chancen (Qingteng 73lab)"
        }
      ],
      "datePublic": "2022-06-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-10T00:00:00",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20220621.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
        },
        {
          "name": "DSA-5169",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5169"
        },
        {
          "name": "FEDORA-2022-3b7d0abd0b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220707-0008/"
        },
        {
          "name": "FEDORA-2022-41890e9e44",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
        }
      ],
      "title": "The c_rehash script allows command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-2068",
    "datePublished": "2022-06-21T14:45:20.597138Z",
    "dateReserved": "2022-06-13T00:00:00",
    "dateUpdated": "2024-09-16T19:41:46.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2177
Vulnerability from cvelistv5
Published
2016-06-20 00:00
Modified
2024-08-05 23:17
Severity
Summary
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
References
URLTags
https://www.tenable.com/security/tns-2016-20
http://www.splunk.com/view/SP-CAAAPUE
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://rhn.redhat.com/errata/RHSA-2017-1659.htmlvendor-advisory
https://access.redhat.com/errata/RHSA-2017:1658vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-1940.htmlvendor-advisory
http://www.securitytracker.com/id/1036088vdb-entry
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://security.gentoo.org/glsa/201612-16vendor-advisory
https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
http://www.splunk.com/view/SP-CAAAPSV
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.tenable.com/security/tns-2016-16
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=a004e72b95835136d3f1ea90517f706c24c03da7
https://www.tenable.com/security/tns-2016-21
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://access.redhat.com/errata/RHSA-2017:0194vendor-advisory
https://access.redhat.com/errata/RHSA-2017:0193vendor-advisory
https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
https://bto.bluecoat.com/security-advisory/sa132
https://bugzilla.redhat.com/show_bug.cgi?id=1341705
https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/
http://www.securityfocus.com/bid/91319vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.ascvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us
https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
https://kc.mcafee.com/corporate/index?page=content&id=SB10165
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://www.openwall.com/lists/oss-security/2016/06/08/9mailing-list
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-3087-1vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.htmlvendor-advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-opensslvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-3087-2vendor-advisory
http://www.securityfocus.com/archive/1/540957/100/0/threadedmailing-list
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.htmlvendor-advisory
http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threadedmailing-list
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.htmlvendor-advisory
http://seclists.org/fulldisclosure/2017/Jul/31mailing-list
http://www.ubuntu.com/usn/USN-3181-1vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.htmlvendor-advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
https://support.f5.com/csp/article/K23873366
http://www.debian.org/security/2016/dsa-3673vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.htmlvendor-advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2017:1659",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
          },
          {
            "name": "RHSA-2017:1658",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1658"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "name": "1036088",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036088"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=a004e72b95835136d3f1ea90517f706c24c03da7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "RHSA-2017:0194",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0194"
          },
          {
            "name": "RHSA-2017:0193",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0193"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341705"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
          },
          {
            "name": "91319",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91319"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03763en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10165"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "name": "[oss-security] 20160608 CVE-2016-2177: OpenSSL undefined pointer arithmetic",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "name": "20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "name": "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540957/100/0/threaded"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "USN-3181-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3181-1"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K23873366"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2017:1659",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
        },
        {
          "name": "RHSA-2017:1658",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1658"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "name": "1036088",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036088"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=a004e72b95835136d3f1ea90517f706c24c03da7"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "RHSA-2017:0194",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0194"
        },
        {
          "name": "RHSA-2017:0193",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0193"
        },
        {
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341705"
        },
        {
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
        },
        {
          "name": "91319",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91319"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03763en_us"
        },
        {
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10165"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "name": "[oss-security] 20160608 CVE-2016-2177: OpenSSL undefined pointer arithmetic",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/9"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "name": "20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "name": "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/540957/100/0/threaded"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "USN-3181-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3181-1"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "url": "https://support.f5.com/csp/article/K23873366"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2177",
    "datePublished": "2016-06-20T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-3786
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 01:20
Severity
Summary
X.509 Email Address Variable Length Buffer Overflow
References
URLTags
https://www.openssl.org/news/secadv/20221101.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639apatch
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:20:58.788Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20221101.txt"
          },
          {
            "name": "3.0.7 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.0.7",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Viktor Dukhovni"
        }
      ],
      "datePublic": "2022-11-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.\u0027 character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.\u003c/p\u003e"
            }
          ],
          "value": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.\u0027 character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.\n\n"
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "HIGH"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html#high"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer overflow",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-04T07:28:32.835Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20221101.txt"
        },
        {
          "name": "3.0.7 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "X.509 Email Address Variable Length Buffer Overflow",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev",
        "importer": "vulnxml2json5.py 2022-11-04 07:19:07.034873"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-3786",
    "datePublished": "2022-11-01T00:00:00",
    "dateReserved": "2022-11-01T00:00:00",
    "dateUpdated": "2024-08-03T01:20:58.788Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-1165
Vulnerability from cvelistv5
Published
2012-03-15 17:00
Modified
2024-08-06 18:53
Severity
Summary
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.
References
URLTags
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.htmlvendor-advisory, x_refsource_FEDORA
http://rhn.redhat.com/errata/RHSA-2012-0531.htmlvendor-advisory, x_refsource_REDHAT
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/48899third-party-advisory, x_refsource_SECUNIA
https://downloads.avaya.com/css/P8/documents/100162507x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2012-1308.htmlvendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2012/03/12/3mailing-list, x_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2012-1307.htmlvendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2012/03/12/6mailing-list, x_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2012-0488.htmlvendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2012/dsa-2454vendor-advisory, x_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-1424-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/48895third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/48580third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-1306.htmlvendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id?1026787vdb-entry, x_refsource_SECTRACK
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2012-0426.htmlvendor-advisory, x_refsource_REDHAT
http://cvs.openssl.org/chngview?cn=22252x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=133728068926468&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/52764vdb-entry, x_refsource_BID
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.htmlvendor-advisory, x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2012/03/13/2mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2012/03/12/7mailing-list, x_refsource_MLIST
http://marc.info/?l=bugtraq&m=133728068926468&w=2vendor-advisory, x_refsource_HP
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:53:36.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2012-4630",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
          },
          {
            "name": "RHSA-2012:0531",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
          },
          {
            "name": "HPSBMU02786",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "name": "FEDORA-2012-18035",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
          },
          {
            "name": "48899",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48899"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://downloads.avaya.com/css/P8/documents/100162507"
          },
          {
            "name": "RHSA-2012:1308",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
          },
          {
            "name": "[oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/12/3"
          },
          {
            "name": "RHSA-2012:1307",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
          },
          {
            "name": "[oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/12/6"
          },
          {
            "name": "RHSA-2012:0488",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
          },
          {
            "name": "DSA-2454",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2454"
          },
          {
            "name": "USN-1424-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1424-1"
          },
          {
            "name": "48895",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48895"
          },
          {
            "name": "48580",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48580"
          },
          {
            "name": "RHSA-2012:1306",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
          },
          {
            "name": "1026787",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026787"
          },
          {
            "name": "FEDORA-2012-4665",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
          },
          {
            "name": "HPSBOV02793",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "RHSA-2012:0426",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=22252"
          },
          {
            "name": "HPSBUX02782",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          },
          {
            "name": "SSRT100891",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "52764",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52764"
          },
          {
            "name": "SSRT100877",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "name": "FEDORA-2012-4659",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
          },
          {
            "name": "[oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/13/2"
          },
          {
            "name": "[oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/12/7"
          },
          {
            "name": "SSRT100844",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-12T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2012-4630",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
        },
        {
          "name": "RHSA-2012:0531",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
        },
        {
          "name": "HPSBMU02786",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "name": "FEDORA-2012-18035",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
        },
        {
          "name": "48899",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48899"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://downloads.avaya.com/css/P8/documents/100162507"
        },
        {
          "name": "RHSA-2012:1308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
        },
        {
          "name": "[oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/12/3"
        },
        {
          "name": "RHSA-2012:1307",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
        },
        {
          "name": "[oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/12/6"
        },
        {
          "name": "RHSA-2012:0488",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
        },
        {
          "name": "DSA-2454",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2454"
        },
        {
          "name": "USN-1424-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1424-1"
        },
        {
          "name": "48895",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48895"
        },
        {
          "name": "48580",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48580"
        },
        {
          "name": "RHSA-2012:1306",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
        },
        {
          "name": "1026787",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026787"
        },
        {
          "name": "FEDORA-2012-4665",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
        },
        {
          "name": "HPSBOV02793",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "RHSA-2012:0426",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=22252"
        },
        {
          "name": "HPSBUX02782",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
        },
        {
          "name": "SSRT100891",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "52764",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52764"
        },
        {
          "name": "SSRT100877",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "name": "FEDORA-2012-4659",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
        },
        {
          "name": "[oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/13/2"
        },
        {
          "name": "[oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/12/7"
        },
        {
          "name": "SSRT100844",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-1165",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2012-4630",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
            },
            {
              "name": "RHSA-2012:0531",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
            },
            {
              "name": "HPSBMU02786",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
            },
            {
              "name": "FEDORA-2012-18035",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
            },
            {
              "name": "48899",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48899"
            },
            {
              "name": "https://downloads.avaya.com/css/P8/documents/100162507",
              "refsource": "CONFIRM",
              "url": "https://downloads.avaya.com/css/P8/documents/100162507"
            },
            {
              "name": "RHSA-2012:1308",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
            },
            {
              "name": "[oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/03/12/3"
            },
            {
              "name": "RHSA-2012:1307",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
            },
            {
              "name": "[oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/03/12/6"
            },
            {
              "name": "RHSA-2012:0488",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
            },
            {
              "name": "DSA-2454",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2454"
            },
            {
              "name": "USN-1424-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1424-1"
            },
            {
              "name": "48895",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48895"
            },
            {
              "name": "48580",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48580"
            },
            {
              "name": "RHSA-2012:1306",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
            },
            {
              "name": "1026787",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026787"
            },
            {
              "name": "FEDORA-2012-4665",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
            },
            {
              "name": "HPSBOV02793",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
            },
            {
              "name": "RHSA-2012:0426",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=22252",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=22252"
            },
            {
              "name": "HPSBUX02782",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
            },
            {
              "name": "SSRT100891",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
            },
            {
              "name": "52764",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52764"
            },
            {
              "name": "SSRT100877",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
            },
            {
              "name": "FEDORA-2012-4659",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
            },
            {
              "name": "[oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/03/13/2"
            },
            {
              "name": "[oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/03/12/7"
            },
            {
              "name": "SSRT100844",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-1165",
    "datePublished": "2012-03-15T17:00:00",
    "dateReserved": "2012-02-14T00:00:00",
    "dateUpdated": "2024-08-06T18:53:36.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-1791
Vulnerability from cvelistv5
Published
2015-06-12 00:00
Modified
2024-08-06 04:54
Severity
Summary
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
References
URLTags
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=143880121627664&w=2vendor-advisory
http://www.debian.org/security/2015/dsa-3287vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlvendor-advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965
https://openssl.org/news/secadv/20150611.txt
http://www.securityfocus.com/bid/75161vdb-entry
http://rhn.redhat.com/errata/RHSA-2015-1115.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securitytracker.com/id/1032479vdb-entry
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www-304.ibm.com/support/docview.wss?uid=swg21960041
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-opensslvendor-advisory
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-2639-1vendor-advisory
http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
https://security.gentoo.org/glsa/201506-02vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
http://www.securityfocus.com/bid/91787vdb-entry
http://marc.info/?l=bugtraq&m=143880121627664&w=2vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.htmlvendor-advisory
https://support.apple.com/kb/HT205031
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://support.citrix.com/article/CTX216642
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlvendor-advisory
https://bto.bluecoat.com/security-advisory/sa98
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.ascvendor-advisory
https://www.openssl.org/news/secadv_20150611.txt
https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:54:16.425Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2015:1184",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
          },
          {
            "name": "SSRT102180",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
          },
          {
            "name": "DSA-3287",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3287"
          },
          {
            "name": "SUSE-SU-2015:1150",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://openssl.org/news/secadv/20150611.txt"
          },
          {
            "name": "75161",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75161"
          },
          {
            "name": "RHSA-2015:1115",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "1032479",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032479"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "SUSE-SU-2015:1182",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "SUSE-SU-2015:1143",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
          },
          {
            "name": "FEDORA-2015-10108",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
          },
          {
            "name": "APPLE-SA-2015-08-13-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
          },
          {
            "name": "USN-2639-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2639-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
          },
          {
            "name": "GLSA-201506-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201506-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "HPSBUX03388",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
          },
          {
            "name": "FEDORA-2015-10047",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT205031"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "SUSE-SU-2015:1185",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
          },
          {
            "name": "openSUSE-SU-2015:1139",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa98"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10733"
          },
          {
            "name": "NetBSD-SA2015-008",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150611.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SU-2015:1184",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
        },
        {
          "name": "SSRT102180",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
        },
        {
          "name": "DSA-3287",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3287"
        },
        {
          "name": "SUSE-SU-2015:1150",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
        },
        {
          "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965"
        },
        {
          "url": "https://openssl.org/news/secadv/20150611.txt"
        },
        {
          "name": "75161",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/75161"
        },
        {
          "name": "RHSA-2015:1115",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "1032479",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032479"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "SUSE-SU-2015:1182",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "SUSE-SU-2015:1143",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
        },
        {
          "name": "FEDORA-2015-10108",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
        },
        {
          "name": "APPLE-SA-2015-08-13-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
        },
        {
          "name": "USN-2639-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2639-1"
        },
        {
          "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
        },
        {
          "name": "GLSA-201506-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201506-02"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "HPSBUX03388",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
        },
        {
          "name": "FEDORA-2015-10047",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html"
        },
        {
          "url": "https://support.apple.com/kb/HT205031"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "SUSE-SU-2015:1185",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
        },
        {
          "name": "openSUSE-SU-2015:1139",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa98"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10733"
        },
        {
          "name": "NetBSD-SA2015-008",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150611.txt"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-1791",
    "datePublished": "2015-06-12T00:00:00",
    "dateReserved": "2015-02-17T00:00:00",
    "dateUpdated": "2024-08-06T04:54:16.425Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3735
Vulnerability from cvelistv5
Published
2017-08-28 00:00
Modified
2024-08-05 14:39
Severity
Summary
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
References
URLTags
http://www.securitytracker.com/id/1039726vdb-entry
https://usn.ubuntu.com/3611-2/vendor-advisory
https://www.debian.org/security/2017/dsa-4018vendor-advisory
https://security.gentoo.org/glsa/201712-03vendor-advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00011.htmlmailing-list
https://access.redhat.com/errata/RHSA-2018:3505vendor-advisory
https://www.debian.org/security/2017/dsa-4017vendor-advisory
https://access.redhat.com/errata/RHSA-2018:3221vendor-advisory
http://www.securityfocus.com/bid/100515vdb-entry
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.ascvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://security.netapp.com/advisory/ntap-20171107-0002/
https://support.apple.com/HT208331
https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822
https://security.netapp.com/advisory/ntap-20170927-0001/
https://www.tenable.com/security/tns-2017-15
https://www.openssl.org/news/secadv/20171102.txt
https://www.tenable.com/security/tns-2017-14
https://www.openssl.org/news/secadv/20170828.txt
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
OpenSSL Software FoundationOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.087Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039726",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039726"
          },
          {
            "name": "USN-3611-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3611-2/"
          },
          {
            "name": "DSA-4018",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4018"
          },
          {
            "name": "GLSA-201712-03",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201712-03"
          },
          {
            "name": "[debian-lts-announce] 20171109 [SECURITY] [DLA-1157-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html"
          },
          {
            "name": "RHSA-2018:3505",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3505"
          },
          {
            "name": "DSA-4017",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4017"
          },
          {
            "name": "RHSA-2018:3221",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3221"
          },
          {
            "name": "100515",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100515"
          },
          {
            "name": "FreeBSD-SA-17:11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171107-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208331"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170927-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20171102.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20170828.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.1.0"
            },
            {
              "status": "affected",
              "version": "1.0.2"
            }
          ]
        }
      ],
      "datePublic": "2017-08-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "out of bounds read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "1039726",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1039726"
        },
        {
          "name": "USN-3611-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/3611-2/"
        },
        {
          "name": "DSA-4018",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4018"
        },
        {
          "name": "GLSA-201712-03",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201712-03"
        },
        {
          "name": "[debian-lts-announce] 20171109 [SECURITY] [DLA-1157-1] openssl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html"
        },
        {
          "name": "RHSA-2018:3505",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3505"
        },
        {
          "name": "DSA-4017",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4017"
        },
        {
          "name": "RHSA-2018:3221",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3221"
        },
        {
          "name": "100515",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/100515"
        },
        {
          "name": "FreeBSD-SA-17:11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20171107-0002/"
        },
        {
          "url": "https://support.apple.com/HT208331"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20170927-0001/"
        },
        {
          "url": "https://www.tenable.com/security/tns-2017-15"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20171102.txt"
        },
        {
          "url": "https://www.tenable.com/security/tns-2017-14"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20170828.txt"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2017-3735",
    "datePublished": "2017-08-28T00:00:00",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-08-05T14:39:41.087Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-3195
Vulnerability from cvelistv5
Published
2015-12-06 00:00
Modified
2024-08-06 05:39
Severity
Summary
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
References
URLTags
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2056.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
https://support.apple.com/HT206167
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-opensslvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-2617.htmlvendor-advisory
http://www.fortiguard.com/advisory/openssl-advisory-december-2015
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
http://www.securityfocus.com/bid/78626vdb-entry
http://rhn.redhat.com/errata/RHSA-2015-2616.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://marc.info/?l=bugtraq&m=145382583417444&w=2vendor-advisory
http://www.ubuntu.com/usn/USN-2830-1vendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.securityfocus.com/bid/91787vdb-entry
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://openssl.org/news/secadv/20151203.txt
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.securitytracker.com/id/1034294vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d
http://fortiguard.com/advisory/openssl-advisory-december-2015
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
http://www.debian.org/security/2015/dsa-3413vendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.htmlvendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:39:31.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "APPLE-SA-2016-03-21-5",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
          },
          {
            "name": "RHSA-2016:2056",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206167"
          },
          {
            "name": "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
          },
          {
            "name": "openSUSE-SU-2015:2288",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
          },
          {
            "name": "RHSA-2015:2617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2617.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "SSA:2015-349-04",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100"
          },
          {
            "name": "78626",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/78626"
          },
          {
            "name": "RHSA-2015:2616",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2616.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
          },
          {
            "name": "HPSBGN03536",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
          },
          {
            "name": "USN-2830-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2830-1"
          },
          {
            "name": "openSUSE-SU-2015:2289",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
          },
          {
            "name": "FEDORA-2015-d87d60b9a9",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20151203.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "1034294",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034294"
          },
          {
            "name": "SUSE-SU-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10733"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
          },
          {
            "name": "DSA-3413",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3413"
          },
          {
            "name": "openSUSE-SU-2015:2318",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "name": "openSUSE-SU-2015:2349",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "APPLE-SA-2016-03-21-5",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
        },
        {
          "name": "RHSA-2016:2056",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "url": "https://support.apple.com/HT206167"
        },
        {
          "name": "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
        },
        {
          "name": "openSUSE-SU-2015:2288",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
        },
        {
          "name": "RHSA-2015:2617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2617.html"
        },
        {
          "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "SSA:2015-349-04",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100"
        },
        {
          "name": "78626",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/78626"
        },
        {
          "name": "RHSA-2015:2616",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2616.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
        },
        {
          "name": "HPSBGN03536",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
        },
        {
          "name": "USN-2830-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2830-1"
        },
        {
          "name": "openSUSE-SU-2015:2289",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
        },
        {
          "name": "FEDORA-2015-d87d60b9a9",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "url": "http://openssl.org/news/secadv/20151203.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "1034294",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034294"
        },
        {
          "name": "SUSE-SU-2016:0678",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10733"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d"
        },
        {
          "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
        },
        {
          "name": "DSA-3413",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3413"
        },
        {
          "name": "openSUSE-SU-2015:2318",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "name": "openSUSE-SU-2015:2349",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-3195",
    "datePublished": "2015-12-06T00:00:00",
    "dateReserved": "2015-04-10T00:00:00",
    "dateUpdated": "2024-08-06T05:39:31.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-1390
Vulnerability from cvelistv5
Published
2009-06-16 20:26
Modified
2024-08-07 05:13
Severity
Summary
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
References
URLTags
http://www.securityfocus.com/bid/35288vdb-entry, x_refsource_BID
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.htmlvendor-advisory, x_refsource_FEDORA
http://dev.mutt.org/hg/mutt/rev/64bf199c8d8ax_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/51068vdb-entry, x_refsource_XF
http://dev.mutt.org/hg/mutt/rev/8f11dd00c770x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2009/06/10/2mailing-list, x_refsource_MLIST
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:13:25.481Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "35288",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35288"
          },
          {
            "name": "FEDORA-2009-6465",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a"
          },
          {
            "name": "mutt-x509-security-bypass(51068)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770"
          },
          {
            "name": "[oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/06/10/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "35288",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35288"
        },
        {
          "name": "FEDORA-2009-6465",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a"
        },
        {
          "name": "mutt-x509-security-bypass(51068)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770"
        },
        {
          "name": "[oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/06/10/2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-1390",
    "datePublished": "2009-06-16T20:26:00",
    "dateReserved": "2009-04-23T00:00:00",
    "dateUpdated": "2024-08-07T05:13:25.481Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3731
Vulnerability from cvelistv5
Published
2017-01-26 00:00
Modified
2024-08-05 14:39
Severity
Summary
Truncated packet could crash via OOB read
References
URLTags
https://access.redhat.com/errata/RHSA-2018:2185vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2186vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20171019-0002/x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/95813vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2017-0286.htmlvendor-advisory, x_refsource_REDHAT
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.ascvendor-advisory, x_refsource_FREEBSD
https://www.openssl.org/news/secadv/20170126.txtx_refsource_CONFIRM
http://www.securitytracker.com/id/1037717vdb-entry, x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://www.tenable.com/security/tns-2017-04x_refsource_CONFIRM
https://source.android.com/security/bulletin/pixel/2017-11-01x_refsource_CONFIRM
https://security.gentoo.org/glsa/201702-07vendor-advisory, x_refsource_GENTOO
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
http://www.debian.org/security/2017/dsa-3773vendor-advisory, x_refsource_DEBIAN
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2187vendor-advisory, x_refsource_REDHAT
https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21x_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://security.paloaltonetworks.com/CVE-2017-3731x_refsource_CONFIRM
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:40.936Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2185",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2185"
          },
          {
            "name": "RHSA-2018:2186",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2186"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "95813",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95813"
          },
          {
            "name": "RHSA-2017:0286",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
          },
          {
            "name": "FreeBSD-SA-17:02",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20170126.txt"
          },
          {
            "name": "1037717",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037717"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-04"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
          },
          {
            "name": "GLSA-201702-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-07"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "DSA-3773",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3773"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us"
          },
          {
            "name": "RHSA-2018:2187",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2187"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2017-3731"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "openssl-1.1.0"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0a"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0b"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0c"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2a"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2b"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2c"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2d"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2e"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2f"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2g"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2h"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2i"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2j"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Robert \u015awi\u0119cki of Google"
        }
      ],
      "datePublic": "2017-01-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "out-of-bounds read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-17T16:03:45",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "RHSA-2018:2185",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2185"
        },
        {
          "name": "RHSA-2018:2186",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2186"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "95813",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95813"
        },
        {
          "name": "RHSA-2017:0286",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
        },
        {
          "name": "FreeBSD-SA-17:02",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20170126.txt"
        },
        {
          "name": "1037717",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037717"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2017-04"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
        },
        {
          "name": "GLSA-201702-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-07"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "DSA-3773",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3773"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us"
        },
        {
          "name": "RHSA-2018:2187",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2017-3731"
        }
      ],
      "title": "Truncated packet could crash via OOB read",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2017-01-26",
          "ID": "CVE-2017-3731",
          "STATE": "PUBLIC",
          "TITLE": "Truncated packet could crash via OOB read"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "openssl-1.1.0"
                          },
                          {
                            "version_value": "openssl-1.1.0a"
                          },
                          {
                            "version_value": "openssl-1.1.0b"
                          },
                          {
                            "version_value": "openssl-1.1.0c"
                          },
                          {
                            "version_value": "openssl-1.0.2"
                          },
                          {
                            "version_value": "openssl-1.0.2a"
                          },
                          {
                            "version_value": "openssl-1.0.2b"
                          },
                          {
                            "version_value": "openssl-1.0.2c"
                          },
                          {
                            "version_value": "openssl-1.0.2d"
                          },
                          {
                            "version_value": "openssl-1.0.2e"
                          },
                          {
                            "version_value": "openssl-1.0.2f"
                          },
                          {
                            "version_value": "openssl-1.0.2g"
                          },
                          {
                            "version_value": "openssl-1.0.2h"
                          },
                          {
                            "version_value": "openssl-1.0.2i"
                          },
                          {
                            "version_value": "openssl-1.0.2j"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Robert \u015awi\u0119cki of Google"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
            "value": "Moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "out-of-bounds read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2185",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2185"
            },
            {
              "name": "RHSA-2018:2186",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2186"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171019-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "95813",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95813"
            },
            {
              "name": "RHSA-2017:0286",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
            },
            {
              "name": "FreeBSD-SA-17:02",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20170126.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20170126.txt"
            },
            {
              "name": "1037717",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037717"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2017-04",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2017-04"
            },
            {
              "name": "https://source.android.com/security/bulletin/pixel/2017-11-01",
              "refsource": "CONFIRM",
              "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
            },
            {
              "name": "GLSA-201702-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-07"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "DSA-3773",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3773"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us"
            },
            {
              "name": "RHSA-2018:2187",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2187"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21",
              "refsource": "MISC",
              "url": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://security.paloaltonetworks.com/CVE-2017-3731",
              "refsource": "CONFIRM",
              "url": "https://security.paloaltonetworks.com/CVE-2017-3731"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2017-3731",
    "datePublished": "2017-01-26T00:00:00",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-08-05T14:39:40.936Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8176
Vulnerability from cvelistv5
Published
2015-06-12 00:00
Modified
2024-08-06 13:10
Severity
Summary
The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.
References
URLTags
http://www.debian.org/security/2015/dsa-3287vendor-advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
https://openssl.org/news/secadv/20150611.txt
http://rhn.redhat.com/errata/RHSA-2015-1115.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
http://www.securitytracker.com/id/1032564vdb-entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-opensslvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisory
http://www.securityfocus.com/bid/75159vdb-entry
http://www.ubuntu.com/usn/USN-2639-1vendor-advisory
http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7
https://security.gentoo.org/glsa/201506-02vendor-advisory
https://rt.openssl.org/Ticket/Display.html?id=3286&user=guest&pass=guest
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlvendor-advisory
https://bto.bluecoat.com/security-advisory/sa98
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.ascvendor-advisory
https://www.openssl.org/news/secadv_20150611.txt
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:50.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3287",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3287"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://openssl.org/news/secadv/20150611.txt"
          },
          {
            "name": "RHSA-2015:1115",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
          },
          {
            "name": "1032564",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032564"
          },
          {
            "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "75159",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75159"
          },
          {
            "name": "USN-2639-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2639-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7"
          },
          {
            "name": "GLSA-201506-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201506-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rt.openssl.org/Ticket/Display.html?id=3286\u0026user=guest\u0026pass=guest"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "SUSE-SU-2015:1185",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa98"
          },
          {
            "name": "NetBSD-SA2015-008",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150611.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-3287",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3287"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
        },
        {
          "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
        },
        {
          "url": "https://openssl.org/news/secadv/20150611.txt"
        },
        {
          "name": "RHSA-2015:1115",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
        },
        {
          "name": "1032564",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032564"
        },
        {
          "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "name": "75159",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/75159"
        },
        {
          "name": "USN-2639-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2639-1"
        },
        {
          "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7"
        },
        {
          "name": "GLSA-201506-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201506-02"
        },
        {
          "url": "https://rt.openssl.org/Ticket/Display.html?id=3286\u0026user=guest\u0026pass=guest"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "SUSE-SU-2015:1185",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa98"
        },
        {
          "name": "NetBSD-SA2015-008",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150611.txt"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-8176",
    "datePublished": "2015-06-12T00:00:00",
    "dateReserved": "2014-10-10T00:00:00",
    "dateUpdated": "2024-08-06T13:10:50.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0464
Vulnerability from cvelistv5
Published
2023-03-22 16:36
Modified
2024-08-02 05:10
Severity
Summary
Excessive Resource Usage Verifying X.509 Policy Constraints
References
URLTags
https://www.openssl.org/news/secadv/20230322.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348bpatch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642epatch
https://www.couchbase.com/alerts/
https://www.debian.org/security/2023/dsa-5417
https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
https://security.gentoo.org/glsa/202402-08
https://security.netapp.com/advisory/ntap-20240621-0006/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:10:56.350Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20230406-0006/"
          },
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230322.txt"
          },
          {
            "name": "3.1.1 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545"
          },
          {
            "name": "3.0.9 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1"
          },
          {
            "name": "1.1.1u git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b"
          },
          {
            "name": "1.0.2zh patch (premium)",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5417"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.1.1",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.9",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1u",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zh",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "David Benjamin (Google)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Dr Paul Dale"
        }
      ],
      "datePublic": "2023-03-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A security vulnerability has been identified in all supported versions\u003cbr\u003e\u003cbr\u003eof OpenSSL related to the verification of X.509 certificate chains\u003cbr\u003ethat include policy constraints.  Attackers may be able to exploit this\u003cbr\u003evulnerability by creating a malicious certificate chain that triggers\u003cbr\u003eexponential use of computational resources, leading to a denial-of-service\u003cbr\u003e(DoS) attack on affected systems.\u003cbr\u003e\u003cbr\u003ePolicy processing is disabled by default but can be enabled by passing\u003cbr\u003ethe `-policy\u0027 argument to the command line utilities or by calling the\u003cbr\u003e`X509_VERIFY_PARAM_set1_policies()\u0027 function."
            }
          ],
          "value": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints.  Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy\u0027 argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()\u0027 function."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "inefficient algorithmic complexity",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-22T16:36:47.383Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230322.txt"
        },
        {
          "name": "3.1.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545"
        },
        {
          "name": "3.0.9 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1"
        },
        {
          "name": "1.1.1u git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b"
        },
        {
          "name": "1.0.2zh patch (premium)",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5417"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Excessive Resource Usage Verifying X.509 Policy Constraints",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-0464",
    "datePublished": "2023-03-22T16:36:47.383Z",
    "dateReserved": "2023-01-24T13:50:25.835Z",
    "dateUpdated": "2024-08-02T05:10:56.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0195
Vulnerability from cvelistv5
Published
2014-06-05 21:00
Modified
2024-08-06 09:05
Severity
Summary
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
References
URLTags
http://secunia.com/advisories/59342third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59669third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59530third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59990third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id/1030337vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/59454third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59188third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59126third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59306third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21678289x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=140266410314613&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61254third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=1103598x_refsource_CONFIRM
http://secunia.com/advisories/59223third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59895third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58743third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59449third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=isg400001843x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140317760000786&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21676879x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677828x_refsource_CONFIRM
http://secunia.com/advisories/59441third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140621259019789&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59189third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2014:106vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/59300third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-201407-05.xmlvendor-advisory, x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://www.ibm.com/support/docview.wss?uid=swg24037783x_refsource_CONFIRM
http://secunia.com/advisories/59365third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21677695x_refsource_CONFIRM
http://secunia.com/advisories/59305third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/534161/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676889x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/58945third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=isg400001841x_refsource_CONFIRM
http://secunia.com/advisories/58883third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59659third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/59429third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59655third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58660third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676071x_refsource_CONFIRM
http://secunia.com/advisories/59437third-party-advisory, x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754x_refsource_CONFIRM
http://www.securityfocus.com/bid/67900vdb-entry, x_refsource_BID
http://www.vmware.com/security/advisories/VMSA-2014-0006.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59310third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.ascx_refsource_CONFIRM
http://www.fortiguard.com/advisory/FG-IR-14-018/x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlvendor-advisory, x_refsource_SUSE
http://www.ibm.com/support/docview.wss?uid=swg21676793x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=swg21676356x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140389274407904&w=2vendor-advisory, x_refsource_HP
http://support.citrix.com/article/CTX140876x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1632ef744872edc2aa2a53d487d3e79c965a4ad3x_refsource_CONFIRM
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140499827729550&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/58939third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140266410314613&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59514third-party-advisory, x_refsource_SECUNIA
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-opensslvendor-advisory, x_refsource_CISCO
https://kc.mcafee.com/corporate/index?page=content&id=SB10075x_refsource_CONFIRM
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002x_refsource_MISC
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676419x_refsource_CONFIRM
http://secunia.com/advisories/58714third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140482916501310&w=2vendor-advisory, x_refsource_HP
http://www.openssl.org/news/secadv_20140605.txtx_refsource_CONFIRM
http://secunia.com/advisories/58615third-party-advisory, x_refsource_SECUNIA
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.htmlx_refsource_CONFIRM
http://seclists.org/fulldisclosure/2014/Dec/23mailing-list, x_refsource_FULLDISC
http://www-01.ibm.com/support/docview.wss?uid=swg21676644x_refsource_CONFIRM
http://support.apple.com/kb/HT6443x_refsource_CONFIRM
http://secunia.com/advisories/59587third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59301third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59784third-party-advisory, x_refsource_SECUNIA
https://kb.bluecoat.com/index?page=content&id=SA80x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140904544427729&w=2vendor-advisory, x_refsource_HP
http://www.f-secure.com/en/web/labs_global/fsc-2014-6x_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21678167x_refsource_CONFIRM
http://secunia.com/advisories/59192third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=140752315422991&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59040third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140389355508263&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59175third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140448122410568&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59666third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140431828824371&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59413third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21675821x_refsource_CONFIRM
http://secunia.com/advisories/59721third-party-advisory, x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676062x_refsource_CONFIRM
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048x_refsource_MISC
http://secunia.com/advisories/58713third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21673137x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
http://www-01.ibm.com/support/docview.wss?uid=swg21676035x_refsource_CONFIRM
http://secunia.com/advisories/59450third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59287third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21683332x_refsource_CONFIRM
http://secunia.com/advisories/59491third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59364third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59451third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58977third-party-advisory, x_refsource_SECUNIA
https://www.novell.com/support/kb/doc.php?id=7015271x_refsource_CONFIRM
http://secunia.com/advisories/60571third-party-advisory, x_refsource_SECUNIA
http://www.blackberry.com/btsc/KB36051x_refsource_CONFIRM
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755x_refsource_CONFIRM
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htmx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677527x_refsource_CONFIRM
http://secunia.com/advisories/59528third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58337third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59518third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59162third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59490third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140491231331543&w=2vendor-advisory, x_refsource_HP
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:05:39.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59342"
          },
          {
            "name": "59669",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59669"
          },
          {
            "name": "59530",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59530"
          },
          {
            "name": "59990",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59990"
          },
          {
            "name": "1030337",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030337"
          },
          {
            "name": "59454",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59454"
          },
          {
            "name": "59188",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59188"
          },
          {
            "name": "59126",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59126"
          },
          {
            "name": "59306",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59306"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "HPSBUX03046",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
          },
          {
            "name": "61254",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61254"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103598"
          },
          {
            "name": "59223",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59223"
          },
          {
            "name": "59895",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59895"
          },
          {
            "name": "58743",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58743"
          },
          {
            "name": "59449",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59449"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
          },
          {
            "name": "HPSBOV03047",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
          },
          {
            "name": "59441",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59441"
          },
          {
            "name": "HPSBMU03074",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
          },
          {
            "name": "59189",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59189"
          },
          {
            "name": "MDVSA-2014:106",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106"
          },
          {
            "name": "59300",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59300"
          },
          {
            "name": "GLSA-201407-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
          },
          {
            "name": "59365",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59365"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
          },
          {
            "name": "59305",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59305"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "name": "58945",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58945"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
          },
          {
            "name": "58883",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58883"
          },
          {
            "name": "59659",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59659"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "name": "59429",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59429"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "name": "59655",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59655"
          },
          {
            "name": "58660",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58660"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
          },
          {
            "name": "59437",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59437"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
          },
          {
            "name": "67900",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67900"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
          },
          {
            "name": "59310",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59310"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/"
          },
          {
            "name": "SUSE-SU-2015:0743",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
          },
          {
            "name": "HPSBMU03057",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX140876"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1632ef744872edc2aa2a53d487d3e79c965a4ad3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
          },
          {
            "name": "HPSBMU03069",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2"
          },
          {
            "name": "58939",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58939"
          },
          {
            "name": "SSRT101590",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
          },
          {
            "name": "59514",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59514"
          },
          {
            "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
          },
          {
            "name": "58714",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58714"
          },
          {
            "name": "HPSBGN03050",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20140605.txt"
          },
          {
            "name": "58615",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58615"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT6443"
          },
          {
            "name": "59587",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59587"
          },
          {
            "name": "59301",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59301"
          },
          {
            "name": "59784",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59784"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
          },
          {
            "name": "HPSBMU03076",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
          },
          {
            "name": "59192",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59192"
          },
          {
            "name": "FEDORA-2014-9301",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
          },
          {
            "name": "HPSBMU03062",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
          },
          {
            "name": "59040",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59040"
          },
          {
            "name": "HPSBMU03056",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
          },
          {
            "name": "59175",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59175"
          },
          {
            "name": "HPSBMU03051",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
          },
          {
            "name": "59666",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59666"
          },
          {
            "name": "HPSBMU03055",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
          },
          {
            "name": "59413",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59413"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
          },
          {
            "name": "59721",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59721"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048"
          },
          {
            "name": "58713",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58713"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
          },
          {
            "name": "59450",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59450"
          },
          {
            "name": "59287",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59287"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
          },
          {
            "name": "59491",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59491"
          },
          {
            "name": "59364",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59364"
          },
          {
            "name": "59451",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59451"
          },
          {
            "name": "58977",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58977"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
          },
          {
            "name": "60571",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60571"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.blackberry.com/btsc/KB36051"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
          },
          {
            "name": "59528",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59528"
          },
          {
            "name": "58337",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58337"
          },
          {
            "name": "59518",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59518"
          },
          {
            "name": "59162",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59162"
          },
          {
            "name": "59490",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59490"
          },
          {
            "name": "HPSBMU03065",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "59342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59342"
        },
        {
          "name": "59669",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59669"
        },
        {
          "name": "59530",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59530"
        },
        {
          "name": "59990",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59990"
        },
        {
          "name": "1030337",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030337"
        },
        {
          "name": "59454",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59454"
        },
        {
          "name": "59188",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59188"
        },
        {
          "name": "59126",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59126"
        },
        {
          "name": "59306",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59306"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "HPSBUX03046",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
        },
        {
          "name": "61254",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61254"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103598"
        },
        {
          "name": "59223",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59223"
        },
        {
          "name": "59895",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59895"
        },
        {
          "name": "58743",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58743"
        },
        {
          "name": "59449",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59449"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
        },
        {
          "name": "HPSBOV03047",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
        },
        {
          "name": "59441",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59441"
        },
        {
          "name": "HPSBMU03074",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
        },
        {
          "name": "59189",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59189"
        },
        {
          "name": "MDVSA-2014:106",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106"
        },
        {
          "name": "59300",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59300"
        },
        {
          "name": "GLSA-201407-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
        },
        {
          "name": "59365",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59365"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
        },
        {
          "name": "59305",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59305"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "name": "58945",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58945"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
        },
        {
          "name": "58883",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58883"
        },
        {
          "name": "59659",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59659"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "name": "59429",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59429"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
        },
        {
          "name": "59655",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59655"
        },
        {
          "name": "58660",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58660"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
        },
        {
          "name": "59437",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59437"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
        },
        {
          "name": "67900",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67900"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
        },
        {
          "name": "59310",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59310"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/"
        },
        {
          "name": "SUSE-SU-2015:0743",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
        },
        {
          "name": "HPSBMU03057",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX140876"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1632ef744872edc2aa2a53d487d3e79c965a4ad3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
        },
        {
          "name": "HPSBMU03069",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2"
        },
        {
          "name": "58939",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58939"
        },
        {
          "name": "SSRT101590",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
        },
        {
          "name": "59514",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59514"
        },
        {
          "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
        },
        {
          "name": "58714",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58714"
        },
        {
          "name": "HPSBGN03050",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20140605.txt"
        },
        {
          "name": "58615",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58615"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT6443"
        },
        {
          "name": "59587",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59587"
        },
        {
          "name": "59301",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59301"
        },
        {
          "name": "59784",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59784"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
        },
        {
          "name": "HPSBMU03076",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
        },
        {
          "name": "59192",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59192"
        },
        {
          "name": "FEDORA-2014-9301",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
        },
        {
          "name": "HPSBMU03062",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
        },
        {
          "name": "59040",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59040"
        },
        {
          "name": "HPSBMU03056",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
        },
        {
          "name": "59175",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59175"
        },
        {
          "name": "HPSBMU03051",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
        },
        {
          "name": "59666",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59666"
        },
        {
          "name": "HPSBMU03055",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
        },
        {
          "name": "59413",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59413"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
        },
        {
          "name": "59721",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59721"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048"
        },
        {
          "name": "58713",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58713"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
        },
        {
          "name": "59450",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59450"
        },
        {
          "name": "59287",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59287"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
        },
        {
          "name": "59491",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59491"
        },
        {
          "name": "59364",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59364"
        },
        {
          "name": "59451",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59451"
        },
        {
          "name": "58977",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58977"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
        },
        {
          "name": "60571",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60571"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.blackberry.com/btsc/KB36051"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
        },
        {
          "name": "59528",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59528"
        },
        {
          "name": "58337",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58337"
        },
        {
          "name": "59518",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59518"
        },
        {
          "name": "59162",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59162"
        },
        {
          "name": "59490",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59490"
        },
        {
          "name": "HPSBMU03065",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-0195",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59342",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59342"
            },
            {
              "name": "59669",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59669"
            },
            {
              "name": "59530",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59530"
            },
            {
              "name": "59990",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59990"
            },
            {
              "name": "1030337",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030337"
            },
            {
              "name": "59454",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59454"
            },
            {
              "name": "59188",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59188"
            },
            {
              "name": "59126",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59126"
            },
            {
              "name": "59306",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59306"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "SSRT101846",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "HPSBUX03046",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
            },
            {
              "name": "61254",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61254"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1103598",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103598"
            },
            {
              "name": "59223",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59223"
            },
            {
              "name": "59895",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59895"
            },
            {
              "name": "58743",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58743"
            },
            {
              "name": "59449",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59449"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
            },
            {
              "name": "HPSBOV03047",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
            },
            {
              "name": "59441",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59441"
            },
            {
              "name": "HPSBMU03074",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
            },
            {
              "name": "59189",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59189"
            },
            {
              "name": "MDVSA-2014:106",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106"
            },
            {
              "name": "59300",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59300"
            },
            {
              "name": "GLSA-201407-05",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
            },
            {
              "name": "HPSBHF03293",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg24037783",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
            },
            {
              "name": "59365",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59365"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
            },
            {
              "name": "59305",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59305"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
            },
            {
              "name": "FEDORA-2014-9308",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
            },
            {
              "name": "58945",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58945"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
            },
            {
              "name": "58883",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58883"
            },
            {
              "name": "59659",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59659"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "59429",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59429"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
            },
            {
              "name": "59655",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59655"
            },
            {
              "name": "58660",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58660"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
            },
            {
              "name": "59437",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59437"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
            },
            {
              "name": "67900",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67900"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
            },
            {
              "name": "59310",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59310"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
            },
            {
              "name": "http://www.fortiguard.com/advisory/FG-IR-14-018/",
              "refsource": "CONFIRM",
              "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/"
            },
            {
              "name": "SUSE-SU-2015:0743",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21676793",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21676356",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
            },
            {
              "name": "HPSBMU03057",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
            },
            {
              "name": "http://support.citrix.com/article/CTX140876",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX140876"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1632ef744872edc2aa2a53d487d3e79c965a4ad3",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1632ef744872edc2aa2a53d487d3e79c965a4ad3"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
            },
            {
              "name": "HPSBMU03069",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2"
            },
            {
              "name": "58939",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58939"
            },
            {
              "name": "SSRT101590",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
            },
            {
              "name": "59514",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59514"
            },
            {
              "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
            },
            {
              "name": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002",
              "refsource": "MISC",
              "url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
            },
            {
              "name": "58714",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58714"
            },
            {
              "name": "HPSBGN03050",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20140605.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20140605.txt"
            },
            {
              "name": "58615",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58615"
            },
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html",
              "refsource": "CONFIRM",
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644"
            },
            {
              "name": "http://support.apple.com/kb/HT6443",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT6443"
            },
            {
              "name": "59587",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59587"
            },
            {
              "name": "59301",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59301"
            },
            {
              "name": "59784",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59784"
            },
            {
              "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA80",
              "refsource": "CONFIRM",
              "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
            },
            {
              "name": "HPSBMU03076",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
            },
            {
              "name": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6",
              "refsource": "CONFIRM",
              "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
            },
            {
              "name": "59192",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59192"
            },
            {
              "name": "FEDORA-2014-9301",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
            },
            {
              "name": "HPSBMU03062",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
            },
            {
              "name": "59040",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59040"
            },
            {
              "name": "HPSBMU03056",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
            },
            {
              "name": "59175",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59175"
            },
            {
              "name": "HPSBMU03051",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
            },
            {
              "name": "59666",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59666"
            },
            {
              "name": "HPSBMU03055",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
            },
            {
              "name": "59413",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59413"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
            },
            {
              "name": "59721",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59721"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
            },
            {
              "name": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048",
              "refsource": "MISC",
              "url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048"
            },
            {
              "name": "58713",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58713"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
            },
            {
              "name": "59450",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59450"
            },
            {
              "name": "59287",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59287"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
            },
            {
              "name": "59491",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59491"
            },
            {
              "name": "59364",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59364"
            },
            {
              "name": "59451",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59451"
            },
            {
              "name": "58977",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58977"
            },
            {
              "name": "https://www.novell.com/support/kb/doc.php?id=7015271",
              "refsource": "CONFIRM",
              "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
            },
            {
              "name": "60571",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60571"
            },
            {
              "name": "http://www.blackberry.com/btsc/KB36051",
              "refsource": "CONFIRM",
              "url": "http://www.blackberry.com/btsc/KB36051"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
            },
            {
              "name": "59528",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59528"
            },
            {
              "name": "58337",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58337"
            },
            {
              "name": "59518",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59518"
            },
            {
              "name": "59162",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59162"
            },
            {
              "name": "59490",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59490"
            },
            {
              "name": "HPSBMU03065",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-0195",
    "datePublished": "2014-06-05T21:00:00",
    "dateReserved": "2013-12-03T00:00:00",
    "dateUpdated": "2024-08-06T09:05:39.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-0656
Vulnerability from cvelistv5
Published
2002-07-31 04:00
Modified
2024-08-08 02:56
Severity
Summary
Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.
References
URLTags
http://www.securityfocus.com/bid/5363vdb-entry, x_refsource_BID
http://www.securityfocus.com/bid/5362vdb-entry, x_refsource_BID
http://www.kb.cert.org/vuls/id/102795third-party-advisory, x_refsource_CERT-VN
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.phpvendor-advisory, x_refsource_MANDRAKE
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txtvendor-advisory, x_refsource_CALDERA
http://www.kb.cert.org/vuls/id/258555third-party-advisory, x_refsource_CERT-VN
http://www.iss.net/security_center/static/9714.phpvdb-entry, x_refsource_XF
http://www.cert.org/advisories/CA-2002-23.htmlthird-party-advisory, x_refsource_CERT
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txtvendor-advisory, x_refsource_CALDERA
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513vendor-advisory, x_refsource_CONECTIVA
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://www.iss.net/security_center/static/9716.phpvdb-entry, x_refsource_XF
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:56:38.489Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "5363",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5363"
          },
          {
            "name": "5362",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5362"
          },
          {
            "name": "VU#102795",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/102795"
          },
          {
            "name": "MDKSA-2002:046",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php"
          },
          {
            "name": "CSSA-2002-033.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
          },
          {
            "name": "VU#258555",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/258555"
          },
          {
            "name": "openssl-ssl2-masterkey-bo(9714)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9714.php"
          },
          {
            "name": "CA-2002-23",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.cert.org/advisories/CA-2002-23.html"
          },
          {
            "name": "CSSA-2002-033.1",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
          },
          {
            "name": "CLA-2002:513",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513"
          },
          {
            "name": "FreeBSD-SA-02:33",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
          },
          {
            "name": "openssl-ssl3-sessionid-bo(9716)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9716.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-07-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-10-16T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "5363",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5363"
        },
        {
          "name": "5362",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5362"
        },
        {
          "name": "VU#102795",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/102795"
        },
        {
          "name": "MDKSA-2002:046",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php"
        },
        {
          "name": "CSSA-2002-033.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
        },
        {
          "name": "VU#258555",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/258555"
        },
        {
          "name": "openssl-ssl2-masterkey-bo(9714)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9714.php"
        },
        {
          "name": "CA-2002-23",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.cert.org/advisories/CA-2002-23.html"
        },
        {
          "name": "CSSA-2002-033.1",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
        },
        {
          "name": "CLA-2002:513",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513"
        },
        {
          "name": "FreeBSD-SA-02:33",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
        },
        {
          "name": "openssl-ssl3-sessionid-bo(9716)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9716.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0656",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "5363",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5363"
            },
            {
              "name": "5362",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5362"
            },
            {
              "name": "VU#102795",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/102795"
            },
            {
              "name": "MDKSA-2002:046",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php"
            },
            {
              "name": "CSSA-2002-033.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
            },
            {
              "name": "VU#258555",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/258555"
            },
            {
              "name": "openssl-ssl2-masterkey-bo(9714)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9714.php"
            },
            {
              "name": "CA-2002-23",
              "refsource": "CERT",
              "url": "http://www.cert.org/advisories/CA-2002-23.html"
            },
            {
              "name": "CSSA-2002-033.1",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
            },
            {
              "name": "CLA-2002:513",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513"
            },
            {
              "name": "FreeBSD-SA-02:33",
              "refsource": "FREEBSD",
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
            },
            {
              "name": "openssl-ssl3-sessionid-bo(9716)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9716.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0656",
    "datePublished": "2002-07-31T04:00:00",
    "dateReserved": "2002-07-02T00:00:00",
    "dateUpdated": "2024-08-08T02:56:38.489Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-1377
Vulnerability from cvelistv5
Published
2009-05-19 19:00
Modified
2024-08-07 05:13
Severity
Summary
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
References
URLTags
http://secunia.com/advisories/42724third-party-advisory, x_refsource_SECUNIA
http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guestx_refsource_CONFIRM
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049vendor-advisory, x_refsource_SLACKWARE
http://secunia.com/advisories/38794third-party-advisory, x_refsource_SECUNIA
http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlmailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2009/1377vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/35729third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200912-01.xmlvendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2009-1335.htmlvendor-advisory, x_refsource_REDHAT
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444vendor-advisory, x_refsource_HP
http://secunia.com/advisories/38761third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/37003third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663vdb-entry, signature, x_refsource_OVAL
https://launchpad.net/bugs/cve/2009-1377x_refsource_MISC
http://secunia.com/advisories/36533third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1022241vdb-entry, x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-792-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlvendor-advisory, x_refsource_SUSE
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.htmlx_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2009/05/18/1mailing-list, x_refsource_MLIST
http://marc.info/?l=openssl-dev&m=124247675613888&w=2mailing-list, x_refsource_MLIST
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.ascvendor-advisory, x_refsource_NETBSD
http://www.securityfocus.com/bid/35001vdb-entry, x_refsource_BID
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/38834third-party-advisory, x_refsource_SECUNIA
http://cvs.openssl.org/chngview?cn=18187x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2009:120vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/35461third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35128third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35571third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35416third-party-advisory, x_refsource_SECUNIA
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.netx_refsource_CONFIRM
https://kb.bluecoat.com/index?page=content&id=SA50x_refsource_CONFIRM
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444vendor-advisory, x_refsource_HP
http://secunia.com/advisories/42733third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0528vdb-entry, x_refsource_VUPEN
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:13:25.060Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rt.openssl.org/Ticket/Display.html?id=1930\u0026user=guest\u0026pass=guest"
          },
          {
            "name": "SSA:2010-060-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
          },
          {
            "name": "38794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "name": "ADV-2009-1377",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1377"
          },
          {
            "name": "35729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35729"
          },
          {
            "name": "GLSA-200912-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
          },
          {
            "name": "RHSA-2009:1335",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
          },
          {
            "name": "HPSBMA02492",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "38761",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38761"
          },
          {
            "name": "37003",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37003"
          },
          {
            "name": "oval:org.mitre.oval:def:9663",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.net/bugs/cve/2009-1377"
          },
          {
            "name": "36533",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36533"
          },
          {
            "name": "1022241",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022241"
          },
          {
            "name": "USN-792-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-792-1"
          },
          {
            "name": "SUSE-SR:2009:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
          },
          {
            "name": "[oss-security] 20090518 Two OpenSSL DTLS remote DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/05/18/1"
          },
          {
            "name": "[openssl-dev] 20090516 [openssl.org #1930] [PATCH] DTLS record buffer limitation bug",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=openssl-dev\u0026m=124247675613888\u0026w=2"
          },
          {
            "name": "NetBSD-SA2009-009",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
          },
          {
            "name": "35001",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35001"
          },
          {
            "name": "oval:org.mitre.oval:def:6683",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683"
          },
          {
            "name": "38834",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=18187"
          },
          {
            "name": "MDVSA-2009:120",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:120"
          },
          {
            "name": "35461",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35461"
          },
          {
            "name": "35128",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35128"
          },
          {
            "name": "35571",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35571"
          },
          {
            "name": "35416",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35416"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "SSRT100079",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "ADV-2010-0528",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of \"future epoch\" DTLS records that are buffered in a queue, aka \"DTLS record buffer limitation bug.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rt.openssl.org/Ticket/Display.html?id=1930\u0026user=guest\u0026pass=guest"
        },
        {
          "name": "SSA:2010-060-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
        },
        {
          "name": "38794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38794"
        },
        {
          "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
        },
        {
          "name": "ADV-2009-1377",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1377"
        },
        {
          "name": "35729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35729"
        },
        {
          "name": "GLSA-200912-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
        },
        {
          "name": "RHSA-2009:1335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
        },
        {
          "name": "HPSBMA02492",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
        },
        {
          "name": "38761",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38761"
        },
        {
          "name": "37003",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37003"
        },
        {
          "name": "oval:org.mitre.oval:def:9663",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.net/bugs/cve/2009-1377"
        },
        {
          "name": "36533",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36533"
        },
        {
          "name": "1022241",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022241"
        },
        {
          "name": "USN-792-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-792-1"
        },
        {
          "name": "SUSE-SR:2009:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
        },
        {
          "name": "[oss-security] 20090518 Two OpenSSL DTLS remote DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/05/18/1"
        },
        {
          "name": "[openssl-dev] 20090516 [openssl.org #1930] [PATCH] DTLS record buffer limitation bug",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=openssl-dev\u0026m=124247675613888\u0026w=2"
        },
        {
          "name": "NetBSD-SA2009-009",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
        },
        {
          "name": "35001",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35001"
        },
        {
          "name": "oval:org.mitre.oval:def:6683",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683"
        },
        {
          "name": "38834",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38834"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=18187"
        },
        {
          "name": "MDVSA-2009:120",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:120"
        },
        {
          "name": "35461",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35461"
        },
        {
          "name": "35128",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35128"
        },
        {
          "name": "35571",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35571"
        },
        {
          "name": "35416",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35416"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "SSRT100079",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "ADV-2010-0528",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0528"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-1377",
    "datePublished": "2009-05-19T19:00:00",
    "dateReserved": "2009-04-23T00:00:00",
    "dateUpdated": "2024-08-07T05:13:25.060Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0292
Vulnerability from cvelistv5
Published
2015-03-19 00:00
Modified
2024-08-06 04:03
Severity
Summary
Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.
References
URLTags
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://rhn.redhat.com/errata/RHSA-2015-0715.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680
http://www.debian.org/security/2015/dsa-3197vendor-advisory
http://www.ubuntu.com/usn/USN-2537-1vendor-advisory
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.htmlvendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
https://rt.openssl.org/Ticket/Display.html?id=2608&user=guest&pass=guest
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.htmlvendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1202395
https://access.redhat.com/articles/1384453
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/73228vdb-entry
http://marc.info/?l=bugtraq&m=143213830203296&w=2vendor-advisory
http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://rhn.redhat.com/errata/RHSA-2015-0716.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d0666f289ac013094bbbf547bfbcd616199b7d2d
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://rhn.redhat.com/errata/RHSA-2015-0752.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-0800.htmlvendor-advisory
http://www.securitytracker.com/id/1031929vdb-entry
http://marc.info/?l=bugtraq&m=143213830203296&w=2vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.htmlvendor-advisory
https://support.citrix.com/article/CTX216642
https://security.gentoo.org/glsa/201503-11vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.891Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "RHSA-2015:0715",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
          },
          {
            "name": "DSA-3197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3197"
          },
          {
            "name": "USN-2537-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2537-1"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "name": "FEDORA-2015-4303",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rt.openssl.org/Ticket/Display.html?id=2608\u0026user=guest\u0026pass=guest"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "FEDORA-2015-4300",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202395"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/1384453"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "73228",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73228"
          },
          {
            "name": "HPSBUX03334",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "RHSA-2015:0716",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d0666f289ac013094bbbf547bfbcd616199b7d2d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "RHSA-2015:0752",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
          },
          {
            "name": "RHSA-2015:0800",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "SSRT102000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "FEDORA-2015-4320",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "RHSA-2015:0715",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
        },
        {
          "name": "DSA-3197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3197"
        },
        {
          "name": "USN-2537-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2537-1"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "name": "FEDORA-2015-4303",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "https://rt.openssl.org/Ticket/Display.html?id=2608\u0026user=guest\u0026pass=guest"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "FEDORA-2015-4300",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202395"
        },
        {
          "url": "https://access.redhat.com/articles/1384453"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "73228",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73228"
        },
        {
          "name": "HPSBUX03334",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "RHSA-2015:0716",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d0666f289ac013094bbbf547bfbcd616199b7d2d"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "RHSA-2015:0752",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
        },
        {
          "name": "RHSA-2015:0800",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "SSRT102000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "FEDORA-2015-4320",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
        },
        {
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0292",
    "datePublished": "2015-03-19T00:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.891Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2409
Vulnerability from cvelistv5
Published
2009-07-30 19:00
Modified
2024-08-07 05:52
Severity
Summary
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
References
URLTags
http://secunia.com/advisories/36139third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/36157third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:197vendor-advisory, x_refsource_MANDRIVA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:216vendor-advisory, x_refsource_MANDRIVA
https://www.debian.org/security/2009/dsa-1888vendor-advisory, x_refsource_DEBIAN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594vdb-entry, signature, x_refsource_OVAL
http://security.gentoo.org/glsa/glsa-200911-02.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/36434third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200912-01.xmlvendor-advisory, x_refsource_GENTOO
http://www.securitytracker.com/id?1022631vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/42467third-party-advisory, x_refsource_SECUNIA
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlmailing-list, x_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2009-1207.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/archive/1/515055/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/36669third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2009-1432.htmlvendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/usn-810-1vendor-advisory, x_refsource_UBUNTU
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763vdb-entry, signature, x_refsource_OVAL
http://www.mandriva.com/security/advisories?name=MDVSA-2009:258vendor-advisory, x_refsource_MANDRIVA
https://usn.ubuntu.com/810-2/vendor-advisory, x_refsource_UBUNTU
http://java.sun.com/javase/6/webnotes/6u17.htmlx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155vdb-entry, signature, x_refsource_OVAL
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlmailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2010/3126vdb-entry, x_refsource_VUPEN
https://rhn.redhat.com/errata/RHSA-2010-0095.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/3184vdb-entry, x_refsource_VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409x_refsource_CONFIRM
http://java.sun.com/j2se/1.5.0/ReleaseNotes.htmlx_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2010-0019.htmlx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631vdb-entry, signature, x_refsource_OVAL
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/37386third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2085vdb-entry, x_refsource_VUPEN
http://www.debian.org/security/2009/dsa-1874vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/36739third-party-advisory, x_refsource_SECUNIA
http://support.apple.com/kb/HT3937x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "36139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36139"
          },
          {
            "name": "36157",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36157"
          },
          {
            "name": "MDVSA-2009:197",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
          },
          {
            "name": "MDVSA-2009:216",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
          },
          {
            "name": "DSA-1888",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2009/dsa-1888"
          },
          {
            "name": "oval:org.mitre.oval:def:8594",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594"
          },
          {
            "name": "GLSA-200911-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
          },
          {
            "name": "36434",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36434"
          },
          {
            "name": "GLSA-200912-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
          },
          {
            "name": "1022631",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022631"
          },
          {
            "name": "42467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42467"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
          },
          {
            "name": "RHSA-2009:1207",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
          },
          {
            "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
          },
          {
            "name": "36669",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36669"
          },
          {
            "name": "RHSA-2009:1432",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
          },
          {
            "name": "USN-810-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-810-1"
          },
          {
            "name": "oval:org.mitre.oval:def:10763",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763"
          },
          {
            "name": "MDVSA-2009:258",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:258"
          },
          {
            "name": "USN-810-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/810-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7155",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
          },
          {
            "name": "ADV-2010-3126",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3126"
          },
          {
            "name": "RHSA-2010:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
          },
          {
            "name": "ADV-2009-3184",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3184"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6631",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631"
          },
          {
            "name": "APPLE-SA-2009-11-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
          },
          {
            "name": "MDVSA-2010:084",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
          },
          {
            "name": "37386",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37386"
          },
          {
            "name": "ADV-2009-2085",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2085"
          },
          {
            "name": "DSA-1874",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1874"
          },
          {
            "name": "36739",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36739"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3937"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time.  NOTE: the scope of this issue is currently limited because the amount of computation required is still large."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "36139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36139"
        },
        {
          "name": "36157",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36157"
        },
        {
          "name": "MDVSA-2009:197",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
        },
        {
          "name": "MDVSA-2009:216",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
        },
        {
          "name": "DSA-1888",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2009/dsa-1888"
        },
        {
          "name": "oval:org.mitre.oval:def:8594",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594"
        },
        {
          "name": "GLSA-200911-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
        },
        {
          "name": "36434",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36434"
        },
        {
          "name": "GLSA-200912-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
        },
        {
          "name": "1022631",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022631"
        },
        {
          "name": "42467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42467"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
        },
        {
          "name": "RHSA-2009:1207",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
        },
        {
          "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
        },
        {
          "name": "36669",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36669"
        },
        {
          "name": "RHSA-2009:1432",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
        },
        {
          "name": "USN-810-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-810-1"
        },
        {
          "name": "oval:org.mitre.oval:def:10763",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763"
        },
        {
          "name": "MDVSA-2009:258",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:258"
        },
        {
          "name": "USN-810-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/810-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
        },
        {
          "name": "oval:org.mitre.oval:def:7155",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
        },
        {
          "name": "ADV-2010-3126",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3126"
        },
        {
          "name": "RHSA-2010:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
        },
        {
          "name": "ADV-2009-3184",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3184"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6631",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631"
        },
        {
          "name": "APPLE-SA-2009-11-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
        },
        {
          "name": "MDVSA-2010:084",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
        },
        {
          "name": "37386",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37386"
        },
        {
          "name": "ADV-2009-2085",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2085"
        },
        {
          "name": "DSA-1874",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1874"
        },
        {
          "name": "36739",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36739"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3937"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-2409",
    "datePublished": "2009-07-30T19:00:00",
    "dateReserved": "2009-07-09T00:00:00",
    "dateUpdated": "2024-08-07T05:52:14.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-1789
Vulnerability from cvelistv5
Published
2015-06-12 00:00
Modified
2024-08-06 04:54
Severity
Summary
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.
References
URLTags
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=143880121627664&w=2vendor-advisory
http://www.debian.org/security/2015/dsa-3287vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlvendor-advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.htmlvendor-advisory
https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11
http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965
https://openssl.org/news/secadv/20150611.txt
http://rhn.redhat.com/errata/RHSA-2015-1115.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://rhn.redhat.com/errata/RHSA-2015-1197.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.securitytracker.com/id/1032564vdb-entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-opensslvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.htmlvendor-advisory
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-2639-1vendor-advisory
http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
https://security.gentoo.org/glsa/201506-02vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.securityfocus.com/bid/91787vdb-entry
http://marc.info/?l=bugtraq&m=143880121627664&w=2vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.htmlvendor-advisory
http://www.securityfocus.com/bid/75156vdb-entry
https://support.apple.com/kb/HT205031
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://support.citrix.com/article/CTX216642
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlvendor-advisory
https://bto.bluecoat.com/security-advisory/sa98
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.ascvendor-advisory
https://www.openssl.org/news/secadv_20150611.txt
http://marc.info/?l=bugtraq&m=143654156615516&w=2vendor-advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:54:16.129Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2015:1184",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
          },
          {
            "name": "SSRT102180",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
          },
          {
            "name": "DSA-3287",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3287"
          },
          {
            "name": "SUSE-SU-2015:1150",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
          },
          {
            "name": "SUSE-SU-2015:1183",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://openssl.org/news/secadv/20150611.txt"
          },
          {
            "name": "RHSA-2015:1115",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "RHSA-2015:1197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "SUSE-SU-2015:1182",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "SUSE-SU-2015:1143",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "1032564",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032564"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
          },
          {
            "name": "FEDORA-2015-10108",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "SUSE-SU-2015:1181",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
          },
          {
            "name": "APPLE-SA-2015-08-13-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
          },
          {
            "name": "USN-2639-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2639-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
          },
          {
            "name": "GLSA-201506-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201506-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "HPSBUX03388",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
          },
          {
            "name": "FEDORA-2015-10047",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html"
          },
          {
            "name": "75156",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75156"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT205031"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "SUSE-SU-2015:1185",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
          },
          {
            "name": "openSUSE-SU-2015:1139",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa98"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10733"
          },
          {
            "name": "NetBSD-SA2015-008",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150611.txt"
          },
          {
            "name": "HPSBGN03371",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143654156615516\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SU-2015:1184",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
        },
        {
          "name": "SSRT102180",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
        },
        {
          "name": "DSA-3287",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3287"
        },
        {
          "name": "SUSE-SU-2015:1150",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
        },
        {
          "name": "SUSE-SU-2015:1183",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11"
        },
        {
          "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965"
        },
        {
          "url": "https://openssl.org/news/secadv/20150611.txt"
        },
        {
          "name": "RHSA-2015:1115",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "RHSA-2015:1197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "SUSE-SU-2015:1182",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "SUSE-SU-2015:1143",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "1032564",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032564"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
        },
        {
          "name": "FEDORA-2015-10108",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "name": "SUSE-SU-2015:1181",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
        },
        {
          "name": "APPLE-SA-2015-08-13-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
        },
        {
          "name": "USN-2639-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2639-1"
        },
        {
          "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
        },
        {
          "name": "GLSA-201506-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201506-02"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "HPSBUX03388",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
        },
        {
          "name": "FEDORA-2015-10047",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html"
        },
        {
          "name": "75156",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/75156"
        },
        {
          "url": "https://support.apple.com/kb/HT205031"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "SUSE-SU-2015:1185",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
        },
        {
          "name": "openSUSE-SU-2015:1139",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa98"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10733"
        },
        {
          "name": "NetBSD-SA2015-008",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150611.txt"
        },
        {
          "name": "HPSBGN03371",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143654156615516\u0026w=2"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-1789",
    "datePublished": "2015-06-12T00:00:00",
    "dateReserved": "2015-02-17T00:00:00",
    "dateUpdated": "2024-08-06T04:54:16.129Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3572
Vulnerability from cvelistv5
Published
2015-01-09 02:00
Modified
2024-08-06 10:50
Severity
Summary
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.
References
URLTags
http://marc.info/?l=bugtraq&m=142895206924048&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.htmlvendor-advisory, x_refsource_SUSE
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-sslvendor-advisory, x_refsource_CISCO
http://marc.info/?l=bugtraq&m=142720981827617&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory, x_refsource_HP
https://support.apple.com/HT204659x_refsource_CONFIRM
http://www.securityfocus.com/bid/71942vdb-entry, x_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory, x_refsource_HP
https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63x_refsource_CONFIRM
http://www.securitytracker.com/id/1033378vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=142721102728110&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
https://www.openssl.org/news/secadv_20150108.txtx_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019vendor-advisory, x_refsource_MANDRIVA
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlx_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-0066.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=142496289803847&w=2vendor-advisory, x_refsource_HP
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlvendor-advisory, x_refsource_APPLE
https://kc.mcafee.com/corporate/index?page=content&id=SB10108x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory, x_refsource_SUSE
https://kc.mcafee.com/corporate/index?page=content&id=SB10102x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050205101530&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142496179803395&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142720981827617&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
https://support.citrix.com/article/CTX216642x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050254401665&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142496289803847&w=2vendor-advisory, x_refsource_HP
https://bto.bluecoat.com/security-advisory/sa88x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3125vendor-advisory, x_refsource_DEBIAN
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:17.438Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBOV03318",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "openSUSE-SU-2015:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
          },
          {
            "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
          },
          {
            "name": "HPSBGN03299",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204659"
          },
          {
            "name": "71942",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71942"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63"
          },
          {
            "name": "1033378",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033378"
          },
          {
            "name": "HPSBHF03289",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150108.txt"
          },
          {
            "name": "MDVSA-2015:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "RHSA-2015:0066",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
          },
          {
            "name": "HPSBUX03244",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "name": "APPLE-SA-2015-04-08-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
          },
          {
            "name": "SUSE-SU-2015:0946",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "HPSBMU03396",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
          },
          {
            "name": "HPSBUX03162",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
          },
          {
            "name": "SSRT101987",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "HPSBMU03413",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "name": "SSRT101885",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa88"
          },
          {
            "name": "DSA-3125",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3125"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-14T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "HPSBOV03318",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "openSUSE-SU-2015:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
        },
        {
          "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
        },
        {
          "name": "HPSBGN03299",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204659"
        },
        {
          "name": "71942",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71942"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63"
        },
        {
          "name": "1033378",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033378"
        },
        {
          "name": "HPSBHF03289",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20150108.txt"
        },
        {
          "name": "MDVSA-2015:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "name": "RHSA-2015:0066",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
        },
        {
          "name": "HPSBUX03244",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
        },
        {
          "name": "APPLE-SA-2015-04-08-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
        },
        {
          "name": "SUSE-SU-2015:0946",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "HPSBMU03396",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
        },
        {
          "name": "HPSBUX03162",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
        },
        {
          "name": "SSRT101987",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "HPSBMU03413",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
        },
        {
          "name": "SSRT101885",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa88"
        },
        {
          "name": "DSA-3125",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3125"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3572",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBOV03318",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "openSUSE-SU-2015:0130",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
            },
            {
              "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
            },
            {
              "name": "HPSBGN03299",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
            },
            {
              "name": "HPSBMU03409",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
            },
            {
              "name": "https://support.apple.com/HT204659",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "71942",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71942"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
            },
            {
              "name": "HPSBMU03380",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63",
              "refsource": "CONFIRM",
              "url": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63"
            },
            {
              "name": "1033378",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033378"
            },
            {
              "name": "HPSBHF03289",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20150108.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20150108.txt"
            },
            {
              "name": "MDVSA-2015:019",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "openSUSE-SU-2015:1277",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
            },
            {
              "name": "RHSA-2015:0066",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
            },
            {
              "name": "HPSBUX03244",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
            },
            {
              "name": "SUSE-SU-2015:0578",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
            },
            {
              "name": "SUSE-SU-2015:0946",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
            },
            {
              "name": "HPSBMU03397",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "HPSBMU03396",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
            },
            {
              "name": "HPSBUX03162",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
            },
            {
              "name": "SSRT101987",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "https://support.citrix.com/article/CTX216642",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX216642"
            },
            {
              "name": "HPSBMU03413",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
            },
            {
              "name": "SSRT101885",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa88",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa88"
            },
            {
              "name": "DSA-3125",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3125"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3572",
    "datePublished": "2015-01-09T02:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:17.438Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1563
Vulnerability from cvelistv5
Published
2019-09-10 00:00
Modified
2024-08-04 18:20
Severity
Summary
Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
References
URLTags
https://seclists.org/bugtraq/2019/Sep/25mailing-list, x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.htmlvendor-advisory, x_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.htmlvendor-advisory, x_refsource_SUSE
https://lists.debian.org/debian-lts-announce/2019/09/msg00026.htmlmailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/vendor-advisory, x_refsource_FEDORA
https://seclists.org/bugtraq/2019/Oct/1mailing-list, x_refsource_BUGTRAQ
https://seclists.org/bugtraq/2019/Oct/0mailing-list, x_refsource_BUGTRAQ
https://www.debian.org/security/2019/dsa-4539vendor-advisory, x_refsource_DEBIAN
https://www.debian.org/security/2019/dsa-4540vendor-advisory, x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201911-04vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/4376-1/vendor-advisory, x_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://www.openssl.org/news/secadv/20190910.txtx_refsource_CONFIRM
http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20190919-0002/x_refsource_CONFIRM
https://www.tenable.com/security/tns-2019-09x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=08229ad838c50f644d7e928e2eef147b4308ad64x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=631f94db0065c78181ca9ba5546ebc8bb3884b97x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893fx_refsource_CONFIRM
https://support.f5.com/csp/article/K97324400?utm_source=f5support&amp%3Butm_medium=RSSx_refsource_CONFIRM
https://usn.ubuntu.com/4376-2/vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4504-1/vendor-advisory, x_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://kc.mcafee.com/corporate/index?page=content&id=SB10365x_refsource_CONFIRM
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:28.307Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190912 [slackware-security] openssl (SSA:2019-254-03)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Sep/25"
          },
          {
            "name": "openSUSE-SU-2019:2158",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html"
          },
          {
            "name": "FEDORA-2019-d15aac6c4e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/"
          },
          {
            "name": "openSUSE-SU-2019:2189",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html"
          },
          {
            "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html"
          },
          {
            "name": "FEDORA-2019-d51641f152",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/"
          },
          {
            "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Oct/1"
          },
          {
            "name": "20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Oct/0"
          },
          {
            "name": "DSA-4539",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4539"
          },
          {
            "name": "DSA-4540",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4540"
          },
          {
            "name": "openSUSE-SU-2019:2268",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2019:2269",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html"
          },
          {
            "name": "GLSA-201911-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201911-04"
          },
          {
            "name": "USN-4376-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4376-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20190910.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190919-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-09"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=08229ad838c50f644d7e928e2eef147b4308ad64"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=631f94db0065c78181ca9ba5546ebc8bb3884b97"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K97324400?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "name": "USN-4376-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4376-2/"
          },
          {
            "name": "USN-4504-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4504-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Bernd Edlinger"
        }
      ],
      "datePublic": "2019-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Padding Oracle",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-31T07:06:42",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "20190912 [slackware-security] openssl (SSA:2019-254-03)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Sep/25"
        },
        {
          "name": "openSUSE-SU-2019:2158",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html"
        },
        {
          "name": "FEDORA-2019-d15aac6c4e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/"
        },
        {
          "name": "openSUSE-SU-2019:2189",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html"
        },
        {
          "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html"
        },
        {
          "name": "FEDORA-2019-d51641f152",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/"
        },
        {
          "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Oct/1"
        },
        {
          "name": "20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Oct/0"
        },
        {
          "name": "DSA-4539",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4539"
        },
        {
          "name": "DSA-4540",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4540"
        },
        {
          "name": "openSUSE-SU-2019:2268",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2019:2269",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html"
        },
        {
          "name": "GLSA-201911-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201911-04"
        },
        {
          "name": "USN-4376-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4376-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20190910.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190919-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2019-09"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=08229ad838c50f644d7e928e2eef147b4308ad64"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=631f94db0065c78181ca9ba5546ebc8bb3884b97"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K97324400?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "name": "USN-4376-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4376-2/"
        },
        {
          "name": "USN-4504-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4504-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
        }
      ],
      "title": "Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2019-09-10",
          "ID": "CVE-2019-1563",
          "STATE": "PUBLIC",
          "TITLE": "Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)"
                          },
                          {
                            "version_value": "Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)"
                          },
                          {
                            "version_value": "Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Bernd Edlinger"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Low",
            "value": "Low"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Padding Oracle"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190912 [slackware-security] openssl (SSA:2019-254-03)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Sep/25"
            },
            {
              "name": "openSUSE-SU-2019:2158",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html"
            },
            {
              "name": "FEDORA-2019-d15aac6c4e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/"
            },
            {
              "name": "openSUSE-SU-2019:2189",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html"
            },
            {
              "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html"
            },
            {
              "name": "FEDORA-2019-d51641f152",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/"
            },
            {
              "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Oct/1"
            },
            {
              "name": "20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Oct/0"
            },
            {
              "name": "DSA-4539",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4539"
            },
            {
              "name": "DSA-4540",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4540"
            },
            {
              "name": "openSUSE-SU-2019:2268",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html"
            },
            {
              "name": "openSUSE-SU-2019:2269",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html"
            },
            {
              "name": "GLSA-201911-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201911-04"
            },
            {
              "name": "USN-4376-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4376-1/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20190910.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20190910.txt"
            },
            {
              "name": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190919-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190919-0002/"
            },
            {
              "name": "https://www.tenable.com/security/tns-2019-09",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2019-09"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f"
            },
            {
              "name": "https://support.f5.com/csp/article/K97324400?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K97324400?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "USN-4376-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4376-2/"
            },
            {
              "name": "USN-4504-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4504-1/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2019-1563",
    "datePublished": "2019-09-10T00:00:00",
    "dateReserved": "2018-11-28T00:00:00",
    "dateUpdated": "2024-08-04T18:20:28.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-1434
Vulnerability from cvelistv5
Published
2022-05-03 00:00
Modified
2024-08-03 00:03
Severity
Summary
Incorrect MAC key used in the RC4-MD5 ciphersuite
References
URLTags
https://www.openssl.org/news/secadv/20220503.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7d56a74a96828985db7354a55227a511615f732b
https://security.netapp.com/advisory/ntap-20220602-0009/
https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:03:06.246Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20220503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7d56a74a96828985db7354a55227a511615f732b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tom Colley (Broadcom)"
        }
      ],
      "datePublic": "2022-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Incorrect MAC key",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-14T00:00:00",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20220503.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7d56a74a96828985db7354a55227a511615f732b"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
        }
      ],
      "title": "Incorrect MAC key used in the RC4-MD5 ciphersuite"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-1434",
    "datePublished": "2022-05-03T00:00:00",
    "dateReserved": "2022-04-22T00:00:00",
    "dateUpdated": "2024-08-03T00:03:06.246Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0289
Vulnerability from cvelistv5
Published
2015-03-19 00:00
Modified
2024-08-06 04:03
Severity
Summary
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.
References
URLTags
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://rhn.redhat.com/errata/RHSA-2015-0715.htmlvendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680
http://www.debian.org/security/2015/dsa-3197vendor-advisory
http://www.ubuntu.com/usn/USN-2537-1vendor-advisory
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.htmlvendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
http://www.securityfocus.com/bid/73231vdb-entry
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.htmlvendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c0334c2c92dd1bc3ad8138ba6e74006c3631b0f9
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory
https://access.redhat.com/articles/1384453
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=143213830203296&w=2vendor-advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.htmlvendor-advisory
http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://rhn.redhat.com/errata/RHSA-2015-0716.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=142841429220765&w=2vendor-advisory
http://support.apple.com/kb/HT204942
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1202384
https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.ascvendor-advisory
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://rhn.redhat.com/errata/RHSA-2015-0752.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-0800.htmlvendor-advisory
http://www.securitytracker.com/id/1031929vdb-entry
http://marc.info/?l=bugtraq&m=143213830203296&w=2vendor-advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.htmlvendor-advisory
https://security.gentoo.org/glsa/201503-11vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.842Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "RHSA-2015:0715",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
          },
          {
            "name": "openSUSE-SU-2015:0554",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
          },
          {
            "name": "DSA-3197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3197"
          },
          {
            "name": "USN-2537-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2537-1"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "name": "FEDORA-2015-4303",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "name": "73231",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73231"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "FEDORA-2015-4300",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c0334c2c92dd1bc3ad8138ba6e74006c3631b0f9"
          },
          {
            "name": "APPLE-SA-2015-06-30-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "FEDORA-2015-6951",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/1384453"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "HPSBUX03334",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "MDVSA-2015:063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
          },
          {
            "name": "SUSE-SU-2015:0541",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "RHSA-2015:0716",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
          },
          {
            "name": "HPSBGN03306",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202384"
          },
          {
            "name": "FreeBSD-SA-15:06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "RHSA-2015:0752",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
          },
          {
            "name": "RHSA-2015:0800",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "SSRT102000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "name": "FEDORA-2015-4320",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
          },
          {
            "name": "FEDORA-2015-6855",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "RHSA-2015:0715",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
        },
        {
          "name": "openSUSE-SU-2015:0554",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
        },
        {
          "name": "DSA-3197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3197"
        },
        {
          "name": "USN-2537-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2537-1"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "name": "FEDORA-2015-4303",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "name": "73231",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73231"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "FEDORA-2015-4300",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c0334c2c92dd1bc3ad8138ba6e74006c3631b0f9"
        },
        {
          "name": "APPLE-SA-2015-06-30-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        },
        {
          "name": "FEDORA-2015-6951",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "https://access.redhat.com/articles/1384453"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "name": "HPSBUX03334",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "MDVSA-2015:063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
        },
        {
          "name": "SUSE-SU-2015:0541",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
        },
        {
          "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "RHSA-2015:0716",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
        },
        {
          "name": "HPSBGN03306",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
        },
        {
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202384"
        },
        {
          "name": "FreeBSD-SA-15:06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "RHSA-2015:0752",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
        },
        {
          "name": "RHSA-2015:0800",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "SSRT102000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "name": "FEDORA-2015-4320",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
        },
        {
          "name": "FEDORA-2015-6855",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0289",
    "datePublished": "2015-03-19T00:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-0789
Vulnerability from cvelistv5
Published
2009-03-27 16:00
Modified
2024-08-07 04:48
Severity
Summary
OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.
References
URLTags
http://marc.info/?l=bugtraq&m=124464882609472&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2009/0850vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/1175vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/42724third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.htmlvendor-advisory, x_refsource_SUSE
http://www.osvdb.org/52866vdb-entry, x_refsource_OSVDB
http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/34666third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=124464882609472&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2009/1020vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/35729third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35380third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=127678688104458&w=2vendor-advisory, x_refsource_HP
https://exchange.xforce.ibmcloud.com/vulnerabilities/49433vdb-entry, x_refsource_XF
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/35065third-party-advisory, x_refsource_SECUNIA
http://www.php.net/archive/2009.php#id2009-04-08-1x_refsource_CONFIRM
http://secunia.com/advisories/34411third-party-advisory, x_refsource_SECUNIA
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.ascvendor-advisory, x_refsource_NETBSD
http://securitytracker.com/id?1021906vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlvendor-advisory, x_refsource_SUSE
http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.htmlx_refsource_CONFIRM
http://support.apple.com/kb/HT3865x_refsource_CONFIRM
http://www.openssl.org/news/secadv_20090325.txtx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/1548vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/36701third-party-advisory, x_refsource_SECUNIA
https://kb.bluecoat.com/index?page=content&id=SA50x_refsource_CONFIRM
http://secunia.com/advisories/34460third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/34256vdb-entry, x_refsource_BID
http://secunia.com/advisories/42733third-party-advisory, x_refsource_SECUNIA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:48:52.220Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT090059",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
          },
          {
            "name": "ADV-2009-0850",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0850"
          },
          {
            "name": "ADV-2009-1175",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1175"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "SUSE-SU-2011:0847",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
          },
          {
            "name": "52866",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/52866"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
          },
          {
            "name": "openSUSE-SU-2011:0845",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
          },
          {
            "name": "34666",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34666"
          },
          {
            "name": "HPSBUX02435",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
          },
          {
            "name": "ADV-2009-1020",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1020"
          },
          {
            "name": "35729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35729"
          },
          {
            "name": "35380",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35380"
          },
          {
            "name": "HPSBOV02540",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
          },
          {
            "name": "openssl-asn1-structure-dos(49433)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49433"
          },
          {
            "name": "APPLE-SA-2009-09-10-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
          },
          {
            "name": "35065",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35065"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
          },
          {
            "name": "34411",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34411"
          },
          {
            "name": "NetBSD-SA2009-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
          },
          {
            "name": "1021906",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021906"
          },
          {
            "name": "SUSE-SR:2009:010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3865"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20090325.txt"
          },
          {
            "name": "ADV-2009-1548",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1548"
          },
          {
            "name": "36701",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36701"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "34460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34460"
          },
          {
            "name": "34256",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34256"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SSRT090059",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
        },
        {
          "name": "ADV-2009-0850",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0850"
        },
        {
          "name": "ADV-2009-1175",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1175"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "SUSE-SU-2011:0847",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
        },
        {
          "name": "52866",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/52866"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
        },
        {
          "name": "openSUSE-SU-2011:0845",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
        },
        {
          "name": "34666",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34666"
        },
        {
          "name": "HPSBUX02435",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
        },
        {
          "name": "ADV-2009-1020",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1020"
        },
        {
          "name": "35729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35729"
        },
        {
          "name": "35380",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35380"
        },
        {
          "name": "HPSBOV02540",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
        },
        {
          "name": "openssl-asn1-structure-dos(49433)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49433"
        },
        {
          "name": "APPLE-SA-2009-09-10-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
        },
        {
          "name": "35065",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35065"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
        },
        {
          "name": "34411",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34411"
        },
        {
          "name": "NetBSD-SA2009-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
        },
        {
          "name": "1021906",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021906"
        },
        {
          "name": "SUSE-SR:2009:010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3865"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20090325.txt"
        },
        {
          "name": "ADV-2009-1548",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1548"
        },
        {
          "name": "36701",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36701"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "34460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34460"
        },
        {
          "name": "34256",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34256"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-0789",
    "datePublished": "2009-03-27T16:00:00",
    "dateReserved": "2009-03-04T00:00:00",
    "dateUpdated": "2024-08-07T04:48:52.220Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-7042
Vulnerability from cvelistv5
Published
2020-02-27 17:30
Modified
2024-08-04 09:18
Severity
Summary
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).
References
URLTags
https://github.com/adrienverge/openfortivpn/issues/536x_refsource_MISC
https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FF6HYIBREQGATRM5COF57MRQWKOKCWZ3/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF/vendor-advisory, x_refsource_FEDORA
https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:18:02.510Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/adrienverge/openfortivpn/issues/536"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4"
          },
          {
            "name": "openSUSE-SU-2020:0301",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html"
          },
          {
            "name": "openSUSE-SU-2020:0305",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html"
          },
          {
            "name": "FEDORA-2020-42eb8821db",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/"
          },
          {
            "name": "FEDORA-2020-c96ab3c813",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FF6HYIBREQGATRM5COF57MRQWKOKCWZ3/"
          },
          {
            "name": "FEDORA-2020-dcdffcc368",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-24T22:07:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/adrienverge/openfortivpn/issues/536"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4"
        },
        {
          "name": "openSUSE-SU-2020:0301",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html"
        },
        {
          "name": "openSUSE-SU-2020:0305",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html"
        },
        {
          "name": "FEDORA-2020-42eb8821db",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/"
        },
        {
          "name": "FEDORA-2020-c96ab3c813",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FF6HYIBREQGATRM5COF57MRQWKOKCWZ3/"
        },
        {
          "name": "FEDORA-2020-dcdffcc368",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-7042",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/adrienverge/openfortivpn/issues/536",
              "refsource": "MISC",
              "url": "https://github.com/adrienverge/openfortivpn/issues/536"
            },
            {
              "name": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4",
              "refsource": "MISC",
              "url": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4"
            },
            {
              "name": "openSUSE-SU-2020:0301",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html"
            },
            {
              "name": "openSUSE-SU-2020:0305",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html"
            },
            {
              "name": "FEDORA-2020-42eb8821db",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/"
            },
            {
              "name": "FEDORA-2020-c96ab3c813",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FF6HYIBREQGATRM5COF57MRQWKOKCWZ3/"
            },
            {
              "name": "FEDORA-2020-dcdffcc368",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF/"
            },
            {
              "name": "https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3",
              "refsource": "CONFIRM",
              "url": "https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-7042",
    "datePublished": "2020-02-27T17:30:16",
    "dateReserved": "2020-01-14T00:00:00",
    "dateUpdated": "2024-08-04T09:18:02.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-5095
Vulnerability from cvelistv5
Published
2022-10-03 16:15
Modified
2024-08-07 00:23
Severity
Summary
The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.
References
URLTags
http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdfx_refsource_MISC
http://www.nessus.org/plugins/index.php?view=single&id=53360x_refsource_MISC
https://discussions.nessus.org/thread/3381x_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:23:40.189Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nessus.org/plugins/index.php?view=single\u0026id=53360"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://discussions.nessus.org/thread/3381"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-03T16:15:12",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nessus.org/plugins/index.php?view=single\u0026id=53360"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://discussions.nessus.org/thread/3381"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-5095",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf",
              "refsource": "MISC",
              "url": "http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf"
            },
            {
              "name": "http://www.nessus.org/plugins/index.php?view=single\u0026id=53360",
              "refsource": "MISC",
              "url": "http://www.nessus.org/plugins/index.php?view=single\u0026id=53360"
            },
            {
              "name": "https://discussions.nessus.org/thread/3381",
              "refsource": "MISC",
              "url": "https://discussions.nessus.org/thread/3381"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-5095",
    "datePublished": "2022-10-03T16:15:12",
    "dateReserved": "2022-10-03T00:00:00",
    "dateUpdated": "2024-08-07T00:23:40.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-0891
Vulnerability from cvelistv5
Published
2008-05-29 16:00
Modified
2024-08-07 08:01
Severity
Summary
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.
References
URLTags
http://cert.fi/haavoittuvuudet/2008/advisory-openssl.htmlx_refsource_MISC
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004vendor-advisory, x_refsource_SLACKWARE
http://secunia.com/advisories/30852third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.htmlvendor-advisory, x_refsource_FEDORA
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/42666vdb-entry, x_refsource_XF
http://secunia.com/advisories/30460third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30825third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/1680vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1020121vdb-entry, x_refsource_SECTRACK
http://www.ubuntu.com/usn/usn-620-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/30868third-party-advisory, x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20080528.txtx_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200806-08.xmlvendor-advisory, x_refsource_GENTOO
http://sourceforge.net/project/shownotes.php?release_id=615606x_refsource_CONFIRM
http://secunia.com/advisories/31288third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30405third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/29405vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2008/1937/referencesvdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/31228third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:107vendor-advisory, x_refsource_MANDRIVA
http://www.kb.cert.org/vuls/id/661475third-party-advisory, x_refsource_CERT-VN
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:01:40.084Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html"
          },
          {
            "name": "SSA:2008-210-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.562004"
          },
          {
            "name": "30852",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30852"
          },
          {
            "name": "FEDORA-2008-4723",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=738400"
          },
          {
            "name": "openssl-servername-dos(42666)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42666"
          },
          {
            "name": "30460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30460"
          },
          {
            "name": "30825",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30825"
          },
          {
            "name": "ADV-2008-1680",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1680"
          },
          {
            "name": "1020121",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020121"
          },
          {
            "name": "USN-620-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-620-1"
          },
          {
            "name": "30868",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30868"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20080528.txt"
          },
          {
            "name": "GLSA-200806-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200806-08.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=615606"
          },
          {
            "name": "31288",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31288"
          },
          {
            "name": "30405",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30405"
          },
          {
            "name": "29405",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29405"
          },
          {
            "name": "ADV-2008-1937",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1937/references"
          },
          {
            "name": "31228",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31228"
          },
          {
            "name": "MDVSA-2008:107",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:107"
          },
          {
            "name": "VU#661475",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/661475"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html"
        },
        {
          "name": "SSA:2008-210-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.562004"
        },
        {
          "name": "30852",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30852"
        },
        {
          "name": "FEDORA-2008-4723",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=738400"
        },
        {
          "name": "openssl-servername-dos(42666)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42666"
        },
        {
          "name": "30460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30460"
        },
        {
          "name": "30825",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30825"
        },
        {
          "name": "ADV-2008-1680",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1680"
        },
        {
          "name": "1020121",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020121"
        },
        {
          "name": "USN-620-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-620-1"
        },
        {
          "name": "30868",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30868"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20080528.txt"
        },
        {
          "name": "GLSA-200806-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200806-08.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=615606"
        },
        {
          "name": "31288",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31288"
        },
        {
          "name": "30405",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30405"
        },
        {
          "name": "29405",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29405"
        },
        {
          "name": "ADV-2008-1937",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1937/references"
        },
        {
          "name": "31228",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31228"
        },
        {
          "name": "MDVSA-2008:107",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:107"
        },
        {
          "name": "VU#661475",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/661475"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-0891",
    "datePublished": "2008-05-29T16:00:00",
    "dateReserved": "2008-02-21T00:00:00",
    "dateUpdated": "2024-08-07T08:01:40.084Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0732
Vulnerability from cvelistv5
Published
2018-06-12 00:00
Modified
2024-08-05 03:35
Severity
Summary
Client DoS due to large DH parameter
References
URLTags
https://lists.debian.org/debian-lts-announce/2018/07/msg00043.htmlmailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/104442vdb-entry, x_refsource_BID
https://www.debian.org/security/2018/dsa-4355vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:2552vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201811-03vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3692-2/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:2553vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3505vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3692-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:3221vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4348vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1041090vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2019:1297vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1296vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1543vendor-advisory, x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/vendor-advisory, x_refsource_FEDORA
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2018-14x_refsource_CONFIRM
https://securityadvisories.paloaltonetworks.com/Home/Detail/133x_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-13x_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-17x_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-12x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20181105-0001/x_refsource_CONFIRM
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3984ef0b72831da8b3ece4745cac4f8575b19098x_refsource_CONFIRM
https://www.openssl.org/news/secadv/20180612.txtx_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ea7abeeabf92b7aca160bdd0208636d4da69f4f4x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190118-0002/x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdfx_refsource_CONFIRM
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:49.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html"
          },
          {
            "name": "104442",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104442"
          },
          {
            "name": "DSA-4355",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4355"
          },
          {
            "name": "RHSA-2018:2552",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2552"
          },
          {
            "name": "GLSA-201811-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-03"
          },
          {
            "name": "USN-3692-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3692-2/"
          },
          {
            "name": "RHSA-2018:2553",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2553"
          },
          {
            "name": "RHSA-2018:3505",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3505"
          },
          {
            "name": "USN-3692-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3692-1/"
          },
          {
            "name": "RHSA-2018:3221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3221"
          },
          {
            "name": "DSA-4348",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4348"
          },
          {
            "name": "1041090",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041090"
          },
          {
            "name": "RHSA-2019:1297",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1297"
          },
          {
            "name": "RHSA-2019:1296",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1296"
          },
          {
            "name": "RHSA-2019:1543",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1543"
          },
          {
            "name": "FEDORA-2019-db06efdea1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
          },
          {
            "name": "FEDORA-2019-00c25b9379",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
          },
          {
            "name": "FEDORA-2019-9a0a7c0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-14"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-13"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-17"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-12"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181105-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3984ef0b72831da8b3ece4745cac4f8575b19098"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20180612.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ea7abeeabf92b7aca160bdd0208636d4da69f4f4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Guido Vranken"
        }
      ],
      "datePublic": "2018-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Client side Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-08T11:06:25",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html"
        },
        {
          "name": "104442",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104442"
        },
        {
          "name": "DSA-4355",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4355"
        },
        {
          "name": "RHSA-2018:2552",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2552"
        },
        {
          "name": "GLSA-201811-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-03"
        },
        {
          "name": "USN-3692-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3692-2/"
        },
        {
          "name": "RHSA-2018:2553",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2553"
        },
        {
          "name": "RHSA-2018:3505",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3505"
        },
        {
          "name": "USN-3692-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3692-1/"
        },
        {
          "name": "RHSA-2018:3221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3221"
        },
        {
          "name": "DSA-4348",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4348"
        },
        {
          "name": "1041090",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041090"
        },
        {
          "name": "RHSA-2019:1297",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1297"
        },
        {
          "name": "RHSA-2019:1296",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1296"
        },
        {
          "name": "RHSA-2019:1543",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1543"
        },
        {
          "name": "FEDORA-2019-db06efdea1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
        },
        {
          "name": "FEDORA-2019-00c25b9379",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
        },
        {
          "name": "FEDORA-2019-9a0a7c0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-14"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-13"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-17"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-12"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181105-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3984ef0b72831da8b3ece4745cac4f8575b19098"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20180612.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ea7abeeabf92b7aca160bdd0208636d4da69f4f4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdf"
        }
      ],
      "title": "Client DoS due to large DH parameter",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2018-06-12",
          "ID": "CVE-2018-0732",
          "STATE": "PUBLIC",
          "TITLE": "Client DoS due to large DH parameter"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h)"
                          },
                          {
                            "version_value": "Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Guido Vranken"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Low",
            "value": "Low"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Client side Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html"
            },
            {
              "name": "104442",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104442"
            },
            {
              "name": "DSA-4355",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4355"
            },
            {
              "name": "RHSA-2018:2552",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2552"
            },
            {
              "name": "GLSA-201811-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-03"
            },
            {
              "name": "USN-3692-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3692-2/"
            },
            {
              "name": "RHSA-2018:2553",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2553"
            },
            {
              "name": "RHSA-2018:3505",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3505"
            },
            {
              "name": "USN-3692-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3692-1/"
            },
            {
              "name": "RHSA-2018:3221",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3221"
            },
            {
              "name": "DSA-4348",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4348"
            },
            {
              "name": "1041090",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041090"
            },
            {
              "name": "RHSA-2019:1297",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1297"
            },
            {
              "name": "RHSA-2019:1296",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1296"
            },
            {
              "name": "RHSA-2019:1543",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1543"
            },
            {
              "name": "FEDORA-2019-db06efdea1",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
            },
            {
              "name": "FEDORA-2019-00c25b9379",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
            },
            {
              "name": "FEDORA-2019-9a0a7c0986",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-14",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-14"
            },
            {
              "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133",
              "refsource": "CONFIRM",
              "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-13",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-13"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-17",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-17"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-12",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-12"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181105-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181105-0001/"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20180612.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20180612.txt"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190118-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2018-0732",
    "datePublished": "2018-06-12T00:00:00",
    "dateReserved": "2017-11-30T00:00:00",
    "dateUpdated": "2024-08-05T03:35:49.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-4343
Vulnerability from cvelistv5
Published
2006-09-28 18:00
Modified
2024-08-07 19:06
Severity
Summary
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
References
URLTags
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/22212third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4750vdb-entry, x_refsource_VUPEN
https://www.exploit-db.com/exploits/4773exploit, x_refsource_EXPLOIT-DB
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.htmlx_refsource_CONFIRM
http://secunia.com/advisories/23915third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771vendor-advisory, x_refsource_HP
http://securitytracker.com/id?1016943vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/23038third-party-advisory, x_refsource_SECUNIA
http://www.trustix.org/errata/2006/0054vendor-advisory, x_refsource_TRUSTIX
https://exchange.xforce.ibmcloud.com/vulnerabilities/29240vdb-entry, x_refsource_XF
http://www.debian.org/security/2006/dsa-1195vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/23309third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4401vdb-entry, x_refsource_VUPEN
http://www.ubuntu.com/usn/usn-353-1vendor-advisory, x_refsource_UBUNTU
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227x_refsource_CONFIRM
http://secunia.com/advisories/22116third-party-advisory, x_refsource_SECUNIA
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144vendor-advisory, x_refsource_HP
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htmx_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/22166third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0695.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/23340third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22385third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_24_sr.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/22758third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22487third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_58_openssl.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/22772third-party-advisory, x_refsource_SECUNIA
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540vendor-advisory, x_refsource_HP
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://secunia.com/advisories/22165third-party-advisory, x_refsource_SECUNIA
http://docs.info.apple.com/article.html?artnum=304829x_refsource_CONFIRM
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.htmlmailing-list, x_refsource_FULLDISC
http://secunia.com/advisories/23794third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=130497311408250&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/22220third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23680third-party-advisory, x_refsource_SECUNIA
http://openvpn.net/changelog.htmlx_refsource_CONFIRM
http://www.vmware.com/support/server/doc/releasenotes_server.htmlx_refsource_CONFIRM
http://secunia.com/advisories/25889third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4036vdb-entry, x_refsource_VUPEN
http://openbsd.org/errata.html#openssl2vendor-advisory, x_refsource_OPENBSD
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlx_refsource_CONFIRM
http://secunia.com/advisories/30124third-party-advisory, x_refsource_SECUNIA
http://www.ingate.com/relnote-452.phpx_refsource_CONFIRM
http://secunia.com/advisories/22626third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/29263vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/22083vdb-entry, x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178vendor-advisory, x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2006/3869vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22544third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22298third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlx_refsource_CONFIRM
http://secunia.com/advisories/22130third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/25420third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31492third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/1973vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22284third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2008-0629.htmlvendor-advisory, x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-200610-11.xmlvendor-advisory, x_refsource_GENTOO
http://issues.rpath.com/browse/RPL-613x_refsource_CONFIRM
http://secunia.com/advisories/26329third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22260third-party-advisory, x_refsource_SECUNIA
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdfx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/0343vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/3860vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/23280third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/447318/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207vdb-entry, signature, x_refsource_OVAL
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144vendor-advisory, x_refsource_HP
http://www.vmware.com/support/player/doc/releasenotes_player.htmlx_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htmx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4264vdb-entry, x_refsource_VUPEN
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlx_refsource_CONFIRM
http://secunia.com/advisories/22193third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.htmlx_refsource_CONFIRM
http://secunia.com/advisories/23155third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22799third-party-advisory, x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946vendor-advisory, x_refsource_SLACKWARE
http://www.vupen.com/english/advisories/2006/4417vdb-entry, x_refsource_VUPEN
http://www.kb.cert.org/vuls/id/386964third-party-advisory, x_refsource_CERT-VN
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=130497311408250&w=2vendor-advisory, x_refsource_HP
http://www.serv-u.com/releasenotes/x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4443vdb-entry, x_refsource_VUPEN
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.htmlx_refsource_CONFIRM
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.htmlx_refsource_CONFIRM
http://secunia.com/advisories/22094third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22186third-party-advisory, x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20060928.txtx_refsource_CONFIRM
http://kolab.org/security/kolab-vendor-notice-11.txtx_refsource_CONFIRM
http://secunia.com/advisories/22500third-party-advisory, x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlvendor-advisory, x_refsource_APPLE
http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlthird-party-advisory, x_refsource_CERT
http://www.securityfocus.com/archive/1/489739/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/22216third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3820vdb-entry, x_refsource_VUPEN
http://lists.vmware.com/pipermail/security-announce/2008/000008.htmlmailing-list, x_refsource_MLIST
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100vendor-advisory, x_refsource_HP
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.htmlvendor-advisory, x_refsource_OPENPKG
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/0905/referencesvdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/1401vdb-entry, x_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1vendor-advisory, x_refsource_SUNALERT
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.ascvendor-advisory, x_refsource_NETBSD
http://www.vmware.com/security/advisories/VMSA-2008-0005.htmlx_refsource_CONFIRM
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771vendor-advisory, x_refsource_HP
http://www.securityfocus.com/archive/1/456546/100/200/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/447393/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2006/3936vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22240third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22330third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.htmlx_refsource_CONFIRM
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144vendor-advisory, x_refsource_HP
http://www.debian.org/security/2006/dsa-1185vendor-advisory, x_refsource_DEBIAN
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.ascvendor-advisory, x_refsource_SGI
http://secunia.com/advisories/22207third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177vendor-advisory, x_refsource_MANDRIVA
http://securitytracker.com/id?1017522vdb-entry, x_refsource_SECTRACK
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.htmlvendor-advisory, x_refsource_CISCO
http://www.vupen.com/english/advisories/2006/3902vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2783vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22259third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22460third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22791third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22172third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.htmlx_refsource_CONFIRM
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/28276vdb-entry, x_refsource_BID
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1vendor-advisory, x_refsource_SUNALERT
http://www.securityfocus.com/bid/20246vdb-entry, x_refsource_BID
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtmlvendor-advisory, x_refsource_CISCO
http://secunia.com/advisories/24950third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1vendor-advisory, x_refsource_SUNALERT
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:06:07.432Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDKSA-2006:172",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172"
          },
          {
            "name": "22212",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "name": "ADV-2006-4750",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "name": "4773",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/4773"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "name": "23915",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "name": "HPSBMA02250",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
          },
          {
            "name": "1016943",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "name": "23038",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "name": "2006-0054",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "name": "openssl-sslv2-client-dos(29240)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240"
          },
          {
            "name": "DSA-1195",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "name": "23309",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "name": "ADV-2006-4401",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "name": "USN-353-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "name": "22116",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "name": "SSRT071304",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm"
          },
          {
            "name": "GLSA-200612-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "name": "22166",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "name": "RHSA-2006:0695",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html"
          },
          {
            "name": "23340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "name": "22385",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "name": "SUSE-SR:2006:024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "name": "22758",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "name": "22487",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "name": "SUSE-SA:2006:058",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "name": "22772",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "name": "SSRT071299",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
          },
          {
            "name": "FreeBSD-SA-06:23.openssl",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc"
          },
          {
            "name": "22165",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html"
          },
          {
            "name": "23794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "name": "SSRT090208",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "name": "22220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "name": "23680",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "name": "25889",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "name": "ADV-2006-4036",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "name": "30124",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "name": "22626",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "name": "29263",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/29263"
          },
          {
            "name": "22083",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "name": "MDKSA-2006:178",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178"
          },
          {
            "name": "ADV-2006-3869",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "name": "22544",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "name": "22298",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "name": "22130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "name": "25420",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25420"
          },
          {
            "name": "31492",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "name": "ADV-2007-1973",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1973"
          },
          {
            "name": "22284",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "name": "oval:org.mitre.oval:def:4356",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356"
          },
          {
            "name": "RHSA-2008:0629",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
          },
          {
            "name": "GLSA-200610-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://issues.rpath.com/browse/RPL-613"
          },
          {
            "name": "26329",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "name": "22260",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf"
          },
          {
            "name": "ADV-2007-0343",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "name": "ADV-2006-3860",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "name": "23280",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:10207",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207"
          },
          {
            "name": "SSRT061213",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm"
          },
          {
            "name": "ADV-2006-4264",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "name": "22193",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "name": "23155",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "name": "22799",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "name": "SSA:2006-272-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "name": "ADV-2006-4417",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "name": "VU#386964",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/386964"
          },
          {
            "name": "HPSBUX02186",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
          },
          {
            "name": "HPSBOV02683",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "name": "ADV-2006-4443",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4443"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "name": "22094",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "name": "22186",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "name": "22500",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "name": "APPLE-SA-2006-11-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
          },
          {
            "name": "TA06-333A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
          },
          {
            "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "name": "22216",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "name": "ADV-2006-3820",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "name": "HPSBUX02174",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "name": "OpenPKG-SA-2006.021",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "name": "ADV-2008-0905",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "name": "ADV-2007-1401",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "name": "102711",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "name": "NetBSD-SA2008-007",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
          },
          {
            "name": "SSRT061275",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
          },
          {
            "name": "20070110 VMware ESX server security updates",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "name": "ADV-2006-3936",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "name": "22240",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "name": "22330",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "name": "HPSBTU02207",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
          },
          {
            "name": "DSA-1185",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "name": "20061001-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
          },
          {
            "name": "22207",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "name": "MDKSA-2006:177",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177"
          },
          {
            "name": "1017522",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "name": "20061108 Multiple Vulnerabilities in OpenSSL Library",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "name": "ADV-2006-3902",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "name": "ADV-2007-2783",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "name": "22259",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "name": "22460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "name": "22791",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22791"
          },
          {
            "name": "22172",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "name": "SSRT061239",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "name": "28276",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "name": "102668",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "name": "20246",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "name": "20061108 Multiple Vulnerabilities in OpenSSL library",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "name": "24950",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "name": "201531",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "MDKSA-2006:172",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172"
        },
        {
          "name": "22212",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22212"
        },
        {
          "name": "ADV-2006-4750",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4750"
        },
        {
          "name": "4773",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/4773"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
        },
        {
          "name": "23915",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23915"
        },
        {
          "name": "HPSBMA02250",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
        },
        {
          "name": "1016943",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016943"
        },
        {
          "name": "23038",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23038"
        },
        {
          "name": "2006-0054",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2006/0054"
        },
        {
          "name": "openssl-sslv2-client-dos(29240)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240"
        },
        {
          "name": "DSA-1195",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1195"
        },
        {
          "name": "23309",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23309"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
        },
        {
          "name": "ADV-2006-4401",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4401"
        },
        {
          "name": "USN-353-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-353-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
        },
        {
          "name": "22116",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22116"
        },
        {
          "name": "SSRT071304",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm"
        },
        {
          "name": "GLSA-200612-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
        },
        {
          "name": "22166",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22166"
        },
        {
          "name": "RHSA-2006:0695",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html"
        },
        {
          "name": "23340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23340"
        },
        {
          "name": "22385",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22385"
        },
        {
          "name": "SUSE-SR:2006:024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
        },
        {
          "name": "22758",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22758"
        },
        {
          "name": "22487",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22487"
        },
        {
          "name": "SUSE-SA:2006:058",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
        },
        {
          "name": "22772",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22772"
        },
        {
          "name": "SSRT071299",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
        },
        {
          "name": "FreeBSD-SA-06:23.openssl",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc"
        },
        {
          "name": "22165",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22165"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=304829"
        },
        {
          "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html"
        },
        {
          "name": "23794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23794"
        },
        {
          "name": "SSRT090208",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "name": "22220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22220"
        },
        {
          "name": "23680",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23680"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://openvpn.net/changelog.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
        },
        {
          "name": "25889",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25889"
        },
        {
          "name": "ADV-2006-4036",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4036"
        },
        {
          "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://openbsd.org/errata.html#openssl2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
        },
        {
          "name": "30124",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30124"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ingate.com/relnote-452.php"
        },
        {
          "name": "22626",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22626"
        },
        {
          "name": "29263",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/29263"
        },
        {
          "name": "22083",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22083"
        },
        {
          "name": "MDKSA-2006:178",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178"
        },
        {
          "name": "ADV-2006-3869",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3869"
        },
        {
          "name": "22544",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22544"
        },
        {
          "name": "22298",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22298"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
        },
        {
          "name": "22130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22130"
        },
        {
          "name": "25420",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25420"
        },
        {
          "name": "31492",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31492"
        },
        {
          "name": "ADV-2007-1973",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1973"
        },
        {
          "name": "22284",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22284"
        },
        {
          "name": "oval:org.mitre.oval:def:4356",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356"
        },
        {
          "name": "RHSA-2008:0629",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
        },
        {
          "name": "GLSA-200610-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://issues.rpath.com/browse/RPL-613"
        },
        {
          "name": "26329",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26329"
        },
        {
          "name": "22260",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22260"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf"
        },
        {
          "name": "ADV-2007-0343",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0343"
        },
        {
          "name": "ADV-2006-3860",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3860"
        },
        {
          "name": "23280",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23280"
        },
        {
          "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:10207",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207"
        },
        {
          "name": "SSRT061213",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm"
        },
        {
          "name": "ADV-2006-4264",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4264"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
        },
        {
          "name": "22193",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22193"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
        },
        {
          "name": "23155",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23155"
        },
        {
          "name": "22799",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22799"
        },
        {
          "name": "SSA:2006-272-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
        },
        {
          "name": "ADV-2006-4417",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4417"
        },
        {
          "name": "VU#386964",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/386964"
        },
        {
          "name": "HPSBUX02186",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
        },
        {
          "name": "HPSBOV02683",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.serv-u.com/releasenotes/"
        },
        {
          "name": "ADV-2006-4443",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4443"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
        },
        {
          "name": "22094",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22094"
        },
        {
          "name": "22186",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22186"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20060928.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
        },
        {
          "name": "22500",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22500"
        },
        {
          "name": "APPLE-SA-2006-11-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
        },
        {
          "name": "TA06-333A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
        },
        {
          "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
        },
        {
          "name": "22216",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22216"
        },
        {
          "name": "ADV-2006-3820",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3820"
        },
        {
          "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
        },
        {
          "name": "HPSBUX02174",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
        },
        {
          "name": "OpenPKG-SA-2006.021",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
        },
        {
          "name": "ADV-2008-0905",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0905/references"
        },
        {
          "name": "ADV-2007-1401",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1401"
        },
        {
          "name": "102711",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
        },
        {
          "name": "NetBSD-SA2008-007",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
        },
        {
          "name": "SSRT061275",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
        },
        {
          "name": "20070110 VMware ESX server security updates",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
        },
        {
          "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
        },
        {
          "name": "ADV-2006-3936",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3936"
        },
        {
          "name": "22240",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22240"
        },
        {
          "name": "22330",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22330"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
        },
        {
          "name": "HPSBTU02207",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
        },
        {
          "name": "DSA-1185",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1185"
        },
        {
          "name": "20061001-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
        },
        {
          "name": "22207",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22207"
        },
        {
          "name": "MDKSA-2006:177",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177"
        },
        {
          "name": "1017522",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017522"
        },
        {
          "name": "20061108 Multiple Vulnerabilities in OpenSSL Library",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
        },
        {
          "name": "ADV-2006-3902",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3902"
        },
        {
          "name": "ADV-2007-2783",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2783"
        },
        {
          "name": "22259",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22259"
        },
        {
          "name": "22460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22460"
        },
        {
          "name": "22791",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22791"
        },
        {
          "name": "22172",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22172"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
        },
        {
          "name": "SSRT061239",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
        },
        {
          "name": "28276",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28276"
        },
        {
          "name": "102668",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
        },
        {
          "name": "20246",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20246"
        },
        {
          "name": "20061108 Multiple Vulnerabilities in OpenSSL library",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
        },
        {
          "name": "24950",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24950"
        },
        {
          "name": "201531",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-4343",
    "datePublished": "2006-09-28T18:00:00",
    "dateReserved": "2006-08-24T00:00:00",
    "dateUpdated": "2024-08-07T19:06:07.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0851
Vulnerability from cvelistv5
Published
2003-11-06 05:00
Modified
2024-08-08 02:05
Severity
Summary
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
References
URLTags
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.htmlvendor-advisory, x_refsource_FEDORA
ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.ascvendor-advisory, x_refsource_SGI
http://secunia.com/advisories/17381third-party-advisory, x_refsource_SECUNIA
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.ascvendor-advisory, x_refsource_NETBSD
http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtmlvendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/bid/8970vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=106796246511667&w=2mailing-list, x_refsource_BUGTRAQ
http://rhn.redhat.com/errata/RHSA-2004-119.htmlvendor-advisory, x_refsource_REDHAT
http://www.openssl.org/news/secadv_20031104.txtx_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/412478third-party-advisory, x_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=108403850228012&w=2mailing-list, x_refsource_BUGTRAQ
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:05:12.617Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:5528",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
          },
          {
            "name": "FEDORA-2005-1042",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
          },
          {
            "name": "20040304-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
          },
          {
            "name": "17381",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17381"
          },
          {
            "name": "NetBSD-SA2004-003",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc"
          },
          {
            "name": "20030930 SSL Implementation Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
          },
          {
            "name": "8970",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/8970"
          },
          {
            "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
          },
          {
            "name": "RHSA-2004:119",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20031104.txt"
          },
          {
            "name": "VU#412478",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/412478"
          },
          {
            "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-11-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:5528",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
        },
        {
          "name": "FEDORA-2005-1042",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
        },
        {
          "name": "20040304-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
        },
        {
          "name": "17381",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17381"
        },
        {
          "name": "NetBSD-SA2004-003",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc"
        },
        {
          "name": "20030930 SSL Implementation Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
        },
        {
          "name": "8970",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/8970"
        },
        {
          "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
        },
        {
          "name": "RHSA-2004:119",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20031104.txt"
        },
        {
          "name": "VU#412478",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/412478"
        },
        {
          "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0851",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:5528",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
            },
            {
              "name": "FEDORA-2005-1042",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
            },
            {
              "name": "20040304-01-U",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
            },
            {
              "name": "17381",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17381"
            },
            {
              "name": "NetBSD-SA2004-003",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc"
            },
            {
              "name": "20030930 SSL Implementation Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
            },
            {
              "name": "8970",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/8970"
            },
            {
              "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
            },
            {
              "name": "RHSA-2004:119",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20031104.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20031104.txt"
            },
            {
              "name": "VU#412478",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/412478"
            },
            {
              "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0851",
    "datePublished": "2003-11-06T05:00:00",
    "dateReserved": "2003-10-10T00:00:00",
    "dateUpdated": "2024-08-08T02:05:12.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-1788
Vulnerability from cvelistv5
Published
2015-06-12 00:00
Modified
2024-08-06 04:54
Severity
Summary
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.
References
URLTags
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=143880121627664&w=2vendor-advisory
http://www.debian.org/security/2015/dsa-3287vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlvendor-advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
http://www.securityfocus.com/bid/75158vdb-entry
https://openssl.org/news/secadv/20150611.txt
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.securitytracker.com/id/1032564vdb-entry
http://www-304.ibm.com/support/docview.wss?uid=swg21960041
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-opensslvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.htmlvendor-advisory
https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-2639-1vendor-advisory
http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
https://security.gentoo.org/glsa/201506-02vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
http://www.securityfocus.com/bid/91787vdb-entry
http://marc.info/?l=bugtraq&m=143880121627664&w=2vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
https://support.apple.com/kb/HT205031
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://support.citrix.com/article/CTX216642
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlvendor-advisory
https://bto.bluecoat.com/security-advisory/sa98
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.ascvendor-advisory
https://www.openssl.org/news/secadv_20150611.txt
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:54:16.088Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2015:1184",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
          },
          {
            "name": "SSRT102180",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
          },
          {
            "name": "DSA-3287",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3287"
          },
          {
            "name": "SUSE-SU-2015:1150",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "name": "75158",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75158"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://openssl.org/news/secadv/20150611.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "SUSE-SU-2015:1182",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "SUSE-SU-2015:1143",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "1032564",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032564"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "SUSE-SU-2015:1181",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
          },
          {
            "name": "APPLE-SA-2015-08-13-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
          },
          {
            "name": "USN-2639-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2639-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
          },
          {
            "name": "GLSA-201506-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201506-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "HPSBUX03388",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT205031"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "SUSE-SU-2015:1185",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
          },
          {
            "name": "openSUSE-SU-2015:1139",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa98"
          },
          {
            "name": "NetBSD-SA2015-008",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150611.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SU-2015:1184",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
        },
        {
          "name": "SSRT102180",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
        },
        {
          "name": "DSA-3287",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3287"
        },
        {
          "name": "SUSE-SU-2015:1150",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
        },
        {
          "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "name": "75158",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/75158"
        },
        {
          "url": "https://openssl.org/news/secadv/20150611.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "SUSE-SU-2015:1182",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "SUSE-SU-2015:1143",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "1032564",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032564"
        },
        {
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "name": "SUSE-SU-2015:1181",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932"
        },
        {
          "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
        },
        {
          "name": "APPLE-SA-2015-08-13-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
        },
        {
          "name": "USN-2639-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2639-1"
        },
        {
          "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
        },
        {
          "name": "GLSA-201506-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201506-02"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "HPSBUX03388",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
        },
        {
          "url": "https://support.apple.com/kb/HT205031"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "SUSE-SU-2015:1185",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
        },
        {
          "name": "openSUSE-SU-2015:1139",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa98"
        },
        {
          "name": "NetBSD-SA2015-008",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150611.txt"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-1788",
    "datePublished": "2015-06-12T00:00:00",
    "dateReserved": "2015-02-17T00:00:00",
    "dateUpdated": "2024-08-06T04:54:16.088Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-4355
Vulnerability from cvelistv5
Published
2010-01-14 19:00
Modified
2024-08-07 07:01
Severity
Summary
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
References
URLTags
http://www.debian.org/security/2010/dsa-1970vendor-advisory, x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2010/0916vdb-entry, x_refsource_VUPEN
http://cvs.openssl.org/chngview?cn=19167x_refsource_CONFIRM
http://secunia.com/advisories/42724third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/39461third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260vdb-entry, signature, x_refsource_OVAL
https://bugzilla.redhat.com/show_bug.cgi?id=546707x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.htmlvendor-advisory, x_refsource_FEDORA
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049vendor-advisory, x_refsource_SLACKWARE
http://secunia.com/advisories/38761third-party-advisory, x_refsource_SECUNIA
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004x_refsource_CONFIRM
http://secunia.com/advisories/38181third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/38200third-party-advisory, x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-3157x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0839vdb-entry, x_refsource_VUPEN
http://cvs.openssl.org/chngview?cn=19069x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=127128920008563&w=2vendor-advisory, x_refsource_HP
http://cvs.openssl.org/chngview?cn=19068x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2010:022vendor-advisory, x_refsource_MANDRIVA
https://rhn.redhat.com/errata/RHSA-2010-0095.htmlvendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-884-1vendor-advisory, x_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=127128920008563&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlvendor-advisory, x_refsource_SUSE
http://www.openwall.com/lists/oss-security/2010/01/13/3mailing-list, x_refsource_MLIST
https://kb.bluecoat.com/index?page=content&id=SA50x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/42733third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0124vdb-entry, x_refsource_VUPEN
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/38175third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168vdb-entry, signature, x_refsource_OVAL
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:19.955Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-1970",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-1970"
          },
          {
            "name": "ADV-2010-0916",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0916"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=19167"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "39461",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39461"
          },
          {
            "name": "oval:org.mitre.oval:def:11260",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546707"
          },
          {
            "name": "FEDORA-2010-5357",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
          },
          {
            "name": "SSA:2010-060-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
          },
          {
            "name": "38761",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38761"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004"
          },
          {
            "name": "38181",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38181"
          },
          {
            "name": "38200",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38200"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-3157"
          },
          {
            "name": "ADV-2010-0839",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0839"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=19069"
          },
          {
            "name": "HPSBUX02517",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=19068"
          },
          {
            "name": "MDVSA-2010:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:022"
          },
          {
            "name": "RHSA-2010:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
          },
          {
            "name": "USN-884-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-884-1"
          },
          {
            "name": "SSRT100058",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "name": "SUSE-SA:2010:008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
          },
          {
            "name": "[oss-security] 20100113 [PATCH] memory consumption (DoS) in openssl CVE-2009-4355",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/01/13/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "oval:org.mitre.oval:def:6678",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "ADV-2010-0124",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0124"
          },
          {
            "name": "FEDORA-2010-5744",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
          },
          {
            "name": "38175",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38175"
          },
          {
            "name": "oval:org.mitre.oval:def:12168",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-01-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-1970",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-1970"
        },
        {
          "name": "ADV-2010-0916",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0916"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=19167"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "39461",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39461"
        },
        {
          "name": "oval:org.mitre.oval:def:11260",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546707"
        },
        {
          "name": "FEDORA-2010-5357",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
        },
        {
          "name": "SSA:2010-060-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
        },
        {
          "name": "38761",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38761"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004"
        },
        {
          "name": "38181",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38181"
        },
        {
          "name": "38200",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38200"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-3157"
        },
        {
          "name": "ADV-2010-0839",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0839"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=19069"
        },
        {
          "name": "HPSBUX02517",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=19068"
        },
        {
          "name": "MDVSA-2010:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:022"
        },
        {
          "name": "RHSA-2010:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
        },
        {
          "name": "USN-884-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-884-1"
        },
        {
          "name": "SSRT100058",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "name": "SUSE-SA:2010:008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
        },
        {
          "name": "[oss-security] 20100113 [PATCH] memory consumption (DoS) in openssl CVE-2009-4355",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/01/13/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "oval:org.mitre.oval:def:6678",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "ADV-2010-0124",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0124"
        },
        {
          "name": "FEDORA-2010-5744",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
        },
        {
          "name": "38175",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38175"
        },
        {
          "name": "oval:org.mitre.oval:def:12168",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4355",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-1970",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2010/dsa-1970"
            },
            {
              "name": "ADV-2010-0916",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0916"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=19167",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=19167"
            },
            {
              "name": "42724",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42724"
            },
            {
              "name": "39461",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39461"
            },
            {
              "name": "oval:org.mitre.oval:def:11260",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=546707",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546707"
            },
            {
              "name": "FEDORA-2010-5357",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
            },
            {
              "name": "SSA:2010-060-02",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
            },
            {
              "name": "38761",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38761"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004"
            },
            {
              "name": "38181",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38181"
            },
            {
              "name": "38200",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38200"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-3157",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-3157"
            },
            {
              "name": "ADV-2010-0839",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0839"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=19069",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=19069"
            },
            {
              "name": "HPSBUX02517",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=19068",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=19068"
            },
            {
              "name": "MDVSA-2010:022",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:022"
            },
            {
              "name": "RHSA-2010:0095",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
            },
            {
              "name": "USN-884-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-884-1"
            },
            {
              "name": "SSRT100058",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
            },
            {
              "name": "SUSE-SA:2010:008",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
            },
            {
              "name": "[oss-security] 20100113 [PATCH] memory consumption (DoS) in openssl CVE-2009-4355",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2010/01/13/3"
            },
            {
              "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA50",
              "refsource": "CONFIRM",
              "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
            },
            {
              "name": "oval:org.mitre.oval:def:6678",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678"
            },
            {
              "name": "42733",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42733"
            },
            {
              "name": "ADV-2010-0124",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0124"
            },
            {
              "name": "FEDORA-2010-5744",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
            },
            {
              "name": "38175",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38175"
            },
            {
              "name": "oval:org.mitre.oval:def:12168",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4355",
    "datePublished": "2010-01-14T19:00:00",
    "dateReserved": "2009-12-18T00:00:00",
    "dateUpdated": "2024-08-07T07:01:19.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0112
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:10
Severity
Summary
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
References
URLTags
http://www.securityfocus.com/bid/9899vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=108403806509920&w=2vendor-advisory, x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2004-121.htmlvendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2004:023vendor-advisory, x_refsource_MANDRAKE
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834vendor-advisory, x_refsource_CONECTIVA
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txtvendor-advisory, x_refsource_SCO
http://www.uniras.gov.uk/vuls/2004/224012/index.htmx_refsource_MISC
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524vendor-advisory, x_refsource_SUNALERT
http://www.novell.com/linux/security/advisories/2004_07_openssl.htmlvendor-advisory, x_refsource_SUSE
http://lists.apple.com/mhonarc/security-announce/msg00045.htmlx_refsource_CONFIRM
http://www.openssl.org/news/secadv_20040317.txtx_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.ascvendor-advisory, x_refsource_NETBSD
http://www.ciac.org/ciac/bulletins/o-101.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
http://www.us-cert.gov/cas/techalerts/TA04-078A.htmlthird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049vdb-entry, signature, x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/15508vdb-entry, x_refsource_XF
http://www.kb.cert.org/vuls/id/484726third-party-advisory, x_refsource_CERT-VN
http://security.gentoo.org/glsa/glsa-200403-03.xmlvendor-advisory, x_refsource_GENTOO
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/11139third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2004-120.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=107953412903636&w=2mailing-list, x_refsource_BUGTRAQ
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961vendor-advisory, x_refsource_SLACKWARE
http://www.trustix.org/errata/2004/0012vendor-advisory, x_refsource_TRUSTIX
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtmlvendor-advisory, x_refsource_CISCO
http://docs.info.apple.com/article.html?artnum=61798x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlvendor-advisory, x_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928vdb-entry, signature, x_refsource_OVAL
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:10:03.359Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "9899",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9899"
          },
          {
            "name": "SSRT4717",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
          },
          {
            "name": "RHSA-2004:121",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
          },
          {
            "name": "MDKSA-2004:023",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
          },
          {
            "name": "CLA-2004:834",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
          },
          {
            "name": "SCOSA-2004.10",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
          },
          {
            "name": "57524",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
          },
          {
            "name": "SuSE-SA:2004:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20040317.txt"
          },
          {
            "name": "NetBSD-SA2004-005",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
          },
          {
            "name": "O-101",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
          },
          {
            "name": "TA04-078A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:1049",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
          },
          {
            "name": "openssl-kerberos-ciphersuites-dos(15508)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
          },
          {
            "name": "VU#484726",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/484726"
          },
          {
            "name": "GLSA-200403-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:9580",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
          },
          {
            "name": "11139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/11139"
          },
          {
            "name": "RHSA-2004:120",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
          },
          {
            "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
          },
          {
            "name": "APPLE-SA-2005-08-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
          },
          {
            "name": "SSA:2004-077",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
          },
          {
            "name": "2004-0012",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2004/0012"
          },
          {
            "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=61798"
          },
          {
            "name": "APPLE-SA-2005-08-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
          },
          {
            "name": "oval:org.mitre.oval:def:928",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-03-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "9899",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9899"
        },
        {
          "name": "SSRT4717",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
        },
        {
          "name": "RHSA-2004:121",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
        },
        {
          "name": "MDKSA-2004:023",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
        },
        {
          "name": "CLA-2004:834",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
        },
        {
          "name": "SCOSA-2004.10",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
        },
        {
          "name": "57524",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
        },
        {
          "name": "SuSE-SA:2004:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20040317.txt"
        },
        {
          "name": "NetBSD-SA2004-005",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
        },
        {
          "name": "O-101",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
        },
        {
          "name": "TA04-078A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:1049",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
        },
        {
          "name": "openssl-kerberos-ciphersuites-dos(15508)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
        },
        {
          "name": "VU#484726",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/484726"
        },
        {
          "name": "GLSA-200403-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
        },
        {
          "name": "oval:org.mitre.oval:def:9580",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
        },
        {
          "name": "11139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/11139"
        },
        {
          "name": "RHSA-2004:120",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
        },
        {
          "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
        },
        {
          "name": "APPLE-SA-2005-08-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
        },
        {
          "name": "SSA:2004-077",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
        },
        {
          "name": "2004-0012",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2004/0012"
        },
        {
          "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=61798"
        },
        {
          "name": "APPLE-SA-2005-08-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
        },
        {
          "name": "oval:org.mitre.oval:def:928",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0112",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "9899",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "SSRT4717",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "MDKSA-2004:023",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
            },
            {
              "name": "CLA-2004:834",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "refsource": "SCO",
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
              "refsource": "MISC",
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "57524",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "SuSE-SA:2004:007",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
            },
            {
              "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
              "refsource": "CONFIRM",
              "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20040317.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20040317.txt"
            },
            {
              "name": "NetBSD-SA2004-005",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
            },
            {
              "name": "O-101",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
            },
            {
              "name": "TA04-078A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:1049",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
            },
            {
              "name": "openssl-kerberos-ciphersuites-dos(15508)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
            },
            {
              "name": "VU#484726",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/484726"
            },
            {
              "name": "GLSA-200403-03",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:9580",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
            },
            {
              "name": "11139",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
            },
            {
              "name": "APPLE-SA-2005-08-15",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
            },
            {
              "name": "SSA:2004-077",
              "refsource": "SLACKWARE",
              "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
            },
            {
              "name": "2004-0012",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=61798",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=61798"
            },
            {
              "name": "APPLE-SA-2005-08-17",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
            },
            {
              "name": "oval:org.mitre.oval:def:928",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0112",
    "datePublished": "2004-03-18T05:00:00",
    "dateReserved": "2004-02-02T00:00:00",
    "dateUpdated": "2024-08-08T00:10:03.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0797
Vulnerability from cvelistv5
Published
2016-03-03 00:00
Modified
2024-08-05 22:30
Severity
Summary
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
References
URLTags
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/83763vdb-entry
https://kc.mcafee.com/corporate/index?page=content&id=SB10156
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.ascvendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=145889460330120&w=2vendor-advisory
http://www.ubuntu.com/usn/USN-2914-1vendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.htmlvendor-advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.htmlvendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c175308407858afff3fc8c2e5e085d94d12edc7d
http://openssl.org/news/secadv/20160301.txt
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-opensslvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.htmlvendor-advisory
http://www.debian.org/security/2016/dsa-3500vendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.htmlvendor-advisory
https://www.openssl.org/news/secadv/20160301.txt
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.securityfocus.com/bid/91787vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
https://security.gentoo.org/glsa/201603-15vendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlvendor-advisory
http://www.securitytracker.com/id/1035133vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:05.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "83763",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/83763"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10156"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "openSUSE-SU-2016:0638",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
          },
          {
            "name": "FreeBSD-SA-16:12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:0621",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "name": "HPSBGN03563",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
          },
          {
            "name": "USN-2914-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2914-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "SUSE-SU-2016:1057",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
          },
          {
            "name": "openSUSE-SU-2016:1566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c175308407858afff3fc8c2e5e085d94d12edc7d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20160301.txt"
          },
          {
            "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
          },
          {
            "name": "openSUSE-SU-2016:0720",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "SUSE-SU-2016:0624",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
          },
          {
            "name": "DSA-3500",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3500"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
          },
          {
            "name": "SUSE-SU-2016:0631",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160301.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "SUSE-SU-2016:0617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "GLSA-201603-15",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201603-15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "name": "openSUSE-SU-2016:0628",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
          },
          {
            "name": "1035133",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035133"
          },
          {
            "name": "SUSE-SU-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
          },
          {
            "name": "SUSE-SU-2016:0620",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "name": "openSUSE-SU-2016:0627",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
          },
          {
            "name": "SUSE-SU-2016:0641",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "83763",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/83763"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10156"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "openSUSE-SU-2016:0638",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
        },
        {
          "name": "FreeBSD-SA-16:12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "openSUSE-SU-2016:1239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:0621",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "name": "HPSBGN03563",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
        },
        {
          "name": "USN-2914-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2914-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "SUSE-SU-2016:1057",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
        },
        {
          "name": "openSUSE-SU-2016:1566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
        },
        {
          "name": "openSUSE-SU-2016:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c175308407858afff3fc8c2e5e085d94d12edc7d"
        },
        {
          "url": "http://openssl.org/news/secadv/20160301.txt"
        },
        {
          "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
        },
        {
          "name": "openSUSE-SU-2016:0720",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "name": "SUSE-SU-2016:0624",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
        },
        {
          "name": "DSA-3500",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3500"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
        },
        {
          "name": "SUSE-SU-2016:0631",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160301.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "SUSE-SU-2016:0617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "GLSA-201603-15",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201603-15"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "name": "openSUSE-SU-2016:0628",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
        },
        {
          "name": "1035133",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035133"
        },
        {
          "name": "SUSE-SU-2016:0678",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
        },
        {
          "name": "SUSE-SU-2016:0620",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "name": "openSUSE-SU-2016:0627",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
        },
        {
          "name": "SUSE-SU-2016:0641",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0797",
    "datePublished": "2016-03-03T00:00:00",
    "dateReserved": "2015-12-16T00:00:00",
    "dateUpdated": "2024-08-05T22:30:05.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-4108
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-07 00:01
Severity
Summary
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
References
URLTags
http://secunia.com/advisories/48528third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/57260third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.htmlvendor-advisory, x_refsource_SUSE
http://www.mandriva.com/security/advisories?name=MDVSA-2012:006vendor-advisory, x_refsource_MANDRIVA
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlvendor-advisory, x_refsource_FEDORA
http://www.openssl.org/news/secadv_20120104.txtx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2012-1308.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2012-1307.htmlvendor-advisory, x_refsource_REDHAT
http://www.isg.rhul.ac.uk/~kp/dtls.pdfx_refsource_MISC
http://support.apple.com/kb/HT5784x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.kb.cert.org/vuls/id/737740third-party-advisory, x_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=132750648501816&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007vendor-advisory, x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2012-1306.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/57353third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=133951357207000&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=132750648501816&w=2vendor-advisory, x_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041vendor-advisory, x_refsource_HP
http://www.debian.org/security/2012/dsa-2390vendor-advisory, x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=133951357207000&w=2vendor-advisory, x_refsource_HP
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.ascx_refsource_CONFIRM
https://security.paloaltonetworks.com/CVE-2011-4108x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:01:49.959Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48528",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48528"
          },
          {
            "name": "57260",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57260"
          },
          {
            "name": "HPSBMU02786",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "openSUSE-SU-2012:0083",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
          },
          {
            "name": "MDVSA-2012:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006"
          },
          {
            "name": "FEDORA-2012-18035",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20120104.txt"
          },
          {
            "name": "SUSE-SU-2012:0084",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
          },
          {
            "name": "RHSA-2012:1308",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
          },
          {
            "name": "RHSA-2012:1307",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "name": "SUSE-SU-2014:0320",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          },
          {
            "name": "VU#737740",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/737740"
          },
          {
            "name": "HPSBUX02734",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
          },
          {
            "name": "MDVSA-2012:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
          },
          {
            "name": "RHSA-2012:1306",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
          },
          {
            "name": "HPSBOV02793",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "SSRT100891",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "SSRT100852",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "SSRT100729",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
          },
          {
            "name": "SSRT100877",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "name": "DSA-2390",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2390"
          },
          {
            "name": "HPSBMU02776",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2011-4108"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-17T16:03:43",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "48528",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48528"
        },
        {
          "name": "57260",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57260"
        },
        {
          "name": "HPSBMU02786",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "openSUSE-SU-2012:0083",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
        },
        {
          "name": "MDVSA-2012:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006"
        },
        {
          "name": "FEDORA-2012-18035",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20120104.txt"
        },
        {
          "name": "SUSE-SU-2012:0084",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
        },
        {
          "name": "RHSA-2012:1308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
        },
        {
          "name": "RHSA-2012:1307",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5784"
        },
        {
          "name": "SUSE-SU-2014:0320",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
        },
        {
          "name": "APPLE-SA-2013-06-04-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
        },
        {
          "name": "VU#737740",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/737740"
        },
        {
          "name": "HPSBUX02734",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
        },
        {
          "name": "MDVSA-2012:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
        },
        {
          "name": "RHSA-2012:1306",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
        },
        {
          "name": "HPSBOV02793",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "SSRT100891",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "SSRT100852",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "name": "SSRT100729",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
        },
        {
          "name": "SSRT100877",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "name": "DSA-2390",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2390"
        },
        {
          "name": "HPSBMU02776",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2011-4108"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4108",
    "datePublished": "2012-01-06T01:00:00",
    "dateReserved": "2011-10-18T00:00:00",
    "dateUpdated": "2024-08-07T00:01:49.959Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0543
Vulnerability from cvelistv5
Published
2003-10-01 04:00
Modified
2024-08-08 01:58
Severity
Summary
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
References
URLTags
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5292vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2003-292.htmlvendor-advisory, x_refsource_REDHAT
http://www.kb.cert.org/vuls/id/255484third-party-advisory, x_refsource_CERT-VN
http://www.vupen.com/english/advisories/2006/3900vdb-entry, x_refsource_VUPEN
http://www.debian.org/security/2003/dsa-393vendor-advisory, x_refsource_DEBIAN
http://www-1.ibm.com/support/docview.wss?uid=swg21247112x_refsource_CONFIRM
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htmx_refsource_MISC
http://www.debian.org/security/2003/dsa-394vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2003-291.htmlvendor-advisory, x_refsource_REDHAT
http://www.cert.org/advisories/CA-2003-26.htmlthird-party-advisory, x_refsource_CERT
http://secunia.com/advisories/22249third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4254vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/bid/8732vdb-entry, x_refsource_BID
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1vendor-advisory, x_refsource_SUNALERT
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893x_refsource_CONFIRM
http://www.linuxsecurity.com/advisories/engarde_advisory-3693.htmlvendor-advisory, x_refsource_ENGARDE
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:58:11.025Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:5292",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5292"
          },
          {
            "name": "RHSA-2003:292",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
          },
          {
            "name": "VU#255484",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/255484"
          },
          {
            "name": "ADV-2006-3900",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3900"
          },
          {
            "name": "DSA-393",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-393"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
          },
          {
            "name": "DSA-394",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-394"
          },
          {
            "name": "RHSA-2003:291",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-291.html"
          },
          {
            "name": "CA-2003-26",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.cert.org/advisories/CA-2003-26.html"
          },
          {
            "name": "22249",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22249"
          },
          {
            "name": "oval:org.mitre.oval:def:4254",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4254"
          },
          {
            "name": "8732",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/8732"
          },
          {
            "name": "201029",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
          },
          {
            "name": "ESA-20030930-027",
            "tags": [
              "vendor-advisory",
              "x_refsource_ENGARDE",
              "x_transferred"
            ],
            "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-09-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:5292",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5292"
        },
        {
          "name": "RHSA-2003:292",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
        },
        {
          "name": "VU#255484",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/255484"
        },
        {
          "name": "ADV-2006-3900",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3900"
        },
        {
          "name": "DSA-393",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-393"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
        },
        {
          "name": "DSA-394",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-394"
        },
        {
          "name": "RHSA-2003:291",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-291.html"
        },
        {
          "name": "CA-2003-26",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.cert.org/advisories/CA-2003-26.html"
        },
        {
          "name": "22249",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22249"
        },
        {
          "name": "oval:org.mitre.oval:def:4254",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4254"
        },
        {
          "name": "8732",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/8732"
        },
        {
          "name": "201029",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
        },
        {
          "name": "ESA-20030930-027",
          "tags": [
            "vendor-advisory",
            "x_refsource_ENGARDE"
          ],
          "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0543",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:5292",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5292"
            },
            {
              "name": "RHSA-2003:292",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
            },
            {
              "name": "VU#255484",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/255484"
            },
            {
              "name": "ADV-2006-3900",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3900"
            },
            {
              "name": "DSA-393",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-393"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
            },
            {
              "name": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm",
              "refsource": "MISC",
              "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
            },
            {
              "name": "DSA-394",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-394"
            },
            {
              "name": "RHSA-2003:291",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-291.html"
            },
            {
              "name": "CA-2003-26",
              "refsource": "CERT",
              "url": "http://www.cert.org/advisories/CA-2003-26.html"
            },
            {
              "name": "22249",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22249"
            },
            {
              "name": "oval:org.mitre.oval:def:4254",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4254"
            },
            {
              "name": "8732",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/8732"
            },
            {
              "name": "201029",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
            },
            {
              "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
            },
            {
              "name": "ESA-20030930-027",
              "refsource": "ENGARDE",
              "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0543",
    "datePublished": "2003-10-01T04:00:00",
    "dateReserved": "2003-07-14T00:00:00",
    "dateUpdated": "2024-08-08T01:58:11.025Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3508
Vulnerability from cvelistv5
Published
2014-08-13 23:00
Modified
2024-08-06 10:43
Severity
Summary
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.
References
URLTags
http://rhn.redhat.com/errata/RHSA-2014-1297.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=140973896703549&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61214third-party-advisory, x_refsource_SECUNIA
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87x_refsource_CONFIRM
http://linux.oracle.com/errata/ELSA-2014-1052.htmlx_refsource_CONFIRM
http://secunia.com/advisories/60221third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21682293x_refsource_CONFIRM
http://secunia.com/advisories/60778third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61184third-party-advisory, x_refsource_SECUNIA
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosurex_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2014-1256.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/60022third-party-advisory, x_refsource_SECUNIA
https://www.openssl.org/news/secadv_20140806.txtx_refsource_CONFIRM
http://secunia.com/advisories/61017third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61250third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21683389x_refsource_CONFIRM
http://www.securityfocus.com/bid/69075vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=142791032306609&w=2vendor-advisory, x_refsource_HP
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htmx_refsource_CONFIRM
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888x_refsource_CONFIRM
http://secunia.com/advisories/60410third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142495837901899&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/60803third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60824third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140853041709441&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59700third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id/1030693vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/59743third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380x_refsource_CONFIRM
http://secunia.com/advisories/60861third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21681752x_refsource_CONFIRM
http://secunia.com/advisories/60917third-party-advisory, x_refsource_SECUNIA
http://www.tenable.com/security/tns-2014-06x_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.ascvendor-advisory, x_refsource_NETBSD
http://secunia.com/advisories/60493third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59710third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60921third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=141077370928502&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59221third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240x_refsource_CONFIRM
http://secunia.com/advisories/61100third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory, x_refsource_SUSE
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://secunia.com/advisories/61775third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142495837901899&w=2vendor-advisory, x_refsource_HP
http://www.debian.org/security/2014/dsa-2998vendor-advisory, x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=143290437727362&w=2vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=140853041709441&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61959third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59756third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142624590206005&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=143290522027658&w=2vendor-advisory, x_refsource_HP
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.ascx_refsource_CONFIRM
http://secunia.com/advisories/58962third-party-advisory, x_refsource_SECUNIA
http://linux.oracle.com/errata/ELSA-2014-1053.htmlx_refsource_CONFIRM
http://secunia.com/advisories/61392third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60938third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60684third-party-advisory, x_refsource_SECUNIA
https://support.citrix.com/article/CTX216642x_refsource_CONFIRM
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.htmlmailing-list, x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1127490x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/95165vdb-entry, x_refsource_XF
http://secunia.com/advisories/61171third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60687third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2014:158vendor-advisory, x_refsource_MANDRIVA
http://www-01.ibm.com/support/docview.wss?uid=swg21686997x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:06.460Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2014:1297",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
          },
          {
            "name": "openSUSE-SU-2014:1052",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
          },
          {
            "name": "HPSBGN03099",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140973896703549\u0026w=2"
          },
          {
            "name": "61214",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61214"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
          },
          {
            "name": "60221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
          },
          {
            "name": "60778",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60778"
          },
          {
            "name": "61184",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61184"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "RHSA-2014:1256",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
          },
          {
            "name": "60022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60022"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20140806.txt"
          },
          {
            "name": "61017",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61017"
          },
          {
            "name": "61250",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61250"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
          },
          {
            "name": "69075",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69075"
          },
          {
            "name": "HPSBMU03304",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "60410",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60410"
          },
          {
            "name": "HPSBMU03260",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "name": "60803",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60803"
          },
          {
            "name": "60824",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60824"
          },
          {
            "name": "HPSBUX03095",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
          },
          {
            "name": "59700",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59700"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "name": "1030693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030693"
          },
          {
            "name": "59743",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59743"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "name": "60861",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60861"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681752"
          },
          {
            "name": "60917",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60917"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.tenable.com/security/tns-2014-06"
          },
          {
            "name": "NetBSD-SA2014-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
          },
          {
            "name": "60493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60493"
          },
          {
            "name": "59710",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59710"
          },
          {
            "name": "60921",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60921"
          },
          {
            "name": "HPSBOV03099",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
          },
          {
            "name": "59221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
          },
          {
            "name": "61100",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61100"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "name": "FreeBSD-SA-14:18",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
          },
          {
            "name": "61775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61775"
          },
          {
            "name": "SSRT101894",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "name": "DSA-2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2998"
          },
          {
            "name": "HPSBMU03263",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
          },
          {
            "name": "FEDORA-2014-9301",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
          },
          {
            "name": "SSRT101674",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
          },
          {
            "name": "61959",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61959"
          },
          {
            "name": "59756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59756"
          },
          {
            "name": "HPSBMU03267",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
          },
          {
            "name": "HPSBMU03261",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
          },
          {
            "name": "58962",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58962"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
          },
          {
            "name": "61392",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61392"
          },
          {
            "name": "60938",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60938"
          },
          {
            "name": "60684",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60684"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127490"
          },
          {
            "name": "openssl-cve20143508-info-disc(95165)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95165"
          },
          {
            "name": "61171",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61171"
          },
          {
            "name": "60687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60687"
          },
          {
            "name": "MDVSA-2014:158",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of \u0027\\0\u0027 characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-14T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2014:1297",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
        },
        {
          "name": "openSUSE-SU-2014:1052",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
        },
        {
          "name": "HPSBGN03099",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140973896703549\u0026w=2"
        },
        {
          "name": "61214",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61214"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
        },
        {
          "name": "60221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
        },
        {
          "name": "60778",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60778"
        },
        {
          "name": "61184",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61184"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "RHSA-2014:1256",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
        },
        {
          "name": "60022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60022"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20140806.txt"
        },
        {
          "name": "61017",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61017"
        },
        {
          "name": "61250",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61250"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
        },
        {
          "name": "69075",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69075"
        },
        {
          "name": "HPSBMU03304",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "60410",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60410"
        },
        {
          "name": "HPSBMU03260",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "name": "60803",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60803"
        },
        {
          "name": "60824",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60824"
        },
        {
          "name": "HPSBUX03095",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
        },
        {
          "name": "59700",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59700"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "name": "1030693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030693"
        },
        {
          "name": "59743",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59743"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "name": "60861",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60861"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681752"
        },
        {
          "name": "60917",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60917"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.tenable.com/security/tns-2014-06"
        },
        {
          "name": "NetBSD-SA2014-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
        },
        {
          "name": "60493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60493"
        },
        {
          "name": "59710",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59710"
        },
        {
          "name": "60921",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60921"
        },
        {
          "name": "HPSBOV03099",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
        },
        {
          "name": "59221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
        },
        {
          "name": "61100",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61100"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "name": "FreeBSD-SA-14:18",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
        },
        {
          "name": "61775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61775"
        },
        {
          "name": "SSRT101894",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "name": "DSA-2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2998"
        },
        {
          "name": "HPSBMU03263",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
        },
        {
          "name": "FEDORA-2014-9301",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
        },
        {
          "name": "SSRT101674",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
        },
        {
          "name": "61959",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61959"
        },
        {
          "name": "59756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59756"
        },
        {
          "name": "HPSBMU03267",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
        },
        {
          "name": "HPSBMU03261",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
        },
        {
          "name": "58962",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58962"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
        },
        {
          "name": "61392",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61392"
        },
        {
          "name": "60938",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60938"
        },
        {
          "name": "60684",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60684"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127490"
        },
        {
          "name": "openssl-cve20143508-info-disc(95165)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95165"
        },
        {
          "name": "61171",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61171"
        },
        {
          "name": "60687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60687"
        },
        {
          "name": "MDVSA-2014:158",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3508",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of \u0027\\0\u0027 characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2014:1297",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
            },
            {
              "name": "openSUSE-SU-2014:1052",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
            },
            {
              "name": "HPSBGN03099",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140973896703549\u0026w=2"
            },
            {
              "name": "61214",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61214"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1052.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
            },
            {
              "name": "60221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60221"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
            },
            {
              "name": "60778",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60778"
            },
            {
              "name": "61184",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61184"
            },
            {
              "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure",
              "refsource": "CONFIRM",
              "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure"
            },
            {
              "name": "SSRT101846",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "RHSA-2014:1256",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
            },
            {
              "name": "60022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60022"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20140806.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20140806.txt"
            },
            {
              "name": "61017",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61017"
            },
            {
              "name": "61250",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61250"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
            },
            {
              "name": "69075",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69075"
            },
            {
              "name": "HPSBMU03304",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
            },
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html",
              "refsource": "CONFIRM",
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html"
            },
            {
              "name": "HPSBHF03293",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
            },
            {
              "name": "60410",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60410"
            },
            {
              "name": "HPSBMU03260",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
            },
            {
              "name": "60803",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60803"
            },
            {
              "name": "60824",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60824"
            },
            {
              "name": "HPSBUX03095",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
            },
            {
              "name": "59700",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59700"
            },
            {
              "name": "FEDORA-2014-9308",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
            },
            {
              "name": "1030693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030693"
            },
            {
              "name": "59743",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59743"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
            },
            {
              "name": "60861",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60861"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681752",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681752"
            },
            {
              "name": "60917",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60917"
            },
            {
              "name": "http://www.tenable.com/security/tns-2014-06",
              "refsource": "CONFIRM",
              "url": "http://www.tenable.com/security/tns-2014-06"
            },
            {
              "name": "NetBSD-SA2014-008",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
            },
            {
              "name": "60493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60493"
            },
            {
              "name": "59710",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59710"
            },
            {
              "name": "60921",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60921"
            },
            {
              "name": "HPSBOV03099",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
            },
            {
              "name": "59221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59221"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
            },
            {
              "name": "61100",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61100"
            },
            {
              "name": "SUSE-SU-2015:0578",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
            },
            {
              "name": "FreeBSD-SA-14:18",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
            },
            {
              "name": "61775",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61775"
            },
            {
              "name": "SSRT101894",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
            },
            {
              "name": "DSA-2998",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2998"
            },
            {
              "name": "HPSBMU03263",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
            },
            {
              "name": "FEDORA-2014-9301",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
            },
            {
              "name": "SSRT101674",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
            },
            {
              "name": "61959",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61959"
            },
            {
              "name": "59756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59756"
            },
            {
              "name": "HPSBMU03267",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
            },
            {
              "name": "HPSBMU03261",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
            },
            {
              "name": "58962",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58962"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1053.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
            },
            {
              "name": "61392",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61392"
            },
            {
              "name": "60938",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60938"
            },
            {
              "name": "60684",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60684"
            },
            {
              "name": "https://support.citrix.com/article/CTX216642",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX216642"
            },
            {
              "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
              "refsource": "MLIST",
              "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1127490",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127490"
            },
            {
              "name": "openssl-cve20143508-info-disc(95165)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95165"
            },
            {
              "name": "61171",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61171"
            },
            {
              "name": "60687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60687"
            },
            {
              "name": "MDVSA-2014:158",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3508",
    "datePublished": "2014-08-13T23:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:43:06.460Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-1378
Vulnerability from cvelistv5
Published
2009-05-19 19:00
Modified
2024-08-07 05:13
Severity
Summary
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
References
URLTags
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guestx_refsource_CONFIRM
http://secunia.com/advisories/42724third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229vdb-entry, signature, x_refsource_OVAL
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049vendor-advisory, x_refsource_SLACKWARE
http://secunia.com/advisories/38794third-party-advisory, x_refsource_SECUNIA
http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlmailing-list, x_refsource_MLIST
https://www.exploit-db.com/exploits/8720exploit, x_refsource_EXPLOIT-DB
http://www.vupen.com/english/advisories/2009/1377vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/35729third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200912-01.xmlvendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2009-1335.htmlvendor-advisory, x_refsource_REDHAT
http://cvs.openssl.org/chngview?cn=18188x_refsource_CONFIRM
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444vendor-advisory, x_refsource_HP
http://secunia.com/advisories/38761third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/37003third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=openssl-dev&m=124263491424212&w=2mailing-list, x_refsource_MLIST
http://secunia.com/advisories/36533third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1022241vdb-entry, x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-792-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlvendor-advisory, x_refsource_SUSE
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.htmlx_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2009/05/18/1mailing-list, x_refsource_MLIST
https://launchpad.net/bugs/cve/2009-1378x_refsource_MISC
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.ascvendor-advisory, x_refsource_NETBSD
http://www.securityfocus.com/bid/35001vdb-entry, x_refsource_BID
http://secunia.com/advisories/38834third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:120vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/35461third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35128third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35571third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35416third-party-advisory, x_refsource_SECUNIA
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.netx_refsource_CONFIRM
https://kb.bluecoat.com/index?page=content&id=SA50x_refsource_CONFIRM
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444vendor-advisory, x_refsource_HP
http://marc.info/?l=openssl-dev&m=124247679213944&w=2mailing-list, x_refsource_MLIST
http://secunia.com/advisories/42733third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0528vdb-entry, x_refsource_VUPEN
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:13:25.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rt.openssl.org/Ticket/Display.html?id=1931\u0026user=guest\u0026pass=guest"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "oval:org.mitre.oval:def:7229",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229"
          },
          {
            "name": "SSA:2010-060-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
          },
          {
            "name": "38794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "name": "8720",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8720"
          },
          {
            "name": "ADV-2009-1377",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1377"
          },
          {
            "name": "oval:org.mitre.oval:def:11309",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309"
          },
          {
            "name": "35729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35729"
          },
          {
            "name": "GLSA-200912-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
          },
          {
            "name": "RHSA-2009:1335",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=18188"
          },
          {
            "name": "HPSBMA02492",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "38761",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38761"
          },
          {
            "name": "37003",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37003"
          },
          {
            "name": "[openssl-dev] 20090518 Re: [openssl.org #1931] [PATCH] DTLS fragment handling memory leak",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=openssl-dev\u0026m=124263491424212\u0026w=2"
          },
          {
            "name": "36533",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36533"
          },
          {
            "name": "1022241",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022241"
          },
          {
            "name": "USN-792-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-792-1"
          },
          {
            "name": "SUSE-SR:2009:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
          },
          {
            "name": "[oss-security] 20090518 Two OpenSSL DTLS remote DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/05/18/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.net/bugs/cve/2009-1378"
          },
          {
            "name": "NetBSD-SA2009-009",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
          },
          {
            "name": "35001",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35001"
          },
          {
            "name": "38834",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "name": "MDVSA-2009:120",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:120"
          },
          {
            "name": "35461",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35461"
          },
          {
            "name": "35128",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35128"
          },
          {
            "name": "35571",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35571"
          },
          {
            "name": "35416",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35416"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "SSRT100079",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "[openssl-dev] 20090516 [openssl.org #1931] [PATCH] DTLS fragment handling memory leak",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=openssl-dev\u0026m=124247679213944\u0026w=2"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "ADV-2010-0528",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka \"DTLS fragment handling memory leak.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rt.openssl.org/Ticket/Display.html?id=1931\u0026user=guest\u0026pass=guest"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "oval:org.mitre.oval:def:7229",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229"
        },
        {
          "name": "SSA:2010-060-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
        },
        {
          "name": "38794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38794"
        },
        {
          "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
        },
        {
          "name": "8720",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8720"
        },
        {
          "name": "ADV-2009-1377",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1377"
        },
        {
          "name": "oval:org.mitre.oval:def:11309",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309"
        },
        {
          "name": "35729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35729"
        },
        {
          "name": "GLSA-200912-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
        },
        {
          "name": "RHSA-2009:1335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=18188"
        },
        {
          "name": "HPSBMA02492",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
        },
        {
          "name": "38761",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38761"
        },
        {
          "name": "37003",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37003"
        },
        {
          "name": "[openssl-dev] 20090518 Re: [openssl.org #1931] [PATCH] DTLS fragment handling memory leak",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=openssl-dev\u0026m=124263491424212\u0026w=2"
        },
        {
          "name": "36533",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36533"
        },
        {
          "name": "1022241",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022241"
        },
        {
          "name": "USN-792-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-792-1"
        },
        {
          "name": "SUSE-SR:2009:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
        },
        {
          "name": "[oss-security] 20090518 Two OpenSSL DTLS remote DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/05/18/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.net/bugs/cve/2009-1378"
        },
        {
          "name": "NetBSD-SA2009-009",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
        },
        {
          "name": "35001",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35001"
        },
        {
          "name": "38834",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38834"
        },
        {
          "name": "MDVSA-2009:120",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:120"
        },
        {
          "name": "35461",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35461"
        },
        {
          "name": "35128",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35128"
        },
        {
          "name": "35571",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35571"
        },
        {
          "name": "35416",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35416"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "SSRT100079",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
        },
        {
          "name": "[openssl-dev] 20090516 [openssl.org #1931] [PATCH] DTLS fragment handling memory leak",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=openssl-dev\u0026m=124247679213944\u0026w=2"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "ADV-2010-0528",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0528"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-1378",
    "datePublished": "2009-05-19T19:00:00",
    "dateReserved": "2009-04-23T00:00:00",
    "dateUpdated": "2024-08-07T05:13:25.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2180
Vulnerability from cvelistv5
Published
2016-08-01 00:00
Modified
2024-08-05 23:17
Severity
Summary
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.
References
URLTags
https://www.tenable.com/security/tns-2016-20
https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a
http://www.splunk.com/view/SP-CAAAPUE
http://www.securitytracker.com/id/1036486vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://rhn.redhat.com/errata/RHSA-2016-1940.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://security.gentoo.org/glsa/201612-16vendor-advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
http://www.splunk.com/view/SP-CAAAPSV
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-21
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://bugzilla.redhat.com/show_bug.cgi?id=1359615
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://bto.bluecoat.com/security-advisory/sa132
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.ascvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://www.securityfocus.com/bid/92117vdb-entry
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "name": "1036486",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036486"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359615"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "name": "92117",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92117"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the \"openssl ts\" command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "name": "1036486",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036486"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359615"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "name": "92117",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92117"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2180",
    "datePublished": "2016-08-01T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-1379
Vulnerability from cvelistv5
Published
2009-05-19 19:00
Modified
2024-08-07 05:13
Severity
Summary
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
References
URLTags
http://secunia.com/advisories/42724third-party-advisory, x_refsource_SECUNIA
https://launchpad.net/bugs/cve/2009-1379x_refsource_MISC
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049vendor-advisory, x_refsource_SLACKWARE
http://secunia.com/advisories/38794third-party-advisory, x_refsource_SECUNIA
http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlmailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2009/1377vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/35729third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200912-01.xmlvendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2009-1335.htmlvendor-advisory, x_refsource_REDHAT
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444vendor-advisory, x_refsource_HP
http://secunia.com/advisories/38761third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/37003third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/36533third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1022241vdb-entry, x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-792-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlvendor-advisory, x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744vdb-entry, signature, x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/50661vdb-entry, x_refsource_XF
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/35138vdb-entry, x_refsource_BID
http://www.openwall.com/lists/oss-security/2009/05/18/4mailing-list, x_refsource_MLIST
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.ascvendor-advisory, x_refsource_NETBSD
http://secunia.com/advisories/38834third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35461third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35571third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/35416third-party-advisory, x_refsource_SECUNIA
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.netx_refsource_CONFIRM
https://kb.bluecoat.com/index?page=content&id=SA50x_refsource_CONFIRM
http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guestx_refsource_CONFIRM
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444vendor-advisory, x_refsource_HP
http://secunia.com/advisories/42733third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0528vdb-entry, x_refsource_VUPEN
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:13:25.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.net/bugs/cve/2009-1379"
          },
          {
            "name": "SSA:2010-060-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
          },
          {
            "name": "38794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "name": "ADV-2009-1377",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1377"
          },
          {
            "name": "35729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35729"
          },
          {
            "name": "GLSA-200912-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
          },
          {
            "name": "RHSA-2009:1335",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
          },
          {
            "name": "HPSBMA02492",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "38761",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38761"
          },
          {
            "name": "37003",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37003"
          },
          {
            "name": "36533",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36533"
          },
          {
            "name": "1022241",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022241"
          },
          {
            "name": "USN-792-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-792-1"
          },
          {
            "name": "SUSE-SR:2009:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
          },
          {
            "name": "oval:org.mitre.oval:def:9744",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744"
          },
          {
            "name": "openssl-dtls1retrievebufferedfragment-dos(50661)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50661"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
          },
          {
            "name": "35138",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35138"
          },
          {
            "name": "[oss-security] 20090518 Re: Two OpenSSL DTLS remote DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/05/18/4"
          },
          {
            "name": "NetBSD-SA2009-009",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
          },
          {
            "name": "38834",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "name": "35461",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35461"
          },
          {
            "name": "35571",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35571"
          },
          {
            "name": "oval:org.mitre.oval:def:6848",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848"
          },
          {
            "name": "35416",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35416"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rt.openssl.org/Ticket/Display.html?id=1923\u0026user=guest\u0026pass=guest"
          },
          {
            "name": "SSRT100079",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "ADV-2010-0528",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.net/bugs/cve/2009-1379"
        },
        {
          "name": "SSA:2010-060-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
        },
        {
          "name": "38794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38794"
        },
        {
          "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
        },
        {
          "name": "ADV-2009-1377",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1377"
        },
        {
          "name": "35729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35729"
        },
        {
          "name": "GLSA-200912-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
        },
        {
          "name": "RHSA-2009:1335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
        },
        {
          "name": "HPSBMA02492",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
        },
        {
          "name": "38761",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38761"
        },
        {
          "name": "37003",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37003"
        },
        {
          "name": "36533",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36533"
        },
        {
          "name": "1022241",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022241"
        },
        {
          "name": "USN-792-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-792-1"
        },
        {
          "name": "SUSE-SR:2009:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
        },
        {
          "name": "oval:org.mitre.oval:def:9744",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744"
        },
        {
          "name": "openssl-dtls1retrievebufferedfragment-dos(50661)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50661"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
        },
        {
          "name": "35138",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35138"
        },
        {
          "name": "[oss-security] 20090518 Re: Two OpenSSL DTLS remote DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/05/18/4"
        },
        {
          "name": "NetBSD-SA2009-009",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
        },
        {
          "name": "38834",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38834"
        },
        {
          "name": "35461",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35461"
        },
        {
          "name": "35571",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35571"
        },
        {
          "name": "oval:org.mitre.oval:def:6848",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848"
        },
        {
          "name": "35416",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35416"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rt.openssl.org/Ticket/Display.html?id=1923\u0026user=guest\u0026pass=guest"
        },
        {
          "name": "SSRT100079",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "ADV-2010-0528",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0528"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-1379",
    "datePublished": "2009-05-19T19:00:00",
    "dateReserved": "2009-04-23T00:00:00",
    "dateUpdated": "2024-08-07T05:13:25.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-1999-0428
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:41
Severity
Summary
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.
References
URLTags
http://www.osvdb.org/3936vdb-entry, x_refsource_OSVDB
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T16:41:44.712Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "3936",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/3936"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2004-09-02T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "3936",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/3936"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-1999-0428",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3936",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/3936"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-1999-0428",
    "datePublished": "2000-01-04T05:00:00",
    "dateReserved": "1999-06-07T00:00:00",
    "dateUpdated": "2024-08-01T16:41:44.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0081
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:01
Severity
Summary
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
References
URLTags
http://www.securityfocus.com/bid/9899vdb-entry, x_refsource_BID
http://www.linuxsecurity.com/advisories/engarde_advisory-4135.htmlvendor-advisory, x_refsource_ENGARDE
http://marc.info/?l=bugtraq&m=107955049331965&w=2mailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2004-121.htmlvendor-advisory, x_refsource_REDHAT
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834vendor-advisory, x_refsource_CONECTIVA
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txtvendor-advisory, x_refsource_SCO
ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.ascvendor-advisory, x_refsource_SGI
https://exchange.xforce.ibmcloud.com/vulnerabilities/15509vdb-entry, x_refsource_XF
http://www.uniras.gov.uk/vuls/2004/224012/index.htmx_refsource_MISC
http://fedoranews.org/updates/FEDORA-2004-095.shtmlvendor-advisory, x_refsource_FEDORA
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524vendor-advisory, x_refsource_SUNALERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755vdb-entry, signature, x_refsource_OVAL
http://www.kb.cert.org/vuls/id/465542third-party-advisory, x_refsource_CERT-VN
http://www.us-cert.gov/cas/techalerts/TA04-078A.htmlthird-party-advisory, x_refsource_CERT
http://security.gentoo.org/glsa/glsa-200403-03.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/11139third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2004-120.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2004-119.htmlvendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2004-139.htmlvendor-advisory, x_refsource_REDHAT
http://www.trustix.org/errata/2004/0012vendor-advisory, x_refsource_TRUSTIX
http://marc.info/?l=bugtraq&m=108403850228012&w=2mailing-list, x_refsource_BUGTRAQ
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtmlvendor-advisory, x_refsource_CISCO
http://www.debian.org/security/2004/dsa-465vendor-advisory, x_refsource_DEBIAN
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:01:23.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "9899",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9899"
          },
          {
            "name": "ESA-20040317-003",
            "tags": [
              "vendor-advisory",
              "x_refsource_ENGARDE",
              "x_transferred"
            ],
            "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
          },
          {
            "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
          },
          {
            "name": "RHSA-2004:121",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
          },
          {
            "name": "CLA-2004:834",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
          },
          {
            "name": "SCOSA-2004.10",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
          },
          {
            "name": "20040304-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
          },
          {
            "name": "openssl-tls-dos(15509)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
          },
          {
            "name": "FEDORA-2004-095",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
          },
          {
            "name": "57524",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
          },
          {
            "name": "oval:org.mitre.oval:def:871",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
          },
          {
            "name": "oval:org.mitre.oval:def:11755",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
          },
          {
            "name": "VU#465542",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/465542"
          },
          {
            "name": "TA04-078A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
          },
          {
            "name": "GLSA-200403-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
          },
          {
            "name": "11139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/11139"
          },
          {
            "name": "RHSA-2004:120",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
          },
          {
            "name": "RHSA-2004:119",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
          },
          {
            "name": "oval:org.mitre.oval:def:902",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
          },
          {
            "name": "RHSA-2004:139",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
          },
          {
            "name": "2004-0012",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2004/0012"
          },
          {
            "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
          },
          {
            "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
          },
          {
            "name": "DSA-465",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-465"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-03-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "9899",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9899"
        },
        {
          "name": "ESA-20040317-003",
          "tags": [
            "vendor-advisory",
            "x_refsource_ENGARDE"
          ],
          "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
        },
        {
          "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
        },
        {
          "name": "RHSA-2004:121",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
        },
        {
          "name": "CLA-2004:834",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
        },
        {
          "name": "SCOSA-2004.10",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
        },
        {
          "name": "20040304-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
        },
        {
          "name": "openssl-tls-dos(15509)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
        },
        {
          "name": "FEDORA-2004-095",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
        },
        {
          "name": "57524",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
        },
        {
          "name": "oval:org.mitre.oval:def:871",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
        },
        {
          "name": "oval:org.mitre.oval:def:11755",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
        },
        {
          "name": "VU#465542",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/465542"
        },
        {
          "name": "TA04-078A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
        },
        {
          "name": "GLSA-200403-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
        },
        {
          "name": "11139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/11139"
        },
        {
          "name": "RHSA-2004:120",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
        },
        {
          "name": "RHSA-2004:119",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
        },
        {
          "name": "oval:org.mitre.oval:def:902",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
        },
        {
          "name": "RHSA-2004:139",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
        },
        {
          "name": "2004-0012",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2004/0012"
        },
        {
          "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
        },
        {
          "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
        },
        {
          "name": "DSA-465",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-465"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0081",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "9899",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "ESA-20040317-003",
              "refsource": "ENGARDE",
              "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
            },
            {
              "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "CLA-2004:834",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "refsource": "SCO",
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "name": "20040304-01-U",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
            },
            {
              "name": "openssl-tls-dos(15509)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
            },
            {
              "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
              "refsource": "MISC",
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "FEDORA-2004-095",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
            },
            {
              "name": "57524",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "oval:org.mitre.oval:def:871",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
            },
            {
              "name": "oval:org.mitre.oval:def:11755",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
            },
            {
              "name": "VU#465542",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/465542"
            },
            {
              "name": "TA04-078A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "GLSA-200403-03",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "11139",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "RHSA-2004:119",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
            },
            {
              "name": "oval:org.mitre.oval:def:902",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
            },
            {
              "name": "RHSA-2004:139",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
            },
            {
              "name": "2004-0012",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "name": "DSA-465",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-465"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0081",
    "datePublished": "2004-03-18T05:00:00",
    "dateReserved": "2004-01-19T00:00:00",
    "dateUpdated": "2024-08-08T00:01:23.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0739
Vulnerability from cvelistv5
Published
2018-03-27 00:00
Modified
2024-08-05 03:35
Severity
Summary
Constructed ASN.1 types with a recursive definition could exceed the stack
References
URLTags
https://usn.ubuntu.com/3611-2/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4158vendor-advisory, x_refsource_DEBIAN
https://security.gentoo.org/glsa/201811-21vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2019:0367vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4157vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:3505vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/103518vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1040576vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:3221vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/105609vdb-entry, x_refsource_BID
https://usn.ubuntu.com/3611-1/vendor-advisory, x_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018/03/msg00033.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:0366vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3090vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1711vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1712vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20180726-0002/x_refsource_CONFIRM
https://security.gentoo.org/glsa/202007-53vendor-advisory, x_refsource_GENTOO
https://securityadvisories.paloaltonetworks.com/Home/Detail/133x_refsource_CONFIRM
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2018-07x_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-04x_refsource_CONFIRM
https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220dx_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-06x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180330-0002/x_refsource_CONFIRM
https://www.openssl.org/news/secadv/20180327.txtx_refsource_CONFIRM
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:49.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3611-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3611-2/"
          },
          {
            "name": "DSA-4158",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4158"
          },
          {
            "name": "GLSA-201811-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-21"
          },
          {
            "name": "RHSA-2019:0367",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0367"
          },
          {
            "name": "DSA-4157",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4157"
          },
          {
            "name": "RHSA-2018:3505",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3505"
          },
          {
            "name": "103518",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103518"
          },
          {
            "name": "1040576",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040576"
          },
          {
            "name": "RHSA-2018:3221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3221"
          },
          {
            "name": "105609",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105609"
          },
          {
            "name": "USN-3611-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3611-1/"
          },
          {
            "name": "[debian-lts-announce] 20180330 [SECURITY] [DLA 1330-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html"
          },
          {
            "name": "RHSA-2019:0366",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0366"
          },
          {
            "name": "RHSA-2018:3090",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3090"
          },
          {
            "name": "RHSA-2019:1711",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1711"
          },
          {
            "name": "RHSA-2019:1712",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1712"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
          },
          {
            "name": "GLSA-202007-53",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202007-53"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-07"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-04"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-06"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180330-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20180327.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "OSS-fuzz"
        }
      ],
      "datePublic": "2018-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Stack overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:53:11",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "USN-3611-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3611-2/"
        },
        {
          "name": "DSA-4158",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4158"
        },
        {
          "name": "GLSA-201811-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-21"
        },
        {
          "name": "RHSA-2019:0367",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0367"
        },
        {
          "name": "DSA-4157",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4157"
        },
        {
          "name": "RHSA-2018:3505",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3505"
        },
        {
          "name": "103518",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103518"
        },
        {
          "name": "1040576",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040576"
        },
        {
          "name": "RHSA-2018:3221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3221"
        },
        {
          "name": "105609",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105609"
        },
        {
          "name": "USN-3611-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3611-1/"
        },
        {
          "name": "[debian-lts-announce] 20180330 [SECURITY] [DLA 1330-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html"
        },
        {
          "name": "RHSA-2019:0366",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0366"
        },
        {
          "name": "RHSA-2018:3090",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3090"
        },
        {
          "name": "RHSA-2019:1711",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1711"
        },
        {
          "name": "RHSA-2019:1712",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1712"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
        },
        {
          "name": "GLSA-202007-53",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202007-53"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-07"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-04"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-06"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180330-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20180327.txt"
        }
      ],
      "title": "Constructed ASN.1 types with a recursive definition could exceed the stack",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2018-03-27",
          "ID": "CVE-2018-0739",
          "STATE": "PUBLIC",
          "TITLE": "Constructed ASN.1 types with a recursive definition could exceed the stack"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)"
                          },
                          {
                            "version_value": "Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "OSS-fuzz"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
            "value": "Moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stack overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3611-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3611-2/"
            },
            {
              "name": "DSA-4158",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4158"
            },
            {
              "name": "GLSA-201811-21",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-21"
            },
            {
              "name": "RHSA-2019:0367",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0367"
            },
            {
              "name": "DSA-4157",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4157"
            },
            {
              "name": "RHSA-2018:3505",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3505"
            },
            {
              "name": "103518",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103518"
            },
            {
              "name": "1040576",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040576"
            },
            {
              "name": "RHSA-2018:3221",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3221"
            },
            {
              "name": "105609",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105609"
            },
            {
              "name": "USN-3611-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3611-1/"
            },
            {
              "name": "[debian-lts-announce] 20180330 [SECURITY] [DLA 1330-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html"
            },
            {
              "name": "RHSA-2019:0366",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0366"
            },
            {
              "name": "RHSA-2018:3090",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3090"
            },
            {
              "name": "RHSA-2019:1711",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1711"
            },
            {
              "name": "RHSA-2019:1712",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1712"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180726-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
            },
            {
              "name": "GLSA-202007-53",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202007-53"
            },
            {
              "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133",
              "refsource": "CONFIRM",
              "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-07",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-07"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-04",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-04"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-06",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-06"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180330-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180330-0002/"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20180327.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20180327.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2018-0739",
    "datePublished": "2018-03-27T00:00:00",
    "dateReserved": "2017-11-30T00:00:00",
    "dateUpdated": "2024-08-05T03:35:49.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-2097
Vulnerability from cvelistv5
Published
2022-07-05 00:00
Modified
2024-08-08 15:19
Severity
Summary
AES OCB fails to encrypt some bytes
References
URLTags
https://www.openssl.org/news/secadv/20220705.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/vendor-advisory
https://security.netapp.com/advisory/ntap-20220715-0011/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/vendor-advisory
https://security.gentoo.org/glsa/202210-02vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
https://www.debian.org/security/2023/dsa-5343vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00019.htmlmailing-list
https://security.netapp.com/advisory/ntap-20230420-0008/
https://security.netapp.com/advisory/ntap-20240621-0006/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.189Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20220705.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431"
          },
          {
            "name": "FEDORA-2022-3fdc2d3047",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"
          },
          {
            "name": "FEDORA-2022-89a17be281",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220715-0011/"
          },
          {
            "name": "FEDORA-2022-41890e9e44",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
          },
          {
            "name": "GLSA-202210-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
          },
          {
            "name": "DSA-5343",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5343"
          },
          {
            "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3325-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230420-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openssl",
            "vendor": "openssl",
            "versions": [
              {
                "lessThan": "1.1.1q",
                "status": "affected",
                "version": "1.1.1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openssl",
            "vendor": "openssl",
            "versions": [
              {
                "lessThan": "3.0.5",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:ontap_antivirus_connector:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ontap_antivirus_connector",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ontap_select_deploy_administration_utility",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fedora",
            "vendor": "fedoraproject",
            "versions": [
              {
                "status": "affected",
                "version": "35"
              },
              {
                "status": "affected",
                "version": "36"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:active_iq_unified_manager_for_vmware_vsphere:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "active_iq_unified_manager_for_vmware_vsphere",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*",
              "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*",
              "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*",
              "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*",
              "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "hci_baseboard_management_controller",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "h300s"
              },
              {
                "status": "affected",
                "version": "h410c"
              },
              {
                "status": "affected",
                "version": "h410s"
              },
              {
                "status": "affected",
                "version": "h500s"
              },
              {
                "status": "affected",
                "version": "h700s"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:netapp:brocade_fabric_operating_system_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "brocade_fabric_operating_system_firmware",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:snapcenter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapcenter",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "oncommand_insight",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:smi-s_provider:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smi-s_provider",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinec_ins",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "1.0_sp2_update_1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "10.0"
              },
              {
                "status": "affected",
                "version": "11.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-2097",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T19:45:07.166681Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-08T15:19:36.662Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Alex Chernyakhovsky"
        }
      ],
      "datePublic": "2022-07-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn\u0027t written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Fencepost error",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:25.963480",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20220705.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431"
        },
        {
          "name": "FEDORA-2022-3fdc2d3047",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"
        },
        {
          "name": "FEDORA-2022-89a17be281",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220715-0011/"
        },
        {
          "name": "FEDORA-2022-41890e9e44",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
        },
        {
          "name": "GLSA-202210-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-02"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
        },
        {
          "name": "DSA-5343",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5343"
        },
        {
          "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3325-1] openssl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230420-0008/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "title": "AES OCB fails to encrypt some bytes"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-2097",
    "datePublished": "2022-07-05T00:00:00",
    "dateReserved": "2022-06-16T00:00:00",
    "dateUpdated": "2024-08-08T15:19:36.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-2131
Vulnerability from cvelistv5
Published
2012-04-24 20:00
Modified
2024-08-06 19:26
Severity
Summary
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.
References
URLTags
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.htmlvendor-advisory, x_refsource_SUSE
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2012:064vendor-advisory, x_refsource_MANDRIVA
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1428-1vendor-advisory, x_refsource_UBUNTU
http://cvs.openssl.org/chngview?cn=22479x_refsource_CONFIRM
http://www.openssl.org/news/secadv_20120424.txtx_refsource_CONFIRM
http://www.debian.org/security/2012/dsa-2454vendor-advisory, x_refsource_DEBIAN
http://support.apple.com/kb/HT5784x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/48895third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/75099vdb-entry, x_refsource_XF
http://secunia.com/advisories/48956third-party-advisory, x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2012/04/24/1mailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/57353third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=133728068926468&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://www.securitytracker.com/id?1026957vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/53212vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=133728068926468&w=2vendor-advisory, x_refsource_HP
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.465Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2012:0623",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
          },
          {
            "name": "SUSE-SU-2012:1149",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "MDVSA-2012:064",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:064"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
          },
          {
            "name": "USN-1428-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1428-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=22479"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20120424.txt"
          },
          {
            "name": "DSA-2454",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2454"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          },
          {
            "name": "48895",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48895"
          },
          {
            "name": "openssl-asn1-code-execution(75099)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75099"
          },
          {
            "name": "48956",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48956"
          },
          {
            "name": "[oss-security] 20120424 Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/04/24/1"
          },
          {
            "name": "SUSE-SU-2012:0637",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
          },
          {
            "name": "HPSBOV02793",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "HPSBUX02782",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          },
          {
            "name": "SSRT100891",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "1026957",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026957"
          },
          {
            "name": "53212",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53212"
          },
          {
            "name": "SSRT100844",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SU-2012:0623",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
        },
        {
          "name": "SUSE-SU-2012:1149",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "MDVSA-2012:064",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:064"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
        },
        {
          "name": "USN-1428-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1428-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=22479"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20120424.txt"
        },
        {
          "name": "DSA-2454",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2454"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5784"
        },
        {
          "name": "APPLE-SA-2013-06-04-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
        },
        {
          "name": "48895",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48895"
        },
        {
          "name": "openssl-asn1-code-execution(75099)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75099"
        },
        {
          "name": "48956",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48956"
        },
        {
          "name": "[oss-security] 20120424 Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/04/24/1"
        },
        {
          "name": "SUSE-SU-2012:0637",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
        },
        {
          "name": "HPSBOV02793",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "HPSBUX02782",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
        },
        {
          "name": "SSRT100891",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "1026957",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026957"
        },
        {
          "name": "53212",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53212"
        },
        {
          "name": "SSRT100844",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-2131",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2012:0623",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
            },
            {
              "name": "SUSE-SU-2012:1149",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
            },
            {
              "name": "MDVSA-2012:064",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:064"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
            },
            {
              "name": "USN-1428-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1428-1"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=22479",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=22479"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20120424.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20120424.txt"
            },
            {
              "name": "DSA-2454",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2454"
            },
            {
              "name": "http://support.apple.com/kb/HT5784",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5784"
            },
            {
              "name": "APPLE-SA-2013-06-04-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
            },
            {
              "name": "48895",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48895"
            },
            {
              "name": "openssl-asn1-code-execution(75099)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75099"
            },
            {
              "name": "48956",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48956"
            },
            {
              "name": "[oss-security] 20120424 Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/04/24/1"
            },
            {
              "name": "SUSE-SU-2012:0637",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
            },
            {
              "name": "HPSBOV02793",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
            },
            {
              "name": "57353",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57353"
            },
            {
              "name": "HPSBUX02782",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
            },
            {
              "name": "SSRT100891",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
            },
            {
              "name": "1026957",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026957"
            },
            {
              "name": "53212",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53212"
            },
            {
              "name": "SSRT100844",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-2131",
    "datePublished": "2012-04-24T20:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.465Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3767
Vulnerability from cvelistv5
Published
2009-10-23 19:00
Modified
2024-08-07 06:38
Severity
Summary
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
URLTags
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=oss-security&m=125369675820512&w=2mailing-list, x_refsource_MLIST
http://security.gentoo.org/glsa/glsa-201406-36.xmlvendor-advisory, x_refsource_GENTOO
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11178vdb-entry, signature, x_refsource_OVAL
http://www.vupen.com/english/advisories/2010/1858vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/40677third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7274vdb-entry, signature, x_refsource_OVAL
http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8&r2=1.11&f=hx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/3056vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2010-0543.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2011-0896.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/38769third-party-advisory, x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://support.apple.com/kb/HT3937x_refsource_CONFIRM
http://marc.info/?l=oss-security&m=125198917018936&w=2mailing-list, x_refsource_MLIST
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:38:30.220Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2010-0752",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.html"
          },
          {
            "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
          },
          {
            "name": "GLSA-201406-36",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-36.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:11178",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11178"
          },
          {
            "name": "ADV-2010-1858",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1858"
          },
          {
            "name": "40677",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40677"
          },
          {
            "name": "oval:org.mitre.oval:def:7274",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7274"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8\u0026r2=1.11\u0026f=h"
          },
          {
            "name": "ADV-2009-3056",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3056"
          },
          {
            "name": "RHSA-2010:0543",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0543.html"
          },
          {
            "name": "RHSA-2011:0896",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
          },
          {
            "name": "SUSE-SR:2009:016",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
          },
          {
            "name": "38769",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38769"
          },
          {
            "name": "APPLE-SA-2009-11-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3937"
          },
          {
            "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FEDORA-2010-0752",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.html"
        },
        {
          "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
        },
        {
          "name": "GLSA-201406-36",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-36.xml"
        },
        {
          "name": "oval:org.mitre.oval:def:11178",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11178"
        },
        {
          "name": "ADV-2010-1858",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1858"
        },
        {
          "name": "40677",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40677"
        },
        {
          "name": "oval:org.mitre.oval:def:7274",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7274"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8\u0026r2=1.11\u0026f=h"
        },
        {
          "name": "ADV-2009-3056",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3056"
        },
        {
          "name": "RHSA-2010:0543",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0543.html"
        },
        {
          "name": "RHSA-2011:0896",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
        },
        {
          "name": "SUSE-SR:2009:016",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
        },
        {
          "name": "38769",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38769"
        },
        {
          "name": "APPLE-SA-2009-11-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3937"
        },
        {
          "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3767",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2010-0752",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.html"
            },
            {
              "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
            },
            {
              "name": "GLSA-201406-36",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-36.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:11178",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11178"
            },
            {
              "name": "ADV-2010-1858",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1858"
            },
            {
              "name": "40677",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40677"
            },
            {
              "name": "oval:org.mitre.oval:def:7274",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7274"
            },
            {
              "name": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8\u0026r2=1.11\u0026f=h",
              "refsource": "CONFIRM",
              "url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8\u0026r2=1.11\u0026f=h"
            },
            {
              "name": "ADV-2009-3056",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3056"
            },
            {
              "name": "RHSA-2010:0543",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0543.html"
            },
            {
              "name": "RHSA-2011:0896",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
            },
            {
              "name": "SUSE-SR:2009:016",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
            },
            {
              "name": "38769",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38769"
            },
            {
              "name": "APPLE-SA-2009-11-09-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3937",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3937"
            },
            {
              "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3767",
    "datePublished": "2009-10-23T19:00:00",
    "dateReserved": "2009-10-23T00:00:00",
    "dateUpdated": "2024-08-07T06:38:30.220Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-1633
Vulnerability from cvelistv5
Published
2010-06-03 14:00
Modified
2024-08-07 01:28
Severity
Summary
RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.
References
URLTags
http://www.vupen.com/english/advisories/2010/1313vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/40024third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564x_refsource_CONFIRM
http://cvs.openssl.org/filediff?f=openssl/crypto/rsa/rsa_pmeth.c&v1=1.34&v2=1.34.2.1x_refsource_CONFIRM
http://secunia.com/advisories/57353third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=598732x_refsource_CONFIRM
http://www.securityfocus.com/bid/40503vdb-entry, x_refsource_BID
http://cvs.openssl.org/chngview?cn=19693x_refsource_CONFIRM
http://www.openssl.org/news/secadv_20100601.txtx_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:28:42.110Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2010-1313",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1313"
          },
          {
            "name": "40024",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40024"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/filediff?f=openssl/crypto/rsa/rsa_pmeth.c\u0026v1=1.34\u0026v2=1.34.2.1"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598732"
          },
          {
            "name": "40503",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/40503"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=19693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20100601.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-03-18T11:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "ADV-2010-1313",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1313"
        },
        {
          "name": "40024",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40024"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/filediff?f=openssl/crypto/rsa/rsa_pmeth.c\u0026v1=1.34\u0026v2=1.34.2.1"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598732"
        },
        {
          "name": "40503",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/40503"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=19693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20100601.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-1633",
    "datePublished": "2010-06-03T14:00:00",
    "dateReserved": "2010-04-29T00:00:00",
    "dateUpdated": "2024-08-07T01:28:42.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-6119
Vulnerability from cvelistv5
Published
2024-09-03 15:58
Modified
2024-09-12 16:03
Severity
Summary
Possible denial of service in X.509 name checks
References
URLTags
https://openssl-library.org/news/secadv/20240903.txtvendor-advisory
https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0patch
https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04fpatch
https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2patch
https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6patch
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-12T16:03:01.704Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/09/03/4"
          },
          {
            "url": "https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240912-0001/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openssl",
            "vendor": "openssl",
            "versions": [
              {
                "lessThan": "3.3.2",
                "status": "affected",
                "version": "3.3.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.2.3",
                "status": "affected",
                "version": "3.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.1.7",
                "status": "affected",
                "version": "3.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.0.15",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-6119",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-03T20:20:39.935362Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T20:25:47.056Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.3.2",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.2.3",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1.7",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.15",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "David Benjamin (Google)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Viktor Dukhovni"
        }
      ],
      "datePublic": "2024-09-03T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Applications performing certificate name checks (e.g., TLS\u003cbr\u003eclients checking server certificates) may attempt to read an invalid memory\u003cbr\u003eaddress resulting in abnormal termination of the application process.\u003cbr\u003e\u003cbr\u003eImpact summary: Abnormal termination of an application can a cause a denial of\u003cbr\u003eservice.\u003cbr\u003e\u003cbr\u003eApplications performing certificate name checks (e.g., TLS clients checking\u003cbr\u003eserver certificates) may attempt to read an invalid memory address when\u003cbr\u003ecomparing the expected name with an `otherName` subject alternative name of an\u003cbr\u003eX.509 certificate. This may result in an exception that terminates the\u003cbr\u003eapplication program.\u003cbr\u003e\u003cbr\u003eNote that basic certificate chain validation (signatures, dates, ...) is not\u003cbr\u003eaffected, the denial of service can occur only when the application also\u003cbr\u003especifies an expected DNS name, Email address or IP address.\u003cbr\u003e\u003cbr\u003eTLS servers rarely solicit client certificates, and even when they do, they\u003cbr\u003egenerally don\u0027t perform a name check against a reference identifier (expected\u003cbr\u003eidentity), but rather extract the presented identity after checking the\u003cbr\u003ecertificate chain.  So TLS servers are generally not affected and the severity\u003cbr\u003eof the issue is Moderate.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue."
            }
          ],
          "value": "Issue summary: Applications performing certificate name checks (e.g., TLS\nclients checking server certificates) may attempt to read an invalid memory\naddress resulting in abnormal termination of the application process.\n\nImpact summary: Abnormal termination of an application can a cause a denial of\nservice.\n\nApplications performing certificate name checks (e.g., TLS clients checking\nserver certificates) may attempt to read an invalid memory address when\ncomparing the expected name with an `otherName` subject alternative name of an\nX.509 certificate. This may result in an exception that terminates the\napplication program.\n\nNote that basic certificate chain validation (signatures, dates, ...) is not\naffected, the denial of service can occur only when the application also\nspecifies an expected DNS name, Email address or IP address.\n\nTLS servers rarely solicit client certificates, and even when they do, they\ngenerally don\u0027t perform a name check against a reference identifier (expected\nidentity), but rather extract the presented identity after checking the\ncertificate chain.  So TLS servers are generally not affected and the severity\nof the issue is Moderate.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Moderate"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-843",
              "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-03T15:58:06.970Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://openssl-library.org/news/secadv/20240903.txt"
        },
        {
          "name": "3.3.2 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0"
        },
        {
          "name": "3.2.3 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f"
        },
        {
          "name": "3.1.7 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2"
        },
        {
          "name": "3.0.15 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Possible denial of service in X.509 name checks",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2024-6119",
    "datePublished": "2024-09-03T15:58:06.970Z",
    "dateReserved": "2024-06-18T09:24:11.739Z",
    "dateUpdated": "2024-09-12T16:03:01.704Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0704
Vulnerability from cvelistv5
Published
2016-03-02 00:00
Modified
2024-08-05 22:30
Severity
Summary
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
References
URLTags
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlvendor-advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.ascvendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlvendor-advisory
http://www.securityfocus.com/bid/83764vdb-entry
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.htmlvendor-advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
https://drownattack.com
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=ae50d8270026edf5b3c7f8aaa0c6677462b33d97
http://openssl.org/news/secadv/20160301.txt
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-opensslvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.htmlvendor-advisory
https://www.openssl.org/news/secadv/20160301.txt
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlvendor-advisory
https://security.gentoo.org/glsa/201603-15vendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlvendor-advisory
http://www.securitytracker.com/id/1035133vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:03.525Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "openSUSE-SU-2016:0638",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
          },
          {
            "name": "FreeBSD-SA-16:12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "SUSE-SU-2016:0621",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
          },
          {
            "name": "83764",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/83764"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "SUSE-SU-2016:1057",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://drownattack.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=ae50d8270026edf5b3c7f8aaa0c6677462b33d97"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20160301.txt"
          },
          {
            "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
          },
          {
            "name": "openSUSE-SU-2016:0720",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
          },
          {
            "name": "SUSE-SU-2016:0624",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
          },
          {
            "name": "SUSE-SU-2016:0631",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160301.txt"
          },
          {
            "name": "SUSE-SU-2016:0617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
          },
          {
            "name": "GLSA-201603-15",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201603-15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "name": "openSUSE-SU-2016:0628",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
          },
          {
            "name": "1035133",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035133"
          },
          {
            "name": "SUSE-SU-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
          },
          {
            "name": "SUSE-SU-2016:0620",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "name": "SUSE-SU-2016:0641",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "openSUSE-SU-2016:0638",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
        },
        {
          "name": "FreeBSD-SA-16:12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "SUSE-SU-2016:0621",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
        },
        {
          "name": "83764",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/83764"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "SUSE-SU-2016:1057",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
        },
        {
          "url": "https://drownattack.com"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=ae50d8270026edf5b3c7f8aaa0c6677462b33d97"
        },
        {
          "url": "http://openssl.org/news/secadv/20160301.txt"
        },
        {
          "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
        },
        {
          "name": "openSUSE-SU-2016:0720",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
        },
        {
          "name": "SUSE-SU-2016:0624",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
        },
        {
          "name": "SUSE-SU-2016:0631",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160301.txt"
        },
        {
          "name": "SUSE-SU-2016:0617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
        },
        {
          "name": "GLSA-201603-15",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201603-15"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "name": "openSUSE-SU-2016:0628",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
        },
        {
          "name": "1035133",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035133"
        },
        {
          "name": "SUSE-SU-2016:0678",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
        },
        {
          "name": "SUSE-SU-2016:0620",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "name": "SUSE-SU-2016:0641",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0704",
    "datePublished": "2016-03-02T00:00:00",
    "dateReserved": "2015-12-16T00:00:00",
    "dateUpdated": "2024-08-05T22:30:03.525Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-4160
Vulnerability from cvelistv5
Published
2022-01-28 00:00
Modified
2024-08-03 17:16
Severity
Summary
BN_mod_exp may produce incorrect results on MIPS
References
URLTags
https://www.openssl.org/news/secadv/20220128.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
https://www.debian.org/security/2022/dsa-5103vendor-advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
https://security.gentoo.org/glsa/202210-02vendor-advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-4160",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-24T15:29:13.671400Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-24T15:29:25.029Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:16:04.230Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20220128.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7"
          },
          {
            "name": "DSA-5103",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5103"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
          },
          {
            "name": "GLSA-202210-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 3.0.1 (Affected 3.0.0)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Bernd Edlinger"
        }
      ],
      "datePublic": "2022-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "carry-propagating bug",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:06.907595",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20220128.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7"
        },
        {
          "name": "DSA-5103",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5103"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
        },
        {
          "name": "GLSA-202210-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-02"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "title": "BN_mod_exp may produce incorrect results on MIPS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2021-4160",
    "datePublished": "2022-01-28T00:00:00",
    "dateReserved": "2021-12-23T00:00:00",
    "dateUpdated": "2024-08-03T17:16:04.230Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-0742
Vulnerability from cvelistv5
Published
2010-06-03 14:00
Modified
2024-08-07 00:59
Severity
Summary
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.
References
URLTags
http://rt.openssl.org/Ticket/Display.html?id=2211&user=guest&pass=guestx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/1313vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/40024third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/42724third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12395vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/bid/40502vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=129138643405740&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/3105vdb-entry, x_refsource_VUPEN
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlmailing-list, x_refsource_MLIST
http://cvs.openssl.org/filediff?f=openssl/crypto/cms/cms_asn1.c&v1=1.8&v2=1.8.6.1x_refsource_CONFIRM
http://secunia.com/advisories/57353third-party-advisory, x_refsource_SECUNIA
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlmailing-list, x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=598738x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=129138643405740&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/40000third-party-advisory, x_refsource_SECUNIA
https://kb.bluecoat.com/index?page=content&id=SA50x_refsource_CONFIRM
http://secunia.com/advisories/42733third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/42457third-party-advisory, x_refsource_SECUNIA
http://cvs.openssl.org/chngview?cn=19693x_refsource_CONFIRM
http://www.openssl.org/news/secadv_20100601.txtx_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:59:38.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rt.openssl.org/Ticket/Display.html?id=2211\u0026user=guest\u0026pass=guest"
          },
          {
            "name": "ADV-2010-1313",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1313"
          },
          {
            "name": "40024",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40024"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "oval:org.mitre.oval:def:12395",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12395"
          },
          {
            "name": "40502",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/40502"
          },
          {
            "name": "HPSBUX02610",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129138643405740\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "ADV-2010-3105",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3105"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/filediff?f=openssl/crypto/cms/cms_asn1.c\u0026v1=1.8\u0026v2=1.8.6.1"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598738"
          },
          {
            "name": "SSRT100341",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129138643405740\u0026w=2"
          },
          {
            "name": "40000",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40000"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "42457",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42457"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=19693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20100601.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rt.openssl.org/Ticket/Display.html?id=2211\u0026user=guest\u0026pass=guest"
        },
        {
          "name": "ADV-2010-1313",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1313"
        },
        {
          "name": "40024",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40024"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "oval:org.mitre.oval:def:12395",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12395"
        },
        {
          "name": "40502",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/40502"
        },
        {
          "name": "HPSBUX02610",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129138643405740\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "ADV-2010-3105",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3105"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/filediff?f=openssl/crypto/cms/cms_asn1.c\u0026v1=1.8\u0026v2=1.8.6.1"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598738"
        },
        {
          "name": "SSRT100341",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129138643405740\u0026w=2"
        },
        {
          "name": "40000",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40000"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "42457",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42457"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=19693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20100601.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-0742",
    "datePublished": "2010-06-03T14:00:00",
    "dateReserved": "2010-02-26T00:00:00",
    "dateUpdated": "2024-08-07T00:59:38.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0293
Vulnerability from cvelistv5
Published
2015-03-19 00:00
Modified
2024-08-06 04:03
Severity
Summary
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.
References
URLTags
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://rhn.redhat.com/errata/RHSA-2015-0715.htmlvendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680
http://www.ubuntu.com/usn/USN-2537-1vendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.htmlvendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
https://bugzilla.redhat.com/show_bug.cgi?id=1202404
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=86f8fb0e344d62454f8daf3e15236b2b59210756
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.htmlvendor-advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory
https://access.redhat.com/articles/1384453
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=143213830203296&w=2vendor-advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-0716.htmlvendor-advisory
http://support.apple.com/kb/HT204942
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory
https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.ascvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://rhn.redhat.com/errata/RHSA-2015-0752.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-0800.htmlvendor-advisory
http://www.securityfocus.com/bid/73232vdb-entry
http://www.securitytracker.com/id/1031929vdb-entry
http://marc.info/?l=bugtraq&m=143213830203296&w=2vendor-advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.htmlvendor-advisory
https://support.citrix.com/article/CTX216642
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.htmlvendor-advisory
https://security.gentoo.org/glsa/201503-11vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "RHSA-2015:0715",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
          },
          {
            "name": "openSUSE-SU-2015:0554",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
          },
          {
            "name": "USN-2537-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2537-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "name": "FEDORA-2015-4303",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202404"
          },
          {
            "name": "openSUSE-SU-2016:0638",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=86f8fb0e344d62454f8daf3e15236b2b59210756"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "SUSE-SU-2016:0621",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "FEDORA-2015-4300",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
          },
          {
            "name": "APPLE-SA-2015-06-30-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "FEDORA-2015-6951",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/1384453"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "SUSE-SU-2016:1057",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
          },
          {
            "name": "HPSBUX03334",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "MDVSA-2015:063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
          },
          {
            "name": "SUSE-SU-2015:0541",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
          },
          {
            "name": "openSUSE-SU-2016:0720",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "SUSE-SU-2016:0624",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
          },
          {
            "name": "RHSA-2015:0716",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "name": "FreeBSD-SA-15:06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
          },
          {
            "name": "SUSE-SU-2016:0631",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "name": "SUSE-SU-2016:0617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "RHSA-2015:0752",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
          },
          {
            "name": "RHSA-2015:0800",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
          },
          {
            "name": "73232",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73232"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "SSRT102000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "name": "openSUSE-SU-2016:0628",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
          },
          {
            "name": "FEDORA-2015-4320",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "FEDORA-2015-6855",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
          },
          {
            "name": "SUSE-SU-2016:0620",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "name": "SUSE-SU-2016:0641",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "RHSA-2015:0715",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
        },
        {
          "name": "openSUSE-SU-2015:0554",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
        },
        {
          "name": "USN-2537-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2537-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "name": "FEDORA-2015-4303",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202404"
        },
        {
          "name": "openSUSE-SU-2016:0638",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=86f8fb0e344d62454f8daf3e15236b2b59210756"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "SUSE-SU-2016:0621",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "FEDORA-2015-4300",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
        },
        {
          "name": "APPLE-SA-2015-06-30-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        },
        {
          "name": "FEDORA-2015-6951",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "https://access.redhat.com/articles/1384453"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "SUSE-SU-2016:1057",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
        },
        {
          "name": "HPSBUX03334",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "MDVSA-2015:063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
        },
        {
          "name": "SUSE-SU-2015:0541",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
        },
        {
          "name": "openSUSE-SU-2016:0720",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "SUSE-SU-2016:0624",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
        },
        {
          "name": "RHSA-2015:0716",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
        },
        {
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "name": "FreeBSD-SA-15:06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
        },
        {
          "name": "SUSE-SU-2016:0631",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "name": "SUSE-SU-2016:0617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "RHSA-2015:0752",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
        },
        {
          "name": "RHSA-2015:0800",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
        },
        {
          "name": "73232",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73232"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "SSRT102000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "name": "openSUSE-SU-2016:0628",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
        },
        {
          "name": "FEDORA-2015-4320",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
        },
        {
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "FEDORA-2015-6855",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
        },
        {
          "name": "SUSE-SU-2016:0620",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "name": "SUSE-SU-2016:0641",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0293",
    "datePublished": "2015-03-19T00:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3570
Vulnerability from cvelistv5
Published
2015-01-09 02:00
Modified
2024-08-06 10:50
Severity
Summary
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
References
URLTags
http://marc.info/?l=bugtraq&m=142895206924048&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.htmlvendor-advisory, x_refsource_SUSE
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-sslvendor-advisory, x_refsource_CISCO
http://marc.info/?l=bugtraq&m=142720981827617&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory, x_refsource_HP
https://support.apple.com/HT204659x_refsource_CONFIRM
https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2015-0849.htmlvendor-advisory, x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.htmlvendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id/1033378vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=142721102728110&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
https://www.openssl.org/news/secadv_20150108.txtx_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019vendor-advisory, x_refsource_MANDRIVA
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/71939vdb-entry, x_refsource_BID
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-0066.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=142496289803847&w=2vendor-advisory, x_refsource_HP
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlvendor-advisory, x_refsource_APPLE
https://kc.mcafee.com/corporate/index?page=content&id=SB10108x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory, x_refsource_SUSE
https://kc.mcafee.com/corporate/index?page=content&id=SB10102x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2016-1650.htmlvendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050205101530&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142496179803395&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142720981827617&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
https://support.citrix.com/article/CTX216642x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050254401665&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142496289803847&w=2vendor-advisory, x_refsource_HP
https://bto.bluecoat.com/security-advisory/sa88x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3125vendor-advisory, x_refsource_DEBIAN
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.htmlvendor-advisory, x_refsource_FEDORA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:17.630Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBOV03318",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "openSUSE-SU-2015:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
          },
          {
            "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
          },
          {
            "name": "HPSBGN03299",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204659"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "name": "RHSA-2015:0849",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
          },
          {
            "name": "FEDORA-2015-0601",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
          },
          {
            "name": "1033378",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033378"
          },
          {
            "name": "HPSBHF03289",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150108.txt"
          },
          {
            "name": "MDVSA-2015:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "name": "71939",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71939"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "RHSA-2015:0066",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
          },
          {
            "name": "HPSBUX03244",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "name": "APPLE-SA-2015-04-08-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
          },
          {
            "name": "SUSE-SU-2015:0946",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "name": "RHSA-2016:1650",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "HPSBMU03396",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
          },
          {
            "name": "HPSBUX03162",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
          },
          {
            "name": "SSRT101987",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "HPSBMU03413",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "name": "SSRT101885",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa88"
          },
          {
            "name": "DSA-3125",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3125"
          },
          {
            "name": "FEDORA-2015-0512",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-14T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "HPSBOV03318",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "openSUSE-SU-2015:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
        },
        {
          "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
        },
        {
          "name": "HPSBGN03299",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204659"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "name": "RHSA-2015:0849",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
        },
        {
          "name": "FEDORA-2015-0601",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
        },
        {
          "name": "1033378",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033378"
        },
        {
          "name": "HPSBHF03289",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20150108.txt"
        },
        {
          "name": "MDVSA-2015:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
        },
        {
          "name": "71939",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71939"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "name": "RHSA-2015:0066",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
        },
        {
          "name": "HPSBUX03244",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
        },
        {
          "name": "APPLE-SA-2015-04-08-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
        },
        {
          "name": "SUSE-SU-2015:0946",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "name": "RHSA-2016:1650",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "HPSBMU03396",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
        },
        {
          "name": "HPSBUX03162",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
        },
        {
          "name": "SSRT101987",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "HPSBMU03413",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
        },
        {
          "name": "SSRT101885",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa88"
        },
        {
          "name": "DSA-3125",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3125"
        },
        {
          "name": "FEDORA-2015-0512",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3570",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBOV03318",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "openSUSE-SU-2015:0130",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
            },
            {
              "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
            },
            {
              "name": "HPSBGN03299",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
            },
            {
              "name": "HPSBMU03409",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
            },
            {
              "name": "https://support.apple.com/HT204659",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0",
              "refsource": "CONFIRM",
              "url": "https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
            },
            {
              "name": "HPSBMU03380",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
            },
            {
              "name": "RHSA-2015:0849",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
            },
            {
              "name": "FEDORA-2015-0601",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
            },
            {
              "name": "1033378",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033378"
            },
            {
              "name": "HPSBHF03289",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20150108.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20150108.txt"
            },
            {
              "name": "MDVSA-2015:019",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            },
            {
              "name": "71939",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71939"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "openSUSE-SU-2015:1277",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
            },
            {
              "name": "RHSA-2015:0066",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
            },
            {
              "name": "HPSBUX03244",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
            },
            {
              "name": "SUSE-SU-2015:0578",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
            },
            {
              "name": "SUSE-SU-2015:0946",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
            },
            {
              "name": "HPSBMU03397",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
            },
            {
              "name": "RHSA-2016:1650",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "HPSBMU03396",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
            },
            {
              "name": "HPSBUX03162",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
            },
            {
              "name": "SSRT101987",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "https://support.citrix.com/article/CTX216642",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX216642"
            },
            {
              "name": "HPSBMU03413",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
            },
            {
              "name": "SSRT101885",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa88",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa88"
            },
            {
              "name": "DSA-3125",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3125"
            },
            {
              "name": "FEDORA-2015-0512",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3570",
    "datePublished": "2015-01-09T02:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:17.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-1678
Vulnerability from cvelistv5
Published
2008-07-10 17:00
Modified
2024-08-07 08:32
Severity
Summary
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
References
URLTags
http://www.redhat.com/support/errata/RHSA-2009-1075.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/42724third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/34219third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/43948vdb-entry, x_refsource_XF
https://bugzilla.redhat.com/show_bug.cgi?id=447268x_refsource_CONFIRM
http://secunia.com/advisories/31026third-party-advisory, x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049vendor-advisory, x_refsource_SLACKWARE
http://www.securityfocus.com/bid/31692vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.htmlvendor-advisory, x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9754vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/bid/31681vdb-entry, x_refsource_BID
https://issues.apache.org/bugzilla/show_bug.cgi?id=44975x_refsource_CONFIRM
http://secunia.com/advisories/38761third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31416third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/44183third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-731-1vendor-advisory, x_refsource_UBUNTU
http://bugs.gentoo.org/show_bug.cgi?id=222643x_refsource_CONFIRM
http://secunia.com/advisories/32222third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35264third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:124vendor-advisory, x_refsource_MANDRIVA
http://svn.apache.org/viewvc?view=rev&revision=654119x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.htmlvendor-advisory, x_refsource_FEDORA
http://security.gentoo.org/glsa/glsa-200807-06.xmlvendor-advisory, x_refsource_GENTOO
https://bugs.edge.launchpad.net/bugs/224945x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/2780vdb-entry, x_refsource_VUPEN
https://bugs.edge.launchpad.net/bugs/186339x_refsource_CONFIRM
https://kb.bluecoat.com/index?page=content&id=SA50x_refsource_CONFIRM
http://securityreason.com/securityalert/3981third-party-advisory, x_refsource_SREASON
http://marc.info/?l=openssl-dev&m=121060672602371&w=2mailing-list, x_refsource_MLIST
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlvendor-advisory, x_refsource_APPLE
http://support.apple.com/kb/HT3216x_refsource_CONFIRM
http://secunia.com/advisories/42733third-party-advisory, x_refsource_SECUNIA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:32:01.281Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2009:1075",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1075.html"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "34219",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34219"
          },
          {
            "name": "openssl-libssl-dos(43948)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43948"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=447268"
          },
          {
            "name": "31026",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31026"
          },
          {
            "name": "SSA:2010-060-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
          },
          {
            "name": "31692",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31692"
          },
          {
            "name": "SUSE-SR:2008:024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"
          },
          {
            "name": "oval:org.mitre.oval:def:9754",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9754"
          },
          {
            "name": "31681",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31681"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=44975"
          },
          {
            "name": "38761",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38761"
          },
          {
            "name": "31416",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31416"
          },
          {
            "name": "44183",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44183"
          },
          {
            "name": "USN-731-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-731-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=222643"
          },
          {
            "name": "32222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32222"
          },
          {
            "name": "35264",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35264"
          },
          {
            "name": "MDVSA-2009:124",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:124"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=654119"
          },
          {
            "name": "FEDORA-2008-6393",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html"
          },
          {
            "name": "GLSA-200807-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200807-06.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.edge.launchpad.net/bugs/224945"
          },
          {
            "name": "ADV-2008-2780",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2780"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.edge.launchpad.net/bugs/186339"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "3981",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3981"
          },
          {
            "name": "[openssl-dev] 20080512 possible memory leak in zlib compression",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=openssl-dev\u0026m=121060672602371\u0026w=2"
          },
          {
            "name": "APPLE-SA-2008-10-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3216"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-07-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2009:1075",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1075.html"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "34219",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34219"
        },
        {
          "name": "openssl-libssl-dos(43948)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43948"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=447268"
        },
        {
          "name": "31026",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31026"
        },
        {
          "name": "SSA:2010-060-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
        },
        {
          "name": "31692",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31692"
        },
        {
          "name": "SUSE-SR:2008:024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"
        },
        {
          "name": "oval:org.mitre.oval:def:9754",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9754"
        },
        {
          "name": "31681",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31681"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=44975"
        },
        {
          "name": "38761",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38761"
        },
        {
          "name": "31416",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31416"
        },
        {
          "name": "44183",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44183"
        },
        {
          "name": "USN-731-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-731-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=222643"
        },
        {
          "name": "32222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32222"
        },
        {
          "name": "35264",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35264"
        },
        {
          "name": "MDVSA-2009:124",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:124"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=654119"
        },
        {
          "name": "FEDORA-2008-6393",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html"
        },
        {
          "name": "GLSA-200807-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200807-06.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.edge.launchpad.net/bugs/224945"
        },
        {
          "name": "ADV-2008-2780",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2780"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.edge.launchpad.net/bugs/186339"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "3981",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3981"
        },
        {
          "name": "[openssl-dev] 20080512 possible memory leak in zlib compression",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=openssl-dev\u0026m=121060672602371\u0026w=2"
        },
        {
          "name": "APPLE-SA-2008-10-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3216"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-1678",
    "datePublished": "2008-07-10T17:00:00",
    "dateReserved": "2008-04-03T00:00:00",
    "dateUpdated": "2024-08-07T08:32:01.281Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1559
Vulnerability from cvelistv5
Published
2019-02-26 00:00
Modified
2024-08-04 18:20
Severity
Summary
0-byte record padding oracle
References
URLTags
http://www.securityfocus.com/bid/107174vdb-entry, x_refsource_BID
https://security.gentoo.org/glsa/201903-10vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3899-1/vendor-advisory, x_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2019/03/msg00003.htmlmailing-list, x_refsource_MLIST
https://www.debian.org/security/2019/dsa-4400vendor-advisory, x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.htmlvendor-advisory, x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2019:2304vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2439vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2437vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2471vendor-advisory, x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/vendor-advisory, x_refsource_FEDORA
https://access.redhat.com/errata/RHSA-2019:3929vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3931vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://usn.ubuntu.com/4376-2/vendor-advisory, x_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20190301-0001/x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190301-0002/x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8ex_refsource_CONFIRM
https://www.openssl.org/news/secadv/20190226.txtx_refsource_CONFIRM
https://support.f5.com/csp/article/K18549143x_refsource_CONFIRM
https://www.tenable.com/security/tns-2019-02x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190423-0002/x_refsource_CONFIRM
https://www.tenable.com/security/tns-2019-03x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10282x_refsource_CONFIRM
https://support.f5.com/csp/article/K18549143?utm_source=f5support&amp%3Butm_medium=RSSx_refsource_CONFIRM
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:27.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "107174",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107174"
          },
          {
            "name": "GLSA-201903-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-10"
          },
          {
            "name": "USN-3899-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3899-1/"
          },
          {
            "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
          },
          {
            "name": "DSA-4400",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4400"
          },
          {
            "name": "openSUSE-SU-2019:1076",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
          },
          {
            "name": "openSUSE-SU-2019:1105",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
          },
          {
            "name": "openSUSE-SU-2019:1173",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
          },
          {
            "name": "openSUSE-SU-2019:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
          },
          {
            "name": "openSUSE-SU-2019:1432",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
          },
          {
            "name": "openSUSE-SU-2019:1637",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
          },
          {
            "name": "RHSA-2019:2304",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2304"
          },
          {
            "name": "RHSA-2019:2439",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2439"
          },
          {
            "name": "RHSA-2019:2437",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2437"
          },
          {
            "name": "RHSA-2019:2471",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2471"
          },
          {
            "name": "FEDORA-2019-db06efdea1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
          },
          {
            "name": "FEDORA-2019-00c25b9379",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
          },
          {
            "name": "FEDORA-2019-9a0a7c0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
          },
          {
            "name": "RHSA-2019:3929",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3929"
          },
          {
            "name": "RHSA-2019:3931",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3931"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "USN-4376-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4376-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20190226.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K18549143"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-03"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
        }
      ],
      "datePublic": "2019-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Padding Oracle",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-20T14:42:01",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "107174",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107174"
        },
        {
          "name": "GLSA-201903-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-10"
        },
        {
          "name": "USN-3899-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3899-1/"
        },
        {
          "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
        },
        {
          "name": "DSA-4400",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4400"
        },
        {
          "name": "openSUSE-SU-2019:1076",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
        },
        {
          "name": "openSUSE-SU-2019:1105",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
        },
        {
          "name": "openSUSE-SU-2019:1173",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
        },
        {
          "name": "openSUSE-SU-2019:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
        },
        {
          "name": "openSUSE-SU-2019:1432",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
        },
        {
          "name": "openSUSE-SU-2019:1637",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
        },
        {
          "name": "RHSA-2019:2304",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2304"
        },
        {
          "name": "RHSA-2019:2439",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2439"
        },
        {
          "name": "RHSA-2019:2437",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2437"
        },
        {
          "name": "RHSA-2019:2471",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2471"
        },
        {
          "name": "FEDORA-2019-db06efdea1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
        },
        {
          "name": "FEDORA-2019-00c25b9379",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
        },
        {
          "name": "FEDORA-2019-9a0a7c0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
        },
        {
          "name": "RHSA-2019:3929",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3929"
        },
        {
          "name": "RHSA-2019:3931",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3931"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "name": "USN-4376-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4376-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20190226.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K18549143"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2019-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2019-03"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        }
      ],
      "title": "0-byte record padding oracle",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2019-02-26",
          "ID": "CVE-2019-1559",
          "STATE": "PUBLIC",
          "TITLE": "0-byte record padding oracle"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
            "value": "Moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Padding Oracle"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "107174",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107174"
            },
            {
              "name": "GLSA-201903-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-10"
            },
            {
              "name": "USN-3899-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3899-1/"
            },
            {
              "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
            },
            {
              "name": "DSA-4400",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4400"
            },
            {
              "name": "openSUSE-SU-2019:1076",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
            },
            {
              "name": "openSUSE-SU-2019:1105",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
            },
            {
              "name": "openSUSE-SU-2019:1173",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
            },
            {
              "name": "openSUSE-SU-2019:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
            },
            {
              "name": "openSUSE-SU-2019:1432",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
            },
            {
              "name": "openSUSE-SU-2019:1637",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
            },
            {
              "name": "RHSA-2019:2304",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2304"
            },
            {
              "name": "RHSA-2019:2439",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2439"
            },
            {
              "name": "RHSA-2019:2437",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2437"
            },
            {
              "name": "RHSA-2019:2471",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2471"
            },
            {
              "name": "FEDORA-2019-db06efdea1",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
            },
            {
              "name": "FEDORA-2019-00c25b9379",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
            },
            {
              "name": "FEDORA-2019-9a0a7c0986",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
            },
            {
              "name": "RHSA-2019:3929",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3929"
            },
            {
              "name": "RHSA-2019:3931",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3931"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "USN-4376-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4376-2/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190301-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190301-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20190226.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20190226.txt"
            },
            {
              "name": "https://support.f5.com/csp/article/K18549143",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K18549143"
            },
            {
              "name": "https://www.tenable.com/security/tns-2019-02",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2019-02"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190423-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
            },
            {
              "name": "https://www.tenable.com/security/tns-2019-03",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2019-03"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
            },
            {
              "name": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2019-1559",
    "datePublished": "2019-02-26T00:00:00",
    "dateReserved": "2018-11-28T00:00:00",
    "dateUpdated": "2024-08-04T18:20:27.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-1792
Vulnerability from cvelistv5
Published
2015-06-12 00:00
Modified
2024-08-06 04:54
Severity
Summary
The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.
References
URLTags
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=143880121627664&w=2vendor-advisory
http://www.debian.org/security/2015/dsa-3287vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlvendor-advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965
https://openssl.org/news/secadv/20150611.txt
http://rhn.redhat.com/errata/RHSA-2015-1115.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.securitytracker.com/id/1032564vdb-entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-opensslvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisory
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-2639-1vendor-advisory
http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
http://www.securityfocus.com/bid/75154vdb-entry
https://security.gentoo.org/glsa/201506-02vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
http://www.securityfocus.com/bid/91787vdb-entry
https://github.com/openssl/openssl/commit/cd30f03ac5bf2962f44bd02ae8d88245dff2f12c
http://marc.info/?l=bugtraq&m=143880121627664&w=2vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.htmlvendor-advisory
https://support.apple.com/kb/HT205031
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://support.citrix.com/article/CTX216642
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlvendor-advisory
https://bto.bluecoat.com/security-advisory/sa98
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.ascvendor-advisory
https://www.openssl.org/news/secadv_20150611.txt
http://marc.info/?l=bugtraq&m=143654156615516&w=2vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:54:16.038Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2015:1184",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
          },
          {
            "name": "SSRT102180",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
          },
          {
            "name": "DSA-3287",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3287"
          },
          {
            "name": "SUSE-SU-2015:1150",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://openssl.org/news/secadv/20150611.txt"
          },
          {
            "name": "RHSA-2015:1115",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "SUSE-SU-2015:1182",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "SUSE-SU-2015:1143",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "1032564",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032564"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
          },
          {
            "name": "FEDORA-2015-10108",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "APPLE-SA-2015-08-13-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
          },
          {
            "name": "USN-2639-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2639-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
          },
          {
            "name": "75154",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75154"
          },
          {
            "name": "GLSA-201506-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201506-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/cd30f03ac5bf2962f44bd02ae8d88245dff2f12c"
          },
          {
            "name": "HPSBUX03388",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
          },
          {
            "name": "FEDORA-2015-10047",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT205031"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "SUSE-SU-2015:1185",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
          },
          {
            "name": "openSUSE-SU-2015:1139",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa98"
          },
          {
            "name": "NetBSD-SA2015-008",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150611.txt"
          },
          {
            "name": "HPSBGN03371",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143654156615516\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SU-2015:1184",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
        },
        {
          "name": "SSRT102180",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
        },
        {
          "name": "DSA-3287",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3287"
        },
        {
          "name": "SUSE-SU-2015:1150",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
        },
        {
          "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965"
        },
        {
          "url": "https://openssl.org/news/secadv/20150611.txt"
        },
        {
          "name": "RHSA-2015:1115",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "SUSE-SU-2015:1182",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "SUSE-SU-2015:1143",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "1032564",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032564"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
        },
        {
          "name": "FEDORA-2015-10108",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "name": "APPLE-SA-2015-08-13-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
        },
        {
          "name": "USN-2639-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2639-1"
        },
        {
          "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
        },
        {
          "name": "75154",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/75154"
        },
        {
          "name": "GLSA-201506-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201506-02"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/cd30f03ac5bf2962f44bd02ae8d88245dff2f12c"
        },
        {
          "name": "HPSBUX03388",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
        },
        {
          "name": "FEDORA-2015-10047",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html"
        },
        {
          "url": "https://support.apple.com/kb/HT205031"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "SUSE-SU-2015:1185",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
        },
        {
          "name": "openSUSE-SU-2015:1139",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa98"
        },
        {
          "name": "NetBSD-SA2015-008",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150611.txt"
        },
        {
          "name": "HPSBGN03371",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143654156615516\u0026w=2"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-1792",
    "datePublished": "2015-06-12T00:00:00",
    "dateReserved": "2015-02-17T00:00:00",
    "dateUpdated": "2024-08-06T04:54:16.038Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-0655
Vulnerability from cvelistv5
Published
2002-07-31 04:00
Modified
2024-08-08 02:56
Severity
Summary
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.
References
URLTags
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.phpvendor-advisory, x_refsource_MANDRAKE
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txtvendor-advisory, x_refsource_CALDERA
http://www.cert.org/advisories/CA-2002-23.htmlthird-party-advisory, x_refsource_CERT
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txtvendor-advisory, x_refsource_CALDERA
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513vendor-advisory, x_refsource_CONECTIVA
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://www.kb.cert.org/vuls/id/308891third-party-advisory, x_refsource_CERT-VN
http://www.securityfocus.com/bid/5364vdb-entry, x_refsource_BID
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:56:38.412Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDKSA-2002:046",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php"
          },
          {
            "name": "CSSA-2002-033.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
          },
          {
            "name": "CA-2002-23",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.cert.org/advisories/CA-2002-23.html"
          },
          {
            "name": "CSSA-2002-033.1",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
          },
          {
            "name": "CLA-2002:513",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513"
          },
          {
            "name": "FreeBSD-SA-02:33",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
          },
          {
            "name": "VU#308891",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/308891"
          },
          {
            "name": "5364",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5364"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-07-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-08-01T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDKSA-2002:046",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php"
        },
        {
          "name": "CSSA-2002-033.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
        },
        {
          "name": "CA-2002-23",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.cert.org/advisories/CA-2002-23.html"
        },
        {
          "name": "CSSA-2002-033.1",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
        },
        {
          "name": "CLA-2002:513",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513"
        },
        {
          "name": "FreeBSD-SA-02:33",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
        },
        {
          "name": "VU#308891",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/308891"
        },
        {
          "name": "5364",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5364"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0655",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDKSA-2002:046",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php"
            },
            {
              "name": "CSSA-2002-033.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
            },
            {
              "name": "CA-2002-23",
              "refsource": "CERT",
              "url": "http://www.cert.org/advisories/CA-2002-23.html"
            },
            {
              "name": "CSSA-2002-033.1",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
            },
            {
              "name": "CLA-2002:513",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513"
            },
            {
              "name": "FreeBSD-SA-02:33",
              "refsource": "FREEBSD",
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
            },
            {
              "name": "VU#308891",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/308891"
            },
            {
              "name": "5364",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5364"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0655",
    "datePublished": "2002-07-31T04:00:00",
    "dateReserved": "2002-07-02T00:00:00",
    "dateUpdated": "2024-08-08T02:56:38.412Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-5407
Vulnerability from cvelistv5
Published
2018-11-15 21:00
Modified
2024-08-05 05:33
Severity
Summary
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
References
URLTags
https://access.redhat.com/errata/RHSA-2019:0483vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20181126-0001/x_refsource_CONFIRM
https://usn.ubuntu.com/3840-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4355vendor-advisory, x_refsource_DEBIAN
https://www.tenable.com/security/tns-2018-17x_refsource_CONFIRM
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/x_refsource_CONFIRM
https://security.gentoo.org/glsa/201903-10vendor-advisory, x_refsource_GENTOO
https://www.tenable.com/security/tns-2018-16x_refsource_CONFIRM
https://www.exploit-db.com/exploits/45785/exploit, x_refsource_EXPLOIT-DB
https://lists.debian.org/debian-lts-announce/2018/11/msg00024.htmlmailing-list, x_refsource_MLIST
https://github.com/bbbrumley/portsmashx_refsource_MISC
https://www.debian.org/security/2018/dsa-4348vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/105897vdb-entry, x_refsource_BID
https://eprint.iacr.org/2018/1060.pdfx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:0651vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0652vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:2125vendor-advisory, x_refsource_REDHAT
https://support.f5.com/csp/article/K49711130?utm_source=f5support&amp%3Butm_medium=RSSx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:3929vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3933vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3931vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3935vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3932vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
Impacted products
VendorProduct
N/AProcessors supporting Simultaneous Multi-Threading
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2019:0483",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0483"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
          },
          {
            "name": "USN-3840-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3840-1/"
          },
          {
            "name": "DSA-4355",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4355"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-17"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
          },
          {
            "name": "GLSA-201903-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-10"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-16"
          },
          {
            "name": "45785",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45785/"
          },
          {
            "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/bbbrumley/portsmash"
          },
          {
            "name": "DSA-4348",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4348"
          },
          {
            "name": "105897",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105897"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://eprint.iacr.org/2018/1060.pdf"
          },
          {
            "name": "RHSA-2019:0651",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0651"
          },
          {
            "name": "RHSA-2019:0652",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0652"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "RHSA-2019:2125",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2125"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "name": "RHSA-2019:3929",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3929"
          },
          {
            "name": "RHSA-2019:3933",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3933"
          },
          {
            "name": "RHSA-2019:3931",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3931"
          },
          {
            "name": "RHSA-2019:3935",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3935"
          },
          {
            "name": "RHSA-2019:3932",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3932"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Processors supporting Simultaneous Multi-Threading",
          "vendor": "N/A",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2018-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T21:06:46",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "RHSA-2019:0483",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0483"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
        },
        {
          "name": "USN-3840-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3840-1/"
        },
        {
          "name": "DSA-4355",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4355"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-17"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
        },
        {
          "name": "GLSA-201903-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-10"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-16"
        },
        {
          "name": "45785",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45785/"
        },
        {
          "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/bbbrumley/portsmash"
        },
        {
          "name": "DSA-4348",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4348"
        },
        {
          "name": "105897",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105897"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://eprint.iacr.org/2018/1060.pdf"
        },
        {
          "name": "RHSA-2019:0651",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0651"
        },
        {
          "name": "RHSA-2019:0652",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0652"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "RHSA-2019:2125",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2125"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "name": "RHSA-2019:3929",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3929"
        },
        {
          "name": "RHSA-2019:3933",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        },
        {
          "name": "RHSA-2019:3931",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3931"
        },
        {
          "name": "RHSA-2019:3935",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        },
        {
          "name": "RHSA-2019:3932",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2018-5407",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Processors supporting Simultaneous Multi-Threading",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "N/A"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "N/A"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2019:0483",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0483"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181126-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
            },
            {
              "name": "USN-3840-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3840-1/"
            },
            {
              "name": "DSA-4355",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4355"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-17",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-17"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
            },
            {
              "name": "GLSA-201903-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-10"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-16",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-16"
            },
            {
              "name": "45785",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45785/"
            },
            {
              "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
            },
            {
              "name": "https://github.com/bbbrumley/portsmash",
              "refsource": "MISC",
              "url": "https://github.com/bbbrumley/portsmash"
            },
            {
              "name": "DSA-4348",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4348"
            },
            {
              "name": "105897",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105897"
            },
            {
              "name": "https://eprint.iacr.org/2018/1060.pdf",
              "refsource": "MISC",
              "url": "https://eprint.iacr.org/2018/1060.pdf"
            },
            {
              "name": "RHSA-2019:0651",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0651"
            },
            {
              "name": "RHSA-2019:0652",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0652"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "RHSA-2019:2125",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2125"
            },
            {
              "name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "RHSA-2019:3929",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3929"
            },
            {
              "name": "RHSA-2019:3933",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3933"
            },
            {
              "name": "RHSA-2019:3931",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3931"
            },
            {
              "name": "RHSA-2019:3935",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3935"
            },
            {
              "name": "RHSA-2019:3932",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3932"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2018-5407",
    "datePublished": "2018-11-15T21:00:00",
    "dateReserved": "2018-01-12T00:00:00",
    "dateUpdated": "2024-08-05T05:33:44.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0778
Vulnerability from cvelistv5
Published
2022-03-15 00:00
Modified
2024-08-02 23:40
Severity
Summary
Infinite loop in BN_mod_sqrt() reachable when parsing certificates
References
URLTags
https://www.openssl.org/news/secadv/20220315.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83
https://www.debian.org/security/2022/dsa-5103vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00023.htmlmailing-list
https://lists.debian.org/debian-lts-announce/2022/03/msg00024.htmlmailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/vendor-advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
https://security.netapp.com/advisory/ntap-20220321-0002/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
https://www.tenable.com/security/tns-2022-06
https://www.tenable.com/security/tns-2022-07
https://www.tenable.com/security/tns-2022-08
http://seclists.org/fulldisclosure/2022/May/33mailing-list
http://seclists.org/fulldisclosure/2022/May/35mailing-list
http://seclists.org/fulldisclosure/2022/May/38mailing-list
https://www.oracle.com/security-alerts/cpujul2022.html
https://support.apple.com/kb/HT213257
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213255
https://www.tenable.com/security/tns-2022-09
https://security.netapp.com/advisory/ntap-20220429-0005/
http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html
https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
https://security.gentoo.org/glsa/202210-02vendor-advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:40:03.765Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20220315.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83"
          },
          {
            "name": "DSA-5103",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5103"
          },
          {
            "name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
          },
          {
            "name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html"
          },
          {
            "name": "FEDORA-2022-a5f51502f0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/"
          },
          {
            "name": "FEDORA-2022-9e88b5d8d7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/"
          },
          {
            "name": "FEDORA-2022-8bb51f6901",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220321-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2022-06"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2022-07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2022-08"
          },
          {
            "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/May/33"
          },
          {
            "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/May/35"
          },
          {
            "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/May/38"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213257"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213256"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213255"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2022-09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf"
          },
          {
            "name": "GLSA-202210-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tavis Ormandy (Google)"
        }
      ],
      "datePublic": "2022-03-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#High",
              "value": "High"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Infinite loop",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:01.186352",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20220315.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83"
        },
        {
          "name": "DSA-5103",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5103"
        },
        {
          "name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
        },
        {
          "name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html"
        },
        {
          "name": "FEDORA-2022-a5f51502f0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/"
        },
        {
          "name": "FEDORA-2022-9e88b5d8d7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/"
        },
        {
          "name": "FEDORA-2022-8bb51f6901",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220321-0002/"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002"
        },
        {
          "url": "https://www.tenable.com/security/tns-2022-06"
        },
        {
          "url": "https://www.tenable.com/security/tns-2022-07"
        },
        {
          "url": "https://www.tenable.com/security/tns-2022-08"
        },
        {
          "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/May/33"
        },
        {
          "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/May/35"
        },
        {
          "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/May/38"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://support.apple.com/kb/HT213257"
        },
        {
          "url": "https://support.apple.com/kb/HT213256"
        },
        {
          "url": "https://support.apple.com/kb/HT213255"
        },
        {
          "url": "https://www.tenable.com/security/tns-2022-09"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
        },
        {
          "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf"
        },
        {
          "name": "GLSA-202210-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-02"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "title": "Infinite loop in BN_mod_sqrt() reachable when parsing certificates"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-0778",
    "datePublished": "2022-03-15T00:00:00",
    "dateReserved": "2022-02-28T00:00:00",
    "dateUpdated": "2024-08-02T23:40:03.765Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-2333
Vulnerability from cvelistv5
Published
2012-05-14 22:00
Modified
2024-08-06 19:34
Severity
Summary
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
References
URLTags
http://www.securityfocus.com/bid/53476vdb-entry, x_refsource_BID
http://secunia.com/advisories/49116third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=134919053717161&w=2vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/51312third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-1308.htmlvendor-advisory, x_refsource_REDHAT
http://cvs.openssl.org/chngview?cn=22538x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2012-1307.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=136432043316835&w=2vendor-advisory, x_refsource_HP
http://support.apple.com/kb/HT5784x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/49208third-party-advisory, x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/737740third-party-advisory, x_refsource_CERT-VN
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.htmlvendor-advisory, x_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=820686x_refsource_CONFIRM
http://cvs.openssl.org/chngview?cn=22547x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2012-1306.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/50768third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/49324third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/75525vdb-entry, x_refsource_XF
http://marc.info/?l=bugtraq&m=136432043316835&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.htmlvendor-advisory, x_refsource_SUSE
http://www.openssl.org/news/secadv_20120510.txtx_refsource_CONFIRM
http://www.securitytracker.com/id?1027057vdb-entry, x_refsource_SECTRACK
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.htmlvendor-advisory, x_refsource_FEDORA
http://www.cert.fi/en/reports/2012/vulnerability641549.htmlx_refsource_MISC
http://marc.info/?l=bugtraq&m=134919053717161&w=2vendor-advisory, x_refsource_HP
http://www.debian.org/security/2012/dsa-2475vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2012:073vendor-advisory, x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2012-0699.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:34:25.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "53476",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53476"
          },
          {
            "name": "49116",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49116"
          },
          {
            "name": "SSRT100930",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2"
          },
          {
            "name": "FEDORA-2012-18035",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
          },
          {
            "name": "51312",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51312"
          },
          {
            "name": "RHSA-2012:1308",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=22538"
          },
          {
            "name": "RHSA-2012:1307",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
          },
          {
            "name": "SSRT101108",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          },
          {
            "name": "49208",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49208"
          },
          {
            "name": "VU#737740",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/737740"
          },
          {
            "name": "SUSE-SU-2012:0679",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820686"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=22547"
          },
          {
            "name": "RHSA-2012:1306",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
          },
          {
            "name": "50768",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50768"
          },
          {
            "name": "49324",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49324"
          },
          {
            "name": "openssl-tls-record-dos(75525)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75525"
          },
          {
            "name": "HPSBOV02852",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
          },
          {
            "name": "SUSE-SU-2012:0678",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20120510.txt"
          },
          {
            "name": "1027057",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027057"
          },
          {
            "name": "FEDORA-2012-7939",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.cert.fi/en/reports/2012/vulnerability641549.html"
          },
          {
            "name": "HPSBUX02814",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2"
          },
          {
            "name": "DSA-2475",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2475"
          },
          {
            "name": "MDVSA-2012:073",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:073"
          },
          {
            "name": "RHSA-2012:0699",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0699.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-05-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "53476",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53476"
        },
        {
          "name": "49116",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49116"
        },
        {
          "name": "SSRT100930",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2"
        },
        {
          "name": "FEDORA-2012-18035",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
        },
        {
          "name": "51312",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51312"
        },
        {
          "name": "RHSA-2012:1308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=22538"
        },
        {
          "name": "RHSA-2012:1307",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
        },
        {
          "name": "SSRT101108",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5784"
        },
        {
          "name": "APPLE-SA-2013-06-04-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
        },
        {
          "name": "49208",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49208"
        },
        {
          "name": "VU#737740",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/737740"
        },
        {
          "name": "SUSE-SU-2012:0679",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820686"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=22547"
        },
        {
          "name": "RHSA-2012:1306",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
        },
        {
          "name": "50768",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50768"
        },
        {
          "name": "49324",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49324"
        },
        {
          "name": "openssl-tls-record-dos(75525)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75525"
        },
        {
          "name": "HPSBOV02852",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
        },
        {
          "name": "SUSE-SU-2012:0678",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20120510.txt"
        },
        {
          "name": "1027057",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027057"
        },
        {
          "name": "FEDORA-2012-7939",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.cert.fi/en/reports/2012/vulnerability641549.html"
        },
        {
          "name": "HPSBUX02814",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2"
        },
        {
          "name": "DSA-2475",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2475"
        },
        {
          "name": "MDVSA-2012:073",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:073"
        },
        {
          "name": "RHSA-2012:0699",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0699.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-2333",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "53476",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53476"
            },
            {
              "name": "49116",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49116"
            },
            {
              "name": "SSRT100930",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2"
            },
            {
              "name": "FEDORA-2012-18035",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
            },
            {
              "name": "51312",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51312"
            },
            {
              "name": "RHSA-2012:1308",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=22538",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=22538"
            },
            {
              "name": "RHSA-2012:1307",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
            },
            {
              "name": "SSRT101108",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
            },
            {
              "name": "http://support.apple.com/kb/HT5784",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5784"
            },
            {
              "name": "APPLE-SA-2013-06-04-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
            },
            {
              "name": "49208",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49208"
            },
            {
              "name": "VU#737740",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/737740"
            },
            {
              "name": "SUSE-SU-2012:0679",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=820686",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820686"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=22547",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=22547"
            },
            {
              "name": "RHSA-2012:1306",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
            },
            {
              "name": "50768",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50768"
            },
            {
              "name": "49324",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49324"
            },
            {
              "name": "openssl-tls-record-dos(75525)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75525"
            },
            {
              "name": "HPSBOV02852",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
            },
            {
              "name": "SUSE-SU-2012:0678",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20120510.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20120510.txt"
            },
            {
              "name": "1027057",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027057"
            },
            {
              "name": "FEDORA-2012-7939",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html"
            },
            {
              "name": "http://www.cert.fi/en/reports/2012/vulnerability641549.html",
              "refsource": "MISC",
              "url": "http://www.cert.fi/en/reports/2012/vulnerability641549.html"
            },
            {
              "name": "HPSBUX02814",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2"
            },
            {
              "name": "DSA-2475",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2475"
            },
            {
              "name": "MDVSA-2012:073",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:073"
            },
            {
              "name": "RHSA-2012:0699",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0699.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-2333",
    "datePublished": "2012-05-14T22:00:00",
    "dateReserved": "2012-04-19T00:00:00",
    "dateUpdated": "2024-08-06T19:34:25.869Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6304
Vulnerability from cvelistv5
Published
2016-09-26 00:00
Modified
2024-08-06 01:29
Severity
Summary
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
References
URLTags
https://www.openssl.org/news/secadv/20160922.txt
https://www.tenable.com/security/tns-2016-20
http://www.splunk.com/view/SP-CAAAPUE
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://rhn.redhat.com/errata/RHSA-2017-1659.htmlvendor-advisory
https://access.redhat.com/errata/RHSA-2017:1658vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-1940.htmlvendor-advisory
http://www.securityfocus.com/bid/93150vdb-entry
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://rhn.redhat.com/errata/RHSA-2016-2802.htmlvendor-advisory
https://security.gentoo.org/glsa/201612-16vendor-advisory
https://access.redhat.com/errata/RHSA-2017:1801vendor-advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
http://www.securitytracker.com/id/1036878vdb-entry
http://www.splunk.com/view/SP-CAAAPSV
https://access.redhat.com/errata/RHSA-2017:1413vendor-advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
https://www.tenable.com/security/tns-2016-16
https://access.redhat.com/errata/RHSA-2017:2494vendor-advisory
http://www.securitytracker.com/id/1037640vdb-entry
https://www.tenable.com/security/tns-2016-21
https://kc.mcafee.com/corporate/index?page=content&id=SB10171
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://access.redhat.com/errata/RHSA-2017:1414vendor-advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://bto.bluecoat.com/security-advisory/sa132
http://rhn.redhat.com/errata/RHSA-2017-1415.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.ascvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.htmlvendor-advisory
https://access.redhat.com/errata/RHSA-2017:1802vendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://access.redhat.com/errata/RHSA-2017:2493vendor-advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-3087-1vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.htmlvendor-advisory
http://seclists.org/fulldisclosure/2016/Oct/62mailing-list
http://www.ubuntu.com/usn/USN-3087-2vendor-advisory
http://seclists.org/fulldisclosure/2016/Dec/47mailing-list
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.htmlvendor-advisory
http://seclists.org/fulldisclosure/2017/Jul/31mailing-list
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.htmlvendor-advisory
http://www.debian.org/security/2016/dsa-3673vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.htmlvendor-advisory
http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.htmlvendor-advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:18.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160922.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2017:1659",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
          },
          {
            "name": "RHSA-2017:1658",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1658"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "name": "93150",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93150"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "RHSA-2016:2802",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2802.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "name": "RHSA-2017:1801",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1801"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "name": "1036878",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036878"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "name": "RHSA-2017:1413",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1413"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "name": "RHSA-2017:2494",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2494"
          },
          {
            "name": "1037640",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037640"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "RHSA-2017:1414",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1414"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "name": "RHSA-2017:1415",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "name": "SUSE-SU-2016:2470",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
          },
          {
            "name": "RHSA-2017:1802",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1802"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "name": "RHSA-2017:2493",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2493"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Oct/62"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "name": "20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Dec/47"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "name": "openSUSE-SU-2016:2788",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2016:2769",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html"
          },
          {
            "name": "openSUSE-SU-2016:2496",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20160922.txt"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2017:1659",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
        },
        {
          "name": "RHSA-2017:1658",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1658"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "name": "93150",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/93150"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "RHSA-2016:2802",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2802.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "name": "RHSA-2017:1801",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1801"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "name": "1036878",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036878"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "name": "RHSA-2017:1413",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1413"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "name": "RHSA-2017:2494",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2494"
        },
        {
          "name": "1037640",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1037640"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "RHSA-2017:1414",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1414"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "name": "RHSA-2017:1415",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "name": "SUSE-SU-2016:2470",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
        },
        {
          "name": "RHSA-2017:1802",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1802"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "name": "RHSA-2017:2493",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2493"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Oct/62"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "name": "20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Dec/47"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "name": "openSUSE-SU-2016:2788",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2016:2769",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html"
        },
        {
          "name": "openSUSE-SU-2016:2496",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6304",
    "datePublished": "2016-09-26T00:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:18.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0286
Vulnerability from cvelistv5
Published
2023-02-08 19:01
Modified
2024-08-02 05:02
Severity
Summary
X.400 address type confusion in X.509 GeneralName
References
URLTags
https://www.openssl.org/news/secadv/20230207.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4dpatch
https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
https://security.gentoo.org/glsa/202402-08
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:02:44.187Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230207.txt"
          },
          {
            "name": "3.0.8 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"
          },
          {
            "name": "1.1.1t git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"
          },
          {
            "name": "1.0.2zg patch (premium)",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.0.8",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1t",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zg",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "David Benjamin (Google)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Hugo Landau"
        }
      ],
      "datePublic": "2023-02-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There is a type confusion vulnerability relating to X.400 address processing\u003cbr\u003einside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\u003cbr\u003ethe public structure definition for GENERAL_NAME incorrectly specified the type\u003cbr\u003eof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\u003cbr\u003ethe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\u003cbr\u003eASN1_STRING.\u003cbr\u003e\u003cbr\u003eWhen CRL checking is enabled (i.e. the application sets the\u003cbr\u003eX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\u003cbr\u003earbitrary pointers to a memcmp call, enabling them to read memory contents or\u003cbr\u003eenact a denial of service. In most cases, the attack requires the attacker to\u003cbr\u003eprovide both the certificate chain and CRL, neither of which need to have a\u003cbr\u003evalid signature. If the attacker only controls one of these inputs, the other\u003cbr\u003einput must already contain an X.400 address as a CRL distribution point, which\u003cbr\u003eis uncommon. As such, this vulnerability is most likely to only affect\u003cbr\u003eapplications which have implemented their own functionality for retrieving CRLs\u003cbr\u003eover a network.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.\n\n"
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "High"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": " type confusion vulnerability",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-27T18:25:32.958867Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230207.txt"
        },
        {
          "name": "3.0.8 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"
        },
        {
          "name": "1.1.1t git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"
        },
        {
          "name": "1.0.2zg patch (premium)",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"
        },
        {
          "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig"
        },
        {
          "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "X.400 address type confusion in X.509 GeneralName",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-0286",
    "datePublished": "2023-02-08T19:01:50.514Z",
    "dateReserved": "2023-01-13T10:40:41.259Z",
    "dateUpdated": "2024-08-02T05:02:44.187Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-5298
Vulnerability from cvelistv5
Published
2014-04-14 16:00
Modified
2024-08-07 04:17
Severity
Summary
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
References
URLTags
http://secunia.com/advisories/59342third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59669third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/66801vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=140544599631400&w=2vendor-advisory, x_refsource_HP
http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676655x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676879x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677828x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140621259019789&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59300third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-201407-05.xmlvendor-advisory, x_refsource_GENTOO
https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guestx_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=swg24037783x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677695x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676529x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/534161/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www-01.ibm.com/support/docview.wss?uid=swg21676889x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory, x_refsource_FEDORA
http://www.mandriva.com/security/advisories?name=MDVSA-2014:090vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/59440third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59655third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21677836x_refsource_CONFIRM
http://secunia.com/advisories/59437third-party-advisory, x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2014-0006.htmlx_refsource_CONFIRM
http://www.fortiguard.com/advisory/FG-IR-14-018/x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlvendor-advisory, x_refsource_SUSE
http://www.ibm.com/support/docview.wss?uid=swg21676356x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140389274407904&w=2vendor-advisory, x_refsource_HP
http://support.citrix.com/article/CTX140876x_refsource_CONFIRM
http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markupx_refsource_CONFIRM
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757x_refsource_CONFIRM
http://advisories.mageia.org/MGASA-2014-0187.htmlx_refsource_CONFIRM
http://secunia.com/advisories/58939third-party-advisory, x_refsource_SECUNIA
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-opensslvendor-advisory, x_refsource_CISCO
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10075x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676419x_refsource_CONFIRM
http://secunia.com/advisories/59438third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=141658880509699&w=2vendor-advisory, x_refsource_HP
http://www.openssl.org/news/secadv_20140605.txtx_refsource_CONFIRM
http://seclists.org/fulldisclosure/2014/Dec/23mailing-list, x_refsource_FULLDISC
http://secunia.com/advisories/59301third-party-advisory, x_refsource_SECUNIA
https://kb.bluecoat.com/index?page=content&id=SA80x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140904544427729&w=2vendor-advisory, x_refsource_HP
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21678167x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=140752315422991&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=140389355508263&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=140448122410568&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59666third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140431828824371&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59413third-party-advisory, x_refsource_SECUNIA
http://www.openbsd.org/errata55.html#004_opensslvendor-advisory, x_refsource_OPENBSD
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlx_refsource_CONFIRM
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sigx_refsource_CONFIRM
http://secunia.com/advisories/59721third-party-advisory, x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676062x_refsource_CONFIRM
http://secunia.com/advisories/58713third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21673137x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
http://www-01.ibm.com/support/docview.wss?uid=swg21676035x_refsource_CONFIRM
http://secunia.com/advisories/59450third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59287third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21683332x_refsource_CONFIRM
http://secunia.com/advisories/58977third-party-advisory, x_refsource_SECUNIA
https://www.novell.com/support/kb/doc.php?id=7015271x_refsource_CONFIRM
http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reusex_refsource_MISC
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guestx_refsource_MISC
http://www.blackberry.com/btsc/KB36051x_refsource_CONFIRM
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755x_refsource_CONFIRM
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htmx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677527x_refsource_CONFIRM
http://secunia.com/advisories/58337third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59162third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59490third-party-advisory, x_refsource_SECUNIA
http://openwall.com/lists/oss-security/2014/04/13/1mailing-list, x_refsource_MLIST
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:17:10.312Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59342"
          },
          {
            "name": "59669",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59669"
          },
          {
            "name": "66801",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66801"
          },
          {
            "name": "HPSBGN03068",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
          },
          {
            "name": "HPSBMU03074",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
          },
          {
            "name": "59300",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59300"
          },
          {
            "name": "GLSA-201407-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://rt.openssl.org/Ticket/Display.html?id=3265\u0026user=guest\u0026pass=guest"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "name": "MDVSA-2014:090",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:090"
          },
          {
            "name": "59440",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59440"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "name": "59655",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59655"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
          },
          {
            "name": "59437",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59437"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/"
          },
          {
            "name": "SUSE-SU-2015:0743",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
          },
          {
            "name": "HPSBMU03057",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX140876"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191\u0026view=markup"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0187.html"
          },
          {
            "name": "58939",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58939"
          },
          {
            "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
          },
          {
            "name": "59438",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59438"
          },
          {
            "name": "HPSBHF03052",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20140605.txt"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "name": "59301",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59301"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
          },
          {
            "name": "HPSBMU03076",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
          },
          {
            "name": "FEDORA-2014-9301",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
          },
          {
            "name": "HPSBMU03062",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
          },
          {
            "name": "HPSBMU03056",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
          },
          {
            "name": "HPSBMU03051",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
          },
          {
            "name": "59666",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59666"
          },
          {
            "name": "HPSBMU03055",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
          },
          {
            "name": "59413",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59413"
          },
          {
            "name": "[5.5] 004: SECURITY FIX: April 12, 2014",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/errata55.html#004_openssl"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig"
          },
          {
            "name": "59721",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59721"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
          },
          {
            "name": "58713",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58713"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
          },
          {
            "name": "59450",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59450"
          },
          {
            "name": "59287",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59287"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
          },
          {
            "name": "58977",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58977"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://rt.openssl.org/Ticket/Display.html?id=2167\u0026user=guest\u0026pass=guest"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.blackberry.com/btsc/KB36051"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
          },
          {
            "name": "58337",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58337"
          },
          {
            "name": "59162",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59162"
          },
          {
            "name": "59490",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59490"
          },
          {
            "name": "[oss-security] 20140412 Use-after-free race condition,in OpenSSL\u0027s read buffer",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/04/13/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-02-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "59342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59342"
        },
        {
          "name": "59669",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59669"
        },
        {
          "name": "66801",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66801"
        },
        {
          "name": "HPSBGN03068",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
        },
        {
          "name": "HPSBMU03074",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
        },
        {
          "name": "59300",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59300"
        },
        {
          "name": "GLSA-201407-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://rt.openssl.org/Ticket/Display.html?id=3265\u0026user=guest\u0026pass=guest"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "name": "MDVSA-2014:090",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:090"
        },
        {
          "name": "59440",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59440"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
        },
        {
          "name": "59655",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59655"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
        },
        {
          "name": "59437",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59437"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/"
        },
        {
          "name": "SUSE-SU-2015:0743",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
        },
        {
          "name": "HPSBMU03057",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX140876"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191\u0026view=markup"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0187.html"
        },
        {
          "name": "58939",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58939"
        },
        {
          "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
        },
        {
          "name": "59438",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59438"
        },
        {
          "name": "HPSBHF03052",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20140605.txt"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
        },
        {
          "name": "59301",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59301"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
        },
        {
          "name": "HPSBMU03076",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
        },
        {
          "name": "FEDORA-2014-9301",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
        },
        {
          "name": "HPSBMU03062",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
        },
        {
          "name": "HPSBMU03056",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
        },
        {
          "name": "HPSBMU03051",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
        },
        {
          "name": "59666",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59666"
        },
        {
          "name": "HPSBMU03055",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
        },
        {
          "name": "59413",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59413"
        },
        {
          "name": "[5.5] 004: SECURITY FIX: April 12, 2014",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://www.openbsd.org/errata55.html#004_openssl"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig"
        },
        {
          "name": "59721",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59721"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
        },
        {
          "name": "58713",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58713"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
        },
        {
          "name": "59450",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59450"
        },
        {
          "name": "59287",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59287"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
        },
        {
          "name": "58977",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58977"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://rt.openssl.org/Ticket/Display.html?id=2167\u0026user=guest\u0026pass=guest"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.blackberry.com/btsc/KB36051"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
        },
        {
          "name": "58337",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58337"
        },
        {
          "name": "59162",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59162"
        },
        {
          "name": "59490",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59490"
        },
        {
          "name": "[oss-security] 20140412 Use-after-free race condition,in OpenSSL\u0027s read buffer",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/04/13/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-5298",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59342",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59342"
            },
            {
              "name": "59669",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59669"
            },
            {
              "name": "66801",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66801"
            },
            {
              "name": "HPSBGN03068",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
            },
            {
              "name": "HPSBMU03074",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
            },
            {
              "name": "59300",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59300"
            },
            {
              "name": "GLSA-201407-05",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
            },
            {
              "name": "https://rt.openssl.org/Ticket/Display.html?id=3265\u0026user=guest\u0026pass=guest",
              "refsource": "MISC",
              "url": "https://rt.openssl.org/Ticket/Display.html?id=3265\u0026user=guest\u0026pass=guest"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg24037783",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
            },
            {
              "name": "FEDORA-2014-9308",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
            },
            {
              "name": "MDVSA-2014:090",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:090"
            },
            {
              "name": "59440",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59440"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
            },
            {
              "name": "59655",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59655"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
            },
            {
              "name": "59437",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59437"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
            },
            {
              "name": "http://www.fortiguard.com/advisory/FG-IR-14-018/",
              "refsource": "CONFIRM",
              "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/"
            },
            {
              "name": "SUSE-SU-2015:0743",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21676356",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
            },
            {
              "name": "HPSBMU03057",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
            },
            {
              "name": "http://support.citrix.com/article/CTX140876",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX140876"
            },
            {
              "name": "http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191\u0026view=markup",
              "refsource": "CONFIRM",
              "url": "http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191\u0026view=markup"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0187.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0187.html"
            },
            {
              "name": "58939",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58939"
            },
            {
              "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
            },
            {
              "name": "59438",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59438"
            },
            {
              "name": "HPSBHF03052",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20140605.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20140605.txt"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "59301",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59301"
            },
            {
              "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA80",
              "refsource": "CONFIRM",
              "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
            },
            {
              "name": "HPSBMU03076",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
            },
            {
              "name": "FEDORA-2014-9301",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
            },
            {
              "name": "HPSBMU03062",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
            },
            {
              "name": "HPSBMU03056",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
            },
            {
              "name": "HPSBMU03051",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
            },
            {
              "name": "59666",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59666"
            },
            {
              "name": "HPSBMU03055",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
            },
            {
              "name": "59413",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59413"
            },
            {
              "name": "[5.5] 004: SECURITY FIX: April 12, 2014",
              "refsource": "OPENBSD",
              "url": "http://www.openbsd.org/errata55.html#004_openssl"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
            },
            {
              "name": "http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig",
              "refsource": "CONFIRM",
              "url": "http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig"
            },
            {
              "name": "59721",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59721"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
            },
            {
              "name": "58713",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58713"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
            },
            {
              "name": "59450",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59450"
            },
            {
              "name": "59287",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59287"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
            },
            {
              "name": "58977",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58977"
            },
            {
              "name": "https://www.novell.com/support/kb/doc.php?id=7015271",
              "refsource": "CONFIRM",
              "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
            },
            {
              "name": "http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse",
              "refsource": "MISC",
              "url": "http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse"
            },
            {
              "name": "https://rt.openssl.org/Ticket/Display.html?id=2167\u0026user=guest\u0026pass=guest",
              "refsource": "MISC",
              "url": "https://rt.openssl.org/Ticket/Display.html?id=2167\u0026user=guest\u0026pass=guest"
            },
            {
              "name": "http://www.blackberry.com/btsc/KB36051",
              "refsource": "CONFIRM",
              "url": "http://www.blackberry.com/btsc/KB36051"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
            },
            {
              "name": "58337",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58337"
            },
            {
              "name": "59162",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59162"
            },
            {
              "name": "59490",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59490"
            },
            {
              "name": "[oss-security] 20140412 Use-after-free race condition,in OpenSSL\u0027s read buffer",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/04/13/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-5298",
    "datePublished": "2014-04-14T16:00:00",
    "dateReserved": "2014-04-14T00:00:00",
    "dateUpdated": "2024-08-07T04:17:10.312Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0285
Vulnerability from cvelistv5
Published
2015-03-19 00:00
Modified
2024-08-06 04:03
Severity
Summary
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.
References
URLTags
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=e1b568dd2462f7cacf98f3d117936c34e2849a6b
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
https://bugzilla.redhat.com/show_bug.cgi?id=1202410
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory
http://www.securitytracker.com/id/1031929vdb-entry
http://www.securityfocus.com/bid/73234vdb-entry
https://security.gentoo.org/glsa/201503-11vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.803Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=e1b568dd2462f7cacf98f3d117936c34e2849a6b"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202410"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "73234",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73234"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=e1b568dd2462f7cacf98f3d117936c34e2849a6b"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202410"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "73234",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73234"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0285",
    "datePublished": "2015-03-19T00:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0221
Vulnerability from cvelistv5
Published
2014-06-05 21:00
Modified
2024-08-06 09:05
Severity
Summary
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
References
URLTags
http://secunia.com/advisories/59342third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59669third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/support/kb/doc.php?id=7015300x_refsource_CONFIRM
http://secunia.com/advisories/59990third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id/1030337vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/59454third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59126third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/support/kb/doc.php?id=7015264x_refsource_CONFIRM
http://secunia.com/advisories/59306third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21678289x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140266410314613&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61254third-party-advisory, x_refsource_SECUNIA
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=Ex_refsource_CONFIRM
http://secunia.com/advisories/59895third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59449third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=isg400001843x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140317760000786&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21676879x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677828x_refsource_CONFIRM
http://secunia.com/advisories/59441third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140621259019789&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59189third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2014:106vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/59300third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-201407-05.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/59284third-party-advisory, x_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg24037783x_refsource_CONFIRM
http://secunia.com/advisories/59365third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21677695x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/534161/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/59495third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676889x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/58945third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=isg400001841x_refsource_CONFIRM
http://secunia.com/advisories/59659third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/59429third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59655third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676071x_refsource_CONFIRM
http://secunia.com/advisories/59437third-party-advisory, x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2014-0006.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59310third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.ascx_refsource_CONFIRM
http://www.fortiguard.com/advisory/FG-IR-14-018/x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlvendor-advisory, x_refsource_SUSE
http://www.ibm.com/support/docview.wss?uid=swg21676793x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=swg21676356x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140389274407904&w=2vendor-advisory, x_refsource_HP
http://support.citrix.com/article/CTX140876x_refsource_CONFIRM
http://secunia.com/advisories/59167third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59120third-party-advisory, x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140499827729550&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2014:105vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/59460third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-1021.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/58939third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140266410314613&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59027third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59514third-party-advisory, x_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg21676226x_refsource_CONFIRM
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-opensslvendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/bid/67901vdb-entry, x_refsource_BID
https://kc.mcafee.com/corporate/index?page=content&id=SB10075x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59221third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676419x_refsource_CONFIRM
http://secunia.com/advisories/58714third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140482916501310&w=2vendor-advisory, x_refsource_HP
http://www.openssl.org/news/secadv_20140605.txtx_refsource_CONFIRM
http://secunia.com/advisories/58615third-party-advisory, x_refsource_SECUNIA
http://seclists.org/fulldisclosure/2014/Dec/23mailing-list, x_refsource_FULLDISC
http://support.apple.com/kb/HT6443x_refsource_CONFIRM
http://secunia.com/advisories/59301third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59784third-party-advisory, x_refsource_SECUNIA
https://kb.bluecoat.com/index?page=content&id=SA80x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140904544427729&w=2vendor-advisory, x_refsource_HP
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21678167x_refsource_CONFIRM
http://secunia.com/advisories/59192third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=140752315422991&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=140389355508263&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59175third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140448122410568&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59666third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140431828824371&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59413third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21675821x_refsource_CONFIRM
http://secunia.com/advisories/59721third-party-advisory, x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676062x_refsource_CONFIRM
http://secunia.com/advisories/58713third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21673137x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
http://www-01.ibm.com/support/docview.wss?uid=swg21676035x_refsource_CONFIRM
http://secunia.com/advisories/59450third-party-advisory, x_refsource_SECUNIA
http://linux.oracle.com/errata/ELSA-2014-1053.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59287third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21683332x_refsource_CONFIRM
http://secunia.com/advisories/59491third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59364third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59451third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58977third-party-advisory, x_refsource_SECUNIA
https://www.novell.com/support/kb/doc.php?id=7015271x_refsource_CONFIRM
http://secunia.com/advisories/60571third-party-advisory, x_refsource_SECUNIA
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d3152655d5319ce883c8e3ac4b99f8de4c59d846x_refsource_CONFIRM
http://www.blackberry.com/btsc/KB36051x_refsource_CONFIRM
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755x_refsource_CONFIRM
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htmx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677527x_refsource_CONFIRM
http://secunia.com/advisories/60687third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=1103593x_refsource_CONFIRM
http://secunia.com/advisories/59528third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58337third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59518third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59162third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59490third-party-advisory, x_refsource_SECUNIA
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=Ex_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140491231331543&w=2vendor-advisory, x_refsource_HP
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:05:39.372Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59342"
          },
          {
            "name": "59669",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59669"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
          },
          {
            "name": "59990",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59990"
          },
          {
            "name": "1030337",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030337"
          },
          {
            "name": "59454",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59454"
          },
          {
            "name": "59126",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59126"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
          },
          {
            "name": "59306",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59306"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "name": "HPSBUX03046",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
          },
          {
            "name": "61254",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61254"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E"
          },
          {
            "name": "59895",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59895"
          },
          {
            "name": "59449",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59449"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
          },
          {
            "name": "HPSBOV03047",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
          },
          {
            "name": "59441",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59441"
          },
          {
            "name": "HPSBMU03074",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
          },
          {
            "name": "59189",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59189"
          },
          {
            "name": "MDVSA-2014:106",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106"
          },
          {
            "name": "59300",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59300"
          },
          {
            "name": "GLSA-201407-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
          },
          {
            "name": "59284",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59284"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
          },
          {
            "name": "59365",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59365"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "name": "59495",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59495"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "name": "58945",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58945"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
          },
          {
            "name": "59659",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59659"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "name": "59429",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59429"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "name": "59655",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59655"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
          },
          {
            "name": "59437",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59437"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
          },
          {
            "name": "59310",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59310"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/"
          },
          {
            "name": "SUSE-SU-2015:0743",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
          },
          {
            "name": "HPSBMU03057",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX140876"
          },
          {
            "name": "59167",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59167"
          },
          {
            "name": "59120",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59120"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
          },
          {
            "name": "HPSBMU03069",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2"
          },
          {
            "name": "MDVSA-2014:105",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:105"
          },
          {
            "name": "59460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59460"
          },
          {
            "name": "RHSA-2014:1021",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html"
          },
          {
            "name": "58939",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58939"
          },
          {
            "name": "SSRT101590",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
          },
          {
            "name": "59027",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59027"
          },
          {
            "name": "59514",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59514"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21676226"
          },
          {
            "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
          },
          {
            "name": "67901",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67901"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "name": "59221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
          },
          {
            "name": "58714",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58714"
          },
          {
            "name": "HPSBGN03050",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20140605.txt"
          },
          {
            "name": "58615",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58615"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT6443"
          },
          {
            "name": "59301",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59301"
          },
          {
            "name": "59784",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59784"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
          },
          {
            "name": "HPSBMU03076",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
          },
          {
            "name": "59192",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59192"
          },
          {
            "name": "FEDORA-2014-9301",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
          },
          {
            "name": "HPSBMU03062",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
          },
          {
            "name": "HPSBMU03056",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
          },
          {
            "name": "59175",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59175"
          },
          {
            "name": "HPSBMU03051",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
          },
          {
            "name": "59666",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59666"
          },
          {
            "name": "HPSBMU03055",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
          },
          {
            "name": "59413",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59413"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
          },
          {
            "name": "59721",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59721"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
          },
          {
            "name": "58713",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58713"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
          },
          {
            "name": "59450",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59450"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
          },
          {
            "name": "59287",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59287"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
          },
          {
            "name": "59491",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59491"
          },
          {
            "name": "59364",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59364"
          },
          {
            "name": "59451",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59451"
          },
          {
            "name": "58977",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58977"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
          },
          {
            "name": "60571",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60571"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d3152655d5319ce883c8e3ac4b99f8de4c59d846"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.blackberry.com/btsc/KB36051"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
          },
          {
            "name": "60687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60687"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103593"
          },
          {
            "name": "59528",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59528"
          },
          {
            "name": "58337",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58337"
          },
          {
            "name": "59518",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59518"
          },
          {
            "name": "59162",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59162"
          },
          {
            "name": "59490",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59490"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E"
          },
          {
            "name": "HPSBMU03065",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "59342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59342"
        },
        {
          "name": "59669",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59669"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
        },
        {
          "name": "59990",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59990"
        },
        {
          "name": "1030337",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030337"
        },
        {
          "name": "59454",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59454"
        },
        {
          "name": "59126",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59126"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
        },
        {
          "name": "59306",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59306"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
        },
        {
          "name": "HPSBUX03046",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
        },
        {
          "name": "61254",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61254"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E"
        },
        {
          "name": "59895",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59895"
        },
        {
          "name": "59449",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59449"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
        },
        {
          "name": "HPSBOV03047",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
        },
        {
          "name": "59441",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59441"
        },
        {
          "name": "HPSBMU03074",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
        },
        {
          "name": "59189",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59189"
        },
        {
          "name": "MDVSA-2014:106",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106"
        },
        {
          "name": "59300",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59300"
        },
        {
          "name": "GLSA-201407-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
        },
        {
          "name": "59284",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59284"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
        },
        {
          "name": "59365",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59365"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
        },
        {
          "name": "59495",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59495"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "name": "58945",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58945"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
        },
        {
          "name": "59659",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59659"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "name": "59429",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59429"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
        },
        {
          "name": "59655",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59655"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
        },
        {
          "name": "59437",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59437"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
        },
        {
          "name": "59310",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59310"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/"
        },
        {
          "name": "SUSE-SU-2015:0743",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
        },
        {
          "name": "HPSBMU03057",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX140876"
        },
        {
          "name": "59167",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59167"
        },
        {
          "name": "59120",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59120"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
        },
        {
          "name": "HPSBMU03069",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2"
        },
        {
          "name": "MDVSA-2014:105",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:105"
        },
        {
          "name": "59460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59460"
        },
        {
          "name": "RHSA-2014:1021",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html"
        },
        {
          "name": "58939",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58939"
        },
        {
          "name": "SSRT101590",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
        },
        {
          "name": "59027",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59027"
        },
        {
          "name": "59514",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59514"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21676226"
        },
        {
          "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
        },
        {
          "name": "67901",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67901"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
        },
        {
          "name": "59221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
        },
        {
          "name": "58714",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58714"
        },
        {
          "name": "HPSBGN03050",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20140605.txt"
        },
        {
          "name": "58615",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58615"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT6443"
        },
        {
          "name": "59301",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59301"
        },
        {
          "name": "59784",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59784"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
        },
        {
          "name": "HPSBMU03076",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
        },
        {
          "name": "59192",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59192"
        },
        {
          "name": "FEDORA-2014-9301",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
        },
        {
          "name": "HPSBMU03062",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
        },
        {
          "name": "HPSBMU03056",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
        },
        {
          "name": "59175",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59175"
        },
        {
          "name": "HPSBMU03051",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
        },
        {
          "name": "59666",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59666"
        },
        {
          "name": "HPSBMU03055",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
        },
        {
          "name": "59413",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59413"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
        },
        {
          "name": "59721",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59721"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
        },
        {
          "name": "58713",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58713"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
        },
        {
          "name": "59450",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59450"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
        },
        {
          "name": "59287",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59287"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
        },
        {
          "name": "59491",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59491"
        },
        {
          "name": "59364",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59364"
        },
        {
          "name": "59451",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59451"
        },
        {
          "name": "58977",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58977"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
        },
        {
          "name": "60571",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60571"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d3152655d5319ce883c8e3ac4b99f8de4c59d846"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.blackberry.com/btsc/KB36051"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
        },
        {
          "name": "60687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60687"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103593"
        },
        {
          "name": "59528",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59528"
        },
        {
          "name": "58337",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58337"
        },
        {
          "name": "59518",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59518"
        },
        {
          "name": "59162",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59162"
        },
        {
          "name": "59490",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59490"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E"
        },
        {
          "name": "HPSBMU03065",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-0221",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59342",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59342"
            },
            {
              "name": "59669",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59669"
            },
            {
              "name": "http://www.novell.com/support/kb/doc.php?id=7015300",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
            },
            {
              "name": "59990",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59990"
            },
            {
              "name": "1030337",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030337"
            },
            {
              "name": "59454",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59454"
            },
            {
              "name": "59126",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59126"
            },
            {
              "name": "http://www.novell.com/support/kb/doc.php?id=7015264",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
            },
            {
              "name": "59306",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59306"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "HPSBUX03046",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
            },
            {
              "name": "61254",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61254"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E",
              "refsource": "CONFIRM",
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E"
            },
            {
              "name": "59895",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59895"
            },
            {
              "name": "59449",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59449"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
            },
            {
              "name": "HPSBOV03047",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
            },
            {
              "name": "59441",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59441"
            },
            {
              "name": "HPSBMU03074",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
            },
            {
              "name": "59189",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59189"
            },
            {
              "name": "MDVSA-2014:106",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106"
            },
            {
              "name": "59300",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59300"
            },
            {
              "name": "GLSA-201407-05",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
            },
            {
              "name": "59284",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59284"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg24037783",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
            },
            {
              "name": "59365",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59365"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            },
            {
              "name": "59495",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59495"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
            },
            {
              "name": "FEDORA-2014-9308",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
            },
            {
              "name": "58945",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58945"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
            },
            {
              "name": "59659",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59659"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "59429",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59429"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
            },
            {
              "name": "59655",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59655"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
            },
            {
              "name": "59437",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59437"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
            },
            {
              "name": "59310",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59310"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
            },
            {
              "name": "http://www.fortiguard.com/advisory/FG-IR-14-018/",
              "refsource": "CONFIRM",
              "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/"
            },
            {
              "name": "SUSE-SU-2015:0743",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21676793",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21676356",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
            },
            {
              "name": "HPSBMU03057",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
            },
            {
              "name": "http://support.citrix.com/article/CTX140876",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX140876"
            },
            {
              "name": "59167",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59167"
            },
            {
              "name": "59120",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59120"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
            },
            {
              "name": "HPSBMU03069",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2"
            },
            {
              "name": "MDVSA-2014:105",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:105"
            },
            {
              "name": "59460",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59460"
            },
            {
              "name": "RHSA-2014:1021",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html"
            },
            {
              "name": "58939",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58939"
            },
            {
              "name": "SSRT101590",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
            },
            {
              "name": "59027",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59027"
            },
            {
              "name": "59514",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59514"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21676226",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21676226"
            },
            {
              "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
            },
            {
              "name": "67901",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67901"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "59221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59221"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
            },
            {
              "name": "58714",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58714"
            },
            {
              "name": "HPSBGN03050",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20140605.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20140605.txt"
            },
            {
              "name": "58615",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58615"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "http://support.apple.com/kb/HT6443",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT6443"
            },
            {
              "name": "59301",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59301"
            },
            {
              "name": "59784",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59784"
            },
            {
              "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA80",
              "refsource": "CONFIRM",
              "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
            },
            {
              "name": "HPSBMU03076",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
            },
            {
              "name": "59192",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59192"
            },
            {
              "name": "FEDORA-2014-9301",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
            },
            {
              "name": "HPSBMU03062",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
            },
            {
              "name": "HPSBMU03056",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
            },
            {
              "name": "59175",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59175"
            },
            {
              "name": "HPSBMU03051",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
            },
            {
              "name": "59666",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59666"
            },
            {
              "name": "HPSBMU03055",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
            },
            {
              "name": "59413",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59413"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
            },
            {
              "name": "59721",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59721"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
            },
            {
              "name": "58713",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58713"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
            },
            {
              "name": "59450",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59450"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1053.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
            },
            {
              "name": "59287",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59287"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
            },
            {
              "name": "59491",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59491"
            },
            {
              "name": "59364",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59364"
            },
            {
              "name": "59451",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59451"
            },
            {
              "name": "58977",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58977"
            },
            {
              "name": "https://www.novell.com/support/kb/doc.php?id=7015271",
              "refsource": "CONFIRM",
              "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
            },
            {
              "name": "60571",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60571"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d3152655d5319ce883c8e3ac4b99f8de4c59d846",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d3152655d5319ce883c8e3ac4b99f8de4c59d846"
            },
            {
              "name": "http://www.blackberry.com/btsc/KB36051",
              "refsource": "CONFIRM",
              "url": "http://www.blackberry.com/btsc/KB36051"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
            },
            {
              "name": "60687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60687"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1103593",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103593"
            },
            {
              "name": "59528",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59528"
            },
            {
              "name": "58337",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58337"
            },
            {
              "name": "59518",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59518"
            },
            {
              "name": "59162",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59162"
            },
            {
              "name": "59490",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59490"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E",
              "refsource": "CONFIRM",
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E"
            },
            {
              "name": "HPSBMU03065",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-0221",
    "datePublished": "2014-06-05T21:00:00",
    "dateReserved": "2013-12-03T00:00:00",
    "dateUpdated": "2024-08-06T09:05:39.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0735
Vulnerability from cvelistv5
Published
2018-10-29 13:00
Modified
2024-09-16 19:10
Severity
Summary
Timing attack against ECDSA signature generation
References
URLTags
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/105750vdb-entry, x_refsource_BID
https://usn.ubuntu.com/3840-1/vendor-advisory, x_refsource_UBUNTU
https://security.netapp.com/advisory/ntap-20181105-0002/x_refsource_CONFIRM
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/x_refsource_CONFIRM
http://www.securitytracker.com/id/1041986vdb-entry, x_refsource_SECTRACK
https://lists.debian.org/debian-lts-announce/2018/11/msg00024.htmlmailing-list, x_refsource_MLIST
https://www.debian.org/security/2018/dsa-4348vendor-advisory, x_refsource_DEBIAN
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4x_refsource_CONFIRM
https://www.openssl.org/news/secadv/20181029.txtx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:3700vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:49.247Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "105750",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105750"
          },
          {
            "name": "USN-3840-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3840-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
          },
          {
            "name": "1041986",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041986"
          },
          {
            "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
          },
          {
            "name": "DSA-4348",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4348"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20181029.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "RHSA-2019:3700",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3700"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Samuel Weiser"
        }
      ],
      "datePublic": "2018-10-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Constant time issue",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-15T19:15:21",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "name": "105750",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105750"
        },
        {
          "name": "USN-3840-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3840-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
        },
        {
          "name": "1041986",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041986"
        },
        {
          "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
        },
        {
          "name": "DSA-4348",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4348"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20181029.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "RHSA-2019:3700",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3700"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        }
      ],
      "title": "Timing attack against ECDSA signature generation",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2018-10-29",
          "ID": "CVE-2018-0735",
          "STATE": "PUBLIC",
          "TITLE": "Timing attack against ECDSA signature generation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
                          },
                          {
                            "version_value": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Samuel Weiser"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Low",
            "value": "Low"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Constant time issue"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "105750",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105750"
            },
            {
              "name": "USN-3840-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3840-1/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181105-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
            },
            {
              "name": "1041986",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041986"
            },
            {
              "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
            },
            {
              "name": "DSA-4348",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4348"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20181029.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20181029.txt"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "RHSA-2019:3700",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3700"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2018-0735",
    "datePublished": "2018-10-29T13:00:00Z",
    "dateReserved": "2017-11-30T00:00:00",
    "dateUpdated": "2024-09-16T19:10:32.005Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-23840
Vulnerability from cvelistv5
Published
2021-02-16 00:00
Modified
2024-08-03 19:14
Severity
Summary
Integer overflow in CipherUpdate
References
URLTags
https://www.openssl.org/news/secadv/20210216.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2
https://www.debian.org/security/2021/dsa-4855vendor-advisory
https://security.gentoo.org/glsa/202103-03vendor-advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.tenable.com/security/tns-2021-10
https://www.tenable.com/security/tns-2021-09
https://security.netapp.com/advisory/ntap-20210219-0009/
https://www.tenable.com/security/tns-2021-03
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Emailing-list
https://www.oracle.com//security-alerts/cpujul2021.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
https://www.oracle.com/security-alerts/cpuoct2021.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10366
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://security.netapp.com/advisory/ntap-20240621-0006/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:14:09.252Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20210216.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2"
          },
          {
            "name": "DSA-4855",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4855"
          },
          {
            "name": "GLSA-202103-03",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202103-03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-03"
          },
          {
            "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Paul Kehrer"
        }
      ],
      "datePublic": "2021-02-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:42.484657",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20210216.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2"
        },
        {
          "name": "DSA-4855",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4855"
        },
        {
          "name": "GLSA-202103-03",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202103-03"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-10"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-09"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-03"
        },
        {
          "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "title": "Integer overflow in CipherUpdate"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2021-23840",
    "datePublished": "2021-02-16T00:00:00",
    "dateReserved": "2021-01-12T00:00:00",
    "dateUpdated": "2024-08-03T19:14:09.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-0050
Vulnerability from cvelistv5
Published
2012-01-19 19:00
Modified
2024-08-06 18:09
Severity
Summary
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
References
URLTags
http://secunia.com/advisories/48528third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2012:011vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/47755third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1026548vdb-entry, x_refsource_SECTRACK
http://osvdb.org/78320vdb-entry, x_refsource_OSVDB
http://support.apple.com/kb/HT5784x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.securityfocus.com/bid/51563vdb-entry, x_refsource_BID
http://www.debian.org/security/2012/dsa-2392vendor-advisory, x_refsource_DEBIAN
http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/57353third-party-advisory, x_refsource_SECUNIA
http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289vendor-advisory, x_refsource_HP
http://secunia.com/advisories/47631third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=133951357207000&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/47677third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=133951357207000&w=2vendor-advisory, x_refsource_HP
http://www.openssl.org/news/secadv_20120118.txtx_refsource_CONFIRM
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.ascx_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:09:17.214Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48528",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48528"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "MDVSA-2012:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:011"
          },
          {
            "name": "47755",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/47755"
          },
          {
            "name": "1026548",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026548"
          },
          {
            "name": "78320",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/78320"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          },
          {
            "name": "51563",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/51563"
          },
          {
            "name": "DSA-2392",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2392"
          },
          {
            "name": "HPSBUX02737",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289"
          },
          {
            "name": "HPSBOV02793",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "SSRT100747",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289"
          },
          {
            "name": "47631",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/47631"
          },
          {
            "name": "SSRT100891",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "SSRT100852",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "47677",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/47677"
          },
          {
            "name": "HPSBMU02776",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20120118.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-08-19T15:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "48528",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48528"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "MDVSA-2012:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:011"
        },
        {
          "name": "47755",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/47755"
        },
        {
          "name": "1026548",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026548"
        },
        {
          "name": "78320",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/78320"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5784"
        },
        {
          "name": "APPLE-SA-2013-06-04-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
        },
        {
          "name": "51563",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/51563"
        },
        {
          "name": "DSA-2392",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2392"
        },
        {
          "name": "HPSBUX02737",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289"
        },
        {
          "name": "HPSBOV02793",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "SSRT100747",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289"
        },
        {
          "name": "47631",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/47631"
        },
        {
          "name": "SSRT100891",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "SSRT100852",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "name": "47677",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/47677"
        },
        {
          "name": "HPSBMU02776",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20120118.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0050",
    "datePublished": "2012-01-19T19:00:00",
    "dateReserved": "2011-12-07T00:00:00",
    "dateUpdated": "2024-08-06T18:09:17.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3571
Vulnerability from cvelistv5
Published
2015-01-09 02:00
Modified
2024-08-06 10:50
Severity
Summary
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.
References
URLTags
http://marc.info/?l=bugtraq&m=142895206924048&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.htmlvendor-advisory, x_refsource_SUSE
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-sslvendor-advisory, x_refsource_CISCO
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory, x_refsource_HP
https://support.apple.com/HT204659x_refsource_CONFIRM
http://www.securityfocus.com/bid/71937vdb-entry, x_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory, x_refsource_HP
https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785dx_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.htmlvendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id/1033378vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=142721102728110&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlx_refsource_CONFIRM
https://www.openssl.org/news/secadv_20150108.txtx_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019vendor-advisory, x_refsource_MANDRIVA
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-0066.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=142496289803847&w=2vendor-advisory, x_refsource_HP
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlvendor-advisory, x_refsource_APPLE
https://kc.mcafee.com/corporate/index?page=content&id=SB10108x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10102x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050205101530&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142496179803395&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050254401665&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142496289803847&w=2vendor-advisory, x_refsource_HP
https://bto.bluecoat.com/security-advisory/sa88x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3125vendor-advisory, x_refsource_DEBIAN
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.htmlvendor-advisory, x_refsource_FEDORA
https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652bx_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:17.372Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBOV03318",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "openSUSE-SU-2015:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
          },
          {
            "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204659"
          },
          {
            "name": "71937",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71937"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d"
          },
          {
            "name": "FEDORA-2015-0601",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
          },
          {
            "name": "1033378",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033378"
          },
          {
            "name": "HPSBHF03289",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150108.txt"
          },
          {
            "name": "MDVSA-2015:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "RHSA-2015:0066",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
          },
          {
            "name": "HPSBUX03244",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "name": "APPLE-SA-2015-04-08-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
          },
          {
            "name": "SUSE-SU-2015:0946",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "HPSBMU03396",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
          },
          {
            "name": "HPSBUX03162",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "HPSBMU03413",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "name": "SSRT101885",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa88"
          },
          {
            "name": "DSA-3125",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3125"
          },
          {
            "name": "FEDORA-2015-0512",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-19T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "HPSBOV03318",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "openSUSE-SU-2015:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
        },
        {
          "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204659"
        },
        {
          "name": "71937",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71937"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d"
        },
        {
          "name": "FEDORA-2015-0601",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
        },
        {
          "name": "1033378",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033378"
        },
        {
          "name": "HPSBHF03289",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20150108.txt"
        },
        {
          "name": "MDVSA-2015:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "RHSA-2015:0066",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
        },
        {
          "name": "HPSBUX03244",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
        },
        {
          "name": "APPLE-SA-2015-04-08-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
        },
        {
          "name": "SUSE-SU-2015:0946",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "HPSBMU03396",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
        },
        {
          "name": "HPSBUX03162",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "HPSBMU03413",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
        },
        {
          "name": "SSRT101885",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa88"
        },
        {
          "name": "DSA-3125",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3125"
        },
        {
          "name": "FEDORA-2015-0512",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3571",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBOV03318",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "openSUSE-SU-2015:0130",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
            },
            {
              "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
            },
            {
              "name": "HPSBMU03409",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
            },
            {
              "name": "https://support.apple.com/HT204659",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "71937",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71937"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
            },
            {
              "name": "HPSBMU03380",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d",
              "refsource": "CONFIRM",
              "url": "https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d"
            },
            {
              "name": "FEDORA-2015-0601",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
            },
            {
              "name": "1033378",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033378"
            },
            {
              "name": "HPSBHF03289",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20150108.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20150108.txt"
            },
            {
              "name": "MDVSA-2015:019",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "RHSA-2015:0066",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
            },
            {
              "name": "HPSBUX03244",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
            },
            {
              "name": "SUSE-SU-2015:0946",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
            },
            {
              "name": "HPSBMU03397",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "HPSBMU03396",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
            },
            {
              "name": "HPSBUX03162",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "HPSBMU03413",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
            },
            {
              "name": "SSRT101885",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa88",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa88"
            },
            {
              "name": "DSA-3125",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3125"
            },
            {
              "name": "FEDORA-2015-0512",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b",
              "refsource": "CONFIRM",
              "url": "https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3571",
    "datePublished": "2015-01-09T02:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:17.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2176
Vulnerability from cvelistv5
Published
2016-05-05 00:00
Modified
2024-08-05 23:17
Severity
Summary
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
References
URLTags
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103vendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561
http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10160
https://security.gentoo.org/glsa/201612-16vendor-advisory
http://www.securitytracker.com/id/1035721vdb-entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-opensslvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/89746vdb-entry
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlvendor-advisory
https://www.tenable.com/security/tns-2016-18
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
https://security.netapp.com/advisory/ntap-20160504-0001/
http://www.securityfocus.com/bid/91787vdb-entry
https://www.openssl.org/news/secadv/20160503.txt
https://support.apple.com/HT206903
https://bto.bluecoat.com/security-advisory/sa123
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.757Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSA:2016-124-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "name": "1035721",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035721"
          },
          {
            "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "89746",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/89746"
          },
          {
            "name": "APPLE-SA-2016-07-18-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206903"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa123"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SSA:2016-124-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561"
        },
        {
          "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "name": "1035721",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035721"
        },
        {
          "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "89746",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/89746"
        },
        {
          "name": "APPLE-SA-2016-07-18-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-18"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160503.txt"
        },
        {
          "url": "https://support.apple.com/HT206903"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa123"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2176",
    "datePublished": "2016-05-05T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.757Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3509
Vulnerability from cvelistv5
Published
2014-08-13 23:00
Modified
2024-08-06 10:43
Severity
Summary
Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.
References
URLTags
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.htmlvendor-advisory, x_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=1127498x_refsource_CONFIRM
http://linux.oracle.com/errata/ELSA-2014-1052.htmlx_refsource_CONFIRM
http://secunia.com/advisories/60221third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21682293x_refsource_CONFIRM
http://secunia.com/advisories/61184third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/60022third-party-advisory, x_refsource_SECUNIA
https://www.openssl.org/news/secadv_20140806.txtx_refsource_CONFIRM
http://secunia.com/advisories/61017third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2015-0197.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=142350350616251&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21683389x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142791032306609&w=2vendor-advisory, x_refsource_HP
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htmx_refsource_CONFIRM
http://www.securityfocus.com/bid/69084vdb-entry, x_refsource_BID
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=fb0bc2b273bcc2d5401dd883fe869af4fc74bb21x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201412-39.xmlvendor-advisory, x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142495837901899&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/60803third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59700third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id/1030693vdb-entry, x_refsource_SECTRACK
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380x_refsource_CONFIRM
http://secunia.com/advisories/60917third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142350350616251&w=2vendor-advisory, x_refsource_HP
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.ascvendor-advisory, x_refsource_NETBSD
http://secunia.com/advisories/60493third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59710third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60921third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240x_refsource_CONFIRM
http://secunia.com/advisories/61100third-party-advisory, x_refsource_SECUNIA
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://secunia.com/advisories/61775third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142495837901899&w=2vendor-advisory, x_refsource_HP
http://www.debian.org/security/2014/dsa-2998vendor-advisory, x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=143290437727362&w=2vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlvendor-advisory, x_refsource_FEDORA
https://exchange.xforce.ibmcloud.com/vulnerabilities/95159vdb-entry, x_refsource_XF
http://secunia.com/advisories/61959third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59756third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142624590206005&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=143290522027658&w=2vendor-advisory, x_refsource_HP
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.ascx_refsource_CONFIRM
http://secunia.com/advisories/58962third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60938third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60684third-party-advisory, x_refsource_SECUNIA
https://support.citrix.com/article/CTX216642x_refsource_CONFIRM
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.htmlmailing-list, x_refsource_MLIST
https://techzone.ergon.ch/CVE-2014-3511x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2014:158vendor-advisory, x_refsource_MANDRIVA
http://www-01.ibm.com/support/docview.wss?uid=swg21686997x_refsource_CONFIRM
http://secunia.com/advisories/61139third-party-advisory, x_refsource_SECUNIA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:06.466Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2014:1052",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127498"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
          },
          {
            "name": "60221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
          },
          {
            "name": "61184",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61184"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "60022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60022"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20140806.txt"
          },
          {
            "name": "61017",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61017"
          },
          {
            "name": "RHSA-2015:0197",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0197.html"
          },
          {
            "name": "SSRT101818",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
          },
          {
            "name": "HPSBMU03304",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
          },
          {
            "name": "69084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69084"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=fb0bc2b273bcc2d5401dd883fe869af4fc74bb21"
          },
          {
            "name": "GLSA-201412-39",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "HPSBMU03260",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "name": "60803",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60803"
          },
          {
            "name": "59700",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59700"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "name": "1030693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "name": "60917",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60917"
          },
          {
            "name": "HPSBMU03216",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
          },
          {
            "name": "NetBSD-SA2014-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
          },
          {
            "name": "60493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60493"
          },
          {
            "name": "59710",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59710"
          },
          {
            "name": "60921",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60921"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
          },
          {
            "name": "61100",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61100"
          },
          {
            "name": "FreeBSD-SA-14:18",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
          },
          {
            "name": "61775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61775"
          },
          {
            "name": "SSRT101894",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "name": "DSA-2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2998"
          },
          {
            "name": "HPSBMU03263",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
          },
          {
            "name": "FEDORA-2014-9301",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
          },
          {
            "name": "openssl-cve20143509-dos(95159)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95159"
          },
          {
            "name": "61959",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61959"
          },
          {
            "name": "59756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59756"
          },
          {
            "name": "HPSBMU03267",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
          },
          {
            "name": "HPSBMU03261",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
          },
          {
            "name": "58962",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58962"
          },
          {
            "name": "60938",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60938"
          },
          {
            "name": "60684",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60684"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://techzone.ergon.ch/CVE-2014-3511"
          },
          {
            "name": "MDVSA-2014:158",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
          },
          {
            "name": "61139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61139"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-14T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2014:1052",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127498"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
        },
        {
          "name": "60221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
        },
        {
          "name": "61184",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61184"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "60022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60022"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20140806.txt"
        },
        {
          "name": "61017",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61017"
        },
        {
          "name": "RHSA-2015:0197",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0197.html"
        },
        {
          "name": "SSRT101818",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
        },
        {
          "name": "HPSBMU03304",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
        },
        {
          "name": "69084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69084"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=fb0bc2b273bcc2d5401dd883fe869af4fc74bb21"
        },
        {
          "name": "GLSA-201412-39",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "HPSBMU03260",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "name": "60803",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60803"
        },
        {
          "name": "59700",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59700"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "name": "1030693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "name": "60917",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60917"
        },
        {
          "name": "HPSBMU03216",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
        },
        {
          "name": "NetBSD-SA2014-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
        },
        {
          "name": "60493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60493"
        },
        {
          "name": "59710",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59710"
        },
        {
          "name": "60921",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60921"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
        },
        {
          "name": "61100",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61100"
        },
        {
          "name": "FreeBSD-SA-14:18",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
        },
        {
          "name": "61775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61775"
        },
        {
          "name": "SSRT101894",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "name": "DSA-2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2998"
        },
        {
          "name": "HPSBMU03263",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
        },
        {
          "name": "FEDORA-2014-9301",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
        },
        {
          "name": "openssl-cve20143509-dos(95159)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95159"
        },
        {
          "name": "61959",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61959"
        },
        {
          "name": "59756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59756"
        },
        {
          "name": "HPSBMU03267",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
        },
        {
          "name": "HPSBMU03261",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
        },
        {
          "name": "58962",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58962"
        },
        {
          "name": "60938",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60938"
        },
        {
          "name": "60684",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60684"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://techzone.ergon.ch/CVE-2014-3511"
        },
        {
          "name": "MDVSA-2014:158",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
        },
        {
          "name": "61139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61139"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3509",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2014:1052",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1127498",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127498"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1052.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
            },
            {
              "name": "60221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60221"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
            },
            {
              "name": "61184",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61184"
            },
            {
              "name": "SSRT101846",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "60022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60022"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20140806.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20140806.txt"
            },
            {
              "name": "61017",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61017"
            },
            {
              "name": "RHSA-2015:0197",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0197.html"
            },
            {
              "name": "SSRT101818",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
            },
            {
              "name": "HPSBMU03304",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
            },
            {
              "name": "69084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69084"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb0bc2b273bcc2d5401dd883fe869af4fc74bb21",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb0bc2b273bcc2d5401dd883fe869af4fc74bb21"
            },
            {
              "name": "GLSA-201412-39",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
            },
            {
              "name": "HPSBHF03293",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
            },
            {
              "name": "HPSBMU03260",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
            },
            {
              "name": "60803",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60803"
            },
            {
              "name": "59700",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59700"
            },
            {
              "name": "FEDORA-2014-9308",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
            },
            {
              "name": "1030693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030693"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
            },
            {
              "name": "60917",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60917"
            },
            {
              "name": "HPSBMU03216",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
            },
            {
              "name": "NetBSD-SA2014-008",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
            },
            {
              "name": "60493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60493"
            },
            {
              "name": "59710",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59710"
            },
            {
              "name": "60921",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60921"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
            },
            {
              "name": "61100",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61100"
            },
            {
              "name": "FreeBSD-SA-14:18",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
            },
            {
              "name": "61775",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61775"
            },
            {
              "name": "SSRT101894",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
            },
            {
              "name": "DSA-2998",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2998"
            },
            {
              "name": "HPSBMU03263",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
            },
            {
              "name": "FEDORA-2014-9301",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
            },
            {
              "name": "openssl-cve20143509-dos(95159)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95159"
            },
            {
              "name": "61959",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61959"
            },
            {
              "name": "59756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59756"
            },
            {
              "name": "HPSBMU03267",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
            },
            {
              "name": "HPSBMU03261",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
            },
            {
              "name": "58962",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58962"
            },
            {
              "name": "60938",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60938"
            },
            {
              "name": "60684",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60684"
            },
            {
              "name": "https://support.citrix.com/article/CTX216642",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX216642"
            },
            {
              "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
              "refsource": "MLIST",
              "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
            },
            {
              "name": "https://techzone.ergon.ch/CVE-2014-3511",
              "refsource": "CONFIRM",
              "url": "https://techzone.ergon.ch/CVE-2014-3511"
            },
            {
              "name": "MDVSA-2014:158",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
            },
            {
              "name": "61139",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61139"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3509",
    "datePublished": "2014-08-13T23:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:43:06.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3568
Vulnerability from cvelistv5
Published
2014-10-19 01:00
Modified
2024-08-06 10:50
Severity
Summary
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.
References
URLTags
http://marc.info/?l=bugtraq&m=142103967620673&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142804214608580&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=141477196830952&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61130third-party-advisory, x_refsource_SECUNIA
https://www.openssl.org/news/secadv_20141015.txtx_refsource_CONFIRM
http://secunia.com/advisories/62070third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/70585vdb-entry, x_refsource_BID
http://secunia.com/advisories/61073third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142791032306609&w=2vendor-advisory, x_refsource_HP
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=26a59d9b46574e457870197dffa802871b4c8fc7x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201412-39.xmlvendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2014/dsa-3053vendor-advisory, x_refsource_DEBIAN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142495837901899&w=2vendor-advisory, x_refsource_HP
https://support.apple.com/HT205217x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142103967620673&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.htmlvendor-advisory, x_refsource_APPLE
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.htmlvendor-advisory, x_refsource_SUSE
https://kc.mcafee.com/corporate/index?page=content&id=SB10091x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/97037vdb-entry, x_refsource_XF
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.ascvendor-advisory, x_refsource_NETBSD
http://support.apple.com/HT204244x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=141477196830952&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61207third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/62124third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59627third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142495837901899&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=143290437727362&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/61959third-party-advisory, x_refsource_SECUNIA
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142624590206005&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=143290522027658&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61058third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/62030third-party-advisory, x_refsource_SECUNIA
https://support.citrix.com/article/CTX216642x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlvendor-advisory, x_refsource_APPLE
http://www.securitytracker.com/id/1031053vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/61819third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21686997x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:17.862Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBOV03227",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
          },
          {
            "name": "HPSBHF03300",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2014:1331",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
          },
          {
            "name": "HPSBUX03162",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
          },
          {
            "name": "61130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61130"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20141015.txt"
          },
          {
            "name": "62070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62070"
          },
          {
            "name": "70585",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70585"
          },
          {
            "name": "61073",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61073"
          },
          {
            "name": "HPSBMU03304",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=26a59d9b46574e457870197dffa802871b4c8fc7"
          },
          {
            "name": "GLSA-201412-39",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
          },
          {
            "name": "DSA-3053",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3053"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "HPSBMU03260",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205217"
          },
          {
            "name": "SSRT101779",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "name": "APPLE-SA-2015-09-16-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
          },
          {
            "name": "SUSE-SU-2014:1357",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
          },
          {
            "name": "openssl-cve20143568-sec-bypass(97037)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97037"
          },
          {
            "name": "NetBSD-SA2014-015",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/HT204244"
          },
          {
            "name": "SSRT101767",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
          },
          {
            "name": "61207",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61207"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "name": "62124",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62124"
          },
          {
            "name": "59627",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59627"
          },
          {
            "name": "SSRT101894",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "name": "HPSBMU03263",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
          },
          {
            "name": "SUSE-SU-2014:1361",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
          },
          {
            "name": "61959",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61959"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
          },
          {
            "name": "HPSBMU03267",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
          },
          {
            "name": "HPSBMU03261",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
          },
          {
            "name": "61058",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61058"
          },
          {
            "name": "62030",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62030"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "APPLE-SA-2015-01-27-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
          },
          {
            "name": "1031053",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031053"
          },
          {
            "name": "61819",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61819"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-14T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "HPSBOV03227",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
        },
        {
          "name": "HPSBHF03300",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2014:1331",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
        },
        {
          "name": "HPSBUX03162",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
        },
        {
          "name": "61130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61130"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20141015.txt"
        },
        {
          "name": "62070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62070"
        },
        {
          "name": "70585",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70585"
        },
        {
          "name": "61073",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61073"
        },
        {
          "name": "HPSBMU03304",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=26a59d9b46574e457870197dffa802871b4c8fc7"
        },
        {
          "name": "GLSA-201412-39",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
        },
        {
          "name": "DSA-3053",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3053"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "HPSBMU03260",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205217"
        },
        {
          "name": "SSRT101779",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "name": "APPLE-SA-2015-09-16-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
        },
        {
          "name": "SUSE-SU-2014:1357",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
        },
        {
          "name": "openssl-cve20143568-sec-bypass(97037)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97037"
        },
        {
          "name": "NetBSD-SA2014-015",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/HT204244"
        },
        {
          "name": "SSRT101767",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
        },
        {
          "name": "61207",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61207"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "name": "62124",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62124"
        },
        {
          "name": "59627",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59627"
        },
        {
          "name": "SSRT101894",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "name": "HPSBMU03263",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
        },
        {
          "name": "SUSE-SU-2014:1361",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
        },
        {
          "name": "61959",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61959"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
        },
        {
          "name": "HPSBMU03267",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
        },
        {
          "name": "HPSBMU03261",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
        },
        {
          "name": "61058",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61058"
        },
        {
          "name": "62030",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62030"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "APPLE-SA-2015-01-27-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
        },
        {
          "name": "1031053",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031053"
        },
        {
          "name": "61819",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61819"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3568",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBOV03227",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
            },
            {
              "name": "HPSBHF03300",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2014:1331",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
            },
            {
              "name": "HPSBUX03162",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
            },
            {
              "name": "61130",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61130"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20141015.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20141015.txt"
            },
            {
              "name": "62070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62070"
            },
            {
              "name": "70585",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70585"
            },
            {
              "name": "61073",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61073"
            },
            {
              "name": "HPSBMU03304",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7"
            },
            {
              "name": "GLSA-201412-39",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
            },
            {
              "name": "DSA-3053",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3053"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
            },
            {
              "name": "HPSBMU03260",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
            },
            {
              "name": "https://support.apple.com/HT205217",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205217"
            },
            {
              "name": "SSRT101779",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
            },
            {
              "name": "APPLE-SA-2015-09-16-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
            },
            {
              "name": "SUSE-SU-2014:1357",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
            },
            {
              "name": "openssl-cve20143568-sec-bypass(97037)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97037"
            },
            {
              "name": "NetBSD-SA2014-015",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
            },
            {
              "name": "http://support.apple.com/HT204244",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/HT204244"
            },
            {
              "name": "SSRT101767",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
            },
            {
              "name": "61207",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61207"
            },
            {
              "name": "SUSE-SU-2015:0578",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
            },
            {
              "name": "62124",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62124"
            },
            {
              "name": "59627",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59627"
            },
            {
              "name": "SSRT101894",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
            },
            {
              "name": "HPSBMU03263",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
            },
            {
              "name": "SUSE-SU-2014:1361",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
            },
            {
              "name": "61959",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61959"
            },
            {
              "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6",
              "refsource": "CONFIRM",
              "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
            },
            {
              "name": "HPSBMU03267",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
            },
            {
              "name": "HPSBMU03261",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
            },
            {
              "name": "61058",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61058"
            },
            {
              "name": "62030",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62030"
            },
            {
              "name": "https://support.citrix.com/article/CTX216642",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX216642"
            },
            {
              "name": "APPLE-SA-2015-01-27-4",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
            },
            {
              "name": "1031053",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031053"
            },
            {
              "name": "61819",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61819"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3568",
    "datePublished": "2014-10-19T01:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:17.862Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1552
Vulnerability from cvelistv5
Published
2019-07-30 16:29
Modified
2024-09-16 16:18
Severity
Summary
Windows builds with insecure path defaults
References
URLTags
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/vendor-advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.tenable.com/security/tns-2019-08
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.tenable.com/security/tns-2019-09
https://www.openssl.org/news/secadv/20190730.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=54aa9d51b09d67e90db443f682cface795f5af9e
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e32bc855a81a2d48d215c506bdeb4f598045f7e9
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b15a19c148384e73338aa7c5b12652138e35ed28
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=d333ebaf9c77332754a9d5e111e2f53e1de54fdd
https://security.netapp.com/advisory/ntap-20190823-0006/
https://support.f5.com/csp/article/K94041354
https://support.f5.com/csp/article/K94041354?utm_source=f5support&amp%3Butm_medium=RSS
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.kb.cert.org/vuls/id/429301third-party-advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:27.621Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2019-db06efdea1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
          },
          {
            "name": "FEDORA-2019-00c25b9379",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
          },
          {
            "name": "FEDORA-2019-9a0a7c0986",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20190730.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=54aa9d51b09d67e90db443f682cface795f5af9e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e32bc855a81a2d48d215c506bdeb4f598045f7e9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b15a19c148384e73338aa7c5b12652138e35ed28"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=d333ebaf9c77332754a9d5e111e2f53e1de54fdd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190823-0006/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K94041354"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K94041354?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "VU#429301",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/429301"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Rich Mirch"
        }
      ],
      "datePublic": "2019-07-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be \u0027/usr/local\u0027. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of \u0027C:/usr/local\u0027, which may be world writable, which enables untrusted users to modify OpenSSL\u0027s default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, \u0027/usr/local/ssl\u0027 is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own --prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insecure defaults",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "FEDORA-2019-db06efdea1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
        },
        {
          "name": "FEDORA-2019-00c25b9379",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
        },
        {
          "name": "FEDORA-2019-9a0a7c0986",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2019-08"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2019-09"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20190730.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=54aa9d51b09d67e90db443f682cface795f5af9e"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e32bc855a81a2d48d215c506bdeb4f598045f7e9"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b15a19c148384e73338aa7c5b12652138e35ed28"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=d333ebaf9c77332754a9d5e111e2f53e1de54fdd"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20190823-0006/"
        },
        {
          "url": "https://support.f5.com/csp/article/K94041354"
        },
        {
          "url": "https://support.f5.com/csp/article/K94041354?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "name": "VU#429301",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.kb.cert.org/vuls/id/429301"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ],
      "title": "Windows builds with insecure path defaults"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2019-1552",
    "datePublished": "2019-07-30T16:29:24.093372Z",
    "dateReserved": "2018-11-28T00:00:00",
    "dateUpdated": "2024-09-16T16:18:01.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-4109
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-07 00:01
Severity
Summary
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
References
URLTags
http://secunia.com/advisories/48528third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2012:006vendor-advisory, x_refsource_MANDRIVA
http://www.openssl.org/news/secadv_20120104.txtx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2012-1308.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2012-1307.htmlvendor-advisory, x_refsource_REDHAT
http://support.apple.com/kb/HT5784x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.kb.cert.org/vuls/id/737740third-party-advisory, x_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=132750648501816&w=2vendor-advisory, x_refsource_HP
https://exchange.xforce.ibmcloud.com/vulnerabilities/72129vdb-entry, x_refsource_XF
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007vendor-advisory, x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2012-1306.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=132750648501816&w=2vendor-advisory, x_refsource_HP
http://www.debian.org/security/2012/dsa-2390vendor-advisory, x_refsource_DEBIAN
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.ascx_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:01:50.478Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48528",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48528"
          },
          {
            "name": "MDVSA-2012:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20120104.txt"
          },
          {
            "name": "SUSE-SU-2012:0084",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
          },
          {
            "name": "RHSA-2012:1308",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
          },
          {
            "name": "RHSA-2012:1307",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          },
          {
            "name": "VU#737740",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/737740"
          },
          {
            "name": "HPSBUX02734",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
          },
          {
            "name": "openssl-policy-checks-dos(72129)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72129"
          },
          {
            "name": "MDVSA-2012:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
          },
          {
            "name": "RHSA-2012:1306",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
          },
          {
            "name": "HPSBOV02793",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "SSRT100891",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "SSRT100729",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
          },
          {
            "name": "DSA-2390",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2390"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "48528",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48528"
        },
        {
          "name": "MDVSA-2012:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20120104.txt"
        },
        {
          "name": "SUSE-SU-2012:0084",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
        },
        {
          "name": "RHSA-2012:1308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
        },
        {
          "name": "RHSA-2012:1307",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5784"
        },
        {
          "name": "APPLE-SA-2013-06-04-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
        },
        {
          "name": "VU#737740",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/737740"
        },
        {
          "name": "HPSBUX02734",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
        },
        {
          "name": "openssl-policy-checks-dos(72129)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72129"
        },
        {
          "name": "MDVSA-2012:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
        },
        {
          "name": "RHSA-2012:1306",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
        },
        {
          "name": "HPSBOV02793",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "SSRT100891",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "SSRT100729",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
        },
        {
          "name": "DSA-2390",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2390"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4109",
    "datePublished": "2012-01-06T01:00:00",
    "dateReserved": "2011-10-18T00:00:00",
    "dateUpdated": "2024-08-07T00:01:50.478Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0288
Vulnerability from cvelistv5
Published
2015-03-19 00:00
Modified
2024-08-06 04:03
Severity
Summary
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.
References
URLTags
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://rhn.redhat.com/errata/RHSA-2015-0715.htmlvendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680
http://www.debian.org/security/2015/dsa-3197vendor-advisory
http://www.ubuntu.com/usn/USN-2537-1vendor-advisory
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.htmlvendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.htmlvendor-advisory
https://rt.openssl.org/Ticket/Display.html?id=3708&user=guest&pass=guest
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory
https://access.redhat.com/articles/1384453
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/73237vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=143213830203296&w=2vendor-advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://rhn.redhat.com/errata/RHSA-2015-0716.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=142841429220765&w=2vendor-advisory
http://support.apple.com/kb/HT204942
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory
https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.ascvendor-advisory
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://bugzilla.redhat.com/show_bug.cgi?id=1202418
http://rhn.redhat.com/errata/RHSA-2015-0752.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-0800.htmlvendor-advisory
http://www.securitytracker.com/id/1031929vdb-entry
http://marc.info/?l=bugtraq&m=143213830203296&w=2vendor-advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.htmlvendor-advisory
https://support.citrix.com/article/CTX216642
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=144050254401665&w=2vendor-advisory
https://security.gentoo.org/glsa/201503-11vendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=28a00bcd8e318da18031b2ac8778c64147cd54f9
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.738Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "RHSA-2015:0715",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
          },
          {
            "name": "openSUSE-SU-2015:0554",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
          },
          {
            "name": "DSA-3197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3197"
          },
          {
            "name": "USN-2537-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2537-1"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "name": "FEDORA-2015-4303",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "FEDORA-2015-4300",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rt.openssl.org/Ticket/Display.html?id=3708\u0026user=guest\u0026pass=guest"
          },
          {
            "name": "APPLE-SA-2015-06-30-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "FEDORA-2015-6951",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/1384453"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "73237",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73237"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "HPSBUX03334",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "MDVSA-2015:063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
          },
          {
            "name": "SUSE-SU-2015:0541",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "RHSA-2015:0716",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
          },
          {
            "name": "HPSBGN03306",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "name": "FreeBSD-SA-15:06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202418"
          },
          {
            "name": "RHSA-2015:0752",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
          },
          {
            "name": "RHSA-2015:0800",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "SSRT102000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "name": "FEDORA-2015-4320",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "FEDORA-2015-6855",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
          },
          {
            "name": "HPSBMU03413",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=28a00bcd8e318da18031b2ac8778c64147cd54f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "RHSA-2015:0715",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
        },
        {
          "name": "openSUSE-SU-2015:0554",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
        },
        {
          "name": "DSA-3197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3197"
        },
        {
          "name": "USN-2537-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2537-1"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "name": "FEDORA-2015-4303",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "FEDORA-2015-4300",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
        },
        {
          "url": "https://rt.openssl.org/Ticket/Display.html?id=3708\u0026user=guest\u0026pass=guest"
        },
        {
          "name": "APPLE-SA-2015-06-30-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        },
        {
          "name": "FEDORA-2015-6951",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "https://access.redhat.com/articles/1384453"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "73237",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73237"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "name": "HPSBUX03334",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "MDVSA-2015:063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
        },
        {
          "name": "SUSE-SU-2015:0541",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "RHSA-2015:0716",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
        },
        {
          "name": "HPSBGN03306",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
        },
        {
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "name": "FreeBSD-SA-15:06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202418"
        },
        {
          "name": "RHSA-2015:0752",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
        },
        {
          "name": "RHSA-2015:0800",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "SSRT102000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "name": "FEDORA-2015-4320",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
        },
        {
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "FEDORA-2015-6855",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
        },
        {
          "name": "HPSBMU03413",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=28a00bcd8e318da18031b2ac8778c64147cd54f9"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0288",
    "datePublished": "2015-03-19T00:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1547
Vulnerability from cvelistv5
Published
2019-09-10 16:58
Modified
2024-09-16 16:33
Severity
Summary
ECDSA remote timing attack
References
URLTags
https://seclists.org/bugtraq/2019/Sep/25mailing-list
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.htmlvendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.htmlvendor-advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00026.htmlmailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/vendor-advisory
https://seclists.org/bugtraq/2019/Oct/1mailing-list
https://seclists.org/bugtraq/2019/Oct/0mailing-list
https://www.debian.org/security/2019/dsa-4539vendor-advisory
https://www.debian.org/security/2019/dsa-4540vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.htmlvendor-advisory
https://security.gentoo.org/glsa/201911-04vendor-advisory
https://usn.ubuntu.com/4376-1/vendor-advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.tenable.com/security/tns-2019-08
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.openssl.org/news/secadv/20190910.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30c22fa8b1d840036b8e203585738df62a03cec8
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=21c856b75d81eff61aa63b4f036bb64a85bf6d46
https://arxiv.org/abs/1909.01785
http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html
https://security.netapp.com/advisory/ntap-20190919-0002/
https://support.f5.com/csp/article/K73422160?utm_source=f5support&amp%3Butm_medium=RSS
https://www.tenable.com/security/tns-2019-09
https://security.netapp.com/advisory/ntap-20200122-0002/
https://security.netapp.com/advisory/ntap-20200416-0003/
https://usn.ubuntu.com/4376-2/vendor-advisory
https://usn.ubuntu.com/4504-1/vendor-advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://security.netapp.com/advisory/ntap-20240621-0006/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1547",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-19T19:04:18.544630Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-19T19:04:25.516Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:28.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190912 [slackware-security] openssl (SSA:2019-254-03)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Sep/25"
          },
          {
            "name": "openSUSE-SU-2019:2158",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html"
          },
          {
            "name": "FEDORA-2019-d15aac6c4e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/"
          },
          {
            "name": "openSUSE-SU-2019:2189",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html"
          },
          {
            "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html"
          },
          {
            "name": "FEDORA-2019-d51641f152",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/"
          },
          {
            "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Oct/1"
          },
          {
            "name": "20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Oct/0"
          },
          {
            "name": "DSA-4539",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4539"
          },
          {
            "name": "DSA-4540",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4540"
          },
          {
            "name": "openSUSE-SU-2019:2268",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2019:2269",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html"
          },
          {
            "name": "GLSA-201911-04",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201911-04"
          },
          {
            "name": "USN-4376-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4376-1/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20190910.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30c22fa8b1d840036b8e203585738df62a03cec8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=21c856b75d81eff61aa63b4f036bb64a85bf6d46"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://arxiv.org/abs/1909.01785"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190919-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K73422160?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200122-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0003/"
          },
          {
            "name": "USN-4376-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4376-2/"
          },
          {
            "name": "USN-4504-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4504-1/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Cesar Pereida Garc\u00eda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley"
        }
      ],
      "datePublic": "2019-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Timing side channel",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:30.909094",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "20190912 [slackware-security] openssl (SSA:2019-254-03)",
          "tags": [
            "mailing-list"
          ],
          "url": "https://seclists.org/bugtraq/2019/Sep/25"
        },
        {
          "name": "openSUSE-SU-2019:2158",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html"
        },
        {
          "name": "FEDORA-2019-d15aac6c4e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/"
        },
        {
          "name": "openSUSE-SU-2019:2189",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html"
        },
        {
          "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html"
        },
        {
          "name": "FEDORA-2019-d51641f152",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/"
        },
        {
          "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://seclists.org/bugtraq/2019/Oct/1"
        },
        {
          "name": "20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://seclists.org/bugtraq/2019/Oct/0"
        },
        {
          "name": "DSA-4539",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4539"
        },
        {
          "name": "DSA-4540",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4540"
        },
        {
          "name": "openSUSE-SU-2019:2268",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2019:2269",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html"
        },
        {
          "name": "GLSA-201911-04",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201911-04"
        },
        {
          "name": "USN-4376-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4376-1/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2019-08"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20190910.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30c22fa8b1d840036b8e203585738df62a03cec8"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=21c856b75d81eff61aa63b4f036bb64a85bf6d46"
        },
        {
          "url": "https://arxiv.org/abs/1909.01785"
        },
        {
          "url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20190919-0002/"
        },
        {
          "url": "https://support.f5.com/csp/article/K73422160?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "url": "https://www.tenable.com/security/tns-2019-09"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20200122-0002/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20200416-0003/"
        },
        {
          "name": "USN-4376-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4376-2/"
        },
        {
          "name": "USN-4504-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4504-1/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "title": "ECDSA remote timing attack"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2019-1547",
    "datePublished": "2019-09-10T16:58:35.307121Z",
    "dateReserved": "2018-11-28T00:00:00",
    "dateUpdated": "2024-09-16T16:33:05.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-3216
Vulnerability from cvelistv5
Published
2015-07-07 10:00
Modified
2024-08-06 05:39
Severity
Summary
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.
References
URLTags
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlvendor-advisory, x_refsource_SUSE
http://www.securitytracker.com/id/1032587vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-1115.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/75219vdb-entry, x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=1225994x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlvendor-advisory, x_refsource_SUSE
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:39:32.004Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2015:1184",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
          },
          {
            "name": "1032587",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032587"
          },
          {
            "name": "SUSE-SU-2015:1150",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
          },
          {
            "name": "RHSA-2015:1115",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
          },
          {
            "name": "SUSE-SU-2015:1182",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
          },
          {
            "name": "SUSE-SU-2015:1143",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
          },
          {
            "name": "75219",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75219"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225994"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "openSUSE-SU-2015:1139",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SU-2015:1184",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
        },
        {
          "name": "1032587",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032587"
        },
        {
          "name": "SUSE-SU-2015:1150",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
        },
        {
          "name": "RHSA-2015:1115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
        },
        {
          "name": "SUSE-SU-2015:1182",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
        },
        {
          "name": "SUSE-SU-2015:1143",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
        },
        {
          "name": "75219",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75219"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225994"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "openSUSE-SU-2015:1139",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-3216",
    "datePublished": "2015-07-07T10:00:00",
    "dateReserved": "2015-04-10T00:00:00",
    "dateUpdated": "2024-08-06T05:39:32.004Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-7041
Vulnerability from cvelistv5
Published
2020-02-27 17:29
Modified
2024-08-04 09:18
Severity
Summary
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.
References
URLTags
https://github.com/adrienverge/openfortivpn/issues/536x_refsource_MISC
https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FF6HYIBREQGATRM5COF57MRQWKOKCWZ3/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF/vendor-advisory, x_refsource_FEDORA
https://github.com/adrienverge/openfortivpn/commit/60660e00b80bad0fadcf39aee86f6f8756c94f91x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:18:02.548Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/adrienverge/openfortivpn/issues/536"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4"
          },
          {
            "name": "openSUSE-SU-2020:0301",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html"
          },
          {
            "name": "openSUSE-SU-2020:0305",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html"
          },
          {
            "name": "FEDORA-2020-42eb8821db",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/"
          },
          {
            "name": "FEDORA-2020-c96ab3c813",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FF6HYIBREQGATRM5COF57MRQWKOKCWZ3/"
          },
          {
            "name": "FEDORA-2020-dcdffcc368",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/adrienverge/openfortivpn/commit/60660e00b80bad0fadcf39aee86f6f8756c94f91"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-24T22:04:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/adrienverge/openfortivpn/issues/536"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4"
        },
        {
          "name": "openSUSE-SU-2020:0301",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html"
        },
        {
          "name": "openSUSE-SU-2020:0305",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html"
        },
        {
          "name": "FEDORA-2020-42eb8821db",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/"
        },
        {
          "name": "FEDORA-2020-c96ab3c813",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FF6HYIBREQGATRM5COF57MRQWKOKCWZ3/"
        },
        {
          "name": "FEDORA-2020-dcdffcc368",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/adrienverge/openfortivpn/commit/60660e00b80bad0fadcf39aee86f6f8756c94f91"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-7041",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/adrienverge/openfortivpn/issues/536",
              "refsource": "MISC",
              "url": "https://github.com/adrienverge/openfortivpn/issues/536"
            },
            {
              "name": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4",
              "refsource": "MISC",
              "url": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4"
            },
            {
              "name": "openSUSE-SU-2020:0301",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html"
            },
            {
              "name": "openSUSE-SU-2020:0305",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html"
            },
            {
              "name": "FEDORA-2020-42eb8821db",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/"
            },
            {
              "name": "FEDORA-2020-c96ab3c813",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FF6HYIBREQGATRM5COF57MRQWKOKCWZ3/"
            },
            {
              "name": "FEDORA-2020-dcdffcc368",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF/"
            },
            {
              "name": "https://github.com/adrienverge/openfortivpn/commit/60660e00b80bad0fadcf39aee86f6f8756c94f91",
              "refsource": "CONFIRM",
              "url": "https://github.com/adrienverge/openfortivpn/commit/60660e00b80bad0fadcf39aee86f6f8756c94f91"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-7041",
    "datePublished": "2020-02-27T17:29:38",
    "dateReserved": "2020-01-14T00:00:00",
    "dateUpdated": "2024-08-04T09:18:02.548Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-23839
Vulnerability from cvelistv5
Published
2021-02-16 00:00
Modified
2024-08-03 19:14
Severity
Summary
Incorrect SSLv2 rollback protection
References
URLTags
https://www.openssl.org/news/secadv/20210216.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30919ab80a478f2d81f2e9acdcca3fa4740cd547
https://www.oracle.com/security-alerts/cpuApr2021.html
https://security.netapp.com/advisory/ntap-20210219-0009/
https://www.oracle.com//security-alerts/cpujul2021.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
https://security.netapp.com/advisory/ntap-20240621-0006/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-23839",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T19:19:45.526222Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:19:52.707Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:14:09.228Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20210216.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30919ab80a478f2d81f2e9acdcca3fa4740cd547"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "D. Katz and Joel Luellwitz (Trustwave)"
        }
      ],
      "datePublic": "2021-02-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Rollback attack",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:04.879792",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20210216.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30919ab80a478f2d81f2e9acdcca3fa4740cd547"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
        },
        {
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "title": "Incorrect SSLv2 rollback protection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2021-23839",
    "datePublished": "2021-02-16T00:00:00",
    "dateReserved": "2021-01-12T00:00:00",
    "dateUpdated": "2024-08-03T19:14:09.228Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-0169
Vulnerability from cvelistv5
Published
2013-02-08 19:00
Modified
2024-08-06 14:18
Severity
Summary
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
References
URLTags
https://lists.debian.org/debian-lts-announce/2018/09/msg00029.htmlmailing-list, x_refsource_MLIST
http://www.matrixssl.org/news.htmlx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-0587.htmlvendor-advisory, x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-201406-32.xmlvendor-advisory, x_refsource_GENTOO
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.htmlvendor-advisory, x_refsource_FEDORA
http://www.us-cert.gov/cas/techalerts/TA13-051A.htmlthird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016vdb-entry, signature, x_refsource_OVAL
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/55139third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/55322third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608vdb-entry, signature, x_refsource_OVAL
http://www.openssl.org/news/secadv_20130204.txtx_refsource_CONFIRM
http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/x_refsource_MISC
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084x_refsource_CONFIRM
http://www.isg.rhul.ac.uk/tls/TLStiming.pdfx_refsource_MISC
http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://www.debian.org/security/2013/dsa-2622vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/57778vdb-entry, x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg21644047x_refsource_CONFIRM
http://openwall.com/lists/oss-security/2013/02/05/24mailing-list, x_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2013-1455.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/55351third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=136396549913849&w=2vendor-advisory, x_refsource_HP
https://puppet.com/security/cve/cve-2013-0169x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=137545771702053&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=136432043316835&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2013-0833.htmlvendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-1735-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=136439120408139&w=2vendor-advisory, x_refsource_HP
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001x_refsource_CONFIRM
http://secunia.com/advisories/53623third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.htmlvendor-advisory, x_refsource_SUSE
http://www.kb.cert.org/vuls/id/737740third-party-advisory, x_refsource_CERT-VN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=137545771702053&w=2vendor-advisory, x_refsource_HP
http://www.debian.org/security/2013/dsa-2621vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2013-0783.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=136733161405818&w=2vendor-advisory, x_refsource_HP
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/55108third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2013-0782.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=136432043316835&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=136439120408139&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=136396549913849&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.htmlvendor-advisory, x_refsource_SUSE
https://polarssl.org/tech-updates/releases/polarssl-1.2.5-releasedx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540vdb-entry, signature, x_refsource_OVAL
http://www.securitytracker.com/id/1029190vdb-entry, x_refsource_SECTRACK
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841vdb-entry, signature, x_refsource_OVAL
http://www.splunk.com/view/SP-CAAAHXGx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-1456.htmlvendor-advisory, x_refsource_REDHAT
http://support.apple.com/kb/HT5880x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=136733161405818&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/55350third-party-advisory, x_refsource_SECUNIA
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdfx_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:18:09.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.matrixssl.org/news.html"
          },
          {
            "name": "RHSA-2013:0587",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "FEDORA-2013-4403",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
          },
          {
            "name": "TA13-051A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:19016",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
          },
          {
            "name": "MDVSA-2013:095",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
          },
          {
            "name": "55139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55139"
          },
          {
            "name": "55322",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55322"
          },
          {
            "name": "oval:org.mitre.oval:def:19608",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20130204.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
          },
          {
            "name": "openSUSE-SU-2013:0378",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
          },
          {
            "name": "DSA-2622",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2622"
          },
          {
            "name": "57778",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/57778"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
          },
          {
            "name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2013/02/05/24"
          },
          {
            "name": "RHSA-2013:1455",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
          },
          {
            "name": "55351",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55351"
          },
          {
            "name": "HPSBUX02856",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/cve-2013-0169"
          },
          {
            "name": "SSRT101289",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "name": "SSRT101108",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
          },
          {
            "name": "SUSE-SU-2013:0328",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
          },
          {
            "name": "RHSA-2013:0833",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
          },
          {
            "name": "USN-1735-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1735-1"
          },
          {
            "name": "SUSE-SU-2014:0320",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
          },
          {
            "name": "HPSBUX02857",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
          },
          {
            "name": "53623",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53623"
          },
          {
            "name": "SUSE-SU-2013:0701",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
          },
          {
            "name": "VU#737740",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/737740"
          },
          {
            "name": "oval:org.mitre.oval:def:19424",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
          },
          {
            "name": "HPSBUX02909",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
          },
          {
            "name": "DSA-2621",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2621"
          },
          {
            "name": "RHSA-2013:0783",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
          },
          {
            "name": "HPSBMU02874",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
          },
          {
            "name": "APPLE-SA-2013-09-12-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
          },
          {
            "name": "55108",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55108"
          },
          {
            "name": "RHSA-2013:0782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
          },
          {
            "name": "HPSBOV02852",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
          },
          {
            "name": "SSRT101103",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
          },
          {
            "name": "SSRT101104",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "name": "openSUSE-SU-2013:0375",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
          },
          {
            "name": "oval:org.mitre.oval:def:19540",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
          },
          {
            "name": "1029190",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029190"
          },
          {
            "name": "oval:org.mitre.oval:def:18841",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAHXG"
          },
          {
            "name": "RHSA-2013:1456",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5880"
          },
          {
            "name": "SSRT101184",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
          },
          {
            "name": "55350",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55350"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-09T12:06:03",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.matrixssl.org/news.html"
        },
        {
          "name": "RHSA-2013:0587",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "FEDORA-2013-4403",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
        },
        {
          "name": "TA13-051A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:19016",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
        },
        {
          "name": "MDVSA-2013:095",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
        },
        {
          "name": "55139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55139"
        },
        {
          "name": "55322",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55322"
        },
        {
          "name": "oval:org.mitre.oval:def:19608",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20130204.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
        },
        {
          "name": "openSUSE-SU-2013:0378",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
        },
        {
          "name": "DSA-2622",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2622"
        },
        {
          "name": "57778",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/57778"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
        },
        {
          "name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2013/02/05/24"
        },
        {
          "name": "RHSA-2013:1455",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
        },
        {
          "name": "55351",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55351"
        },
        {
          "name": "HPSBUX02856",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppet.com/security/cve/cve-2013-0169"
        },
        {
          "name": "SSRT101289",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "name": "SSRT101108",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
        },
        {
          "name": "SUSE-SU-2013:0328",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
        },
        {
          "name": "RHSA-2013:0833",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
        },
        {
          "name": "USN-1735-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1735-1"
        },
        {
          "name": "SUSE-SU-2014:0320",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
        },
        {
          "name": "HPSBUX02857",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
        },
        {
          "name": "53623",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53623"
        },
        {
          "name": "SUSE-SU-2013:0701",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
        },
        {
          "name": "VU#737740",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/737740"
        },
        {
          "name": "oval:org.mitre.oval:def:19424",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
        },
        {
          "name": "HPSBUX02909",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
        },
        {
          "name": "DSA-2621",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2621"
        },
        {
          "name": "RHSA-2013:0783",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
        },
        {
          "name": "HPSBMU02874",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
        },
        {
          "name": "APPLE-SA-2013-09-12-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
        },
        {
          "name": "55108",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55108"
        },
        {
          "name": "RHSA-2013:0782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
        },
        {
          "name": "HPSBOV02852",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
        },
        {
          "name": "SSRT101103",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
        },
        {
          "name": "SSRT101104",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "name": "openSUSE-SU-2013:0375",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
        },
        {
          "name": "oval:org.mitre.oval:def:19540",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
        },
        {
          "name": "1029190",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029190"
        },
        {
          "name": "oval:org.mitre.oval:def:18841",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.splunk.com/view/SP-CAAAHXG"
        },
        {
          "name": "RHSA-2013:1456",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5880"
        },
        {
          "name": "SSRT101184",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
        },
        {
          "name": "55350",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55350"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-0169",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
            },
            {
              "name": "http://www.matrixssl.org/news.html",
              "refsource": "CONFIRM",
              "url": "http://www.matrixssl.org/news.html"
            },
            {
              "name": "RHSA-2013:0587",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "FEDORA-2013-4403",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
            },
            {
              "name": "TA13-051A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:19016",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
            },
            {
              "name": "MDVSA-2013:095",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
            },
            {
              "name": "55139",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55139"
            },
            {
              "name": "55322",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55322"
            },
            {
              "name": "oval:org.mitre.oval:def:19608",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20130204.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20130204.txt"
            },
            {
              "name": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/",
              "refsource": "MISC",
              "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
            },
            {
              "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084",
              "refsource": "CONFIRM",
              "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
            },
            {
              "name": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
              "refsource": "MISC",
              "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
            },
            {
              "name": "openSUSE-SU-2013:0378",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
            },
            {
              "name": "DSA-2622",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2622"
            },
            {
              "name": "57778",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/57778"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
            },
            {
              "name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2013/02/05/24"
            },
            {
              "name": "RHSA-2013:1455",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
            },
            {
              "name": "55351",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55351"
            },
            {
              "name": "HPSBUX02856",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
            },
            {
              "name": "https://puppet.com/security/cve/cve-2013-0169",
              "refsource": "CONFIRM",
              "url": "https://puppet.com/security/cve/cve-2013-0169"
            },
            {
              "name": "SSRT101289",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "SSRT101108",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
            },
            {
              "name": "SUSE-SU-2013:0328",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
            },
            {
              "name": "RHSA-2013:0833",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
            },
            {
              "name": "USN-1735-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1735-1"
            },
            {
              "name": "SUSE-SU-2014:0320",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
            },
            {
              "name": "HPSBUX02857",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
            },
            {
              "name": "53623",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53623"
            },
            {
              "name": "SUSE-SU-2013:0701",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
            },
            {
              "name": "VU#737740",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/737740"
            },
            {
              "name": "oval:org.mitre.oval:def:19424",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
            },
            {
              "name": "HPSBUX02909",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
            },
            {
              "name": "DSA-2621",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2621"
            },
            {
              "name": "RHSA-2013:0783",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
            },
            {
              "name": "HPSBMU02874",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
            },
            {
              "name": "APPLE-SA-2013-09-12-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
            },
            {
              "name": "55108",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55108"
            },
            {
              "name": "RHSA-2013:0782",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
            },
            {
              "name": "HPSBOV02852",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
            },
            {
              "name": "SSRT101103",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
            },
            {
              "name": "SSRT101104",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
            },
            {
              "name": "SUSE-SU-2015:0578",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
            },
            {
              "name": "openSUSE-SU-2013:0375",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
            },
            {
              "name": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released",
              "refsource": "CONFIRM",
              "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
            },
            {
              "name": "oval:org.mitre.oval:def:19540",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
            },
            {
              "name": "1029190",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029190"
            },
            {
              "name": "oval:org.mitre.oval:def:18841",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
            },
            {
              "name": "http://www.splunk.com/view/SP-CAAAHXG",
              "refsource": "CONFIRM",
              "url": "http://www.splunk.com/view/SP-CAAAHXG"
            },
            {
              "name": "RHSA-2013:1456",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5880",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5880"
            },
            {
              "name": "SSRT101184",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
            },
            {
              "name": "55350",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55350"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0169",
    "datePublished": "2013-02-08T19:00:00",
    "dateReserved": "2012-12-06T00:00:00",
    "dateUpdated": "2024-08-06T14:18:09.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0206
Vulnerability from cvelistv5
Published
2015-01-09 02:00
Modified
2024-08-06 04:03
Severity
Summary
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.
References
URLTags
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.htmlvendor-advisory, x_refsource_SUSE
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-sslvendor-advisory, x_refsource_CISCO
https://exchange.xforce.ibmcloud.com/vulnerabilities/99704vdb-entry, x_refsource_XF
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.htmlvendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id/1033378vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=142721102728110&w=2vendor-advisory, x_refsource_HP
https://www.openssl.org/news/secadv_20150108.txtx_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019vendor-advisory, x_refsource_MANDRIVA
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-0066.htmlvendor-advisory, x_refsource_REDHAT
https://kc.mcafee.com/corporate/index?page=content&id=SB10108x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10102x_refsource_CONFIRM
https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961fx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/91787vdb-entry, x_refsource_BID
http://www.securityfocus.com/bid/71940vdb-entry, x_refsource_BID
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050205101530&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=144050254401665&w=2vendor-advisory, x_refsource_HP
https://bto.bluecoat.com/security-advisory/sa88x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3125vendor-advisory, x_refsource_DEBIAN
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.htmlvendor-advisory, x_refsource_FEDORA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.413Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "openSUSE-SU-2015:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
          },
          {
            "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
          },
          {
            "name": "openssl-cve20150206-dos(99704)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99704"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "name": "FEDORA-2015-0601",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
          },
          {
            "name": "1033378",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033378"
          },
          {
            "name": "HPSBHF03289",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150108.txt"
          },
          {
            "name": "MDVSA-2015:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "RHSA-2015:0066",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f"
          },
          {
            "name": "SUSE-SU-2015:0946",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "71940",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71940"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "HPSBMU03396",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "name": "HPSBMU03413",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa88"
          },
          {
            "name": "DSA-3125",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3125"
          },
          {
            "name": "FEDORA-2015-0512",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-19T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "openSUSE-SU-2015:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
        },
        {
          "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
        },
        {
          "name": "openssl-cve20150206-dos(99704)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99704"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "name": "FEDORA-2015-0601",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
        },
        {
          "name": "1033378",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033378"
        },
        {
          "name": "HPSBHF03289",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20150108.txt"
        },
        {
          "name": "MDVSA-2015:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "name": "RHSA-2015:0066",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f"
        },
        {
          "name": "SUSE-SU-2015:0946",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "71940",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71940"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "HPSBMU03396",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "name": "HPSBMU03413",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa88"
        },
        {
          "name": "DSA-3125",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3125"
        },
        {
          "name": "FEDORA-2015-0512",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-0206",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "openSUSE-SU-2015:0130",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
            },
            {
              "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
            },
            {
              "name": "openssl-cve20150206-dos(99704)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99704"
            },
            {
              "name": "HPSBMU03409",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
            },
            {
              "name": "HPSBMU03380",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
            },
            {
              "name": "FEDORA-2015-0601",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
            },
            {
              "name": "1033378",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033378"
            },
            {
              "name": "HPSBHF03289",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20150108.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20150108.txt"
            },
            {
              "name": "MDVSA-2015:019",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "openSUSE-SU-2015:1277",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
            },
            {
              "name": "RHSA-2015:0066",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f",
              "refsource": "CONFIRM",
              "url": "https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f"
            },
            {
              "name": "SUSE-SU-2015:0946",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
            },
            {
              "name": "HPSBMU03397",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
            },
            {
              "name": "91787",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91787"
            },
            {
              "name": "71940",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71940"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "HPSBMU03396",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "HPSBMU03413",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa88",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa88"
            },
            {
              "name": "DSA-3125",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3125"
            },
            {
              "name": "FEDORA-2015-0512",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0206",
    "datePublished": "2015-01-09T02:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-3194
Vulnerability from cvelistv5
Published
2015-12-06 00:00
Modified
2024-08-06 05:39
Severity
Summary
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
References
URLTags
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
http://www.securityfocus.com/bid/78623vdb-entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-opensslvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c394a488942387246653833359a5c94b5832674e
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.htmlvendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-2617.htmlvendor-advisory
http://www.fortiguard.com/advisory/openssl-advisory-december-2015
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
https://bugzilla.redhat.com/show_bug.cgi?id=1288320
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d8541d7e9e63bf5f343af24644046c8d96498c17
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://marc.info/?l=bugtraq&m=145382583417444&w=2vendor-advisory
http://www.ubuntu.com/usn/USN-2830-1vendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.securityfocus.com/bid/91787vdb-entry
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://openssl.org/news/secadv/20151203.txt
http://www.securitytracker.com/id/1034294vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlvendor-advisory
http://fortiguard.com/advisory/openssl-advisory-december-2015
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
http://www.debian.org/security/2015/dsa-3413vendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:39:31.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
          },
          {
            "name": "78623",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/78623"
          },
          {
            "name": "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c394a488942387246653833359a5c94b5832674e"
          },
          {
            "name": "openSUSE-SU-2016:1332",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html"
          },
          {
            "name": "openSUSE-SU-2015:2288",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
          },
          {
            "name": "RHSA-2015:2617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2617.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "SSA:2015-349-04",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288320"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d8541d7e9e63bf5f343af24644046c8d96498c17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
          },
          {
            "name": "HPSBGN03536",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
          },
          {
            "name": "USN-2830-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2830-1"
          },
          {
            "name": "openSUSE-SU-2015:2289",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
          },
          {
            "name": "FEDORA-2015-d87d60b9a9",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20151203.txt"
          },
          {
            "name": "1034294",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034294"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
          },
          {
            "name": "DSA-3413",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3413"
          },
          {
            "name": "openSUSE-SU-2015:2318",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
        },
        {
          "name": "78623",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/78623"
        },
        {
          "name": "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c394a488942387246653833359a5c94b5832674e"
        },
        {
          "name": "openSUSE-SU-2016:1332",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html"
        },
        {
          "name": "openSUSE-SU-2015:2288",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
        },
        {
          "name": "RHSA-2015:2617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2617.html"
        },
        {
          "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "SSA:2015-349-04",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288320"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d8541d7e9e63bf5f343af24644046c8d96498c17"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
        },
        {
          "name": "HPSBGN03536",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
        },
        {
          "name": "USN-2830-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2830-1"
        },
        {
          "name": "openSUSE-SU-2015:2289",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
        },
        {
          "name": "FEDORA-2015-d87d60b9a9",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "url": "http://openssl.org/news/secadv/20151203.txt"
        },
        {
          "name": "1034294",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034294"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
        },
        {
          "name": "DSA-3413",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3413"
        },
        {
          "name": "openSUSE-SU-2015:2318",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-3194",
    "datePublished": "2015-12-06T00:00:00",
    "dateReserved": "2015-04-10T00:00:00",
    "dateUpdated": "2024-08-06T05:39:31.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-4450
Vulnerability from cvelistv5
Published
2023-02-08 19:04
Modified
2024-08-03 01:41
Severity
Summary
Double free after calling PEM_read_bio_ex
References
URLTags
https://www.openssl.org/news/secadv/20230207.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858bpatch
https://security.gentoo.org/glsa/202402-08
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:41:44.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230207.txt"
          },
          {
            "name": "3.0.8 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83"
          },
          {
            "name": "1.1.1t git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.0.8",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1t",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "CarpetFuzz"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Dawei Wang"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Marc Sch\u00f6nefeld"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Kurt Roeckx"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Matt Caswell"
        }
      ],
      "datePublic": "2023-02-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\u003cbr\u003edecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\u003cbr\u003eIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\u003cbr\u003epopulated with pointers to buffers containing the relevant decoded data. The\u003cbr\u003ecaller is responsible for freeing those buffers. It is possible to construct a\u003cbr\u003ePEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\u003cbr\u003ewill return a failure code but will populate the header argument with a pointer\u003cbr\u003eto a buffer that has already been freed. If the caller also frees this buffer\u003cbr\u003ethen a double free will occur. This will most likely lead to a crash. This\u003cbr\u003ecould be exploited by an attacker who has the ability to supply malicious PEM\u003cbr\u003efiles for parsing to achieve a denial of service attack.\u003cbr\u003e\u003cbr\u003eThe functions PEM_read_bio() and PEM_read() are simple wrappers around\u003cbr\u003ePEM_read_bio_ex() and therefore these functions are also directly affected.\u003cbr\u003e\u003cbr\u003eThese functions are also called indirectly by a number of other OpenSSL\u003cbr\u003efunctions including PEM_X509_INFO_read_bio_ex() and\u003cbr\u003eSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\u003cbr\u003euses of these functions are not vulnerable because the caller does not free the\u003cbr\u003eheader argument if PEM_read_bio_ex() returns a failure code. These locations\u003cbr\u003einclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\u003cbr\u003eOpenSSL 3.0.\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003eThe OpenSSL asn1parse command line application is also impacted by this issue.\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack.\n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected.\n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0.\n\nThe OpenSSL asn1parse command line application is also impacted by this issue.\n\n\n"
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Moderate"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "double-free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-24T14:53:33.164Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230207.txt"
        },
        {
          "name": "3.0.8 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83"
        },
        {
          "name": "1.1.1t git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Double free after calling PEM_read_bio_ex",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-4450",
    "datePublished": "2023-02-08T19:04:04.874Z",
    "dateReserved": "2022-12-13T13:38:08.598Z",
    "dateUpdated": "2024-08-03T01:41:44.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2183
Vulnerability from cvelistv5
Published
2016-09-01 00:00
Modified
2024-08-05 23:17
Severity
Summary
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
References
URLTags
https://access.redhat.com/errata/RHSA-2017:3113vendor-advisory
http://rhn.redhat.com/errata/RHSA-2017-0338.htmlvendor-advisory
https://www.tenable.com/security/tns-2016-20
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us
https://security.gentoo.org/glsa/201612-16vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415
https://access.redhat.com/errata/RHSA-2017:3240vendor-advisory
https://www.tenable.com/security/tns-2016-16
https://access.redhat.com/errata/RHSA-2017:2709vendor-advisory
http://www.securityfocus.com/bid/92630vdb-entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499
https://www.tenable.com/security/tns-2016-21
https://kc.mcafee.com/corporate/index?page=content&id=SB10171
https://access.redhat.com/errata/RHSA-2017:3239vendor-advisory
https://www.exploit-db.com/exploits/42091/exploit
https://security.gentoo.org/glsa/201701-65vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://www.securitytracker.com/id/1036696vdb-entry
https://security.netapp.com/advisory/ntap-20160915-0001/
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us
https://security.gentoo.org/glsa/201707-01vendor-advisory
http://www.securityfocus.com/bid/95568vdb-entry
https://access.redhat.com/errata/RHSA-2017:3114vendor-advisory
https://bto.bluecoat.com/security-advisory/sa133
https://www.tenable.com/security/tns-2017-09
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116
https://access.redhat.com/errata/RHSA-2017:1216vendor-advisory
https://wiki.opendaylight.org/view/Security_Advisories
https://access.redhat.com/errata/RHSA-2017:2710vendor-advisory
https://security.netapp.com/advisory/ntap-20170119-0001/
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984
https://www.ietf.org/mail-archive/web/tls/current/msg04560.htmlmailing-list
https://access.redhat.com/errata/RHSA-2018:2123vendor-advisory
http://rhn.redhat.com/errata/RHSA-2017-0337.htmlvendor-advisory
https://access.redhat.com/errata/RHSA-2017:2708vendor-advisory
http://rhn.redhat.com/errata/RHSA-2017-0336.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
http://rhn.redhat.com/errata/RHSA-2017-0462.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.htmlvendor-advisory
http://www.securityfocus.com/archive/1/540341/100/0/threadedmailing-list
http://www.ubuntu.com/usn/USN-3087-1vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.htmlvendor-advisory
http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threadedmailing-list
http://www.ubuntu.com/usn/USN-3087-2vendor-advisory
http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threadedmailing-list
https://kc.mcafee.com/corporate/index?page=content&id=SB10197
https://kc.mcafee.com/corporate/index?page=content&id=SB10186
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.htmlvendor-advisory
http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threadedmailing-list
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.htmlvendor-advisory
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613
http://seclists.org/fulldisclosure/2017/Jul/31mailing-list
http://www.ubuntu.com/usn/USN-3194-1vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.htmlvendor-advisory
https://seclists.org/bugtraq/2018/Nov/21mailing-list
https://support.f5.com/csp/article/K13167034
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722
http://www.securityfocus.com/archive/1/542005/100/0/threadedmailing-list
http://www.debian.org/security/2016/dsa-3673vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-3372-1vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-3270-1vendor-advisory
http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threadedmailing-list
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.htmlvendor-advisory
http://seclists.org/fulldisclosure/2017/May/105mailing-list
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
http://www.securityfocus.com/archive/1/539885/100/0/threadedmailing-list
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415
http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-3198-1vendor-advisory
http://seclists.org/fulldisclosure/2017/May/105
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403
http://www.securityfocus.com/archive/1/541104/100/0/threadedmailing-list
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.htmlvendor-advisory
http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threadedmailing-list
http://www.ubuntu.com/usn/USN-3179-1vendor-advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
https://access.redhat.com/errata/RHSA-2019:1245vendor-advisory
https://access.redhat.com/errata/RHSA-2019:2859vendor-advisory
https://access.redhat.com/errata/RHSA-2020:0451vendor-advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10310
https://www.oracle.com/security-alerts/cpuapr2020.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://www.oracle.com/security-alerts/cpujul2020.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/security-alerts/cpujan2020.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://sweet32.info/
http://www.splunk.com/view/SP-CAAAPUE
https://bugzilla.redhat.com/show_bug.cgi?id=1369383
https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://access.redhat.com/articles/2548661
https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue
http://www.splunk.com/view/SP-CAAAPSV
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
https://www.sigsac.org/ccs/CCS2016/accepted-papers/
http://www-01.ibm.com/support/docview.wss?uid=swg21991482
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://access.redhat.com/security/cve/cve-2016-2183
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.753Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3113",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3113"
          },
          {
            "name": "RHSA-2017:0338",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415"
          },
          {
            "name": "RHSA-2017:3240",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3240"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "name": "RHSA-2017:2709",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2709"
          },
          {
            "name": "92630",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92630"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
          },
          {
            "name": "RHSA-2017:3239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3239"
          },
          {
            "name": "42091",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42091/"
          },
          {
            "name": "GLSA-201701-65",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-65"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "1036696",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036696"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
          },
          {
            "name": "GLSA-201707-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201707-01"
          },
          {
            "name": "95568",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95568"
          },
          {
            "name": "RHSA-2017:3114",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3114"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa133"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://wiki.opendaylight.org/view/Security_Advisories"
          },
          {
            "name": "RHSA-2017:2710",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2710"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984"
          },
          {
            "name": "[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
          },
          {
            "name": "RHSA-2018:2123",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2123"
          },
          {
            "name": "RHSA-2017:0337",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
          },
          {
            "name": "RHSA-2017:2708",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2708"
          },
          {
            "name": "RHSA-2017:0336",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
          },
          {
            "name": "SUSE-SU-2016:2470",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
          },
          {
            "name": "RHSA-2017:0462",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05385680"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10197"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10186"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390849"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "USN-3194-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3194-1"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "name": "20181113 [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2018/Nov/21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K13167034"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390722"
          },
          {
            "name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "USN-3372-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3372-1"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "name": "SUSE-SU-2017:0460",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
          },
          {
            "name": "SUSE-SU-2017:0490",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html"
          },
          {
            "name": "USN-3270-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3270-1"
          },
          {
            "name": "20170214 [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "name": "20170529 SSD Advisory - IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/May/105"
          },
          {
            "name": "openSUSE-SU-2017:0513",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
          },
          {
            "name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded"
          },
          {
            "name": "openSUSE-SU-2017:0374",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369415"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "SUSE-SU-2017:0346",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html"
          },
          {
            "name": "openSUSE-SU-2016:2496",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
          },
          {
            "name": "USN-3198-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3198-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/May/105"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369403"
          },
          {
            "name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded"
          },
          {
            "name": "SUSE-SU-2017:1444",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded"
          },
          {
            "name": "USN-3179-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3179-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "name": "RHSA-2019:1245",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1245"
          },
          {
            "name": "RHSA-2019:2859",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2859"
          },
          {
            "name": "RHSA-2020:0451",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0451"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sweet32.info/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/2548661"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2016-2183"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2017:3113",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3113"
        },
        {
          "name": "RHSA-2017:0338",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415"
        },
        {
          "name": "RHSA-2017:3240",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3240"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "name": "RHSA-2017:2709",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2709"
        },
        {
          "name": "92630",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92630"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
        },
        {
          "name": "RHSA-2017:3239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3239"
        },
        {
          "name": "42091",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/42091/"
        },
        {
          "name": "GLSA-201701-65",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201701-65"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "name": "1036696",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036696"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
        },
        {
          "name": "GLSA-201707-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201707-01"
        },
        {
          "name": "95568",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/95568"
        },
        {
          "name": "RHSA-2017:3114",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3114"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa133"
        },
        {
          "url": "https://www.tenable.com/security/tns-2017-09"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "url": "https://wiki.opendaylight.org/view/Security_Advisories"
        },
        {
          "name": "RHSA-2017:2710",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2710"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984"
        },
        {
          "name": "[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections",
          "tags": [
            "mailing-list"
          ],
          "url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
        },
        {
          "name": "RHSA-2018:2123",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2123"
        },
        {
          "name": "RHSA-2017:0337",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
        },
        {
          "name": "RHSA-2017:2708",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2708"
        },
        {
          "name": "RHSA-2017:0336",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
        },
        {
          "name": "SUSE-SU-2016:2470",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
        },
        {
          "name": "RHSA-2017:0462",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05385680"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10197"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10186"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390849"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "USN-3194-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3194-1"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "name": "20181113 [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information",
          "tags": [
            "mailing-list"
          ],
          "url": "https://seclists.org/bugtraq/2018/Nov/21"
        },
        {
          "url": "https://support.f5.com/csp/article/K13167034"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390722"
        },
        {
          "name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "USN-3372-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3372-1"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "name": "SUSE-SU-2017:0460",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
        },
        {
          "name": "SUSE-SU-2017:0490",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html"
        },
        {
          "name": "USN-3270-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3270-1"
        },
        {
          "name": "20170214 [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded"
        },
        {
          "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "name": "20170529 SSD Advisory - IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/May/105"
        },
        {
          "name": "openSUSE-SU-2017:0513",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
        },
        {
          "name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded"
        },
        {
          "name": "openSUSE-SU-2017:0374",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369415"
        },
        {
          "url": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "SUSE-SU-2017:0346",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html"
        },
        {
          "name": "openSUSE-SU-2016:2496",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
        },
        {
          "name": "USN-3198-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3198-1"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2017/May/105"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369403"
        },
        {
          "name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded"
        },
        {
          "name": "SUSE-SU-2017:1444",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded"
        },
        {
          "name": "USN-3179-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3179-1"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "name": "RHSA-2019:1245",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1245"
        },
        {
          "name": "RHSA-2019:2859",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2859"
        },
        {
          "name": "RHSA-2020:0451",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0451"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://sweet32.info/"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
        },
        {
          "url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "url": "https://access.redhat.com/articles/2548661"
        },
        {
          "url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
        },
        {
          "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
        },
        {
          "url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
        },
        {
          "url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2016-2183"
        },
        {
          "url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
        },
        {
          "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
        },
        {
          "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2183",
    "datePublished": "2016-09-01T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.753Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-4576
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-07 00:09
Severity
Summary
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
References
URLTags
http://secunia.com/advisories/48528third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.htmlvendor-advisory, x_refsource_SUSE
http://www.mandriva.com/security/advisories?name=MDVSA-2012:006vendor-advisory, x_refsource_MANDRIVA
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlvendor-advisory, x_refsource_FEDORA
http://www.openssl.org/news/secadv_20120104.txtx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2012-1308.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2012-1307.htmlvendor-advisory, x_refsource_REDHAT
http://support.apple.com/kb/HT5784x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.kb.cert.org/vuls/id/737740third-party-advisory, x_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=132750648501816&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007vendor-advisory, x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2012-1306.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/57353third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=133951357207000&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=132750648501816&w=2vendor-advisory, x_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041vendor-advisory, x_refsource_HP
http://www.debian.org/security/2012/dsa-2390vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/55069third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=133951357207000&w=2vendor-advisory, x_refsource_HP
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.ascx_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:09:19.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48528",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48528"
          },
          {
            "name": "HPSBMU02786",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "openSUSE-SU-2012:0083",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
          },
          {
            "name": "MDVSA-2012:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006"
          },
          {
            "name": "FEDORA-2012-18035",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20120104.txt"
          },
          {
            "name": "SUSE-SU-2012:0084",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
          },
          {
            "name": "RHSA-2012:1308",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
          },
          {
            "name": "RHSA-2012:1307",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          },
          {
            "name": "VU#737740",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/737740"
          },
          {
            "name": "HPSBUX02734",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
          },
          {
            "name": "MDVSA-2012:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
          },
          {
            "name": "RHSA-2012:1306",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
          },
          {
            "name": "HPSBOV02793",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "SSRT100891",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "SSRT100852",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "SSRT100729",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
          },
          {
            "name": "SSRT100877",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "name": "DSA-2390",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2390"
          },
          {
            "name": "55069",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55069"
          },
          {
            "name": "HPSBMU02776",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-08-19T15:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "48528",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48528"
        },
        {
          "name": "HPSBMU02786",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "openSUSE-SU-2012:0083",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
        },
        {
          "name": "MDVSA-2012:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006"
        },
        {
          "name": "FEDORA-2012-18035",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20120104.txt"
        },
        {
          "name": "SUSE-SU-2012:0084",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
        },
        {
          "name": "RHSA-2012:1308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
        },
        {
          "name": "RHSA-2012:1307",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5784"
        },
        {
          "name": "APPLE-SA-2013-06-04-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
        },
        {
          "name": "VU#737740",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/737740"
        },
        {
          "name": "HPSBUX02734",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
        },
        {
          "name": "MDVSA-2012:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
        },
        {
          "name": "RHSA-2012:1306",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
        },
        {
          "name": "HPSBOV02793",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "SSRT100891",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "SSRT100852",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "name": "SSRT100729",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
        },
        {
          "name": "SSRT100877",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "name": "DSA-2390",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2390"
        },
        {
          "name": "55069",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55069"
        },
        {
          "name": "HPSBMU02776",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4576",
    "datePublished": "2012-01-06T01:00:00",
    "dateReserved": "2011-11-29T00:00:00",
    "dateUpdated": "2024-08-07T00:09:19.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3566
Vulnerability from cvelistv5
Published
2014-10-15 00:00
Modified
2024-08-06 10:50
Severity
Summary
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
References
URLTags
http://marc.info/?l=bugtraq&m=142103967620673&w=2vendor-advisory, x_refsource_HP
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.ascx_refsource_CONFIRM
http://www.securitytracker.com/id/1031090vdb-entry, x_refsource_SECTRACK
http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-1880.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=142804214608580&w=2vendor-advisory, x_refsource_HP
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/577193third-party-advisory, x_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=141577087123040&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=141715130023061&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.htmlvendor-advisory, x_refsource_SUSE
https://support.apple.com/kb/HT6542x_refsource_CONFIRM
http://www.securitytracker.com/id/1031106vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=141697638231025&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlx_refsource_CONFIRM
http://marc.info/?l=openssl-dev&m=141333049205629&w=2mailing-list, x_refsource_MLIST
http://marc.info/?l=bugtraq&m=142350298616097&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142350743917559&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/60056third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-1877.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=141477196830952&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61130third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2015-1546.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.htmlvendor-advisory, x_refsource_SUSE
https://support.apple.com/kb/HT6529x_refsource_CONFIRM
https://www.openssl.org/news/secadv_20141015.txtx_refsource_CONFIRM
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.htmlvendor-advisory, x_refsource_APPLE
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-1920.htmlvendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1031087vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=143628269912142&w=2vendor-advisory, x_refsource_HP
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667x_refsource_CONFIRM
https://bto.bluecoat.com/security-advisory/sa83x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=141879378918327&w=2vendor-advisory, x_refsource_HP
http://support.citrix.com/article/CTX200238x_refsource_CONFIRM
http://secunia.com/advisories/61359third-party-advisory, x_refsource_SECUNIA
https://support.apple.com/kb/HT6541x_refsource_CONFIRM
http://www.securitytracker.com/id/1031093vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1031132vdb-entry, x_refsource_SECTRACK
http://www.debian.org/security/2015/dsa-3144vendor-advisory, x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=142721887231400&w=2vendor-advisory, x_refsource_HP
http://www.debian.org/security/2015/dsa-3253vendor-advisory, x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034x_refsource_CONFIRM
https://www.suse.com/support/kb/doc.php?id=7015773x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/533724/100/0/threadedvendor-advisory, x_refsource_APPLE
https://www.elastic.co/blog/logstash-1-4-3-releasedx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142296755107581&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlx_refsource_CONFIRM
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.htmlx_refsource_MISC
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142805027510172&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61827third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=141450452204552&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2015-0079.htmlvendor-advisory, x_refsource_REDHAT
http://www-01.ibm.com/support/docview.wss?uid=swg21688283x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142791032306609&w=2vendor-advisory, x_refsource_HP
https://technet.microsoft.com/library/security/3009008.aspxx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-1545.htmlvendor-advisory, x_refsource_REDHAT
https://www-01.ibm.com/support/docview.wss?uid=swg21688165x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142624619906067&w=2vendor-advisory, x_refsource_HP
http://www.securitytracker.com/id/1031094vdb-entry, x_refsource_SECTRACK
http://www.vmware.com/security/advisories/VMSA-2015-0003.htmlx_refsource_CONFIRM
http://secunia.com/advisories/61316third-party-advisory, x_refsource_SECUNIA
https://security.gentoo.org/glsa/201606-11vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2014-1881.htmlvendor-advisory, x_refsource_REDHAT
https://www.imperialviolet.org/2014/10/14/poodle.htmlx_refsource_MISC
http://www.securitytracker.com/id/1031096vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=142721887231400&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61810third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://www.debian.org/security/2014/dsa-3053vendor-advisory, x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=142296755107581&w=2vendor-advisory, x_refsource_HP
https://support.lenovo.com/us/en/product_security/poodlex_refsource_CONFIRM
http://www.securitytracker.com/id/1031107vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1031095vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=143290583027876&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=142962817202793&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=143101048219218&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142118135300698&w=2vendor-advisory, x_refsource_HP
http://www.securitytracker.com/id/1031091vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=142495837901899&w=2vendor-advisory, x_refsource_HP
http://www.securitytracker.com/id/1031123vdb-entry, x_refsource_SECTRACK
http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566x_refsource_MISC
https://support.apple.com/HT205217x_refsource_CONFIRM
http://www.securitytracker.com/id/1031092vdb-entry, x_refsource_SECTRACK
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/61926third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-1876.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=142103967620673&w=2vendor-advisory, x_refsource_HP
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=141450973807288&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdfx_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=141814011518700&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=145983526810210&w=2vendor-advisory, x_refsource_HP
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.htmlvendor-advisory, x_refsource_APPLE
https://bugzilla.mozilla.org/show_bug.cgi?id=1076983x_refsource_CONFIRM
https://support.apple.com/kb/HT6531x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.htmlvendor-advisory, x_refsource_SUSE
https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ipx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-0264.htmlvendor-advisory, x_refsource_REDHAT
https://kc.mcafee.com/corporate/index?page=content&id=SB10091x_refsource_CONFIRM
https://support.apple.com/kb/HT6527x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142350196615714&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=141697676231104&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/60206third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=1152789x_refsource_CONFIRM
http://secunia.com/advisories/60792third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlx_refsource_CONFIRM
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlvendor-advisory, x_refsource_APPLE
http://www.debian.org/security/2016/dsa-3489vendor-advisory, x_refsource_DEBIAN
https://security.netapp.com/advisory/ntap-20141015-0001/x_refsource_CONFIRM
http://www.securitytracker.com/id/1031105vdb-entry, x_refsource_SECTRACK
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.htmlx_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.htmlvendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id/1031131vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=141879378918327&w=2vendor-advisory, x_refsource_HP
http://www.ubuntu.com/usn/USN-2487-1vendor-advisory, x_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=142740155824959&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=141813976718456&w=2vendor-advisory, x_refsource_HP
https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.htmlx_refsource_MISC
http://www.securitytracker.com/id/1031130vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=142721830231196&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=141577350823734&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2014-1948.htmlvendor-advisory, x_refsource_REDHAT
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.ascvendor-advisory, x_refsource_NETBSD
http://marc.info/?l=bugtraq&m=141620103726640&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2014-1653.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=144101915224472&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431x_refsource_CONFIRM
http://support.apple.com/HT204244x_refsource_CONFIRM
http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspxx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142624679706236&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2015-0085.htmlvendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlx_refsource_CONFIRM
https://support.apple.com/kb/HT6536x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=141576815022399&w=2vendor-advisory, x_refsource_HP
https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJUx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=141477196830952&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=143290371927178&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2014-1652.htmlvendor-advisory, x_refsource_REDHAT
https://support.apple.com/kb/HT6535x_refsource_CONFIRM
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=142546741516006&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2015-0086.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=143039249603103&w=2vendor-advisory, x_refsource_HP
http://www.securitytracker.com/id/1031124vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-0080.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=142740155824959&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2014-1882.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2015-0068.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=142354438527235&w=2vendor-advisory, x_refsource_HP
http://www.ubuntu.com/usn/USN-2486-1vendor-advisory, x_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=144294141001552&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59627third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=141814011518700&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142495837901899&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=141694355519663&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=143290437727362&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142350298616097&w=2vendor-advisory, x_refsource_HP
https://support.lenovo.com/product_security/poodlex_refsource_CONFIRM
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodlevendor-advisory, x_refsource_CISCO
http://marc.info/?l=bugtraq&m=141775427104070&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2015-0698.htmlvendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.htmlvendor-advisory, x_refsource_SUSE
http://downloads.asterisk.org/pub/security/AST-2014-011.htmlx_refsource_CONFIRM
http://secunia.com/advisories/60859third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/533746vendor-advisory, x_refsource_APPLE
https://security.gentoo.org/glsa/201507-14vendor-advisory, x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=142624719706349&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142496355704097&w=2vendor-advisory, x_refsource_HP
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htmx_refsource_CONFIRM
http://secunia.com/advisories/61345third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=143101048219218&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61019third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/70574vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1031120vdb-entry, x_refsource_SECTRACK
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlx_refsource_CONFIRM
http://secunia.com/advisories/61825third-party-advisory, x_refsource_SECUNIA
http://advisories.mageia.org/MGASA-2014-0416.htmlx_refsource_CONFIRM
http://www.securitytracker.com/id/1031029vdb-entry, x_refsource_SECTRACK
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142624719706349&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142624590206005&w=2vendor-advisory, x_refsource_HP
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=143290522027658&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.htmlvendor-advisory, x_refsource_SUSE
https://kc.mcafee.com/corporate/index?page=content&id=SB10104x_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705x_refsource_CONFIRM
http://secunia.com/advisories/61782third-party-advisory, x_refsource_SECUNIA
https://access.redhat.com/articles/1232123x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.htmlvendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id/1031085vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=144251162130364&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=143039249603103&w=2vendor-advisory, x_refsource_HP
http://www.securityfocus.com/archive/1/533747vendor-advisory, x_refsource_APPLE
http://marc.info/?l=bugtraq&m=142118135300698&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142624679706236&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21687611x_refsource_CONFIRM
https://github.com/mpgn/poodle-PoCx_refsource_MISC
http://www.mandriva.com/security/advisories?name=MDVSA-2014:203vendor-advisory, x_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=142118135300698&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142607790919348&w=2vendor-advisory, x_refsource_HP
http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.htmlx_refsource_MISC
https://support.citrix.com/article/CTX216642x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142354438527235&w=2vendor-advisory, x_refsource_HP
https://puppet.com/security/cve/poodle-sslv3-vulnerabilityx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/61303third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142350743917559&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142496355704097&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21692299x_refsource_CONFIRM
http://www.securitytracker.com/id/1031039vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.htmlvendor-advisory, x_refsource_SUSE
http://www-01.ibm.com/support/docview.wss?uid=swg21687172x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142721830231196&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=142624619906067vendor-advisory, x_refsource_HP
http://www.securitytracker.com/id/1031089vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=142350196615714&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=141628688425177&w=2vendor-advisory, x_refsource_HP
http://www.us-cert.gov/ncas/alerts/TA14-290Athird-party-advisory, x_refsource_CERT
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/61819third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142357976805598&w=2vendor-advisory, x_refsource_HP
http://www.securitytracker.com/id/1031088vdb-entry, x_refsource_SECTRACK
http://www.debian.org/security/2015/dsa-3147vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/61995third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=141703183219781&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21686997x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10090x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142357976805598&w=2vendor-advisory, x_refsource_HP
http://www.securitytracker.com/id/1031086vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=143558192010071&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-1692.htmlvendor-advisory, x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.htmlvendor-advisory, x_refsource_FEDORA
https://www.openssl.org/~bodo/ssl-poodle.pdfx_refsource_MISC
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=143558137709884&w=2vendor-advisory, x_refsource_HP
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3Emailing-list, x_refsource_MLIST
https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7x_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:17.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBOV03227",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
          },
          {
            "name": "1031090",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031090"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/"
          },
          {
            "name": "RHSA-2014:1880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1880.html"
          },
          {
            "name": "HPSBHF03300",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635"
          },
          {
            "name": "VU#577193",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/577193"
          },
          {
            "name": "HPSBMU03184",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141577087123040\u0026w=2"
          },
          {
            "name": "HPSBGN03209",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141715130023061\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2014:1331",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT6542"
          },
          {
            "name": "1031106",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031106"
          },
          {
            "name": "HPSBGN03201",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141697638231025\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "[openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 (\"POODLE\")",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=openssl-dev\u0026m=141333049205629\u0026w=2"
          },
          {
            "name": "SSRT101898",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
          },
          {
            "name": "SSRT101896",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
          },
          {
            "name": "60056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60056"
          },
          {
            "name": "RHSA-2014:1877",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1877.html"
          },
          {
            "name": "HPSBUX03162",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
          },
          {
            "name": "61130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61130"
          },
          {
            "name": "RHSA-2015:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1546.html"
          },
          {
            "name": "SUSE-SU-2015:0503",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT6529"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20141015.txt"
          },
          {
            "name": "APPLE-SA-2014-10-16-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
          },
          {
            "name": "RHSA-2014:1920",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1920.html"
          },
          {
            "name": "1031087",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031087"
          },
          {
            "name": "HPSBMU03234",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143628269912142\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa83"
          },
          {
            "name": "SSRT101849",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX200238"
          },
          {
            "name": "61359",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61359"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT6541"
          },
          {
            "name": "1031093",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031093"
          },
          {
            "name": "1031132",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031132"
          },
          {
            "name": "DSA-3144",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3144"
          },
          {
            "name": "SSRT101790",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
          },
          {
            "name": "DSA-3253",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3253"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.suse.com/support/kb/doc.php?id=7015773"
          },
          {
            "name": "APPLE-SA-2014-10-16-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/533724/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.elastic.co/blog/logstash-1-4-3-released"
          },
          {
            "name": "SSRT101854",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
          },
          {
            "name": "HPSBST03195",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
          },
          {
            "name": "61827",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61827"
          },
          {
            "name": "HPSBMU03152",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141450452204552\u0026w=2"
          },
          {
            "name": "RHSA-2015:0079",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283"
          },
          {
            "name": "HPSBMU03304",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://technet.microsoft.com/library/security/3009008.aspx"
          },
          {
            "name": "RHSA-2015:1545",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1545.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21688165"
          },
          {
            "name": "HPSBMU03259",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
          },
          {
            "name": "1031094",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031094"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html"
          },
          {
            "name": "61316",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61316"
          },
          {
            "name": "GLSA-201606-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201606-11"
          },
          {
            "name": "RHSA-2014:1881",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1881.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.imperialviolet.org/2014/10/14/poodle.html"
          },
          {
            "name": "1031096",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031096"
          },
          {
            "name": "HPSBHF03275",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
          },
          {
            "name": "61810",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61810"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "DSA-3053",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3053"
          },
          {
            "name": "HPSBGN03237",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/poodle"
          },
          {
            "name": "1031107",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031107"
          },
          {
            "name": "1031095",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031095"
          },
          {
            "name": "HPSBMU03223",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
          },
          {
            "name": "SUSE-SU-2014:1549",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html"
          },
          {
            "name": "HPSBGN03305",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142962817202793\u0026w=2"
          },
          {
            "name": "HPSBUX03194",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
          },
          {
            "name": "SSRT101868",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
          },
          {
            "name": "1031091",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031091"
          },
          {
            "name": "HPSBMU03260",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "name": "1031123",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031123"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205217"
          },
          {
            "name": "1031092",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031092"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "name": "SUSE-SU-2015:0376",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html"
          },
          {
            "name": "61926",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61926"
          },
          {
            "name": "RHSA-2014:1876",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1876.html"
          },
          {
            "name": "SSRT101779",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html"
          },
          {
            "name": "HPSBHF03156",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141450973807288\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "name": "SSRT101838",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
          },
          {
            "name": "HPSBGN03569",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
          },
          {
            "name": "APPLE-SA-2015-09-16-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT6531"
          },
          {
            "name": "SUSE-SU-2014:1357",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip"
          },
          {
            "name": "RHSA-2015:0264",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT6527"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "name": "SSRT101897",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
          },
          {
            "name": "HPSBGN03203",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141697676231104\u0026w=2"
          },
          {
            "name": "60206",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60206"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789"
          },
          {
            "name": "60792",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60792"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "APPLE-SA-2014-10-16-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
          },
          {
            "name": "DSA-3489",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3489"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20141015-0001/"
          },
          {
            "name": "1031105",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031105"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"
          },
          {
            "name": "FEDORA-2014-13069",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html"
          },
          {
            "name": "1031131",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031131"
          },
          {
            "name": "HPSBMU03221",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
          },
          {
            "name": "USN-2487-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2487-1"
          },
          {
            "name": "SSRT101795",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
          },
          {
            "name": "HPSBGN03222",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141813976718456\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html"
          },
          {
            "name": "1031130",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031130"
          },
          {
            "name": "HPSBMU03301",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
          },
          {
            "name": "HPSBGN03164",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141577350823734\u0026w=2"
          },
          {
            "name": "RHSA-2014:1948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1948.html"
          },
          {
            "name": "NetBSD-SA2014-015",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
          },
          {
            "name": "HPSBGN03192",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141620103726640\u0026w=2"
          },
          {
            "name": "RHSA-2014:1653",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1653.html"
          },
          {
            "name": "SUSE-SU-2015:0392",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
          },
          {
            "name": "HPSBMU03416",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144101915224472\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/HT204244"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx"
          },
          {
            "name": "HPSBMU03283",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
          },
          {
            "name": "RHSA-2015:0085",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT6536"
          },
          {
            "name": "FEDORA-2014-12951",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html"
          },
          {
            "name": "HPSBGN03191",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU"
          },
          {
            "name": "SSRT101767",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
          },
          {
            "name": "SUSE-SU-2014:1526",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html"
          },
          {
            "name": "HPSBGN03332",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290371927178\u0026w=2"
          },
          {
            "name": "RHSA-2014:1652",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT6535"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
          },
          {
            "name": "SUSE-SU-2015:0345",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
          },
          {
            "name": "HPSBST03265",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
          },
          {
            "name": "RHSA-2015:0086",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html"
          },
          {
            "name": "HPSBMU03241",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
          },
          {
            "name": "1031124",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031124"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "name": "SUSE-SU-2015:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"
          },
          {
            "name": "RHSA-2015:0080",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html"
          },
          {
            "name": "HPSBMU03294",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
          },
          {
            "name": "RHSA-2014:1882",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1882.html"
          },
          {
            "name": "RHSA-2015:0068",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html"
          },
          {
            "name": "HPSBGN03251",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
          },
          {
            "name": "USN-2486-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2486-1"
          },
          {
            "name": "HPSBGN03391",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144294141001552\u0026w=2"
          },
          {
            "name": "59627",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59627"
          },
          {
            "name": "HPSBGN03208",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
          },
          {
            "name": "SSRT101894",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "name": "HPSBMU03214",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141694355519663\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "HPSBMU03263",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
          },
          {
            "name": "HPSBGN03254",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/product_security/poodle"
          },
          {
            "name": "20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle"
          },
          {
            "name": "HPSBGN03205",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141775427104070\u0026w=2"
          },
          {
            "name": "RHSA-2015:0698",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "SUSE-SU-2014:1361",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-011.html"
          },
          {
            "name": "60859",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60859"
          },
          {
            "name": "APPLE-SA-2014-10-20-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/533746"
          },
          {
            "name": "GLSA-201507-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201507-14"
          },
          {
            "name": "SSRT101921",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
          },
          {
            "name": "SSRT101951",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm"
          },
          {
            "name": "61345",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61345"
          },
          {
            "name": "SSRT101834",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
          },
          {
            "name": "61019",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61019"
          },
          {
            "name": "70574",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70574"
          },
          {
            "name": "1031120",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031120"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "name": "61825",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61825"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0416.html"
          },
          {
            "name": "1031029",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031029"
          },
          {
            "name": "HPSBUX03281",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581"
          },
          {
            "name": "HPSBMU03262",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
          },
          {
            "name": "HPSBMU03267",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"
          },
          {
            "name": "HPSBMU03261",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
          },
          {
            "name": "SUSE-SU-2016:1459",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10104"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "name": "61782",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61782"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/1232123"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "name": "FEDORA-2015-9110",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html"
          },
          {
            "name": "1031085",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031085"
          },
          {
            "name": "HPSBST03418",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144251162130364\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "SSRT101892",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
          },
          {
            "name": "APPLE-SA-2014-10-20-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/533747"
          },
          {
            "name": "HPSBGN03233",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
          },
          {
            "name": "SSRT101916",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687611"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/mpgn/poodle-PoC"
          },
          {
            "name": "MDVSA-2014:203",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203"
          },
          {
            "name": "SSRT101739",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
          },
          {
            "name": "SSRT101968",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142607790919348\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "SSRT101899",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/poodle-sslv3-vulnerability"
          },
          {
            "name": "openSUSE-SU-2015:0190",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html"
          },
          {
            "name": "APPLE-SA-2015-01-27-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
          },
          {
            "name": "61303",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61303"
          },
          {
            "name": "HPSBGN03252",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
          },
          {
            "name": "HPSBUX03273",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299"
          },
          {
            "name": "1031039",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031039"
          },
          {
            "name": "SUSE-SU-2016:1457",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687172"
          },
          {
            "name": "SSRT101998",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
          },
          {
            "name": "SUSE-SU-2015:0344",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
          },
          {
            "name": "SSRT101922",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
          },
          {
            "name": "1031089",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031089"
          },
          {
            "name": "HPSBGN03253",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
          },
          {
            "name": "HPSBMU03183",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141628688425177\u0026w=2"
          },
          {
            "name": "TA14-290A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/ncas/alerts/TA14-290A"
          },
          {
            "name": "FEDORA-2014-13012",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html"
          },
          {
            "name": "61819",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61819"
          },
          {
            "name": "HPSBGN03255",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
          },
          {
            "name": "1031088",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031088"
          },
          {
            "name": "DSA-3147",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3147"
          },
          {
            "name": "61995",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61995"
          },
          {
            "name": "HPSBGN03202",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141703183219781\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10090"
          },
          {
            "name": "SSRT101928",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
          },
          {
            "name": "1031086",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031086"
          },
          {
            "name": "HPSBPI03360",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143558192010071\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
          },
          {
            "name": "RHSA-2014:1692",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html"
          },
          {
            "name": "FEDORA-2015-9090",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/~bodo/ssl-poodle.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439"
          },
          {
            "name": "HPSBPI03107",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143558137709884\u0026w=2"
          },
          {
            "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-05T16:29:26",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "HPSBOV03227",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
        },
        {
          "name": "1031090",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031090"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/"
        },
        {
          "name": "RHSA-2014:1880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1880.html"
        },
        {
          "name": "HPSBHF03300",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635"
        },
        {
          "name": "VU#577193",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/577193"
        },
        {
          "name": "HPSBMU03184",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141577087123040\u0026w=2"
        },
        {
          "name": "HPSBGN03209",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141715130023061\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2014:1331",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT6542"
        },
        {
          "name": "1031106",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031106"
        },
        {
          "name": "HPSBGN03201",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141697638231025\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "[openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 (\"POODLE\")",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=openssl-dev\u0026m=141333049205629\u0026w=2"
        },
        {
          "name": "SSRT101898",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
        },
        {
          "name": "SSRT101896",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
        },
        {
          "name": "60056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60056"
        },
        {
          "name": "RHSA-2014:1877",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1877.html"
        },
        {
          "name": "HPSBUX03162",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
        },
        {
          "name": "61130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61130"
        },
        {
          "name": "RHSA-2015:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1546.html"
        },
        {
          "name": "SUSE-SU-2015:0503",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT6529"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20141015.txt"
        },
        {
          "name": "APPLE-SA-2014-10-16-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
        },
        {
          "name": "RHSA-2014:1920",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1920.html"
        },
        {
          "name": "1031087",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031087"
        },
        {
          "name": "HPSBMU03234",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143628269912142\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa83"
        },
        {
          "name": "SSRT101849",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX200238"
        },
        {
          "name": "61359",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61359"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT6541"
        },
        {
          "name": "1031093",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031093"
        },
        {
          "name": "1031132",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031132"
        },
        {
          "name": "DSA-3144",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3144"
        },
        {
          "name": "SSRT101790",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
        },
        {
          "name": "DSA-3253",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3253"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.suse.com/support/kb/doc.php?id=7015773"
        },
        {
          "name": "APPLE-SA-2014-10-16-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://www.securityfocus.com/archive/1/533724/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.elastic.co/blog/logstash-1-4-3-released"
        },
        {
          "name": "SSRT101854",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
        },
        {
          "name": "HPSBST03195",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
        },
        {
          "name": "61827",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61827"
        },
        {
          "name": "HPSBMU03152",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141450452204552\u0026w=2"
        },
        {
          "name": "RHSA-2015:0079",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283"
        },
        {
          "name": "HPSBMU03304",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://technet.microsoft.com/library/security/3009008.aspx"
        },
        {
          "name": "RHSA-2015:1545",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1545.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21688165"
        },
        {
          "name": "HPSBMU03259",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
        },
        {
          "name": "1031094",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031094"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html"
        },
        {
          "name": "61316",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61316"
        },
        {
          "name": "GLSA-201606-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201606-11"
        },
        {
          "name": "RHSA-2014:1881",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1881.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.imperialviolet.org/2014/10/14/poodle.html"
        },
        {
          "name": "1031096",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031096"
        },
        {
          "name": "HPSBHF03275",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
        },
        {
          "name": "61810",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61810"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "DSA-3053",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3053"
        },
        {
          "name": "HPSBGN03237",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/product_security/poodle"
        },
        {
          "name": "1031107",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031107"
        },
        {
          "name": "1031095",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031095"
        },
        {
          "name": "HPSBMU03223",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
        },
        {
          "name": "SUSE-SU-2014:1549",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html"
        },
        {
          "name": "HPSBGN03305",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142962817202793\u0026w=2"
        },
        {
          "name": "HPSBUX03194",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
        },
        {
          "name": "SSRT101868",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
        },
        {
          "name": "1031091",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031091"
        },
        {
          "name": "HPSBMU03260",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "name": "1031123",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031123"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205217"
        },
        {
          "name": "1031092",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031092"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
        },
        {
          "name": "SUSE-SU-2015:0376",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html"
        },
        {
          "name": "61926",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61926"
        },
        {
          "name": "RHSA-2014:1876",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1876.html"
        },
        {
          "name": "SSRT101779",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html"
        },
        {
          "name": "HPSBHF03156",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141450973807288\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
        },
        {
          "name": "SSRT101838",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
        },
        {
          "name": "HPSBGN03569",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
        },
        {
          "name": "APPLE-SA-2015-09-16-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT6531"
        },
        {
          "name": "SUSE-SU-2014:1357",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip"
        },
        {
          "name": "RHSA-2015:0264",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT6527"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
        },
        {
          "name": "SSRT101897",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
        },
        {
          "name": "HPSBGN03203",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141697676231104\u0026w=2"
        },
        {
          "name": "60206",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60206"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789"
        },
        {
          "name": "60792",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60792"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "APPLE-SA-2014-10-16-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
        },
        {
          "name": "DSA-3489",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3489"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20141015-0001/"
        },
        {
          "name": "1031105",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031105"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"
        },
        {
          "name": "FEDORA-2014-13069",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html"
        },
        {
          "name": "1031131",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031131"
        },
        {
          "name": "HPSBMU03221",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
        },
        {
          "name": "USN-2487-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2487-1"
        },
        {
          "name": "SSRT101795",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
        },
        {
          "name": "HPSBGN03222",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141813976718456\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html"
        },
        {
          "name": "1031130",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031130"
        },
        {
          "name": "HPSBMU03301",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
        },
        {
          "name": "HPSBGN03164",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141577350823734\u0026w=2"
        },
        {
          "name": "RHSA-2014:1948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1948.html"
        },
        {
          "name": "NetBSD-SA2014-015",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
        },
        {
          "name": "HPSBGN03192",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141620103726640\u0026w=2"
        },
        {
          "name": "RHSA-2014:1653",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1653.html"
        },
        {
          "name": "SUSE-SU-2015:0392",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
        },
        {
          "name": "HPSBMU03416",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144101915224472\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/HT204244"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx"
        },
        {
          "name": "HPSBMU03283",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
        },
        {
          "name": "RHSA-2015:0085",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT6536"
        },
        {
          "name": "FEDORA-2014-12951",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html"
        },
        {
          "name": "HPSBGN03191",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU"
        },
        {
          "name": "SSRT101767",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
        },
        {
          "name": "SUSE-SU-2014:1526",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html"
        },
        {
          "name": "HPSBGN03332",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290371927178\u0026w=2"
        },
        {
          "name": "RHSA-2014:1652",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT6535"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
        },
        {
          "name": "SUSE-SU-2015:0345",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
        },
        {
          "name": "HPSBST03265",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
        },
        {
          "name": "RHSA-2015:0086",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html"
        },
        {
          "name": "HPSBMU03241",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
        },
        {
          "name": "1031124",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031124"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "name": "SUSE-SU-2015:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"
        },
        {
          "name": "RHSA-2015:0080",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html"
        },
        {
          "name": "HPSBMU03294",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
        },
        {
          "name": "RHSA-2014:1882",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1882.html"
        },
        {
          "name": "RHSA-2015:0068",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html"
        },
        {
          "name": "HPSBGN03251",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
        },
        {
          "name": "USN-2486-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2486-1"
        },
        {
          "name": "HPSBGN03391",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144294141001552\u0026w=2"
        },
        {
          "name": "59627",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59627"
        },
        {
          "name": "HPSBGN03208",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
        },
        {
          "name": "SSRT101894",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "name": "HPSBMU03214",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141694355519663\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "HPSBMU03263",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
        },
        {
          "name": "HPSBGN03254",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/product_security/poodle"
        },
        {
          "name": "20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle"
        },
        {
          "name": "HPSBGN03205",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141775427104070\u0026w=2"
        },
        {
          "name": "RHSA-2015:0698",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "SUSE-SU-2014:1361",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-011.html"
        },
        {
          "name": "60859",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60859"
        },
        {
          "name": "APPLE-SA-2014-10-20-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://www.securityfocus.com/archive/1/533746"
        },
        {
          "name": "GLSA-201507-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201507-14"
        },
        {
          "name": "SSRT101921",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
        },
        {
          "name": "SSRT101951",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm"
        },
        {
          "name": "61345",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61345"
        },
        {
          "name": "SSRT101834",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
        },
        {
          "name": "61019",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61019"
        },
        {
          "name": "70574",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70574"
        },
        {
          "name": "1031120",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031120"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "name": "61825",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61825"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0416.html"
        },
        {
          "name": "1031029",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031029"
        },
        {
          "name": "HPSBUX03281",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581"
        },
        {
          "name": "HPSBMU03262",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
        },
        {
          "name": "HPSBMU03267",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"
        },
        {
          "name": "HPSBMU03261",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
        },
        {
          "name": "SUSE-SU-2016:1459",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10104"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
        },
        {
          "name": "61782",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61782"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/articles/1232123"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "name": "FEDORA-2015-9110",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html"
        },
        {
          "name": "1031085",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031085"
        },
        {
          "name": "HPSBST03418",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144251162130364\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "SSRT101892",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
        },
        {
          "name": "APPLE-SA-2014-10-20-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://www.securityfocus.com/archive/1/533747"
        },
        {
          "name": "HPSBGN03233",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
        },
        {
          "name": "SSRT101916",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687611"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mpgn/poodle-PoC"
        },
        {
          "name": "MDVSA-2014:203",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203"
        },
        {
          "name": "SSRT101739",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
        },
        {
          "name": "SSRT101968",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142607790919348\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "SSRT101899",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppet.com/security/cve/poodle-sslv3-vulnerability"
        },
        {
          "name": "openSUSE-SU-2015:0190",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html"
        },
        {
          "name": "APPLE-SA-2015-01-27-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
        },
        {
          "name": "61303",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61303"
        },
        {
          "name": "HPSBGN03252",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
        },
        {
          "name": "HPSBUX03273",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299"
        },
        {
          "name": "1031039",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031039"
        },
        {
          "name": "SUSE-SU-2016:1457",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687172"
        },
        {
          "name": "SSRT101998",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
        },
        {
          "name": "SUSE-SU-2015:0344",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
        },
        {
          "name": "SSRT101922",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
        },
        {
          "name": "1031089",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031089"
        },
        {
          "name": "HPSBGN03253",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
        },
        {
          "name": "HPSBMU03183",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141628688425177\u0026w=2"
        },
        {
          "name": "TA14-290A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/ncas/alerts/TA14-290A"
        },
        {
          "name": "FEDORA-2014-13012",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html"
        },
        {
          "name": "61819",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61819"
        },
        {
          "name": "HPSBGN03255",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
        },
        {
          "name": "1031088",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031088"
        },
        {
          "name": "DSA-3147",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3147"
        },
        {
          "name": "61995",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61995"
        },
        {
          "name": "HPSBGN03202",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141703183219781\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10090"
        },
        {
          "name": "SSRT101928",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
        },
        {
          "name": "1031086",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031086"
        },
        {
          "name": "HPSBPI03360",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143558192010071\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
        },
        {
          "name": "RHSA-2014:1692",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html"
        },
        {
          "name": "FEDORA-2015-9090",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openssl.org/~bodo/ssl-poodle.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439"
        },
        {
          "name": "HPSBPI03107",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143558137709884\u0026w=2"
        },
        {
          "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3566",
    "datePublished": "2014-10-15T00:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:17.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-6450
Vulnerability from cvelistv5
Published
2014-01-01 15:00
Modified
2024-08-06 17:39
Severity
Summary
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.
References
URLTags
http://lists.opensuse.org/opensuse-updates/2014-01/msg00032.htmlvendor-advisory, x_refsource_SUSE
http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlx_refsource_CONFIRM
http://www.securitytracker.com/id/1031594vdb-entry, x_refsource_SECTRACK
http://www-01.ibm.com/support/docview.wss?uid=isg400001843x_refsource_CONFIRM
http://www.securitytracker.com/id/1029549vdb-entry, x_refsource_SECTRACK
http://security.gentoo.org/glsa/glsa-201412-39.xmlvendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2014/dsa-2833vendor-advisory, x_refsource_DEBIAN
https://puppet.com/security/cve/cve-2013-6450x_refsource_CONFIRM
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=34628967f1e65dc8f34e000f0f5518e21afbfc7bx_refsource_CONFIRM
http://www.securityfocus.com/archive/1/534161/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory, x_refsource_FEDORA
http://www-01.ibm.com/support/docview.wss?uid=isg400001841x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.htmlvendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-2079-1vendor-advisory, x_refsource_UBUNTU
https://security-tracker.debian.org/tracker/CVE-2013-6450x_refsource_CONFIRM
http://www.securityfocus.com/bid/64618vdb-entry, x_refsource_BID
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-0015.htmlvendor-advisory, x_refsource_REDHAT
http://seclists.org/fulldisclosure/2014/Dec/23mailing-list, x_refsource_FULLDISC
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlvendor-advisory, x_refsource_FEDORA
http://www.openssl.org/news/vulnerabilities.htmlx_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:39:01.167Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2014:0049",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00032.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "name": "1031594",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031594"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
          },
          {
            "name": "1029549",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029549"
          },
          {
            "name": "GLSA-201412-39",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
          },
          {
            "name": "DSA-2833",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2833"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/cve-2013-6450"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=34628967f1e65dc8f34e000f0f5518e21afbfc7b"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "name": "openSUSE-SU-2014:0048",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.html"
          },
          {
            "name": "USN-2079-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2079-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2013-6450"
          },
          {
            "name": "64618",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/64618"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "name": "RHSA-2014:0015",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0015.html"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "name": "FEDORA-2014-9301",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/vulnerabilities.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2014:0049",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00032.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
        },
        {
          "name": "1031594",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031594"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
        },
        {
          "name": "1029549",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029549"
        },
        {
          "name": "GLSA-201412-39",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
        },
        {
          "name": "DSA-2833",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2833"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppet.com/security/cve/cve-2013-6450"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=34628967f1e65dc8f34e000f0f5518e21afbfc7b"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
        },
        {
          "name": "openSUSE-SU-2014:0048",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.html"
        },
        {
          "name": "USN-2079-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2079-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2013-6450"
        },
        {
          "name": "64618",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/64618"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
        },
        {
          "name": "RHSA-2014:0015",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0015.html"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
        },
        {
          "name": "FEDORA-2014-9301",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/vulnerabilities.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6450",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2014:0049",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00032.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "1031594",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031594"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
            },
            {
              "name": "1029549",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029549"
            },
            {
              "name": "GLSA-201412-39",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
            },
            {
              "name": "DSA-2833",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2833"
            },
            {
              "name": "https://puppet.com/security/cve/cve-2013-6450",
              "refsource": "CONFIRM",
              "url": "https://puppet.com/security/cve/cve-2013-6450"
            },
            {
              "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=34628967f1e65dc8f34e000f0f5518e21afbfc7b",
              "refsource": "CONFIRM",
              "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=34628967f1e65dc8f34e000f0f5518e21afbfc7b"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            },
            {
              "name": "FEDORA-2014-9308",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
            },
            {
              "name": "openSUSE-SU-2014:0048",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.html"
            },
            {
              "name": "USN-2079-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2079-1"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2013-6450",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2013-6450"
            },
            {
              "name": "64618",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/64618"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "RHSA-2014:0015",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0015.html"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "FEDORA-2014-9301",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
            },
            {
              "name": "http://www.openssl.org/news/vulnerabilities.html",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/vulnerabilities.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6450",
    "datePublished": "2014-01-01T15:00:00",
    "dateReserved": "2013-11-04T00:00:00",
    "dateUpdated": "2024-08-06T17:39:01.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3245
Vulnerability from cvelistv5
Published
2010-03-05 19:00
Modified
2024-08-07 06:22
Severity
Summary
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
References
URLTags
http://www.vupen.com/english/advisories/2010/0916vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/42724third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/39461third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=openssl-cvs&m=126692159706582&w=2mailing-list, x_refsource_MLIST
http://support.apple.com/kb/HT4723x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.htmlvendor-advisory, x_refsource_FEDORA
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049vendor-advisory, x_refsource_SLACKWARE
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=127678688104458&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=openssl-cvs&m=126692170906712&w=2mailing-list, x_refsource_MLIST
http://secunia.com/advisories/38761third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/38562vdb-entry, x_refsource_BID
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlmailing-list, x_refsource_MLIST
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=openssl-cvs&m=126692180606861&w=2mailing-list, x_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2010-0977.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2010/0839vdb-entry, x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076vendor-advisory, x_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=127128920008563&w=2vendor-advisory, x_refsource_HP
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlmailing-list, x_refsource_MLIST
http://www.ubuntu.com/usn/USN-1003-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/39932third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0933vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2011-0896.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=127128920008563&w=2vendor-advisory, x_refsource_HP
https://kb.bluecoat.com/index?page=content&id=SA50x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/1216vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/42733third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/37291third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.htmlvendor-advisory, x_refsource_FEDORA
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.ascx_refsource_CONFIRM
http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.htmlx_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:22:24.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2010-0916",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0916"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "oval:org.mitre.oval:def:11738",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738"
          },
          {
            "name": "39461",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39461"
          },
          {
            "name": "[openssl-cvs] 20100223 OpenSSL: OpenSSL_1_0_0-stable: openssl/crypto/bn/ bn_div.c bn_gf...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=openssl-cvs\u0026m=126692159706582\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4723"
          },
          {
            "name": "FEDORA-2010-5357",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
          },
          {
            "name": "SSA:2010-060-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
          },
          {
            "name": "APPLE-SA-2011-06-23-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6640",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640"
          },
          {
            "name": "HPSBOV02540",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
          },
          {
            "name": "[openssl-cvs] 20100223 OpenSSL: openssl/crypto/bn/ bn_div.c bn_gf2m.c openssl/crypto/ec...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=openssl-cvs\u0026m=126692170906712\u0026w=2"
          },
          {
            "name": "38761",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38761"
          },
          {
            "name": "SUSE-SR:2010:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
          },
          {
            "name": "38562",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38562"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
          },
          {
            "name": "oval:org.mitre.oval:def:9790",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790"
          },
          {
            "name": "[openssl-cvs] 20100223 OpenSSL: OpenSSL_0_9_8-stable: openssl/ CHANGES openssl/crypto/b...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=openssl-cvs\u0026m=126692180606861\u0026w=2"
          },
          {
            "name": "RHSA-2010:0977",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html"
          },
          {
            "name": "ADV-2010-0839",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0839"
          },
          {
            "name": "MDVSA-2010:076",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
          },
          {
            "name": "HPSBUX02517",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
          },
          {
            "name": "USN-1003-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1003-1"
          },
          {
            "name": "39932",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39932"
          },
          {
            "name": "ADV-2010-0933",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0933"
          },
          {
            "name": "RHSA-2011:0896",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
          },
          {
            "name": "SSRT100058",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "ADV-2010-1216",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1216"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "37291",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37291"
          },
          {
            "name": "FEDORA-2010-5744",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-02-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-25T00:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2010-0916",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0916"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "oval:org.mitre.oval:def:11738",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738"
        },
        {
          "name": "39461",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39461"
        },
        {
          "name": "[openssl-cvs] 20100223 OpenSSL: OpenSSL_1_0_0-stable: openssl/crypto/bn/ bn_div.c bn_gf...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=openssl-cvs\u0026m=126692159706582\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4723"
        },
        {
          "name": "FEDORA-2010-5357",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
        },
        {
          "name": "SSA:2010-060-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
        },
        {
          "name": "APPLE-SA-2011-06-23-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6640",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640"
        },
        {
          "name": "HPSBOV02540",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
        },
        {
          "name": "[openssl-cvs] 20100223 OpenSSL: openssl/crypto/bn/ bn_div.c bn_gf2m.c openssl/crypto/ec...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=openssl-cvs\u0026m=126692170906712\u0026w=2"
        },
        {
          "name": "38761",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38761"
        },
        {
          "name": "SUSE-SR:2010:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
        },
        {
          "name": "38562",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38562"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
        },
        {
          "name": "oval:org.mitre.oval:def:9790",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790"
        },
        {
          "name": "[openssl-cvs] 20100223 OpenSSL: OpenSSL_0_9_8-stable: openssl/ CHANGES openssl/crypto/b...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=openssl-cvs\u0026m=126692180606861\u0026w=2"
        },
        {
          "name": "RHSA-2010:0977",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html"
        },
        {
          "name": "ADV-2010-0839",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0839"
        },
        {
          "name": "MDVSA-2010:076",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
        },
        {
          "name": "HPSBUX02517",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
        },
        {
          "name": "USN-1003-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1003-1"
        },
        {
          "name": "39932",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39932"
        },
        {
          "name": "ADV-2010-0933",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0933"
        },
        {
          "name": "RHSA-2011:0896",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
        },
        {
          "name": "SSRT100058",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "ADV-2010-1216",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1216"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "37291",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37291"
        },
        {
          "name": "FEDORA-2010-5744",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3245",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2010-0916",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0916"
            },
            {
              "name": "42724",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42724"
            },
            {
              "name": "oval:org.mitre.oval:def:11738",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738"
            },
            {
              "name": "39461",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39461"
            },
            {
              "name": "[openssl-cvs] 20100223 OpenSSL: OpenSSL_1_0_0-stable: openssl/crypto/bn/ bn_div.c bn_gf...",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=openssl-cvs\u0026m=126692159706582\u0026w=2"
            },
            {
              "name": "http://support.apple.com/kb/HT4723",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4723"
            },
            {
              "name": "FEDORA-2010-5357",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
            },
            {
              "name": "SSA:2010-060-02",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
            },
            {
              "name": "APPLE-SA-2011-06-23-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6640",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640"
            },
            {
              "name": "HPSBOV02540",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
            },
            {
              "name": "[openssl-cvs] 20100223 OpenSSL: openssl/crypto/bn/ bn_div.c bn_gf2m.c openssl/crypto/ec...",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=openssl-cvs\u0026m=126692170906712\u0026w=2"
            },
            {
              "name": "38761",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38761"
            },
            {
              "name": "SUSE-SR:2010:013",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
            },
            {
              "name": "38562",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38562"
            },
            {
              "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
              "refsource": "MLIST",
              "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
            },
            {
              "name": "oval:org.mitre.oval:def:9790",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790"
            },
            {
              "name": "[openssl-cvs] 20100223 OpenSSL: OpenSSL_0_9_8-stable: openssl/ CHANGES openssl/crypto/b...",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=openssl-cvs\u0026m=126692180606861\u0026w=2"
            },
            {
              "name": "RHSA-2010:0977",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html"
            },
            {
              "name": "ADV-2010-0839",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0839"
            },
            {
              "name": "MDVSA-2010:076",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
            },
            {
              "name": "HPSBUX02517",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
            },
            {
              "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
              "refsource": "MLIST",
              "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
            },
            {
              "name": "USN-1003-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1003-1"
            },
            {
              "name": "39932",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39932"
            },
            {
              "name": "ADV-2010-0933",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0933"
            },
            {
              "name": "RHSA-2011:0896",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
            },
            {
              "name": "SSRT100058",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
            },
            {
              "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA50",
              "refsource": "CONFIRM",
              "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
            },
            {
              "name": "ADV-2010-1216",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1216"
            },
            {
              "name": "42733",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42733"
            },
            {
              "name": "37291",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37291"
            },
            {
              "name": "FEDORA-2010-5744",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
            },
            {
              "name": "http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3245",
    "datePublished": "2010-03-05T19:00:00",
    "dateReserved": "2009-09-18T00:00:00",
    "dateUpdated": "2024-08-07T06:22:24.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-0657
Vulnerability from cvelistv5
Published
2002-07-31 04:00
Modified
2024-08-08 02:56
Severity
Summary
Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.
References
URLTags
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.phpvendor-advisory, x_refsource_MANDRAKE
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txtvendor-advisory, x_refsource_CALDERA
http://www.cert.org/advisories/CA-2002-23.htmlthird-party-advisory, x_refsource_CERT
http://www.kb.cert.org/vuls/id/561275third-party-advisory, x_refsource_CERT-VN
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txtvendor-advisory, x_refsource_CALDERA
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513vendor-advisory, x_refsource_CONECTIVA
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://www.iss.net/security_center/static/9715.phpvdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/5361vdb-entry, x_refsource_BID
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:56:38.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDKSA-2002:046",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php"
          },
          {
            "name": "CSSA-2002-033.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
          },
          {
            "name": "CA-2002-23",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.cert.org/advisories/CA-2002-23.html"
          },
          {
            "name": "VU#561275",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/561275"
          },
          {
            "name": "CSSA-2002-033.1",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
          },
          {
            "name": "CLA-2002:513",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513"
          },
          {
            "name": "FreeBSD-SA-02:33",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
          },
          {
            "name": "openssl-ssl3-masterkey-bo(9715)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9715.php"
          },
          {
            "name": "5361",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5361"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-07-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-08-01T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDKSA-2002:046",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php"
        },
        {
          "name": "CSSA-2002-033.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
        },
        {
          "name": "CA-2002-23",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.cert.org/advisories/CA-2002-23.html"
        },
        {
          "name": "VU#561275",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/561275"
        },
        {
          "name": "CSSA-2002-033.1",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
        },
        {
          "name": "CLA-2002:513",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513"
        },
        {
          "name": "FreeBSD-SA-02:33",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
        },
        {
          "name": "openssl-ssl3-masterkey-bo(9715)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9715.php"
        },
        {
          "name": "5361",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5361"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0657",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDKSA-2002:046",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php"
            },
            {
              "name": "CSSA-2002-033.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
            },
            {
              "name": "CA-2002-23",
              "refsource": "CERT",
              "url": "http://www.cert.org/advisories/CA-2002-23.html"
            },
            {
              "name": "VU#561275",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/561275"
            },
            {
              "name": "CSSA-2002-033.1",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
            },
            {
              "name": "CLA-2002:513",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513"
            },
            {
              "name": "FreeBSD-SA-02:33",
              "refsource": "FREEBSD",
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
            },
            {
              "name": "openssl-ssl3-masterkey-bo(9715)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9715.php"
            },
            {
              "name": "5361",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5361"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0657",
    "datePublished": "2002-07-31T04:00:00",
    "dateReserved": "2002-07-02T00:00:00",
    "dateUpdated": "2024-08-08T02:56:38.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3765
Vulnerability from cvelistv5
Published
2022-10-03 16:23
Modified
2024-08-07 06:38
Severity
Summary
mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
URLTags
http://marc.info/?l=oss-security&m=125369675820512&w=2mailing-list, x_refsource_MLIST
http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.cx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=oss-security&m=125198917018936&w=2mailing-list, x_refsource_MLIST
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:38:30.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c"
          },
          {
            "name": "SUSE-SR:2009:016",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
          },
          {
            "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-03T16:23:56",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c"
        },
        {
          "name": "SUSE-SR:2009:016",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
        },
        {
          "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3765",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
            },
            {
              "name": "http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c",
              "refsource": "CONFIRM",
              "url": "http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c"
            },
            {
              "name": "SUSE-SR:2009:016",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
            },
            {
              "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3765",
    "datePublished": "2022-10-03T16:23:56",
    "dateReserved": "2022-10-03T00:00:00",
    "dateUpdated": "2024-08-07T06:38:30.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1543
Vulnerability from cvelistv5
Published
2019-03-06 21:00
Modified
2024-09-16 17:43
Severity
Summary
ChaCha20-Poly1305 with long nonces
References
URLTags
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f426625b6ae9a7831010750490a5f0ad689c5ba3x_refsource_CONFIRM
https://www.openssl.org/news/secadv/20190306.txtx_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ee22257b1418438ebaf54df98af4e24f494d1809x_refsource_CONFIRM
https://seclists.org/bugtraq/2019/Jul/3mailing-list, x_refsource_BUGTRAQ
https://www.debian.org/security/2019/dsa-4475vendor-advisory, x_refsource_DEBIAN
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.htmlvendor-advisory, x_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/vendor-advisory, x_refsource_FEDORA
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:3700vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://kc.mcafee.com/corporate/index?page=content&id=SB10365x_refsource_CONFIRM
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:27.631Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f426625b6ae9a7831010750490a5f0ad689c5ba3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20190306.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ee22257b1418438ebaf54df98af4e24f494d1809"
          },
          {
            "name": "20190701 [SECURITY] [DSA 4475-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jul/3"
          },
          {
            "name": "DSA-4475",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4475"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "openSUSE-SU-2019:1814",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
          },
          {
            "name": "FEDORA-2019-00c25b9379",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
          },
          {
            "name": "FEDORA-2019-9a0a7c0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "RHSA-2019:3700",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3700"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Joran Dirk Greef of Ronomon"
        }
      ],
      "datePublic": "2019-03-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Nonce Reuse",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-31T07:06:28",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f426625b6ae9a7831010750490a5f0ad689c5ba3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20190306.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ee22257b1418438ebaf54df98af4e24f494d1809"
        },
        {
          "name": "20190701 [SECURITY] [DSA 4475-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jul/3"
        },
        {
          "name": "DSA-4475",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4475"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "openSUSE-SU-2019:1814",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
        },
        {
          "name": "FEDORA-2019-00c25b9379",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
        },
        {
          "name": "FEDORA-2019-9a0a7c0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "name": "RHSA-2019:3700",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3700"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
        }
      ],
      "title": "ChaCha20-Poly1305 with long nonces",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2019-03-06",
          "ID": "CVE-2019-1543",
          "STATE": "PUBLIC",
          "TITLE": "ChaCha20-Poly1305 with long nonces"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b)"
                          },
                          {
                            "version_value": "Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Joran Dirk Greef of Ronomon"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Low",
            "value": "Low"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Nonce Reuse"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f426625b6ae9a7831010750490a5f0ad689c5ba3",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f426625b6ae9a7831010750490a5f0ad689c5ba3"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20190306.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20190306.txt"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ee22257b1418438ebaf54df98af4e24f494d1809",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ee22257b1418438ebaf54df98af4e24f494d1809"
            },
            {
              "name": "20190701 [SECURITY] [DSA 4475-1] openssl security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jul/3"
            },
            {
              "name": "DSA-4475",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4475"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "openSUSE-SU-2019:1814",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
            },
            {
              "name": "FEDORA-2019-00c25b9379",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
            },
            {
              "name": "FEDORA-2019-9a0a7c0986",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "RHSA-2019:3700",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3700"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2019-1543",
    "datePublished": "2019-03-06T21:00:00Z",
    "dateReserved": "2018-11-28T00:00:00",
    "dateUpdated": "2024-09-16T17:43:26.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0204
Vulnerability from cvelistv5
Published
2015-01-09 02:00
Modified
2024-08-06 04:03
Severity
Summary
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.
References
URLTags
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.htmlvendor-advisory, x_refsource_SUSE
https://kc.mcafee.com/corporate/index?page=content&id=SB10110x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142895206924048&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.htmlvendor-advisory, x_refsource_SUSE
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-sslvendor-advisory, x_refsource_CISCO
http://marc.info/?l=bugtraq&m=142720981827617&w=2vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/71936vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory, x_refsource_HP
https://support.apple.com/HT204659x_refsource_CONFIRM
https://www.openssl.org/news/secadv_20150319.txtx_refsource_CONFIRM
http://www-304.ibm.com/support/docview.wss?uid=swg21960769x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=144043644216842&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2015-0849.htmlvendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlx_refsource_CONFIRM
http://www.securitytracker.com/id/1033378vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=142721102728110&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
https://www.openssl.org/news/secadv_20150108.txtx_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019vendor-advisory, x_refsource_MANDRIVA
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.htmlvendor-advisory, x_refsource_SUSE
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/99707vdb-entry, x_refsource_XF
http://rhn.redhat.com/errata/RHSA-2015-0066.htmlvendor-advisory, x_refsource_REDHAT
http://support.novell.com/security/cve/CVE-2015-0204.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=143213830203296&w=2vendor-advisory, x_refsource_HP
https://freakattack.com/x_refsource_MISC
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063vendor-advisory, x_refsource_MANDRIVA
http://www-01.ibm.com/support/docview.wss?uid=swg21883640x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142496289803847&w=2vendor-advisory, x_refsource_HP
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlvendor-advisory, x_refsource_APPLE
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlx_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10108x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.htmlvendor-advisory, x_refsource_SUSE
https://kc.mcafee.com/corporate/index?page=content&id=SB10102x_refsource_CONFIRM
https://bto.bluecoat.com/security-advisory/sa91x_refsource_CONFIRM
https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0x_refsource_CONFIRM
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/91787vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2016-1650.htmlvendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-0800.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=143213830203296&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=144050205101530&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142496179803395&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142720981827617&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.htmlvendor-advisory, x_refsource_SUSE
https://support.citrix.com/article/CTX216642x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050254401665&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=142496289803847&w=2vendor-advisory, x_refsource_HP
https://bto.bluecoat.com/security-advisory/sa88x_refsource_CONFIRM
https://security.gentoo.org/glsa/201503-11vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2015/dsa-3125vendor-advisory, x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.htmlvendor-advisory, x_refsource_SUSE
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.552Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2015:2182",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "name": "HPSBOV03318",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "openSUSE-SU-2015:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
          },
          {
            "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
          },
          {
            "name": "HPSBGN03299",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
          },
          {
            "name": "71936",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71936"
          },
          {
            "name": "SUSE-SU-2015:2192",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204659"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "name": "HPSBMU03345",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
          },
          {
            "name": "RHSA-2015:0849",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "1033378",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033378"
          },
          {
            "name": "HPSBHF03289",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150108.txt"
          },
          {
            "name": "MDVSA-2015:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "name": "SUSE-SU-2015:2166",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "openssl-cve20150204-weak-security(99707)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99707"
          },
          {
            "name": "RHSA-2015:0066",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/security/cve/CVE-2015-0204.html"
          },
          {
            "name": "HPSBUX03334",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://freakattack.com/"
          },
          {
            "name": "MDVSA-2015:063",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
          },
          {
            "name": "HPSBUX03244",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "name": "APPLE-SA-2015-04-08-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
          },
          {
            "name": "SUSE-SU-2015:1138",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "name": "SUSE-SU-2015:2216",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa91"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
          },
          {
            "name": "SUSE-SU-2015:1086",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
          },
          {
            "name": "SUSE-SU-2015:0946",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "RHSA-2016:1650",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "RHSA-2015:0800",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
          },
          {
            "name": "SSRT102000",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "HPSBMU03396",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
          },
          {
            "name": "HPSBUX03162",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
          },
          {
            "name": "SSRT101987",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "name": "SUSE-SU-2015:2168",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html"
          },
          {
            "name": "SUSE-SU-2015:1085",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "HPSBMU03413",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "name": "SUSE-SU-2015:1161",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
          },
          {
            "name": "SSRT101885",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa88"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "name": "DSA-3125",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3125"
          },
          {
            "name": "SUSE-SU-2016:0113",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue.  NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-18T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SU-2015:2182",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "name": "HPSBOV03318",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "openSUSE-SU-2015:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
        },
        {
          "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
        },
        {
          "name": "HPSBGN03299",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
        },
        {
          "name": "71936",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71936"
        },
        {
          "name": "SUSE-SU-2015:2192",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204659"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "name": "HPSBMU03345",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
        },
        {
          "name": "RHSA-2015:0849",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "1033378",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033378"
        },
        {
          "name": "HPSBHF03289",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20150108.txt"
        },
        {
          "name": "MDVSA-2015:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
        },
        {
          "name": "SUSE-SU-2015:2166",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "openssl-cve20150204-weak-security(99707)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99707"
        },
        {
          "name": "RHSA-2015:0066",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/security/cve/CVE-2015-0204.html"
        },
        {
          "name": "HPSBUX03334",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://freakattack.com/"
        },
        {
          "name": "MDVSA-2015:063",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
        },
        {
          "name": "HPSBUX03244",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
        },
        {
          "name": "APPLE-SA-2015-04-08-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
        },
        {
          "name": "SUSE-SU-2015:1138",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "name": "SUSE-SU-2015:2216",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa91"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
        },
        {
          "name": "SUSE-SU-2015:1086",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
        },
        {
          "name": "SUSE-SU-2015:0946",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "RHSA-2016:1650",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "RHSA-2015:0800",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
        },
        {
          "name": "SSRT102000",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "HPSBMU03396",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
        },
        {
          "name": "HPSBUX03162",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
        },
        {
          "name": "SSRT101987",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "name": "SUSE-SU-2015:2168",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html"
        },
        {
          "name": "SUSE-SU-2015:1085",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "HPSBMU03413",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
        },
        {
          "name": "SUSE-SU-2015:1161",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
        },
        {
          "name": "SSRT101885",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa88"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "name": "DSA-3125",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3125"
        },
        {
          "name": "SUSE-SU-2016:0113",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-0204",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue.  NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2015:2182",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
            },
            {
              "name": "HPSBOV03318",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "openSUSE-SU-2015:0130",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
            },
            {
              "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
            },
            {
              "name": "HPSBGN03299",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
            },
            {
              "name": "71936",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71936"
            },
            {
              "name": "SUSE-SU-2015:2192",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "HPSBMU03409",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
            },
            {
              "name": "https://support.apple.com/HT204659",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20150319.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20150319.txt"
            },
            {
              "name": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769",
              "refsource": "CONFIRM",
              "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
            },
            {
              "name": "HPSBMU03380",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
            },
            {
              "name": "HPSBMU03345",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
            },
            {
              "name": "RHSA-2015:0849",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
            },
            {
              "name": "1033378",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033378"
            },
            {
              "name": "HPSBHF03289",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20150108.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20150108.txt"
            },
            {
              "name": "MDVSA-2015:019",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            },
            {
              "name": "SUSE-SU-2015:2166",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "openssl-cve20150204-weak-security(99707)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99707"
            },
            {
              "name": "RHSA-2015:0066",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
            },
            {
              "name": "http://support.novell.com/security/cve/CVE-2015-0204.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/security/cve/CVE-2015-0204.html"
            },
            {
              "name": "HPSBUX03334",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
            },
            {
              "name": "https://freakattack.com/",
              "refsource": "MISC",
              "url": "https://freakattack.com/"
            },
            {
              "name": "MDVSA-2015:063",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
            },
            {
              "name": "HPSBUX03244",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "SUSE-SU-2015:1138",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
            },
            {
              "name": "SUSE-SU-2015:0578",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
            },
            {
              "name": "SUSE-SU-2015:2216",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa91",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa91"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0",
              "refsource": "CONFIRM",
              "url": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0"
            },
            {
              "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241",
              "refsource": "CONFIRM",
              "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
            },
            {
              "name": "SUSE-SU-2015:1086",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
            },
            {
              "name": "SUSE-SU-2015:0946",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
            },
            {
              "name": "HPSBMU03397",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
            },
            {
              "name": "91787",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91787"
            },
            {
              "name": "RHSA-2016:1650",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "RHSA-2015:0800",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
            },
            {
              "name": "SSRT102000",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
            },
            {
              "name": "HPSBMU03396",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
            },
            {
              "name": "HPSBUX03162",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
            },
            {
              "name": "SSRT101987",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "SUSE-SU-2015:2168",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html"
            },
            {
              "name": "SUSE-SU-2015:1085",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
            },
            {
              "name": "https://support.citrix.com/article/CTX216642",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX216642"
            },
            {
              "name": "HPSBMU03413",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
            },
            {
              "name": "SUSE-SU-2015:1161",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
            },
            {
              "name": "SSRT101885",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa88",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa88"
            },
            {
              "name": "GLSA-201503-11",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201503-11"
            },
            {
              "name": "DSA-3125",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3125"
            },
            {
              "name": "SUSE-SU-2016:0113",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0204",
    "datePublished": "2015-01-09T02:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3507
Vulnerability from cvelistv5
Published
2014-08-13 23:00
Modified
2024-08-06 10:43
Severity
Summary
Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.
References
URLTags
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.htmlvendor-advisory, x_refsource_SUSE
http://linux.oracle.com/errata/ELSA-2014-1052.htmlx_refsource_CONFIRM
http://secunia.com/advisories/60221third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21682293x_refsource_CONFIRM
http://secunia.com/advisories/60778third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61184third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/60022third-party-advisory, x_refsource_SECUNIA
https://www.openssl.org/news/secadv_20140806.txtx_refsource_CONFIRM
http://secunia.com/advisories/61040third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61017third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61250third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21683389x_refsource_CONFIRM
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htmx_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10109x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201412-39.xmlvendor-advisory, x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/60803third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60824third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140853041709441&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59700third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id/1030693vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/59743third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/60917third-party-advisory, x_refsource_SECUNIA
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.htmlx_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.ascvendor-advisory, x_refsource_NETBSD
http://secunia.com/advisories/60493third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59710third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60921third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/95161vdb-entry, x_refsource_XF
http://marc.info/?l=bugtraq&m=141077370928502&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240x_refsource_CONFIRM
http://www.securityfocus.com/bid/69078vdb-entry, x_refsource_BID
http://secunia.com/advisories/61100third-party-advisory, x_refsource_SECUNIA
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://secunia.com/advisories/61775third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2014/dsa-2998vendor-advisory, x_refsource_DEBIAN
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=140853041709441&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61959third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59756third-party-advisory, x_refsource_SECUNIA
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.ascx_refsource_CONFIRM
http://secunia.com/advisories/58962third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60938third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60684third-party-advisory, x_refsource_SECUNIA
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.htmlmailing-list, x_refsource_MLIST
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2014:158vendor-advisory, x_refsource_MANDRIVA
http://www-01.ibm.com/support/docview.wss?uid=swg21686997x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1127502x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:06.463Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2014:1052",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
          },
          {
            "name": "60221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
          },
          {
            "name": "60778",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60778"
          },
          {
            "name": "61184",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61184"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "60022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60022"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20140806.txt"
          },
          {
            "name": "61040",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61040"
          },
          {
            "name": "61017",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61017"
          },
          {
            "name": "61250",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61250"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10109"
          },
          {
            "name": "GLSA-201412-39",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "60803",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60803"
          },
          {
            "name": "60824",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60824"
          },
          {
            "name": "HPSBUX03095",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
          },
          {
            "name": "59700",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59700"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "name": "1030693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030693"
          },
          {
            "name": "59743",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59743"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "name": "60917",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60917"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
          },
          {
            "name": "NetBSD-SA2014-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
          },
          {
            "name": "60493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60493"
          },
          {
            "name": "59710",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59710"
          },
          {
            "name": "60921",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60921"
          },
          {
            "name": "openssl-cve20143507-dos(95161)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95161"
          },
          {
            "name": "HPSBOV03099",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
          },
          {
            "name": "69078",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69078"
          },
          {
            "name": "61100",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61100"
          },
          {
            "name": "FreeBSD-SA-14:18",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
          },
          {
            "name": "61775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61775"
          },
          {
            "name": "DSA-2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2998"
          },
          {
            "name": "FEDORA-2014-9301",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
          },
          {
            "name": "SSRT101674",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
          },
          {
            "name": "61959",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61959"
          },
          {
            "name": "59756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59756"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
          },
          {
            "name": "58962",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58962"
          },
          {
            "name": "60938",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60938"
          },
          {
            "name": "60684",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60684"
          },
          {
            "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74"
          },
          {
            "name": "MDVSA-2014:158",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127502"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2014:1052",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
        },
        {
          "name": "60221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
        },
        {
          "name": "60778",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60778"
        },
        {
          "name": "61184",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61184"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "60022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60022"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20140806.txt"
        },
        {
          "name": "61040",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61040"
        },
        {
          "name": "61017",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61017"
        },
        {
          "name": "61250",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61250"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10109"
        },
        {
          "name": "GLSA-201412-39",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "60803",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60803"
        },
        {
          "name": "60824",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60824"
        },
        {
          "name": "HPSBUX03095",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
        },
        {
          "name": "59700",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59700"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "name": "1030693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030693"
        },
        {
          "name": "59743",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59743"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "name": "60917",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60917"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
        },
        {
          "name": "NetBSD-SA2014-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
        },
        {
          "name": "60493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60493"
        },
        {
          "name": "59710",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59710"
        },
        {
          "name": "60921",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60921"
        },
        {
          "name": "openssl-cve20143507-dos(95161)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95161"
        },
        {
          "name": "HPSBOV03099",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
        },
        {
          "name": "69078",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69078"
        },
        {
          "name": "61100",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61100"
        },
        {
          "name": "FreeBSD-SA-14:18",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
        },
        {
          "name": "61775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61775"
        },
        {
          "name": "DSA-2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2998"
        },
        {
          "name": "FEDORA-2014-9301",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
        },
        {
          "name": "SSRT101674",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
        },
        {
          "name": "61959",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61959"
        },
        {
          "name": "59756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59756"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
        },
        {
          "name": "58962",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58962"
        },
        {
          "name": "60938",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60938"
        },
        {
          "name": "60684",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60684"
        },
        {
          "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74"
        },
        {
          "name": "MDVSA-2014:158",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127502"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3507",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2014:1052",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1052.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
            },
            {
              "name": "60221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60221"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
            },
            {
              "name": "60778",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60778"
            },
            {
              "name": "61184",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61184"
            },
            {
              "name": "SSRT101846",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "60022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60022"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20140806.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20140806.txt"
            },
            {
              "name": "61040",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61040"
            },
            {
              "name": "61017",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61017"
            },
            {
              "name": "61250",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61250"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10109",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10109"
            },
            {
              "name": "GLSA-201412-39",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
            },
            {
              "name": "HPSBHF03293",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "60803",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60803"
            },
            {
              "name": "60824",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60824"
            },
            {
              "name": "HPSBUX03095",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
            },
            {
              "name": "59700",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59700"
            },
            {
              "name": "FEDORA-2014-9308",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
            },
            {
              "name": "1030693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030693"
            },
            {
              "name": "59743",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59743"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "60917",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60917"
            },
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html",
              "refsource": "CONFIRM",
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
            },
            {
              "name": "NetBSD-SA2014-008",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
            },
            {
              "name": "60493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60493"
            },
            {
              "name": "59710",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59710"
            },
            {
              "name": "60921",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60921"
            },
            {
              "name": "openssl-cve20143507-dos(95161)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95161"
            },
            {
              "name": "HPSBOV03099",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
            },
            {
              "name": "69078",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69078"
            },
            {
              "name": "61100",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61100"
            },
            {
              "name": "FreeBSD-SA-14:18",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
            },
            {
              "name": "61775",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61775"
            },
            {
              "name": "DSA-2998",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2998"
            },
            {
              "name": "FEDORA-2014-9301",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
            },
            {
              "name": "SSRT101674",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
            },
            {
              "name": "61959",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61959"
            },
            {
              "name": "59756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59756"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
            },
            {
              "name": "58962",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58962"
            },
            {
              "name": "60938",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60938"
            },
            {
              "name": "60684",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60684"
            },
            {
              "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
              "refsource": "MLIST",
              "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74"
            },
            {
              "name": "MDVSA-2014:158",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1127502",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127502"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3507",
    "datePublished": "2014-08-13T23:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:43:06.463Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-4203
Vulnerability from cvelistv5
Published
2023-02-24 14:53
Modified
2024-08-03 01:34
Severity
Summary
X.509 Name Constraints Read Buffer Overflow
References
URLTags
https://www.openssl.org/news/secadv/20230207.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabcpatch
https://security.gentoo.org/glsa/202402-08
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:34:49.843Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230207.txt"
          },
          {
            "name": "3.0.8 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.0.8",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Corey Bonnell from Digicert"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Viktor Dukhovni"
        }
      ],
      "datePublic": "2023-02-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A read buffer overrun can be triggered in X.509 certificate verification,\u003cbr\u003especifically in name constraint checking. Note that this occurs\u003cbr\u003eafter certificate chain signature verification and requires either a\u003cbr\u003eCA to have signed the malicious certificate or for the application to\u003cbr\u003econtinue certificate verification despite failure to construct a path\u003cbr\u003eto a trusted issuer.\u003cbr\u003e\u003cbr\u003eThe read buffer overrun might result in a crash which could lead to\u003cbr\u003ea denial of service attack. In theory it could also result in the disclosure\u003cbr\u003eof private memory contents (such as private keys, or sensitive plaintext)\u003cbr\u003ealthough we are not aware of any working exploit leading to memory\u003cbr\u003econtents disclosure as of the time of release of this advisory.\u003cbr\u003e\u003cbr\u003eIn a TLS client, this can be triggered by connecting to a malicious\u003cbr\u003eserver. In a TLS server, this can be triggered if the server requests\u003cbr\u003eclient authentication and a malicious client connects.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "A read buffer overrun can be triggered in X.509 certificate verification,\nspecifically in name constraint checking. Note that this occurs\nafter certificate chain signature verification and requires either a\nCA to have signed the malicious certificate or for the application to\ncontinue certificate verification despite failure to construct a path\nto a trusted issuer.\n\nThe read buffer overrun might result in a crash which could lead to\na denial of service attack. In theory it could also result in the disclosure\nof private memory contents (such as private keys, or sensitive plaintext)\nalthough we are not aware of any working exploit leading to memory\ncontents disclosure as of the time of release of this advisory.\n\nIn a TLS client, this can be triggered by connecting to a malicious\nserver. In a TLS server, this can be triggered if the server requests\nclient authentication and a malicious client connects.\n\n"
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Moderate"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "read buffer overrun ",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-24T14:53:08.485Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230207.txt"
        },
        {
          "name": "3.0.8 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "X.509 Name Constraints Read Buffer Overflow",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-4203",
    "datePublished": "2023-02-24T14:53:08.485Z",
    "dateReserved": "2022-11-29T10:00:42.027Z",
    "dateUpdated": "2024-08-03T01:34:49.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-1568
Vulnerability from cvelistv5
Published
2003-10-08 04:00
Modified
2024-08-08 03:26
Severity
Summary
OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c.
References
URLTags
http://www.ebitech.sk/patrik/SA/SA-20031002.txtx_refsource_MISC
http://cvs.openssl.org/chngview?cn=7659x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=106511018214983mailing-list, x_refsource_BUGTRAQ
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:26:29.118Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ebitech.sk/patrik/SA/SA-20031002.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=7659"
          },
          {
            "name": "20031002 New OpenSSL remote vulnerability (issue date 2003/10/02)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=106511018214983"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-08-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ebitech.sk/patrik/SA/SA-20031002.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=7659"
        },
        {
          "name": "20031002 New OpenSSL remote vulnerability (issue date 2003/10/02)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=106511018214983"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1568",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ebitech.sk/patrik/SA/SA-20031002.txt",
              "refsource": "MISC",
              "url": "http://www.ebitech.sk/patrik/SA/SA-20031002.txt"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=7659",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=7659"
            },
            {
              "name": "20031002 New OpenSSL remote vulnerability (issue date 2003/10/02)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=106511018214983"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1568",
    "datePublished": "2003-10-08T04:00:00",
    "dateReserved": "2003-10-06T00:00:00",
    "dateUpdated": "2024-08-08T03:26:29.118Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3732
Vulnerability from cvelistv5
Published
2017-01-26 00:00
Modified
2024-08-05 14:39
Severity
Summary
BN_mod_exp may produce incorrect results on x86_64
References
URLTags
https://access.redhat.com/errata/RHSA-2018:2185vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2186vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2713vendor-advisory, x_refsource_REDHAT
https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5bx_refsource_MISC
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.ascvendor-advisory, x_refsource_FREEBSD
https://www.openssl.org/news/secadv/20170126.txtx_refsource_CONFIRM
http://www.securitytracker.com/id/1037717vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:2575vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://www.tenable.com/security/tns-2017-04x_refsource_CONFIRM
https://security.gentoo.org/glsa/201702-07vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2018:2568vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/95814vdb-entry, x_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2187vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:40.621Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2185",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2185"
          },
          {
            "name": "RHSA-2018:2186",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2186"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2018:2713",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2713"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b"
          },
          {
            "name": "FreeBSD-SA-17:02",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20170126.txt"
          },
          {
            "name": "1037717",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037717"
          },
          {
            "name": "RHSA-2018:2575",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2575"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-04"
          },
          {
            "name": "GLSA-201702-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-07"
          },
          {
            "name": "RHSA-2018:2568",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2568"
          },
          {
            "name": "95814",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95814"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us"
          },
          {
            "name": "RHSA-2018:2187",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2187"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "openssl-1.1.0"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0a"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0b"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0c"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2a"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2b"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2c"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2d"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2e"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2f"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2g"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2h"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2i"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2j"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "OSS-Fuzz project"
        }
      ],
      "datePublic": "2017-01-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "carry-propagating bug",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-23T19:08:15",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "RHSA-2018:2185",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2185"
        },
        {
          "name": "RHSA-2018:2186",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2186"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2018:2713",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2713"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b"
        },
        {
          "name": "FreeBSD-SA-17:02",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20170126.txt"
        },
        {
          "name": "1037717",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037717"
        },
        {
          "name": "RHSA-2018:2575",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2575"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2017-04"
        },
        {
          "name": "GLSA-201702-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-07"
        },
        {
          "name": "RHSA-2018:2568",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2568"
        },
        {
          "name": "95814",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95814"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us"
        },
        {
          "name": "RHSA-2018:2187",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        }
      ],
      "title": "BN_mod_exp may produce incorrect results on x86_64",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2017-01-26",
          "ID": "CVE-2017-3732",
          "STATE": "PUBLIC",
          "TITLE": "BN_mod_exp may produce incorrect results on x86_64"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "openssl-1.1.0"
                          },
                          {
                            "version_value": "openssl-1.1.0a"
                          },
                          {
                            "version_value": "openssl-1.1.0b"
                          },
                          {
                            "version_value": "openssl-1.1.0c"
                          },
                          {
                            "version_value": "openssl-1.0.2"
                          },
                          {
                            "version_value": "openssl-1.0.2a"
                          },
                          {
                            "version_value": "openssl-1.0.2b"
                          },
                          {
                            "version_value": "openssl-1.0.2c"
                          },
                          {
                            "version_value": "openssl-1.0.2d"
                          },
                          {
                            "version_value": "openssl-1.0.2e"
                          },
                          {
                            "version_value": "openssl-1.0.2f"
                          },
                          {
                            "version_value": "openssl-1.0.2g"
                          },
                          {
                            "version_value": "openssl-1.0.2h"
                          },
                          {
                            "version_value": "openssl-1.0.2i"
                          },
                          {
                            "version_value": "openssl-1.0.2j"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "OSS-Fuzz project"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
            "value": "Moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "carry-propagating bug"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2185",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2185"
            },
            {
              "name": "RHSA-2018:2186",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2186"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "RHSA-2018:2713",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2713"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b",
              "refsource": "MISC",
              "url": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b"
            },
            {
              "name": "FreeBSD-SA-17:02",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20170126.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20170126.txt"
            },
            {
              "name": "1037717",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037717"
            },
            {
              "name": "RHSA-2018:2575",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2575"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2017-04",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2017-04"
            },
            {
              "name": "GLSA-201702-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-07"
            },
            {
              "name": "RHSA-2018:2568",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2568"
            },
            {
              "name": "95814",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95814"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us"
            },
            {
              "name": "RHSA-2018:2187",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2187"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2017-3732",
    "datePublished": "2017-01-26T00:00:00",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-08-05T14:39:40.621Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0703
Vulnerability from cvelistv5
Published
2016-03-02 00:00
Modified
2024-08-05 22:30
Severity
Summary
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
References
URLTags
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/83743vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlvendor-advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.ascvendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.htmlvendor-advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
https://drownattack.com
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=ae50d8270026edf5b3c7f8aaa0c6677462b33d97
http://openssl.org/news/secadv/20160301.txt
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-opensslvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.htmlvendor-advisory
https://www.openssl.org/news/secadv/20160301.txt
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlvendor-advisory
https://security.gentoo.org/glsa/201603-15vendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlvendor-advisory
http://www.securitytracker.com/id/1035133vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:03.398Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "83743",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/83743"
          },
          {
            "name": "openSUSE-SU-2016:0638",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
          },
          {
            "name": "FreeBSD-SA-16:12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "SUSE-SU-2016:0621",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "SUSE-SU-2016:1057",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://drownattack.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=ae50d8270026edf5b3c7f8aaa0c6677462b33d97"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20160301.txt"
          },
          {
            "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
          },
          {
            "name": "openSUSE-SU-2016:0720",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
          },
          {
            "name": "SUSE-SU-2016:0624",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
          },
          {
            "name": "SUSE-SU-2016:0631",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160301.txt"
          },
          {
            "name": "SUSE-SU-2016:0617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
          },
          {
            "name": "GLSA-201603-15",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201603-15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "name": "openSUSE-SU-2016:0628",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
          },
          {
            "name": "1035133",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035133"
          },
          {
            "name": "SUSE-SU-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
          },
          {
            "name": "SUSE-SU-2016:0620",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "name": "SUSE-SU-2016:0641",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "83743",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/83743"
        },
        {
          "name": "openSUSE-SU-2016:0638",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
        },
        {
          "name": "FreeBSD-SA-16:12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "SUSE-SU-2016:0621",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "SUSE-SU-2016:1057",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
        },
        {
          "url": "https://drownattack.com"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=ae50d8270026edf5b3c7f8aaa0c6677462b33d97"
        },
        {
          "url": "http://openssl.org/news/secadv/20160301.txt"
        },
        {
          "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
        },
        {
          "name": "openSUSE-SU-2016:0720",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
        },
        {
          "name": "SUSE-SU-2016:0624",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
        },
        {
          "name": "SUSE-SU-2016:0631",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160301.txt"
        },
        {
          "name": "SUSE-SU-2016:0617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
        },
        {
          "name": "GLSA-201603-15",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201603-15"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "name": "openSUSE-SU-2016:0628",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
        },
        {
          "name": "1035133",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035133"
        },
        {
          "name": "SUSE-SU-2016:0678",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
        },
        {
          "name": "SUSE-SU-2016:0620",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "name": "SUSE-SU-2016:0641",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0703",
    "datePublished": "2016-03-02T00:00:00",
    "dateReserved": "2015-12-16T00:00:00",
    "dateUpdated": "2024-08-05T22:30:03.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0224
Vulnerability from cvelistv5
Published
2014-06-05 21:00
Modified
2024-08-06 09:05
Severity
Summary
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
References
URLTags
http://secunia.com/advisories/59342third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59669third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59525third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140604261522465&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59004third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59530third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21675626x_refsource_CONFIRM
http://secunia.com/advisories/59824third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59282third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/support/kb/doc.php?id=7015300x_refsource_CONFIRM
http://secunia.com/advisories/59215third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=1103586x_refsource_CONFIRM
http://secunia.com/advisories/59990third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59264third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59454third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58492third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59186third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59188third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59126third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140672208601650&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=140784085708882&w=2vendor-advisory, x_refsource_HP
http://www.novell.com/support/kb/doc.php?id=7015264x_refsource_CONFIRM
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59306third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-0627.htmlvendor-advisory, x_refsource_REDHAT
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140544599631400&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2014-0626.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/59190third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58639third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21678289x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=swg21676877x_refsource_CONFIRM
http://secunia.com/advisories/59446third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59529third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59445third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59589third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59894third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59325third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59354third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg24037729x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677131x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140266410314613&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61254third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21678233x_refsource_CONFIRM
http://secunia.com/advisories/59447third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id/1031594vdb-entry, x_refsource_SECTRACK
http://www-01.ibm.com/support/docview.wss?uid=swg21676655x_refsource_CONFIRM
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=Ex_refsource_CONFIRM
http://secunia.com/advisories/59223third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58743third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlx_refsource_CONFIRM
http://secunia.com/advisories/58719third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59449third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59132third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142350350616251&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=isg400001843x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140870499402361&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=140386311427810&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59442third-party-advisory, x_refsource_SECUNIA
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140317760000786&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142805027510172&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21676879x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg24037761x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677828x_refsource_CONFIRM
http://secunia.com/advisories/59441third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140621259019789&w=2vendor-advisory, x_refsource_HP
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdfx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140852757108392&w=2vendor-advisory, x_refsource_HP
https://filezilla-project.org/versions.php?type=serverx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676786x_refsource_CONFIRM
http://secunia.com/advisories/60567third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59189third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59368third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2014:106vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/59142third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676478x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676845x_refsource_CONFIRM
http://secunia.com/advisories/58742third-party-advisory, x_refsource_SECUNIA
https://www.ibm.com/support/docview.wss?uid=ssg1S1004670x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-0624.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/59602third-party-advisory, x_refsource_SECUNIA
http://www.kerio.com/support/kerio-control/release-historyx_refsource_CONFIRM
http://secunia.com/advisories/59300third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58930third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21677080x_refsource_CONFIRM
http://secunia.com/advisories/61815third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58667third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-201407-05.xmlvendor-advisory, x_refsource_GENTOO
http://www-01.ibm.com/support/docview.wss?uid=swg21677390x_refsource_CONFIRM
http://secunia.com/advisories/59191third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59284third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59444third-party-advisory, x_refsource_SECUNIA
https://www.imperialviolet.org/2014/06/05/earlyccs.htmlx_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=swg24037783x_refsource_CONFIRM
http://secunia.com/advisories/59365third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21677695x_refsource_CONFIRM
http://secunia.com/advisories/59305third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676529x_refsource_CONFIRM
http://secunia.com/advisories/59483third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58385third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/534161/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/59495third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676889x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/58945third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=isg400001841x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=141025641601169&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59659third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59440third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/59429third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59655third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59370third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59827third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58660third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59163third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58716third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59055third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676071x_refsource_CONFIRM
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677836x_refsource_CONFIRM
http://secunia.com/advisories/59437third-party-advisory, x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754x_refsource_CONFIRM
http://secunia.com/advisories/60176third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=141147110427269&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59101third-party-advisory, x_refsource_SECUNIA
http://esupport.trendmicro.com/solution/en-US/1103813.aspxx_refsource_CONFIRM
http://secunia.com/advisories/59374third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59063third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/security/advisories/VMSA-2014-0006.htmlx_refsource_CONFIRM
https://discussions.nessus.org/thread/7517x_refsource_CONFIRM
http://secunia.com/advisories/59310third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676501x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142350350616251&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21676536x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.ascx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IV61506vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/59502third-party-advisory, x_refsource_SECUNIA
http://www.splunk.com/view/SP-CAAAM2Dx_refsource_CONFIRM
http://secunia.com/advisories/59878third-party-advisory, x_refsource_SECUNIA
http://www.fortiguard.com/advisory/FG-IR-14-018/x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=140852826008699&w=2vendor-advisory, x_refsource_HP
http://www.ibm.com/support/docview.wss?uid=swg21676793x_refsource_CONFIRM
http://secunia.com/advisories/59214third-party-advisory, x_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg21676356x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140794476212181&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=140389274407904&w=2vendor-advisory, x_refsource_HP
http://support.citrix.com/article/CTX140876x_refsource_CONFIRM
http://secunia.com/advisories/59167third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59120third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg24037732x_refsource_CONFIRM
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140369637402535&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59380third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2014:105vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/59460third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59506third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58939third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140266410314613&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59661third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59514third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59677third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-0630.htmlvendor-advisory, x_refsource_REDHAT
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-opensslvendor-advisory, x_refsource_CISCO
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-0632.htmlvendor-advisory, x_refsource_REDHAT
http://www-01.ibm.com/support/docview.wss?uid=swg24037730x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10075x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg24037731x_refsource_CONFIRM
http://secunia.com/advisories/58745third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676419x_refsource_CONFIRM
http://secunia.com/advisories/59438third-party-advisory, x_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=isg3T1020948x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676496x_refsource_CONFIRM
http://secunia.com/advisories/58714third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140482916501310&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.htmlvendor-advisory, x_refsource_SUSE
http://ccsinjection.lepidum.co.jpx_refsource_MISC
http://secunia.com/advisories/59435third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=141658880509699&w=2vendor-advisory, x_refsource_HP
http://www.openssl.org/news/secadv_20140605.txtx_refsource_CONFIRM
http://secunia.com/advisories/58615third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142546741516006&w=2vendor-advisory, x_refsource_HP
http://seclists.org/fulldisclosure/2014/Dec/23mailing-list, x_refsource_FULLDISC
http://www-01.ibm.com/support/docview.wss?uid=swg21676644x_refsource_CONFIRM
http://secunia.com/advisories/59231third-party-advisory, x_refsource_SECUNIA
https://www.ibm.com/support/docview.wss?uid=ssg1S1004671x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory, x_refsource_SUSE
http://support.apple.com/kb/HT6443x_refsource_CONFIRM
http://secunia.com/advisories/59211third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58433third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60066third-party-advisory, x_refsource_SECUNIA
http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.htmlx_refsource_CONFIRM
https://access.redhat.com/site/blogs/766093/posts/908133x_refsource_CONFIRM
http://secunia.com/advisories/59301third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60522third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59784third-party-advisory, x_refsource_SECUNIA
https://kb.bluecoat.com/index?page=content&id=SA80x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=141383410222440&w=2vendor-advisory, x_refsource_HP
http://seclists.org/fulldisclosure/2014/Jun/38mailing-list, x_refsource_FULLDISC
http://marc.info/?l=bugtraq&m=140904544427729&w=2vendor-advisory, x_refsource_HP
http://www.f-secure.com/en/web/labs_global/fsc-2014-6x_refsource_CONFIRM
http://secunia.com/advisories/59135third-party-advisory, x_refsource_SECUNIA
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21678167x_refsource_CONFIRM
http://secunia.com/advisories/58759third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59093third-party-advisory, x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740x_refsource_CONFIRM
http://puppetlabs.com/security/cve/cve-2014-0224x_refsource_CONFIRM
http://secunia.com/advisories/59192third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=140752315422991&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/58579third-party-advisory, x_refsource_SECUNIA
https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdfx_refsource_CONFIRM
http://secunia.com/advisories/59040third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140389355508263&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59175third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60819third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140448122410568&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59666third-party-advisory, x_refsource_SECUNIA
http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-downloadx_refsource_CONFIRM
http://secunia.com/advisories/58128third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140431828824371&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59413third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676334x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21675821x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg24037870x_refsource_CONFIRM
http://secunia.com/advisories/59721third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=141383465822787&w=2vendor-advisory, x_refsource_HP
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-0680.htmlvendor-advisory, x_refsource_REDHAT
http://www-01.ibm.com/support/docview.wss?uid=swg21676062x_refsource_CONFIRM
http://secunia.com/advisories/59012third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58713third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21673137x_refsource_CONFIRM
http://secunia.com/advisories/59362third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
http://www-01.ibm.com/support/docview.wss?uid=swg21676035x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140499864129699&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2014-0631.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/59338third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59450third-party-advisory, x_refsource_SECUNIA
http://linux.oracle.com/errata/ELSA-2014-1053.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/978508third-party-advisory, x_refsource_CERT-VN
http://www.securitytracker.com/id/1031032vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/59287third-party-advisory, x_refsource_SECUNIA
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21683332x_refsource_CONFIRM
http://secunia.com/advisories/59491third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59364third-party-advisory, x_refsource_SECUNIA
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issuesx_refsource_CONFIRM
http://secunia.com/advisories/59451third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58977third-party-advisory, x_refsource_SECUNIA
https://www.novell.com/support/kb/doc.php?id=7015271x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676333x_refsource_CONFIRM
http://secunia.com/advisories/60571third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59459third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676833x_refsource_CONFIRM
http://secunia.com/advisories/60577third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59448third-party-advisory, x_refsource_SECUNIA
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bc8923b1ec9c467755cd86f7848c50ee8812e441x_refsource_CONFIRM
https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdfx_refsource_CONFIRM
http://www.blackberry.com/btsc/KB36051x_refsource_CONFIRM
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755x_refsource_CONFIRM
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htmx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=141164638606214&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690x_refsource_CONFIRM
http://secunia.com/advisories/59885third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21677527x_refsource_CONFIRM
http://secunia.com/advisories/59202third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-0633.htmlvendor-advisory, x_refsource_REDHAT
http://www.ibm.com/support/docview.wss?uid=ssg1S1004678x_refsource_CONFIRM
http://secunia.com/advisories/59375third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140983229106599&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59528third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58337third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59518third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59389third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59162third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59383third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21677567x_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29217x_refsource_CONFIRM
http://secunia.com/advisories/59490third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59916third-party-advisory, x_refsource_SECUNIA
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=Ex_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140491231331543&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg24037727x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=swg1IT02314vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/59043third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59347third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60049third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676615x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdfx_refsource_CONFIRM
https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005x_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:05:39.462Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59342"
          },
          {
            "name": "59669",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59669"
          },
          {
            "name": "59525",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59525"
          },
          {
            "name": "HPSBMU03071",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140604261522465\u0026w=2"
          },
          {
            "name": "59004",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59004"
          },
          {
            "name": "59530",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59530"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626"
          },
          {
            "name": "59824",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59824"
          },
          {
            "name": "59282",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59282"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
          },
          {
            "name": "59215",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59215"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103586"
          },
          {
            "name": "59990",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59990"
          },
          {
            "name": "59264",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59264"
          },
          {
            "name": "59454",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59454"
          },
          {
            "name": "58492",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58492"
          },
          {
            "name": "59186",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59186"
          },
          {
            "name": "59188",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59188"
          },
          {
            "name": "59126",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59126"
          },
          {
            "name": "HPSBMU03078",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140672208601650\u0026w=2"
          },
          {
            "name": "HPSBMU03089",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140784085708882\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html"
          },
          {
            "name": "59306",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59306"
          },
          {
            "name": "RHSA-2014:0627",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0627.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
          },
          {
            "name": "HPSBGN03068",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2"
          },
          {
            "name": "RHSA-2014:0626",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0626.html"
          },
          {
            "name": "59190",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59190"
          },
          {
            "name": "58639",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58639"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21676877"
          },
          {
            "name": "59446",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59446"
          },
          {
            "name": "59529",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59529"
          },
          {
            "name": "59445",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59445"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "name": "59589",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59589"
          },
          {
            "name": "59894",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59894"
          },
          {
            "name": "59325",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59325"
          },
          {
            "name": "59354",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59354"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037729"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677131"
          },
          {
            "name": "HPSBUX03046",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
          },
          {
            "name": "61254",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61254"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678233"
          },
          {
            "name": "59447",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59447"
          },
          {
            "name": "1031594",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031594"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E"
          },
          {
            "name": "59223",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59223"
          },
          {
            "name": "58743",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58743"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "58719",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58719"
          },
          {
            "name": "59449",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59449"
          },
          {
            "name": "59132",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59132"
          },
          {
            "name": "SSRT101818",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
          },
          {
            "name": "HPSBST03098",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140870499402361\u0026w=2"
          },
          {
            "name": "HPSBMU03058",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140386311427810\u0026w=2"
          },
          {
            "name": "59442",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59442"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
          },
          {
            "name": "HPSBOV03047",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
          },
          {
            "name": "HPSBST03195",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
          },
          {
            "name": "59441",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59441"
          },
          {
            "name": "HPSBMU03074",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf"
          },
          {
            "name": "HPSBMU03094",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140852757108392\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://filezilla-project.org/versions.php?type=server"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676786"
          },
          {
            "name": "60567",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60567"
          },
          {
            "name": "59189",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59189"
          },
          {
            "name": "59368",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59368"
          },
          {
            "name": "MDVSA-2014:106",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106"
          },
          {
            "name": "59142",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59142"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676478"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676845"
          },
          {
            "name": "58742",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58742"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ssg1S1004670"
          },
          {
            "name": "RHSA-2014:0624",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0624.html"
          },
          {
            "name": "59602",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59602"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kerio.com/support/kerio-control/release-history"
          },
          {
            "name": "59300",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59300"
          },
          {
            "name": "58930",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58930"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677080"
          },
          {
            "name": "61815",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61815"
          },
          {
            "name": "58667",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58667"
          },
          {
            "name": "GLSA-201407-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677390"
          },
          {
            "name": "59191",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59191"
          },
          {
            "name": "59284",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59284"
          },
          {
            "name": "59444",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59444"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.imperialviolet.org/2014/06/05/earlyccs.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
          },
          {
            "name": "59365",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59365"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
          },
          {
            "name": "59305",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59305"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
          },
          {
            "name": "59483",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59483"
          },
          {
            "name": "58385",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58385"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "name": "59495",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59495"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "name": "58945",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58945"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
          },
          {
            "name": "HPSBST03106",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141025641601169\u0026w=2"
          },
          {
            "name": "59659",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59659"
          },
          {
            "name": "59440",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59440"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "name": "59429",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59429"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "name": "59655",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59655"
          },
          {
            "name": "59370",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59370"
          },
          {
            "name": "59827",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59827"
          },
          {
            "name": "58660",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58660"
          },
          {
            "name": "59163",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59163"
          },
          {
            "name": "58716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58716"
          },
          {
            "name": "59055",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59055"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
          },
          {
            "name": "59437",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59437"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
          },
          {
            "name": "60176",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60176"
          },
          {
            "name": "HPSBPI03107",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141147110427269\u0026w=2"
          },
          {
            "name": "59101",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59101"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://esupport.trendmicro.com/solution/en-US/1103813.aspx"
          },
          {
            "name": "59374",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59374"
          },
          {
            "name": "59063",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59063"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://discussions.nessus.org/thread/7517"
          },
          {
            "name": "59310",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59310"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501"
          },
          {
            "name": "HPSBMU03216",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676536"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
          },
          {
            "name": "IV61506",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61506"
          },
          {
            "name": "59502",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59502"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAM2D"
          },
          {
            "name": "59878",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59878"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/"
          },
          {
            "name": "SUSE-SU-2015:0743",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
          },
          {
            "name": "HPSBMU03101",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140852826008699\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
          },
          {
            "name": "59214",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59214"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
          },
          {
            "name": "HPSBHF03088",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140794476212181\u0026w=2"
          },
          {
            "name": "HPSBMU03057",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX140876"
          },
          {
            "name": "59167",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59167"
          },
          {
            "name": "59120",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59120"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037732"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172"
          },
          {
            "name": "HPSBMU03053",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140369637402535\u0026w=2"
          },
          {
            "name": "59380",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59380"
          },
          {
            "name": "MDVSA-2014:105",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:105"
          },
          {
            "name": "59460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59460"
          },
          {
            "name": "59506",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59506"
          },
          {
            "name": "58939",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58939"
          },
          {
            "name": "SSRT101590",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
          },
          {
            "name": "59661",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59661"
          },
          {
            "name": "59514",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59514"
          },
          {
            "name": "59677",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59677"
          },
          {
            "name": "RHSA-2014:0630",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0630.html"
          },
          {
            "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195"
          },
          {
            "name": "RHSA-2014:0632",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0632.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037730"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037731"
          },
          {
            "name": "58745",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58745"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
          },
          {
            "name": "59438",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59438"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg3T1020948"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496"
          },
          {
            "name": "58714",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58714"
          },
          {
            "name": "HPSBGN03050",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2015:0229",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ccsinjection.lepidum.co.jp"
          },
          {
            "name": "59435",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59435"
          },
          {
            "name": "HPSBHF03052",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20140605.txt"
          },
          {
            "name": "58615",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58615"
          },
          {
            "name": "HPSBST03265",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644"
          },
          {
            "name": "59231",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59231"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ssg1S1004671"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT6443"
          },
          {
            "name": "59211",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59211"
          },
          {
            "name": "58433",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58433"
          },
          {
            "name": "60066",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60066"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/site/blogs/766093/posts/908133"
          },
          {
            "name": "59301",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59301"
          },
          {
            "name": "60522",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60522"
          },
          {
            "name": "59784",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59784"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
          },
          {
            "name": "HPSBST03097",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141383410222440\u0026w=2"
          },
          {
            "name": "20140607 Re: More OpenSSL issues",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Jun/38"
          },
          {
            "name": "HPSBMU03076",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
          },
          {
            "name": "59135",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59135"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
          },
          {
            "name": "58759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58759"
          },
          {
            "name": "59093",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59093"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://puppetlabs.com/security/cve/cve-2014-0224"
          },
          {
            "name": "59192",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59192"
          },
          {
            "name": "FEDORA-2014-9301",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
          },
          {
            "name": "HPSBMU03062",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
          },
          {
            "name": "58579",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58579"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf"
          },
          {
            "name": "59040",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59040"
          },
          {
            "name": "HPSBMU03056",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
          },
          {
            "name": "59175",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59175"
          },
          {
            "name": "60819",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60819"
          },
          {
            "name": "HPSBMU03051",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
          },
          {
            "name": "59666",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59666"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download"
          },
          {
            "name": "58128",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58128"
          },
          {
            "name": "HPSBMU03055",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
          },
          {
            "name": "59413",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59413"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676334"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037870"
          },
          {
            "name": "59721",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59721"
          },
          {
            "name": "HPSBHF03145",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141383465822787\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
          },
          {
            "name": "RHSA-2014:0680",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0680.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
          },
          {
            "name": "59012",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59012"
          },
          {
            "name": "58713",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58713"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
          },
          {
            "name": "59362",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59362"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
          },
          {
            "name": "HPSBMU03070",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140499864129699\u0026w=2"
          },
          {
            "name": "RHSA-2014:0631",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0631.html"
          },
          {
            "name": "59338",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59338"
          },
          {
            "name": "59450",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59450"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "VU#978508",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/978508"
          },
          {
            "name": "1031032",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031032"
          },
          {
            "name": "59287",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59287"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
          },
          {
            "name": "59491",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59491"
          },
          {
            "name": "59364",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59364"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues"
          },
          {
            "name": "59451",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59451"
          },
          {
            "name": "58977",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58977"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676333"
          },
          {
            "name": "60571",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60571"
          },
          {
            "name": "59459",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59459"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676833"
          },
          {
            "name": "60577",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60577"
          },
          {
            "name": "59448",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59448"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bc8923b1ec9c467755cd86f7848c50ee8812e441"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.blackberry.com/btsc/KB36051"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
          },
          {
            "name": "HPSBST03103",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141164638606214\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690"
          },
          {
            "name": "59885",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59885"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
          },
          {
            "name": "59202",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59202"
          },
          {
            "name": "RHSA-2014:0633",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0633.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004678"
          },
          {
            "name": "59375",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59375"
          },
          {
            "name": "HPSBMU03083",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140983229106599\u0026w=2"
          },
          {
            "name": "59528",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59528"
          },
          {
            "name": "58337",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58337"
          },
          {
            "name": "59518",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59518"
          },
          {
            "name": "59389",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59389"
          },
          {
            "name": "59162",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59162"
          },
          {
            "name": "59383",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59383"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677567"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29217"
          },
          {
            "name": "59490",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59490"
          },
          {
            "name": "59916",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59916"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E"
          },
          {
            "name": "HPSBMU03065",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037727"
          },
          {
            "name": "IT02314",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IT02314"
          },
          {
            "name": "59043",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59043"
          },
          {
            "name": "59347",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59347"
          },
          {
            "name": "60049",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60049"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-05T16:47:29",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "59342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59342"
        },
        {
          "name": "59669",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59669"
        },
        {
          "name": "59525",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59525"
        },
        {
          "name": "HPSBMU03071",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140604261522465\u0026w=2"
        },
        {
          "name": "59004",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59004"
        },
        {
          "name": "59530",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59530"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626"
        },
        {
          "name": "59824",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59824"
        },
        {
          "name": "59282",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59282"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
        },
        {
          "name": "59215",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59215"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103586"
        },
        {
          "name": "59990",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59990"
        },
        {
          "name": "59264",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59264"
        },
        {
          "name": "59454",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59454"
        },
        {
          "name": "58492",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58492"
        },
        {
          "name": "59186",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59186"
        },
        {
          "name": "59188",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59188"
        },
        {
          "name": "59126",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59126"
        },
        {
          "name": "HPSBMU03078",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140672208601650\u0026w=2"
        },
        {
          "name": "HPSBMU03089",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140784085708882\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html"
        },
        {
          "name": "59306",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59306"
        },
        {
          "name": "RHSA-2014:0627",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0627.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
        },
        {
          "name": "HPSBGN03068",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2"
        },
        {
          "name": "RHSA-2014:0626",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0626.html"
        },
        {
          "name": "59190",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59190"
        },
        {
          "name": "58639",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58639"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21676877"
        },
        {
          "name": "59446",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59446"
        },
        {
          "name": "59529",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59529"
        },
        {
          "name": "59445",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59445"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
        },
        {
          "name": "59589",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59589"
        },
        {
          "name": "59894",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59894"
        },
        {
          "name": "59325",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59325"
        },
        {
          "name": "59354",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59354"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037729"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677131"
        },
        {
          "name": "HPSBUX03046",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
        },
        {
          "name": "61254",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61254"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678233"
        },
        {
          "name": "59447",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59447"
        },
        {
          "name": "1031594",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031594"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E"
        },
        {
          "name": "59223",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59223"
        },
        {
          "name": "58743",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58743"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "58719",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58719"
        },
        {
          "name": "59449",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59449"
        },
        {
          "name": "59132",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59132"
        },
        {
          "name": "SSRT101818",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
        },
        {
          "name": "HPSBST03098",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140870499402361\u0026w=2"
        },
        {
          "name": "HPSBMU03058",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140386311427810\u0026w=2"
        },
        {
          "name": "59442",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59442"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
        },
        {
          "name": "HPSBOV03047",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
        },
        {
          "name": "HPSBST03195",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
        },
        {
          "name": "59441",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59441"
        },
        {
          "name": "HPSBMU03074",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf"
        },
        {
          "name": "HPSBMU03094",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140852757108392\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://filezilla-project.org/versions.php?type=server"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676786"
        },
        {
          "name": "60567",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60567"
        },
        {
          "name": "59189",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59189"
        },
        {
          "name": "59368",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59368"
        },
        {
          "name": "MDVSA-2014:106",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106"
        },
        {
          "name": "59142",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59142"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676478"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676845"
        },
        {
          "name": "58742",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58742"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ssg1S1004670"
        },
        {
          "name": "RHSA-2014:0624",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0624.html"
        },
        {
          "name": "59602",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59602"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kerio.com/support/kerio-control/release-history"
        },
        {
          "name": "59300",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59300"
        },
        {
          "name": "58930",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58930"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677080"
        },
        {
          "name": "61815",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61815"
        },
        {
          "name": "58667",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58667"
        },
        {
          "name": "GLSA-201407-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677390"
        },
        {
          "name": "59191",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59191"
        },
        {
          "name": "59284",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59284"
        },
        {
          "name": "59444",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59444"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.imperialviolet.org/2014/06/05/earlyccs.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
        },
        {
          "name": "59365",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59365"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
        },
        {
          "name": "59305",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59305"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
        },
        {
          "name": "59483",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59483"
        },
        {
          "name": "58385",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58385"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
        },
        {
          "name": "59495",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59495"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "name": "58945",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58945"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
        },
        {
          "name": "HPSBST03106",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141025641601169\u0026w=2"
        },
        {
          "name": "59659",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59659"
        },
        {
          "name": "59440",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59440"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "name": "59429",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59429"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
        },
        {
          "name": "59655",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59655"
        },
        {
          "name": "59370",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59370"
        },
        {
          "name": "59827",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59827"
        },
        {
          "name": "58660",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58660"
        },
        {
          "name": "59163",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59163"
        },
        {
          "name": "58716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58716"
        },
        {
          "name": "59055",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59055"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
        },
        {
          "name": "59437",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59437"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
        },
        {
          "name": "60176",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60176"
        },
        {
          "name": "HPSBPI03107",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141147110427269\u0026w=2"
        },
        {
          "name": "59101",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59101"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://esupport.trendmicro.com/solution/en-US/1103813.aspx"
        },
        {
          "name": "59374",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59374"
        },
        {
          "name": "59063",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59063"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://discussions.nessus.org/thread/7517"
        },
        {
          "name": "59310",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59310"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501"
        },
        {
          "name": "HPSBMU03216",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676536"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
        },
        {
          "name": "IV61506",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61506"
        },
        {
          "name": "59502",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59502"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.splunk.com/view/SP-CAAAM2D"
        },
        {
          "name": "59878",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59878"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/"
        },
        {
          "name": "SUSE-SU-2015:0743",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
        },
        {
          "name": "HPSBMU03101",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140852826008699\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
        },
        {
          "name": "59214",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59214"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
        },
        {
          "name": "HPSBHF03088",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140794476212181\u0026w=2"
        },
        {
          "name": "HPSBMU03057",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX140876"
        },
        {
          "name": "59167",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59167"
        },
        {
          "name": "59120",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59120"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037732"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172"
        },
        {
          "name": "HPSBMU03053",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140369637402535\u0026w=2"
        },
        {
          "name": "59380",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59380"
        },
        {
          "name": "MDVSA-2014:105",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:105"
        },
        {
          "name": "59460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59460"
        },
        {
          "name": "59506",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59506"
        },
        {
          "name": "58939",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58939"
        },
        {
          "name": "SSRT101590",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
        },
        {
          "name": "59661",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59661"
        },
        {
          "name": "59514",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59514"
        },
        {
          "name": "59677",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59677"
        },
        {
          "name": "RHSA-2014:0630",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0630.html"
        },
        {
          "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195"
        },
        {
          "name": "RHSA-2014:0632",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0632.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037730"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037731"
        },
        {
          "name": "58745",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58745"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
        },
        {
          "name": "59438",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59438"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg3T1020948"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496"
        },
        {
          "name": "58714",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58714"
        },
        {
          "name": "HPSBGN03050",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2015:0229",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ccsinjection.lepidum.co.jp"
        },
        {
          "name": "59435",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59435"
        },
        {
          "name": "HPSBHF03052",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20140605.txt"
        },
        {
          "name": "58615",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58615"
        },
        {
          "name": "HPSBST03265",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644"
        },
        {
          "name": "59231",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59231"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ssg1S1004671"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT6443"
        },
        {
          "name": "59211",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59211"
        },
        {
          "name": "58433",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58433"
        },
        {
          "name": "60066",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60066"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/site/blogs/766093/posts/908133"
        },
        {
          "name": "59301",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59301"
        },
        {
          "name": "60522",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60522"
        },
        {
          "name": "59784",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59784"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
        },
        {
          "name": "HPSBST03097",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141383410222440\u0026w=2"
        },
        {
          "name": "20140607 Re: More OpenSSL issues",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Jun/38"
        },
        {
          "name": "HPSBMU03076",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
        },
        {
          "name": "59135",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59135"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
        },
        {
          "name": "58759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58759"
        },
        {
          "name": "59093",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59093"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://puppetlabs.com/security/cve/cve-2014-0224"
        },
        {
          "name": "59192",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59192"
        },
        {
          "name": "FEDORA-2014-9301",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
        },
        {
          "name": "HPSBMU03062",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
        },
        {
          "name": "58579",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58579"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf"
        },
        {
          "name": "59040",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59040"
        },
        {
          "name": "HPSBMU03056",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
        },
        {
          "name": "59175",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59175"
        },
        {
          "name": "60819",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60819"
        },
        {
          "name": "HPSBMU03051",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
        },
        {
          "name": "59666",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59666"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download"
        },
        {
          "name": "58128",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58128"
        },
        {
          "name": "HPSBMU03055",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
        },
        {
          "name": "59413",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59413"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676334"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037870"
        },
        {
          "name": "59721",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59721"
        },
        {
          "name": "HPSBHF03145",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141383465822787\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
        },
        {
          "name": "RHSA-2014:0680",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0680.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
        },
        {
          "name": "59012",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59012"
        },
        {
          "name": "58713",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58713"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
        },
        {
          "name": "59362",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59362"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
        },
        {
          "name": "HPSBMU03070",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140499864129699\u0026w=2"
        },
        {
          "name": "RHSA-2014:0631",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0631.html"
        },
        {
          "name": "59338",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59338"
        },
        {
          "name": "59450",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59450"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "VU#978508",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/978508"
        },
        {
          "name": "1031032",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031032"
        },
        {
          "name": "59287",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59287"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
        },
        {
          "name": "59491",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59491"
        },
        {
          "name": "59364",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59364"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues"
        },
        {
          "name": "59451",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59451"
        },
        {
          "name": "58977",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58977"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676333"
        },
        {
          "name": "60571",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60571"
        },
        {
          "name": "59459",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59459"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676833"
        },
        {
          "name": "60577",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60577"
        },
        {
          "name": "59448",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59448"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bc8923b1ec9c467755cd86f7848c50ee8812e441"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.blackberry.com/btsc/KB36051"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
        },
        {
          "name": "HPSBST03103",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141164638606214\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690"
        },
        {
          "name": "59885",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59885"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
        },
        {
          "name": "59202",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59202"
        },
        {
          "name": "RHSA-2014:0633",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0633.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004678"
        },
        {
          "name": "59375",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59375"
        },
        {
          "name": "HPSBMU03083",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140983229106599\u0026w=2"
        },
        {
          "name": "59528",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59528"
        },
        {
          "name": "58337",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58337"
        },
        {
          "name": "59518",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59518"
        },
        {
          "name": "59389",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59389"
        },
        {
          "name": "59162",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59162"
        },
        {
          "name": "59383",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59383"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677567"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29217"
        },
        {
          "name": "59490",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59490"
        },
        {
          "name": "59916",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59916"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E"
        },
        {
          "name": "HPSBMU03065",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037727"
        },
        {
          "name": "IT02314",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg1IT02314"
        },
        {
          "name": "59043",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59043"
        },
        {
          "name": "59347",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59347"
        },
        {
          "name": "60049",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60049"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-0224",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59342",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59342"
            },
            {
              "name": "59669",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59669"
            },
            {
              "name": "59525",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59525"
            },
            {
              "name": "HPSBMU03071",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140604261522465\u0026w=2"
            },
            {
              "name": "59004",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59004"
            },
            {
              "name": "59530",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59530"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626"
            },
            {
              "name": "59824",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59824"
            },
            {
              "name": "59282",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59282"
            },
            {
              "name": "http://www.novell.com/support/kb/doc.php?id=7015300",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
            },
            {
              "name": "59215",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59215"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1103586",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103586"
            },
            {
              "name": "59990",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59990"
            },
            {
              "name": "59264",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59264"
            },
            {
              "name": "59454",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59454"
            },
            {
              "name": "58492",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58492"
            },
            {
              "name": "59186",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59186"
            },
            {
              "name": "59188",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59188"
            },
            {
              "name": "59126",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59126"
            },
            {
              "name": "HPSBMU03078",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140672208601650\u0026w=2"
            },
            {
              "name": "HPSBMU03089",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140784085708882\u0026w=2"
            },
            {
              "name": "http://www.novell.com/support/kb/doc.php?id=7015264",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
            },
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html",
              "refsource": "CONFIRM",
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html"
            },
            {
              "name": "59306",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59306"
            },
            {
              "name": "RHSA-2014:0627",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0627.html"
            },
            {
              "name": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0",
              "refsource": "CONFIRM",
              "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
            },
            {
              "name": "HPSBGN03068",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2"
            },
            {
              "name": "RHSA-2014:0626",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0626.html"
            },
            {
              "name": "59190",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59190"
            },
            {
              "name": "58639",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58639"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21676877",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21676877"
            },
            {
              "name": "59446",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59446"
            },
            {
              "name": "59529",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59529"
            },
            {
              "name": "59445",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59445"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "59589",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59589"
            },
            {
              "name": "59894",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59894"
            },
            {
              "name": "59325",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59325"
            },
            {
              "name": "59354",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59354"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24037729",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037729"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677131",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677131"
            },
            {
              "name": "HPSBUX03046",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
            },
            {
              "name": "61254",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61254"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678233",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678233"
            },
            {
              "name": "59447",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59447"
            },
            {
              "name": "1031594",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031594"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E",
              "refsource": "CONFIRM",
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E"
            },
            {
              "name": "59223",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59223"
            },
            {
              "name": "58743",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58743"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "58719",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58719"
            },
            {
              "name": "59449",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59449"
            },
            {
              "name": "59132",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59132"
            },
            {
              "name": "SSRT101818",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
            },
            {
              "name": "HPSBST03098",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140870499402361\u0026w=2"
            },
            {
              "name": "HPSBMU03058",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140386311427810\u0026w=2"
            },
            {
              "name": "59442",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59442"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
            },
            {
              "name": "HPSBOV03047",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
            },
            {
              "name": "HPSBST03195",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
            },
            {
              "name": "59441",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59441"
            },
            {
              "name": "HPSBMU03074",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
            },
            {
              "name": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf"
            },
            {
              "name": "HPSBMU03094",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140852757108392\u0026w=2"
            },
            {
              "name": "https://filezilla-project.org/versions.php?type=server",
              "refsource": "CONFIRM",
              "url": "https://filezilla-project.org/versions.php?type=server"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676786",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676786"
            },
            {
              "name": "60567",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60567"
            },
            {
              "name": "59189",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59189"
            },
            {
              "name": "59368",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59368"
            },
            {
              "name": "MDVSA-2014:106",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106"
            },
            {
              "name": "59142",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59142"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676478",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676478"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676845",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676845"
            },
            {
              "name": "58742",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58742"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ssg1S1004670",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ssg1S1004670"
            },
            {
              "name": "RHSA-2014:0624",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0624.html"
            },
            {
              "name": "59602",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59602"
            },
            {
              "name": "http://www.kerio.com/support/kerio-control/release-history",
              "refsource": "CONFIRM",
              "url": "http://www.kerio.com/support/kerio-control/release-history"
            },
            {
              "name": "59300",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59300"
            },
            {
              "name": "58930",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58930"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677080",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677080"
            },
            {
              "name": "61815",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61815"
            },
            {
              "name": "58667",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58667"
            },
            {
              "name": "GLSA-201407-05",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677390",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677390"
            },
            {
              "name": "59191",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59191"
            },
            {
              "name": "59284",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59284"
            },
            {
              "name": "59444",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59444"
            },
            {
              "name": "https://www.imperialviolet.org/2014/06/05/earlyccs.html",
              "refsource": "MISC",
              "url": "https://www.imperialviolet.org/2014/06/05/earlyccs.html"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg24037783",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
            },
            {
              "name": "59365",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59365"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
            },
            {
              "name": "59305",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59305"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
            },
            {
              "name": "59483",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59483"
            },
            {
              "name": "58385",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58385"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            },
            {
              "name": "59495",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59495"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
            },
            {
              "name": "FEDORA-2014-9308",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
            },
            {
              "name": "58945",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58945"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
            },
            {
              "name": "HPSBST03106",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141025641601169\u0026w=2"
            },
            {
              "name": "59659",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59659"
            },
            {
              "name": "59440",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59440"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "59429",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59429"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
            },
            {
              "name": "59655",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59655"
            },
            {
              "name": "59370",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59370"
            },
            {
              "name": "59827",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59827"
            },
            {
              "name": "58660",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58660"
            },
            {
              "name": "59163",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59163"
            },
            {
              "name": "58716",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58716"
            },
            {
              "name": "59055",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59055"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
            },
            {
              "name": "59437",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59437"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
            },
            {
              "name": "60176",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60176"
            },
            {
              "name": "HPSBPI03107",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141147110427269\u0026w=2"
            },
            {
              "name": "59101",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59101"
            },
            {
              "name": "http://esupport.trendmicro.com/solution/en-US/1103813.aspx",
              "refsource": "CONFIRM",
              "url": "http://esupport.trendmicro.com/solution/en-US/1103813.aspx"
            },
            {
              "name": "59374",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59374"
            },
            {
              "name": "59063",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59063"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
            },
            {
              "name": "https://discussions.nessus.org/thread/7517",
              "refsource": "CONFIRM",
              "url": "https://discussions.nessus.org/thread/7517"
            },
            {
              "name": "59310",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59310"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501"
            },
            {
              "name": "HPSBMU03216",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676536",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676536"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
            },
            {
              "name": "IV61506",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61506"
            },
            {
              "name": "59502",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59502"
            },
            {
              "name": "http://www.splunk.com/view/SP-CAAAM2D",
              "refsource": "CONFIRM",
              "url": "http://www.splunk.com/view/SP-CAAAM2D"
            },
            {
              "name": "59878",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59878"
            },
            {
              "name": "http://www.fortiguard.com/advisory/FG-IR-14-018/",
              "refsource": "CONFIRM",
              "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/"
            },
            {
              "name": "SUSE-SU-2015:0743",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
            },
            {
              "name": "HPSBMU03101",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140852826008699\u0026w=2"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21676793",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
            },
            {
              "name": "59214",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59214"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21676356",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
            },
            {
              "name": "HPSBHF03088",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140794476212181\u0026w=2"
            },
            {
              "name": "HPSBMU03057",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
            },
            {
              "name": "http://support.citrix.com/article/CTX140876",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX140876"
            },
            {
              "name": "59167",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59167"
            },
            {
              "name": "59120",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59120"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24037732",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037732"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172"
            },
            {
              "name": "HPSBMU03053",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140369637402535\u0026w=2"
            },
            {
              "name": "59380",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59380"
            },
            {
              "name": "MDVSA-2014:105",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:105"
            },
            {
              "name": "59460",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59460"
            },
            {
              "name": "59506",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59506"
            },
            {
              "name": "58939",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58939"
            },
            {
              "name": "SSRT101590",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
            },
            {
              "name": "59661",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59661"
            },
            {
              "name": "59514",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59514"
            },
            {
              "name": "59677",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59677"
            },
            {
              "name": "RHSA-2014:0630",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0630.html"
            },
            {
              "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195"
            },
            {
              "name": "RHSA-2014:0632",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0632.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24037730",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037730"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24037731",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037731"
            },
            {
              "name": "58745",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58745"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
            },
            {
              "name": "59438",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59438"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=isg3T1020948",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg3T1020948"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496"
            },
            {
              "name": "58714",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58714"
            },
            {
              "name": "HPSBGN03050",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2015:0229",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html"
            },
            {
              "name": "http://ccsinjection.lepidum.co.jp",
              "refsource": "MISC",
              "url": "http://ccsinjection.lepidum.co.jp"
            },
            {
              "name": "59435",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59435"
            },
            {
              "name": "HPSBHF03052",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20140605.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20140605.txt"
            },
            {
              "name": "58615",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58615"
            },
            {
              "name": "HPSBST03265",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644"
            },
            {
              "name": "59231",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59231"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ssg1S1004671",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ssg1S1004671"
            },
            {
              "name": "SUSE-SU-2015:0578",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
            },
            {
              "name": "http://support.apple.com/kb/HT6443",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT6443"
            },
            {
              "name": "59211",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59211"
            },
            {
              "name": "58433",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58433"
            },
            {
              "name": "60066",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60066"
            },
            {
              "name": "http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html",
              "refsource": "CONFIRM",
              "url": "http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html"
            },
            {
              "name": "https://access.redhat.com/site/blogs/766093/posts/908133",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/site/blogs/766093/posts/908133"
            },
            {
              "name": "59301",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59301"
            },
            {
              "name": "60522",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60522"
            },
            {
              "name": "59784",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59784"
            },
            {
              "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA80",
              "refsource": "CONFIRM",
              "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
            },
            {
              "name": "HPSBST03097",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141383410222440\u0026w=2"
            },
            {
              "name": "20140607 Re: More OpenSSL issues",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Jun/38"
            },
            {
              "name": "HPSBMU03076",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
            },
            {
              "name": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6",
              "refsource": "CONFIRM",
              "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
            },
            {
              "name": "59135",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59135"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
            },
            {
              "name": "58759",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58759"
            },
            {
              "name": "59093",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59093"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740"
            },
            {
              "name": "http://puppetlabs.com/security/cve/cve-2014-0224",
              "refsource": "CONFIRM",
              "url": "http://puppetlabs.com/security/cve/cve-2014-0224"
            },
            {
              "name": "59192",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59192"
            },
            {
              "name": "FEDORA-2014-9301",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
            },
            {
              "name": "HPSBMU03062",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
            },
            {
              "name": "58579",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58579"
            },
            {
              "name": "https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf"
            },
            {
              "name": "59040",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59040"
            },
            {
              "name": "HPSBMU03056",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
            },
            {
              "name": "59175",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59175"
            },
            {
              "name": "60819",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60819"
            },
            {
              "name": "HPSBMU03051",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
            },
            {
              "name": "59666",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59666"
            },
            {
              "name": "http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download",
              "refsource": "CONFIRM",
              "url": "http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download"
            },
            {
              "name": "58128",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58128"
            },
            {
              "name": "HPSBMU03055",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
            },
            {
              "name": "59413",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59413"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676334",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676334"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24037870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037870"
            },
            {
              "name": "59721",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59721"
            },
            {
              "name": "HPSBHF03145",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141383465822787\u0026w=2"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
            },
            {
              "name": "RHSA-2014:0680",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0680.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
            },
            {
              "name": "59012",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59012"
            },
            {
              "name": "58713",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58713"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
            },
            {
              "name": "59362",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59362"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
            },
            {
              "name": "HPSBMU03070",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140499864129699\u0026w=2"
            },
            {
              "name": "RHSA-2014:0631",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0631.html"
            },
            {
              "name": "59338",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59338"
            },
            {
              "name": "59450",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59450"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1053.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "VU#978508",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/978508"
            },
            {
              "name": "1031032",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031032"
            },
            {
              "name": "59287",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59287"
            },
            {
              "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1",
              "refsource": "CONFIRM",
              "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
            },
            {
              "name": "59491",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59491"
            },
            {
              "name": "59364",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59364"
            },
            {
              "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues",
              "refsource": "CONFIRM",
              "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues"
            },
            {
              "name": "59451",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59451"
            },
            {
              "name": "58977",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58977"
            },
            {
              "name": "https://www.novell.com/support/kb/doc.php?id=7015271",
              "refsource": "CONFIRM",
              "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676333",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676333"
            },
            {
              "name": "60571",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60571"
            },
            {
              "name": "59459",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59459"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676833",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676833"
            },
            {
              "name": "60577",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60577"
            },
            {
              "name": "59448",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59448"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441"
            },
            {
              "name": "https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf"
            },
            {
              "name": "http://www.blackberry.com/btsc/KB36051",
              "refsource": "CONFIRM",
              "url": "http://www.blackberry.com/btsc/KB36051"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
            },
            {
              "name": "HPSBST03103",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141164638606214\u0026w=2"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690"
            },
            {
              "name": "59885",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59885"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
            },
            {
              "name": "59202",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59202"
            },
            {
              "name": "RHSA-2014:0633",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0633.html"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004678",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004678"
            },
            {
              "name": "59375",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59375"
            },
            {
              "name": "HPSBMU03083",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140983229106599\u0026w=2"
            },
            {
              "name": "59528",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59528"
            },
            {
              "name": "58337",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58337"
            },
            {
              "name": "59518",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59518"
            },
            {
              "name": "59389",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59389"
            },
            {
              "name": "59162",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59162"
            },
            {
              "name": "59383",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59383"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677567",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677567"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29217",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29217"
            },
            {
              "name": "59490",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59490"
            },
            {
              "name": "59916",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59916"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E",
              "refsource": "CONFIRM",
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E"
            },
            {
              "name": "HPSBMU03065",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24037727",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037727"
            },
            {
              "name": "IT02314",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IT02314"
            },
            {
              "name": "59043",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59043"
            },
            {
              "name": "59347",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59347"
            },
            {
              "name": "60049",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60049"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
            },
            {
              "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005",
              "refsource": "MISC",
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-0224",
    "datePublished": "2014-06-05T21:00:00",
    "dateReserved": "2013-12-03T00:00:00",
    "dateUpdated": "2024-08-06T09:05:39.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-4807
Vulnerability from cvelistv5
Published
2023-09-08 11:01
Modified
2024-08-02 07:38
Severity
Summary
POLY1305 MAC implementation corrupts XMM registers on Windows
References
URLTags
https://www.openssl.org/news/secadv/20230908.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ffpatch
https://security.netapp.com/advisory/ntap-20230921-0001/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:38:00.793Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230908.txt"
          },
          {
            "name": "3.1.3 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5"
          },
          {
            "name": "3.0.11 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508"
          },
          {
            "name": "1.1.1w git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230921-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.1.3",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.11",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1w",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Zach Wilson"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Bernd Edlinger"
        }
      ],
      "datePublic": "2023-09-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: The POLY1305 MAC (message authentication code) implementation\u003cbr\u003econtains a bug that might corrupt the internal state of applications on the\u003cbr\u003eWindows 64 platform when running on newer X86_64 processors supporting the\u003cbr\u003eAVX512-IFMA instructions.\u003cbr\u003e\u003cbr\u003eImpact summary: If in an application that uses the OpenSSL library an attacker\u003cbr\u003ecan influence whether the POLY1305 MAC algorithm is used, the application\u003cbr\u003estate might be corrupted with various application dependent consequences.\u003cbr\u003e\u003cbr\u003eThe POLY1305 MAC (message authentication code) implementation in OpenSSL does\u003cbr\u003enot save the contents of non-volatile XMM registers on Windows 64 platform\u003cbr\u003ewhen calculating the MAC of data larger than 64 bytes. Before returning to\u003cbr\u003ethe caller all the XMM registers are set to zero rather than restoring their\u003cbr\u003eprevious content. The vulnerable code is used only on newer x86_64 processors\u003cbr\u003esupporting the AVX512-IFMA instructions.\u003cbr\u003e\u003cbr\u003eThe consequences of this kind of internal application state corruption can\u003cbr\u003ebe various - from no consequences, if the calling application does not\u003cbr\u003edepend on the contents of non-volatile XMM registers at all, to the worst\u003cbr\u003econsequences, where the attacker could get complete control of the application\u003cbr\u003eprocess. However given the contents of the registers are just zeroized so\u003cbr\u003ethe attacker cannot put arbitrary values inside, the most likely consequence,\u003cbr\u003eif any, would be an incorrect result of some application dependent\u003cbr\u003ecalculations or a crash leading to a denial of service.\u003cbr\u003e\u003cbr\u003eThe POLY1305 MAC algorithm is most frequently used as part of the\u003cbr\u003eCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\u003cbr\u003ealgorithm. The most common usage of this AEAD cipher is with TLS protocol\u003cbr\u003eversions 1.2 and 1.3 and a malicious client can influence whether this AEAD\u003cbr\u003ecipher is used by the server. This implies that server applications using\u003cbr\u003eOpenSSL can be potentially impacted. However we are currently not aware of\u003cbr\u003eany concrete application that would be affected by this issue therefore we\u003cbr\u003econsider this a Low severity security issue.\u003cbr\u003e\u003cbr\u003eAs a workaround the AVX512-IFMA instructions support can be disabled at\u003cbr\u003eruntime by setting the environment variable OPENSSL_ia32cap:\u003cbr\u003e\u003cbr\u003e   OPENSSL_ia32cap=:~0x200000\u003cbr\u003e\u003cbr\u003eThe FIPS provider is not affected by this issue."
            }
          ],
          "value": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications on the\nWindows 64 platform when running on newer X86_64 processors supporting the\nAVX512-IFMA instructions.\n\nImpact summary: If in an application that uses the OpenSSL library an attacker\ncan influence whether the POLY1305 MAC algorithm is used, the application\nstate might be corrupted with various application dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL does\nnot save the contents of non-volatile XMM registers on Windows 64 platform\nwhen calculating the MAC of data larger than 64 bytes. Before returning to\nthe caller all the XMM registers are set to zero rather than restoring their\nprevious content. The vulnerable code is used only on newer x86_64 processors\nsupporting the AVX512-IFMA instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However given the contents of the registers are just zeroized so\nthe attacker cannot put arbitrary values inside, the most likely consequence,\nif any, would be an incorrect result of some application dependent\ncalculations or a crash leading to a denial of service.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3 and a malicious client can influence whether this AEAD\ncipher is used by the server. This implies that server applications using\nOpenSSL can be potentially impacted. However we are currently not aware of\nany concrete application that would be affected by this issue therefore we\nconsider this a Low severity security issue.\n\nAs a workaround the AVX512-IFMA instructions support can be disabled at\nruntime by setting the environment variable OPENSSL_ia32cap:\n\n   OPENSSL_ia32cap=:~0x200000\n\nThe FIPS provider is not affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Passing Mutable Objects to an Untrusted Method",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-12T07:21:22.295Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230908.txt"
        },
        {
          "name": "3.1.3 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5"
        },
        {
          "name": "3.0.11 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508"
        },
        {
          "name": "1.1.1w git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230921-0001/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "POLY1305 MAC implementation corrupts XMM registers on Windows",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-4807",
    "datePublished": "2023-09-08T11:01:53.663Z",
    "dateReserved": "2023-09-06T16:32:29.871Z",
    "dateUpdated": "2024-08-02T07:38:00.793Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3569
Vulnerability from cvelistv5
Published
2014-12-24 11:00
Modified
2024-08-06 10:50
Severity
Summary
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.
References
URLTags
http://www.securityfocus.com/bid/71934vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=142895206924048&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.htmlvendor-advisory, x_refsource_SUSE
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-sslvendor-advisory, x_refsource_CISCO
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory, x_refsource_HP
https://support.apple.com/HT204659x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlx_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2014-3569x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory, x_refsource_HP
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888x_refsource_CONFIRM
http://www.securitytracker.com/id/1033378vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=142721102728110&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
https://www.openssl.org/news/secadv_20150108.txtx_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019vendor-advisory, x_refsource_MANDRIVA
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlx_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=b82924741b4bd590da890619be671f4635e46c2bx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142496289803847&w=2vendor-advisory, x_refsource_HP
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlvendor-advisory, x_refsource_APPLE
https://kc.mcafee.com/corporate/index?page=content&id=SB10108x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=6ce9687b5aba5391fc0de50e18779eb676d0e04dx_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10102x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050205101530&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142496179803395&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
https://support.citrix.com/article/CTX216642x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050254401665&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142496289803847&w=2vendor-advisory, x_refsource_HP
http://rt.openssl.org/Ticket/Display.html?id=3571&user=guest&pass=guestx_refsource_CONFIRM
https://bto.bluecoat.com/security-advisory/sa88x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3125vendor-advisory, x_refsource_DEBIAN
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:17.405Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "71934",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71934"
          },
          {
            "name": "HPSBOV03318",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "openSUSE-SU-2015:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
          },
          {
            "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204659"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2014-3569"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "1033378",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033378"
          },
          {
            "name": "HPSBHF03289",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150108.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "name": "MDVSA-2015:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=b82924741b4bd590da890619be671f4635e46c2b"
          },
          {
            "name": "HPSBUX03244",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "name": "APPLE-SA-2015-04-08-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=6ce9687b5aba5391fc0de50e18779eb676d0e04d"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
          },
          {
            "name": "SUSE-SU-2015:0946",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "HPSBMU03396",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
          },
          {
            "name": "HPSBUX03162",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "HPSBMU03413",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "name": "SSRT101885",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa88"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5"
          },
          {
            "name": "DSA-3125",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3125"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.  NOTE: this issue became relevant after the CVE-2014-3568 fix."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-14T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "71934",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71934"
        },
        {
          "name": "HPSBOV03318",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "openSUSE-SU-2015:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
        },
        {
          "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204659"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2014-3569"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "1033378",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033378"
        },
        {
          "name": "HPSBHF03289",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20150108.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "name": "MDVSA-2015:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=b82924741b4bd590da890619be671f4635e46c2b"
        },
        {
          "name": "HPSBUX03244",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
        },
        {
          "name": "APPLE-SA-2015-04-08-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=6ce9687b5aba5391fc0de50e18779eb676d0e04d"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
        },
        {
          "name": "SUSE-SU-2015:0946",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "HPSBMU03396",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
        },
        {
          "name": "HPSBUX03162",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "HPSBMU03413",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
        },
        {
          "name": "SSRT101885",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa88"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5"
        },
        {
          "name": "DSA-3125",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3125"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3569",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.  NOTE: this issue became relevant after the CVE-2014-3568 fix."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "71934",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71934"
            },
            {
              "name": "HPSBOV03318",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "openSUSE-SU-2015:0130",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
            },
            {
              "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
            },
            {
              "name": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html",
              "refsource": "CONFIRM",
              "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html"
            },
            {
              "name": "HPSBMU03409",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
            },
            {
              "name": "https://support.apple.com/HT204659",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2014-3569",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2014-3569"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
            },
            {
              "name": "HPSBMU03380",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
            },
            {
              "name": "1033378",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033378"
            },
            {
              "name": "HPSBHF03289",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20150108.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20150108.txt"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
            },
            {
              "name": "MDVSA-2015:019",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b"
            },
            {
              "name": "HPSBUX03244",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
            },
            {
              "name": "SUSE-SU-2015:0946",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
            },
            {
              "name": "HPSBMU03397",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "HPSBMU03396",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
            },
            {
              "name": "HPSBUX03162",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "https://support.citrix.com/article/CTX216642",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX216642"
            },
            {
              "name": "HPSBMU03413",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
            },
            {
              "name": "SSRT101885",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest",
              "refsource": "CONFIRM",
              "url": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa88",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa88"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5"
            },
            {
              "name": "DSA-3125",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3125"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3569",
    "datePublished": "2014-12-24T11:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:17.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-8610
Vulnerability from cvelistv5
Published
2017-11-13 22:00
Modified
2024-08-06 02:27
Severity
Summary
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
References
URLTags
http://www.securityfocus.com/bid/93841vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2017-1659.htmlvendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1658vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1801vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0286.htmlvendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1413vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2494vendor-advisory, x_refsource_REDHAT
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.ascvendor-advisory, x_refsource_FREEBSD
https://access.redhat.com/errata/RHSA-2017:1414vendor-advisory, x_refsource_REDHAT
http://seclists.org/oss-sec/2016/q4/224mailing-list, x_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2017-0574.htmlvendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-3773vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-1415.htmlvendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1037084vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1802vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2493vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20171130-0001/x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401x_refsource_CONFIRM
https://security.360.cn/cve/CVE-2016-8610/x_refsource_MISC
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_usx_refsource_CONFIRM
https://security.paloaltonetworks.com/CVE-2016-8610x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:40.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "93841",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93841"
          },
          {
            "name": "RHSA-2017:1659",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
          },
          {
            "name": "RHSA-2017:1658",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1658"
          },
          {
            "name": "RHSA-2017:1801",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1801"
          },
          {
            "name": "RHSA-2017:0286",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
          },
          {
            "name": "RHSA-2017:1413",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1413"
          },
          {
            "name": "RHSA-2017:2494",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2494"
          },
          {
            "name": "FreeBSD-SA-16:35",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
          },
          {
            "name": "RHSA-2017:1414",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1414"
          },
          {
            "name": "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2016/q4/224"
          },
          {
            "name": "RHSA-2017:0574",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
          },
          {
            "name": "DSA-3773",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3773"
          },
          {
            "name": "RHSA-2017:1415",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
          },
          {
            "name": "1037084",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037084"
          },
          {
            "name": "RHSA-2017:1802",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1802"
          },
          {
            "name": "RHSA-2017:2493",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2493"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.360.cn/cve/CVE-2016-8610/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03897en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2016-8610"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "All 0.9.8"
            },
            {
              "status": "affected",
              "version": "All 1.0.1"
            },
            {
              "status": "affected",
              "version": "1.0.2 through 1.0.2h"
            },
            {
              "status": "affected",
              "version": "1.1.0"
            }
          ]
        }
      ],
      "datePublic": "2016-10-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:51",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "93841",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93841"
        },
        {
          "name": "RHSA-2017:1659",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
        },
        {
          "name": "RHSA-2017:1658",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1658"
        },
        {
          "name": "RHSA-2017:1801",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1801"
        },
        {
          "name": "RHSA-2017:0286",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
        },
        {
          "name": "RHSA-2017:1413",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1413"
        },
        {
          "name": "RHSA-2017:2494",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2494"
        },
        {
          "name": "FreeBSD-SA-16:35",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
        },
        {
          "name": "RHSA-2017:1414",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1414"
        },
        {
          "name": "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2016/q4/224"
        },
        {
          "name": "RHSA-2017:0574",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
        },
        {
          "name": "DSA-3773",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3773"
        },
        {
          "name": "RHSA-2017:1415",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
        },
        {
          "name": "1037084",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037084"
        },
        {
          "name": "RHSA-2017:1802",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1802"
        },
        {
          "name": "RHSA-2017:2493",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2493"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.360.cn/cve/CVE-2016-8610/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03897en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2016-8610"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-8610",
    "datePublished": "2017-11-13T22:00:00Z",
    "dateReserved": "2016-10-12T00:00:00",
    "dateUpdated": "2024-08-06T02:27:40.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3733
Vulnerability from cvelistv5
Published
2017-05-04 19:00
Modified
2024-09-16 16:18
Severity
Summary
Encrypt-Then-Mac renegotiation crash
References
URLTags
http://www.securityfocus.com/bid/96269vdb-entry, x_refsource_BID
https://www.openssl.org/news/secadv/20170216.txtx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_usx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2x_refsource_MISC
http://www.securitytracker.com/id/1037846vdb-entry, x_refsource_SECTRACK
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:40.764Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96269",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96269"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20170216.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03728en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2"
          },
          {
            "name": "1037846",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037846"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "openssl-1.1.0"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0a"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0b"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0c"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0d"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Joe Orton (Red Hat)"
        }
      ],
      "datePublic": "2017-02-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#High",
              "value": "High"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "protocol error",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-23T19:08:15",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "96269",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96269"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20170216.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03728en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2"
        },
        {
          "name": "1037846",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037846"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        }
      ],
      "title": "Encrypt-Then-Mac renegotiation crash",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2017-02-16",
          "ID": "CVE-2017-3733",
          "STATE": "PUBLIC",
          "TITLE": "Encrypt-Then-Mac renegotiation crash"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "openssl-1.1.0"
                          },
                          {
                            "version_value": "openssl-1.1.0a"
                          },
                          {
                            "version_value": "openssl-1.1.0b"
                          },
                          {
                            "version_value": "openssl-1.1.0c"
                          },
                          {
                            "version_value": "openssl-1.1.0d"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Joe Orton (Red Hat)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#High",
            "value": "High"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "protocol error"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96269",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96269"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20170216.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20170216.txt"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03728en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03728en_us"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2",
              "refsource": "MISC",
              "url": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2"
            },
            {
              "name": "1037846",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037846"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2017-3733",
    "datePublished": "2017-05-04T19:00:00Z",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-09-16T16:18:03.381Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3737
Vulnerability from cvelistv5
Published
2017-12-07 00:00
Modified
2024-08-05 14:39
Severity
Summary
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.
References
URLTags
https://access.redhat.com/errata/RHSA-2018:2185vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2186vendor-advisory, x_refsource_REDHAT
https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dcx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180419-0002/x_refsource_CONFIRM
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.ascvendor-advisory, x_refsource_FREEBSD
https://security.gentoo.org/glsa/201712-03vendor-advisory, x_refsource_GENTOO
http://www.securitytracker.com/id/1039978vdb-entry, x_refsource_SECTRACK
https://www.openssl.org/news/secadv/20171207.txtx_refsource_CONFIRM
https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/x_refsource_MISC
https://access.redhat.com/errata/RHSA-2018:0998vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
https://www.debian.org/security/2017/dsa-4065vendor-advisory, x_refsource_DEBIAN
https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdfx_refsource_CONFIRM
http://www.securityfocus.com/bid/102103vdb-entry, x_refsource_BID
https://www.tenable.com/security/tns-2017-16x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2187vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20180117-0002/x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20171208-0001/x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
Impacted products
VendorProduct
OpenSSL Software FoundationOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:40.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2185",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2185"
          },
          {
            "name": "RHSA-2018:2186",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2186"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180419-0002/"
          },
          {
            "name": "FreeBSD-SA-17:12",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc"
          },
          {
            "name": "GLSA-201712-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201712-03"
          },
          {
            "name": "1039978",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039978"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20171207.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/"
          },
          {
            "name": "RHSA-2018:0998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0998"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "DSA-4065",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4065"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf"
          },
          {
            "name": "102103",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102103"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-16"
          },
          {
            "name": "RHSA-2018:2187",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2187"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171208-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.2b-1.0.2m"
            }
          ]
        }
      ],
      "datePublic": "2017-12-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unauthenticated read/unencrypted write",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-23T22:31:33",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "RHSA-2018:2185",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2185"
        },
        {
          "name": "RHSA-2018:2186",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2186"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180419-0002/"
        },
        {
          "name": "FreeBSD-SA-17:12",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc"
        },
        {
          "name": "GLSA-201712-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201712-03"
        },
        {
          "name": "1039978",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039978"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20171207.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/"
        },
        {
          "name": "RHSA-2018:0998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0998"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "DSA-4065",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4065"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf"
        },
        {
          "name": "102103",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102103"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2017-16"
        },
        {
          "name": "RHSA-2018:2187",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171208-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2017-12-07T00:00:00",
          "ID": "CVE-2017-3737",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0.2b-1.0.2m"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unauthenticated read/unencrypted write"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2185",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2185"
            },
            {
              "name": "RHSA-2018:2186",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2186"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc",
              "refsource": "CONFIRM",
              "url": "https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180419-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180419-0002/"
            },
            {
              "name": "FreeBSD-SA-17:12",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc"
            },
            {
              "name": "GLSA-201712-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201712-03"
            },
            {
              "name": "1039978",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039978"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20171207.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20171207.txt"
            },
            {
              "name": "https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/",
              "refsource": "MISC",
              "url": "https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/"
            },
            {
              "name": "RHSA-2018:0998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0998"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "DSA-4065",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4065"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf"
            },
            {
              "name": "102103",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102103"
            },
            {
              "name": "https://www.tenable.com/security/tns-2017-16",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2017-16"
            },
            {
              "name": "RHSA-2018:2187",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2187"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0002/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171208-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171208-0001/"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2017-3737",
    "datePublished": "2017-12-07T00:00:00",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-08-05T14:39:40.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-3996
Vulnerability from cvelistv5
Published
2022-12-13 15:43
Modified
2024-08-03 01:27
Severity
Summary
X.509 Policy Constraints Double Locking
References
URLTags
https://www.openssl.org/news/secadv/20221213.txtvendor-advisory
https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7patch
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:27:54.475Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20230203-0003/"
          },
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20221213.txt"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openssl",
            "vendor": "openssl",
            "versions": [
              {
                "lessThan": "3.0.7",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:ontap_9:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ontap_9",
            "vendor": "netapp",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:fas\\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fas\\/aff_baseboard_management_controller",
            "vendor": "netapp",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "management_services_for_element_software",
            "vendor": "netapp",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:altavault_ost_plug-in:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "altavault_ost_plug-in",
            "vendor": "netapp",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:hci_baseboard_management_controller:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "hci_baseboard_management_controller",
            "vendor": "netapp",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smi-s_provider",
            "vendor": "netapp",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-3996",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T21:11:25.058550Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:18:41.599Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThanOrEqual": "3.0.7",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Polar Bear"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Paul Dale"
        }
      ],
      "datePublic": "2022-12-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "If an X.509 certificate contains a malformed policy constraint and\u003cbr\u003epolicy processing is enabled, then a write lock will be taken twice\u003cbr\u003erecursively.  On some operating systems (most widely: Windows) this\u003cbr\u003eresults in a denial of service when the affected process hangs.  Policy\u003cbr\u003eprocessing being enabled on a publicly facing server is not considered\u003cbr\u003eto be a common setup.\u003cbr\u003e\u003cbr\u003ePolicy processing is enabled by passing the `-policy\u0027\u003cbr\u003eargument to the command line utilities or by calling the\u003cbr\u003e`X509_VERIFY_PARAM_set1_policies()\u0027 function.\u003cbr\u003e\u003cbr\u003eUpdate (31 March 2023): The description of the policy processing enablement\u003cbr\u003ewas corrected based on CVE-2023-0466."
            }
          ],
          "value": "If an X.509 certificate contains a malformed policy constraint and\npolicy processing is enabled, then a write lock will be taken twice\nrecursively.  On some operating systems (most widely: Windows) this\nresults in a denial of service when the affected process hangs.  Policy\nprocessing being enabled on a publicly facing server is not considered\nto be a common setup.\n\nPolicy processing is enabled by passing the `-policy\u0027\nargument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()\u0027 function.\n\nUpdate (31 March 2023): The description of the policy processing enablement\nwas corrected based on CVE-2023-0466."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html#low"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-667",
              "description": "CWE-667 Improper Locking",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-31T09:50:45.685Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20221213.txt"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "X.509 Policy Constraints Double Locking",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-3996",
    "datePublished": "2022-12-13T15:43:06.821Z",
    "dateReserved": "2022-11-15T11:47:05.740Z",
    "dateUpdated": "2024-08-03T01:27:54.475Z",
    "requesterUserId": "b0d835d1-bcd6-467d-a017-37d7df925f4b",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-7055
Vulnerability from cvelistv5
Published
2017-05-04 20:00
Modified
2024-08-06 01:50
Severity
Summary
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.
References
URLTags
https://access.redhat.com/errata/RHSA-2018:2185vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2186vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_usx_refsource_CONFIRM
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://www.tenable.com/security/tns-2017-04x_refsource_CONFIRM
https://security.gentoo.org/glsa/201702-07vendor-advisory, x_refsource_GENTOO
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/94242vdb-entry, x_refsource_BID
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2187vendor-advisory, x_refsource_REDHAT
https://www.openssl.org/news/secadv/20161110.txtx_refsource_CONFIRM
http://www.securitytracker.com/id/1037261vdb-entry, x_refsource_SECTRACK
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:50:46.654Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2185",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2185"
          },
          {
            "name": "RHSA-2018:2186",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2186"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
          },
          {
            "name": "FreeBSD-SA-17:02",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-04"
          },
          {
            "name": "GLSA-201702-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-07"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "94242",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94242"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03752en_us"
          },
          {
            "name": "RHSA-2018:2187",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2187"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20161110.txt"
          },
          {
            "name": "1037261",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037261"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker\u0027s direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-23T19:08:14",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2018:2185",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2185"
        },
        {
          "name": "RHSA-2018:2186",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2186"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
        },
        {
          "name": "FreeBSD-SA-17:02",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2017-04"
        },
        {
          "name": "GLSA-201702-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-07"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "94242",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94242"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03752en_us"
        },
        {
          "name": "RHSA-2018:2187",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20161110.txt"
        },
        {
          "name": "1037261",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037261"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7055",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker\u0027s direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2185",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2185"
            },
            {
              "name": "RHSA-2018:2186",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2186"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
            },
            {
              "name": "FreeBSD-SA-17:02",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2017-04",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2017-04"
            },
            {
              "name": "GLSA-201702-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-07"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "94242",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94242"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03752en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03752en_us"
            },
            {
              "name": "RHSA-2018:2187",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2187"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20161110.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20161110.txt"
            },
            {
              "name": "1037261",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037261"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-7055",
    "datePublished": "2017-05-04T20:00:00",
    "dateReserved": "2016-08-23T00:00:00",
    "dateUpdated": "2024-08-06T01:50:46.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0287
Vulnerability from cvelistv5
Published
2015-03-19 00:00
Modified
2024-08-06 04:03
Severity
Summary
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.
References
URLTags
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://rhn.redhat.com/errata/RHSA-2015-0715.htmlvendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680
http://www.debian.org/security/2015/dsa-3197vendor-advisory
http://www.ubuntu.com/usn/USN-2537-1vendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=b717b083073b6cacc0a5e2397b661678aff7ae7f
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.htmlvendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
https://support.apple.com/HT205212
http://www.securityfocus.com/bid/73227vdb-entry
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.htmlvendor-advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory
https://access.redhat.com/articles/1384453
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisory
https://support.apple.com/HT205267
http://marc.info/?l=bugtraq&m=143213830203296&w=2vendor-advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://rhn.redhat.com/errata/RHSA-2015-0716.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=142841429220765&w=2vendor-advisory
http://support.apple.com/kb/HT204942
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory
https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.ascvendor-advisory
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://rhn.redhat.com/errata/RHSA-2015-0752.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-0800.htmlvendor-advisory
http://www.securitytracker.com/id/1031929vdb-entry
http://marc.info/?l=bugtraq&m=143213830203296&w=2vendor-advisory
http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.htmlvendor-advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.htmlvendor-advisory
https://support.citrix.com/article/CTX216642
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.htmlvendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1202380
https://security.gentoo.org/glsa/201503-11vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "RHSA-2015:0715",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
          },
          {
            "name": "openSUSE-SU-2015:0554",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
          },
          {
            "name": "DSA-3197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3197"
          },
          {
            "name": "USN-2537-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2537-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=b717b083073b6cacc0a5e2397b661678aff7ae7f"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "name": "FEDORA-2015-4303",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205212"
          },
          {
            "name": "73227",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73227"
          },
          {
            "name": "APPLE-SA-2015-09-30-3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "FEDORA-2015-4300",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
          },
          {
            "name": "APPLE-SA-2015-06-30-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "FEDORA-2015-6951",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/1384453"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205267"
          },
          {
            "name": "HPSBUX03334",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "MDVSA-2015:063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
          },
          {
            "name": "SUSE-SU-2015:0541",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "RHSA-2015:0716",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
          },
          {
            "name": "HPSBGN03306",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "name": "FreeBSD-SA-15:06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "RHSA-2015:0752",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
          },
          {
            "name": "RHSA-2015:0800",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "SSRT102000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "APPLE-SA-2015-09-16-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "name": "FEDORA-2015-4320",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "SUSE-SU-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
          },
          {
            "name": "FEDORA-2015-6855",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202380"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "RHSA-2015:0715",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
        },
        {
          "name": "openSUSE-SU-2015:0554",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
        },
        {
          "name": "DSA-3197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3197"
        },
        {
          "name": "USN-2537-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2537-1"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=b717b083073b6cacc0a5e2397b661678aff7ae7f"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "name": "FEDORA-2015-4303",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "https://support.apple.com/HT205212"
        },
        {
          "name": "73227",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73227"
        },
        {
          "name": "APPLE-SA-2015-09-30-3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "FEDORA-2015-4300",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
        },
        {
          "name": "APPLE-SA-2015-06-30-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        },
        {
          "name": "FEDORA-2015-6951",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "https://access.redhat.com/articles/1384453"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "url": "https://support.apple.com/HT205267"
        },
        {
          "name": "HPSBUX03334",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "MDVSA-2015:063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
        },
        {
          "name": "SUSE-SU-2015:0541",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "RHSA-2015:0716",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
        },
        {
          "name": "HPSBGN03306",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
        },
        {
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "name": "FreeBSD-SA-15:06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "RHSA-2015:0752",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
        },
        {
          "name": "RHSA-2015:0800",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "SSRT102000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "APPLE-SA-2015-09-16-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "name": "FEDORA-2015-4320",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
        },
        {
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "SUSE-SU-2016:0678",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
        },
        {
          "name": "FEDORA-2015-6855",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202380"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0287",
    "datePublished": "2015-03-19T00:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0798
Vulnerability from cvelistv5
Published
2016-03-03 00:00
Modified
2024-08-05 22:30
Severity
Summary
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
References
URLTags
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=259b664f950c2ba66fbf4b0fe5281327904ead21
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlvendor-advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.ascvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-2914-1vendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
http://openssl.org/news/secadv/20160301.txt
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-opensslvendor-advisory
http://www.securityfocus.com/bid/83705vdb-entry
http://www.debian.org/security/2016/dsa-3500vendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
https://www.openssl.org/news/secadv/20160301.txt
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.securityfocus.com/bid/91787vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlvendor-advisory
https://security.gentoo.org/glsa/201603-15vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlvendor-advisory
http://www.securitytracker.com/id/1035133vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:05.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=259b664f950c2ba66fbf4b0fe5281327904ead21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "openSUSE-SU-2016:0638",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
          },
          {
            "name": "FreeBSD-SA-16:12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
          },
          {
            "name": "SUSE-SU-2016:0621",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
          },
          {
            "name": "USN-2914-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2914-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20160301.txt"
          },
          {
            "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
          },
          {
            "name": "83705",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/83705"
          },
          {
            "name": "DSA-3500",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3500"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160301.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "SUSE-SU-2016:0617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
          },
          {
            "name": "GLSA-201603-15",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201603-15"
          },
          {
            "name": "openSUSE-SU-2016:0628",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
          },
          {
            "name": "1035133",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035133"
          },
          {
            "name": "SUSE-SU-2016:0620",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "name": "openSUSE-SU-2016:0627",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=259b664f950c2ba66fbf4b0fe5281327904ead21"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "openSUSE-SU-2016:0638",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
        },
        {
          "name": "FreeBSD-SA-16:12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
        },
        {
          "name": "SUSE-SU-2016:0621",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
        },
        {
          "name": "USN-2914-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2914-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
        },
        {
          "url": "http://openssl.org/news/secadv/20160301.txt"
        },
        {
          "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
        },
        {
          "name": "83705",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/83705"
        },
        {
          "name": "DSA-3500",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3500"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160301.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "SUSE-SU-2016:0617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
        },
        {
          "name": "GLSA-201603-15",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201603-15"
        },
        {
          "name": "openSUSE-SU-2016:0628",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
        },
        {
          "name": "1035133",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035133"
        },
        {
          "name": "SUSE-SU-2016:0620",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "name": "openSUSE-SU-2016:0627",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0798",
    "datePublished": "2016-03-03T00:00:00",
    "dateReserved": "2015-12-16T00:00:00",
    "dateUpdated": "2024-08-05T22:30:05.078Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-0740
Vulnerability from cvelistv5
Published
2010-03-26 18:00
Modified
2024-08-07 00:59
Severity
Summary
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.
References
URLTags
http://secunia.com/advisories/42724third-party-advisory, x_refsource_SECUNIA
http://support.apple.com/kb/HT4723x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=127557640302499&w=2vendor-advisory, x_refsource_HP
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.openssl.org/news/secadv_20100324.txtx_refsource_CONFIRM
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlmailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2010/0710vdb-entry, x_refsource_VUPEN
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0839vdb-entry, x_refsource_VUPEN
http://marc.info/?l=bugtraq&m=127557640302499&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076vendor-advisory, x_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=127128920008563&w=2vendor-advisory, x_refsource_HP
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlmailing-list, x_refsource_MLIST
http://www.securitytracker.com/id?1023748vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/39932third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0933vdb-entry, x_refsource_VUPEN
http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=127128920008563&w=2vendor-advisory, x_refsource_HP
https://kb.bluecoat.com/index?page=content&id=SA50x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/archive/1/516397/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/43311third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/1216vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/42733third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.htmlvendor-advisory, x_refsource_FEDORA
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.ascx_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:59:39.011Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4723"
          },
          {
            "name": "HPSBUX02531",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
          },
          {
            "name": "APPLE-SA-2011-06-23-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20100324.txt"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
          },
          {
            "name": "ADV-2010-0710",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0710"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
          },
          {
            "name": "ADV-2010-0839",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0839"
          },
          {
            "name": "SSRT100108",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
          },
          {
            "name": "MDVSA-2010:076",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
          },
          {
            "name": "HPSBUX02517",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
          },
          {
            "name": "1023748",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023748"
          },
          {
            "name": "39932",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39932"
          },
          {
            "name": "ADV-2010-0933",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0933"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "SSRT100058",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "oval:org.mitre.oval:def:11731",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "43311",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43311"
          },
          {
            "name": "ADV-2010-1216",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1216"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "FEDORA-2010-5744",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4723"
        },
        {
          "name": "HPSBUX02531",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
        },
        {
          "name": "APPLE-SA-2011-06-23-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20100324.txt"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
        },
        {
          "name": "ADV-2010-0710",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0710"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
        },
        {
          "name": "ADV-2010-0839",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0839"
        },
        {
          "name": "SSRT100108",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
        },
        {
          "name": "MDVSA-2010:076",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
        },
        {
          "name": "HPSBUX02517",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
        },
        {
          "name": "1023748",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023748"
        },
        {
          "name": "39932",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39932"
        },
        {
          "name": "ADV-2010-0933",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0933"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "SSRT100058",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "oval:org.mitre.oval:def:11731",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "43311",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43311"
        },
        {
          "name": "ADV-2010-1216",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1216"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "FEDORA-2010-5744",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-0740",
    "datePublished": "2010-03-26T18:00:00",
    "dateReserved": "2010-02-26T00:00:00",
    "dateUpdated": "2024-08-07T00:59:39.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0208
Vulnerability from cvelistv5
Published
2015-03-19 00:00
Modified
2024-08-06 04:03
Severity
Summary
The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature.
References
URLTags
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=4b22cce3812052fe64fc3f6d58d8cc884e3cb834
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1202369
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
http://www.securityfocus.com/bid/73230vdb-entry
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory
http://www.securitytracker.com/id/1031929vdb-entry
https://security.gentoo.org/glsa/201503-11vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=4b22cce3812052fe64fc3f6d58d8cc884e3cb834"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202369"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "name": "73230",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73230"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=4b22cce3812052fe64fc3f6d58d8cc884e3cb834"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202369"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "name": "73230",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73230"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0208",
    "datePublished": "2015-03-19T00:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.256Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3450
Vulnerability from cvelistv5
Published
2021-03-25 00:00
Modified
2024-08-03 16:53
Severity
Summary
CA certificate check bypass with X509_V_FLAG_X509_STRICT
References
URLTags
https://www.openssl.org/news/secadv/20210325.txtx_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63bx_refsource_CONFIRM
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJdvendor-advisory, x_refsource_CISCO
http://www.openwall.com/lists/oss-security/2021/03/27/1mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/03/27/2mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/03/28/3mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/03/28/4mailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/202103-03vendor-advisory, x_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/vendor-advisory, x_refsource_FEDORA
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2021-09x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20210326-0006/x_refsource_CONFIRM
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.ascx_refsource_MISC
https://www.tenable.com/security/tns-2021-05x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10356x_refsource_CONFIRM
https://www.tenable.com/security/tns-2021-08x_refsource_CONFIRM
https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845x_refsource_CONFIRM
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfx_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:53:17.644Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20210325.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
          },
          {
            "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
          },
          {
            "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
          },
          {
            "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
          },
          {
            "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
          },
          {
            "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
          },
          {
            "name": "GLSA-202103-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202103-03"
          },
          {
            "name": "FEDORA-2021-cbf14ab8f9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-09"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-05"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-08"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Benjamin Kaduk (Akamai), Xiang Ding (Akamai), others at Akamai"
        }
      ],
      "datePublic": "2021-03-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#High",
              "value": "High"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Invalid Certificate Verification",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:35:11",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20210325.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
        },
        {
          "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
        },
        {
          "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
        },
        {
          "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
        },
        {
          "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
        },
        {
          "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
        },
        {
          "name": "GLSA-202103-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202103-03"
        },
        {
          "name": "FEDORA-2021-cbf14ab8f9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-09"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-05"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-08"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "title": "CA certificate check bypass with X509_V_FLAG_X509_STRICT",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2021-03-25",
          "ID": "CVE-2021-3450",
          "STATE": "PUBLIC",
          "TITLE": "CA certificate check bypass with X509_V_FLAG_X509_STRICT"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Benjamin Kaduk (Akamai), Xiang Ding (Akamai), others at Akamai"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#High",
            "value": "High"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Invalid Certificate Verification"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openssl.org/news/secadv/20210325.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20210325.txt"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20210325.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20210325.txt"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
            },
            {
              "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
            },
            {
              "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
            },
            {
              "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
            },
            {
              "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
            },
            {
              "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
            },
            {
              "name": "GLSA-202103-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202103-03"
            },
            {
              "name": "FEDORA-2021-cbf14ab8f9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-09",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-09"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210326-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
            },
            {
              "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc",
              "refsource": "MISC",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-05",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-05"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-08",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-08"
            },
            {
              "name": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html",
              "refsource": "MISC",
              "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2021-3450",
    "datePublished": "2021-03-25T00:00:00",
    "dateReserved": "2021-03-19T00:00:00",
    "dateUpdated": "2024-08-03T16:53:17.644Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1549
Vulnerability from cvelistv5
Published
2019-09-10 00:00
Modified
2024-08-04 18:20
Severity
Summary
Fork Protection
References
URLTags
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/vendor-advisory, x_refsource_FEDORA
https://seclists.org/bugtraq/2019/Oct/1mailing-list, x_refsource_BUGTRAQ
https://www.debian.org/security/2019/dsa-4539vendor-advisory, x_refsource_DEBIAN
https://usn.ubuntu.com/4376-1/vendor-advisory, x_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://www.openssl.org/news/secadv/20190910.txtx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190919-0002/x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1bex_refsource_CONFIRM
https://support.f5.com/csp/article/K44070243x_refsource_CONFIRM
https://support.f5.com/csp/article/K44070243?utm_source=f5support&amp%3Butm_medium=RSSx_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:27.666Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2019-d15aac6c4e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/"
          },
          {
            "name": "FEDORA-2019-d51641f152",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/"
          },
          {
            "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Oct/1"
          },
          {
            "name": "DSA-4539",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4539"
          },
          {
            "name": "USN-4376-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4376-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20190910.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190919-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K44070243"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K44070243?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Matt Caswell"
        }
      ],
      "datePublic": "2019-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Random Number Generation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:59",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "FEDORA-2019-d15aac6c4e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/"
        },
        {
          "name": "FEDORA-2019-d51641f152",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/"
        },
        {
          "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Oct/1"
        },
        {
          "name": "DSA-4539",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4539"
        },
        {
          "name": "USN-4376-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4376-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20190910.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190919-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K44070243"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K44070243?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ],
      "title": "Fork Protection",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2019-09-10",
          "ID": "CVE-2019-1549",
          "STATE": "PUBLIC",
          "TITLE": "Fork Protection"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Matt Caswell"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Low",
            "value": "Low"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Random Number Generation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2019-d15aac6c4e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/"
            },
            {
              "name": "FEDORA-2019-d51641f152",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/"
            },
            {
              "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Oct/1"
            },
            {
              "name": "DSA-4539",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4539"
            },
            {
              "name": "USN-4376-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4376-1/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20190910.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20190910.txt"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190919-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190919-0002/"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be"
            },
            {
              "name": "https://support.f5.com/csp/article/K44070243",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K44070243"
            },
            {
              "name": "https://support.f5.com/csp/article/K44070243?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K44070243?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2019-1549",
    "datePublished": "2019-09-10T00:00:00",
    "dateReserved": "2018-11-28T00:00:00",
    "dateUpdated": "2024-08-04T18:20:27.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3506
Vulnerability from cvelistv5
Published
2014-08-13 23:00
Modified
2024-08-06 10:43
Severity
Summary
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.
References
URLTags
http://rhn.redhat.com/errata/RHSA-2014-1297.htmlvendor-advisory, x_refsource_REDHAT
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1250f12613b61758675848f6600ebd914ccd7636x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.htmlvendor-advisory, x_refsource_SUSE
http://linux.oracle.com/errata/ELSA-2014-1052.htmlx_refsource_CONFIRM
http://secunia.com/advisories/60221third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21682293x_refsource_CONFIRM
http://secunia.com/advisories/60778third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61184third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=1127500x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2014-1256.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/60022third-party-advisory, x_refsource_SECUNIA
https://www.openssl.org/news/secadv_20140806.txtx_refsource_CONFIRM
http://secunia.com/advisories/61040third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61017third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61250third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21683389x_refsource_CONFIRM
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htmx_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201412-39.xmlvendor-advisory, x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/60803third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/69076vdb-entry, x_refsource_BID
http://secunia.com/advisories/60824third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140853041709441&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59700third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id/1030693vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/59743third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/60917third-party-advisory, x_refsource_SECUNIA
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.htmlx_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.ascvendor-advisory, x_refsource_NETBSD
http://secunia.com/advisories/60493third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59710third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60921third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=141077370928502&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59221third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240x_refsource_CONFIRM
http://secunia.com/advisories/61100third-party-advisory, x_refsource_SECUNIA
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://secunia.com/advisories/61775third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2014/dsa-2998vendor-advisory, x_refsource_DEBIAN
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=140853041709441&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61959third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59756third-party-advisory, x_refsource_SECUNIA
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.ascx_refsource_CONFIRM
http://secunia.com/advisories/58962third-party-advisory, x_refsource_SECUNIA
http://linux.oracle.com/errata/ELSA-2014-1053.htmlx_refsource_CONFIRM
http://secunia.com/advisories/60938third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60684third-party-advisory, x_refsource_SECUNIA
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.htmlmailing-list, x_refsource_MLIST
https://exchange.xforce.ibmcloud.com/vulnerabilities/95160vdb-entry, x_refsource_XF
http://secunia.com/advisories/60687third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2014:158vendor-advisory, x_refsource_MANDRIVA
http://www-01.ibm.com/support/docview.wss?uid=swg21686997x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:06.330Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2014:1297",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1250f12613b61758675848f6600ebd914ccd7636"
          },
          {
            "name": "openSUSE-SU-2014:1052",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
          },
          {
            "name": "60221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
          },
          {
            "name": "60778",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60778"
          },
          {
            "name": "61184",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61184"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127500"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "RHSA-2014:1256",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
          },
          {
            "name": "60022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60022"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20140806.txt"
          },
          {
            "name": "61040",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61040"
          },
          {
            "name": "61017",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61017"
          },
          {
            "name": "61250",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61250"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
          },
          {
            "name": "GLSA-201412-39",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "60803",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60803"
          },
          {
            "name": "69076",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69076"
          },
          {
            "name": "60824",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60824"
          },
          {
            "name": "HPSBUX03095",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
          },
          {
            "name": "59700",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59700"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "name": "1030693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030693"
          },
          {
            "name": "59743",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59743"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "name": "60917",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60917"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
          },
          {
            "name": "NetBSD-SA2014-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
          },
          {
            "name": "60493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60493"
          },
          {
            "name": "59710",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59710"
          },
          {
            "name": "60921",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60921"
          },
          {
            "name": "HPSBOV03099",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
          },
          {
            "name": "59221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
          },
          {
            "name": "61100",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61100"
          },
          {
            "name": "FreeBSD-SA-14:18",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
          },
          {
            "name": "61775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61775"
          },
          {
            "name": "DSA-2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2998"
          },
          {
            "name": "FEDORA-2014-9301",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
          },
          {
            "name": "SSRT101674",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
          },
          {
            "name": "61959",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61959"
          },
          {
            "name": "59756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59756"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
          },
          {
            "name": "58962",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58962"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
          },
          {
            "name": "60938",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60938"
          },
          {
            "name": "60684",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60684"
          },
          {
            "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
          },
          {
            "name": "openssl-cve20143506-dos(95160)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95160"
          },
          {
            "name": "60687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60687"
          },
          {
            "name": "MDVSA-2014:158",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2014:1297",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1250f12613b61758675848f6600ebd914ccd7636"
        },
        {
          "name": "openSUSE-SU-2014:1052",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
        },
        {
          "name": "60221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
        },
        {
          "name": "60778",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60778"
        },
        {
          "name": "61184",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61184"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127500"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "RHSA-2014:1256",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
        },
        {
          "name": "60022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60022"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20140806.txt"
        },
        {
          "name": "61040",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61040"
        },
        {
          "name": "61017",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61017"
        },
        {
          "name": "61250",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61250"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
        },
        {
          "name": "GLSA-201412-39",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "60803",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60803"
        },
        {
          "name": "69076",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69076"
        },
        {
          "name": "60824",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60824"
        },
        {
          "name": "HPSBUX03095",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
        },
        {
          "name": "59700",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59700"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "name": "1030693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030693"
        },
        {
          "name": "59743",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59743"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "name": "60917",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60917"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
        },
        {
          "name": "NetBSD-SA2014-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
        },
        {
          "name": "60493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60493"
        },
        {
          "name": "59710",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59710"
        },
        {
          "name": "60921",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60921"
        },
        {
          "name": "HPSBOV03099",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
        },
        {
          "name": "59221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
        },
        {
          "name": "61100",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61100"
        },
        {
          "name": "FreeBSD-SA-14:18",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
        },
        {
          "name": "61775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61775"
        },
        {
          "name": "DSA-2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2998"
        },
        {
          "name": "FEDORA-2014-9301",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
        },
        {
          "name": "SSRT101674",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
        },
        {
          "name": "61959",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61959"
        },
        {
          "name": "59756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59756"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
        },
        {
          "name": "58962",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58962"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
        },
        {
          "name": "60938",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60938"
        },
        {
          "name": "60684",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60684"
        },
        {
          "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
        },
        {
          "name": "openssl-cve20143506-dos(95160)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95160"
        },
        {
          "name": "60687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60687"
        },
        {
          "name": "MDVSA-2014:158",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3506",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2014:1297",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636"
            },
            {
              "name": "openSUSE-SU-2014:1052",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1052.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
            },
            {
              "name": "60221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60221"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
            },
            {
              "name": "60778",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60778"
            },
            {
              "name": "61184",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61184"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1127500",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127500"
            },
            {
              "name": "SSRT101846",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "RHSA-2014:1256",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
            },
            {
              "name": "60022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60022"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20140806.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20140806.txt"
            },
            {
              "name": "61040",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61040"
            },
            {
              "name": "61017",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61017"
            },
            {
              "name": "61250",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61250"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
            },
            {
              "name": "GLSA-201412-39",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
            },
            {
              "name": "HPSBHF03293",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "60803",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60803"
            },
            {
              "name": "69076",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69076"
            },
            {
              "name": "60824",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60824"
            },
            {
              "name": "HPSBUX03095",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
            },
            {
              "name": "59700",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59700"
            },
            {
              "name": "FEDORA-2014-9308",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
            },
            {
              "name": "1030693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030693"
            },
            {
              "name": "59743",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59743"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "60917",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60917"
            },
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html",
              "refsource": "CONFIRM",
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
            },
            {
              "name": "NetBSD-SA2014-008",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
            },
            {
              "name": "60493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60493"
            },
            {
              "name": "59710",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59710"
            },
            {
              "name": "60921",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60921"
            },
            {
              "name": "HPSBOV03099",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
            },
            {
              "name": "59221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59221"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
            },
            {
              "name": "61100",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61100"
            },
            {
              "name": "FreeBSD-SA-14:18",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
            },
            {
              "name": "61775",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61775"
            },
            {
              "name": "DSA-2998",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2998"
            },
            {
              "name": "FEDORA-2014-9301",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
            },
            {
              "name": "SSRT101674",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
            },
            {
              "name": "61959",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61959"
            },
            {
              "name": "59756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59756"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
            },
            {
              "name": "58962",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58962"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1053.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
            },
            {
              "name": "60938",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60938"
            },
            {
              "name": "60684",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60684"
            },
            {
              "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
              "refsource": "MLIST",
              "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
            },
            {
              "name": "openssl-cve20143506-dos(95160)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95160"
            },
            {
              "name": "60687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60687"
            },
            {
              "name": "MDVSA-2014:158",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3506",
    "datePublished": "2014-08-13T23:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:43:06.330Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3738
Vulnerability from cvelistv5
Published
2017-12-07 16:00
Modified
2024-09-16 18:34
Severity
Summary
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.
References
URLTags
https://www.tenable.com/security/tns-2018-07x_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-04x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2185vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2186vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.ascvendor-advisory, x_refsource_FREEBSD
https://security.gentoo.org/glsa/201712-03vendor-advisory, x_refsource_GENTOO
http://www.securitytracker.com/id/1039978vdb-entry, x_refsource_SECTRACK
https://www.debian.org/security/2018/dsa-4157vendor-advisory, x_refsource_DEBIAN
https://www.openssl.org/news/secadv/20171207.txtx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0998vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11ax_refsource_MISC
https://www.tenable.com/security/tns-2018-06x_refsource_CONFIRM
https://www.debian.org/security/2017/dsa-4065vendor-advisory, x_refsource_DEBIAN
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/102118vdb-entry, x_refsource_BID
https://www.tenable.com/security/tns-2017-16x_refsource_CONFIRM
https://www.openssl.org/news/secadv/20180327.txtx_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2187vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20171208-0001/x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
Impacted products
VendorProduct
OpenSSL Software FoundationOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-07"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-04"
          },
          {
            "name": "RHSA-2018:2185",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2185"
          },
          {
            "name": "RHSA-2018:2186",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2186"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "FreeBSD-SA-17:12",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc"
          },
          {
            "name": "GLSA-201712-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201712-03"
          },
          {
            "name": "1039978",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039978"
          },
          {
            "name": "DSA-4157",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4157"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20171207.txt"
          },
          {
            "name": "RHSA-2018:0998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0998"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-06"
          },
          {
            "name": "DSA-4065",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4065"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "name": "102118",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102118"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20180327.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us"
          },
          {
            "name": "RHSA-2018:2187",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2187"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171208-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.2-1.02m"
            },
            {
              "status": "affected",
              "version": "1.1.0-1.1.0g"
            }
          ]
        }
      ],
      "datePublic": "2017-12-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "carry-propagating bug",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-23T22:31:33",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-07"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-04"
        },
        {
          "name": "RHSA-2018:2185",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2185"
        },
        {
          "name": "RHSA-2018:2186",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2186"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "name": "FreeBSD-SA-17:12",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc"
        },
        {
          "name": "GLSA-201712-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201712-03"
        },
        {
          "name": "1039978",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039978"
        },
        {
          "name": "DSA-4157",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4157"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20171207.txt"
        },
        {
          "name": "RHSA-2018:0998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0998"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-06"
        },
        {
          "name": "DSA-4065",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4065"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "name": "102118",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102118"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2017-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20180327.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us"
        },
        {
          "name": "RHSA-2018:2187",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171208-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2017-12-07T00:00:00",
          "ID": "CVE-2017-3738",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0.2-1.02m"
                          },
                          {
                            "version_value": "1.1.0-1.1.0g"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "carry-propagating bug"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/tns-2018-07",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-07"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-04",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-04"
            },
            {
              "name": "RHSA-2018:2185",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2185"
            },
            {
              "name": "RHSA-2018:2186",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2186"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "FreeBSD-SA-17:12",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc"
            },
            {
              "name": "GLSA-201712-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201712-03"
            },
            {
              "name": "1039978",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039978"
            },
            {
              "name": "DSA-4157",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4157"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20171207.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20171207.txt"
            },
            {
              "name": "RHSA-2018:0998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0998"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a",
              "refsource": "MISC",
              "url": "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-06",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-06"
            },
            {
              "name": "DSA-4065",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4065"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "102118",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102118"
            },
            {
              "name": "https://www.tenable.com/security/tns-2017-16",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2017-16"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20180327.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20180327.txt"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us"
            },
            {
              "name": "RHSA-2018:2187",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2187"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171208-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171208-0001/"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2017-3738",
    "datePublished": "2017-12-07T16:00:00Z",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-09-16T18:34:25.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-0659
Vulnerability from cvelistv5
Published
2002-07-31 04:00
Modified
2024-08-08 02:56
Severity
Summary
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
References
URLTags
http://rhn.redhat.com/errata/RHSA-2002-164.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2002-161.htmlvendor-advisory, x_refsource_REDHAT
http://www.kb.cert.org/vuls/id/748355third-party-advisory, x_refsource_CERT-VN
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txtvendor-advisory, x_refsource_CALDERA
http://www.cert.org/advisories/CA-2002-23.htmlthird-party-advisory, x_refsource_CERT
http://rhn.redhat.com/errata/RHSA-2002-160.htmlvendor-advisory, x_refsource_REDHAT
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txtvendor-advisory, x_refsource_CALDERA
http://www.iss.net/security_center/static/9718.phpvdb-entry, x_refsource_XF
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516vendor-advisory, x_refsource_CONECTIVA
http://www.securityfocus.com/bid/5366vdb-entry, x_refsource_BID
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.ascvendor-advisory, x_refsource_FREEBSD
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:56:38.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2002:164",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2002-164.html"
          },
          {
            "name": "RHSA-2002:161",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2002-161.html"
          },
          {
            "name": "VU#748355",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/748355"
          },
          {
            "name": "CSSA-2002-033.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
          },
          {
            "name": "CA-2002-23",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.cert.org/advisories/CA-2002-23.html"
          },
          {
            "name": "RHSA-2002:160",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2002-160.html"
          },
          {
            "name": "CSSA-2002-033.1",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
          },
          {
            "name": "openssl-asn1-parser-dos(9718)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9718.php"
          },
          {
            "name": "CLA-2002:516",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000516"
          },
          {
            "name": "5366",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5366"
          },
          {
            "name": "FreeBSD-SA-02:33",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-07-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-08-01T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2002:164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2002-164.html"
        },
        {
          "name": "RHSA-2002:161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2002-161.html"
        },
        {
          "name": "VU#748355",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/748355"
        },
        {
          "name": "CSSA-2002-033.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
        },
        {
          "name": "CA-2002-23",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.cert.org/advisories/CA-2002-23.html"
        },
        {
          "name": "RHSA-2002:160",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2002-160.html"
        },
        {
          "name": "CSSA-2002-033.1",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
        },
        {
          "name": "openssl-asn1-parser-dos(9718)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9718.php"
        },
        {
          "name": "CLA-2002:516",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000516"
        },
        {
          "name": "5366",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5366"
        },
        {
          "name": "FreeBSD-SA-02:33",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0659",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2002:164",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2002-164.html"
            },
            {
              "name": "RHSA-2002:161",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2002-161.html"
            },
            {
              "name": "VU#748355",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/748355"
            },
            {
              "name": "CSSA-2002-033.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
            },
            {
              "name": "CA-2002-23",
              "refsource": "CERT",
              "url": "http://www.cert.org/advisories/CA-2002-23.html"
            },
            {
              "name": "RHSA-2002:160",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2002-160.html"
            },
            {
              "name": "CSSA-2002-033.1",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
            },
            {
              "name": "openssl-asn1-parser-dos(9718)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9718.php"
            },
            {
              "name": "CLA-2002:516",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000516"
            },
            {
              "name": "5366",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5366"
            },
            {
              "name": "FreeBSD-SA-02:33",
              "refsource": "FREEBSD",
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0659",
    "datePublished": "2002-07-31T04:00:00",
    "dateReserved": "2002-07-02T00:00:00",
    "dateUpdated": "2024-08-08T02:56:38.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6306
Vulnerability from cvelistv5
Published
2016-09-26 00:00
Modified
2024-08-06 01:29
Severity
Summary
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
References
URLTags
https://www.tenable.com/security/tns-2016-20
https://access.redhat.com/errata/RHSA-2018:2185vendor-advisory
https://access.redhat.com/errata/RHSA-2018:2186vendor-advisory
http://www.securityfocus.com/bid/93153vdb-entry
http://rhn.redhat.com/errata/RHSA-2016-1940.htmlvendor-advisory
https://security.gentoo.org/glsa/201612-16vendor-advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
http://www.securitytracker.com/id/1036885vdb-entry
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-21
https://bto.bluecoat.com/security-advisory/sa132
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.ascvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.htmlvendor-advisory
https://access.redhat.com/errata/RHSA-2018:2187vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-3087-1vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-3087-2vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.htmlvendor-advisory
http://seclists.org/fulldisclosure/2017/Jul/31mailing-list
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.htmlvendor-advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
http://www.debian.org/security/2016/dsa-3673vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
https://support.f5.com/csp/article/K90492697
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.htmlvendor-advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
https://www.oracle.com/security-alerts/cpuapr2020.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://www.oracle.com/security-alerts/cpujul2020.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/security-alerts/cpujan2020.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://www.openssl.org/news/secadv/20160922.txt
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:18.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "name": "RHSA-2018:2185",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2185"
          },
          {
            "name": "RHSA-2018:2186",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2186"
          },
          {
            "name": "93153",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93153"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "name": "1036885",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036885"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "name": "SUSE-SU-2016:2470",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
          },
          {
            "name": "RHSA-2018:2187",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2187"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K90492697"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2016:2496",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160922.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "name": "RHSA-2018:2185",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2185"
        },
        {
          "name": "RHSA-2018:2186",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2186"
        },
        {
          "name": "93153",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/93153"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "name": "1036885",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036885"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "name": "SUSE-SU-2016:2470",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
        },
        {
          "name": "RHSA-2018:2187",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
        },
        {
          "url": "https://support.f5.com/csp/article/K90492697"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2016:2496",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160922.txt"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6306",
    "datePublished": "2016-09-26T00:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:18.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-3193
Vulnerability from cvelistv5
Published
2015-12-06 00:00
Modified
2024-08-06 05:39
Severity
Summary
The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.
References
URLTags
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-opensslvendor-advisory
https://kb.isc.org/article/AA-01438
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://blog.fuzzing-project.org/31-Fuzzing-Math-miscalculations-in-OpenSSLs-BN_mod_exp-CVE-2015-3193.html
http://www.fortiguard.com/advisory/openssl-advisory-december-2015
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583vendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966vendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://www.ubuntu.com/usn/USN-2830-1vendor-advisory
http://www.securityfocus.com/bid/78705vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.securityfocus.com/bid/91787vdb-entry
https://bugzilla.redhat.com/show_bug.cgi?id=1288317
http://openssl.org/news/secadv/20151203.txt
http://www.securitytracker.com/id/1034294vdb-entry
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d73cc256c8e256c32ed959456101b73ba9842f72
http://fortiguard.com/advisory/openssl-advisory-december-2015
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:39:32.068Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01438"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.fuzzing-project.org/31-Fuzzing-Math-miscalculations-in-OpenSSLs-BN_mod_exp-CVE-2015-3193.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "name": "SSA:2015-349-04",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100"
          },
          {
            "name": "SSA:2015-349-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.539966"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
          },
          {
            "name": "USN-2830-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2830-1"
          },
          {
            "name": "78705",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/78705"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288317"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20151203.txt"
          },
          {
            "name": "1034294",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034294"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d73cc256c8e256c32ed959456101b73ba9842f72"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
        },
        {
          "url": "https://kb.isc.org/article/AA-01438"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://blog.fuzzing-project.org/31-Fuzzing-Math-miscalculations-in-OpenSSLs-BN_mod_exp-CVE-2015-3193.html"
        },
        {
          "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
        },
        {
          "name": "SSA:2015-349-04",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100"
        },
        {
          "name": "SSA:2015-349-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.539966"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
        },
        {
          "name": "USN-2830-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2830-1"
        },
        {
          "name": "78705",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/78705"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288317"
        },
        {
          "url": "http://openssl.org/news/secadv/20151203.txt"
        },
        {
          "name": "1034294",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034294"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d73cc256c8e256c32ed959456101b73ba9842f72"
        },
        {
          "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-3193",
    "datePublished": "2015-12-06T00:00:00",
    "dateReserved": "2015-04-10T00:00:00",
    "dateUpdated": "2024-08-06T05:39:32.068Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3736
Vulnerability from cvelistv5
Published
2017-11-02 00:00
Modified
2024-08-05 14:39
Severity
Summary
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
References
URLTags
https://security.netapp.com/advisory/ntap-20171107-0002/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2185vendor-advisory, x_refsource_REDHAT
https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871x_refsource_MISC
https://access.redhat.com/errata/RHSA-2018:2186vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2713vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.debian.org/security/2017/dsa-4018vendor-advisory, x_refsource_DEBIAN
https://security.gentoo.org/glsa/201712-03vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2018:0998vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2575vendor-advisory, x_refsource_REDHAT
https://www.tenable.com/security/tns-2017-15x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/101666vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:2568vendor-advisory, x_refsource_REDHAT
https://www.openssl.org/news/secadv/20171102.txtx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://www.debian.org/security/2017/dsa-4017vendor-advisory, x_refsource_DEBIAN
https://www.tenable.com/security/tns-2017-14x_refsource_CONFIRM
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://www.securitytracker.com/id/1039727vdb-entry, x_refsource_SECTRACK
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2187vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20180117-0002/x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
Impacted products
VendorProduct
OpenSSL Software FoundationOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:39.687Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171107-0002/"
          },
          {
            "name": "RHSA-2018:2185",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2185"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871"
          },
          {
            "name": "RHSA-2018:2186",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2186"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2018:2713",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2713"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "DSA-4018",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4018"
          },
          {
            "name": "GLSA-201712-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201712-03"
          },
          {
            "name": "RHSA-2018:0998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0998"
          },
          {
            "name": "RHSA-2018:2575",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2575"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-15"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "101666",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101666"
          },
          {
            "name": "RHSA-2018:2568",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2568"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20171102.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "name": "DSA-4017",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4017"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-14"
          },
          {
            "name": "FreeBSD-SA-17:11",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc"
          },
          {
            "name": "1039727",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039727"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us"
          },
          {
            "name": "RHSA-2018:2187",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2187"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.1.0 - 1.1.0f"
            },
            {
              "status": "affected",
              "version": "1.0.2 - 1.0.2l"
            }
          ]
        }
      ],
      "datePublic": "2017-11-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "carry-propagating bug",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-23T22:31:33",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171107-0002/"
        },
        {
          "name": "RHSA-2018:2185",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2185"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871"
        },
        {
          "name": "RHSA-2018:2186",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2186"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2018:2713",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2713"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "name": "DSA-4018",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4018"
        },
        {
          "name": "GLSA-201712-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201712-03"
        },
        {
          "name": "RHSA-2018:0998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0998"
        },
        {
          "name": "RHSA-2018:2575",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2575"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2017-15"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "101666",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101666"
        },
        {
          "name": "RHSA-2018:2568",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2568"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20171102.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "name": "DSA-4017",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4017"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2017-14"
        },
        {
          "name": "FreeBSD-SA-17:11",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc"
        },
        {
          "name": "1039727",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039727"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us"
        },
        {
          "name": "RHSA-2018:2187",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2017-11-02T00:00:00",
          "ID": "CVE-2017-3736",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.1.0 - 1.1.0f"
                          },
                          {
                            "version_value": "1.0.2 - 1.0.2l"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "carry-propagating bug"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.netapp.com/advisory/ntap-20171107-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171107-0002/"
            },
            {
              "name": "RHSA-2018:2185",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2185"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871",
              "refsource": "MISC",
              "url": "https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871"
            },
            {
              "name": "RHSA-2018:2186",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2186"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "RHSA-2018:2713",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2713"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "DSA-4018",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4018"
            },
            {
              "name": "GLSA-201712-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201712-03"
            },
            {
              "name": "RHSA-2018:0998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0998"
            },
            {
              "name": "RHSA-2018:2575",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2575"
            },
            {
              "name": "https://www.tenable.com/security/tns-2017-15",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2017-15"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "101666",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101666"
            },
            {
              "name": "RHSA-2018:2568",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2568"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20171102.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20171102.txt"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "DSA-4017",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4017"
            },
            {
              "name": "https://www.tenable.com/security/tns-2017-14",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2017-14"
            },
            {
              "name": "FreeBSD-SA-17:11",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc"
            },
            {
              "name": "1039727",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039727"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us"
            },
            {
              "name": "RHSA-2018:2187",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2187"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0002/"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2017-3736",
    "datePublished": "2017-11-02T00:00:00",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-08-05T14:39:39.687Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-1968
Vulnerability from cvelistv5
Published
2020-09-09 00:00
Modified
2024-08-04 06:54
Severity
Summary
Raccoon attack
References
URLTags
https://www.openssl.org/news/secadv/20200909.txt
https://usn.ubuntu.com/4504-1/vendor-advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00016.htmlmailing-list
https://www.oracle.com/security-alerts/cpujan2021.html
https://security.netapp.com/advisory/ntap-20200911-0004/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://security.gentoo.org/glsa/202210-02vendor-advisory
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:54:00.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20200909.txt"
          },
          {
            "name": "USN-4504-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4504-1/"
          },
          {
            "name": "[debian-lts-announce] 20200925 [SECURITY] [DLA 2378-1] openssl1.0 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200911-0004/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "name": "GLSA-202210-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky"
        }
      ],
      "datePublic": "2020-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Protocol flaw",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-16T00:00:00",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20200909.txt"
        },
        {
          "name": "USN-4504-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4504-1/"
        },
        {
          "name": "[debian-lts-announce] 20200925 [SECURITY] [DLA 2378-1] openssl1.0 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20200911-0004/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "name": "GLSA-202210-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-02"
        }
      ],
      "title": "Raccoon attack"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2020-1968",
    "datePublished": "2020-09-09T00:00:00",
    "dateReserved": "2019-12-03T00:00:00",
    "dateUpdated": "2024-08-04T06:54:00.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-2274
Vulnerability from cvelistv5
Published
2022-06-09 00:00
Modified
2024-08-03 00:32
Severity
Summary
RSA implementation bug in AVX512IFMA instructions
References
URLTags
https://github.com/openssl/openssl/issues/18625x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=4d8a88c134df634ba610ff8db1eb8478ac5fd345x_refsource_CONFIRM
https://www.openssl.org/news/secadv/20220705.txtx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20220715-0010/x_refsource_CONFIRM
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:32:09.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/issues/18625"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=4d8a88c134df634ba610ff8db1eb8478ac5fd345"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20220705.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220715-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Affects OpenSSL 3.0.4"
            }
          ]
        }
      ],
      "datePublic": "2022-06-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#high",
              "value": "High"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory Corruption",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-15T15:07:19",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openssl/openssl/issues/18625"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=4d8a88c134df634ba610ff8db1eb8478ac5fd345"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20220705.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220715-0010/"
        }
      ],
      "title": "RSA implementation bug in AVX512IFMA instructions",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2022-06-09",
          "ID": "CVE-2022-2274",
          "STATE": "PUBLIC",
          "TITLE": "RSA implementation bug in AVX512IFMA instructions"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Affects OpenSSL 3.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": ""
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#high",
            "value": "High"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory Corruption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/openssl/openssl/issues/18625",
              "refsource": "CONFIRM",
              "url": "https://github.com/openssl/openssl/issues/18625"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20220705.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20220705.txt"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220715-0010/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220715-0010/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-2274",
    "datePublished": "2022-06-09T00:00:00",
    "dateReserved": "2022-06-30T00:00:00",
    "dateUpdated": "2024-08-03T00:32:09.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-0884
Vulnerability from cvelistv5
Published
2012-03-13 01:00
Modified
2024-08-06 18:38
Severity
Summary
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
References
URLTags
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.htmlvendor-advisory, x_refsource_FEDORA
http://rhn.redhat.com/errata/RHSA-2012-0531.htmlvendor-advisory, x_refsource_REDHAT
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlvendor-advisory, x_refsource_FEDORA
https://downloads.avaya.com/css/P8/documents/100162507x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2012-1308.htmlvendor-advisory, x_refsource_REDHAT
https://hermes.opensuse.org/messages/14330767vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2012-1307.htmlvendor-advisory, x_refsource_REDHAT
http://www.openssl.org/news/secadv_20120312.txtx_refsource_CONFIRM
http://secunia.com/advisories/48916third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-0488.htmlvendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2012/dsa-2454vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/48895third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/48580third-party-advisory, x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/737740third-party-advisory, x_refsource_CERT-VN
http://rhn.redhat.com/errata/RHSA-2012-1306.htmlvendor-advisory, x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/57353third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-0426.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=133728068926468&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=133951357207000&w=2vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=133951357207000&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=133728068926468&w=2vendor-advisory, x_refsource_HP
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:14.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2012-4630",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
          },
          {
            "name": "RHSA-2012:0531",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "FEDORA-2012-18035",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://downloads.avaya.com/css/P8/documents/100162507"
          },
          {
            "name": "RHSA-2012:1308",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
          },
          {
            "name": "openSUSE-SU-2012:0547",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/14330767"
          },
          {
            "name": "RHSA-2012:1307",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20120312.txt"
          },
          {
            "name": "48916",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48916"
          },
          {
            "name": "RHSA-2012:0488",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
          },
          {
            "name": "DSA-2454",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2454"
          },
          {
            "name": "48895",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48895"
          },
          {
            "name": "48580",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48580"
          },
          {
            "name": "VU#737740",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/737740"
          },
          {
            "name": "RHSA-2012:1306",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
          },
          {
            "name": "FEDORA-2012-4665",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
          },
          {
            "name": "HPSBOV02793",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "RHSA-2012:0426",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
          },
          {
            "name": "HPSBUX02782",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          },
          {
            "name": "SSRT100891",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "SSRT100852",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "FEDORA-2012-4659",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
          },
          {
            "name": "HPSBMU02776",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "SSRT100844",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2012-4630",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
        },
        {
          "name": "RHSA-2012:0531",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "FEDORA-2012-18035",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://downloads.avaya.com/css/P8/documents/100162507"
        },
        {
          "name": "RHSA-2012:1308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
        },
        {
          "name": "openSUSE-SU-2012:0547",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/14330767"
        },
        {
          "name": "RHSA-2012:1307",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20120312.txt"
        },
        {
          "name": "48916",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48916"
        },
        {
          "name": "RHSA-2012:0488",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
        },
        {
          "name": "DSA-2454",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2454"
        },
        {
          "name": "48895",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48895"
        },
        {
          "name": "48580",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48580"
        },
        {
          "name": "VU#737740",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/737740"
        },
        {
          "name": "RHSA-2012:1306",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
        },
        {
          "name": "FEDORA-2012-4665",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
        },
        {
          "name": "HPSBOV02793",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "RHSA-2012:0426",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
        },
        {
          "name": "HPSBUX02782",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
        },
        {
          "name": "SSRT100891",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "SSRT100852",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "name": "FEDORA-2012-4659",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
        },
        {
          "name": "HPSBMU02776",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "name": "SSRT100844",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-0884",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2012-4630",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
            },
            {
              "name": "RHSA-2012:0531",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
            },
            {
              "name": "FEDORA-2012-18035",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
            },
            {
              "name": "https://downloads.avaya.com/css/P8/documents/100162507",
              "refsource": "CONFIRM",
              "url": "https://downloads.avaya.com/css/P8/documents/100162507"
            },
            {
              "name": "RHSA-2012:1308",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
            },
            {
              "name": "openSUSE-SU-2012:0547",
              "refsource": "SUSE",
              "url": "https://hermes.opensuse.org/messages/14330767"
            },
            {
              "name": "RHSA-2012:1307",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20120312.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20120312.txt"
            },
            {
              "name": "48916",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48916"
            },
            {
              "name": "RHSA-2012:0488",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
            },
            {
              "name": "DSA-2454",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2454"
            },
            {
              "name": "48895",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48895"
            },
            {
              "name": "48580",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48580"
            },
            {
              "name": "VU#737740",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/737740"
            },
            {
              "name": "RHSA-2012:1306",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
            },
            {
              "name": "FEDORA-2012-4665",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
            },
            {
              "name": "HPSBOV02793",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
            },
            {
              "name": "57353",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57353"
            },
            {
              "name": "RHSA-2012:0426",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
            },
            {
              "name": "HPSBUX02782",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
            },
            {
              "name": "SSRT100891",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
            },
            {
              "name": "SSRT100852",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
            },
            {
              "name": "FEDORA-2012-4659",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
            },
            {
              "name": "HPSBMU02776",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
            },
            {
              "name": "SSRT100844",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0884",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2012-01-19T00:00:00",
    "dateUpdated": "2024-08-06T18:38:14.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0737
Vulnerability from cvelistv5
Published
2018-04-16 00:00
Modified
2024-08-05 03:35
Severity
Summary
Cache timing vulnerability in RSA Key Generation
References
URLTags
https://lists.debian.org/debian-lts-announce/2018/07/msg00043.htmlmailing-list, x_refsource_MLIST
https://www.debian.org/security/2018/dsa-4355vendor-advisory, x_refsource_DEBIAN
https://usn.ubuntu.com/3628-2/vendor-advisory, x_refsource_UBUNTU
https://security.gentoo.org/glsa/201811-21vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3692-2/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:3505vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/103766vdb-entry, x_refsource_BID
https://usn.ubuntu.com/3692-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:3221vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4348vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1040685vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3628-1/vendor-advisory, x_refsource_UBUNTU
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/vendor-advisory, x_refsource_FEDORA
https://access.redhat.com/errata/RHSA-2019:3933vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3935vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3932vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2018-14x_refsource_CONFIRM
https://securityadvisories.paloaltonetworks.com/Home/Detail/133x_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-13x_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-17x_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-12x_refsource_CONFIRM
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/x_refsource_CONFIRM
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=349a41da1ad88ad87825414752a8ff5fdd6a6c3fx_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787x_refsource_CONFIRM
https://www.openssl.org/news/secadv/20180416.txtx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180726-0003/x_refsource_CONFIRM
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:49.323Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html"
          },
          {
            "name": "DSA-4355",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4355"
          },
          {
            "name": "USN-3628-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3628-2/"
          },
          {
            "name": "GLSA-201811-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-21"
          },
          {
            "name": "USN-3692-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3692-2/"
          },
          {
            "name": "RHSA-2018:3505",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3505"
          },
          {
            "name": "103766",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103766"
          },
          {
            "name": "USN-3692-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3692-1/"
          },
          {
            "name": "RHSA-2018:3221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3221"
          },
          {
            "name": "DSA-4348",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4348"
          },
          {
            "name": "1040685",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040685"
          },
          {
            "name": "USN-3628-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3628-1/"
          },
          {
            "name": "FEDORA-2019-db06efdea1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
          },
          {
            "name": "FEDORA-2019-00c25b9379",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
          },
          {
            "name": "FEDORA-2019-9a0a7c0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
          },
          {
            "name": "RHSA-2019:3933",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3933"
          },
          {
            "name": "RHSA-2019:3935",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3935"
          },
          {
            "name": "RHSA-2019:3932",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3932"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-14"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-13"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-17"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-12"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=349a41da1ad88ad87825414752a8ff5fdd6a6c3f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20180416.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180726-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia"
        }
      ],
      "datePublic": "2018-04-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Constant time issue",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:53:10",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html"
        },
        {
          "name": "DSA-4355",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4355"
        },
        {
          "name": "USN-3628-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3628-2/"
        },
        {
          "name": "GLSA-201811-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-21"
        },
        {
          "name": "USN-3692-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3692-2/"
        },
        {
          "name": "RHSA-2018:3505",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3505"
        },
        {
          "name": "103766",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103766"
        },
        {
          "name": "USN-3692-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3692-1/"
        },
        {
          "name": "RHSA-2018:3221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3221"
        },
        {
          "name": "DSA-4348",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4348"
        },
        {
          "name": "1040685",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040685"
        },
        {
          "name": "USN-3628-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3628-1/"
        },
        {
          "name": "FEDORA-2019-db06efdea1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
        },
        {
          "name": "FEDORA-2019-00c25b9379",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
        },
        {
          "name": "FEDORA-2019-9a0a7c0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
        },
        {
          "name": "RHSA-2019:3933",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        },
        {
          "name": "RHSA-2019:3935",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        },
        {
          "name": "RHSA-2019:3932",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-14"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-13"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-17"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-12"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=349a41da1ad88ad87825414752a8ff5fdd6a6c3f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20180416.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180726-0003/"
        }
      ],
      "title": "Cache timing vulnerability in RSA Key Generation",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2018-04-16",
          "ID": "CVE-2018-0737",
          "STATE": "PUBLIC",
          "TITLE": "Cache timing vulnerability in RSA Key Generation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h)"
                          },
                          {
                            "version_value": "Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Low",
            "value": "Low"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Constant time issue"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html"
            },
            {
              "name": "DSA-4355",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4355"
            },
            {
              "name": "USN-3628-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3628-2/"
            },
            {
              "name": "GLSA-201811-21",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-21"
            },
            {
              "name": "USN-3692-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3692-2/"
            },
            {
              "name": "RHSA-2018:3505",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3505"
            },
            {
              "name": "103766",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103766"
            },
            {
              "name": "USN-3692-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3692-1/"
            },
            {
              "name": "RHSA-2018:3221",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3221"
            },
            {
              "name": "DSA-4348",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4348"
            },
            {
              "name": "1040685",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040685"
            },
            {
              "name": "USN-3628-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3628-1/"
            },
            {
              "name": "FEDORA-2019-db06efdea1",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
            },
            {
              "name": "FEDORA-2019-00c25b9379",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
            },
            {
              "name": "FEDORA-2019-9a0a7c0986",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
            },
            {
              "name": "RHSA-2019:3933",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3933"
            },
            {
              "name": "RHSA-2019:3935",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3935"
            },
            {
              "name": "RHSA-2019:3932",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3932"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-14",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-14"
            },
            {
              "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133",
              "refsource": "CONFIRM",
              "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-13",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-13"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-17",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-17"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-12",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-12"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20180416.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20180416.txt"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180726-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180726-0003/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2018-0737",
    "datePublished": "2018-04-16T00:00:00",
    "dateReserved": "2017-11-30T00:00:00",
    "dateUpdated": "2024-08-05T03:35:49.323Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-1971
Vulnerability from cvelistv5
Published
2020-12-08 00:00
Modified
2024-08-04 06:54
Severity
Summary
EDIPARTYNAME NULL pointer dereference
References
URLTags
https://www.openssl.org/news/secadv/20201208.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e
https://www.debian.org/security/2020/dsa-4807vendor-advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.ascvendor-advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00021.htmlmailing-list
https://lists.debian.org/debian-lts-announce/2020/12/msg00020.htmlmailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/vendor-advisory
https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3Ccommits.pulsar.apache.org%3Emailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/vendor-advisory
https://security.gentoo.org/glsa/202012-13vendor-advisory
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.tenable.com/security/tns-2020-11
https://security.netapp.com/advisory/ntap-20201218-0005/
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676
https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3Cdev.tomcat.apache.org%3Emailing-list
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.tenable.com/security/tns-2021-10
https://www.tenable.com/security/tns-2021-09
https://security.netapp.com/advisory/ntap-20210513-0002/
https://www.oracle.com//security-alerts/cpujul2021.html
http://www.openwall.com/lists/oss-security/2021/09/14/2mailing-list
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://security.netapp.com/advisory/ntap-20240621-0006/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:54:00.529Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20201208.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e"
          },
          {
            "name": "DSA-4807",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4807"
          },
          {
            "name": "FreeBSD-SA-20:33",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc"
          },
          {
            "name": "[debian-lts-announce] 20201214 [SECURITY] [DLA 2493-1] openssl1.0 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html"
          },
          {
            "name": "[debian-lts-announce] 20201214 [SECURITY] [DLA 2492-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html"
          },
          {
            "name": "FEDORA-2020-ef1870065a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/"
          },
          {
            "name": "[pulsar-commits] 20201216 [GitHub] [pulsar] phijohns-tibco opened a new issue #8978: OpenSSL needs to be updated to 1.1.1i current version is unsupported.",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "FEDORA-2020-a31b01e945",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/"
          },
          {
            "name": "GLSA-202012-13",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202012-13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2020-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201218-0005/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676"
          },
          {
            "name": "[tomcat-dev] 20210207 [Bug 65126] New: A security vulnerability cve-2020-1971 in Tomcat dependency Library in version 9.0.40.",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "David Benjamin (Google)"
        }
      ],
      "datePublic": "2020-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL\u0027s s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL\u0027s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#High",
              "value": "High"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "NULL pointer dereference",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:11.147749",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20201208.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e"
        },
        {
          "name": "DSA-4807",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4807"
        },
        {
          "name": "FreeBSD-SA-20:33",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc"
        },
        {
          "name": "[debian-lts-announce] 20201214 [SECURITY] [DLA 2493-1] openssl1.0 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html"
        },
        {
          "name": "[debian-lts-announce] 20201214 [SECURITY] [DLA 2492-1] openssl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html"
        },
        {
          "name": "FEDORA-2020-ef1870065a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/"
        },
        {
          "name": "[pulsar-commits] 20201216 [GitHub] [pulsar] phijohns-tibco opened a new issue #8978: OpenSSL needs to be updated to 1.1.1i current version is unsupported.",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "FEDORA-2020-a31b01e945",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/"
        },
        {
          "name": "GLSA-202012-13",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202012-13"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2020-11"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20201218-0005/"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676"
        },
        {
          "name": "[tomcat-dev] 20210207 [Bug 65126] New: A security vulnerability cve-2020-1971 in Tomcat dependency Library in version 9.0.40.",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-10"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-09"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
        },
        {
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "title": "EDIPARTYNAME NULL pointer dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2020-1971",
    "datePublished": "2020-12-08T00:00:00",
    "dateReserved": "2019-12-03T00:00:00",
    "dateUpdated": "2024-08-04T06:54:00.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-1255
Vulnerability from cvelistv5
Published
2023-04-20 16:14
Modified
2024-08-02 05:40
Severity
Summary
Input buffer over-read in AES-XTS implementation on 64 bit ARM
References
URLTags
https://www.openssl.org/news/secadv/20230419.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074apatch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bbpatch
https://security.netapp.com/advisory/ntap-20230908-0006/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:40:59.617Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230419.txt"
          },
          {
            "name": "3.1.1 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a"
          },
          {
            "name": "3.0.9 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230908-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.1.1",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.9",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Anton Romanov (Amazon)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Nevine Ebeid (Amazon)"
        }
      ],
      "datePublic": "2023-03-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM\u003cbr\u003eplatform contains a bug that could cause it to read past the input buffer,\u003cbr\u003eleading to a crash.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM\u003cbr\u003eplatform can crash in rare circumstances. The AES-XTS algorithm is usually\u003cbr\u003eused for disk encryption.\u003cbr\u003e\u003cbr\u003eThe AES-XTS cipher decryption implementation for 64 bit ARM platform will read\u003cbr\u003epast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16\u003cbr\u003ebyte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext\u003cbr\u003ebuffer is unmapped, this will trigger a crash which results in a denial of\u003cbr\u003eservice.\u003cbr\u003e\u003cbr\u003eIf an attacker can control the size and location of the ciphertext buffer\u003cbr\u003ebeing decrypted by an application using AES-XTS on 64 bit ARM, the\u003cbr\u003eapplication is affected. This is fairly unlikely making this issue\u003cbr\u003ea Low severity one."
            }
          ],
          "value": "Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM\nplatform contains a bug that could cause it to read past the input buffer,\nleading to a crash.\n\nImpact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM\nplatform can crash in rare circumstances. The AES-XTS algorithm is usually\nused for disk encryption.\n\nThe AES-XTS cipher decryption implementation for 64 bit ARM platform will read\npast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16\nbyte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext\nbuffer is unmapped, this will trigger a crash which results in a denial of\nservice.\n\nIf an attacker can control the size and location of the ciphertext buffer\nbeing decrypted by an application using AES-XTS on 64 bit ARM, the\napplication is affected. This is fairly unlikely making this issue\na Low severity one."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "buffer over-read",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-21T08:18:31.231Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230419.txt"
        },
        {
          "name": "3.1.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a"
        },
        {
          "name": "3.0.9 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230908-0006/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Input buffer over-read in AES-XTS implementation on 64 bit ARM",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-1255",
    "datePublished": "2023-04-20T16:14:54.707Z",
    "dateReserved": "2023-03-07T14:56:07.099Z",
    "dateUpdated": "2024-08-02T05:40:59.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-3602
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 01:14
Severity
Summary
X.509 Email Address 4-byte Buffer Overflow
References
URLTags
https://www.openssl.org/news/secadv/20221101.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3
http://www.openwall.com/lists/oss-security/2022/11/01/15mailing-list
http://www.openwall.com/lists/oss-security/2022/11/01/16mailing-list
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2avendor-advisory
http://www.openwall.com/lists/oss-security/2022/11/01/21mailing-list
http://www.openwall.com/lists/oss-security/2022/11/01/19mailing-list
http://www.openwall.com/lists/oss-security/2022/11/01/18mailing-list
http://www.openwall.com/lists/oss-security/2022/11/01/20mailing-list
http://www.openwall.com/lists/oss-security/2022/11/01/24mailing-list
http://www.openwall.com/lists/oss-security/2022/11/01/17mailing-list
https://security.gentoo.org/glsa/202211-01vendor-advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
https://www.kb.cert.org/vuls/id/794340third-party-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/vendor-advisory
http://www.openwall.com/lists/oss-security/2022/11/02/2mailing-list
http://www.openwall.com/lists/oss-security/2022/11/02/6mailing-list
http://www.openwall.com/lists/oss-security/2022/11/02/5mailing-list
http://www.openwall.com/lists/oss-security/2022/11/02/1mailing-list
http://www.openwall.com/lists/oss-security/2022/11/02/3mailing-list
http://www.openwall.com/lists/oss-security/2022/11/02/7mailing-list
http://www.openwall.com/lists/oss-security/2022/11/02/10mailing-list
http://www.openwall.com/lists/oss-security/2022/11/02/9mailing-list
http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html
http://www.openwall.com/lists/oss-security/2022/11/02/12mailing-list
http://www.openwall.com/lists/oss-security/2022/11/02/11mailing-list
http://www.openwall.com/lists/oss-security/2022/11/02/15mailing-list
http://www.openwall.com/lists/oss-security/2022/11/02/14mailing-list
http://www.openwall.com/lists/oss-security/2022/11/02/13mailing-list
https://security.netapp.com/advisory/ntap-20221102-0001/
http://www.openwall.com/lists/oss-security/2022/11/03/1mailing-list
http://www.openwall.com/lists/oss-security/2022/11/03/2mailing-list
http://www.openwall.com/lists/oss-security/2022/11/03/3mailing-list
http://www.openwall.com/lists/oss-security/2022/11/03/5mailing-list
http://www.openwall.com/lists/oss-security/2022/11/03/7mailing-list
http://www.openwall.com/lists/oss-security/2022/11/03/6mailing-list
http://www.openwall.com/lists/oss-security/2022/11/03/9mailing-list
http://www.openwall.com/lists/oss-security/2022/11/03/10mailing-list
http://www.openwall.com/lists/oss-security/2022/11/03/11mailing-list
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:14:02.712Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20221101.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3"
          },
          {
            "name": "[oss-security] 20221101 OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/01/15"
          },
          {
            "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/01/16"
          },
          {
            "name": "20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a"
          },
          {
            "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/01/21"
          },
          {
            "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/01/19"
          },
          {
            "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/01/18"
          },
          {
            "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/01/20"
          },
          {
            "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/01/24"
          },
          {
            "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/01/17"
          },
          {
            "name": "GLSA-202211-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202211-01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023"
          },
          {
            "name": "VU#794340",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/794340"
          },
          {
            "name": "FEDORA-2022-0f1d2e0537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/"
          },
          {
            "name": "FEDORA-2022-502f096dce",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/"
          },
          {
            "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/02/2"
          },
          {
            "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/02/6"
          },
          {
            "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/02/5"
          },
          {
            "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/02/1"
          },
          {
            "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/02/3"
          },
          {
            "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/02/7"
          },
          {
            "name": "[oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/02/10"
          },
          {
            "name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/02/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html"
          },
          {
            "name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/02/12"
          },
          {
            "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/02/11"
          },
          {
            "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/02/15"
          },
          {
            "name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/02/14"
          },
          {
            "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/02/13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221102-0001/"
          },
          {
            "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/03/1"
          },
          {
            "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/03/2"
          },
          {
            "name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/03/3"
          },
          {
            "name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/03/5"
          },
          {
            "name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/03/7"
          },
          {
            "name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/03/6"
          },
          {
            "name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/03/9"
          },
          {
            "name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/03/10"
          },
          {
            "name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/03/11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Polar Bear"
        }
      ],
      "datePublic": "2022-11-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#HIGH",
              "value": "HIGH"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-03T00:00:00",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20221101.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3"
        },
        {
          "name": "[oss-security] 20221101 OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/01/15"
        },
        {
          "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/01/16"
        },
        {
          "name": "20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a"
        },
        {
          "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/01/21"
        },
        {
          "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/01/19"
        },
        {
          "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/01/18"
        },
        {
          "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/01/20"
        },
        {
          "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/01/24"
        },
        {
          "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/01/17"
        },
        {
          "name": "GLSA-202211-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202211-01"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023"
        },
        {
          "name": "VU#794340",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.kb.cert.org/vuls/id/794340"
        },
        {
          "name": "FEDORA-2022-0f1d2e0537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/"
        },
        {
          "name": "FEDORA-2022-502f096dce",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/"
        },
        {
          "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/02/2"
        },
        {
          "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/02/6"
        },
        {
          "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/02/5"
        },
        {
          "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/02/1"
        },
        {
          "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/02/3"
        },
        {
          "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/02/7"
        },
        {
          "name": "[oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/02/10"
        },
        {
          "name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/02/9"
        },
        {
          "url": "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html"
        },
        {
          "name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/02/12"
        },
        {
          "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/02/11"
        },
        {
          "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/02/15"
        },
        {
          "name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/02/14"
        },
        {
          "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/02/13"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221102-0001/"
        },
        {
          "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/03/1"
        },
        {
          "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/03/2"
        },
        {
          "name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/03/3"
        },
        {
          "name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/03/5"
        },
        {
          "name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/03/7"
        },
        {
          "name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/03/6"
        },
        {
          "name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/03/9"
        },
        {
          "name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/03/10"
        },
        {
          "name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/03/11"
        }
      ],
      "title": "X.509 Email Address 4-byte Buffer Overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-3602",
    "datePublished": "2022-11-01T00:00:00",
    "dateReserved": "2022-10-19T00:00:00",
    "dateUpdated": "2024-08-03T01:14:02.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-1387
Vulnerability from cvelistv5
Published
2009-06-04 16:00
Modified
2024-08-07 05:13
Severity
Summary
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
References
URLTags
http://secunia.com/advisories/38794third-party-advisory, x_refsource_SECUNIA
http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlmailing-list, x_refsource_MLIST
http://cvs.openssl.org/chngview?cn=17958x_refsource_CONFIRM
http://secunia.com/advisories/35729third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200912-01.xmlvendor-advisory, x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2009/06/02/1mailing-list, x_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2009-1335.htmlvendor-advisory, x_refsource_REDHAT
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444vendor-advisory, x_refsource_HP
http://secunia.com/advisories/37003third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/36533third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-792-1vendor-advisory, x_refsource_UBUNTU
http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guestx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592vdb-entry, signature, x_refsource_OVAL
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.htmlx_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.ascvendor-advisory, x_refsource_NETBSD
http://secunia.com/advisories/38834third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35685third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35571third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlvendor-advisory, x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740vdb-entry, signature, x_refsource_OVAL
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.netx_refsource_CONFIRM
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2010/0528vdb-entry, x_refsource_VUPEN
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:13:25.436Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=17958"
          },
          {
            "name": "35729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35729"
          },
          {
            "name": "GLSA-200912-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
          },
          {
            "name": "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
          },
          {
            "name": "RHSA-2009:1335",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
          },
          {
            "name": "HPSBMA02492",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "37003",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37003"
          },
          {
            "name": "36533",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36533"
          },
          {
            "name": "USN-792-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-792-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest"
          },
          {
            "name": "oval:org.mitre.oval:def:7592",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
          },
          {
            "name": "NetBSD-SA2009-009",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
          },
          {
            "name": "38834",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "name": "35685",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35685"
          },
          {
            "name": "35571",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35571"
          },
          {
            "name": "SUSE-SR:2009:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10740",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
          },
          {
            "name": "SSRT100079",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "ADV-2010-0528",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a \"fragment bug.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "38794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38794"
        },
        {
          "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=17958"
        },
        {
          "name": "35729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35729"
        },
        {
          "name": "GLSA-200912-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
        },
        {
          "name": "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
        },
        {
          "name": "RHSA-2009:1335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
        },
        {
          "name": "HPSBMA02492",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
        },
        {
          "name": "37003",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37003"
        },
        {
          "name": "36533",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36533"
        },
        {
          "name": "USN-792-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-792-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest"
        },
        {
          "name": "oval:org.mitre.oval:def:7592",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
        },
        {
          "name": "NetBSD-SA2009-009",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
        },
        {
          "name": "38834",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38834"
        },
        {
          "name": "35685",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35685"
        },
        {
          "name": "35571",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35571"
        },
        {
          "name": "SUSE-SR:2009:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10740",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
        },
        {
          "name": "SSRT100079",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
        },
        {
          "name": "ADV-2010-0528",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0528"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2009-1387",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a \"fragment bug.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "38794",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38794"
            },
            {
              "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=17958",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=17958"
            },
            {
              "name": "35729",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35729"
            },
            {
              "name": "GLSA-200912-01",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
            },
            {
              "name": "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
            },
            {
              "name": "RHSA-2009:1335",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
            },
            {
              "name": "HPSBMA02492",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
            },
            {
              "name": "37003",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37003"
            },
            {
              "name": "36533",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36533"
            },
            {
              "name": "USN-792-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-792-1"
            },
            {
              "name": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest",
              "refsource": "CONFIRM",
              "url": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest"
            },
            {
              "name": "oval:org.mitre.oval:def:7592",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592"
            },
            {
              "name": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html",
              "refsource": "CONFIRM",
              "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
            },
            {
              "name": "NetBSD-SA2009-009",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
            },
            {
              "name": "38834",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38834"
            },
            {
              "name": "35685",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35685"
            },
            {
              "name": "35571",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35571"
            },
            {
              "name": "SUSE-SR:2009:012",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10740",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740"
            },
            {
              "name": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
            },
            {
              "name": "SSRT100079",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
            },
            {
              "name": "ADV-2010-0528",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0528"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-1387",
    "datePublished": "2009-06-04T16:00:00",
    "dateReserved": "2009-04-23T00:00:00",
    "dateUpdated": "2024-08-07T05:13:25.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0147
Vulnerability from cvelistv5
Published
2003-03-18 05:00
Modified
2024-08-08 01:43
Severity
Summary
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
References
URLTags
http://www.debian.org/security/2003/dsa-288vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2003-101.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2003-102.htmlvendor-advisory, x_refsource_REDHAT
http://www.openssl.org/news/secadv_20030317.txtx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=104829040921835&w=2vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/archive/1/316165/30/25370/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/316165/30/25370/threadedvendor-advisory, x_refsource_APPLE
http://marc.info/?l=bugtraq&m=104792570615648&w=2mailing-list, x_refsource_BUGTRAQ
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txtvendor-advisory, x_refsource_CALDERA
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035vendor-advisory, x_refsource_MANDRAKE
http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdfx_refsource_MISC
http://www.gentoo.org/security/en/glsa/glsa-200303-23.xmlvendor-advisory, x_refsource_GENTOO
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466vdb-entry, signature, x_refsource_OVAL
http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.htmlvendor-advisory, x_refsource_OPENPKG
http://marc.info/?l=bugtraq&m=104861762028637&w=2vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/archive/1/316577/30/25310/threadedvendor-advisory, x_refsource_IMMUNIX
http://www.securityfocus.com/archive/1/316577/30/25310/threadedmailing-list, x_refsource_BUGTRAQ
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-Ivendor-advisory, x_refsource_SGI
http://marc.info/?l=bugtraq&m=104766550528628&w=2mailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=104819602408063&w=2mailing-list, x_refsource_BUGTRAQ
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625vendor-advisory, x_refsource_CONECTIVA
http://www.kb.cert.org/vuls/id/997481third-party-advisory, x_refsource_CERT-VN
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.htmlmailing-list, x_refsource_VULNWATCH
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:43:35.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-288",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-288"
          },
          {
            "name": "RHSA-2003:101",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-101.html"
          },
          {
            "name": "RHSA-2003:102",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-102.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20030317.txt"
          },
          {
            "name": "GLSA-200303-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104829040921835\u0026w=2"
          },
          {
            "name": "20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/316165/30/25370/threaded"
          },
          {
            "name": "APPLE-SA-2003-03-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/316165/30/25370/threaded"
          },
          {
            "name": "20030317 [ADVISORY] Timing Attack on OpenSSL",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104792570615648\u0026w=2"
          },
          {
            "name": "CSSA-2003-014.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt"
          },
          {
            "name": "MDKSA-2003:035",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf"
          },
          {
            "name": "GLSA-200303-23",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:466",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466"
          },
          {
            "name": "OpenPKG-SA-2003.019",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html"
          },
          {
            "name": "GLSA-200303-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104861762028637\u0026w=2"
          },
          {
            "name": "IMNX-2003-7+-001-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_IMMUNIX",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
          },
          {
            "name": "20030327 Immunix Secured OS 7+ openssl update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
          },
          {
            "name": "20030501-01-I",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I"
          },
          {
            "name": "20030313 Vulnerability in OpenSSL",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104766550528628\u0026w=2"
          },
          {
            "name": "20030320 [OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104819602408063\u0026w=2"
          },
          {
            "name": "CLA-2003:625",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000625"
          },
          {
            "name": "VU#997481",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/997481"
          },
          {
            "name": "20030313 OpenSSL Private Key Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_VULNWATCH",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-03-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server\u0027s private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (\"Karatsuba\" and normal)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-288",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-288"
        },
        {
          "name": "RHSA-2003:101",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-101.html"
        },
        {
          "name": "RHSA-2003:102",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-102.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20030317.txt"
        },
        {
          "name": "GLSA-200303-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104829040921835\u0026w=2"
        },
        {
          "name": "20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/316165/30/25370/threaded"
        },
        {
          "name": "APPLE-SA-2003-03-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://www.securityfocus.com/archive/1/316165/30/25370/threaded"
        },
        {
          "name": "20030317 [ADVISORY] Timing Attack on OpenSSL",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104792570615648\u0026w=2"
        },
        {
          "name": "CSSA-2003-014.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt"
        },
        {
          "name": "MDKSA-2003:035",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf"
        },
        {
          "name": "GLSA-200303-23",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml"
        },
        {
          "name": "oval:org.mitre.oval:def:466",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466"
        },
        {
          "name": "OpenPKG-SA-2003.019",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html"
        },
        {
          "name": "GLSA-200303-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104861762028637\u0026w=2"
        },
        {
          "name": "IMNX-2003-7+-001-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_IMMUNIX"
          ],
          "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
        },
        {
          "name": "20030327 Immunix Secured OS 7+ openssl update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
        },
        {
          "name": "20030501-01-I",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I"
        },
        {
          "name": "20030313 Vulnerability in OpenSSL",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104766550528628\u0026w=2"
        },
        {
          "name": "20030320 [OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104819602408063\u0026w=2"
        },
        {
          "name": "CLA-2003:625",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000625"
        },
        {
          "name": "VU#997481",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/997481"
        },
        {
          "name": "20030313 OpenSSL Private Key Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_VULNWATCH"
          ],
          "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0147",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server\u0027s private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (\"Karatsuba\" and normal)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-288",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-288"
            },
            {
              "name": "RHSA-2003:101",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-101.html"
            },
            {
              "name": "RHSA-2003:102",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-102.html"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20030317.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20030317.txt"
            },
            {
              "name": "GLSA-200303-15",
              "refsource": "GENTOO",
              "url": "http://marc.info/?l=bugtraq\u0026m=104829040921835\u0026w=2"
            },
            {
              "name": "20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/316165/30/25370/threaded"
            },
            {
              "name": "APPLE-SA-2003-03-24",
              "refsource": "APPLE",
              "url": "http://www.securityfocus.com/archive/1/316165/30/25370/threaded"
            },
            {
              "name": "20030317 [ADVISORY] Timing Attack on OpenSSL",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104792570615648\u0026w=2"
            },
            {
              "name": "CSSA-2003-014.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt"
            },
            {
              "name": "MDKSA-2003:035",
              "refsource": "MANDRAKE",
              "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035"
            },
            {
              "name": "http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf",
              "refsource": "MISC",
              "url": "http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf"
            },
            {
              "name": "GLSA-200303-23",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:466",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466"
            },
            {
              "name": "OpenPKG-SA-2003.019",
              "refsource": "OPENPKG",
              "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html"
            },
            {
              "name": "GLSA-200303-24",
              "refsource": "GENTOO",
              "url": "http://marc.info/?l=bugtraq\u0026m=104861762028637\u0026w=2"
            },
            {
              "name": "IMNX-2003-7+-001-01",
              "refsource": "IMMUNIX",
              "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
            },
            {
              "name": "20030327 Immunix Secured OS 7+ openssl update",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
            },
            {
              "name": "20030501-01-I",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I"
            },
            {
              "name": "20030313 Vulnerability in OpenSSL",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104766550528628\u0026w=2"
            },
            {
              "name": "20030320 [OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104819602408063\u0026w=2"
            },
            {
              "name": "CLA-2003:625",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000625"
            },
            {
              "name": "VU#997481",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/997481"
            },
            {
              "name": "20030313 OpenSSL Private Key Disclosure",
              "refsource": "VULNWATCH",
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0147",
    "datePublished": "2003-03-18T05:00:00",
    "dateReserved": "2003-03-14T00:00:00",
    "dateUpdated": "2024-08-08T01:43:35.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-7250
Vulnerability from cvelistv5
Published
2012-02-29 11:00
Modified
2024-08-07 20:57
Severity
Summary
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.
References
URLTags
https://bugzilla.novell.com/show_bug.cgi?id=748738x_refsource_CONFIRM
http://secunia.com/advisories/48516third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/48899third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=openssl-dev&m=115685408414194&w=2mailing-list, x_refsource_MLIST
http://www.mail-archive.com/openssl-dev%40openssl.org/msg30305.htmlmailing-list, x_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2009-1335.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/52181vdb-entry, x_refsource_BID
http://secunia.com/advisories/36533third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1424-1vendor-advisory, x_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=798100x_refsource_CONFIRM
http://cvs.openssl.org/chngview?cn=22144x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2012/02/27/10mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2012/02/28/14mailing-list, x_refsource_MLIST
http://secunia.com/advisories/48153third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=133728068926468&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=133728068926468&w=2vendor-advisory, x_refsource_HP
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:57:40.840Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=748738"
          },
          {
            "name": "48516",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48516"
          },
          {
            "name": "48899",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48899"
          },
          {
            "name": "[openssl-dev] 20060829 Crash inside SMIME_read_PKCS7 if input is not MIME",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=openssl-dev\u0026m=115685408414194\u0026w=2"
          },
          {
            "name": "[openssl-dev] 20120210 [openssl.org #2711] Fix possible NULL dereference on bad MIME headers",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg30305.html"
          },
          {
            "name": "RHSA-2009:1335",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
          },
          {
            "name": "52181",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52181"
          },
          {
            "name": "36533",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36533"
          },
          {
            "name": "USN-1424-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1424-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=798100"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=22144"
          },
          {
            "name": "[oss-security] 20120227 CVE request: openssl: null pointer dereference issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/02/27/10"
          },
          {
            "name": "[oss-security] 20120228 Re: CVE request: openssl: null pointer dereference issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/02/28/14"
          },
          {
            "name": "48153",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48153"
          },
          {
            "name": "HPSBUX02782",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          },
          {
            "name": "SSRT100844",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-05T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=748738"
        },
        {
          "name": "48516",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48516"
        },
        {
          "name": "48899",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48899"
        },
        {
          "name": "[openssl-dev] 20060829 Crash inside SMIME_read_PKCS7 if input is not MIME",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=openssl-dev\u0026m=115685408414194\u0026w=2"
        },
        {
          "name": "[openssl-dev] 20120210 [openssl.org #2711] Fix possible NULL dereference on bad MIME headers",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg30305.html"
        },
        {
          "name": "RHSA-2009:1335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
        },
        {
          "name": "52181",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52181"
        },
        {
          "name": "36533",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36533"
        },
        {
          "name": "USN-1424-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1424-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=798100"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=22144"
        },
        {
          "name": "[oss-security] 20120227 CVE request: openssl: null pointer dereference issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/02/27/10"
        },
        {
          "name": "[oss-security] 20120228 Re: CVE request: openssl: null pointer dereference issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/02/28/14"
        },
        {
          "name": "48153",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48153"
        },
        {
          "name": "HPSBUX02782",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
        },
        {
          "name": "SSRT100844",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2006-7250",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.novell.com/show_bug.cgi?id=748738",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=748738"
            },
            {
              "name": "48516",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48516"
            },
            {
              "name": "48899",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48899"
            },
            {
              "name": "[openssl-dev] 20060829 Crash inside SMIME_read_PKCS7 if input is not MIME",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=openssl-dev\u0026m=115685408414194\u0026w=2"
            },
            {
              "name": "[openssl-dev] 20120210 [openssl.org #2711] Fix possible NULL dereference on bad MIME headers",
              "refsource": "MLIST",
              "url": "http://www.mail-archive.com/openssl-dev@openssl.org/msg30305.html"
            },
            {
              "name": "RHSA-2009:1335",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
            },
            {
              "name": "52181",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52181"
            },
            {
              "name": "36533",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36533"
            },
            {
              "name": "USN-1424-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1424-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=798100",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=798100"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=22144",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=22144"
            },
            {
              "name": "[oss-security] 20120227 CVE request: openssl: null pointer dereference issue",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/02/27/10"
            },
            {
              "name": "[oss-security] 20120228 Re: CVE request: openssl: null pointer dereference issue",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/02/28/14"
            },
            {
              "name": "48153",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48153"
            },
            {
              "name": "HPSBUX02782",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
            },
            {
              "name": "SSRT100844",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-7250",
    "datePublished": "2012-02-29T11:00:00",
    "dateReserved": "2011-12-19T00:00:00",
    "dateUpdated": "2024-08-07T20:57:40.840Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0198
Vulnerability from cvelistv5
Published
2014-05-06 10:00
Modified
2024-08-06 09:05
Severity
Summary
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
References
URLTags
http://secunia.com/advisories/59342third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59669third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59525third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59282third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59990third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59264third-party-advisory, x_refsource_SECUNIA
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59126third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/67193vdb-entry, x_refsource_BID
http://secunia.com/advisories/59306third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=1093837x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140544599631400&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59190third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59529third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlx_refsource_CONFIRM
http://secunia.com/advisories/61254third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676655x_refsource_CONFIRM
http://puppetlabs.com/security/cve/cve-2014-0198x_refsource_CONFIRM
http://secunia.com/advisories/59449third-party-advisory, x_refsource_SECUNIA
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676879x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677828x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140621259019789&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59300third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58667third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-201407-05.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/59284third-party-advisory, x_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg24037783x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677695x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676529x_refsource_CONFIRM
http://advisories.mageia.org/MGASA-2014-0204.htmlx_refsource_CONFIRM
http://www.securityfocus.com/archive/1/534161/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676889x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/58945third-party-advisory, x_refsource_SECUNIA
http://www.openbsd.org/errata55.html#005_opensslvendor-advisory, x_refsource_OPENBSD
http://secunia.com/advisories/59440third-party-advisory, x_refsource_SECUNIA
https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59655third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59163third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2014/dsa-2931vendor-advisory, x_refsource_DEBIAN
http://www-01.ibm.com/support/docview.wss?uid=swg21677836x_refsource_CONFIRM
http://secunia.com/advisories/59437third-party-advisory, x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754x_refsource_CONFIRM
http://secunia.com/advisories/59374third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/security/advisories/VMSA-2014-0006.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59310third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.ascx_refsource_CONFIRM
http://www.fortiguard.com/advisory/FG-IR-14-018/x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlvendor-advisory, x_refsource_SUSE
http://www.ibm.com/support/docview.wss?uid=swg21676356x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140389274407904&w=2vendor-advisory, x_refsource_HP
http://support.citrix.com/article/CTX140876x_refsource_CONFIRM
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757x_refsource_CONFIRM
http://secunia.com/advisories/58939third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59514third-party-advisory, x_refsource_SECUNIA
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-opensslvendor-advisory, x_refsource_CISCO
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10075x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676419x_refsource_CONFIRM
http://secunia.com/advisories/59438third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58714third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=141658880509699&w=2vendor-advisory, x_refsource_HP
http://www.openssl.org/news/secadv_20140605.txtx_refsource_CONFIRM
http://seclists.org/fulldisclosure/2014/Dec/23mailing-list, x_refsource_FULLDISC
http://secunia.com/advisories/60066third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59301third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2014-05/msg00036.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/59784third-party-advisory, x_refsource_SECUNIA
https://kb.bluecoat.com/index?page=content&id=SA80x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140904544427729&w=2vendor-advisory, x_refsource_HP
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21678167x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=140752315422991&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2014:080vendor-advisory, x_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=140389355508263&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=140448122410568&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59666third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140431828824371&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59413third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59721third-party-advisory, x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676062x_refsource_CONFIRM
http://secunia.com/advisories/58713third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21673137x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
http://www-01.ibm.com/support/docview.wss?uid=swg21676035x_refsource_CONFIRM
http://secunia.com/advisories/59450third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59287third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21683332x_refsource_CONFIRM
http://secunia.com/advisories/59491third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58977third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2014-05/msg00037.htmlvendor-advisory, x_refsource_SUSE
https://www.novell.com/support/kb/doc.php?id=7015271x_refsource_CONFIRM
http://secunia.com/advisories/60571third-party-advisory, x_refsource_SECUNIA
http://www.blackberry.com/btsc/KB36051x_refsource_CONFIRM
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755x_refsource_CONFIRM
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htmx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677527x_refsource_CONFIRM
http://secunia.com/advisories/59202third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58337third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59162third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59398third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59490third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60049third-party-advisory, x_refsource_SECUNIA
https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdfx_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:05:39.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59342"
          },
          {
            "name": "59669",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59669"
          },
          {
            "name": "59525",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59525"
          },
          {
            "name": "59282",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59282"
          },
          {
            "name": "59990",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59990"
          },
          {
            "name": "59264",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59264"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.html"
          },
          {
            "name": "59126",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59126"
          },
          {
            "name": "67193",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67193"
          },
          {
            "name": "59306",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59306"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093837"
          },
          {
            "name": "HPSBGN03068",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2"
          },
          {
            "name": "59190",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59190"
          },
          {
            "name": "59529",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59529"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "name": "61254",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61254"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://puppetlabs.com/security/cve/cve-2014-0198"
          },
          {
            "name": "59449",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59449"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
          },
          {
            "name": "HPSBMU03074",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
          },
          {
            "name": "59300",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59300"
          },
          {
            "name": "58667",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58667"
          },
          {
            "name": "GLSA-201407-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
          },
          {
            "name": "59284",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59284"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0204.html"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "name": "58945",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58945"
          },
          {
            "name": "[5.5] 005: RELIABILITY FIX: May 1, 2014",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/errata55.html#005_openssl"
          },
          {
            "name": "59440",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59440"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://rt.openssl.org/Ticket/Display.html?user=guest\u0026pass=guest\u0026id=3321"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "name": "59655",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59655"
          },
          {
            "name": "59163",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59163"
          },
          {
            "name": "DSA-2931",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2931"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
          },
          {
            "name": "59437",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59437"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
          },
          {
            "name": "59374",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59374"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
          },
          {
            "name": "59310",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59310"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/"
          },
          {
            "name": "SUSE-SU-2015:0743",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
          },
          {
            "name": "HPSBMU03057",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX140876"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
          },
          {
            "name": "58939",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58939"
          },
          {
            "name": "59514",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59514"
          },
          {
            "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
          },
          {
            "name": "59438",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59438"
          },
          {
            "name": "58714",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58714"
          },
          {
            "name": "HPSBHF03052",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20140605.txt"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "name": "60066",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60066"
          },
          {
            "name": "59301",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59301"
          },
          {
            "name": "openSUSE-SU-2014:0634",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00036.html"
          },
          {
            "name": "59784",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59784"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
          },
          {
            "name": "HPSBMU03076",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
          },
          {
            "name": "FEDORA-2014-9301",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
          },
          {
            "name": "HPSBMU03062",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
          },
          {
            "name": "MDVSA-2014:080",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:080"
          },
          {
            "name": "HPSBMU03056",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
          },
          {
            "name": "HPSBMU03051",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
          },
          {
            "name": "59666",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59666"
          },
          {
            "name": "HPSBMU03055",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
          },
          {
            "name": "59413",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59413"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "name": "59721",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59721"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
          },
          {
            "name": "58713",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58713"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
          },
          {
            "name": "59450",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59450"
          },
          {
            "name": "59287",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59287"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
          },
          {
            "name": "59491",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59491"
          },
          {
            "name": "58977",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58977"
          },
          {
            "name": "openSUSE-SU-2014:0635",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00037.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
          },
          {
            "name": "60571",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60571"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.blackberry.com/btsc/KB36051"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
          },
          {
            "name": "59202",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59202"
          },
          {
            "name": "58337",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58337"
          },
          {
            "name": "59162",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59162"
          },
          {
            "name": "59398",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59398"
          },
          {
            "name": "59490",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59490"
          },
          {
            "name": "60049",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60049"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-10T14:06:35",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "59342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59342"
        },
        {
          "name": "59669",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59669"
        },
        {
          "name": "59525",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59525"
        },
        {
          "name": "59282",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59282"
        },
        {
          "name": "59990",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59990"
        },
        {
          "name": "59264",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59264"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.html"
        },
        {
          "name": "59126",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59126"
        },
        {
          "name": "67193",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67193"
        },
        {
          "name": "59306",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59306"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093837"
        },
        {
          "name": "HPSBGN03068",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2"
        },
        {
          "name": "59190",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59190"
        },
        {
          "name": "59529",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59529"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
        },
        {
          "name": "61254",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61254"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://puppetlabs.com/security/cve/cve-2014-0198"
        },
        {
          "name": "59449",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59449"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
        },
        {
          "name": "HPSBMU03074",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
        },
        {
          "name": "59300",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59300"
        },
        {
          "name": "58667",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58667"
        },
        {
          "name": "GLSA-201407-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
        },
        {
          "name": "59284",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59284"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0204.html"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "name": "58945",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58945"
        },
        {
          "name": "[5.5] 005: RELIABILITY FIX: May 1, 2014",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://www.openbsd.org/errata55.html#005_openssl"
        },
        {
          "name": "59440",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59440"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://rt.openssl.org/Ticket/Display.html?user=guest\u0026pass=guest\u0026id=3321"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
        },
        {
          "name": "59655",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59655"
        },
        {
          "name": "59163",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59163"
        },
        {
          "name": "DSA-2931",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2931"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
        },
        {
          "name": "59437",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59437"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
        },
        {
          "name": "59374",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59374"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
        },
        {
          "name": "59310",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59310"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/"
        },
        {
          "name": "SUSE-SU-2015:0743",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
        },
        {
          "name": "HPSBMU03057",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX140876"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
        },
        {
          "name": "58939",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58939"
        },
        {
          "name": "59514",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59514"
        },
        {
          "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
        },
        {
          "name": "59438",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59438"
        },
        {
          "name": "58714",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58714"
        },
        {
          "name": "HPSBHF03052",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20140605.txt"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
        },
        {
          "name": "60066",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60066"
        },
        {
          "name": "59301",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59301"
        },
        {
          "name": "openSUSE-SU-2014:0634",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00036.html"
        },
        {
          "name": "59784",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59784"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
        },
        {
          "name": "HPSBMU03076",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
        },
        {
          "name": "FEDORA-2014-9301",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
        },
        {
          "name": "HPSBMU03062",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
        },
        {
          "name": "MDVSA-2014:080",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:080"
        },
        {
          "name": "HPSBMU03056",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
        },
        {
          "name": "HPSBMU03051",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
        },
        {
          "name": "59666",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59666"
        },
        {
          "name": "HPSBMU03055",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
        },
        {
          "name": "59413",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59413"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
        },
        {
          "name": "59721",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59721"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
        },
        {
          "name": "58713",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58713"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
        },
        {
          "name": "59450",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59450"
        },
        {
          "name": "59287",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59287"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
        },
        {
          "name": "59491",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59491"
        },
        {
          "name": "58977",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58977"
        },
        {
          "name": "openSUSE-SU-2014:0635",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00037.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
        },
        {
          "name": "60571",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60571"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.blackberry.com/btsc/KB36051"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
        },
        {
          "name": "59202",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59202"
        },
        {
          "name": "58337",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58337"
        },
        {
          "name": "59162",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59162"
        },
        {
          "name": "59398",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59398"
        },
        {
          "name": "59490",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59490"
        },
        {
          "name": "60049",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60049"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-0198",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59342",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59342"
            },
            {
              "name": "59669",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59669"
            },
            {
              "name": "59525",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59525"
            },
            {
              "name": "59282",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59282"
            },
            {
              "name": "59990",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59990"
            },
            {
              "name": "59264",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59264"
            },
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.html",
              "refsource": "CONFIRM",
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.html"
            },
            {
              "name": "59126",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59126"
            },
            {
              "name": "67193",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67193"
            },
            {
              "name": "59306",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59306"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1093837",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093837"
            },
            {
              "name": "HPSBGN03068",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2"
            },
            {
              "name": "59190",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59190"
            },
            {
              "name": "59529",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59529"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "61254",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61254"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
            },
            {
              "name": "http://puppetlabs.com/security/cve/cve-2014-0198",
              "refsource": "CONFIRM",
              "url": "http://puppetlabs.com/security/cve/cve-2014-0198"
            },
            {
              "name": "59449",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59449"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
            },
            {
              "name": "HPSBMU03074",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
            },
            {
              "name": "59300",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59300"
            },
            {
              "name": "58667",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58667"
            },
            {
              "name": "GLSA-201407-05",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
            },
            {
              "name": "59284",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59284"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg24037783",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0204.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0204.html"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
            },
            {
              "name": "FEDORA-2014-9308",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
            },
            {
              "name": "58945",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58945"
            },
            {
              "name": "[5.5] 005: RELIABILITY FIX: May 1, 2014",
              "refsource": "OPENBSD",
              "url": "http://www.openbsd.org/errata55.html#005_openssl"
            },
            {
              "name": "59440",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59440"
            },
            {
              "name": "https://rt.openssl.org/Ticket/Display.html?user=guest\u0026pass=guest\u0026id=3321",
              "refsource": "CONFIRM",
              "url": "https://rt.openssl.org/Ticket/Display.html?user=guest\u0026pass=guest\u0026id=3321"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
            },
            {
              "name": "59655",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59655"
            },
            {
              "name": "59163",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59163"
            },
            {
              "name": "DSA-2931",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2931"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
            },
            {
              "name": "59437",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59437"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
            },
            {
              "name": "59374",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59374"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
            },
            {
              "name": "59310",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59310"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
            },
            {
              "name": "http://www.fortiguard.com/advisory/FG-IR-14-018/",
              "refsource": "CONFIRM",
              "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/"
            },
            {
              "name": "SUSE-SU-2015:0743",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21676356",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
            },
            {
              "name": "HPSBMU03057",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
            },
            {
              "name": "http://support.citrix.com/article/CTX140876",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX140876"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
            },
            {
              "name": "58939",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58939"
            },
            {
              "name": "59514",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59514"
            },
            {
              "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
            },
            {
              "name": "59438",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59438"
            },
            {
              "name": "58714",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58714"
            },
            {
              "name": "HPSBHF03052",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20140605.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20140605.txt"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "60066",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60066"
            },
            {
              "name": "59301",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59301"
            },
            {
              "name": "openSUSE-SU-2014:0634",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00036.html"
            },
            {
              "name": "59784",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59784"
            },
            {
              "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA80",
              "refsource": "CONFIRM",
              "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
            },
            {
              "name": "HPSBMU03076",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
            },
            {
              "name": "FEDORA-2014-9301",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
            },
            {
              "name": "HPSBMU03062",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
            },
            {
              "name": "MDVSA-2014:080",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:080"
            },
            {
              "name": "HPSBMU03056",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
            },
            {
              "name": "HPSBMU03051",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
            },
            {
              "name": "59666",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59666"
            },
            {
              "name": "HPSBMU03055",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
            },
            {
              "name": "59413",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59413"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
            },
            {
              "name": "59721",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59721"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
            },
            {
              "name": "58713",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58713"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
            },
            {
              "name": "59450",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59450"
            },
            {
              "name": "59287",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59287"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
            },
            {
              "name": "59491",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59491"
            },
            {
              "name": "58977",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58977"
            },
            {
              "name": "openSUSE-SU-2014:0635",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00037.html"
            },
            {
              "name": "https://www.novell.com/support/kb/doc.php?id=7015271",
              "refsource": "CONFIRM",
              "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
            },
            {
              "name": "60571",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60571"
            },
            {
              "name": "http://www.blackberry.com/btsc/KB36051",
              "refsource": "CONFIRM",
              "url": "http://www.blackberry.com/btsc/KB36051"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
            },
            {
              "name": "59202",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59202"
            },
            {
              "name": "58337",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58337"
            },
            {
              "name": "59162",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59162"
            },
            {
              "name": "59398",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59398"
            },
            {
              "name": "59490",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59490"
            },
            {
              "name": "60049",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60049"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-0198",
    "datePublished": "2014-05-06T10:00:00",
    "dateReserved": "2013-12-03T00:00:00",
    "dateUpdated": "2024-08-06T09:05:39.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3512
Vulnerability from cvelistv5
Published
2014-08-13 23:00
Modified
2024-08-06 10:43
Severity
Summary
Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.
References
URLTags
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/60221third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21682293x_refsource_CONFIRM
http://secunia.com/advisories/61184third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/60022third-party-advisory, x_refsource_SECUNIA
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.htmlx_refsource_CONFIRM
https://www.openssl.org/news/secadv_20140806.txtx_refsource_CONFIRM
http://secunia.com/advisories/61017third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/95158vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg21683389x_refsource_CONFIRM
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htmx_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=4a23b12a031860253b58d503f296377ca076427bx_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201412-39.xmlvendor-advisory, x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/60803third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59700third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id/1030693vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/60917third-party-advisory, x_refsource_SECUNIA
http://www.tenable.com/security/tns-2014-06x_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.ascvendor-advisory, x_refsource_NETBSD
http://secunia.com/advisories/60493third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59710third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60921third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60810third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/69083vdb-entry, x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240x_refsource_CONFIRM
http://secunia.com/advisories/61100third-party-advisory, x_refsource_SECUNIA
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://secunia.com/advisories/61775third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2014/dsa-2998vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/61959third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59756third-party-advisory, x_refsource_SECUNIA
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.ascx_refsource_CONFIRM
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/61171third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21686997x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:06.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2014:1052",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
          },
          {
            "name": "60221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
          },
          {
            "name": "61184",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61184"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "60022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60022"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20140806.txt"
          },
          {
            "name": "61017",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61017"
          },
          {
            "name": "openssl-cve20143512-dos(95158)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95158"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=4a23b12a031860253b58d503f296377ca076427b"
          },
          {
            "name": "GLSA-201412-39",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "60803",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60803"
          },
          {
            "name": "59700",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59700"
          },
          {
            "name": "1030693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030693"
          },
          {
            "name": "60917",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60917"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.tenable.com/security/tns-2014-06"
          },
          {
            "name": "NetBSD-SA2014-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
          },
          {
            "name": "60493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60493"
          },
          {
            "name": "59710",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59710"
          },
          {
            "name": "60921",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60921"
          },
          {
            "name": "60810",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60810"
          },
          {
            "name": "69083",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69083"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
          },
          {
            "name": "61100",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61100"
          },
          {
            "name": "FreeBSD-SA-14:18",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
          },
          {
            "name": "61775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61775"
          },
          {
            "name": "DSA-2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2998"
          },
          {
            "name": "61959",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61959"
          },
          {
            "name": "59756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59756"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
          },
          {
            "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
          },
          {
            "name": "61171",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61171"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2014:1052",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
        },
        {
          "name": "60221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
        },
        {
          "name": "61184",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61184"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "60022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60022"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20140806.txt"
        },
        {
          "name": "61017",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61017"
        },
        {
          "name": "openssl-cve20143512-dos(95158)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95158"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=4a23b12a031860253b58d503f296377ca076427b"
        },
        {
          "name": "GLSA-201412-39",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "60803",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60803"
        },
        {
          "name": "59700",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59700"
        },
        {
          "name": "1030693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030693"
        },
        {
          "name": "60917",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60917"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.tenable.com/security/tns-2014-06"
        },
        {
          "name": "NetBSD-SA2014-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
        },
        {
          "name": "60493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60493"
        },
        {
          "name": "59710",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59710"
        },
        {
          "name": "60921",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60921"
        },
        {
          "name": "60810",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60810"
        },
        {
          "name": "69083",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69083"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
        },
        {
          "name": "61100",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61100"
        },
        {
          "name": "FreeBSD-SA-14:18",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
        },
        {
          "name": "61775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61775"
        },
        {
          "name": "DSA-2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2998"
        },
        {
          "name": "61959",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61959"
        },
        {
          "name": "59756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59756"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
        },
        {
          "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
        },
        {
          "name": "61171",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61171"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3512",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2014:1052",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
            },
            {
              "name": "60221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60221"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
            },
            {
              "name": "61184",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61184"
            },
            {
              "name": "SSRT101846",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "60022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60022"
            },
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html",
              "refsource": "CONFIRM",
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20140806.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20140806.txt"
            },
            {
              "name": "61017",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61017"
            },
            {
              "name": "openssl-cve20143512-dos(95158)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95158"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4a23b12a031860253b58d503f296377ca076427b",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4a23b12a031860253b58d503f296377ca076427b"
            },
            {
              "name": "GLSA-201412-39",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
            },
            {
              "name": "HPSBHF03293",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "60803",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60803"
            },
            {
              "name": "59700",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59700"
            },
            {
              "name": "1030693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030693"
            },
            {
              "name": "60917",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60917"
            },
            {
              "name": "http://www.tenable.com/security/tns-2014-06",
              "refsource": "CONFIRM",
              "url": "http://www.tenable.com/security/tns-2014-06"
            },
            {
              "name": "NetBSD-SA2014-008",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
            },
            {
              "name": "60493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60493"
            },
            {
              "name": "59710",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59710"
            },
            {
              "name": "60921",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60921"
            },
            {
              "name": "60810",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60810"
            },
            {
              "name": "69083",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69083"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
            },
            {
              "name": "61100",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61100"
            },
            {
              "name": "FreeBSD-SA-14:18",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
            },
            {
              "name": "61775",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61775"
            },
            {
              "name": "DSA-2998",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2998"
            },
            {
              "name": "61959",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61959"
            },
            {
              "name": "59756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59756"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
            },
            {
              "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
              "refsource": "MLIST",
              "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
            },
            {
              "name": "61171",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61171"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3512",
    "datePublished": "2014-08-13T23:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:43:06.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-3108
Vulnerability from cvelistv5
Published
2007-08-08 01:11
Modified
2024-08-07 14:05
Severity
Summary
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
References
URLTags
http://support.attachmate.com/techdocs/2374.htmlx_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/RGII-74KLP3x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/724968third-party-advisory, x_refsource_CERT-VN
http://secunia.com/advisories/26893third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1571vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/27205third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/476341/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/27097third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/2362vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2759vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9984vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/31489third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-1003.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/31531third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2007:193vendor-advisory, x_refsource_MANDRIVA
http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerabilityx_refsource_CONFIRM
http://secunia.com/advisories/30220third-party-advisory, x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1633x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/4010vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/485936/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/27770third-party-advisory, x_refsource_SECUNIA
http://lists.vmware.com/pipermail/security-announce/2008/000002.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/26411third-party-advisory, x_refsource_SECUNIA
https://usn.ubuntu.com/522-1/vendor-advisory, x_refsource_UBUNTU
http://openssl.org/news/patch-CVE-2007-3108.txtx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/2361vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/31467third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-0964.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/27870third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/2396vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/27330third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30161third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xmlvendor-advisory, x_refsource_GENTOO
http://www.vmware.com/security/advisories/VMSA-2008-0013.htmlx_refsource_CONFIRM
http://secunia.com/advisories/28368third-party-advisory, x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2007-485.htmx_refsource_CONFIRM
http://secunia.com/advisories/27078third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200710-06.xmlvendor-advisory, x_refsource_GENTOO
http://cvs.openssl.org/chngview?cn=16275x_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-1613x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2007-0813.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/25163vdb-entry, x_refsource_BID
http://www.vmware.com/security/advisories/VMSA-2008-0001.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/0064vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/27021third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/486859/100/0/threadedmailing-list, x_refsource_BUGTRAQ
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:05:28.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/RGII-74KLP3"
          },
          {
            "name": "VU#724968",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/724968"
          },
          {
            "name": "26893",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26893"
          },
          {
            "name": "DSA-1571",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1571"
          },
          {
            "name": "27205",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27205"
          },
          {
            "name": "20070813 FLEA-2007-0043-1 openssl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/476341/100/0/threaded"
          },
          {
            "name": "27097",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27097"
          },
          {
            "name": "ADV-2008-2362",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2362"
          },
          {
            "name": "ADV-2007-2759",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2759"
          },
          {
            "name": "oval:org.mitre.oval:def:9984",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9984"
          },
          {
            "name": "31489",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31489"
          },
          {
            "name": "RHSA-2007:1003",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html"
          },
          {
            "name": "31531",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "name": "MDKSA-2007:193",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability"
          },
          {
            "name": "30220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30220"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1633"
          },
          {
            "name": "ADV-2007-4010",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4010"
          },
          {
            "name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
          },
          {
            "name": "27770",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27770"
          },
          {
            "name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
          },
          {
            "name": "26411",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26411"
          },
          {
            "name": "USN-522-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/522-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://openssl.org/news/patch-CVE-2007-3108.txt"
          },
          {
            "name": "ADV-2008-2361",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2361"
          },
          {
            "name": "31467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31467"
          },
          {
            "name": "RHSA-2007:0964",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
          },
          {
            "name": "27870",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27870"
          },
          {
            "name": "ADV-2008-2396",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "name": "27330",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27330"
          },
          {
            "name": "30161",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30161"
          },
          {
            "name": "GLSA-200805-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
          },
          {
            "name": "28368",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28368"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"
          },
          {
            "name": "27078",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27078"
          },
          {
            "name": "GLSA-200710-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=16275"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1613"
          },
          {
            "name": "RHSA-2007:0813",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html"
          },
          {
            "name": "25163",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25163"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
          },
          {
            "name": "ADV-2008-0064",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0064"
          },
          {
            "name": "27021",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27021"
          },
          {
            "name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.attachmate.com/techdocs/2374.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kb.cert.org/vuls/id/RGII-74KLP3"
        },
        {
          "name": "VU#724968",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/724968"
        },
        {
          "name": "26893",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26893"
        },
        {
          "name": "DSA-1571",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1571"
        },
        {
          "name": "27205",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27205"
        },
        {
          "name": "20070813 FLEA-2007-0043-1 openssl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/476341/100/0/threaded"
        },
        {
          "name": "27097",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27097"
        },
        {
          "name": "ADV-2008-2362",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2362"
        },
        {
          "name": "ADV-2007-2759",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2759"
        },
        {
          "name": "oval:org.mitre.oval:def:9984",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9984"
        },
        {
          "name": "31489",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31489"
        },
        {
          "name": "RHSA-2007:1003",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html"
        },
        {
          "name": "31531",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31531"
        },
        {
          "name": "MDKSA-2007:193",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability"
        },
        {
          "name": "30220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30220"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1633"
        },
        {
          "name": "ADV-2007-4010",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4010"
        },
        {
          "name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
        },
        {
          "name": "27770",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27770"
        },
        {
          "name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
        },
        {
          "name": "26411",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26411"
        },
        {
          "name": "USN-522-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/522-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://openssl.org/news/patch-CVE-2007-3108.txt"
        },
        {
          "name": "ADV-2008-2361",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2361"
        },
        {
          "name": "31467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31467"
        },
        {
          "name": "RHSA-2007:0964",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
        },
        {
          "name": "27870",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27870"
        },
        {
          "name": "ADV-2008-2396",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2396"
        },
        {
          "name": "27330",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27330"
        },
        {
          "name": "30161",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30161"
        },
        {
          "name": "GLSA-200805-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
        },
        {
          "name": "28368",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28368"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"
        },
        {
          "name": "27078",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27078"
        },
        {
          "name": "GLSA-200710-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=16275"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1613"
        },
        {
          "name": "RHSA-2007:0813",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html"
        },
        {
          "name": "25163",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25163"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
        },
        {
          "name": "ADV-2008-0064",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0064"
        },
        {
          "name": "27021",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27021"
        },
        {
          "name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-3108",
    "datePublished": "2007-08-08T01:11:00",
    "dateReserved": "2007-06-07T00:00:00",
    "dateUpdated": "2024-08-07T14:05:28.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2181
Vulnerability from cvelistv5
Published
2016-09-16 00:00
Modified
2024-08-05 23:17
Severity
Summary
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.
References
URLTags
http://www.securityfocus.com/bid/92982vdb-entry
https://www.tenable.com/security/tns-2016-20
http://www.splunk.com/view/SP-CAAAPUE
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://rhn.redhat.com/errata/RHSA-2016-1940.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
http://www.splunk.com/view/SP-CAAAPSV
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-21
http://www.securitytracker.com/id/1036690vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://bto.bluecoat.com/security-advisory/sa132
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.ascvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-3087-1vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-3087-2vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.htmlvendor-advisory
http://seclists.org/fulldisclosure/2017/Jul/31mailing-list
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.htmlvendor-advisory
https://support.f5.com/csp/article/K59298921
http://www.debian.org/security/2016/dsa-3673vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.htmlvendor-advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "92982",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92982"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "name": "1036690",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036690"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K59298921"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "92982",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92982"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "name": "1036690",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036690"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "url": "https://support.f5.com/csp/article/K59298921"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2181",
    "datePublished": "2016-09-16T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-4180
Vulnerability from cvelistv5
Published
2010-12-06 21:00
Modified
2024-08-07 03:34
Severity
Summary
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
References
URLTags
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.htmlvendor-advisory, x_refsource_SUSE
http://www.securitytracker.com/id?1024822vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/42473third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/42571third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/43170third-party-advisory, x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471vendor-advisory, x_refsource_SLACKWARE
http://www.vupen.com/english/advisories/2011/0268vdb-entry, x_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlvendor-advisory, x_refsource_SUSE
http://support.apple.com/kb/HT4723x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/42493third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/43173third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2011/0032vdb-entry, x_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/43171third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/42620third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/522176vendor-advisory, x_refsource_HP
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://ubuntu.com/usn/usn-1029-1vendor-advisory, x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2010/3120vdb-entry, x_refsource_VUPEN
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/3122vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/43169third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/43172third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=132077688910227&w=2vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/45164vdb-entry, x_refsource_BID
http://osvdb.org/69565vdb-entry, x_refsource_OSVDB
https://bugzilla.redhat.com/show_bug.cgi?id=659462x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/737740third-party-advisory, x_refsource_CERT-VN
http://secunia.com/advisories/42469third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/522176vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=130497251507577&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/42877third-party-advisory, x_refsource_SECUNIA
http://cvs.openssl.org/chngview?cn=20131x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0977.htmlvendor-advisory, x_refsource_REDHAT
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777vendor-advisory, x_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2010/3134vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/3188vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=129916880600544&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2011/0076vdb-entry, x_refsource_VUPEN
http://openssl.org/news/secadv_20101202.txtx_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0978.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/44269third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2011-0896.htmlvendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2011/dsa-2141vendor-advisory, x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=130497251507577&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=132077688910227&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=129916880600544&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2010:248vendor-advisory, x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2010-0979.htmlvendor-advisory, x_refsource_REDHAT
https://kb.bluecoat.com/index?page=content&id=SA53&actp=LISTx_refsource_CONFIRM
http://secunia.com/advisories/42811third-party-advisory, x_refsource_SECUNIA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:34:37.524Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2011:001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
          },
          {
            "name": "1024822",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024822"
          },
          {
            "name": "42473",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42473"
          },
          {
            "name": "42571",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42571"
          },
          {
            "name": "43170",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43170"
          },
          {
            "name": "SSA:2010-340-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471"
          },
          {
            "name": "ADV-2011-0268",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0268"
          },
          {
            "name": "SUSE-SR:2011:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4723"
          },
          {
            "name": "SUSE-SU-2011:0847",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
          },
          {
            "name": "42493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42493"
          },
          {
            "name": "43173",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43173"
          },
          {
            "name": "FEDORA-2010-18765",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html"
          },
          {
            "name": "ADV-2011-0032",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0032"
          },
          {
            "name": "openSUSE-SU-2011:0845",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
          },
          {
            "name": "43171",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43171"
          },
          {
            "name": "42620",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42620"
          },
          {
            "name": "SSRT100817",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/522176"
          },
          {
            "name": "APPLE-SA-2011-06-23-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
          },
          {
            "name": "USN-1029-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1029-1"
          },
          {
            "name": "ADV-2010-3120",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3120"
          },
          {
            "name": "FEDORA-2010-18736",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html"
          },
          {
            "name": "ADV-2010-3122",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3122"
          },
          {
            "name": "43169",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43169"
          },
          {
            "name": "43172",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43172"
          },
          {
            "name": "HPSBHF02706",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
          },
          {
            "name": "45164",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45164"
          },
          {
            "name": "69565",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/69565"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462"
          },
          {
            "name": "VU#737740",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/737740"
          },
          {
            "name": "42469",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42469"
          },
          {
            "name": "HPSBMU02759",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/522176"
          },
          {
            "name": "SSRT100475",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
          },
          {
            "name": "42877",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42877"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=20131"
          },
          {
            "name": "RHSA-2010:0977",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html"
          },
          {
            "name": "HPSBMA02658",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
          },
          {
            "name": "SSRT100413",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
          },
          {
            "name": "ADV-2010-3134",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3134"
          },
          {
            "name": "ADV-2010-3188",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3188"
          },
          {
            "name": "oval:org.mitre.oval:def:18910",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910"
          },
          {
            "name": "HPSBUX02638",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2"
          },
          {
            "name": "ADV-2011-0076",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0076"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv_20101202.txt"
          },
          {
            "name": "RHSA-2010:0978",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0978.html"
          },
          {
            "name": "44269",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44269"
          },
          {
            "name": "RHSA-2011:0896",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
          },
          {
            "name": "DSA-2141",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2141"
          },
          {
            "name": "HPSBOV02670",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
          },
          {
            "name": "SSRT100613",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
          },
          {
            "name": "SSRT100339",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2"
          },
          {
            "name": "MDVSA-2010:248",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:248"
          },
          {
            "name": "RHSA-2010:0979",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0979.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA53\u0026actp=LIST"
          },
          {
            "name": "42811",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42811"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-12-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SR:2011:001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
        },
        {
          "name": "1024822",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024822"
        },
        {
          "name": "42473",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42473"
        },
        {
          "name": "42571",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42571"
        },
        {
          "name": "43170",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43170"
        },
        {
          "name": "SSA:2010-340-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471"
        },
        {
          "name": "ADV-2011-0268",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0268"
        },
        {
          "name": "SUSE-SR:2011:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4723"
        },
        {
          "name": "SUSE-SU-2011:0847",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
        },
        {
          "name": "42493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42493"
        },
        {
          "name": "43173",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43173"
        },
        {
          "name": "FEDORA-2010-18765",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html"
        },
        {
          "name": "ADV-2011-0032",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0032"
        },
        {
          "name": "openSUSE-SU-2011:0845",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
        },
        {
          "name": "43171",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43171"
        },
        {
          "name": "42620",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42620"
        },
        {
          "name": "SSRT100817",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/522176"
        },
        {
          "name": "APPLE-SA-2011-06-23-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
        },
        {
          "name": "USN-1029-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1029-1"
        },
        {
          "name": "ADV-2010-3120",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3120"
        },
        {
          "name": "FEDORA-2010-18736",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html"
        },
        {
          "name": "ADV-2010-3122",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3122"
        },
        {
          "name": "43169",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43169"
        },
        {
          "name": "43172",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43172"
        },
        {
          "name": "HPSBHF02706",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
        },
        {
          "name": "45164",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45164"
        },
        {
          "name": "69565",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/69565"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462"
        },
        {
          "name": "VU#737740",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/737740"
        },
        {
          "name": "42469",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42469"
        },
        {
          "name": "HPSBMU02759",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/522176"
        },
        {
          "name": "SSRT100475",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
        },
        {
          "name": "42877",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42877"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=20131"
        },
        {
          "name": "RHSA-2010:0977",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html"
        },
        {
          "name": "HPSBMA02658",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
        },
        {
          "name": "SSRT100413",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
        },
        {
          "name": "ADV-2010-3134",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3134"
        },
        {
          "name": "ADV-2010-3188",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3188"
        },
        {
          "name": "oval:org.mitre.oval:def:18910",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910"
        },
        {
          "name": "HPSBUX02638",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2"
        },
        {
          "name": "ADV-2011-0076",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0076"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://openssl.org/news/secadv_20101202.txt"
        },
        {
          "name": "RHSA-2010:0978",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0978.html"
        },
        {
          "name": "44269",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44269"
        },
        {
          "name": "RHSA-2011:0896",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
        },
        {
          "name": "DSA-2141",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2141"
        },
        {
          "name": "HPSBOV02670",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
        },
        {
          "name": "SSRT100613",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
        },
        {
          "name": "SSRT100339",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2"
        },
        {
          "name": "MDVSA-2010:248",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:248"
        },
        {
          "name": "RHSA-2010:0979",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0979.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA53\u0026actp=LIST"
        },
        {
          "name": "42811",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42811"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-4180",
    "datePublished": "2010-12-06T21:00:00",
    "dateReserved": "2010-11-04T00:00:00",
    "dateUpdated": "2024-08-07T03:34:37.524Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-3207
Vulnerability from cvelistv5
Published
2011-09-22 10:00
Modified
2024-08-06 23:29
Severity
Summary
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
References
URLTags
http://marc.info/?l=bugtraq&m=133226187115472&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=133226187115472&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlvendor-advisory, x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.htmlvendor-advisory, x_refsource_FEDORA
http://cvs.openssl.org/chngview?cn=21349x_refsource_CONFIRM
http://secunia.com/advisories/45956third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2011:137vendor-advisory, x_refsource_MANDRIVA
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.htmlvendor-advisory, x_refsource_FEDORA
http://support.apple.com/kb/HT5784x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
https://bugzilla.redhat.com/show_bug.cgi?id=736087x_refsource_CONFIRM
http://www.securitytracker.com/id?1026012vdb-entry, x_refsource_SECTRACK
http://openssl.org/news/secadv_20110906.txtx_refsource_CONFIRM
http://secunia.com/advisories/57353third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2011-1409.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:29:56.260Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBMU02752",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
          },
          {
            "name": "SSRT100802",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "FEDORA-2012-18035",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
          },
          {
            "name": "FEDORA-2011-12233",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=21349"
          },
          {
            "name": "45956",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45956"
          },
          {
            "name": "MDVSA-2011:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137"
          },
          {
            "name": "FEDORA-2011-12281",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736087"
          },
          {
            "name": "1026012",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026012"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv_20110906.txt"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "RHSA-2011:1409",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1409.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-03-18T11:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "HPSBMU02752",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
        },
        {
          "name": "SSRT100802",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "FEDORA-2012-18035",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
        },
        {
          "name": "FEDORA-2011-12233",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=21349"
        },
        {
          "name": "45956",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45956"
        },
        {
          "name": "MDVSA-2011:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137"
        },
        {
          "name": "FEDORA-2011-12281",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5784"
        },
        {
          "name": "APPLE-SA-2013-06-04-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736087"
        },
        {
          "name": "1026012",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026012"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://openssl.org/news/secadv_20110906.txt"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "RHSA-2011:1409",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1409.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-3207",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBMU02752",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
            },
            {
              "name": "SSRT100802",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
            },
            {
              "name": "FEDORA-2012-18035",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
            },
            {
              "name": "FEDORA-2011-12233",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=21349",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=21349"
            },
            {
              "name": "45956",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45956"
            },
            {
              "name": "MDVSA-2011:137",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137"
            },
            {
              "name": "FEDORA-2011-12281",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5784",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5784"
            },
            {
              "name": "APPLE-SA-2013-06-04-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=736087",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736087"
            },
            {
              "name": "1026012",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026012"
            },
            {
              "name": "http://openssl.org/news/secadv_20110906.txt",
              "refsource": "CONFIRM",
              "url": "http://openssl.org/news/secadv_20110906.txt"
            },
            {
              "name": "57353",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57353"
            },
            {
              "name": "RHSA-2011:1409",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1409.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-3207",
    "datePublished": "2011-09-22T10:00:00",
    "dateReserved": "2011-08-19T00:00:00",
    "dateUpdated": "2024-08-06T23:29:56.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0216
Vulnerability from cvelistv5
Published
2023-02-08 19:03
Modified
2024-08-02 05:02
Severity
Summary
Invalid pointer dereference in d2i_PKCS7 functions
References
URLTags
https://www.openssl.org/news/secadv/20230207.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6patch
https://security.gentoo.org/glsa/202402-08
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:02:43.906Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230207.txt"
          },
          {
            "name": "3.0.8 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.0.8",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Marc Sch\u00f6nefeld"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tom\u00e1\u0161 Mr\u00e1z"
        }
      ],
      "datePublic": "2023-02-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An invalid pointer dereference on read can be triggered when an\u003cbr\u003eapplication tries to load malformed PKCS7 data with the\u003cbr\u003ed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.\u003cbr\u003e\u003cbr\u003eThe result of the dereference is an application crash which could\u003cbr\u003elead to a denial of service attack. The TLS implementation in OpenSSL\u003cbr\u003edoes not call this function however third party applications might\u003cbr\u003ecall these functions on untrusted data.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "An invalid pointer dereference on read can be triggered when an\napplication tries to load malformed PKCS7 data with the\nd2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.\n\nThe result of the dereference is an application crash which could\nlead to a denial of service attack. The TLS implementation in OpenSSL\ndoes not call this function however third party applications might\ncall these functions on untrusted data.\n\n"
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Moderate"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "invalid pointer dereference",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-24T14:44:35.753Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230207.txt"
        },
        {
          "name": "3.0.8 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Invalid pointer dereference in d2i_PKCS7 functions",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-0216",
    "datePublished": "2023-02-08T19:03:05.652Z",
    "dateReserved": "2023-01-11T12:01:06.675Z",
    "dateUpdated": "2024-08-02T05:02:43.906Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0800
Vulnerability from cvelistv5
Published
2016-03-01 00:00
Modified
2024-08-05 22:30
Severity
Summary
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
References
URLTags
https://kc.mcafee.com/corporate/index?page=content&id=SB10154
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://access.redhat.com/security/vulnerabilities/drown
http://marc.info/?l=bugtraq&m=146133665209436&w=2vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05307589
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
http://marc.info/?l=bugtraq&m=146108058503441&w=2vendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176765
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-openssl-en
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlvendor-advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.ascvendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory
https://security.netapp.com/advisory/ntap-20160301-0001/
http://marc.info/?l=bugtraq&m=145983526810210&w=2vendor-advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05096953
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.htmlvendor-advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
https://www.kb.cert.org/vuls/id/583776third-party-advisory
https://drownattack.com
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.htmlvendor-advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-opensslvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05143554
http://www.securityfocus.com/bid/83733vdb-entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
http://rhn.redhat.com/errata/RHSA-2016-1519.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.htmlvendor-advisory
https://www.openssl.org/news/secadv/20160301.txt
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.securityfocus.com/bid/91787vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdf
https://security.gentoo.org/glsa/201603-15vendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
http://support.citrix.com/article/CTX208403
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlvendor-advisory
http://www.securitytracker.com/id/1035133vdb-entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf
https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:05.111Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10154"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/drown"
          },
          {
            "name": "HPSBMU03573",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=146133665209436\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05307589"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
          },
          {
            "name": "HPSBMU03575",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=146108058503441\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03726en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176765"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-openssl-en"
          },
          {
            "name": "openSUSE-SU-2016:0638",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
          },
          {
            "name": "FreeBSD-SA-16:12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:0621",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160301-0001/"
          },
          {
            "name": "HPSBGN03569",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05096953"
          },
          {
            "name": "SUSE-SU-2016:1057",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
          },
          {
            "name": "VU#583776",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/583776"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://drownattack.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877"
          },
          {
            "name": "openSUSE-SU-2016:0720",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
          },
          {
            "name": "SUSE-SU-2016:0624",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05143554"
          },
          {
            "name": "83733",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/83733"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
          },
          {
            "name": "RHSA-2016:1519",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1519.html"
          },
          {
            "name": "SUSE-SU-2016:0631",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160301.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "SUSE-SU-2016:0617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10722"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdf"
          },
          {
            "name": "GLSA-201603-15",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201603-15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX208403"
          },
          {
            "name": "openSUSE-SU-2016:0628",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
          },
          {
            "name": "1035133",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035133"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800"
          },
          {
            "name": "SUSE-SU-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
          },
          {
            "name": "SUSE-SU-2016:0620",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "name": "openSUSE-SU-2016:0627",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
          },
          {
            "name": "SUSE-SU-2016:0641",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10154"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "url": "https://access.redhat.com/security/vulnerabilities/drown"
        },
        {
          "name": "HPSBMU03573",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=146133665209436\u0026w=2"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05307589"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
        },
        {
          "name": "HPSBMU03575",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=146108058503441\u0026w=2"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03726en_us"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176765"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-openssl-en"
        },
        {
          "name": "openSUSE-SU-2016:0638",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
        },
        {
          "name": "FreeBSD-SA-16:12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "openSUSE-SU-2016:1239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:0621",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20160301-0001/"
        },
        {
          "name": "HPSBGN03569",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
        },
        {
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05096953"
        },
        {
          "name": "SUSE-SU-2016:1057",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
        },
        {
          "name": "VU#583776",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.kb.cert.org/vuls/id/583776"
        },
        {
          "url": "https://drownattack.com"
        },
        {
          "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
        },
        {
          "name": "openSUSE-SU-2016:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
        },
        {
          "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877"
        },
        {
          "name": "openSUSE-SU-2016:0720",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
        },
        {
          "name": "SUSE-SU-2016:0624",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05143554"
        },
        {
          "name": "83733",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/83733"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
        },
        {
          "name": "RHSA-2016:1519",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1519.html"
        },
        {
          "name": "SUSE-SU-2016:0631",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160301.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "SUSE-SU-2016:0617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10722"
        },
        {
          "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdf"
        },
        {
          "name": "GLSA-201603-15",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201603-15"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"
        },
        {
          "url": "http://support.citrix.com/article/CTX208403"
        },
        {
          "name": "openSUSE-SU-2016:0628",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
        },
        {
          "name": "1035133",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035133"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800"
        },
        {
          "name": "SUSE-SU-2016:0678",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
        },
        {
          "name": "SUSE-SU-2016:0620",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "name": "openSUSE-SU-2016:0627",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
        },
        {
          "name": "SUSE-SU-2016:0641",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0800",
    "datePublished": "2016-03-01T00:00:00",
    "dateReserved": "2015-12-16T00:00:00",
    "dateUpdated": "2024-08-05T22:30:05.111Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-0928
Vulnerability from cvelistv5
Published
2010-03-05 19:00
Modified
2024-08-07 01:06
Severity
Summary
OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
References
URLTags
https://exchange.xforce.ibmcloud.com/vulnerabilities/56750vdb-entry, x_refsource_XF
http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/x_refsource_MISC
http://www.osvdb.org/62808vdb-entry, x_refsource_OSVDB
http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/x_refsource_MISC
http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdfx_refsource_MISC
http://www.networkworld.com/news/2010/030410-rsa-security-attack.htmlx_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:06:52.376Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openssl-fwe-weak-security(56750)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/"
          },
          {
            "name": "62808",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/62808"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openssl-fwe-weak-security(56750)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/"
        },
        {
          "name": "62808",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/62808"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-0928",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openssl-fwe-weak-security(56750)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750"
            },
            {
              "name": "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/",
              "refsource": "MISC",
              "url": "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/"
            },
            {
              "name": "62808",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/62808"
            },
            {
              "name": "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/",
              "refsource": "MISC",
              "url": "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/"
            },
            {
              "name": "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf",
              "refsource": "MISC",
              "url": "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf"
            },
            {
              "name": "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html",
              "refsource": "MISC",
              "url": "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-0928",
    "datePublished": "2010-03-05T19:00:00",
    "dateReserved": "2010-03-05T00:00:00",
    "dateUpdated": "2024-08-07T01:06:52.376Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0209
Vulnerability from cvelistv5
Published
2015-03-19 00:00
Modified
2024-08-06 04:03
Severity
Summary
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.
References
URLTags
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://rhn.redhat.com/errata/RHSA-2015-0715.htmlvendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680
http://www.debian.org/security/2015/dsa-3197vendor-advisory
http://www.ubuntu.com/usn/USN-2537-1vendor-advisory
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.htmlvendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.htmlvendor-advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory
https://access.redhat.com/articles/1384453
http://rhn.redhat.com/errata/RHSA-2016-1089.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1196737
http://marc.info/?l=bugtraq&m=143213830203296&w=2vendor-advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://rhn.redhat.com/errata/RHSA-2015-0716.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=142841429220765&w=2vendor-advisory
http://support.apple.com/kb/HT204942
https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.ascvendor-advisory
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://rhn.redhat.com/errata/RHSA-2015-0752.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
http://www.securitytracker.com/id/1031929vdb-entry
http://marc.info/?l=bugtraq&m=143213830203296&w=2vendor-advisory
http://www.securityfocus.com/bid/73239vdb-entry
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.htmlvendor-advisory
https://support.citrix.com/article/CTX216642
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=144050254401665&w=2vendor-advisory
https://security.gentoo.org/glsa/201503-11vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:09.978Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "RHSA-2015:0715",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
          },
          {
            "name": "openSUSE-SU-2015:0554",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
          },
          {
            "name": "DSA-3197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3197"
          },
          {
            "name": "USN-2537-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2537-1"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "name": "FEDORA-2015-4303",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "FEDORA-2015-4300",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
          },
          {
            "name": "APPLE-SA-2015-06-30-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "FEDORA-2015-6951",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/1384453"
          },
          {
            "name": "RHSA-2016:1089",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196737"
          },
          {
            "name": "HPSBUX03334",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "MDVSA-2015:063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
          },
          {
            "name": "SUSE-SU-2015:0541",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "RHSA-2015:0716",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
          },
          {
            "name": "HPSBGN03306",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "name": "FreeBSD-SA-15:06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "RHSA-2015:0752",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "SSRT102000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "73239",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73239"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "name": "FEDORA-2015-4320",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "FEDORA-2015-6855",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
          },
          {
            "name": "HPSBMU03413",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "RHSA-2015:0715",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
        },
        {
          "name": "openSUSE-SU-2015:0554",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
        },
        {
          "name": "DSA-3197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3197"
        },
        {
          "name": "USN-2537-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2537-1"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "name": "FEDORA-2015-4303",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "FEDORA-2015-4300",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
        },
        {
          "name": "APPLE-SA-2015-06-30-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        },
        {
          "name": "FEDORA-2015-6951",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "https://access.redhat.com/articles/1384453"
        },
        {
          "name": "RHSA-2016:1089",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196737"
        },
        {
          "name": "HPSBUX03334",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "MDVSA-2015:063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
        },
        {
          "name": "SUSE-SU-2015:0541",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "RHSA-2015:0716",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
        },
        {
          "name": "HPSBGN03306",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
        },
        {
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "name": "FreeBSD-SA-15:06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "RHSA-2015:0752",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "SSRT102000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "73239",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73239"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "name": "FEDORA-2015-4320",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
        },
        {
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "FEDORA-2015-6855",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
        },
        {
          "name": "HPSBMU03413",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0209",
    "datePublished": "2015-03-19T00:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:09.978Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3555
Vulnerability from cvelistv5
Published
2009-11-09 17:00
Modified
2024-08-07 06:31
Severity
Summary
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
References
URLTags
http://lists.apple.com/archives/security-announce/2010//May/msg00001.htmlvendor-advisory, x_refsource_APPLE
http://www.securitytracker.com/id?1023427vdb-entry, x_refsource_SECTRACK
http://support.avaya.com/css/P8/documents/100081611x_refsource_CONFIRM
http://osvdb.org/62210vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/37640third-party-advisory, x_refsource_SECUNIA
http://www.arubanetworks.com/support/alerts/aid-020810.txtx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0916vdb-entry, x_refsource_VUPEN
http://support.avaya.com/css/P8/documents/100114327x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0167.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2010/2010vdb-entry, x_refsource_VUPEN
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/0086vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/1673vdb-entry, x_refsource_VUPEN
http://www.ietf.org/mail-archive/web/tls/current/msg03948.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/37656third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2010-0865.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/39628third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.htmlx_refsource_CONFIRM
http://secunia.com/advisories/42724third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/3310vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/3205vdb-entry, x_refsource_VUPEN
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_duringx_refsource_CONFIRM
http://secunia.com/advisories/39461third-party-advisory, x_refsource_SECUNIA
http://support.avaya.com/css/P8/documents/100114315x_refsource_CONFIRM
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2cx_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201406-32.xmlvendor-advisory, x_refsource_GENTOO
http://www.ingate.com/Relnote.php?ver=481x_refsource_CONFIRM
http://www.securitytracker.com/id?1023204vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/40866third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=134254866602253&w=2vendor-advisory, x_refsource_HP
http://www.us-cert.gov/cas/techalerts/TA10-222A.htmlthird-party-advisory, x_refsource_CERT
http://www.securitytracker.com/id?1023211vdb-entry, x_refsource_SECTRACK
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686vendor-advisory, x_refsource_HP
http://secunia.com/advisories/39317third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1023212vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/39127third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/40545third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/3069vdb-entry, x_refsource_VUPEN
http://openbsd.org/errata45.html#010_opensslvendor-advisory, x_refsource_OPENBSD
http://www.securitytracker.com/id?1023210vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id?1023270vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/40070third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1023273vdb-entry, x_refsource_SECTRACK
http://kbase.redhat.com/faq/docs/DOC-20491x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-927-5vendor-advisory, x_refsource_UBUNTU
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247vendor-advisory, x_refsource_AIXAPAR
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.htmlvendor-advisory, x_refsource_SUSE
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089vendor-advisory, x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2010-0770.htmlvendor-advisory, x_refsource_REDHAT
http://www.openssl.org/news/secadv_20091111.txtx_refsource_CONFIRM
http://www.securitytracker.com/id?1023275vdb-entry, x_refsource_SECTRACK
http://www.debian.org/security/2015/dsa-3253vendor-advisory, x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2009/3484vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1023207vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/37859third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1vendor-advisory, x_refsource_SUNALERT
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/0848vdb-entry, x_refsource_VUPEN
http://www.openwall.com/lists/oss-security/2009/11/07/3mailing-list, x_refsource_MLIST
http://secunia.com/advisories/39819third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055vendor-advisory, x_refsource_AIXAPAR
http://www.links.org/?p=786x_refsource_MISC
http://osvdb.org/60521vdb-entry, x_refsource_OSVDB
http://www.openwall.com/lists/oss-security/2009/11/23/10mailing-list, x_refsource_MLIST
http://www.kb.cert.org/vuls/id/120541third-party-advisory, x_refsource_CERT-VN
http://www.securitytracker.com/id?1023217vdb-entry, x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2010-0768.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/3353vdb-entry, x_refsource_VUPEN
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/39136third-party-advisory, x_refsource_SECUNIA
http://www.openoffice.org/security/cves/CVE-2009-3555.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2011/0032vdb-entry, x_refsource_VUPEN
http://securitytracker.com/id?1023148vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/36935vdb-entry, x_refsource_BID
http://www.tombom.co.uk/blog/?p=85x_refsource_MISC
http://marc.info/?l=bugtraq&m=130497311408250&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2010/1107vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1023218vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2010/1350vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2010-0338.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/42379third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.htmlvendor-advisory, x_refsource_FEDORA
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtmlvendor-advisory, x_refsource_CISCO
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848vendor-advisory, x_refsource_AIXAPAR
http://www.securitytracker.com/id?1023213vdb-entry, x_refsource_SECTRACK
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/1793vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617vdb-entry, signature, x_refsource_OVAL
http://extendedsubset.com/?p=8x_refsource_MISC
http://secunia.com/advisories/37292third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/522176vendor-advisory, x_refsource_HP
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158vdb-entry, x_refsource_XF
http://lists.apple.com/archives/security-announce/2010//May/msg00002.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/39278third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1023205vdb-entry, x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2010-0130.htmlvendor-advisory, x_refsource_REDHAT
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.htmlx_refsource_CONFIRM
http://support.apple.com/kb/HT4004x_refsource_CONFIRM
http://www.securitytracker.com/id?1023215vdb-entry, x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-1010-1vendor-advisory, x_refsource_UBUNTU
http://www.securitytracker.com/id?1023206vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlvendor-advisory, x_refsource_SUSE
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200912-01.xmlvendor-advisory, x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=127419602507642&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2009/3313vdb-entry, x_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1vendor-advisory, x_refsource_SUNALERT
http://www.securitytracker.com/id?1023208vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/43308third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1023214vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/38781third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=133469267822771&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=127419602507642&w=2vendor-advisory, x_refsource_HP
http://www.debian.org/security/2009/dsa-1934vendor-advisory, x_refsource_DEBIAN
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.htmlvendor-advisory, x_refsource_FEDORA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478vdb-entry, signature, x_refsource_OVAL
http://www.securitytracker.com/id?1023271vdb-entry, x_refsource_SECTRACK
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://marc.info/?l=cryptography&m=125752275331877&w=2mailing-list, x_refsource_MLIST
http://secunia.com/advisories/42467third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/508130/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315vdb-entry, signature, x_refsource_OVAL
http://www.securitytracker.com/id?1023224vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-927-4vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/41490third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/508075/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securitytracker.com/id?1023243vdb-entry, x_refsource_SECTRACK
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.htmlx_refsource_MISC
http://secunia.com/advisories/37504third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1023219vdb-entry, x_refsource_SECTRACK
http://sysoev.ru/nginx/patch.cve-2009-3555.txtx_refsource_CONFIRM
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.htmlx_refsource_MISC
http://www.securitytracker.com/id?1023163vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=132077688910227&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2009/3521vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973vdb-entry, signature, x_refsource_OVAL
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995vendor-advisory, x_refsource_HP
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_releasedx_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=533125x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/44183third-party-advisory, x_refsource_SECUNIA
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTESx_refsource_CONFIRM
http://secunia.com/advisories/42808third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/39500third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578vdb-entry, signature, x_refsource_OVAL
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/3220vdb-entry, x_refsource_VUPEN
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=127557596201693&w=2vendor-advisory, x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2010-0165.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/archive/1/515055/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2010-0987.htmlvendor-advisory, x_refsource_REDHAT
https://bugzilla.mozilla.org/show_bug.cgi?id=545755x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21426108x_refsource_CONFIRM
http://blogs.iss.net/archive/sslmitmiscsrf.htmlx_refsource_MISC
http://www.securitytracker.com/id?1023411vdb-entry, x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2010-0339.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2010-0986.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/3164vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/37383third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/44954third-party-advisory, x_refsource_SECUNIA
http://www.ietf.org/mail-archive/web/tls/current/msg03928.htmlmailing-list, x_refsource_MLIST
http://marc.info/?l=bugtraq&m=127557596201693&w=2vendor-advisory, x_refsource_HP
http://support.avaya.com/css/P8/documents/100070150x_refsource_CONFIRM
http://secunia.com/advisories/40747third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=126150535619567&w=2vendor-advisory, x_refsource_HP
http://www.securityfocus.com/archive/1/522176vendor-advisory, x_refsource_HP
http://secunia.com/advisories/39292third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/42816third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054vendor-advisory, x_refsource_AIXAPAR
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1vendor-advisory, x_refsource_SUNALERT
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.htmlvendor-advisory, x_refsource_FEDORA
http://www-01.ibm.com/support/docview.wss?uid=swg21432298x_refsource_CONFIRM
http://extendedsubset.com/Renegotiating_TLS.pdfx_refsource_MISC
http://www-01.ibm.com/support/docview.wss?uid=swg24025312x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg24006386x_refsource_CONFIRM
http://support.apple.com/kb/HT4170x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/507952/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securitytracker.com/id?1023209vdb-entry, x_refsource_SECTRACK
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=onlyvendor-advisory, x_refsource_AIXAPAR
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=130497311408250&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/48577third-party-advisory, x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446vendor-advisory, x_refsource_SLACKWARE
http://www.links.org/?p=789x_refsource_MISC
http://www.opera.com/docs/changelogs/unix/1060/x_refsource_CONFIRM
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.htmlx_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2011-0880.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.htmlx_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2009/11/06/3mailing-list, x_refsource_MLIST
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.htmlvendor-advisory, x_refsource_FEDORA
http://wiki.rpath.com/Advisories:rPSA-2009-0155x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://support.citrix.com/article/CTX123359x_refsource_CONFIRM
http://secunia.com/advisories/37501third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076vendor-advisory, x_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=127128920008563&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2009/3587vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/39632third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=126150535619567&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/38687third-party-advisory, x_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=526689x_refsource_MISC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049vendor-advisory, x_refsource_MS
http://www.vupen.com/english/advisories/2010/0982vdb-entry, x_refsource_VUPEN
http://marc.info/?l=bugtraq&m=133469267822771&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/37399third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-927-1vendor-advisory, x_refsource_UBUNTU
http://www.securitytracker.com/id?1023272vdb-entry, x_refsource_SECTRACK
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/3126vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/37320third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/3165vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/1639vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/38020third-party-advisory, x_refsource_SECUNIA
http://ubuntu.com/usn/usn-923-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/39243third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/37453third-party-advisory, x_refsource_SECUNIA
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0933vdb-entry, x_refsource_VUPEN
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995vendor-advisory, x_refsource_HP
http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlx_refsource_CONFIRM
http://secunia.com/advisories/41972third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/3086vdb-entry, x_refsource_VUPEN
http://www.debian.org/security/2011/dsa-2141vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id?1024789vdb-entry, x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2010-0155.htmlvendor-advisory, x_refsource_REDHAT
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.htmlx_refsource_MISC
http://www.vupen.com/english/advisories/2011/0033vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2010-0337.htmlvendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id?1023216vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/41480third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0086vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/41818third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/37604third-party-advisory, x_refsource_SECUNIA
http://www.opera.com/support/search/view/944/x_refsource_CONFIRM
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2mailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlvendor-advisory, x_refsource_SUSE
http://www.us-cert.gov/cas/techalerts/TA10-287A.htmlthird-party-advisory, x_refsource_CERT
http://www.links.org/?p=780x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2010-0119.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/38056third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0748vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/37675third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535vdb-entry, signature, x_refsource_OVAL
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=127128920008563&w=2vendor-advisory, x_refsource_HP
http://www.vmware.com/security/advisories/VMSA-2010-0019.htmlx_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0786.htmlvendor-advisory, x_refsource_REDHAT
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txtx_refsource_MISC
http://secunia.com/advisories/38003third-party-advisory, x_refsource_SECUNIA
http://support.apple.com/kb/HT4171x_refsource_CONFIRM
http://www.securitytracker.com/id?1023428vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=132077688910227&w=2vendor-advisory, x_refsource_HP
http://www.openwall.com/lists/oss-security/2009/11/20/1mailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2009/3354vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1023274vdb-entry, x_refsource_SECTRACK
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/39242third-party-advisory, x_refsource_SECUNIA
https://kb.bluecoat.com/index?page=content&id=SA50x_refsource_CONFIRM
http://secunia.com/advisories/38241third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/42377third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-201203-22.xmlvendor-advisory, x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2009/11/05/3mailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlvendor-advisory, x_refsource_SUSE
http://osvdb.org/60972vdb-entry, x_refsource_OSVDB
http://www.securitytracker.com/id?1023426vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/38484third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084vendor-advisory, x_refsource_MANDRIVA
http://www.betanews.com/article/1257452450x_refsource_MISC
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1vendor-advisory, x_refsource_SUNALERT
http://www.mozilla.org/security/announce/2010/mfsa2010-22.htmlx_refsource_CONFIRM
http://www.securityfocus.com/archive/1/516397/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://openbsd.org/errata46.html#004_opensslvendor-advisory, x_refsource_OPENBSD
http://secunia.com/advisories/41967third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2010-0807.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2010/1191vdb-entry, x_refsource_VUPEN
http://seclists.org/fulldisclosure/2009/Nov/139mailing-list, x_refsource_FULLDISC
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.htmlx_refsource_MISC
http://www.openwall.com/lists/oss-security/2009/11/05/5mailing-list, x_refsource_MLIST
http://secunia.com/advisories/39713third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/42733third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/37291third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.htmlvendor-advisory, x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/2745vdb-entry, x_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2010/0994vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/0173vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/1054vdb-entry, x_refsource_VUPEN
http://osvdb.org/65202vdb-entry, x_refsource_OSVDB
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.htmlvendor-advisory, x_refsource_FEDORA
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.htmlmailing-list, x_refsource_MLIST
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.htmlmailing-list, x_refsource_BUGTRAQ
http://clicky.me/tlsvulnx_refsource_MISC
http://secunia.com/advisories/42811third-party-advisory, x_refsource_SECUNIA
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:31:10.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2010-05-18-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
          },
          {
            "name": "1023427",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023427"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100081611"
          },
          {
            "name": "62210",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/62210"
          },
          {
            "name": "37640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37640"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
          },
          {
            "name": "ADV-2010-0916",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0916"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0167",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html"
          },
          {
            "name": "ADV-2010-2010",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2010"
          },
          {
            "name": "FEDORA-2009-12750",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html"
          },
          {
            "name": "ADV-2010-0086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0086"
          },
          {
            "name": "ADV-2010-1673",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1673"
          },
          {
            "name": "[tls] 20091104 TLS renegotiation issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
          },
          {
            "name": "37656",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37656"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "name": "39628",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39628"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "ADV-2009-3310",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3310"
          },
          {
            "name": "ADV-2009-3205",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3205"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
          },
          {
            "name": "39461",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39461"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ingate.com/Relnote.php?ver=481"
          },
          {
            "name": "1023204",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023204"
          },
          {
            "name": "40866",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40866"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "TA10-222A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
          },
          {
            "name": "1023211",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023211"
          },
          {
            "name": "SSRT090249",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
          },
          {
            "name": "39317",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39317"
          },
          {
            "name": "1023212",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023212"
          },
          {
            "name": "SUSE-SA:2010:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
          },
          {
            "name": "39127",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39127"
          },
          {
            "name": "40545",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40545"
          },
          {
            "name": "ADV-2010-3069",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3069"
          },
          {
            "name": "[4.5] 010: SECURITY FIX: November 26, 2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://openbsd.org/errata45.html#010_openssl"
          },
          {
            "name": "1023210",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023210"
          },
          {
            "name": "1023270",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023270"
          },
          {
            "name": "40070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40070"
          },
          {
            "name": "1023273",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023273"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kbase.redhat.com/faq/docs/DOC-20491"
          },
          {
            "name": "USN-927-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-927-5"
          },
          {
            "name": "PM12247",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
          },
          {
            "name": "SUSE-SU-2011:0847",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
          },
          {
            "name": "MDVSA-2010:089",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20091111.txt"
          },
          {
            "name": "1023275",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023275"
          },
          {
            "name": "DSA-3253",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3253"
          },
          {
            "name": "ADV-2009-3484",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3484"
          },
          {
            "name": "1023207",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023207"
          },
          {
            "name": "37859",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37859"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "1021752",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
          },
          {
            "name": "FEDORA-2010-6131",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html"
          },
          {
            "name": "ADV-2010-0848",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0848"
          },
          {
            "name": "[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
          },
          {
            "name": "39819",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39819"
          },
          {
            "name": "IC68055",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.links.org/?p=786"
          },
          {
            "name": "60521",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/60521"
          },
          {
            "name": "[oss-security] 20091123 Re: CVEs for nginx",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
          },
          {
            "name": "VU#120541",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/120541"
          },
          {
            "name": "1023217",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023217"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "ADV-2009-3353",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3353"
          },
          {
            "name": "FEDORA-2010-5357",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
          },
          {
            "name": "39136",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39136"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html"
          },
          {
            "name": "ADV-2011-0032",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0032"
          },
          {
            "name": "1023148",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023148"
          },
          {
            "name": "openSUSE-SU-2011:0845",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
          },
          {
            "name": "36935",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36935"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.tombom.co.uk/blog/?p=85"
          },
          {
            "name": "SSRT090208",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "name": "ADV-2010-1107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1107"
          },
          {
            "name": "1023218",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023218"
          },
          {
            "name": "ADV-2010-1350",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1350"
          },
          {
            "name": "RHSA-2010:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
          },
          {
            "name": "42379",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42379"
          },
          {
            "name": "FEDORA-2009-12775",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html"
          },
          {
            "name": "20091109 Transport Layer Security Renegotiation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"
          },
          {
            "name": "IC67848",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848"
          },
          {
            "name": "1023213",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023213"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "ADV-2010-1793",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1793"
          },
          {
            "name": "oval:org.mitre.oval:def:11617",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://extendedsubset.com/?p=8"
          },
          {
            "name": "37292",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37292"
          },
          {
            "name": "SSRT100817",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/522176"
          },
          {
            "name": "tls-renegotiation-weak-security(54158)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
          },
          {
            "name": "APPLE-SA-2010-05-18-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
          },
          {
            "name": "39278",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39278"
          },
          {
            "name": "1023205",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023205"
          },
          {
            "name": "RHSA-2010:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html"
          },
          {
            "name": "HPSBUX02482",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4004"
          },
          {
            "name": "1023215",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023215"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "name": "1023206",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023206"
          },
          {
            "name": "SUSE-SR:2010:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "GLSA-200912-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
          },
          {
            "name": "SSRT090180",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
          },
          {
            "name": "ADV-2009-3313",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3313"
          },
          {
            "name": "274990",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
          },
          {
            "name": "1023208",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023208"
          },
          {
            "name": "43308",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43308"
          },
          {
            "name": "1023214",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023214"
          },
          {
            "name": "SUSE-SA:2009:057",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
          },
          {
            "name": "38781",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38781"
          },
          {
            "name": "HPSBOV02762",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
          },
          {
            "name": "HPSBMA02534",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
          },
          {
            "name": "DSA-1934",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1934"
          },
          {
            "name": "FEDORA-2009-12782",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7478",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478"
          },
          {
            "name": "1023271",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023271"
          },
          {
            "name": "APPLE-SA-2010-01-19-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
          },
          {
            "name": "[cryptography] 20091105 OpenSSL 0.9.8l released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
          },
          {
            "name": "42467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42467"
          },
          {
            "name": "20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:7315",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315"
          },
          {
            "name": "1023224",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023224"
          },
          {
            "name": "SUSE-SR:2010:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
          },
          {
            "name": "USN-927-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-927-4"
          },
          {
            "name": "41490",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41490"
          },
          {
            "name": "20091124 rPSA-2009-0155-1 httpd mod_ssl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
          },
          {
            "name": "1023243",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023243"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
          },
          {
            "name": "37504",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37504"
          },
          {
            "name": "1023219",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023219"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
          },
          {
            "name": "1023163",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023163"
          },
          {
            "name": "HPSBHF02706",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
          },
          {
            "name": "ADV-2009-3521",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3521"
          },
          {
            "name": "oval:org.mitre.oval:def:7973",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973"
          },
          {
            "name": "HPSBMA02568",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
          },
          {
            "name": "oval:org.mitre.oval:def:10088",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088"
          },
          {
            "name": "44183",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44183"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"
          },
          {
            "name": "42808",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42808"
          },
          {
            "name": "39500",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39500"
          },
          {
            "name": "oval:org.mitre.oval:def:11578",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
          },
          {
            "name": "ADV-2009-3220",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3220"
          },
          {
            "name": "SSRT100179",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
          },
          {
            "name": "SSRT100089",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
          },
          {
            "name": "RHSA-2010:0165",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html"
          },
          {
            "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
          },
          {
            "name": "RHSA-2010:0987",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
          },
          {
            "name": "1023411",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023411"
          },
          {
            "name": "RHSA-2010:0339",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
          },
          {
            "name": "RHSA-2010:0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
          },
          {
            "name": "ADV-2009-3164",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3164"
          },
          {
            "name": "37383",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37383"
          },
          {
            "name": "FEDORA-2009-12229",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html"
          },
          {
            "name": "44954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44954"
          },
          {
            "name": "[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
          },
          {
            "name": "HPSBUX02524",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100070150"
          },
          {
            "name": "40747",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40747"
          },
          {
            "name": "HPSBUX02498",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
          },
          {
            "name": "HPSBMU02759",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/522176"
          },
          {
            "name": "39292",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39292"
          },
          {
            "name": "42816",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42816"
          },
          {
            "name": "IC68054",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"
          },
          {
            "name": "273029",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
          },
          {
            "name": "FEDORA-2009-12604",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://extendedsubset.com/Renegotiating_TLS.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4170"
          },
          {
            "name": "20091118 TLS / SSLv3 vulnerability explained (DRAFT)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
          },
          {
            "name": "1023209",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023209"
          },
          {
            "name": "PM00675",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PM00675\u0026apar=only"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
          },
          {
            "name": "HPSBOV02683",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "name": "48577",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48577"
          },
          {
            "name": "SSA:2009-320-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.links.org/?p=789"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.opera.com/docs/changelogs/unix/1060/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
          },
          {
            "name": "RHSA-2011:0880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
          },
          {
            "name": "SUSE-SR:2010:008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "name": "[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
          },
          {
            "name": "FEDORA-2009-12305",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155"
          },
          {
            "name": "SUSE-SR:2010:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX123359"
          },
          {
            "name": "37501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37501"
          },
          {
            "name": "MDVSA-2010:076",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
          },
          {
            "name": "HPSBUX02517",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "name": "ADV-2009-3587",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3587"
          },
          {
            "name": "39632",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39632"
          },
          {
            "name": "SSRT090264",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
          },
          {
            "name": "38687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38687"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
          },
          {
            "name": "MS10-049",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
          },
          {
            "name": "ADV-2010-0982",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0982"
          },
          {
            "name": "SSRT100825",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
          },
          {
            "name": "37399",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37399"
          },
          {
            "name": "USN-927-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-927-1"
          },
          {
            "name": "1023272",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023272"
          },
          {
            "name": "FEDORA-2009-12606",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html"
          },
          {
            "name": "ADV-2010-3126",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3126"
          },
          {
            "name": "37320",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37320"
          },
          {
            "name": "ADV-2009-3165",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3165"
          },
          {
            "name": "ADV-2010-1639",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1639"
          },
          {
            "name": "38020",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38020"
          },
          {
            "name": "USN-923-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-923-1"
          },
          {
            "name": "39243",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39243"
          },
          {
            "name": "oval:org.mitre.oval:def:8366",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366"
          },
          {
            "name": "37453",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37453"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
          },
          {
            "name": "ADV-2010-0933",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0933"
          },
          {
            "name": "SSRT100219",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "ADV-2010-3086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3086"
          },
          {
            "name": "DSA-2141",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2141"
          },
          {
            "name": "1024789",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024789"
          },
          {
            "name": "RHSA-2010:0155",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
          },
          {
            "name": "ADV-2011-0033",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0033"
          },
          {
            "name": "RHSA-2010:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
          },
          {
            "name": "1023216",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023216"
          },
          {
            "name": "41480",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41480"
          },
          {
            "name": "ADV-2011-0086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0086"
          },
          {
            "name": "41818",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41818"
          },
          {
            "name": "37604",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37604"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.opera.com/support/search/view/944/"
          },
          {
            "name": "[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
          },
          {
            "name": "SUSE-SR:2010:024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
          },
          {
            "name": "TA10-287A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.links.org/?p=780"
          },
          {
            "name": "RHSA-2010:0119",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html"
          },
          {
            "name": "38056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38056"
          },
          {
            "name": "ADV-2010-0748",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0748"
          },
          {
            "name": "37675",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37675"
          },
          {
            "name": "oval:org.mitre.oval:def:8535",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535"
          },
          {
            "name": "HPSBMA02547",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
          },
          {
            "name": "SSRT100058",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
          },
          {
            "name": "RHSA-2010:0786",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
          },
          {
            "name": "38003",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38003"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4171"
          },
          {
            "name": "1023428",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023428"
          },
          {
            "name": "SSRT100613",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
          },
          {
            "name": "[oss-security] 20091120 CVEs for nginx",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
          },
          {
            "name": "ADV-2009-3354",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3354"
          },
          {
            "name": "1023274",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023274"
          },
          {
            "name": "FEDORA-2009-12968",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html"
          },
          {
            "name": "39242",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39242"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "38241",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38241"
          },
          {
            "name": "42377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42377"
          },
          {
            "name": "GLSA-201203-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
          },
          {
            "name": "[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "name": "60972",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/60972"
          },
          {
            "name": "1023426",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023426"
          },
          {
            "name": "38484",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38484"
          },
          {
            "name": "MDVSA-2010:084",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.betanews.com/article/1257452450"
          },
          {
            "name": "1021653",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "[4.6] 004: SECURITY FIX: November 26, 2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://openbsd.org/errata46.html#004_openssl"
          },
          {
            "name": "41967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41967"
          },
          {
            "name": "RHSA-2010:0807",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
          },
          {
            "name": "ADV-2010-1191",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1191"
          },
          {
            "name": "20091111 Re: SSL/TLS MiTM PoC",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2009/Nov/139"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
          },
          {
            "name": "[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
          },
          {
            "name": "39713",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39713"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "37291",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37291"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "FEDORA-2010-5942",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html"
          },
          {
            "name": "ADV-2010-2745",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2745"
          },
          {
            "name": "273350",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
          },
          {
            "name": "ADV-2010-0994",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0994"
          },
          {
            "name": "ADV-2010-0173",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0173"
          },
          {
            "name": "ADV-2010-1054",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1054"
          },
          {
            "name": "65202",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/65202"
          },
          {
            "name": "HPSBGN02562",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          },
          {
            "name": "[gnutls-devel] 20091105 Re: TLS renegotiation MITM",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
          },
          {
            "name": "20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://clicky.me/tlsvuln"
          },
          {
            "name": "42811",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42811"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:08:08",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "APPLE-SA-2010-05-18-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
        },
        {
          "name": "1023427",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023427"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100081611"
        },
        {
          "name": "62210",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/62210"
        },
        {
          "name": "37640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37640"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
        },
        {
          "name": "ADV-2010-0916",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0916"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0167",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html"
        },
        {
          "name": "ADV-2010-2010",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2010"
        },
        {
          "name": "FEDORA-2009-12750",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html"
        },
        {
          "name": "ADV-2010-0086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0086"
        },
        {
          "name": "ADV-2010-1673",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1673"
        },
        {
          "name": "[tls] 20091104 TLS renegotiation issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
        },
        {
          "name": "37656",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37656"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "name": "39628",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39628"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "ADV-2009-3310",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3310"
        },
        {
          "name": "ADV-2009-3205",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3205"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
        },
        {
          "name": "39461",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39461"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ingate.com/Relnote.php?ver=481"
        },
        {
          "name": "1023204",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023204"
        },
        {
          "name": "40866",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40866"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "TA10-222A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
        },
        {
          "name": "1023211",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023211"
        },
        {
          "name": "SSRT090249",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
        },
        {
          "name": "39317",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39317"
        },
        {
          "name": "1023212",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023212"
        },
        {
          "name": "SUSE-SA:2010:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
        },
        {
          "name": "39127",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39127"
        },
        {
          "name": "40545",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40545"
        },
        {
          "name": "ADV-2010-3069",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3069"
        },
        {
          "name": "[4.5] 010: SECURITY FIX: November 26, 2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://openbsd.org/errata45.html#010_openssl"
        },
        {
          "name": "1023210",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023210"
        },
        {
          "name": "1023270",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023270"
        },
        {
          "name": "40070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40070"
        },
        {
          "name": "1023273",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023273"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kbase.redhat.com/faq/docs/DOC-20491"
        },
        {
          "name": "USN-927-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-927-5"
        },
        {
          "name": "PM12247",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
        },
        {
          "name": "SUSE-SU-2011:0847",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
        },
        {
          "name": "MDVSA-2010:089",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20091111.txt"
        },
        {
          "name": "1023275",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023275"
        },
        {
          "name": "DSA-3253",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3253"
        },
        {
          "name": "ADV-2009-3484",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3484"
        },
        {
          "name": "1023207",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023207"
        },
        {
          "name": "37859",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37859"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "1021752",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
        },
        {
          "name": "FEDORA-2010-6131",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html"
        },
        {
          "name": "ADV-2010-0848",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0848"
        },
        {
          "name": "[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
        },
        {
          "name": "39819",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39819"
        },
        {
          "name": "IC68055",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.links.org/?p=786"
        },
        {
          "name": "60521",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/60521"
        },
        {
          "name": "[oss-security] 20091123 Re: CVEs for nginx",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
        },
        {
          "name": "VU#120541",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/120541"
        },
        {
          "name": "1023217",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023217"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "ADV-2009-3353",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3353"
        },
        {
          "name": "FEDORA-2010-5357",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
        },
        {
          "name": "39136",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39136"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html"
        },
        {
          "name": "ADV-2011-0032",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0032"
        },
        {
          "name": "1023148",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023148"
        },
        {
          "name": "openSUSE-SU-2011:0845",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
        },
        {
          "name": "36935",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36935"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.tombom.co.uk/blog/?p=85"
        },
        {
          "name": "SSRT090208",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "name": "ADV-2010-1107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1107"
        },
        {
          "name": "1023218",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023218"
        },
        {
          "name": "ADV-2010-1350",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1350"
        },
        {
          "name": "RHSA-2010:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
        },
        {
          "name": "42379",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42379"
        },
        {
          "name": "FEDORA-2009-12775",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html"
        },
        {
          "name": "20091109 Transport Layer Security Renegotiation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"
        },
        {
          "name": "IC67848",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848"
        },
        {
          "name": "1023213",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023213"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "ADV-2010-1793",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1793"
        },
        {
          "name": "oval:org.mitre.oval:def:11617",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://extendedsubset.com/?p=8"
        },
        {
          "name": "37292",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37292"
        },
        {
          "name": "SSRT100817",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/522176"
        },
        {
          "name": "tls-renegotiation-weak-security(54158)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
        },
        {
          "name": "APPLE-SA-2010-05-18-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
        },
        {
          "name": "39278",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39278"
        },
        {
          "name": "1023205",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023205"
        },
        {
          "name": "RHSA-2010:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html"
        },
        {
          "name": "HPSBUX02482",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4004"
        },
        {
          "name": "1023215",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023215"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "name": "1023206",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023206"
        },
        {
          "name": "SUSE-SR:2010:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "GLSA-200912-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
        },
        {
          "name": "SSRT090180",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
        },
        {
          "name": "ADV-2009-3313",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3313"
        },
        {
          "name": "274990",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
        },
        {
          "name": "1023208",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023208"
        },
        {
          "name": "43308",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43308"
        },
        {
          "name": "1023214",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023214"
        },
        {
          "name": "SUSE-SA:2009:057",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
        },
        {
          "name": "38781",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38781"
        },
        {
          "name": "HPSBOV02762",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
        },
        {
          "name": "HPSBMA02534",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
        },
        {
          "name": "DSA-1934",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1934"
        },
        {
          "name": "FEDORA-2009-12782",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html"
        },
        {
          "name": "oval:org.mitre.oval:def:7478",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478"
        },
        {
          "name": "1023271",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023271"
        },
        {
          "name": "APPLE-SA-2010-01-19-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
        },
        {
          "name": "[cryptography] 20091105 OpenSSL 0.9.8l released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
        },
        {
          "name": "42467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42467"
        },
        {
          "name": "20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:7315",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315"
        },
        {
          "name": "1023224",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023224"
        },
        {
          "name": "SUSE-SR:2010:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
        },
        {
          "name": "USN-927-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-927-4"
        },
        {
          "name": "41490",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41490"
        },
        {
          "name": "20091124 rPSA-2009-0155-1 httpd mod_ssl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
        },
        {
          "name": "1023243",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023243"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
        },
        {
          "name": "37504",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37504"
        },
        {
          "name": "1023219",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023219"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
        },
        {
          "name": "1023163",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023163"
        },
        {
          "name": "HPSBHF02706",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
        },
        {
          "name": "ADV-2009-3521",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3521"
        },
        {
          "name": "oval:org.mitre.oval:def:7973",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973"
        },
        {
          "name": "HPSBMA02568",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
        },
        {
          "name": "oval:org.mitre.oval:def:10088",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088"
        },
        {
          "name": "44183",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44183"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"
        },
        {
          "name": "42808",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42808"
        },
        {
          "name": "39500",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39500"
        },
        {
          "name": "oval:org.mitre.oval:def:11578",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
        },
        {
          "name": "ADV-2009-3220",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3220"
        },
        {
          "name": "SSRT100179",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
        },
        {
          "name": "SSRT100089",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
        },
        {
          "name": "RHSA-2010:0165",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html"
        },
        {
          "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
        },
        {
          "name": "RHSA-2010:0987",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
        },
        {
          "name": "1023411",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023411"
        },
        {
          "name": "RHSA-2010:0339",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
        },
        {
          "name": "RHSA-2010:0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
        },
        {
          "name": "ADV-2009-3164",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3164"
        },
        {
          "name": "37383",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37383"
        },
        {
          "name": "FEDORA-2009-12229",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html"
        },
        {
          "name": "44954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44954"
        },
        {
          "name": "[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
        },
        {
          "name": "HPSBUX02524",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100070150"
        },
        {
          "name": "40747",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40747"
        },
        {
          "name": "HPSBUX02498",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
        },
        {
          "name": "HPSBMU02759",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/522176"
        },
        {
          "name": "39292",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39292"
        },
        {
          "name": "42816",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42816"
        },
        {
          "name": "IC68054",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"
        },
        {
          "name": "273029",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
        },
        {
          "name": "FEDORA-2009-12604",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://extendedsubset.com/Renegotiating_TLS.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4170"
        },
        {
          "name": "20091118 TLS / SSLv3 vulnerability explained (DRAFT)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
        },
        {
          "name": "1023209",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023209"
        },
        {
          "name": "PM00675",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PM00675\u0026apar=only"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
        },
        {
          "name": "HPSBOV02683",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "name": "48577",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48577"
        },
        {
          "name": "SSA:2009-320-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.links.org/?p=789"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.opera.com/docs/changelogs/unix/1060/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
        },
        {
          "name": "RHSA-2011:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
        },
        {
          "name": "SUSE-SR:2010:008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "name": "[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
        },
        {
          "name": "FEDORA-2009-12305",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155"
        },
        {
          "name": "SUSE-SR:2010:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX123359"
        },
        {
          "name": "37501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37501"
        },
        {
          "name": "MDVSA-2010:076",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
        },
        {
          "name": "HPSBUX02517",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "name": "ADV-2009-3587",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3587"
        },
        {
          "name": "39632",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39632"
        },
        {
          "name": "SSRT090264",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
        },
        {
          "name": "38687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38687"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
        },
        {
          "name": "MS10-049",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
        },
        {
          "name": "ADV-2010-0982",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0982"
        },
        {
          "name": "SSRT100825",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
        },
        {
          "name": "37399",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37399"
        },
        {
          "name": "USN-927-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-927-1"
        },
        {
          "name": "1023272",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023272"
        },
        {
          "name": "FEDORA-2009-12606",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html"
        },
        {
          "name": "ADV-2010-3126",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3126"
        },
        {
          "name": "37320",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37320"
        },
        {
          "name": "ADV-2009-3165",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3165"
        },
        {
          "name": "ADV-2010-1639",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1639"
        },
        {
          "name": "38020",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38020"
        },
        {
          "name": "USN-923-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-923-1"
        },
        {
          "name": "39243",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39243"
        },
        {
          "name": "oval:org.mitre.oval:def:8366",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366"
        },
        {
          "name": "37453",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37453"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
        },
        {
          "name": "ADV-2010-0933",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0933"
        },
        {
          "name": "SSRT100219",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "ADV-2010-3086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3086"
        },
        {
          "name": "DSA-2141",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2141"
        },
        {
          "name": "1024789",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024789"
        },
        {
          "name": "RHSA-2010:0155",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
        },
        {
          "name": "ADV-2011-0033",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0033"
        },
        {
          "name": "RHSA-2010:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
        },
        {
          "name": "1023216",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023216"
        },
        {
          "name": "41480",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41480"
        },
        {
          "name": "ADV-2011-0086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0086"
        },
        {
          "name": "41818",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41818"
        },
        {
          "name": "37604",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37604"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.opera.com/support/search/view/944/"
        },
        {
          "name": "[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
        },
        {
          "name": "SUSE-SR:2010:024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
        },
        {
          "name": "TA10-287A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.links.org/?p=780"
        },
        {
          "name": "RHSA-2010:0119",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html"
        },
        {
          "name": "38056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38056"
        },
        {
          "name": "ADV-2010-0748",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0748"
        },
        {
          "name": "37675",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37675"
        },
        {
          "name": "oval:org.mitre.oval:def:8535",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535"
        },
        {
          "name": "HPSBMA02547",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
        },
        {
          "name": "SSRT100058",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
        },
        {
          "name": "RHSA-2010:0786",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
        },
        {
          "name": "38003",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38003"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4171"
        },
        {
          "name": "1023428",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023428"
        },
        {
          "name": "SSRT100613",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
        },
        {
          "name": "[oss-security] 20091120 CVEs for nginx",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
        },
        {
          "name": "ADV-2009-3354",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3354"
        },
        {
          "name": "1023274",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023274"
        },
        {
          "name": "FEDORA-2009-12968",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html"
        },
        {
          "name": "39242",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39242"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "38241",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38241"
        },
        {
          "name": "42377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42377"
        },
        {
          "name": "GLSA-201203-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
        },
        {
          "name": "[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "name": "60972",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/60972"
        },
        {
          "name": "1023426",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023426"
        },
        {
          "name": "38484",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38484"
        },
        {
          "name": "MDVSA-2010:084",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.betanews.com/article/1257452450"
        },
        {
          "name": "1021653",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "[4.6] 004: SECURITY FIX: November 26, 2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://openbsd.org/errata46.html#004_openssl"
        },
        {
          "name": "41967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41967"
        },
        {
          "name": "RHSA-2010:0807",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
        },
        {
          "name": "ADV-2010-1191",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1191"
        },
        {
          "name": "20091111 Re: SSL/TLS MiTM PoC",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2009/Nov/139"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
        },
        {
          "name": "[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
        },
        {
          "name": "39713",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39713"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "37291",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37291"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "FEDORA-2010-5942",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html"
        },
        {
          "name": "ADV-2010-2745",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2745"
        },
        {
          "name": "273350",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
        },
        {
          "name": "ADV-2010-0994",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0994"
        },
        {
          "name": "ADV-2010-0173",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0173"
        },
        {
          "name": "ADV-2010-1054",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1054"
        },
        {
          "name": "65202",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/65202"
        },
        {
          "name": "HPSBGN02562",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        },
        {
          "name": "[gnutls-devel] 20091105 Re: TLS renegotiation MITM",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
        },
        {
          "name": "20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://clicky.me/tlsvuln"
        },
        {
          "name": "42811",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42811"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-3555",
    "datePublished": "2009-11-09T17:00:00",
    "dateReserved": "2009-10-05T00:00:00",
    "dateUpdated": "2024-08-07T06:31:10.430Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-0166
Vulnerability from cvelistv5
Published
2008-05-13 17:00
Modified
2024-08-07 07:39
Severity
Summary
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
References
URLTags
http://www.debian.org/security/2008/dsa-1576vendor-advisory
https://www.exploit-db.com/exploits/5622exploit
http://secunia.com/advisories/30221third-party-advisory
http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-develmailing-list
http://www.debian.org/security/2008/dsa-1571vendor-advisory
http://www.securityfocus.com/bid/29179vdb-entry
http://www.securityfocus.com/archive/1/492112/100/0/threadedmailing-list
http://secunia.com/advisories/30239third-party-advisory
http://secunia.com/advisories/30220third-party-advisory
http://www.ubuntu.com/usn/usn-612-7vendor-advisory
http://secunia.com/advisories/30231third-party-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42375vdb-entry
http://metasploit.com/users/hdm/tools/debian-openssl/
http://secunia.com/advisories/30249third-party-advisory
http://www.securitytracker.com/id?1020017vdb-entry
https://www.exploit-db.com/exploits/5632exploit
http://www.ubuntu.com/usn/usn-612-4vendor-advisory
http://www.ubuntu.com/usn/usn-612-2vendor-advisory
http://www.us-cert.gov/cas/techalerts/TA08-137A.htmlthird-party-advisory
http://www.kb.cert.org/vuls/id/925211third-party-advisory
https://www.exploit-db.com/exploits/5720exploit
http://secunia.com/advisories/30136third-party-advisory
http://www.ubuntu.com/usn/usn-612-3vendor-advisory
http://www.ubuntu.com/usn/usn-612-1vendor-advisory
https://16years.secvuln.info
https://news.ycombinator.com/item?id=40333169
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:39:32.856Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-1576",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1576"
          },
          {
            "name": "5622",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5622"
          },
          {
            "name": "30221",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30221"
          },
          {
            "name": "[rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz\u0026forum_name=rsyncrypto-devel"
          },
          {
            "name": "DSA-1571",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1571"
          },
          {
            "name": "29179",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29179"
          },
          {
            "name": "20080515 Debian generated SSH-Keys working exploit",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded"
          },
          {
            "name": "30239",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30239"
          },
          {
            "name": "30220",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30220"
          },
          {
            "name": "USN-612-7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-7"
          },
          {
            "name": "30231",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30231"
          },
          {
            "name": "openssl-rng-weak-security(42375)",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://metasploit.com/users/hdm/tools/debian-openssl/"
          },
          {
            "name": "30249",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30249"
          },
          {
            "name": "1020017",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020017"
          },
          {
            "name": "5632",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5632"
          },
          {
            "name": "USN-612-4",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-4"
          },
          {
            "name": "USN-612-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-2"
          },
          {
            "name": "TA08-137A",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html"
          },
          {
            "name": "VU#925211",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/925211"
          },
          {
            "name": "5720",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5720"
          },
          {
            "name": "30136",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30136"
          },
          {
            "name": "USN-612-3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-3"
          },
          {
            "name": "USN-612-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://16years.secvuln.info"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=40333169"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-12T20:03:03.670438",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-1576",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1576"
        },
        {
          "name": "5622",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/5622"
        },
        {
          "name": "30221",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30221"
        },
        {
          "name": "[rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem",
          "tags": [
            "mailing-list"
          ],
          "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz\u0026forum_name=rsyncrypto-devel"
        },
        {
          "name": "DSA-1571",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1571"
        },
        {
          "name": "29179",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/29179"
        },
        {
          "name": "20080515 Debian generated SSH-Keys working exploit",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded"
        },
        {
          "name": "30239",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30239"
        },
        {
          "name": "30220",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30220"
        },
        {
          "name": "USN-612-7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/usn-612-7"
        },
        {
          "name": "30231",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30231"
        },
        {
          "name": "openssl-rng-weak-security(42375)",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375"
        },
        {
          "url": "http://metasploit.com/users/hdm/tools/debian-openssl/"
        },
        {
          "name": "30249",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30249"
        },
        {
          "name": "1020017",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id?1020017"
        },
        {
          "name": "5632",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/5632"
        },
        {
          "name": "USN-612-4",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/usn-612-4"
        },
        {
          "name": "USN-612-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/usn-612-2"
        },
        {
          "name": "TA08-137A",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html"
        },
        {
          "name": "VU#925211",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://www.kb.cert.org/vuls/id/925211"
        },
        {
          "name": "5720",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/5720"
        },
        {
          "name": "30136",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30136"
        },
        {
          "name": "USN-612-3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/usn-612-3"
        },
        {
          "name": "USN-612-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/usn-612-1"
        },
        {
          "url": "https://16years.secvuln.info"
        },
        {
          "url": "https://news.ycombinator.com/item?id=40333169"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0166",
    "datePublished": "2008-05-13T17:00:00",
    "dateReserved": "2008-01-09T00:00:00",
    "dateUpdated": "2024-08-07T07:39:32.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-0653
Vulnerability from cvelistv5
Published
2009-02-20 19:00
Modified
2024-09-16 18:29
Severity
Summary
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
References
URLTags
https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdfx_refsource_MISC
http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspikex_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:40:05.112Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-02-20T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0653",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf",
              "refsource": "MISC",
              "url": "https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf"
            },
            {
              "name": "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike",
              "refsource": "MISC",
              "url": "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0653",
    "datePublished": "2009-02-20T19:00:00Z",
    "dateReserved": "2009-02-20T00:00:00Z",
    "dateUpdated": "2024-09-16T18:29:32.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0205
Vulnerability from cvelistv5
Published
2015-01-09 02:00
Modified
2024-08-06 04:03
Severity
Summary
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.
References
URLTags
https://exchange.xforce.ibmcloud.com/vulnerabilities/99708vdb-entry, x_refsource_XF
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.htmlvendor-advisory, x_refsource_SUSE
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-sslvendor-advisory, x_refsource_CISCO
https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/71941vdb-entry, x_refsource_BID
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory, x_refsource_HP
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.htmlvendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id/1033378vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=142721102728110&w=2vendor-advisory, x_refsource_HP
https://www.openssl.org/news/secadv_20150108.txtx_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019vendor-advisory, x_refsource_MANDRIVA
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlx_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-0066.htmlvendor-advisory, x_refsource_REDHAT
https://kc.mcafee.com/corporate/index?page=content&id=SB10108x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory, x_refsource_SUSE
https://kc.mcafee.com/corporate/index?page=content&id=SB10102x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/91787vdb-entry, x_refsource_BID
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050205101530&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
https://support.citrix.com/article/CTX216642x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050254401665&w=2vendor-advisory, x_refsource_HP
https://bto.bluecoat.com/security-advisory/sa88x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3125vendor-advisory, x_refsource_DEBIAN
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.htmlvendor-advisory, x_refsource_FEDORA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.459Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openssl-cve20150205-sec-bypass(99708)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99708"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "openSUSE-SU-2015:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
          },
          {
            "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "71941",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71941"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "FEDORA-2015-0601",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
          },
          {
            "name": "1033378",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033378"
          },
          {
            "name": "HPSBHF03289",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150108.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "name": "MDVSA-2015:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "RHSA-2015:0066",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
          },
          {
            "name": "SUSE-SU-2015:0946",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "HPSBMU03396",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "HPSBMU03413",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa88"
          },
          {
            "name": "DSA-3125",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3125"
          },
          {
            "name": "FEDORA-2015-0512",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-14T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openssl-cve20150205-sec-bypass(99708)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99708"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "openSUSE-SU-2015:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
        },
        {
          "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "71941",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71941"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "FEDORA-2015-0601",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
        },
        {
          "name": "1033378",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033378"
        },
        {
          "name": "HPSBHF03289",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20150108.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "name": "MDVSA-2015:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "name": "RHSA-2015:0066",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
        },
        {
          "name": "SUSE-SU-2015:0946",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "HPSBMU03396",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "HPSBMU03413",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa88"
        },
        {
          "name": "DSA-3125",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3125"
        },
        {
          "name": "FEDORA-2015-0512",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-0205",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openssl-cve20150205-sec-bypass(99708)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99708"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "openSUSE-SU-2015:0130",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
            },
            {
              "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3",
              "refsource": "CONFIRM",
              "url": "https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3"
            },
            {
              "name": "HPSBMU03409",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "71941",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71941"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
            },
            {
              "name": "HPSBMU03380",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
            },
            {
              "name": "FEDORA-2015-0601",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
            },
            {
              "name": "1033378",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033378"
            },
            {
              "name": "HPSBHF03289",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20150108.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20150108.txt"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
            },
            {
              "name": "MDVSA-2015:019",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "openSUSE-SU-2015:1277",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
            },
            {
              "name": "RHSA-2015:0066",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
            },
            {
              "name": "SUSE-SU-2015:0578",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
            },
            {
              "name": "SUSE-SU-2015:0946",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
            },
            {
              "name": "HPSBMU03397",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
            },
            {
              "name": "91787",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91787"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "HPSBMU03396",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "https://support.citrix.com/article/CTX216642",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX216642"
            },
            {
              "name": "HPSBMU03413",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa88",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa88"
            },
            {
              "name": "DSA-3125",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3125"
            },
            {
              "name": "FEDORA-2015-0512",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0205",
    "datePublished": "2015-01-09T02:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3513
Vulnerability from cvelistv5
Published
2014-10-19 01:00
Modified
2024-08-06 10:43
Severity
Summary
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
References
URLTags
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.ascx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142804214608580&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.htmlvendor-advisory, x_refsource_SUSE
https://www.openssl.org/news/secadv_20141015.txtx_refsource_CONFIRM
http://www.securitytracker.com/id/1031052vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/62070third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61073third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-2385-1vendor-advisory, x_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=142791032306609&w=2vendor-advisory, x_refsource_HP
http://security.gentoo.org/glsa/glsa-201412-39.xmlvendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2014/dsa-3053vendor-advisory, x_refsource_DEBIAN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=143290583027876&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142118135300698&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142495837901899&w=2vendor-advisory, x_refsource_HP
https://support.apple.com/HT205217x_refsource_CONFIRM
http://www.securityfocus.com/bid/70584vdb-entry, x_refsource_BID
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.htmlvendor-advisory, x_refsource_APPLE
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.htmlvendor-advisory, x_refsource_SUSE
https://kc.mcafee.com/corporate/index?page=content&id=SB10091x_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.ascvendor-advisory, x_refsource_NETBSD
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2b0532f3984324ebe1236a63d15893792384328dx_refsource_CONFIRM
https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.htmlx_refsource_CONFIRM
http://secunia.com/advisories/61837third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61207third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-1652.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/59627third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142495837901899&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61298third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=143290437727362&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142834685803386&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61990third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61959third-party-advisory, x_refsource_SECUNIA
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6x_refsource_CONFIRM
http://advisories.mageia.org/MGASA-2014-0416.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142624590206005&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=143290522027658&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61058third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=142118135300698&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142118135300698&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61439third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21686997x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-1692.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:06.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
          },
          {
            "name": "HPSBHF03300",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2014:1331",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20141015.txt"
          },
          {
            "name": "1031052",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031052"
          },
          {
            "name": "62070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62070"
          },
          {
            "name": "61073",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61073"
          },
          {
            "name": "USN-2385-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2385-1"
          },
          {
            "name": "HPSBMU03304",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
          },
          {
            "name": "GLSA-201412-39",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
          },
          {
            "name": "DSA-3053",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3053"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "HPSBMU03223",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
          },
          {
            "name": "SSRT101868",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
          },
          {
            "name": "HPSBMU03260",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205217"
          },
          {
            "name": "70584",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70584"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "name": "APPLE-SA-2015-09-16-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
          },
          {
            "name": "SUSE-SU-2014:1357",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
          },
          {
            "name": "NetBSD-SA2014-015",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2b0532f3984324ebe1236a63d15893792384328d"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html"
          },
          {
            "name": "61837",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61837"
          },
          {
            "name": "61207",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61207"
          },
          {
            "name": "RHSA-2014:1652",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html"
          },
          {
            "name": "59627",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59627"
          },
          {
            "name": "SSRT101894",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "name": "61298",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61298"
          },
          {
            "name": "HPSBMU03263",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
          },
          {
            "name": "HPSBMU03296",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142834685803386\u0026w=2"
          },
          {
            "name": "61990",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61990"
          },
          {
            "name": "61959",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61959"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0416.html"
          },
          {
            "name": "HPSBMU03267",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
          },
          {
            "name": "HPSBMU03261",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
          },
          {
            "name": "61058",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61058"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "name": "HPSBGN03233",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
          },
          {
            "name": "SSRT101739",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
          },
          {
            "name": "61439",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61439"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
          },
          {
            "name": "RHSA-2014:1692",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
        },
        {
          "name": "HPSBHF03300",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2014:1331",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20141015.txt"
        },
        {
          "name": "1031052",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031052"
        },
        {
          "name": "62070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62070"
        },
        {
          "name": "61073",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61073"
        },
        {
          "name": "USN-2385-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2385-1"
        },
        {
          "name": "HPSBMU03304",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
        },
        {
          "name": "GLSA-201412-39",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
        },
        {
          "name": "DSA-3053",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3053"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "HPSBMU03223",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
        },
        {
          "name": "SSRT101868",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
        },
        {
          "name": "HPSBMU03260",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205217"
        },
        {
          "name": "70584",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70584"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "name": "APPLE-SA-2015-09-16-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
        },
        {
          "name": "SUSE-SU-2014:1357",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
        },
        {
          "name": "NetBSD-SA2014-015",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2b0532f3984324ebe1236a63d15893792384328d"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html"
        },
        {
          "name": "61837",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61837"
        },
        {
          "name": "61207",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61207"
        },
        {
          "name": "RHSA-2014:1652",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html"
        },
        {
          "name": "59627",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59627"
        },
        {
          "name": "SSRT101894",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "name": "61298",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61298"
        },
        {
          "name": "HPSBMU03263",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
        },
        {
          "name": "HPSBMU03296",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142834685803386\u0026w=2"
        },
        {
          "name": "61990",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61990"
        },
        {
          "name": "61959",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61959"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0416.html"
        },
        {
          "name": "HPSBMU03267",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
        },
        {
          "name": "HPSBMU03261",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
        },
        {
          "name": "61058",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61058"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "name": "HPSBGN03233",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
        },
        {
          "name": "SSRT101739",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
        },
        {
          "name": "61439",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61439"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
        },
        {
          "name": "RHSA-2014:1692",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3513",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
            },
            {
              "name": "HPSBHF03300",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2014:1331",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20141015.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20141015.txt"
            },
            {
              "name": "1031052",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031052"
            },
            {
              "name": "62070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62070"
            },
            {
              "name": "61073",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61073"
            },
            {
              "name": "USN-2385-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2385-1"
            },
            {
              "name": "HPSBMU03304",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
            },
            {
              "name": "GLSA-201412-39",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
            },
            {
              "name": "DSA-3053",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3053"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
            },
            {
              "name": "HPSBMU03223",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
            },
            {
              "name": "SSRT101868",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
            },
            {
              "name": "HPSBMU03260",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
            },
            {
              "name": "https://support.apple.com/HT205217",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205217"
            },
            {
              "name": "70584",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70584"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
            },
            {
              "name": "APPLE-SA-2015-09-16-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
            },
            {
              "name": "SUSE-SU-2014:1357",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
            },
            {
              "name": "NetBSD-SA2014-015",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2b0532f3984324ebe1236a63d15893792384328d",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2b0532f3984324ebe1236a63d15893792384328d"
            },
            {
              "name": "https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html"
            },
            {
              "name": "61837",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61837"
            },
            {
              "name": "61207",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61207"
            },
            {
              "name": "RHSA-2014:1652",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html"
            },
            {
              "name": "59627",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59627"
            },
            {
              "name": "SSRT101894",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
            },
            {
              "name": "61298",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61298"
            },
            {
              "name": "HPSBMU03263",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
            },
            {
              "name": "HPSBMU03296",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142834685803386\u0026w=2"
            },
            {
              "name": "61990",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61990"
            },
            {
              "name": "61959",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61959"
            },
            {
              "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6",
              "refsource": "CONFIRM",
              "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0416.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0416.html"
            },
            {
              "name": "HPSBMU03267",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
            },
            {
              "name": "HPSBMU03261",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
            },
            {
              "name": "61058",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61058"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "HPSBGN03233",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
            },
            {
              "name": "SSRT101739",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
            },
            {
              "name": "61439",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61439"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
            },
            {
              "name": "RHSA-2014:1692",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3513",
    "datePublished": "2014-10-19T01:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:43:06.447Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2939
Vulnerability from cvelistv5
Published
2010-08-17 17:31
Modified
2024-08-07 02:55
Severity
Summary
Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.
References
URLTags
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793vendor-advisory, x_refsource_SLACKWARE
http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.htmlmailing-list, x_refsource_MLIST
http://marc.info/?l=bugtraq&m=130331363227777&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/42413third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/40906third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2010/dsa-2100vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2010/08/11/6mailing-list, x_refsource_MLIST
http://seclists.org/fulldisclosure/2010/Aug/84mailing-list, x_refsource_FULLDISC
http://www.vupen.com/english/advisories/2010/2229vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/2038vdb-entry, x_refsource_VUPEN
http://securitytracker.com/id?1024296vdb-entry, x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-1003-1vendor-advisory, x_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=130331363227777&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/42309third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/3077vdb-entry, x_refsource_VUPEN
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://secunia.com/advisories/43312third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.htmlvendor-advisory, x_refsource_SUSE
http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlx_refsource_CONFIRM
http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.htmlmailing-list, x_refsource_MLIST
http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.htmlmailing-list, x_refsource_MLIST
http://www.securityfocus.com/archive/1/516397/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/41105third-party-advisory, x_refsource_SECUNIA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:45.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSA:2010-326-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668793"
          },
          {
            "name": "[openssl-dev] 20100808 Re: openssl-1.0.0a and glibc detected sthg ;)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html"
          },
          {
            "name": "HPSBMA02662",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130331363227777\u0026w=2"
          },
          {
            "name": "42413",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42413"
          },
          {
            "name": "40906",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40906"
          },
          {
            "name": "DSA-2100",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2100"
          },
          {
            "name": "[oss-security] 20100812 Re: CVE Request: openssl double free",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/08/11/6"
          },
          {
            "name": "20100807 openssl-1.0.0a",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2010/Aug/84"
          },
          {
            "name": "ADV-2010-2229",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2229"
          },
          {
            "name": "ADV-2010-2038",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2038"
          },
          {
            "name": "1024296",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024296"
          },
          {
            "name": "USN-1003-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1003-1"
          },
          {
            "name": "SSRT100409",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130331363227777\u0026w=2"
          },
          {
            "name": "42309",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42309"
          },
          {
            "name": "ADV-2010-3077",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3077"
          },
          {
            "name": "FreeBSD-SA-10:10",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc"
          },
          {
            "name": "43312",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43312"
          },
          {
            "name": "SUSE-SR:2010:021",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "[openssl-dev] 20100807 openssl-1.0.0a and glibc detected sthg ;)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html"
          },
          {
            "name": "[openssl-dev] 20100807 Re: openssl-1.0.0a and glibc detected sthg ;)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "41105",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41105"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime.  NOTE: some sources refer to this as a use-after-free issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SSA:2010-326-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668793"
        },
        {
          "name": "[openssl-dev] 20100808 Re: openssl-1.0.0a and glibc detected sthg ;)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html"
        },
        {
          "name": "HPSBMA02662",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130331363227777\u0026w=2"
        },
        {
          "name": "42413",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42413"
        },
        {
          "name": "40906",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40906"
        },
        {
          "name": "DSA-2100",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2100"
        },
        {
          "name": "[oss-security] 20100812 Re: CVE Request: openssl double free",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/08/11/6"
        },
        {
          "name": "20100807 openssl-1.0.0a",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2010/Aug/84"
        },
        {
          "name": "ADV-2010-2229",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2229"
        },
        {
          "name": "ADV-2010-2038",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2038"
        },
        {
          "name": "1024296",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024296"
        },
        {
          "name": "USN-1003-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1003-1"
        },
        {
          "name": "SSRT100409",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130331363227777\u0026w=2"
        },
        {
          "name": "42309",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42309"
        },
        {
          "name": "ADV-2010-3077",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3077"
        },
        {
          "name": "FreeBSD-SA-10:10",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc"
        },
        {
          "name": "43312",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43312"
        },
        {
          "name": "SUSE-SR:2010:021",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "[openssl-dev] 20100807 openssl-1.0.0a and glibc detected sthg ;)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html"
        },
        {
          "name": "[openssl-dev] 20100807 Re: openssl-1.0.0a and glibc detected sthg ;)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "41105",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41105"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2939",
    "datePublished": "2010-08-17T17:31:00",
    "dateReserved": "2010-08-04T00:00:00",
    "dateUpdated": "2024-08-07T02:55:45.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-7054
Vulnerability from cvelistv5
Published
2016-11-10 00:00
Modified
2024-08-06 01:50
Severity
Summary
ChaCha20/Poly1305 heap-buffer-overflow
References
URLTags
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_usx_refsource_CONFIRM
http://www.securityfocus.com/bid/94238vdb-entry, x_refsource_BID
https://www.openssl.org/news/secadv/20161110.txtx_refsource_CONFIRM
https://www.exploit-db.com/exploits/40899/exploit, x_refsource_EXPLOIT-DB
http://www.securitytracker.com/id/1037261vdb-entry, x_refsource_SECTRACK
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:50:47.489Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
          },
          {
            "name": "94238",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94238"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20161110.txt"
          },
          {
            "name": "40899",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40899/"
          },
          {
            "name": "1037261",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037261"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "openssl-1.1.0"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0a"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0b"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Robert \u015awi\u0119cki (Google Security Team)"
        }
      ],
      "datePublic": "2016-11-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#High",
              "value": "High"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "protocol error",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-02T09:57:01",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
        },
        {
          "name": "94238",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94238"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20161110.txt"
        },
        {
          "name": "40899",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40899/"
        },
        {
          "name": "1037261",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037261"
        }
      ],
      "title": "ChaCha20/Poly1305 heap-buffer-overflow",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2016-11-10",
          "ID": "CVE-2016-7054",
          "STATE": "PUBLIC",
          "TITLE": "ChaCha20/Poly1305 heap-buffer-overflow"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "openssl-1.1.0"
                          },
                          {
                            "version_value": "openssl-1.1.0a"
                          },
                          {
                            "version_value": "openssl-1.1.0b"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Robert \u015awi\u0119cki (Google Security Team)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#High",
            "value": "High"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "protocol error"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
            },
            {
              "name": "94238",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94238"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20161110.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20161110.txt"
            },
            {
              "name": "40899",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40899/"
            },
            {
              "name": "1037261",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037261"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2016-7054",
    "datePublished": "2016-11-10T00:00:00",
    "dateReserved": "2016-08-23T00:00:00",
    "dateUpdated": "2024-08-06T01:50:47.489Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-2975
Vulnerability from cvelistv5
Published
2023-07-14 11:16
Modified
2024-08-02 06:41
Severity
Summary
AES-SIV implementation ignores empty associated data entries
References
URLTags
https://www.openssl.org/news/secadv/20230714.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdcpatch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598patch
http://www.openwall.com/lists/oss-security/2023/07/15/1
http://www.openwall.com/lists/oss-security/2023/07/19/5
https://security.netapp.com/advisory/ntap-20230725-0004/
https://security.gentoo.org/glsa/202402-08
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:41:04.070Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230714.txt"
          },
          {
            "name": "3.1.2 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc"
          },
          {
            "name": "3.0.10 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/15/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/19/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230725-0004/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.1.2",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.10",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Juerg Wullschleger (Google)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tomas Mraz"
        }
      ],
      "datePublic": "2023-07-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\u003cbr\u003eit to ignore empty associated data entries which are unauthenticated as\u003cbr\u003ea consequence.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the AES-SIV algorithm and want to\u003cbr\u003eauthenticate empty data entries as associated data can be mislead by removing\u003cbr\u003eadding or reordering such empty entries as these are ignored by the OpenSSL\u003cbr\u003eimplementation. We are currently unaware of any such applications.\u003cbr\u003e\u003cbr\u003eThe AES-SIV algorithm allows for authentication of multiple associated\u003cbr\u003edata entries along with the encryption. To authenticate empty data the\u003cbr\u003eapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\u003cbr\u003eNULL pointer as the output buffer and 0 as the input buffer length.\u003cbr\u003eThe AES-SIV implementation in OpenSSL just returns success for such a call\u003cbr\u003einstead of performing the associated data authentication operation.\u003cbr\u003eThe empty data thus will not be authenticated.\u003cbr\u003e\u003cbr\u003eAs this issue does not affect non-empty associated data authentication and\u003cbr\u003ewe expect it to be rare for an application to use empty associated data\u003cbr\u003eentries this is qualified as Low severity issue."
            }
          ],
          "value": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\nit to ignore empty associated data entries which are unauthenticated as\na consequence.\n\nImpact summary: Applications that use the AES-SIV algorithm and want to\nauthenticate empty data entries as associated data can be mislead by removing\nadding or reordering such empty entries as these are ignored by the OpenSSL\nimplementation. We are currently unaware of any such applications.\n\nThe AES-SIV algorithm allows for authentication of multiple associated\ndata entries along with the encryption. To authenticate empty data the\napplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\nNULL pointer as the output buffer and 0 as the input buffer length.\nThe AES-SIV implementation in OpenSSL just returns success for such a call\ninstead of performing the associated data authentication operation.\nThe empty data thus will not be authenticated.\n\nAs this issue does not affect non-empty associated data authentication and\nwe expect it to be rare for an application to use empty associated data\nentries this is qualified as Low severity issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient Verification of Data Authenticity",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-14T11:16:25.151Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230714.txt"
        },
        {
          "name": "3.1.2 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc"
        },
        {
          "name": "3.0.10 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/15/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/19/5"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230725-0004/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "AES-SIV implementation ignores empty associated data entries",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-2975",
    "datePublished": "2023-07-14T11:16:25.151Z",
    "dateReserved": "2023-05-30T10:29:34.539Z",
    "dateUpdated": "2024-08-02T06:41:04.070Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-2650
Vulnerability from cvelistv5
Published
2023-05-30 13:40
Modified
2024-08-02 06:26
Severity
Summary
Possible DoS translating ASN.1 object identifiers
References
URLTags
https://www.openssl.org/news/secadv/20230530.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544apatch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936bpatch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422cpatch
http://www.openwall.com/lists/oss-security/2023/05/30/1
https://www.debian.org/security/2023/dsa-5417
https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009
https://security.netapp.com/advisory/ntap-20230703-0001/
https://security.netapp.com/advisory/ntap-20231027-0009/
https://security.gentoo.org/glsa/202402-08
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:26:09.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230530.txt"
          },
          {
            "name": "3.1.1 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a"
          },
          {
            "name": "3.0.9 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b"
          },
          {
            "name": "1.1.1u git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098"
          },
          {
            "name": "1.0.2zh patch (premium)",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/05/30/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5417"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230703-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231027-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.1.1",
              "status": "affected",
              "version": "3.1.1",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.9",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1u",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zh",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "OSSFuzz"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Matt Caswell"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Richard Levitte"
        }
      ],
      "datePublic": "2023-05-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\u003cbr\u003edata containing them may be very slow.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\u003cbr\u003ethe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\u003cbr\u003esize limit may experience notable to very long delays when processing those\u003cbr\u003emessages, which may lead to a Denial of Service.\u003cbr\u003e\u003cbr\u003eAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\u003cbr\u003emost of which have no size limit.  OBJ_obj2txt() may be used to translate\u003cbr\u003ean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\u003cbr\u003etype ASN1_OBJECT) to its canonical numeric text form, which are the\u003cbr\u003esub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\u003cbr\u003eperiods.\u003cbr\u003e\u003cbr\u003eWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\u003cbr\u003e(these are sizes that are seen as absurdly large, taking up tens or hundreds\u003cbr\u003eof KiBs), the translation to a decimal number in text may take a very long\u003cbr\u003etime.  The time complexity is O(n^2) with \u0027n\u0027 being the size of the\u003cbr\u003esub-identifiers in bytes (*).\u003cbr\u003e\u003cbr\u003eWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\u003cbr\u003eidentifiers in string form was introduced.  This includes using OBJECT\u003cbr\u003eIDENTIFIERs in canonical numeric text form as identifiers for fetching\u003cbr\u003ealgorithms.\u003cbr\u003e\u003cbr\u003eSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\u003cbr\u003eAlgorithmIdentifier, which is commonly used in multiple protocols to specify\u003cbr\u003ewhat cryptographic algorithm should be used to sign or verify, encrypt or\u003cbr\u003edecrypt, or digest passed data.\u003cbr\u003e\u003cbr\u003eApplications that call OBJ_obj2txt() directly with untrusted data are\u003cbr\u003eaffected, with any version of OpenSSL.  If the use is for the mere purpose\u003cbr\u003eof display, the severity is considered low.\u003cbr\u003e\u003cbr\u003eIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\u003cbr\u003eCMS, CMP/CRMF or TS.  It also impacts anything that processes X.509\u003cbr\u003ecertificates, including simple things like verifying its signature.\u003cbr\u003e\u003cbr\u003eThe impact on TLS is relatively low, because all versions of OpenSSL have a\u003cbr\u003e100KiB limit on the peer\u0027s certificate chain.  Additionally, this only\u003cbr\u003eimpacts clients, or servers that have explicitly enabled client\u003cbr\u003eauthentication.\u003cbr\u003e\u003cbr\u003eIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\u003cbr\u003esuch as X.509 certificates.  This is assumed to not happen in such a way\u003cbr\u003ethat it would cause a Denial of Service, so these versions are considered\u003cbr\u003enot affected by this issue in such a way that it would be cause for concern,\u003cbr\u003eand the severity is therefore considered low."
            }
          ],
          "value": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit.  OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime.  The time complexity is O(n^2) with \u0027n\u0027 being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced.  This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL.  If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS.  It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer\u0027s certificate chain.  Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates.  This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Moderate"
            },
            "type": "https://www.openssl.org/policies/general/security-policy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "inefficient algorithmic complexity",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T13:40:11.963Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230530.txt"
        },
        {
          "name": "3.1.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a"
        },
        {
          "name": "3.0.9 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b"
        },
        {
          "name": "1.1.1u git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098"
        },
        {
          "name": "1.0.2zh patch (premium)",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/05/30/1"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5417"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230703-0001/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231027-0009/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Possible DoS translating ASN.1 object identifiers",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-2650",
    "datePublished": "2023-05-30T13:40:11.963Z",
    "dateReserved": "2023-05-11T06:09:26.543Z",
    "dateUpdated": "2024-08-02T06:26:09.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2178
Vulnerability from cvelistv5
Published
2016-06-20 00:00
Modified
2024-08-05 23:17
Severity
Summary
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
References
URLTags
https://www.tenable.com/security/tns-2016-20
http://www.splunk.com/view/SP-CAAAPUE
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://rhn.redhat.com/errata/RHSA-2017-1659.htmlvendor-advisory
http://www.openwall.com/lists/oss-security/2016/06/09/8mailing-list
https://access.redhat.com/errata/RHSA-2017:1658vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-1940.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://security.gentoo.org/glsa/201612-16vendor-advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
http://www.splunk.com/view/SP-CAAAPSV
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-21
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.securityfocus.com/bid/91081vdb-entry
https://access.redhat.com/errata/RHSA-2017:0194vendor-advisory
http://www.openwall.com/lists/oss-security/2016/06/08/2mailing-list
https://access.redhat.com/errata/RHSA-2017:0193vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1343400
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
https://bto.bluecoat.com/security-advisory/sa132
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.ascvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
http://www.securitytracker.com/id/1036054vdb-entry
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://eprint.iacr.org/2016/594.pdf
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-3087-1vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.htmlvendor-advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-opensslvendor-advisory
http://www.openwall.com/lists/oss-security/2016/06/08/8mailing-list
http://www.openwall.com/lists/oss-security/2016/06/08/4mailing-list
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.htmlvendor-advisory
http://www.openwall.com/lists/oss-security/2016/06/08/6mailing-list
https://support.f5.com/csp/article/K53084033
http://www.ubuntu.com/usn/USN-3087-2vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.htmlvendor-advisory
http://seclists.org/fulldisclosure/2017/Jul/31mailing-list
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.htmlvendor-advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
http://www.openwall.com/lists/oss-security/2016/06/08/10mailing-list
http://www.openwall.com/lists/oss-security/2016/06/08/11mailing-list
http://www.openwall.com/lists/oss-security/2016/06/08/5mailing-list
http://www.debian.org/security/2016/dsa-3673vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.htmlvendor-advisory
http://www.openwall.com/lists/oss-security/2016/06/08/12mailing-list
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.htmlvendor-advisory
http://www.openwall.com/lists/oss-security/2016/06/08/7mailing-list
http://www.openwall.com/lists/oss-security/2016/06/09/2mailing-list
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.htmlvendor-advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2017:1659",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
          },
          {
            "name": "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/09/8"
          },
          {
            "name": "RHSA-2017:1658",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1658"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "91081",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91081"
          },
          {
            "name": "RHSA-2017:0194",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0194"
          },
          {
            "name": "[oss-security] 20160608 CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/2"
          },
          {
            "name": "RHSA-2017:0193",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0193"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "name": "SUSE-SU-2016:2470",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
          },
          {
            "name": "1036054",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036054"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://eprint.iacr.org/2016/594.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "name": "20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl"
          },
          {
            "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/8"
          },
          {
            "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/4"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K53084033"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/10"
          },
          {
            "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/11"
          },
          {
            "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/5"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/12"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2016:2496",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
          },
          {
            "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/7"
          },
          {
            "name": "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/09/2"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2017:1659",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
        },
        {
          "name": "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/09/8"
        },
        {
          "name": "RHSA-2017:1658",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1658"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "91081",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91081"
        },
        {
          "name": "RHSA-2017:0194",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0194"
        },
        {
          "name": "[oss-security] 20160608 CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/2"
        },
        {
          "name": "RHSA-2017:0193",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0193"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "name": "SUSE-SU-2016:2470",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
        },
        {
          "name": "1036054",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036054"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "http://eprint.iacr.org/2016/594.pdf"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "name": "20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl"
        },
        {
          "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/8"
        },
        {
          "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/4"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/6"
        },
        {
          "url": "https://support.f5.com/csp/article/K53084033"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/10"
        },
        {
          "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/11"
        },
        {
          "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/5"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/12"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2016:2496",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
        },
        {
          "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/7"
        },
        {
          "name": "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/09/2"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2178",
    "datePublished": "2016-06-20T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-3196
Vulnerability from cvelistv5
Published
2015-12-06 00:00
Modified
2024-08-06 05:39
Severity
Summary
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
References
URLTags
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-opensslvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.htmlvendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c
http://rhn.redhat.com/errata/RHSA-2015-2617.htmlvendor-advisory
http://www.fortiguard.com/advisory/openssl-advisory-december-2015
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583vendor-advisory
http://www.securityfocus.com/bid/78622vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://marc.info/?l=bugtraq&m=145382583417444&w=2vendor-advisory
http://www.ubuntu.com/usn/USN-2830-1vendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://openssl.org/news/secadv/20151203.txt
http://www.securitytracker.com/id/1034294vdb-entry
http://fortiguard.com/advisory/openssl-advisory-december-2015
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
http://www.debian.org/security/2015/dsa-3413vendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:39:31.984Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173"
          },
          {
            "name": "openSUSE-SU-2015:2288",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c"
          },
          {
            "name": "RHSA-2015:2617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2617.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "name": "SSA:2015-349-04",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
          },
          {
            "name": "78622",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/78622"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
          },
          {
            "name": "HPSBGN03536",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
          },
          {
            "name": "USN-2830-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2830-1"
          },
          {
            "name": "openSUSE-SU-2015:2289",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
          },
          {
            "name": "FEDORA-2015-d87d60b9a9",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20151203.txt"
          },
          {
            "name": "1034294",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034294"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
          },
          {
            "name": "DSA-3413",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3413"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173"
        },
        {
          "name": "openSUSE-SU-2015:2288",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c"
        },
        {
          "name": "RHSA-2015:2617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2617.html"
        },
        {
          "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
        },
        {
          "name": "SSA:2015-349-04",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
        },
        {
          "name": "78622",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/78622"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
        },
        {
          "name": "HPSBGN03536",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
        },
        {
          "name": "USN-2830-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2830-1"
        },
        {
          "name": "openSUSE-SU-2015:2289",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
        },
        {
          "name": "FEDORA-2015-d87d60b9a9",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "url": "http://openssl.org/news/secadv/20151203.txt"
        },
        {
          "name": "1034294",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034294"
        },
        {
          "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
        },
        {
          "name": "DSA-3413",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3413"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-3196",
    "datePublished": "2015-12-06T00:00:00",
    "dateReserved": "2015-04-10T00:00:00",
    "dateUpdated": "2024-08-06T05:39:31.984Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-3210
Vulnerability from cvelistv5
Published
2011-09-22 10:00
Modified
2024-08-06 23:29
Severity
Summary
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.
References
URLTags
http://marc.info/?l=bugtraq&m=133226187115472&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=133226187115472&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2011:137vendor-advisory, x_refsource_MANDRIVA
http://support.apple.com/kb/HT5784x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.securitytracker.com/id?1026012vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=132750648501816&w=2vendor-advisory, x_refsource_HP
http://openssl.org/news/secadv_20110906.txtx_refsource_CONFIRM
http://cvs.openssl.org/chngview?cn=21337x_refsource_CONFIRM
http://secunia.com/advisories/57353third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=736079x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=132750648501816&w=2vendor-advisory, x_refsource_HP
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:29:56.549Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBMU02752",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
          },
          {
            "name": "SSRT100802",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "MDVSA-2011:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          },
          {
            "name": "1026012",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026012"
          },
          {
            "name": "HPSBUX02734",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv_20110906.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=21337"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736079"
          },
          {
            "name": "SSRT100729",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-03-18T11:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "HPSBMU02752",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
        },
        {
          "name": "SSRT100802",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "MDVSA-2011:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5784"
        },
        {
          "name": "APPLE-SA-2013-06-04-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
        },
        {
          "name": "1026012",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026012"
        },
        {
          "name": "HPSBUX02734",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://openssl.org/news/secadv_20110906.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=21337"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736079"
        },
        {
          "name": "SSRT100729",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-3210",
    "datePublished": "2011-09-22T10:00:00",
    "dateReserved": "2011-08-19T00:00:00",
    "dateUpdated": "2024-08-06T23:29:56.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3738
Vulnerability from cvelistv5
Published
2006-09-28 18:00
Modified
2024-08-07 18:39
Severity
Summary
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
References
URLTags
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/22212third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4750vdb-entry, x_refsource_VUPEN
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.htmlx_refsource_CONFIRM
http://secunia.com/advisories/23915third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771vendor-advisory, x_refsource_HP
http://securitytracker.com/id?1016943vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/23038third-party-advisory, x_refsource_SECUNIA
http://www.trustix.org/errata/2006/0054vendor-advisory, x_refsource_TRUSTIX
http://www.debian.org/security/2006/dsa-1195vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/23309third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4401vdb-entry, x_refsource_VUPEN
http://www.ubuntu.com/usn/usn-353-1vendor-advisory, x_refsource_UBUNTU
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227x_refsource_CONFIRM
http://secunia.com/advisories/22116third-party-advisory, x_refsource_SECUNIA
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144vendor-advisory, x_refsource_HP
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htmx_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xmlvendor-advisory, x_refsource_GENTOO
http://www.kb.cert.org/vuls/id/547300third-party-advisory, x_refsource_CERT-VN
http://secunia.com/advisories/22166third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0695.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/23340third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4314vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22385third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_24_sr.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/22758third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22487third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_58_openssl.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/22772third-party-advisory, x_refsource_SECUNIA
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540vendor-advisory, x_refsource_HP
http://secunia.com/advisories/22165third-party-advisory, x_refsource_SECUNIA
http://docs.info.apple.com/article.html?artnum=304829x_refsource_CONFIRM
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.htmlmailing-list, x_refsource_FULLDISC
http://secunia.com/advisories/23794third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=130497311408250&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/22220third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23680third-party-advisory, x_refsource_SECUNIA
http://openvpn.net/changelog.htmlx_refsource_CONFIRM
http://secunia.com/advisories/25889third-party-advisory, x_refsource_SECUNIA
http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4036vdb-entry, x_refsource_VUPEN
http://openbsd.org/errata.html#openssl2vendor-advisory, x_refsource_OPENBSD
http://secunia.com/advisories/30124third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22626third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/22083vdb-entry, x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178vendor-advisory, x_refsource_MANDRIVA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370vdb-entry, signature, x_refsource_OVAL
http://www.vupen.com/english/advisories/2006/3869vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22544third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22298third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22130third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31492third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22284third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24930third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0629.htmlvendor-advisory, x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-200610-11.xmlvendor-advisory, x_refsource_GENTOO
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256vdb-entry, signature, x_refsource_OVAL
http://issues.rpath.com/browse/RPL-613x_refsource_CONFIRM
http://secunia.com/advisories/26329third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22260third-party-advisory, x_refsource_SECUNIA
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdfx_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/29237vdb-entry, x_refsource_XF
http://www.vupen.com/english/advisories/2007/0343vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/3860vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/23280third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/447318/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144vendor-advisory, x_refsource_HP
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htmx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4264vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22193third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/29262vdb-entry, x_refsource_OSVDB
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.htmlx_refsource_CONFIRM
http://secunia.com/advisories/23155third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22799third-party-advisory, x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946vendor-advisory, x_refsource_SLACKWARE
http://www.vupen.com/english/advisories/2006/4417vdb-entry, x_refsource_VUPEN
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=130497311408250&w=2vendor-advisory, x_refsource_HP
http://www.serv-u.com/releasenotes/x_refsource_CONFIRM
http://www.securityfocus.com/bid/20249vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2006/4443vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/30161third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.htmlx_refsource_CONFIRM
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.htmlx_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/22094third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22186third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22633third-party-advisory, x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20060928.txtx_refsource_CONFIRM
http://kolab.org/security/kolab-vendor-notice-11.txtx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/2315vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22500third-party-advisory, x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlvendor-advisory, x_refsource_APPLE
http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlthird-party-advisory, x_refsource_CERT
http://secunia.com/advisories/22216third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3820vdb-entry, x_refsource_VUPEN
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100vendor-advisory, x_refsource_HP
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.htmlvendor-advisory, x_refsource_OPENPKG
http://secunia.com/advisories/22654third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/1401vdb-entry, x_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1vendor-advisory, x_refsource_SUNALERT
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.ascvendor-advisory, x_refsource_NETBSD
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771vendor-advisory, x_refsource_HP
http://www.securityfocus.com/archive/1/456546/100/200/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/447393/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2006/3936vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22240third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22330third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.htmlx_refsource_CONFIRM
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144vendor-advisory, x_refsource_HP
http://www.debian.org/security/2006/dsa-1185vendor-advisory, x_refsource_DEBIAN
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.ascvendor-advisory, x_refsource_SGI
http://secunia.com/advisories/22207third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177vendor-advisory, x_refsource_MANDRIVA
http://securitytracker.com/id?1017522vdb-entry, x_refsource_SECTRACK
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.htmlvendor-advisory, x_refsource_CISCO
http://www.vupen.com/english/advisories/2006/3902vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2783vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/470460/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/22259third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22460third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22791third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22172third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.htmlx_refsource_CONFIRM
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100vendor-advisory, x_refsource_HP
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1vendor-advisory, x_refsource_SUNALERT
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtmlvendor-advisory, x_refsource_CISCO
http://secunia.com/advisories/24950third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1vendor-advisory, x_refsource_SUNALERT
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:39:54.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDKSA-2006:172",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172"
          },
          {
            "name": "22212",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "name": "ADV-2006-4750",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "name": "23915",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "name": "HPSBMA02250",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
          },
          {
            "name": "1016943",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "name": "23038",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "name": "2006-0054",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "name": "DSA-1195",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "name": "23309",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "name": "ADV-2006-4401",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "name": "USN-353-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "name": "22116",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "name": "SSRT071304",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm"
          },
          {
            "name": "GLSA-200612-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "name": "VU#547300",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/547300"
          },
          {
            "name": "22166",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "name": "RHSA-2006:0695",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html"
          },
          {
            "name": "23340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "name": "ADV-2006-4314",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4314"
          },
          {
            "name": "22385",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "name": "SUSE-SR:2006:024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "name": "22758",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "name": "22487",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "name": "SUSE-SA:2006:058",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "name": "22772",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "name": "SSRT071299",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
          },
          {
            "name": "22165",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html"
          },
          {
            "name": "23794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "name": "SSRT090208",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "name": "22220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "name": "23680",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "name": "25889",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=498093\u0026RenditionID=\u0026poid=8881"
          },
          {
            "name": "ADV-2006-4036",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "name": "30124",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "name": "22626",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "name": "22083",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "name": "MDKSA-2006:178",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178"
          },
          {
            "name": "oval:org.mitre.oval:def:9370",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370"
          },
          {
            "name": "ADV-2006-3869",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "name": "22544",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "name": "22298",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "name": "22130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "name": "31492",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "name": "22284",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "name": "24930",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "name": "RHSA-2008:0629",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
          },
          {
            "name": "GLSA-200610-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:4256",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://issues.rpath.com/browse/RPL-613"
          },
          {
            "name": "26329",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "name": "22260",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf"
          },
          {
            "name": "openssl-sslgetsharedciphers-bo(29237)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237"
          },
          {
            "name": "ADV-2007-0343",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "name": "ADV-2006-3860",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "name": "23280",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "name": "SSRT061213",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm"
          },
          {
            "name": "ADV-2006-4264",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "name": "22193",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "name": "29262",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/29262"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "name": "23155",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "name": "22799",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "name": "SSA:2006-272-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "name": "ADV-2006-4417",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "name": "HPSBUX02186",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
          },
          {
            "name": "HPSBOV02683",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "name": "20249",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20249"
          },
          {
            "name": "ADV-2006-4443",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4443"
          },
          {
            "name": "30161",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30161"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "name": "GLSA-200805-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
          },
          {
            "name": "22094",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "name": "22186",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "name": "22633",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22633"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "name": "ADV-2007-2315",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "name": "22500",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "name": "APPLE-SA-2006-11-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
          },
          {
            "name": "TA06-333A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
          },
          {
            "name": "22216",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "name": "ADV-2006-3820",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "name": "HPSBUX02174",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "name": "OpenPKG-SA-2006.021",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html"
          },
          {
            "name": "22654",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22654"
          },
          {
            "name": "ADV-2007-1401",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "name": "102711",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "name": "NetBSD-SA2008-007",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
          },
          {
            "name": "SSRT061275",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
          },
          {
            "name": "20070110 VMware ESX server security updates",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "name": "ADV-2006-3936",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "name": "22240",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "name": "22330",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "name": "HPSBTU02207",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
          },
          {
            "name": "DSA-1185",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "name": "20061001-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
          },
          {
            "name": "22207",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "name": "MDKSA-2006:177",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177"
          },
          {
            "name": "1017522",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "name": "20061108 Multiple Vulnerabilities in OpenSSL Library",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "name": "ADV-2006-3902",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "name": "ADV-2007-2783",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "name": "20070602 Recent OpenSSL exploits",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded"
          },
          {
            "name": "22259",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "name": "22460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "name": "22791",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22791"
          },
          {
            "name": "22172",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "name": "SSRT061239",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "name": "FreeBSD-SA-06:23",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc"
          },
          {
            "name": "102668",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "name": "20061108 Multiple Vulnerabilities in OpenSSL library",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "name": "24950",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "name": "201531",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "MDKSA-2006:172",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172"
        },
        {
          "name": "22212",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22212"
        },
        {
          "name": "ADV-2006-4750",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4750"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
        },
        {
          "name": "23915",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23915"
        },
        {
          "name": "HPSBMA02250",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
        },
        {
          "name": "1016943",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016943"
        },
        {
          "name": "23038",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23038"
        },
        {
          "name": "2006-0054",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2006/0054"
        },
        {
          "name": "DSA-1195",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1195"
        },
        {
          "name": "23309",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23309"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
        },
        {
          "name": "ADV-2006-4401",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4401"
        },
        {
          "name": "USN-353-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-353-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
        },
        {
          "name": "22116",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22116"
        },
        {
          "name": "SSRT071304",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm"
        },
        {
          "name": "GLSA-200612-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
        },
        {
          "name": "VU#547300",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/547300"
        },
        {
          "name": "22166",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22166"
        },
        {
          "name": "RHSA-2006:0695",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html"
        },
        {
          "name": "23340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23340"
        },
        {
          "name": "ADV-2006-4314",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4314"
        },
        {
          "name": "22385",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22385"
        },
        {
          "name": "SUSE-SR:2006:024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
        },
        {
          "name": "22758",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22758"
        },
        {
          "name": "22487",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22487"
        },
        {
          "name": "SUSE-SA:2006:058",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
        },
        {
          "name": "22772",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22772"
        },
        {
          "name": "SSRT071299",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
        },
        {
          "name": "22165",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22165"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=304829"
        },
        {
          "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html"
        },
        {
          "name": "23794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23794"
        },
        {
          "name": "SSRT090208",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "name": "22220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22220"
        },
        {
          "name": "23680",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23680"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://openvpn.net/changelog.html"
        },
        {
          "name": "25889",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25889"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=498093\u0026RenditionID=\u0026poid=8881"
        },
        {
          "name": "ADV-2006-4036",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4036"
        },
        {
          "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://openbsd.org/errata.html#openssl2"
        },
        {
          "name": "30124",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30124"
        },
        {
          "name": "22626",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22626"
        },
        {
          "name": "22083",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22083"
        },
        {
          "name": "MDKSA-2006:178",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178"
        },
        {
          "name": "oval:org.mitre.oval:def:9370",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370"
        },
        {
          "name": "ADV-2006-3869",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3869"
        },
        {
          "name": "22544",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22544"
        },
        {
          "name": "22298",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22298"
        },
        {
          "name": "22130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22130"
        },
        {
          "name": "31492",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31492"
        },
        {
          "name": "22284",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22284"
        },
        {
          "name": "24930",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24930"
        },
        {
          "name": "RHSA-2008:0629",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
        },
        {
          "name": "GLSA-200610-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
        },
        {
          "name": "oval:org.mitre.oval:def:4256",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://issues.rpath.com/browse/RPL-613"
        },
        {
          "name": "26329",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26329"
        },
        {
          "name": "22260",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22260"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf"
        },
        {
          "name": "openssl-sslgetsharedciphers-bo(29237)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237"
        },
        {
          "name": "ADV-2007-0343",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0343"
        },
        {
          "name": "ADV-2006-3860",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3860"
        },
        {
          "name": "23280",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23280"
        },
        {
          "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
        },
        {
          "name": "SSRT061213",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm"
        },
        {
          "name": "ADV-2006-4264",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4264"
        },
        {
          "name": "22193",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22193"
        },
        {
          "name": "29262",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/29262"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
        },
        {
          "name": "23155",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23155"
        },
        {
          "name": "22799",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22799"
        },
        {
          "name": "SSA:2006-272-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
        },
        {
          "name": "ADV-2006-4417",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4417"
        },
        {
          "name": "HPSBUX02186",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
        },
        {
          "name": "HPSBOV02683",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.serv-u.com/releasenotes/"
        },
        {
          "name": "20249",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20249"
        },
        {
          "name": "ADV-2006-4443",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4443"
        },
        {
          "name": "30161",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30161"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
        },
        {
          "name": "GLSA-200805-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
        },
        {
          "name": "22094",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22094"
        },
        {
          "name": "22186",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22186"
        },
        {
          "name": "22633",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22633"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20060928.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
        },
        {
          "name": "ADV-2007-2315",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2315"
        },
        {
          "name": "22500",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22500"
        },
        {
          "name": "APPLE-SA-2006-11-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
        },
        {
          "name": "TA06-333A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
        },
        {
          "name": "22216",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22216"
        },
        {
          "name": "ADV-2006-3820",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3820"
        },
        {
          "name": "HPSBUX02174",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
        },
        {
          "name": "OpenPKG-SA-2006.021",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html"
        },
        {
          "name": "22654",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22654"
        },
        {
          "name": "ADV-2007-1401",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1401"
        },
        {
          "name": "102711",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
        },
        {
          "name": "NetBSD-SA2008-007",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
        },
        {
          "name": "SSRT061275",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
        },
        {
          "name": "20070110 VMware ESX server security updates",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
        },
        {
          "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
        },
        {
          "name": "ADV-2006-3936",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3936"
        },
        {
          "name": "22240",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22240"
        },
        {
          "name": "22330",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22330"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
        },
        {
          "name": "HPSBTU02207",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
        },
        {
          "name": "DSA-1185",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1185"
        },
        {
          "name": "20061001-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
        },
        {
          "name": "22207",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22207"
        },
        {
          "name": "MDKSA-2006:177",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177"
        },
        {
          "name": "1017522",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017522"
        },
        {
          "name": "20061108 Multiple Vulnerabilities in OpenSSL Library",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
        },
        {
          "name": "ADV-2006-3902",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3902"
        },
        {
          "name": "ADV-2007-2783",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2783"
        },
        {
          "name": "20070602 Recent OpenSSL exploits",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded"
        },
        {
          "name": "22259",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22259"
        },
        {
          "name": "22460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22460"
        },
        {
          "name": "22791",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22791"
        },
        {
          "name": "22172",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22172"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
        },
        {
          "name": "SSRT061239",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
        },
        {
          "name": "FreeBSD-SA-06:23",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc"
        },
        {
          "name": "102668",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
        },
        {
          "name": "20061108 Multiple Vulnerabilities in OpenSSL library",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
        },
        {
          "name": "24950",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24950"
        },
        {
          "name": "201531",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-3738",
    "datePublished": "2006-09-28T18:00:00",
    "dateReserved": "2006-07-20T00:00:00",
    "dateUpdated": "2024-08-07T18:39:54.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6303
Vulnerability from cvelistv5
Published
2016-09-16 00:00
Modified
2024-08-06 01:29
Severity
Summary
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
References
URLTags
https://www.tenable.com/security/tns-2016-20
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.securitytracker.com/id/1036885vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-21
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/92984vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://bugzilla.redhat.com/show_bug.cgi?id=1370146
https://bto.bluecoat.com/security-advisory/sa132
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.ascvendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:18.225Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "name": "1036885",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036885"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "92984",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92984"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "name": "1036885",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036885"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "92984",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92984"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6303",
    "datePublished": "2016-09-16T00:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:18.225Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-7053
Vulnerability from cvelistv5
Published
2016-11-10 00:00
Modified
2024-08-06 01:50
Severity
Summary
CMS Null dereference
References
URLTags
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_usx_refsource_CONFIRM
http://www.securityfocus.com/bid/94244vdb-entry, x_refsource_BID
https://www.openssl.org/news/secadv/20161110.txtx_refsource_CONFIRM
http://www.securitytracker.com/id/1037261vdb-entry, x_refsource_SECTRACK
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:50:47.395Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
          },
          {
            "name": "94244",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94244"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20161110.txt"
          },
          {
            "name": "1037261",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037261"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "openssl-1.1.0"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0a"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0b"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tyler Nighswander (ForAllSecure)"
        }
      ],
      "datePublic": "2016-11-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "NULL pointer deference",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-27T09:57:01",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
        },
        {
          "name": "94244",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94244"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20161110.txt"
        },
        {
          "name": "1037261",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037261"
        }
      ],
      "title": "CMS Null dereference",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2016-11-10",
          "ID": "CVE-2016-7053",
          "STATE": "PUBLIC",
          "TITLE": "CMS Null dereference"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "openssl-1.1.0"
                          },
                          {
                            "version_value": "openssl-1.1.0a"
                          },
                          {
                            "version_value": "openssl-1.1.0b"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Tyler Nighswander (ForAllSecure)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
            "value": "Moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "NULL pointer deference"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
            },
            {
              "name": "94244",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94244"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20161110.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20161110.txt"
            },
            {
              "name": "1037261",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037261"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2016-7053",
    "datePublished": "2016-11-10T00:00:00",
    "dateReserved": "2016-08-23T00:00:00",
    "dateUpdated": "2024-08-06T01:50:47.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1473
Vulnerability from cvelistv5
Published
2012-06-16 21:00
Modified
2024-08-06 22:28
Severity
Summary
OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment
References
URLTags
http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.htmlx_refsource_MISC
http://www.ietf.org/mail-archive/web/tls/current/msg07567.htmlmailing-list, x_refsource_MLIST
http://www.ietf.org/mail-archive/web/tls/current/msg07577.htmlmailing-list, x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=707065x_refsource_MISC
http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.htmlmailing-list, x_refsource_BUGTRAQ
http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.htmlx_refsource_MISC
http://www.openwall.com/lists/oss-security/2011/07/08/2mailing-list, x_refsource_MLIST
http://marc.info/?l=bugtraq&m=133951357207000&w=2vendor-advisory, x_refsource_HP
http://www.ietf.org/mail-archive/web/tls/current/msg07576.htmlmailing-list, x_refsource_MLIST
http://orchilles.com/2011/03/ssl-renegotiation-dos.htmlx_refsource_MISC
http://marc.info/?l=bugtraq&m=133951357207000&w=2vendor-advisory, x_refsource_HP
http://www.ietf.org/mail-archive/web/tls/current/msg07553.htmlmailing-list, x_refsource_MLIST
http://www.ietf.org/mail-archive/web/tls/current/msg07564.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10%40%3Cdev.rocketmq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509%40%3Cdev.rocketmq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a%40%3Cdev.rocketmq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde%40%3Cdev.rocketmq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b%40%3Cdev.rocketmq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514%40%3Cdev.rocketmq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483%40%3Cdev.rocketmq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d%40%3Ccommits.rocketmq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500%40%3Cdev.rocketmq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71%40%3Cdev.rocketmq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81%40%3Cdev.rocketmq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f%40%3Cdev.rocketmq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557%40%3Cdev.rocketmq.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.480Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
          },
          {
            "name": "[tls] 20110315 Re: SSL Renegotiation DOS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
          },
          {
            "name": "[tls] 20110318 Re: SSL Renegotiation DOS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
          },
          {
            "name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
          },
          {
            "name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
          },
          {
            "name": "SSRT100852",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "[tls] 20110318 Re: SSL Renegotiation DOS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
          },
          {
            "name": "HPSBMU02776",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "[tls] 20110315 SSL Renegotiation DOS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
          },
          {
            "name": "[tls] 20110315 Re: SSL Renegotiation DOS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
          },
          {
            "name": "[rocketmq-dev] 20190527 [GitHub] [rocketmq] bix29 opened a new issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20190801 [GitHub] [rocketmq] duhenglucky commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20191024 [GitHub] [rocketmq] Journey-x commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] coveralls commented on issue #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits opened a new pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling closed issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-commits] 20210311 [rocketmq] branch develop updated: [ISSUE #1233] Fix CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d%40%3Ccommits.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling merged pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210327 [GitHub] [rocketmq] liufeiguo commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz removed a comment on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557%40%3Cdev.rocketmq.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094.  NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-20T15:06:19",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
        },
        {
          "name": "[tls] 20110315 Re: SSL Renegotiation DOS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
        },
        {
          "name": "[tls] 20110318 Re: SSL Renegotiation DOS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
        },
        {
          "name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
        },
        {
          "name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
        },
        {
          "name": "SSRT100852",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "name": "[tls] 20110318 Re: SSL Renegotiation DOS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
        },
        {
          "name": "HPSBMU02776",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "name": "[tls] 20110315 SSL Renegotiation DOS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
        },
        {
          "name": "[tls] 20110315 Re: SSL Renegotiation DOS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
        },
        {
          "name": "[rocketmq-dev] 20190527 [GitHub] [rocketmq] bix29 opened a new issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20190801 [GitHub] [rocketmq] duhenglucky commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20191024 [GitHub] [rocketmq] Journey-x commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] coveralls commented on issue #1820: [ISSUE #1233] Fix CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits opened a new pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling closed issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-commits] 20210311 [rocketmq] branch develop updated: [ISSUE #1233] Fix CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d%40%3Ccommits.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling merged pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20210327 [GitHub] [rocketmq] liufeiguo commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz removed a comment on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557%40%3Cdev.rocketmq.apache.org%3E"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1473",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094.  NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html",
              "refsource": "MISC",
              "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
            },
            {
              "name": "[tls] 20110315 Re: SSL Renegotiation DOS",
              "refsource": "MLIST",
              "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
            },
            {
              "name": "[tls] 20110318 Re: SSL Renegotiation DOS",
              "refsource": "MLIST",
              "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=707065",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
            },
            {
              "name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
            },
            {
              "name": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html",
              "refsource": "MISC",
              "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
            },
            {
              "name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
            },
            {
              "name": "SSRT100852",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
            },
            {
              "name": "[tls] 20110318 Re: SSL Renegotiation DOS",
              "refsource": "MLIST",
              "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
            },
            {
              "name": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html",
              "refsource": "MISC",
              "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
            },
            {
              "name": "HPSBMU02776",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
            },
            {
              "name": "[tls] 20110315 SSL Renegotiation DOS",
              "refsource": "MLIST",
              "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
            },
            {
              "name": "[tls] 20110315 Re: SSL Renegotiation DOS",
              "refsource": "MLIST",
              "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
            },
            {
              "name": "[rocketmq-dev] 20190527 [GitHub] [rocketmq] bix29 opened a new issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20190801 [GitHub] [rocketmq] duhenglucky commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20191024 [GitHub] [rocketmq] Journey-x commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] coveralls commented on issue #1820: [ISSUE #1233] Fix CVE-2011-1473",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits opened a new pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling closed issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-commits] 20210311 [rocketmq] branch develop updated: [ISSUE #1233] Fix CVE-2011-1473",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d@%3Ccommits.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling merged pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20210327 [GitHub] [rocketmq] liufeiguo commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz removed a comment on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557@%3Cdev.rocketmq.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1473",
    "datePublished": "2012-06-16T21:00:00",
    "dateReserved": "2011-03-21T00:00:00",
    "dateUpdated": "2024-08-06T22:28:41.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-1292
Vulnerability from cvelistv5
Published
2022-05-03 00:00
Modified
2024-08-02 23:55
Severity
Summary
The c_rehash script allows command injection
References
URLTags
https://www.openssl.org/news/secadv/20220503.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb
https://lists.debian.org/debian-lts-announce/2022/05/msg00019.htmlmailing-list
https://www.debian.org/security/2022/dsa-5139vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/vendor-advisory
https://www.oracle.com/security-alerts/cpujul2022.html
https://security.netapp.com/advisory/ntap-20220602-0009/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011
https://security.netapp.com/advisory/ntap-20220729-0004/
https://security.gentoo.org/glsa/202210-02vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:55:24.565Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20220503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb"
          },
          {
            "name": "[debian-lts-announce] 20220515 [SECURITY] [DLA 3008-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html"
          },
          {
            "name": "DSA-5139",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5139"
          },
          {
            "name": "FEDORA-2022-b651cb69e6",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/"
          },
          {
            "name": "FEDORA-2022-c9c02865f6",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
          },
          {
            "name": "GLSA-202210-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Elison Niven (Sophos)"
        }
      ],
      "datePublic": "2022-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-14T00:00:00",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20220503.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb"
        },
        {
          "name": "[debian-lts-announce] 20220515 [SECURITY] [DLA 3008-1] openssl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html"
        },
        {
          "name": "DSA-5139",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5139"
        },
        {
          "name": "FEDORA-2022-b651cb69e6",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/"
        },
        {
          "name": "FEDORA-2022-c9c02865f6",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
        },
        {
          "name": "GLSA-202210-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-02"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
        }
      ],
      "title": "The c_rehash script allows command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-1292",
    "datePublished": "2022-05-03T00:00:00",
    "dateReserved": "2022-04-11T00:00:00",
    "dateUpdated": "2024-08-02T23:55:24.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-2937
Vulnerability from cvelistv5
Published
2006-09-28 18:00
Modified
2024-08-07 18:06
Severity
Summary
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
References
URLTags
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/22212third-party-advisory, x_refsource_SECUNIA
http://support.attachmate.com/techdocs/2374.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4750vdb-entry, x_refsource_VUPEN
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.htmlx_refsource_CONFIRM
http://secunia.com/advisories/23915third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1vendor-advisory, x_refsource_SUNALERT
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771vendor-advisory, x_refsource_HP
http://securitytracker.com/id?1016943vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/23038third-party-advisory, x_refsource_SECUNIA
http://www.trustix.org/errata/2006/0054vendor-advisory, x_refsource_TRUSTIX
http://secunia.com/advisories/23309third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4401vdb-entry, x_refsource_VUPEN
http://www.ubuntu.com/usn/usn-353-1vendor-advisory, x_refsource_UBUNTU
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227x_refsource_CONFIRM
http://secunia.com/advisories/22116third-party-advisory, x_refsource_SECUNIA
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144vendor-advisory, x_refsource_HP
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htmx_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/22166third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0695.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/23340third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22385third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_24_sr.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/22758third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22487third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_58_openssl.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/22772third-party-advisory, x_refsource_SECUNIA
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540vendor-advisory, x_refsource_HP
http://secunia.com/advisories/31531third-party-advisory, x_refsource_SECUNIA
http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdfx_refsource_CONFIRM
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://secunia.com/advisories/22165third-party-advisory, x_refsource_SECUNIA
http://docs.info.apple.com/article.html?artnum=304829x_refsource_CONFIRM
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.htmlmailing-list, x_refsource_FULLDISC
http://marc.info/?l=bugtraq&m=130497311408250&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/22220third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23680third-party-advisory, x_refsource_SECUNIA
http://openvpn.net/changelog.htmlx_refsource_CONFIRM
http://www.vmware.com/support/server/doc/releasenotes_server.htmlx_refsource_CONFIRM
http://secunia.com/advisories/25889third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/29228vdb-entry, x_refsource_XF
http://www.vupen.com/english/advisories/2006/4036vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/4019vdb-entry, x_refsource_VUPEN
http://openbsd.org/errata.html#openssl2vendor-advisory, x_refsource_OPENBSD
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlx_refsource_CONFIRM
http://secunia.com/advisories/30124third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22626third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/23351third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3869vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22671third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/20248vdb-entry, x_refsource_BID
http://secunia.com/advisories/22544third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22298third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlx_refsource_CONFIRM
http://secunia.com/advisories/22130third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31492third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4329vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22284third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24930third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4327vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2008-0629.htmlvendor-advisory, x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-200610-11.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/23131third-party-advisory, x_refsource_SECUNIA
http://issues.rpath.com/browse/RPL-613x_refsource_CONFIRM
http://secunia.com/advisories/26329third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22260third-party-advisory, x_refsource_SECUNIA
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdfx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/0343vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/3860vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/23280third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/447318/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144vendor-advisory, x_refsource_HP
http://www.vmware.com/support/player/doc/releasenotes_player.htmlx_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htmx_refsource_CONFIRM
http://www.f-secure.com/security/fsc-2006-6.shtmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4264vdb-entry, x_refsource_VUPEN
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlx_refsource_CONFIRM
http://secunia.com/advisories/22193third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/2396vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/4761vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/23155third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22799third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1vendor-advisory, x_refsource_SUNALERT
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946vendor-advisory, x_refsource_SLACKWARE
http://www.vupen.com/english/advisories/2006/4417vdb-entry, x_refsource_VUPEN
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=130497311408250&w=2vendor-advisory, x_refsource_HP
http://www.serv-u.com/releasenotes/x_refsource_CONFIRM
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.htmlx_refsource_CONFIRM
http://www.osvdb.org/29260vdb-entry, x_refsource_OSVDB
http://marc.info/?l=bind-announce&m=116253119512445&w=2mailing-list, x_refsource_MLIST
http://secunia.com/advisories/22094third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22186third-party-advisory, x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20060928.txtx_refsource_CONFIRM
http://kolab.org/security/kolab-vendor-notice-11.txtx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/2315vdb-entry, x_refsource_VUPEN
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlvendor-advisory, x_refsource_APPLE
http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlthird-party-advisory, x_refsource_CERT
http://www.securityfocus.com/archive/1/489739/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/22216third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3820vdb-entry, x_refsource_VUPEN
http://lists.vmware.com/pipermail/security-announce/2008/000008.htmlmailing-list, x_refsource_MLIST
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100vendor-advisory, x_refsource_HP
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560vdb-entry, signature, x_refsource_OVAL
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.htmlvendor-advisory, x_refsource_OPENPKG
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlx_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1vendor-advisory, x_refsource_SUNALERT
http://www.kb.cert.org/vuls/id/247744third-party-advisory, x_refsource_CERT-VN
http://www.vupen.com/english/advisories/2008/0905/referencesvdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/1401vdb-entry, x_refsource_VUPEN
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.ascvendor-advisory, x_refsource_NETBSD
http://www.vmware.com/security/advisories/VMSA-2008-0005.htmlx_refsource_CONFIRM
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771vendor-advisory, x_refsource_HP
http://www.securityfocus.com/archive/1/456546/100/200/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/447393/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2006/3936vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/4980vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22240third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22330third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.htmlx_refsource_CONFIRM
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144vendor-advisory, x_refsource_HP
http://www.debian.org/security/2006/dsa-1185vendor-advisory, x_refsource_DEBIAN
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.ascvendor-advisory, x_refsource_SGI
http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdfx_refsource_CONFIRM
http://secunia.com/advisories/22207third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177vendor-advisory, x_refsource_MANDRIVA
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.htmlvendor-advisory, x_refsource_CISCO
http://www.vupen.com/english/advisories/2006/3902vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2783vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22259third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22460third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22172third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.htmlx_refsource_CONFIRM
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/28276vdb-entry, x_refsource_BID
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1vendor-advisory, x_refsource_SUNALERT
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtmlvendor-advisory, x_refsource_CISCO
http://secunia.com/advisories/24950third-party-advisory, x_refsource_SECUNIA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:06:27.318Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDKSA-2006:172",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172"
          },
          {
            "name": "22212",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "name": "ADV-2006-4750",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "name": "23915",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "name": "201534",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "name": "HPSBMA02250",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
          },
          {
            "name": "1016943",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "name": "23038",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "name": "2006-0054",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "name": "23309",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "name": "ADV-2006-4401",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "name": "USN-353-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "name": "22116",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "name": "SSRT071304",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm"
          },
          {
            "name": "GLSA-200612-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "name": "22166",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "name": "RHSA-2006:0695",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html"
          },
          {
            "name": "23340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "name": "22385",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "name": "SUSE-SR:2006:024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "name": "22758",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "name": "22487",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "name": "SUSE-SA:2006:058",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "name": "22772",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "name": "SSRT071299",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
          },
          {
            "name": "31531",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf"
          },
          {
            "name": "FreeBSD-SA-06:23.openssl",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc"
          },
          {
            "name": "22165",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html"
          },
          {
            "name": "SSRT090208",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "name": "22220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "name": "23680",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "name": "25889",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "name": "openssl-asn1-error-dos(29228)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
          },
          {
            "name": "ADV-2006-4036",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "name": "ADV-2006-4019",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "name": "30124",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "name": "22626",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "name": "MDKSA-2006:178",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178"
          },
          {
            "name": "23351",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "name": "ADV-2006-3869",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "name": "22671",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "name": "20248",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20248"
          },
          {
            "name": "22544",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "name": "22298",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "name": "22130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "name": "31492",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "name": "ADV-2006-4329",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "name": "22284",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "name": "24930",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "name": "ADV-2006-4327",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "name": "RHSA-2008:0629",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
          },
          {
            "name": "GLSA-200610-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "name": "23131",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23131"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://issues.rpath.com/browse/RPL-613"
          },
          {
            "name": "26329",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "name": "22260",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf"
          },
          {
            "name": "ADV-2007-0343",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "name": "ADV-2006-3860",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "name": "23280",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "name": "SSRT061213",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
          },
          {
            "name": "ADV-2006-4264",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "name": "22193",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "name": "ADV-2008-2396",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "name": "ADV-2006-4761",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4761"
          },
          {
            "name": "23155",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "name": "22799",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "name": "200585",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "name": "SSA:2006-272-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "name": "ADV-2006-4417",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "name": "HPSBUX02186",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
          },
          {
            "name": "HPSBOV02683",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "name": "29260",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/29260"
          },
          {
            "name": "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "name": "22094",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "name": "22186",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "name": "ADV-2007-2315",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "name": "APPLE-SA-2006-11-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
          },
          {
            "name": "TA06-333A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
          },
          {
            "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "name": "22216",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "name": "ADV-2006-3820",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "name": "HPSBUX02174",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "name": "oval:org.mitre.oval:def:10560",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560"
          },
          {
            "name": "OpenPKG-SA-2006.021",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "name": "102747",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "name": "VU#247744",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/247744"
          },
          {
            "name": "ADV-2008-0905",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "name": "ADV-2007-1401",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "name": "NetBSD-SA2008-007",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
          },
          {
            "name": "SSRT061275",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
          },
          {
            "name": "20070110 VMware ESX server security updates",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "name": "ADV-2006-3936",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "name": "ADV-2006-4980",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "name": "22240",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "name": "22330",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "name": "HPSBTU02207",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
          },
          {
            "name": "DSA-1185",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "name": "20061001-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf"
          },
          {
            "name": "22207",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "name": "MDKSA-2006:177",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177"
          },
          {
            "name": "20061108 Multiple Vulnerabilities in OpenSSL Library",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "name": "ADV-2006-3902",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "name": "ADV-2007-2783",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "name": "22259",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "name": "22460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "name": "22172",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "name": "SSRT061239",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "name": "28276",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "name": "102668",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "name": "20061108 Multiple Vulnerabilities in OpenSSL library",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "name": "24950",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24950"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "MDKSA-2006:172",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172"
        },
        {
          "name": "22212",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22212"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.attachmate.com/techdocs/2374.html"
        },
        {
          "name": "ADV-2006-4750",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4750"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
        },
        {
          "name": "23915",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23915"
        },
        {
          "name": "201534",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
        },
        {
          "name": "HPSBMA02250",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
        },
        {
          "name": "1016943",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016943"
        },
        {
          "name": "23038",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23038"
        },
        {
          "name": "2006-0054",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2006/0054"
        },
        {
          "name": "23309",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23309"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
        },
        {
          "name": "ADV-2006-4401",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4401"
        },
        {
          "name": "USN-353-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-353-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
        },
        {
          "name": "22116",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22116"
        },
        {
          "name": "SSRT071304",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm"
        },
        {
          "name": "GLSA-200612-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
        },
        {
          "name": "22166",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22166"
        },
        {
          "name": "RHSA-2006:0695",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html"
        },
        {
          "name": "23340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23340"
        },
        {
          "name": "22385",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22385"
        },
        {
          "name": "SUSE-SR:2006:024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
        },
        {
          "name": "22758",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22758"
        },
        {
          "name": "22487",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22487"
        },
        {
          "name": "SUSE-SA:2006:058",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
        },
        {
          "name": "22772",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22772"
        },
        {
          "name": "SSRT071299",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
        },
        {
          "name": "31531",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31531"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf"
        },
        {
          "name": "FreeBSD-SA-06:23.openssl",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc"
        },
        {
          "name": "22165",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22165"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=304829"
        },
        {
          "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html"
        },
        {
          "name": "SSRT090208",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "name": "22220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22220"
        },
        {
          "name": "23680",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23680"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://openvpn.net/changelog.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
        },
        {
          "name": "25889",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25889"
        },
        {
          "name": "openssl-asn1-error-dos(29228)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
        },
        {
          "name": "ADV-2006-4036",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4036"
        },
        {
          "name": "ADV-2006-4019",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4019"
        },
        {
          "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://openbsd.org/errata.html#openssl2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
        },
        {
          "name": "30124",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30124"
        },
        {
          "name": "22626",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22626"
        },
        {
          "name": "MDKSA-2006:178",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178"
        },
        {
          "name": "23351",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23351"
        },
        {
          "name": "ADV-2006-3869",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3869"
        },
        {
          "name": "22671",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22671"
        },
        {
          "name": "20248",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20248"
        },
        {
          "name": "22544",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22544"
        },
        {
          "name": "22298",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22298"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
        },
        {
          "name": "22130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22130"
        },
        {
          "name": "31492",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31492"
        },
        {
          "name": "ADV-2006-4329",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4329"
        },
        {
          "name": "22284",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22284"
        },
        {
          "name": "24930",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24930"
        },
        {
          "name": "ADV-2006-4327",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4327"
        },
        {
          "name": "RHSA-2008:0629",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
        },
        {
          "name": "GLSA-200610-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
        },
        {
          "name": "23131",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23131"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://issues.rpath.com/browse/RPL-613"
        },
        {
          "name": "26329",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26329"
        },
        {
          "name": "22260",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22260"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf"
        },
        {
          "name": "ADV-2007-0343",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0343"
        },
        {
          "name": "ADV-2006-3860",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3860"
        },
        {
          "name": "23280",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23280"
        },
        {
          "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
        },
        {
          "name": "SSRT061213",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
        },
        {
          "name": "ADV-2006-4264",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4264"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
        },
        {
          "name": "22193",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22193"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
        },
        {
          "name": "ADV-2008-2396",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2396"
        },
        {
          "name": "ADV-2006-4761",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4761"
        },
        {
          "name": "23155",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23155"
        },
        {
          "name": "22799",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22799"
        },
        {
          "name": "200585",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
        },
        {
          "name": "SSA:2006-272-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
        },
        {
          "name": "ADV-2006-4417",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4417"
        },
        {
          "name": "HPSBUX02186",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
        },
        {
          "name": "HPSBOV02683",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.serv-u.com/releasenotes/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
        },
        {
          "name": "29260",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/29260"
        },
        {
          "name": "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
        },
        {
          "name": "22094",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22094"
        },
        {
          "name": "22186",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22186"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20060928.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
        },
        {
          "name": "ADV-2007-2315",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2315"
        },
        {
          "name": "APPLE-SA-2006-11-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
        },
        {
          "name": "TA06-333A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
        },
        {
          "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
        },
        {
          "name": "22216",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22216"
        },
        {
          "name": "ADV-2006-3820",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3820"
        },
        {
          "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
        },
        {
          "name": "HPSBUX02174",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
        },
        {
          "name": "oval:org.mitre.oval:def:10560",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560"
        },
        {
          "name": "OpenPKG-SA-2006.021",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
        },
        {
          "name": "102747",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
        },
        {
          "name": "VU#247744",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/247744"
        },
        {
          "name": "ADV-2008-0905",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0905/references"
        },
        {
          "name": "ADV-2007-1401",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1401"
        },
        {
          "name": "NetBSD-SA2008-007",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
        },
        {
          "name": "SSRT061275",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
        },
        {
          "name": "20070110 VMware ESX server security updates",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
        },
        {
          "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
        },
        {
          "name": "ADV-2006-3936",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3936"
        },
        {
          "name": "ADV-2006-4980",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4980"
        },
        {
          "name": "22240",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22240"
        },
        {
          "name": "22330",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22330"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
        },
        {
          "name": "HPSBTU02207",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
        },
        {
          "name": "DSA-1185",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1185"
        },
        {
          "name": "20061001-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf"
        },
        {
          "name": "22207",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22207"
        },
        {
          "name": "MDKSA-2006:177",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177"
        },
        {
          "name": "20061108 Multiple Vulnerabilities in OpenSSL Library",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
        },
        {
          "name": "ADV-2006-3902",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3902"
        },
        {
          "name": "ADV-2007-2783",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2783"
        },
        {
          "name": "22259",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22259"
        },
        {
          "name": "22460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22460"
        },
        {
          "name": "22172",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22172"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
        },
        {
          "name": "SSRT061239",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
        },
        {
          "name": "28276",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28276"
        },
        {
          "name": "102668",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
        },
        {
          "name": "20061108 Multiple Vulnerabilities in OpenSSL library",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
        },
        {
          "name": "24950",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24950"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-2937",
    "datePublished": "2006-09-28T18:00:00",
    "dateReserved": "2006-06-09T00:00:00",
    "dateUpdated": "2024-08-07T18:06:27.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-1967
Vulnerability from cvelistv5
Published
2020-04-21 00:00
Modified
2024-08-04 06:54
Severity
Summary
Segmentation fault in SSL_check_chain
References
URLTags
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.ascvendor-advisory, x_refsource_FREEBSD
https://www.debian.org/security/2020/dsa-4661vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2020/04/22/2mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/202004-10vendor-advisory, x_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/vendor-advisory, x_refsource_FEDORA
http://seclists.org/fulldisclosure/2020/May/5mailing-list, x_refsource_FULLDISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.htmlvendor-advisory, x_refsource_SUSE
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2020-03x_refsource_CONFIRM
https://www.openssl.org/news/secadv/20200421.txtx_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1x_refsource_CONFIRM
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20200424-0003/x_refsource_CONFIRM
https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSLx_refsource_CONFIRM
https://github.com/irsl/CVE-2020-1967x_refsource_MISC
http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.htmlx_refsource_MISC
https://www.synology.com/security/advisory/Synology_SA_20_05x_refsource_CONFIRM
https://www.tenable.com/security/tns-2020-04x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200717-0004/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2020-11x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2021-10x_refsource_CONFIRM
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:54:00.398Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FreeBSD-SA-20:11",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"
          },
          {
            "name": "DSA-4661",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4661"
          },
          {
            "name": "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"
          },
          {
            "name": "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "GLSA-202004-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202004-10"
          },
          {
            "name": "FEDORA-2020-fcc91a28e8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
          },
          {
            "name": "FEDORA-2020-da2d1ef2d7",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
          },
          {
            "name": "20200501 CVE-2020-1967: proving sigalg != NULL",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/May/5"
          },
          {
            "name": "FEDORA-2020-d7b29838f6",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
          },
          {
            "name": "openSUSE-SU-2020:0933",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"
          },
          {
            "name": "openSUSE-SU-2020:0945",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2020-03"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20200421.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200424-0003/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/irsl/CVE-2020-1967"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_20_05"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2020-04"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2020-11"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Bernd Edlinger"
        }
      ],
      "datePublic": "2020-04-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#High",
              "value": "High"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "NULL pointer dereference",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:39:19",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "FreeBSD-SA-20:11",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"
        },
        {
          "name": "DSA-4661",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4661"
        },
        {
          "name": "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"
        },
        {
          "name": "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "GLSA-202004-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202004-10"
        },
        {
          "name": "FEDORA-2020-fcc91a28e8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
        },
        {
          "name": "FEDORA-2020-da2d1ef2d7",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
        },
        {
          "name": "20200501 CVE-2020-1967: proving sigalg != NULL",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/May/5"
        },
        {
          "name": "FEDORA-2020-d7b29838f6",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
        },
        {
          "name": "openSUSE-SU-2020:0933",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"
        },
        {
          "name": "openSUSE-SU-2020:0945",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2020-03"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20200421.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200424-0003/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/irsl/CVE-2020-1967"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_20_05"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2020-04"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2020-11"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "title": "Segmentation fault in SSL_check_chain",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2020-04-21",
          "ID": "CVE-2020-1967",
          "STATE": "PUBLIC",
          "TITLE": "Segmentation fault in SSL_check_chain"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Bernd Edlinger"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#High",
            "value": "High"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "NULL pointer dereference"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FreeBSD-SA-20:11",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"
            },
            {
              "name": "DSA-4661",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4661"
            },
            {
              "name": "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"
            },
            {
              "name": "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "GLSA-202004-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202004-10"
            },
            {
              "name": "FEDORA-2020-fcc91a28e8",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
            },
            {
              "name": "FEDORA-2020-da2d1ef2d7",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
            },
            {
              "name": "20200501 CVE-2020-1967: proving sigalg != NULL",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/May/5"
            },
            {
              "name": "FEDORA-2020-d7b29838f6",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
            },
            {
              "name": "openSUSE-SU-2020:0933",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2020:0945",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-03",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2020-03"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20200421.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20200421.txt"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200424-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200424-0003/"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"
            },
            {
              "name": "https://github.com/irsl/CVE-2020-1967",
              "refsource": "MISC",
              "url": "https://github.com/irsl/CVE-2020-1967"
            },
            {
              "name": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_20_05",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_05"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-04",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2020-04"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200717-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-11",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2020-11"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-10",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-10"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2020-1967",
    "datePublished": "2020-04-21T00:00:00",
    "dateReserved": "2019-12-03T00:00:00",
    "dateUpdated": "2024-08-04T06:54:00.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-4577
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-07 00:09
Severity
Summary
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.
References
URLTags
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.htmlvendor-advisory, x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlvendor-advisory, x_refsource_FEDORA
http://www.openssl.org/news/secadv_20120104.txtx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.htmlvendor-advisory, x_refsource_SUSE
http://support.apple.com/kb/HT5784x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.kb.cert.org/vuls/id/737740third-party-advisory, x_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=132750648501816&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/57353third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=132750648501816&w=2vendor-advisory, x_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041vendor-advisory, x_refsource_HP
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:09:18.960Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBMU02786",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "openSUSE-SU-2012:0083",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
          },
          {
            "name": "FEDORA-2012-18035",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20120104.txt"
          },
          {
            "name": "SUSE-SU-2012:0084",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          },
          {
            "name": "VU#737740",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/737740"
          },
          {
            "name": "HPSBUX02734",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
          },
          {
            "name": "HPSBOV02793",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "SSRT100891",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "SSRT100729",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
          },
          {
            "name": "SSRT100877",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-03-18T11:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "HPSBMU02786",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "openSUSE-SU-2012:0083",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
        },
        {
          "name": "FEDORA-2012-18035",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20120104.txt"
        },
        {
          "name": "SUSE-SU-2012:0084",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5784"
        },
        {
          "name": "APPLE-SA-2013-06-04-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
        },
        {
          "name": "VU#737740",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/737740"
        },
        {
          "name": "HPSBUX02734",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
        },
        {
          "name": "HPSBOV02793",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "SSRT100891",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "SSRT100729",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
        },
        {
          "name": "SSRT100877",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4577",
    "datePublished": "2012-01-06T01:00:00",
    "dateReserved": "2011-11-29T00:00:00",
    "dateUpdated": "2024-08-07T00:09:18.960Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-4995
Vulnerability from cvelistv5
Published
2007-10-13 01:00
Modified
2024-08-07 15:17
Severity
Summary
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.
References
URLTags
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738962x_refsource_MISC
http://www.securityfocus.com/archive/1/482167/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/28084third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27271third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27363third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30852third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1571vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/27205third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/37185vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/26055vdb-entry, x_refsource_BID
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.htmlvendor-advisory, x_refsource_FEDORA
http://security.gentoo.org/glsa/glsa-200710-30.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/30220third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2007:237vendor-advisory, x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2007/4219vdb-entry, x_refsource_VUPEN
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773vendor-advisory, x_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773vendor-advisory, x_refsource_HP
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10288vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/27217third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-0964.htmlvendor-advisory, x_refsource_REDHAT
http://bugs.gentoo.org/show_bug.cgi?id=195634x_refsource_CONFIRM
http://secunia.com/advisories/30161third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/27434third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.htmlvendor-advisory, x_refsource_SUSE
http://www.vupen.com/english/advisories/2007/3487vdb-entry, x_refsource_VUPEN
http://www.openssl.org/news/secadv_20071012.txtx_refsource_CONFIRM
http://secunia.com/advisories/25878third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1018810vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2008/1937/referencesvdb-entry, x_refsource_VUPEN
https://usn.ubuntu.com/534-1/vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/27933third-party-advisory, x_refsource_SECUNIA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:17:27.644Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=738962"
          },
          {
            "name": "20071012 OpenSSL Security Advisory",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482167/100/0/threaded"
          },
          {
            "name": "28084",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28084"
          },
          {
            "name": "27271",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27271"
          },
          {
            "name": "27363",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27363"
          },
          {
            "name": "30852",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30852"
          },
          {
            "name": "DSA-1571",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1571"
          },
          {
            "name": "27205",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27205"
          },
          {
            "name": "openssl-dtls-code-execution(37185)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37185"
          },
          {
            "name": "26055",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26055"
          },
          {
            "name": "FEDORA-2007-725",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html"
          },
          {
            "name": "GLSA-200710-30",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200710-30.xml"
          },
          {
            "name": "30220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30220"
          },
          {
            "name": "MDKSA-2007:237",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:237"
          },
          {
            "name": "ADV-2007-4219",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4219"
          },
          {
            "name": "HPSBUX02296",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773"
          },
          {
            "name": "SSRT071504",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773"
          },
          {
            "name": "oval:org.mitre.oval:def:10288",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10288"
          },
          {
            "name": "27217",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27217"
          },
          {
            "name": "RHSA-2007:0964",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=195634"
          },
          {
            "name": "30161",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30161"
          },
          {
            "name": "GLSA-200805-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
          },
          {
            "name": "27434",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27434"
          },
          {
            "name": "SUSE-SR:2007:021",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html"
          },
          {
            "name": "ADV-2007-3487",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3487"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20071012.txt"
          },
          {
            "name": "25878",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25878"
          },
          {
            "name": "1018810",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018810"
          },
          {
            "name": "ADV-2008-1937",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1937/references"
          },
          {
            "name": "USN-534-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/534-1/"
          },
          {
            "name": "27933",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27933"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=738962"
        },
        {
          "name": "20071012 OpenSSL Security Advisory",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482167/100/0/threaded"
        },
        {
          "name": "28084",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28084"
        },
        {
          "name": "27271",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27271"
        },
        {
          "name": "27363",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27363"
        },
        {
          "name": "30852",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30852"
        },
        {
          "name": "DSA-1571",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1571"
        },
        {
          "name": "27205",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27205"
        },
        {
          "name": "openssl-dtls-code-execution(37185)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37185"
        },
        {
          "name": "26055",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26055"
        },
        {
          "name": "FEDORA-2007-725",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html"
        },
        {
          "name": "GLSA-200710-30",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200710-30.xml"
        },
        {
          "name": "30220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30220"
        },
        {
          "name": "MDKSA-2007:237",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:237"
        },
        {
          "name": "ADV-2007-4219",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4219"
        },
        {
          "name": "HPSBUX02296",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773"
        },
        {
          "name": "SSRT071504",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773"
        },
        {
          "name": "oval:org.mitre.oval:def:10288",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10288"
        },
        {
          "name": "27217",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27217"
        },
        {
          "name": "RHSA-2007:0964",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=195634"
        },
        {
          "name": "30161",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30161"
        },
        {
          "name": "GLSA-200805-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
        },
        {
          "name": "27434",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27434"
        },
        {
          "name": "SUSE-SR:2007:021",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html"
        },
        {
          "name": "ADV-2007-3487",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3487"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20071012.txt"
        },
        {
          "name": "25878",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25878"
        },
        {
          "name": "1018810",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018810"
        },
        {
          "name": "ADV-2008-1937",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1937/references"
        },
        {
          "name": "USN-534-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/534-1/"
        },
        {
          "name": "27933",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27933"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-4995",
    "datePublished": "2007-10-13T01:00:00",
    "dateReserved": "2007-09-20T00:00:00",
    "dateUpdated": "2024-08-07T15:17:27.644Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2842
Vulnerability from cvelistv5
Published
2016-03-03 20:00
Modified
2024-08-05 23:32
Severity
Summary
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
References
URLTags
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2073.htmlvendor-advisory, x_refsource_REDHAT
https://kc.mcafee.com/corporate/index?page=content&id=SB10152x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=146108058503441&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlx_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=145983526810210&w=2vendor-advisory, x_refsource_HP
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404x_refsource_CONFIRM
http://openssl.org/news/secadv/20160301.txtx_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20160321-0001/x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0996.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/84169vdb-entry, x_refsource_BID
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_usx_refsource_CONFIRM
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=578b956fe741bf8e84055547b1e83c28dd902c73x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory, x_refsource_REDHAT
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0722.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:32:21.333Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
          },
          {
            "name": "RHSA-2016:2073",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10152"
          },
          {
            "name": "HPSBMU03575",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=146108058503441\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617"
          },
          {
            "name": "HPSBGN03569",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20160301.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160321-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441"
          },
          {
            "name": "RHSA-2016:0996",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
          },
          {
            "name": "84169",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84169"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=578b956fe741bf8e84055547b1e83c28dd902c73"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800"
          },
          {
            "name": "RHSA-2016:0722",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
        },
        {
          "name": "RHSA-2016:2073",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10152"
        },
        {
          "name": "HPSBMU03575",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=146108058503441\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617"
        },
        {
          "name": "HPSBGN03569",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://openssl.org/news/secadv/20160301.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20160321-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441"
        },
        {
          "name": "RHSA-2016:0996",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
        },
        {
          "name": "84169",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/84169"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=578b956fe741bf8e84055547b1e83c28dd902c73"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800"
        },
        {
          "name": "RHSA-2016:0722",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-2842",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
            },
            {
              "name": "RHSA-2016:2073",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10152",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10152"
            },
            {
              "name": "HPSBMU03575",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=146108058503441\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617"
            },
            {
              "name": "HPSBGN03569",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404"
            },
            {
              "name": "http://openssl.org/news/secadv/20160301.txt",
              "refsource": "CONFIRM",
              "url": "http://openssl.org/news/secadv/20160301.txt"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20160321-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20160321-0001/"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441"
            },
            {
              "name": "RHSA-2016:0996",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
            },
            {
              "name": "84169",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/84169"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
            },
            {
              "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=578b956fe741bf8e84055547b1e83c28dd902c73",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=578b956fe741bf8e84055547b1e83c28dd902c73"
            },
            {
              "name": "RHSA-2016:2957",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800"
            },
            {
              "name": "RHSA-2016:0722",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-2842",
    "datePublished": "2016-03-03T20:00:00",
    "dateReserved": "2016-03-03T00:00:00",
    "dateUpdated": "2024-08-05T23:32:21.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3510
Vulnerability from cvelistv5
Published
2014-08-13 23:00
Modified
2024-08-06 10:43
Severity
Summary
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.
References
URLTags
http://rhn.redhat.com/errata/RHSA-2014-1297.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.htmlvendor-advisory, x_refsource_SUSE
http://linux.oracle.com/errata/ELSA-2014-1052.htmlx_refsource_CONFIRM
http://secunia.com/advisories/60221third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21682293x_refsource_CONFIRM
http://secunia.com/advisories/60778third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61184third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2014-1256.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/60022third-party-advisory, x_refsource_SECUNIA
https://www.openssl.org/news/secadv_20140806.txtx_refsource_CONFIRM
http://secunia.com/advisories/61017third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61250third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21683389x_refsource_CONFIRM
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htmx_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/95164vdb-entry, x_refsource_XF
http://security.gentoo.org/glsa/glsa-201412-39.xmlvendor-advisory, x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61045third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60803third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60824third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140853041709441&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59700third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id/1030693vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/59743third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/60917third-party-advisory, x_refsource_SECUNIA
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.ascvendor-advisory, x_refsource_NETBSD
http://secunia.com/advisories/60493third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59710third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60921third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=141077370928502&w=2vendor-advisory, x_refsource_HP
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=17160033765480453be0a41335fa6b833691c049x_refsource_CONFIRM
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59221third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/69082vdb-entry, x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240x_refsource_CONFIRM
http://secunia.com/advisories/61100third-party-advisory, x_refsource_SECUNIA
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://secunia.com/advisories/61775third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2014/dsa-2998vendor-advisory, x_refsource_DEBIAN
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=140853041709441&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61959third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59756third-party-advisory, x_refsource_SECUNIA
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.ascx_refsource_CONFIRM
http://secunia.com/advisories/58962third-party-advisory, x_refsource_SECUNIA
http://linux.oracle.com/errata/ELSA-2014-1053.htmlx_refsource_CONFIRM
http://secunia.com/advisories/60938third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60684third-party-advisory, x_refsource_SECUNIA
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/60687third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=1127503x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2014:158vendor-advisory, x_refsource_MANDRIVA
http://www-01.ibm.com/support/docview.wss?uid=swg21686997x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:06.162Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2014:1297",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
          },
          {
            "name": "openSUSE-SU-2014:1052",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
          },
          {
            "name": "60221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
          },
          {
            "name": "60778",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60778"
          },
          {
            "name": "61184",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61184"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "RHSA-2014:1256",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
          },
          {
            "name": "60022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60022"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20140806.txt"
          },
          {
            "name": "61017",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61017"
          },
          {
            "name": "61250",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61250"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
          },
          {
            "name": "openssl-cve20143510-dos(95164)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95164"
          },
          {
            "name": "GLSA-201412-39",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "61045",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61045"
          },
          {
            "name": "60803",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60803"
          },
          {
            "name": "60824",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60824"
          },
          {
            "name": "HPSBUX03095",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
          },
          {
            "name": "59700",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59700"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "name": "1030693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030693"
          },
          {
            "name": "59743",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59743"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "name": "60917",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60917"
          },
          {
            "name": "NetBSD-SA2014-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
          },
          {
            "name": "60493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60493"
          },
          {
            "name": "59710",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59710"
          },
          {
            "name": "60921",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60921"
          },
          {
            "name": "HPSBOV03099",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=17160033765480453be0a41335fa6b833691c049"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html"
          },
          {
            "name": "59221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59221"
          },
          {
            "name": "69082",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69082"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
          },
          {
            "name": "61100",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61100"
          },
          {
            "name": "FreeBSD-SA-14:18",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
          },
          {
            "name": "61775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61775"
          },
          {
            "name": "DSA-2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2998"
          },
          {
            "name": "FEDORA-2014-9301",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
          },
          {
            "name": "SSRT101674",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
          },
          {
            "name": "61959",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61959"
          },
          {
            "name": "59756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59756"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
          },
          {
            "name": "58962",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58962"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
          },
          {
            "name": "60938",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60938"
          },
          {
            "name": "60684",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60684"
          },
          {
            "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
          },
          {
            "name": "60687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60687"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127503"
          },
          {
            "name": "MDVSA-2014:158",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2014:1297",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
        },
        {
          "name": "openSUSE-SU-2014:1052",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
        },
        {
          "name": "60221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
        },
        {
          "name": "60778",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60778"
        },
        {
          "name": "61184",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61184"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "RHSA-2014:1256",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
        },
        {
          "name": "60022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60022"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20140806.txt"
        },
        {
          "name": "61017",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61017"
        },
        {
          "name": "61250",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61250"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
        },
        {
          "name": "openssl-cve20143510-dos(95164)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95164"
        },
        {
          "name": "GLSA-201412-39",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "61045",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61045"
        },
        {
          "name": "60803",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60803"
        },
        {
          "name": "60824",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60824"
        },
        {
          "name": "HPSBUX03095",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
        },
        {
          "name": "59700",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59700"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "name": "1030693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030693"
        },
        {
          "name": "59743",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59743"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "name": "60917",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60917"
        },
        {
          "name": "NetBSD-SA2014-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
        },
        {
          "name": "60493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60493"
        },
        {
          "name": "59710",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59710"
        },
        {
          "name": "60921",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60921"
        },
        {
          "name": "HPSBOV03099",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=17160033765480453be0a41335fa6b833691c049"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html"
        },
        {
          "name": "59221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59221"
        },
        {
          "name": "69082",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69082"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
        },
        {
          "name": "61100",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61100"
        },
        {
          "name": "FreeBSD-SA-14:18",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
        },
        {
          "name": "61775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61775"
        },
        {
          "name": "DSA-2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2998"
        },
        {
          "name": "FEDORA-2014-9301",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
        },
        {
          "name": "SSRT101674",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
        },
        {
          "name": "61959",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61959"
        },
        {
          "name": "59756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59756"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
        },
        {
          "name": "58962",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58962"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
        },
        {
          "name": "60938",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60938"
        },
        {
          "name": "60684",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60684"
        },
        {
          "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
        },
        {
          "name": "60687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60687"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127503"
        },
        {
          "name": "MDVSA-2014:158",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3510",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2014:1297",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
            },
            {
              "name": "openSUSE-SU-2014:1052",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1052.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
            },
            {
              "name": "60221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60221"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
            },
            {
              "name": "60778",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60778"
            },
            {
              "name": "61184",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61184"
            },
            {
              "name": "SSRT101846",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "RHSA-2014:1256",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
            },
            {
              "name": "60022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60022"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20140806.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20140806.txt"
            },
            {
              "name": "61017",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61017"
            },
            {
              "name": "61250",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61250"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
            },
            {
              "name": "openssl-cve20143510-dos(95164)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95164"
            },
            {
              "name": "GLSA-201412-39",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
            },
            {
              "name": "HPSBHF03293",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "61045",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61045"
            },
            {
              "name": "60803",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60803"
            },
            {
              "name": "60824",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60824"
            },
            {
              "name": "HPSBUX03095",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
            },
            {
              "name": "59700",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59700"
            },
            {
              "name": "FEDORA-2014-9308",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
            },
            {
              "name": "1030693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030693"
            },
            {
              "name": "59743",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59743"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "60917",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60917"
            },
            {
              "name": "NetBSD-SA2014-008",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
            },
            {
              "name": "60493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60493"
            },
            {
              "name": "59710",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59710"
            },
            {
              "name": "60921",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60921"
            },
            {
              "name": "HPSBOV03099",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049"
            },
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html",
              "refsource": "CONFIRM",
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html"
            },
            {
              "name": "59221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59221"
            },
            {
              "name": "69082",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69082"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
            },
            {
              "name": "61100",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61100"
            },
            {
              "name": "FreeBSD-SA-14:18",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
            },
            {
              "name": "61775",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61775"
            },
            {
              "name": "DSA-2998",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2998"
            },
            {
              "name": "FEDORA-2014-9301",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
            },
            {
              "name": "SSRT101674",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
            },
            {
              "name": "61959",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61959"
            },
            {
              "name": "59756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59756"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
            },
            {
              "name": "58962",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58962"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1053.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
            },
            {
              "name": "60938",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60938"
            },
            {
              "name": "60684",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60684"
            },
            {
              "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
              "refsource": "MLIST",
              "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
            },
            {
              "name": "60687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60687"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1127503",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127503"
            },
            {
              "name": "MDVSA-2014:158",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3510",
    "datePublished": "2014-08-13T23:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:43:06.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-4339
Vulnerability from cvelistv5
Published
2006-09-05 17:00
Modified
2024-08-07 19:06
Severity
Summary
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
References
URLTags
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/x_refsource_MISC
http://www.vupen.com/english/advisories/2006/4750vdb-entry, x_refsource_VUPEN
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2006/3453vdb-entry, x_refsource_VUPEN
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.htmlx_refsource_CONFIRM
http://secunia.com/advisories/23915third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1vendor-advisory, x_refsource_SUNALERT
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771vendor-advisory, x_refsource_HP
http://jvn.jp/en/jp/JVN51615542/index.htmlthird-party-advisory, x_refsource_JVN
http://docs.info.apple.com/article.html?artnum=307177x_refsource_MISC
http://secunia.com/advisories/60799third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/28549vdb-entry, x_refsource_OSVDB
http://www.vupen.com/english/advisories/2006/4366vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22932third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3748vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21791third-party-advisory, x_refsource_SECUNIA
http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.htmlx_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/26893third-party-advisory, x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20060905.txtx_refsource_CONFIRM
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.htmlx_refsource_CONFIRM
http://secunia.com/advisories/22509third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:207vendor-advisory, x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2006-0661.htmlvendor-advisory, x_refsource_REDHAT
http://www.novell.com/linux/security/advisories/2006_61_opera.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/21930third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22940third-party-advisory, x_refsource_SECUNIA
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144vendor-advisory, x_refsource_HP
http://secunia.com/advisories/21852third-party-advisory, x_refsource_SECUNIA
http://dev2dev.bea.com/pub/advisory/238vendor-advisory, x_refsource_BEA
http://secunia.com/advisories/21823third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/22758third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22938third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3899vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22044third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/1945vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2007-0062.htmlvendor-advisory, x_refsource_REDHAT
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.htmlvendor-advisory, x_refsource_OPENPKG
http://www.vupen.com/english/advisories/2006/4206vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/3730vdb-entry, x_refsource_VUPEN
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540vendor-advisory, x_refsource_HP
http://secunia.com/advisories/21812third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22523third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/450327/100/0/threadedvendor-advisory, x_refsource_HP
http://secunia.com/advisories/22689third-party-advisory, x_refsource_SECUNIA
http://docs.info.apple.com/article.html?artnum=304829x_refsource_CONFIRM
http://secunia.com/advisories/23794third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=130497311408250&w=2vendor-advisory, x_refsource_HP
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1vendor-advisory, x_refsource_SUNALERT
http://security.gentoo.org/glsa/glsa-200609-05.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/22711third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/445231/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/23680third-party-advisory, x_refsource_SECUNIA
http://openvpn.net/changelog.htmlx_refsource_CONFIRM
http://www.vmware.com/support/server/doc/releasenotes_server.htmlx_refsource_CONFIRM
http://www.openbsd.org/errata.htmlvendor-advisory, x_refsource_OPENBSD
http://secunia.com/advisories/22733third-party-advisory, x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1633x_refsource_CONFIRM
http://secunia.com/advisories/22949third-party-advisory, x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955vendor-advisory, x_refsource_SLACKWARE
http://www.ubuntu.com/usn/usn-339-1vendor-advisory, x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2006/3566vdb-entry, x_refsource_VUPEN
http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdfx_refsource_CONFIRM
http://www.novell.com/linux/security/advisories/2006_26_sr.htmlvendor-advisory, x_refsource_SUSE
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlx_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/22446third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22939third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24099third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/445822/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/25284third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/22083vdb-entry, x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178vendor-advisory, x_refsource_MANDRIVA
http://securitytracker.com/id?1016791vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/25649third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0366vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22671third-party-advisory, x_refsource_SECUNIA
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.htmlmailing-list, x_refsource_MLIST
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/21785third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlx_refsource_CONFIRM
http://secunia.com/advisories/31492third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4329vdb-entry, x_refsource_VUPEN
http://www.us.debian.org/security/2006/dsa-1173vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/38567third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22284third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24930third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4327vdb-entry, x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDKSA-2006:161vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/21778third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0629.htmlvendor-advisory, x_refsource_REDHAT
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1vendor-advisory, x_refsource_SUNALERT
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.htmlvendor-advisory, x_refsource_APPLE
http://www.vupen.com/english/advisories/2007/2163vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/26329third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22260third-party-advisory, x_refsource_SECUNIA
https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/0343vdb-entry, x_refsource_VUPEN
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1vendor-advisory, x_refsource_SUNALERT
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.htmlvendor-advisory, x_refsource_SUSE
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144vendor-advisory, x_refsource_HP
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.ascvendor-advisory, x_refsource_SGI
http://support.avaya.com/elmodocs2/security/ASA-2006-188.htmx_refsource_CONFIRM
http://www.vmware.com/support/player/doc/releasenotes_player.htmlx_refsource_CONFIRM
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlx_refsource_CONFIRM
http://secunia.com/advisories/21982third-party-advisory, x_refsource_SECUNIA
http://support.attachmate.com/techdocs/2137.htmlx_refsource_CONFIRM
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.htmlx_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-616x_refsource_CONFIRM
http://support.attachmate.com/techdocs/2127.htmlx_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-200610-06.xmlvendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2006/dsa-1174vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/23155third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1vendor-advisory, x_refsource_SUNALERT
http://www.openoffice.org/security/cves/CVE-2006-4339.htmlx_refsource_CONFIRM
http://secunia.com/advisories/22799third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4207vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/4417vdb-entry, x_refsource_VUPEN
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540vendor-advisory, x_refsource_HP
http://www.sybase.com/detail?id=1047991x_refsource_CONFIRM
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144vendor-advisory, x_refsource_HP
http://secunia.com/advisories/21873third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=130497311408250&w=2vendor-advisory, x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2007-0072.htmlvendor-advisory, x_refsource_REDHAT
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.htmlthird-party-advisory, x_refsource_JVNDB
http://www.serv-u.com/releasenotes/x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4744vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/38568third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21846third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.htmlx_refsource_CONFIRM
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.htmlx_refsource_CONFIRM
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2007/0254vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/450327/100/0/threadedvendor-advisory, x_refsource_HP
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2007/4224vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22161third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bind-announce&m=116253119512445&w=2mailing-list, x_refsource_MLIST
http://secunia.com/advisories/22937third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22325third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2007/2315vdb-entry, x_refsource_VUPEN
http://www.opera.com/support/search/supsearch.dml?index=845x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/21767third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/1815vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22232third-party-advisory, x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlthird-party-advisory, x_refsource_CERT
http://secunia.com/advisories/21906third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/489739/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://lists.vmware.com/pipermail/security-announce/2008/000008.htmlmailing-list, x_refsource_MLIST
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742vendor-advisory, x_refsource_HP
http://secunia.com/advisories/22934third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlx_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2007-0073.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/22585third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/25399third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/0905/referencesvdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/1401vdb-entry, x_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1vendor-advisory, x_refsource_SUNALERT
https://exchange.xforce.ibmcloud.com/vulnerabilities/28755vdb-entry, x_refsource_XF
http://secunia.com/advisories/22513third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/41818third-party-advisory, x_refsource_SECUNIA
http://support.attachmate.com/techdocs/2128.htmlx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656vdb-entry, signature, x_refsource_OVAL
http://www.vmware.com/security/advisories/VMSA-2008-0005.htmlx_refsource_CONFIRM
http://secunia.com/advisories/21776third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771vendor-advisory, x_refsource_HP
http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://secunia.com/advisories/23455third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/456546/100/200/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/28115third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22226third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3936vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22066third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22936third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.htmlx_refsource_CONFIRM
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144vendor-advisory, x_refsource_HP
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.htmlvendor-advisory, x_refsource_OPENPKG
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/22545third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1017522vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/22948third-party-advisory, x_refsource_SECUNIA
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.htmlvendor-advisory, x_refsource_CISCO
http://secunia.com/advisories/23841third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4205vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2783vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22259third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22036third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2006/4586vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21927third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_55_ssl.htmlvendor-advisory, x_refsource_SUSE
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/5146vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21870third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4216vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/3793vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/28276vdb-entry, x_refsource_BID
http://secunia.com/advisories/21709third-party-advisory, x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/845620third-party-advisory, x_refsource_CERT-VN
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306vendor-advisory, x_refsource_SLACKWARE
http://security.gentoo.org/glsa/glsa-200609-18.xmlvendor-advisory, x_refsource_GENTOO
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtmlvendor-advisory, x_refsource_CISCO
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/24950third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/19849vdb-entry, x_refsource_BID
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:06:07.378Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "name": "ADV-2006-4750",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "name": "SSRT061273",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01070495"
          },
          {
            "name": "ADV-2006-3453",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3453"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "name": "23915",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "name": "201534",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "name": "HPSBMA02250",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
          },
          {
            "name": "JVN#51615542",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN51615542/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "name": "60799",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60799"
          },
          {
            "name": "28549",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/28549"
          },
          {
            "name": "ADV-2006-4366",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4366"
          },
          {
            "name": "22932",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22932"
          },
          {
            "name": "ADV-2006-3748",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3748"
          },
          {
            "name": "21791",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21791"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html"
          },
          {
            "name": "GLSA-201408-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
          },
          {
            "name": "26893",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26893"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20060905.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "name": "22509",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22509"
          },
          {
            "name": "MDKSA-2006:207",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:207"
          },
          {
            "name": "RHSA-2006:0661",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0661.html"
          },
          {
            "name": "SUSE-SA:2006:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_61_opera.html"
          },
          {
            "name": "21930",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21930"
          },
          {
            "name": "22940",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22940"
          },
          {
            "name": "SSRT071304",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
          },
          {
            "name": "21852",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21852"
          },
          {
            "name": "BEA07-169.00",
            "tags": [
              "vendor-advisory",
              "x_refsource_BEA",
              "x_transferred"
            ],
            "url": "http://dev2dev.bea.com/pub/advisory/238"
          },
          {
            "name": "21823",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21823"
          },
          {
            "name": "102657",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1"
          },
          {
            "name": "22758",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "name": "22938",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22938"
          },
          {
            "name": "ADV-2006-3899",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3899"
          },
          {
            "name": "22044",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22044"
          },
          {
            "name": "ADV-2007-1945",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1945"
          },
          {
            "name": "RHSA-2007:0062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0062.html"
          },
          {
            "name": "OpenPKG-SA-2006.029",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html"
          },
          {
            "name": "ADV-2006-4206",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4206"
          },
          {
            "name": "ADV-2006-3730",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3730"
          },
          {
            "name": "SSRT071299",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
          },
          {
            "name": "21812",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21812"
          },
          {
            "name": "22523",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22523"
          },
          {
            "name": "HPSBUX02165",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/450327/100/0/threaded"
          },
          {
            "name": "22689",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22689"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "name": "23794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "name": "SSRT090208",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "name": "102759",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
          },
          {
            "name": "GLSA-200609-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200609-05.xml"
          },
          {
            "name": "22711",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22711"
          },
          {
            "name": "20060905 rPSA-2006-0163-1 openssl openssl-scripts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/445231/100/0/threaded"
          },
          {
            "name": "23680",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "name": "[3.9] 20060908 011: SECURITY FIX: September 8, 2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/errata.html"
          },
          {
            "name": "22733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22733"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1633"
          },
          {
            "name": "22949",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22949"
          },
          {
            "name": "SSA:2006-310-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.566955"
          },
          {
            "name": "USN-339-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-339-1"
          },
          {
            "name": "ADV-2006-3566",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3566"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf"
          },
          {
            "name": "SUSE-SR:2006:026",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "name": "102744",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1"
          },
          {
            "name": "22446",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22446"
          },
          {
            "name": "22939",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22939"
          },
          {
            "name": "24099",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24099"
          },
          {
            "name": "20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/445822/100/0/threaded"
          },
          {
            "name": "25284",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25284"
          },
          {
            "name": "22083",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "name": "MDKSA-2006:178",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178"
          },
          {
            "name": "1016791",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016791"
          },
          {
            "name": "25649",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25649"
          },
          {
            "name": "ADV-2010-0366",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0366"
          },
          {
            "name": "22671",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "name": "[ietf-openpgp] 20060827 Bleichenbacher\u0027s RSA signature forgery based on implementation error",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "name": "102722",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1"
          },
          {
            "name": "21785",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21785"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "name": "31492",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "name": "ADV-2006-4329",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "name": "DSA-1173",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.us.debian.org/security/2006/dsa-1173"
          },
          {
            "name": "38567",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38567"
          },
          {
            "name": "22284",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "name": "24930",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "name": "ADV-2006-4327",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "name": "MDKSA-2006:161",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:161"
          },
          {
            "name": "21778",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21778"
          },
          {
            "name": "RHSA-2008:0629",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
          },
          {
            "name": "102696",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1"
          },
          {
            "name": "APPLE-SA-2007-12-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
          },
          {
            "name": "ADV-2007-2163",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2163"
          },
          {
            "name": "26329",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "name": "22260",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html"
          },
          {
            "name": "ADV-2007-0343",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=3117"
          },
          {
            "name": "102656",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1"
          },
          {
            "name": "SUSE-SA:2007:010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
          },
          {
            "name": "SSRT061213",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
          },
          {
            "name": "20060901-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "name": "21982",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21982"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.attachmate.com/techdocs/2137.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-616"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.attachmate.com/techdocs/2127.html"
          },
          {
            "name": "GLSA-200610-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
          },
          {
            "name": "DSA-1174",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1174"
          },
          {
            "name": "23155",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "name": "1000148",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openoffice.org/security/cves/CVE-2006-4339.html"
          },
          {
            "name": "22799",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "name": "ADV-2006-4207",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4207"
          },
          {
            "name": "ADV-2006-4417",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "name": "HPSBUX02186",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.sybase.com/detail?id=1047991"
          },
          {
            "name": "SSRT061239",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
          },
          {
            "name": "21873",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21873"
          },
          {
            "name": "HPSBOV02683",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "name": "RHSA-2007:0072",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0072.html"
          },
          {
            "name": "JVNDB-2012-000079",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "name": "ADV-2006-4744",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4744"
          },
          {
            "name": "38568",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38568"
          },
          {
            "name": "21846",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21846"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "name": "HPSBUX02219",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01070495"
          },
          {
            "name": "ADV-2007-0254",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0254"
          },
          {
            "name": "SSRT061266",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/450327/100/0/threaded"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
          },
          {
            "name": "ADV-2007-4224",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4224"
          },
          {
            "name": "22161",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22161"
          },
          {
            "name": "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "name": "22937",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22937"
          },
          {
            "name": "22325",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22325"
          },
          {
            "name": "102648",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
          },
          {
            "name": "ADV-2007-2315",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.opera.com/support/search/supsearch.dml?index=845"
          },
          {
            "name": "APPLE-SA-2006-11-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
          },
          {
            "name": "21767",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21767"
          },
          {
            "name": "ADV-2007-1815",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1815"
          },
          {
            "name": "22232",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22232"
          },
          {
            "name": "TA06-333A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
          },
          {
            "name": "21906",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21906"
          },
          {
            "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
          },
          {
            "name": "22934",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22934"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "name": "RHSA-2007:0073",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0073.html"
          },
          {
            "name": "22585",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22585"
          },
          {
            "name": "25399",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25399"
          },
          {
            "name": "ADV-2008-0905",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "name": "ADV-2007-1401",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "name": "201247",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1"
          },
          {
            "name": "openssl-rsa-security-bypass(28755)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28755"
          },
          {
            "name": "22513",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22513"
          },
          {
            "name": "41818",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41818"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.attachmate.com/techdocs/2128.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11656",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
          },
          {
            "name": "21776",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21776"
          },
          {
            "name": "SSRT061275",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
          },
          {
            "name": "FreeBSD-SA-06:19",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc"
          },
          {
            "name": "23455",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23455"
          },
          {
            "name": "20070110 VMware ESX server security updates",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "name": "28115",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28115"
          },
          {
            "name": "22226",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22226"
          },
          {
            "name": "ADV-2006-3936",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "name": "22066",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22066"
          },
          {
            "name": "22936",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22936"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "name": "HPSBTU02207",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
          },
          {
            "name": "OpenPKG-SA-2006.018",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html"
          },
          {
            "name": "MDKSA-2006:177",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177"
          },
          {
            "name": "22545",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22545"
          },
          {
            "name": "1017522",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "name": "22948",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22948"
          },
          {
            "name": "20061108 Multiple Vulnerabilities in OpenSSL Library",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "name": "23841",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23841"
          },
          {
            "name": "ADV-2006-4205",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4205"
          },
          {
            "name": "ADV-2007-2783",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "name": "22259",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "name": "22036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22036"
          },
          {
            "name": "200708",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1"
          },
          {
            "name": "ADV-2006-4586",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4586"
          },
          {
            "name": "21927",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21927"
          },
          {
            "name": "SUSE-SA:2006:055",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "name": "ADV-2006-5146",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/5146"
          },
          {
            "name": "21870",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21870"
          },
          {
            "name": "ADV-2006-4216",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4216"
          },
          {
            "name": "ADV-2006-3793",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3793"
          },
          {
            "name": "28276",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "name": "21709",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21709"
          },
          {
            "name": "VU#845620",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/845620"
          },
          {
            "name": "SSA:2006-257-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.605306"
          },
          {
            "name": "GLSA-200609-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200609-18.xml"
          },
          {
            "name": "20061108 Multiple Vulnerabilities in OpenSSL library",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "name": "102686",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1"
          },
          {
            "name": "24950",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "name": "19849",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19849"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
        },
        {
          "name": "ADV-2006-4750",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4750"
        },
        {
          "name": "SSRT061273",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01070495"
        },
        {
          "name": "ADV-2006-3453",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3453"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
        },
        {
          "name": "23915",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23915"
        },
        {
          "name": "201534",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
        },
        {
          "name": "HPSBMA02250",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
        },
        {
          "name": "JVN#51615542",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN51615542/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307177"
        },
        {
          "name": "60799",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60799"
        },
        {
          "name": "28549",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/28549"
        },
        {
          "name": "ADV-2006-4366",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4366"
        },
        {
          "name": "22932",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22932"
        },
        {
          "name": "ADV-2006-3748",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3748"
        },
        {
          "name": "21791",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21791"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html"
        },
        {
          "name": "GLSA-201408-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
        },
        {
          "name": "26893",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26893"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20060905.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
        },
        {
          "name": "22509",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22509"
        },
        {
          "name": "MDKSA-2006:207",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:207"
        },
        {
          "name": "RHSA-2006:0661",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0661.html"
        },
        {
          "name": "SUSE-SA:2006:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_61_opera.html"
        },
        {
          "name": "21930",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21930"
        },
        {
          "name": "22940",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22940"
        },
        {
          "name": "SSRT071304",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
        },
        {
          "name": "21852",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21852"
        },
        {
          "name": "BEA07-169.00",
          "tags": [
            "vendor-advisory",
            "x_refsource_BEA"
          ],
          "url": "http://dev2dev.bea.com/pub/advisory/238"
        },
        {
          "name": "21823",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21823"
        },
        {
          "name": "102657",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1"
        },
        {
          "name": "22758",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22758"
        },
        {
          "name": "22938",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22938"
        },
        {
          "name": "ADV-2006-3899",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3899"
        },
        {
          "name": "22044",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22044"
        },
        {
          "name": "ADV-2007-1945",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1945"
        },
        {
          "name": "RHSA-2007:0062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0062.html"
        },
        {
          "name": "OpenPKG-SA-2006.029",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html"
        },
        {
          "name": "ADV-2006-4206",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4206"
        },
        {
          "name": "ADV-2006-3730",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3730"
        },
        {
          "name": "SSRT071299",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
        },
        {
          "name": "21812",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21812"
        },
        {
          "name": "22523",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22523"
        },
        {
          "name": "HPSBUX02165",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/450327/100/0/threaded"
        },
        {
          "name": "22689",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22689"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=304829"
        },
        {
          "name": "23794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23794"
        },
        {
          "name": "SSRT090208",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "name": "102759",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
        },
        {
          "name": "GLSA-200609-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200609-05.xml"
        },
        {
          "name": "22711",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22711"
        },
        {
          "name": "20060905 rPSA-2006-0163-1 openssl openssl-scripts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/445231/100/0/threaded"
        },
        {
          "name": "23680",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23680"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://openvpn.net/changelog.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
        },
        {
          "name": "[3.9] 20060908 011: SECURITY FIX: September 8, 2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://www.openbsd.org/errata.html"
        },
        {
          "name": "22733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22733"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1633"
        },
        {
          "name": "22949",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22949"
        },
        {
          "name": "SSA:2006-310-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.566955"
        },
        {
          "name": "USN-339-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-339-1"
        },
        {
          "name": "ADV-2006-3566",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3566"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf"
        },
        {
          "name": "SUSE-SR:2006:026",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
        },
        {
          "name": "102744",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1"
        },
        {
          "name": "22446",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22446"
        },
        {
          "name": "22939",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22939"
        },
        {
          "name": "24099",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24099"
        },
        {
          "name": "20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/445822/100/0/threaded"
        },
        {
          "name": "25284",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25284"
        },
        {
          "name": "22083",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22083"
        },
        {
          "name": "MDKSA-2006:178",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178"
        },
        {
          "name": "1016791",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016791"
        },
        {
          "name": "25649",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25649"
        },
        {
          "name": "ADV-2010-0366",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0366"
        },
        {
          "name": "22671",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22671"
        },
        {
          "name": "[ietf-openpgp] 20060827 Bleichenbacher\u0027s RSA signature forgery based on implementation error",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
        },
        {
          "name": "102722",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1"
        },
        {
          "name": "21785",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21785"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
        },
        {
          "name": "31492",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31492"
        },
        {
          "name": "ADV-2006-4329",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4329"
        },
        {
          "name": "DSA-1173",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.us.debian.org/security/2006/dsa-1173"
        },
        {
          "name": "38567",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38567"
        },
        {
          "name": "22284",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22284"
        },
        {
          "name": "24930",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24930"
        },
        {
          "name": "ADV-2006-4327",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4327"
        },
        {
          "name": "MDKSA-2006:161",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:161"
        },
        {
          "name": "21778",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21778"
        },
        {
          "name": "RHSA-2008:0629",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
        },
        {
          "name": "102696",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1"
        },
        {
          "name": "APPLE-SA-2007-12-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
        },
        {
          "name": "ADV-2007-2163",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2163"
        },
        {
          "name": "26329",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26329"
        },
        {
          "name": "22260",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22260"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html"
        },
        {
          "name": "ADV-2007-0343",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0343"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=3117"
        },
        {
          "name": "102656",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1"
        },
        {
          "name": "SUSE-SA:2007:010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
        },
        {
          "name": "SSRT061213",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
        },
        {
          "name": "20060901-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
        },
        {
          "name": "21982",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21982"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.attachmate.com/techdocs/2137.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-616"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.attachmate.com/techdocs/2127.html"
        },
        {
          "name": "GLSA-200610-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
        },
        {
          "name": "DSA-1174",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1174"
        },
        {
          "name": "23155",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23155"
        },
        {
          "name": "1000148",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openoffice.org/security/cves/CVE-2006-4339.html"
        },
        {
          "name": "22799",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22799"
        },
        {
          "name": "ADV-2006-4207",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4207"
        },
        {
          "name": "ADV-2006-4417",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4417"
        },
        {
          "name": "HPSBUX02186",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.sybase.com/detail?id=1047991"
        },
        {
          "name": "SSRT061239",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
        },
        {
          "name": "21873",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21873"
        },
        {
          "name": "HPSBOV02683",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "name": "RHSA-2007:0072",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0072.html"
        },
        {
          "name": "JVNDB-2012-000079",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.serv-u.com/releasenotes/"
        },
        {
          "name": "ADV-2006-4744",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4744"
        },
        {
          "name": "38568",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38568"
        },
        {
          "name": "21846",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21846"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
        },
        {
          "name": "HPSBUX02219",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01070495"
        },
        {
          "name": "ADV-2007-0254",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0254"
        },
        {
          "name": "SSRT061266",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/450327/100/0/threaded"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
        },
        {
          "name": "ADV-2007-4224",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4224"
        },
        {
          "name": "22161",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22161"
        },
        {
          "name": "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
        },
        {
          "name": "22937",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22937"
        },
        {
          "name": "22325",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22325"
        },
        {
          "name": "102648",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
        },
        {
          "name": "ADV-2007-2315",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2315"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.opera.com/support/search/supsearch.dml?index=845"
        },
        {
          "name": "APPLE-SA-2006-11-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
        },
        {
          "name": "21767",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21767"
        },
        {
          "name": "ADV-2007-1815",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1815"
        },
        {
          "name": "22232",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22232"
        },
        {
          "name": "TA06-333A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
        },
        {
          "name": "21906",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21906"
        },
        {
          "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
        },
        {
          "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
        },
        {
          "name": "22934",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22934"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
        },
        {
          "name": "RHSA-2007:0073",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0073.html"
        },
        {
          "name": "22585",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22585"
        },
        {
          "name": "25399",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25399"
        },
        {
          "name": "ADV-2008-0905",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0905/references"
        },
        {
          "name": "ADV-2007-1401",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1401"
        },
        {
          "name": "201247",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1"
        },
        {
          "name": "openssl-rsa-security-bypass(28755)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28755"
        },
        {
          "name": "22513",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22513"
        },
        {
          "name": "41818",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41818"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.attachmate.com/techdocs/2128.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11656",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
        },
        {
          "name": "21776",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21776"
        },
        {
          "name": "SSRT061275",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
        },
        {
          "name": "FreeBSD-SA-06:19",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc"
        },
        {
          "name": "23455",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23455"
        },
        {
          "name": "20070110 VMware ESX server security updates",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
        },
        {
          "name": "28115",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28115"
        },
        {
          "name": "22226",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22226"
        },
        {
          "name": "ADV-2006-3936",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3936"
        },
        {
          "name": "22066",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22066"
        },
        {
          "name": "22936",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22936"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
        },
        {
          "name": "HPSBTU02207",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
        },
        {
          "name": "OpenPKG-SA-2006.018",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html"
        },
        {
          "name": "MDKSA-2006:177",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177"
        },
        {
          "name": "22545",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22545"
        },
        {
          "name": "1017522",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017522"
        },
        {
          "name": "22948",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22948"
        },
        {
          "name": "20061108 Multiple Vulnerabilities in OpenSSL Library",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
        },
        {
          "name": "23841",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23841"
        },
        {
          "name": "ADV-2006-4205",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4205"
        },
        {
          "name": "ADV-2007-2783",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2783"
        },
        {
          "name": "22259",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22259"
        },
        {
          "name": "22036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22036"
        },
        {
          "name": "200708",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1"
        },
        {
          "name": "ADV-2006-4586",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4586"
        },
        {
          "name": "21927",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21927"
        },
        {
          "name": "SUSE-SA:2006:055",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
        },
        {
          "name": "ADV-2006-5146",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/5146"
        },
        {
          "name": "21870",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21870"
        },
        {
          "name": "ADV-2006-4216",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4216"
        },
        {
          "name": "ADV-2006-3793",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3793"
        },
        {
          "name": "28276",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28276"
        },
        {
          "name": "21709",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21709"
        },
        {
          "name": "VU#845620",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/845620"
        },
        {
          "name": "SSA:2006-257-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.605306"
        },
        {
          "name": "GLSA-200609-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200609-18.xml"
        },
        {
          "name": "20061108 Multiple Vulnerabilities in OpenSSL library",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
        },
        {
          "name": "102686",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1"
        },
        {
          "name": "24950",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24950"
        },
        {
          "name": "19849",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19849"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-4339",
    "datePublished": "2006-09-05T17:00:00",
    "dateReserved": "2006-08-24T00:00:00",
    "dateUpdated": "2024-08-07T19:06:07.378Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0190
Vulnerability from cvelistv5
Published
2019-01-22 00:00
Modified
2024-08-04 17:44
Severity
Summary
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.
References
URLTags
http://www.securityfocus.com/bid/106743vdb-entry, x_refsource_BID
https://security.gentoo.org/glsa/201903-21vendor-advisory, x_refsource_GENTOO
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://httpd.apache.org/security/vulnerabilities_24.htmlx_refsource_CONFIRM
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20190125-0001/x_refsource_CONFIRM
Impacted products
VendorProduct
Apache Software FoundationApache HTTP Server
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:44:14.862Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106743",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106743"
          },
          {
            "name": "GLSA-201903-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-21"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190125-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "Apache HTTP Server 2.4.37"
            }
          ]
        }
      ],
      "datePublic": "2019-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote DoS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:53:17",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "106743",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106743"
        },
        {
          "name": "GLSA-201903-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-21"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190125-0001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2019-01-22T00:00:00",
          "ID": "CVE-2019-0190",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache HTTP Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache HTTP Server 2.4.37"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote DoS"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106743",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106743"
            },
            {
              "name": "GLSA-201903-21",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-21"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://httpd.apache.org/security/vulnerabilities_24.html",
              "refsource": "CONFIRM",
              "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190125-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190125-0001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2019-0190",
    "datePublished": "2019-01-22T00:00:00",
    "dateReserved": "2018-11-14T00:00:00",
    "dateUpdated": "2024-08-04T17:44:14.862Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2182
Vulnerability from cvelistv5
Published
2016-09-16 00:00
Modified
2024-08-05 23:17
Severity
Summary
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
References
URLTags
http://www.securitytracker.com/id/1036688vdb-entry
https://www.tenable.com/security/tns-2016-20
https://access.redhat.com/errata/RHSA-2018:2185vendor-advisory
https://access.redhat.com/errata/RHSA-2018:2186vendor-advisory
http://www.splunk.com/view/SP-CAAAPUE
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/92557vdb-entry
https://source.android.com/security/bulletin/2017-03-01
http://www.securitytracker.com/id/1037968vdb-entry
http://rhn.redhat.com/errata/RHSA-2016-1940.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
http://www.splunk.com/view/SP-CAAAPSV
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-21
https://kc.mcafee.com/corporate/index?page=content&id=SB10171
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://bto.bluecoat.com/security-advisory/sa132
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.ascvendor-advisory
https://source.android.com/security/bulletin/2017-03-01.html
https://access.redhat.com/errata/RHSA-2018:2187vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-3087-1vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-3087-2vendor-advisory
https://support.f5.com/csp/article/K01276005
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.htmlvendor-advisory
http://seclists.org/fulldisclosure/2017/Jul/31mailing-list
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.htmlvendor-advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
http://www.debian.org/security/2016/dsa-3673vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.htmlvendor-advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.604Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036688",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036688"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "name": "RHSA-2018:2185",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2185"
          },
          {
            "name": "RHSA-2018:2186",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2186"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "92557",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92557"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2017-03-01"
          },
          {
            "name": "1037968",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037968"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2017-03-01.html"
          },
          {
            "name": "RHSA-2018:2187",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2187"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K01276005"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "1036688",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036688"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "name": "RHSA-2018:2185",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2185"
        },
        {
          "name": "RHSA-2018:2186",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2186"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "92557",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92557"
        },
        {
          "url": "https://source.android.com/security/bulletin/2017-03-01"
        },
        {
          "name": "1037968",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1037968"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "url": "https://source.android.com/security/bulletin/2017-03-01.html"
        },
        {
          "name": "RHSA-2018:2187",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "url": "https://support.f5.com/csp/article/K01276005"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2182",
    "datePublished": "2016-09-16T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2179
Vulnerability from cvelistv5
Published
2016-09-16 00:00
Modified
2024-08-05 23:17
Severity
Summary
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
References
URLTags
https://www.tenable.com/security/tns-2016-20
http://www.splunk.com/view/SP-CAAAPUE
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://rhn.redhat.com/errata/RHSA-2016-1940.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
http://www.splunk.com/view/SP-CAAAPSV
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-21
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.securitytracker.com/id/1036689vdb-entry
http://www.securityfocus.com/bid/92987vdb-entry
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://bto.bluecoat.com/security-advisory/sa132
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.ascvendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.748Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "1036689",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036689"
          },
          {
            "name": "92987",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92987"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "1036689",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036689"
        },
        {
          "name": "92987",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92987"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2179",
    "datePublished": "2016-09-16T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-2686
Vulnerability from cvelistv5
Published
2013-02-08 19:00
Modified
2024-08-06 19:42
Severity
Summary
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
References
URLTags
http://www.securityfocus.com/bid/57755vdb-entry, x_refsource_BID
http://secunia.com/advisories/55139third-party-advisory, x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20130204.txtx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18868vdb-entry, signature, x_refsource_OVAL
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=125093b59f3c2a2d33785b5563d929d0472f1721x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=137545771702053&w=2vendor-advisory, x_refsource_HP
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=137545771702053&w=2vendor-advisory, x_refsource_HP
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/55108third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=908029x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19660vdb-entry, signature, x_refsource_OVAL
http://support.apple.com/kb/HT5880x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:42:32.129Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "57755",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/57755"
          },
          {
            "name": "55139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55139"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20130204.txt"
          },
          {
            "name": "oval:org.mitre.oval:def:18868",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18868"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=125093b59f3c2a2d33785b5563d929d0472f1721"
          },
          {
            "name": "SSRT101289",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
          },
          {
            "name": "HPSBUX02909",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
          },
          {
            "name": "APPLE-SA-2013-09-12-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
          },
          {
            "name": "55108",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55108"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908029"
          },
          {
            "name": "oval:org.mitre.oval:def:19660",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19660"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5880"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-08T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "57755",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/57755"
        },
        {
          "name": "55139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55139"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20130204.txt"
        },
        {
          "name": "oval:org.mitre.oval:def:18868",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18868"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=125093b59f3c2a2d33785b5563d929d0472f1721"
        },
        {
          "name": "SSRT101289",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
        },
        {
          "name": "HPSBUX02909",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
        },
        {
          "name": "APPLE-SA-2013-09-12-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
        },
        {
          "name": "55108",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55108"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908029"
        },
        {
          "name": "oval:org.mitre.oval:def:19660",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19660"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5880"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-2686",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "57755",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/57755"
            },
            {
              "name": "55139",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55139"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20130204.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20130204.txt"
            },
            {
              "name": "oval:org.mitre.oval:def:18868",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18868"
            },
            {
              "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=125093b59f3c2a2d33785b5563d929d0472f1721",
              "refsource": "CONFIRM",
              "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=125093b59f3c2a2d33785b5563d929d0472f1721"
            },
            {
              "name": "SSRT101289",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
            },
            {
              "name": "HPSBUX02909",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
            },
            {
              "name": "APPLE-SA-2013-09-12-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
            },
            {
              "name": "55108",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55108"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=908029",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908029"
            },
            {
              "name": "oval:org.mitre.oval:def:19660",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19660"
            },
            {
              "name": "http://support.apple.com/kb/HT5880",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5880"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-2686",
    "datePublished": "2013-02-08T19:00:00",
    "dateReserved": "2012-05-14T00:00:00",
    "dateUpdated": "2024-08-06T19:42:32.129Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3505
Vulnerability from cvelistv5
Published
2014-08-13 23:00
Modified
2024-08-06 10:43
Severity
Summary
Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.
References
URLTags
http://rhn.redhat.com/errata/RHSA-2014-1297.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.htmlvendor-advisory, x_refsource_SUSE
http://linux.oracle.com/errata/ELSA-2014-1052.htmlx_refsource_CONFIRM
http://secunia.com/advisories/60221third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21682293x_refsource_CONFIRM
http://secunia.com/advisories/60778third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61184third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2014-1256.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/60022third-party-advisory, x_refsource_SECUNIA
https://www.openssl.org/news/secadv_20140806.txtx_refsource_CONFIRM
http://secunia.com/advisories/61040third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61250third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21683389x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8bx_refsource_CONFIRM
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htmx_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201412-39.xmlvendor-advisory, x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/60803third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60824third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140853041709441&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59700third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id/1030693vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/59743third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/60917third-party-advisory, x_refsource_SECUNIA
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.htmlx_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.ascvendor-advisory, x_refsource_NETBSD
http://secunia.com/advisories/60493third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59710third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60921third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=141077370928502&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59221third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/69081vdb-entry, x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240x_refsource_CONFIRM
http://secunia.com/advisories/61100third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61775third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2014/dsa-2998vendor-advisory, x_refsource_DEBIAN
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=140853041709441&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61959third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59756third-party-advisory, x_refsource_SECUNIA
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.ascx_refsource_CONFIRM
http://secunia.com/advisories/58962third-party-advisory, x_refsource_SECUNIA
http://linux.oracle.com/errata/ELSA-2014-1053.htmlx_refsource_CONFIRM
http://secunia.com/advisories/60938third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60684third-party-advisory, x_refsource_SECUNIA
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/60687third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2014:158vendor-advisory, x_refsource_MANDRIVA
http://www-01.ibm.com/support/docview.wss?uid=swg21686997x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:06.486Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2014:1297",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
          },
          {
            "name": "openSUSE-SU-2014:1052",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
          },
          {
            "name": "60221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
          },
          {
            "name": "60778",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60778"
          },
          {
            "name": "61184",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61184"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "RHSA-2014:1256",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
          },
          {
            "name": "60022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60022"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20140806.txt"
          },
          {
            "name": "61040",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61040"
          },
          {
            "name": "61250",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61250"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
          },
          {
            "name": "GLSA-201412-39",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "60803",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60803"
          },
          {
            "name": "60824",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60824"
          },
          {
            "name": "HPSBUX03095",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
          },
          {
            "name": "59700",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59700"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "name": "1030693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030693"
          },
          {
            "name": "59743",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59743"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "name": "60917",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60917"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
          },
          {
            "name": "NetBSD-SA2014-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
          },
          {
            "name": "60493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60493"
          },
          {
            "name": "59710",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59710"
          },
          {
            "name": "60921",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60921"
          },
          {
            "name": "HPSBOV03099",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
          },
          {
            "name": "59221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59221"
          },
          {
            "name": "69081",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69081"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
          },
          {
            "name": "61100",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61100"
          },
          {
            "name": "61775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61775"
          },
          {
            "name": "DSA-2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2998"
          },
          {
            "name": "FEDORA-2014-9301",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
          },
          {
            "name": "SSRT101674",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
          },
          {
            "name": "61959",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61959"
          },
          {
            "name": "59756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59756"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
          },
          {
            "name": "58962",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58962"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
          },
          {
            "name": "60938",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60938"
          },
          {
            "name": "60684",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60684"
          },
          {
            "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
          },
          {
            "name": "60687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60687"
          },
          {
            "name": "MDVSA-2014:158",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-04T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2014:1297",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
        },
        {
          "name": "openSUSE-SU-2014:1052",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
        },
        {
          "name": "60221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
        },
        {
          "name": "60778",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60778"
        },
        {
          "name": "61184",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61184"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "RHSA-2014:1256",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
        },
        {
          "name": "60022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60022"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20140806.txt"
        },
        {
          "name": "61040",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61040"
        },
        {
          "name": "61250",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61250"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
        },
        {
          "name": "GLSA-201412-39",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "60803",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60803"
        },
        {
          "name": "60824",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60824"
        },
        {
          "name": "HPSBUX03095",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
        },
        {
          "name": "59700",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59700"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "name": "1030693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030693"
        },
        {
          "name": "59743",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59743"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "name": "60917",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60917"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
        },
        {
          "name": "NetBSD-SA2014-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
        },
        {
          "name": "60493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60493"
        },
        {
          "name": "59710",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59710"
        },
        {
          "name": "60921",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60921"
        },
        {
          "name": "HPSBOV03099",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
        },
        {
          "name": "59221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59221"
        },
        {
          "name": "69081",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69081"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
        },
        {
          "name": "61100",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61100"
        },
        {
          "name": "61775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61775"
        },
        {
          "name": "DSA-2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2998"
        },
        {
          "name": "FEDORA-2014-9301",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
        },
        {
          "name": "SSRT101674",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
        },
        {
          "name": "61959",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61959"
        },
        {
          "name": "59756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59756"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
        },
        {
          "name": "58962",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58962"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
        },
        {
          "name": "60938",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60938"
        },
        {
          "name": "60684",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60684"
        },
        {
          "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
        },
        {
          "name": "60687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60687"
        },
        {
          "name": "MDVSA-2014:158",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3505",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2014:1297",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
            },
            {
              "name": "openSUSE-SU-2014:1052",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1052.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
            },
            {
              "name": "60221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60221"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
            },
            {
              "name": "60778",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60778"
            },
            {
              "name": "61184",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61184"
            },
            {
              "name": "SSRT101846",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "RHSA-2014:1256",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
            },
            {
              "name": "60022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60022"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20140806.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20140806.txt"
            },
            {
              "name": "61040",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61040"
            },
            {
              "name": "61250",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61250"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
            },
            {
              "name": "GLSA-201412-39",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
            },
            {
              "name": "HPSBHF03293",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "60803",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60803"
            },
            {
              "name": "60824",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60824"
            },
            {
              "name": "HPSBUX03095",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
            },
            {
              "name": "59700",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59700"
            },
            {
              "name": "FEDORA-2014-9308",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
            },
            {
              "name": "1030693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030693"
            },
            {
              "name": "59743",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59743"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "60917",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60917"
            },
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html",
              "refsource": "CONFIRM",
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
            },
            {
              "name": "NetBSD-SA2014-008",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
            },
            {
              "name": "60493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60493"
            },
            {
              "name": "59710",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59710"
            },
            {
              "name": "60921",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60921"
            },
            {
              "name": "HPSBOV03099",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
            },
            {
              "name": "59221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59221"
            },
            {
              "name": "69081",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69081"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
            },
            {
              "name": "61100",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61100"
            },
            {
              "name": "61775",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61775"
            },
            {
              "name": "DSA-2998",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2998"
            },
            {
              "name": "FEDORA-2014-9301",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
            },
            {
              "name": "SSRT101674",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
            },
            {
              "name": "61959",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61959"
            },
            {
              "name": "59756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59756"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
            },
            {
              "name": "58962",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58962"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1053.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
            },
            {
              "name": "60938",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60938"
            },
            {
              "name": "60684",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60684"
            },
            {
              "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
              "refsource": "MLIST",
              "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
            },
            {
              "name": "60687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60687"
            },
            {
              "name": "MDVSA-2014:158",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3505",
    "datePublished": "2014-08-13T23:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:43:06.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0215
Vulnerability from cvelistv5
Published
2023-02-08 19:03
Modified
2024-08-02 05:02
Severity
Summary
Use-after-free following BIO_new_NDEF
References
URLTags
https://www.openssl.org/news/secadv/20230207.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafdpatch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4ebpatch
https://security.netapp.com/advisory/ntap-20230427-0007/
https://security.netapp.com/advisory/ntap-20230427-0009/
https://security.gentoo.org/glsa/202402-08
https://security.netapp.com/advisory/ntap-20240621-0006/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:02:43.944Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230207.txt"
          },
          {
            "name": "3.0.8 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd"
          },
          {
            "name": "1.1.1t git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344"
          },
          {
            "name": "1.0.2zg patch (premium)",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.0.8",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1t",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zg",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Octavio Galland (Max Planck Institute for Security and Privacy)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Marcel B\u00f6hme (Max Planck Institute for Security and Privacy)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Viktor Dukhovni"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Matt Caswell"
        }
      ],
      "datePublic": "2023-02-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The public API function BIO_new_NDEF is a helper function used for streaming\u003cbr\u003eASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\u003cbr\u003eSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\u003cbr\u003eend user applications.\u003cbr\u003e\u003cbr\u003eThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\u003cbr\u003eBIO onto the front of it to form a BIO chain, and then returns the new head of\u003cbr\u003ethe BIO chain to the caller. Under certain conditions, for example if a CMS\u003cbr\u003erecipient public key is invalid, the new filter BIO is freed and the function\u003cbr\u003ereturns a NULL result indicating a failure. However, in this case, the BIO chain\u003cbr\u003eis not properly cleaned up and the BIO passed by the caller still retains\u003cbr\u003einternal pointers to the previously freed filter BIO. If the caller then goes on\u003cbr\u003eto call BIO_pop() on the BIO then a use-after-free will occur. This will most\u003cbr\u003elikely result in a crash.\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis scenario occurs directly in the internal function B64_write_ASN1() which\u003cbr\u003emay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\u003cbr\u003ethe BIO. This internal function is in turn called by the public API functions\u003cbr\u003ePEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\u003cbr\u003eSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\u003cbr\u003e\u003cbr\u003eOther public API functions that may be impacted by this include\u003cbr\u003ei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\u003cbr\u003ei2d_PKCS7_bio_stream.\u003cbr\u003e\u003cbr\u003eThe OpenSSL cms and smime command line applications are similarly affected.\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Moderate"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "use-after-free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-24T14:43:53.180Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230207.txt"
        },
        {
          "name": "3.0.8 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd"
        },
        {
          "name": "1.1.1t git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344"
        },
        {
          "name": "1.0.2zg patch (premium)",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0009/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Use-after-free following BIO_new_NDEF",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-0215",
    "datePublished": "2023-02-08T19:03:28.691Z",
    "dateReserved": "2023-01-11T11:59:16.647Z",
    "dateUpdated": "2024-08-02T05:02:43.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-5135
Vulnerability from cvelistv5
Published
2007-09-27 20:00
Modified
2024-08-07 15:17
Severity
Summary
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
References
URLTags
https://bugs.gentoo.org/show_bug.cgi?id=194039x_refsource_MISC
http://www.securityfocus.com/archive/1/484353/100/0/threadedvendor-advisory, x_refsource_HP
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/archive/1/481217/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241x_refsource_CONFIRM
http://secunia.com/advisories/27205third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27097third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/2362vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1018755vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/31489third-party-advisory, x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.htmlvendor-advisory, x_refsource_APPLE
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.htmlvendor-advisory, x_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2007-1003.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/29242third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2007:193vendor-advisory, x_refsource_MANDRIVA
https://issues.rpath.com/browse/RPL-1770x_refsource_CONFIRM
http://secunia.com/advisories/27186third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27851third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/2268vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/30124third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/27394third-party-advisory, x_refsource_SECUNIA
http://www.openbsd.org/errata41.htmlvendor-advisory, x_refsource_OPENBSD
http://www.securityfocus.com/archive/1/481506/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/archive/1/485936/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/31308third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22130third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27031third-party-advisory, x_refsource_SECUNIA
http://lists.vmware.com/pipermail/security-announce/2008/000002.htmlmailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2007/3625vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/480855/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.ascvendor-advisory, x_refsource_FREEBSD
https://usn.ubuntu.com/522-1/vendor-advisory, x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2008/2361vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/27217third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31467third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27961third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-0964.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/27870third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/25831vdb-entry, x_refsource_BID
http://www.debian.org/security/2007/dsa-1379vendor-advisory, x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2007/4042vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/481488/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/27330third-party-advisory, x_refsource_SECUNIA
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038x_refsource_CONFIRM
http://secunia.com/advisories/30161third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xmlvendor-advisory, x_refsource_GENTOO
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2008-0013.htmlx_refsource_CONFIRM
http://secunia.com/advisories/28368third-party-advisory, x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1769x_refsource_CONFIRM
http://secunia.com/advisories/27012third-party-advisory, x_refsource_SECUNIA
http://securityreason.com/securityalert/3179third-party-advisory, x_refsource_SREASON
http://support.avaya.com/elmodocs2/security/ASA-2007-485.htmx_refsource_CONFIRM
http://secunia.com/advisories/27229third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27051third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31326third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27078third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200710-06.xmlvendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/archive/1/484353/100/0/threadedvendor-advisory, x_refsource_HP
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.ascvendor-advisory, x_refsource_NETBSD
http://www.openssl.org/news/secadv_20071012.txtx_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1vendor-advisory, x_refsource_SUNALERT
http://www.openbsd.org/errata40.htmlvendor-advisory, x_refsource_OPENBSD
http://www.openbsd.org/errata42.htmlvendor-advisory, x_refsource_OPENBSD
https://exchange.xforce.ibmcloud.com/vulnerabilities/36837vdb-entry, x_refsource_XF
http://www.redhat.com/support/errata/RHSA-2007-0813.htmlvendor-advisory, x_refsource_REDHAT
http://www.novell.com/linux/security/advisories/2007_20_sr.htmlvendor-advisory, x_refsource_SUSE
http://www.vupen.com/english/advisories/2007/3325vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/4144vdb-entry, x_refsource_VUPEN
http://www.vmware.com/security/advisories/VMSA-2008-0001.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/0064vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/27021third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1vendor-advisory, x_refsource_SUNALERT
http://www.securityfocus.com/archive/1/486859/100/0/threadedmailing-list, x_refsource_BUGTRAQ
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:17:28.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/show_bug.cgi?id=194039"
          },
          {
            "name": "HPSBUX02292",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:5337",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337"
          },
          {
            "name": "20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481217/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241"
          },
          {
            "name": "27205",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27205"
          },
          {
            "name": "27097",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27097"
          },
          {
            "name": "ADV-2008-2362",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2362"
          },
          {
            "name": "1018755",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018755"
          },
          {
            "name": "31489",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31489"
          },
          {
            "name": "APPLE-SA-2008-07-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
          },
          {
            "name": "FEDORA-2007-725",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html"
          },
          {
            "name": "RHSA-2007:1003",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html"
          },
          {
            "name": "29242",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29242"
          },
          {
            "name": "MDKSA-2007:193",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1770"
          },
          {
            "name": "27186",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27186"
          },
          {
            "name": "27851",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27851"
          },
          {
            "name": "ADV-2008-2268",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2268"
          },
          {
            "name": "30124",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "name": "SUSE-SR:2008:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
          },
          {
            "name": "27394",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27394"
          },
          {
            "name": "[4.1] 011: SECURITY FIX: October 10, 2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/errata41.html"
          },
          {
            "name": "20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481506/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:10904",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904"
          },
          {
            "name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
          },
          {
            "name": "31308",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31308"
          },
          {
            "name": "22130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "name": "27031",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27031"
          },
          {
            "name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
          },
          {
            "name": "ADV-2007-3625",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3625"
          },
          {
            "name": "20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/480855/100/0/threaded"
          },
          {
            "name": "FreeBSD-SA-07:08",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc"
          },
          {
            "name": "USN-522-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/522-1/"
          },
          {
            "name": "ADV-2008-2361",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2361"
          },
          {
            "name": "27217",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27217"
          },
          {
            "name": "31467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31467"
          },
          {
            "name": "27961",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27961"
          },
          {
            "name": "RHSA-2007:0964",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
          },
          {
            "name": "27870",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27870"
          },
          {
            "name": "25831",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25831"
          },
          {
            "name": "DSA-1379",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1379"
          },
          {
            "name": "ADV-2007-4042",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4042"
          },
          {
            "name": "20071003 FLEA-2007-0058-1 openssl openssl-scripts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481488/100/0/threaded"
          },
          {
            "name": "27330",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27330"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038"
          },
          {
            "name": "30161",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30161"
          },
          {
            "name": "GLSA-200805-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
          },
          {
            "name": "28368",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28368"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1769"
          },
          {
            "name": "27012",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27012"
          },
          {
            "name": "3179",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3179"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"
          },
          {
            "name": "27229",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27229"
          },
          {
            "name": "27051",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27051"
          },
          {
            "name": "31326",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31326"
          },
          {
            "name": "27078",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27078"
          },
          {
            "name": "GLSA-200710-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
          },
          {
            "name": "SSRT071499",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
          },
          {
            "name": "NetBSD-SA2008-007",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20071012.txt"
          },
          {
            "name": "200858",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1"
          },
          {
            "name": "[4.0] 017: SECURITY FIX: October 10, 2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/errata40.html"
          },
          {
            "name": "[4.2] 002: SECURITY FIX: October 10, 2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/errata42.html"
          },
          {
            "name": "openssl-sslgetshared-bo(36837)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837"
          },
          {
            "name": "RHSA-2007:0813",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html"
          },
          {
            "name": "SUSE-SR:2007:020",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
          },
          {
            "name": "ADV-2007-3325",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3325"
          },
          {
            "name": "ADV-2007-4144",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
          },
          {
            "name": "ADV-2008-0064",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0064"
          },
          {
            "name": "27021",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27021"
          },
          {
            "name": "103130",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1"
          },
          {
            "name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.  NOTE: this issue was introduced as a result of a fix for CVE-2006-3738.  As of 20071012, it is unknown whether code execution is possible."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.gentoo.org/show_bug.cgi?id=194039"
        },
        {
          "name": "HPSBUX02292",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:5337",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337"
        },
        {
          "name": "20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481217/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241"
        },
        {
          "name": "27205",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27205"
        },
        {
          "name": "27097",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27097"
        },
        {
          "name": "ADV-2008-2362",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2362"
        },
        {
          "name": "1018755",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018755"
        },
        {
          "name": "31489",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31489"
        },
        {
          "name": "APPLE-SA-2008-07-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
        },
        {
          "name": "FEDORA-2007-725",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html"
        },
        {
          "name": "RHSA-2007:1003",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html"
        },
        {
          "name": "29242",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29242"
        },
        {
          "name": "MDKSA-2007:193",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1770"
        },
        {
          "name": "27186",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27186"
        },
        {
          "name": "27851",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27851"
        },
        {
          "name": "ADV-2008-2268",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2268"
        },
        {
          "name": "30124",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30124"
        },
        {
          "name": "SUSE-SR:2008:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
        },
        {
          "name": "27394",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27394"
        },
        {
          "name": "[4.1] 011: SECURITY FIX: October 10, 2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://www.openbsd.org/errata41.html"
        },
        {
          "name": "20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481506/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:10904",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904"
        },
        {
          "name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
        },
        {
          "name": "31308",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31308"
        },
        {
          "name": "22130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22130"
        },
        {
          "name": "27031",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27031"
        },
        {
          "name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
        },
        {
          "name": "ADV-2007-3625",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3625"
        },
        {
          "name": "20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/480855/100/0/threaded"
        },
        {
          "name": "FreeBSD-SA-07:08",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc"
        },
        {
          "name": "USN-522-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/522-1/"
        },
        {
          "name": "ADV-2008-2361",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2361"
        },
        {
          "name": "27217",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27217"
        },
        {
          "name": "31467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31467"
        },
        {
          "name": "27961",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27961"
        },
        {
          "name": "RHSA-2007:0964",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
        },
        {
          "name": "27870",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27870"
        },
        {
          "name": "25831",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25831"
        },
        {
          "name": "DSA-1379",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1379"
        },
        {
          "name": "ADV-2007-4042",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4042"
        },
        {
          "name": "20071003 FLEA-2007-0058-1 openssl openssl-scripts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481488/100/0/threaded"
        },
        {
          "name": "27330",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27330"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038"
        },
        {
          "name": "30161",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30161"
        },
        {
          "name": "GLSA-200805-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
        },
        {
          "name": "28368",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28368"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1769"
        },
        {
          "name": "27012",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27012"
        },
        {
          "name": "3179",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3179"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"
        },
        {
          "name": "27229",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27229"
        },
        {
          "name": "27051",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27051"
        },
        {
          "name": "31326",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31326"
        },
        {
          "name": "27078",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27078"
        },
        {
          "name": "GLSA-200710-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
        },
        {
          "name": "SSRT071499",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
        },
        {
          "name": "NetBSD-SA2008-007",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20071012.txt"
        },
        {
          "name": "200858",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1"
        },
        {
          "name": "[4.0] 017: SECURITY FIX: October 10, 2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://www.openbsd.org/errata40.html"
        },
        {
          "name": "[4.2] 002: SECURITY FIX: October 10, 2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://www.openbsd.org/errata42.html"
        },
        {
          "name": "openssl-sslgetshared-bo(36837)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837"
        },
        {
          "name": "RHSA-2007:0813",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html"
        },
        {
          "name": "SUSE-SR:2007:020",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
        },
        {
          "name": "ADV-2007-3325",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3325"
        },
        {
          "name": "ADV-2007-4144",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
        },
        {
          "name": "ADV-2008-0064",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0064"
        },
        {
          "name": "27021",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27021"
        },
        {
          "name": "103130",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1"
        },
        {
          "name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5135",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.  NOTE: this issue was introduced as a result of a fix for CVE-2006-3738.  As of 20071012, it is unknown whether code execution is possible."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.gentoo.org/show_bug.cgi?id=194039",
              "refsource": "MISC",
              "url": "https://bugs.gentoo.org/show_bug.cgi?id=194039"
            },
            {
              "name": "HPSBUX02292",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:5337",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337"
            },
            {
              "name": "20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481217/100/0/threaded"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241"
            },
            {
              "name": "27205",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27205"
            },
            {
              "name": "27097",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27097"
            },
            {
              "name": "ADV-2008-2362",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2362"
            },
            {
              "name": "1018755",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018755"
            },
            {
              "name": "31489",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31489"
            },
            {
              "name": "APPLE-SA-2008-07-31",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
            },
            {
              "name": "FEDORA-2007-725",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html"
            },
            {
              "name": "RHSA-2007:1003",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html"
            },
            {
              "name": "29242",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29242"
            },
            {
              "name": "MDKSA-2007:193",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1770",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1770"
            },
            {
              "name": "27186",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27186"
            },
            {
              "name": "27851",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27851"
            },
            {
              "name": "ADV-2008-2268",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2268"
            },
            {
              "name": "30124",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30124"
            },
            {
              "name": "SUSE-SR:2008:005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
            },
            {
              "name": "27394",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27394"
            },
            {
              "name": "[4.1] 011: SECURITY FIX: October 10, 2007",
              "refsource": "OPENBSD",
              "url": "http://www.openbsd.org/errata41.html"
            },
            {
              "name": "20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481506/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:10904",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904"
            },
            {
              "name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
            },
            {
              "name": "31308",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31308"
            },
            {
              "name": "22130",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22130"
            },
            {
              "name": "27031",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27031"
            },
            {
              "name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
            },
            {
              "name": "ADV-2007-3625",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3625"
            },
            {
              "name": "20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/480855/100/0/threaded"
            },
            {
              "name": "FreeBSD-SA-07:08",
              "refsource": "FREEBSD",
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc"
            },
            {
              "name": "USN-522-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/522-1/"
            },
            {
              "name": "ADV-2008-2361",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2361"
            },
            {
              "name": "27217",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27217"
            },
            {
              "name": "31467",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31467"
            },
            {
              "name": "27961",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27961"
            },
            {
              "name": "RHSA-2007:0964",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
            },
            {
              "name": "27870",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27870"
            },
            {
              "name": "25831",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25831"
            },
            {
              "name": "DSA-1379",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1379"
            },
            {
              "name": "ADV-2007-4042",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4042"
            },
            {
              "name": "20071003 FLEA-2007-0058-1 openssl openssl-scripts",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481488/100/0/threaded"
            },
            {
              "name": "27330",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27330"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038",
              "refsource": "CONFIRM",
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038"
            },
            {
              "name": "30161",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30161"
            },
            {
              "name": "GLSA-200805-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037",
              "refsource": "CONFIRM",
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
            },
            {
              "name": "28368",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28368"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1769",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1769"
            },
            {
              "name": "27012",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27012"
            },
            {
              "name": "3179",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3179"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"
            },
            {
              "name": "27229",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27229"
            },
            {
              "name": "27051",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27051"
            },
            {
              "name": "31326",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31326"
            },
            {
              "name": "27078",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27078"
            },
            {
              "name": "GLSA-200710-06",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
            },
            {
              "name": "SSRT071499",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
            },
            {
              "name": "NetBSD-SA2008-007",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20071012.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20071012.txt"
            },
            {
              "name": "200858",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1"
            },
            {
              "name": "[4.0] 017: SECURITY FIX: October 10, 2007",
              "refsource": "OPENBSD",
              "url": "http://www.openbsd.org/errata40.html"
            },
            {
              "name": "[4.2] 002: SECURITY FIX: October 10, 2007",
              "refsource": "OPENBSD",
              "url": "http://www.openbsd.org/errata42.html"
            },
            {
              "name": "openssl-sslgetshared-bo(36837)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837"
            },
            {
              "name": "RHSA-2007:0813",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html"
            },
            {
              "name": "SUSE-SR:2007:020",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
            },
            {
              "name": "ADV-2007-3325",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3325"
            },
            {
              "name": "ADV-2007-4144",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4144"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
            },
            {
              "name": "ADV-2008-0064",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0064"
            },
            {
              "name": "27021",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27021"
            },
            {
              "name": "103130",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1"
            },
            {
              "name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5135",
    "datePublished": "2007-09-27T20:00:00",
    "dateReserved": "2007-09-27T00:00:00",
    "dateUpdated": "2024-08-07T15:17:28.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-3446
Vulnerability from cvelistv5
Published
2023-07-19 11:31
Modified
2024-08-02 06:55
Severity
Summary
Excessive time spent checking DH keys and parameters
References
URLTags
https://www.openssl.org/news/secadv/20230719.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740ebpatch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839cpatch
http://www.openwall.com/lists/oss-security/2023/07/19/4
http://www.openwall.com/lists/oss-security/2023/07/19/5
http://www.openwall.com/lists/oss-security/2023/07/19/6
http://www.openwall.com/lists/oss-security/2023/07/31/1
https://security.netapp.com/advisory/ntap-20230803-0011/
https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html
https://security.gentoo.org/glsa/202402-08
http://www.openwall.com/lists/oss-security/2024/05/16/1
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:55:03.577Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230719.txt"
          },
          {
            "name": "3.1.2 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23"
          },
          {
            "name": "3.0.10 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb"
          },
          {
            "name": "1.1.1v git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528"
          },
          {
            "name": "1.0.2zi patch (premium)",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/19/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/19/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/19/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/31/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230803-0011/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/16/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.1.2",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.10",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1v",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zi",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "OSSfuzz"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Matt Caswell"
        }
      ],
      "datePublic": "2023-07-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the functions DH_check(), DH_check_ex()\u003cbr\u003eor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\u003cbr\u003edelays. Where the key or parameters that are being checked have been obtained\u003cbr\u003efrom an untrusted source this may lead to a Denial of Service.\u003cbr\u003e\u003cbr\u003eThe function DH_check() performs various checks on DH parameters. One of those\u003cbr\u003echecks confirms that the modulus (\u0027p\u0027 parameter) is not too large. Trying to use\u003cbr\u003ea very large modulus is slow and OpenSSL will not normally use a modulus which\u003cbr\u003eis over 10,000 bits in length.\u003cbr\u003e\u003cbr\u003eHowever the DH_check() function checks numerous aspects of the key or parameters\u003cbr\u003ethat have been supplied. Some of those checks use the supplied modulus value\u003cbr\u003eeven if it has already been found to be too large.\u003cbr\u003e\u003cbr\u003eAn application that calls DH_check() and supplies a key or parameters obtained\u003cbr\u003efrom an untrusted source could be vulernable to a Denial of Service attack.\u003cbr\u003e\u003cbr\u003eThe function DH_check() is itself called by a number of other OpenSSL functions.\u003cbr\u003eAn application calling any of those other functions may similarly be affected.\u003cbr\u003eThe other functions affected by this are DH_check_ex() and\u003cbr\u003eEVP_PKEY_param_check().\u003cbr\u003e\u003cbr\u003eAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\u003cbr\u003ewhen using the \u0027-check\u0027 option.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue."
            }
          ],
          "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus (\u0027p\u0027 parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \u0027-check\u0027 option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Excessive Iteration",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-19T11:31:34.994Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230719.txt"
        },
        {
          "name": "3.1.2 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23"
        },
        {
          "name": "3.0.10 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb"
        },
        {
          "name": "1.1.1v git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528"
        },
        {
          "name": "1.0.2zi patch (premium)",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/19/4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/19/5"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/19/6"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/31/1"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230803-0011/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/05/16/1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Excessive time spent checking DH keys and parameters",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-3446",
    "datePublished": "2023-07-19T11:31:34.994Z",
    "dateReserved": "2023-06-28T14:21:39.968Z",
    "dateUpdated": "2024-08-02T06:55:03.577Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-4252
Vulnerability from cvelistv5
Published
2010-12-06 21:00
Modified
2024-08-07 03:34
Severity
Summary
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.
References
URLTags
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564x_refsource_CONFIRM
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471vendor-advisory, x_refsource_SLACKWARE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039vdb-entry, signature, x_refsource_OVAL
http://www.vupen.com/english/advisories/2010/3120vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/3122vdb-entry, x_refsource_VUPEN
http://cvs.openssl.org/chngview?cn=20098x_refsource_CONFIRM
http://secunia.com/advisories/42469third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=130497251507577&w=2vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/45163vdb-entry, x_refsource_BID
http://securitytracker.com/id?1024823vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=129916880600544&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/57353third-party-advisory, x_refsource_SECUNIA
http://openssl.org/news/secadv_20101202.txtx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=130497251507577&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=129916880600544&w=2vendor-advisory, x_refsource_HP
https://github.com/seb-m/jpakex_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=659297x_refsource_CONFIRM
http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdfx_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:34:37.850Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "SSA:2010-340-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471"
          },
          {
            "name": "oval:org.mitre.oval:def:19039",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039"
          },
          {
            "name": "ADV-2010-3120",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3120"
          },
          {
            "name": "ADV-2010-3122",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3122"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=20098"
          },
          {
            "name": "42469",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42469"
          },
          {
            "name": "SSRT100475",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
          },
          {
            "name": "45163",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45163"
          },
          {
            "name": "1024823",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024823"
          },
          {
            "name": "HPSBUX02638",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv_20101202.txt"
          },
          {
            "name": "HPSBOV02670",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
          },
          {
            "name": "SSRT100339",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/seb-m/jpake"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659297"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "SSA:2010-340-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471"
        },
        {
          "name": "oval:org.mitre.oval:def:19039",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039"
        },
        {
          "name": "ADV-2010-3120",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3120"
        },
        {
          "name": "ADV-2010-3122",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3122"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=20098"
        },
        {
          "name": "42469",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42469"
        },
        {
          "name": "SSRT100475",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
        },
        {
          "name": "45163",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45163"
        },
        {
          "name": "1024823",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024823"
        },
        {
          "name": "HPSBUX02638",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://openssl.org/news/secadv_20101202.txt"
        },
        {
          "name": "HPSBOV02670",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
        },
        {
          "name": "SSRT100339",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/seb-m/jpake"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659297"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-4252",
    "datePublished": "2010-12-06T21:00:00",
    "dateReserved": "2010-11-16T00:00:00",
    "dateUpdated": "2024-08-07T03:34:37.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-0590
Vulnerability from cvelistv5
Published
2009-03-27 16:00
Modified
2024-08-07 04:40
Severity
Summary
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
References
URLTags
http://marc.info/?l=bugtraq&m=124464882609472&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2009/0850vdb-entry, x_refsource_VUPEN
http://securitytracker.com/id?1021905vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/34896third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:087vendor-advisory, x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2009/1175vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/42724third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/502429/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.htmlvendor-advisory, x_refsource_SUSE
http://wiki.rpath.com/Advisories:rPSA-2009-0057x_refsource_CONFIRM
http://www.debian.org/security/2009/dsa-1763vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/38794third-party-advisory, x_refsource_SECUNIA
http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlmailing-list, x_refsource_MLIST
http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847x_refsource_CONFIRM
http://secunia.com/advisories/34960third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.htmlvendor-advisory, x_refsource_SUSE
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057x_refsource_MISC
http://secunia.com/advisories/34666third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-750-1vendor-advisory, x_refsource_UBUNTU
http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://marc.info/?l=bugtraq&m=124464882609472&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2009/1020vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/35729third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2009-1335.htmlvendor-advisory, x_refsource_REDHAT
http://www.osvdb.org/52864vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/34561third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35380third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=127678688104458&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/42467third-party-advisory, x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/35065third-party-advisory, x_refsource_SECUNIA
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlmailing-list, x_refsource_MLIST
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/36533third-party-advisory, x_refsource_SECUNIA
http://www.php.net/archive/2009.php#id2009-04-08-1x_refsource_CONFIRM
http://secunia.com/advisories/34411third-party-advisory, x_refsource_SECUNIA
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.ascvendor-advisory, x_refsource_NETBSD
http://www.securityfocus.com/archive/1/515055/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/34509third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/49431vdb-entry, x_refsource_XF
http://secunia.com/advisories/35181third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/38834third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlvendor-advisory, x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996vdb-entry, signature, x_refsource_OVAL
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlmailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2010/3126vdb-entry, x_refsource_VUPEN
http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.htmlx_refsource_CONFIRM
http://support.apple.com/kb/HT3865x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/1220vdb-entry, x_refsource_VUPEN
http://www.openssl.org/news/secadv_20090325.txtx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/1548vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/36701third-party-advisory, x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2009-172.htmx_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2010-0019.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=125017764422557&w=2vendor-advisory, x_refsource_HP
https://kb.bluecoat.com/index?page=content&id=SA50x_refsource_CONFIRM
http://secunia.com/advisories/34460third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=125017764422557&w=2vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/34256vdb-entry, x_refsource_BID
http://secunia.com/advisories/42733third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0528vdb-entry, x_refsource_VUPEN
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:40:04.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT090059",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
          },
          {
            "name": "ADV-2009-0850",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0850"
          },
          {
            "name": "1021905",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021905"
          },
          {
            "name": "34896",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34896"
          },
          {
            "name": "MDVSA-2009:087",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:087"
          },
          {
            "name": "ADV-2009-1175",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1175"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "20090403 rPSA-2009-0057-1 m2crypto openssl openssl-scripts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/502429/100/0/threaded"
          },
          {
            "name": "SUSE-SU-2011:0847",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0057"
          },
          {
            "name": "DSA-1763",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1763"
          },
          {
            "name": "38794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
          },
          {
            "name": "34960",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34960"
          },
          {
            "name": "openSUSE-SU-2011:0845",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057"
          },
          {
            "name": "34666",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34666"
          },
          {
            "name": "USN-750-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-750-1"
          },
          {
            "name": "FreeBSD-SA-09:08",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc"
          },
          {
            "name": "HPSBUX02435",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
          },
          {
            "name": "ADV-2009-1020",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1020"
          },
          {
            "name": "35729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35729"
          },
          {
            "name": "RHSA-2009:1335",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
          },
          {
            "name": "52864",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/52864"
          },
          {
            "name": "34561",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34561"
          },
          {
            "name": "35380",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35380"
          },
          {
            "name": "HPSBOV02540",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
          },
          {
            "name": "42467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42467"
          },
          {
            "name": "APPLE-SA-2009-09-10-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
          },
          {
            "name": "35065",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35065"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10198",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198"
          },
          {
            "name": "36533",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36533"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
          },
          {
            "name": "34411",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34411"
          },
          {
            "name": "NetBSD-SA2009-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
          },
          {
            "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
          },
          {
            "name": "34509",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34509"
          },
          {
            "name": "openssl-asn1-stringprintex-dos(49431)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49431"
          },
          {
            "name": "35181",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35181"
          },
          {
            "name": "258048",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1"
          },
          {
            "name": "38834",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "name": "SUSE-SR:2009:010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6996",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
          },
          {
            "name": "ADV-2010-3126",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3126"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3865"
          },
          {
            "name": "ADV-2009-1220",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1220"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20090325.txt"
          },
          {
            "name": "ADV-2009-1548",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1548"
          },
          {
            "name": "36701",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36701"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
          },
          {
            "name": "HPSBMA02447",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "34460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34460"
          },
          {
            "name": "SSRT090062",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
          },
          {
            "name": "34256",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34256"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "ADV-2010-0528",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SSRT090059",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
        },
        {
          "name": "ADV-2009-0850",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0850"
        },
        {
          "name": "1021905",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021905"
        },
        {
          "name": "34896",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34896"
        },
        {
          "name": "MDVSA-2009:087",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:087"
        },
        {
          "name": "ADV-2009-1175",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1175"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "20090403 rPSA-2009-0057-1 m2crypto openssl openssl-scripts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/502429/100/0/threaded"
        },
        {
          "name": "SUSE-SU-2011:0847",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0057"
        },
        {
          "name": "DSA-1763",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1763"
        },
        {
          "name": "38794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38794"
        },
        {
          "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
        },
        {
          "name": "34960",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34960"
        },
        {
          "name": "openSUSE-SU-2011:0845",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057"
        },
        {
          "name": "34666",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34666"
        },
        {
          "name": "USN-750-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-750-1"
        },
        {
          "name": "FreeBSD-SA-09:08",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc"
        },
        {
          "name": "HPSBUX02435",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
        },
        {
          "name": "ADV-2009-1020",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1020"
        },
        {
          "name": "35729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35729"
        },
        {
          "name": "RHSA-2009:1335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
        },
        {
          "name": "52864",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/52864"
        },
        {
          "name": "34561",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34561"
        },
        {
          "name": "35380",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35380"
        },
        {
          "name": "HPSBOV02540",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
        },
        {
          "name": "42467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42467"
        },
        {
          "name": "APPLE-SA-2009-09-10-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
        },
        {
          "name": "35065",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35065"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10198",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198"
        },
        {
          "name": "36533",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36533"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
        },
        {
          "name": "34411",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34411"
        },
        {
          "name": "NetBSD-SA2009-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
        },
        {
          "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
        },
        {
          "name": "34509",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34509"
        },
        {
          "name": "openssl-asn1-stringprintex-dos(49431)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49431"
        },
        {
          "name": "35181",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35181"
        },
        {
          "name": "258048",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1"
        },
        {
          "name": "38834",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38834"
        },
        {
          "name": "SUSE-SR:2009:010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6996",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
        },
        {
          "name": "ADV-2010-3126",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3126"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3865"
        },
        {
          "name": "ADV-2009-1220",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1220"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20090325.txt"
        },
        {
          "name": "ADV-2009-1548",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1548"
        },
        {
          "name": "36701",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36701"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
        },
        {
          "name": "HPSBMA02447",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "34460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34460"
        },
        {
          "name": "SSRT090062",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
        },
        {
          "name": "34256",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34256"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "ADV-2010-0528",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0528"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-0590",
    "datePublished": "2009-03-27T16:00:00",
    "dateReserved": "2009-02-13T00:00:00",
    "dateUpdated": "2024-08-07T04:40:04.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-1793
Vulnerability from cvelistv5
Published
2015-07-09 19:00
Modified
2024-08-06 04:54
Severity
Summary
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
References
URLTags
http://marc.info/?l=bugtraq&m=143880121627664&w=2vendor-advisory, x_refsource_HP
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825x_refsource_CONFIRM
http://www.securitytracker.com/id/1032817vdb-entry, x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlx_refsource_CONFIRM
https://security.gentoo.org/glsa/201507-15vendor-advisory, x_refsource_GENTOO
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htmx_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlx_refsource_CONFIRM
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-opensslvendor-advisory, x_refsource_CISCO
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8x_refsource_CONFIRM
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.ascvendor-advisory, x_refsource_FREEBSD
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.htmlvendor-advisory, x_refsource_FEDORA
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlx_refsource_CONFIRM
http://openssl.org/news/secadv_20150709.txtx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixesx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144370846326989&w=2vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.htmlvendor-advisory, x_refsource_FEDORA
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgeryx_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10125x_refsource_CONFIRM
http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgeryx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/91787vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=143880121627664&w=2vendor-advisory, x_refsource_HP
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763x_refsource_CONFIRM
http://www.securityfocus.com/bid/75652vdb-entry, x_refsource_BID
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694x_refsource_CONFIRM
https://www.exploit-db.com/exploits/38640/exploit, x_refsource_EXPLOIT-DB
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.561427vendor-advisory, x_refsource_SLACKWARE
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.ascvendor-advisory, x_refsource_NETBSD
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:54:16.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT102180",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825"
          },
          {
            "name": "1032817",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032817"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "GLSA-201507-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201507-15"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8"
          },
          {
            "name": "FreeBSD-SA-15:12",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
          },
          {
            "name": "FEDORA-2015-11414",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv_20150709.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
          },
          {
            "name": "HPSBGN03424",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144370846326989\u0026w=2"
          },
          {
            "name": "FEDORA-2015-11475",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10125"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "HPSBUX03388",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
          },
          {
            "name": "75652",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75652"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
          },
          {
            "name": "38640",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/38640/"
          },
          {
            "name": "SSA:2015-190-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.561427"
          },
          {
            "name": "NetBSD-SA2015-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-30T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SSRT102180",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825"
        },
        {
          "name": "1032817",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032817"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "GLSA-201507-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201507-15"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8"
        },
        {
          "name": "FreeBSD-SA-15:12",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
        },
        {
          "name": "FEDORA-2015-11414",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://openssl.org/news/secadv_20150709.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
        },
        {
          "name": "HPSBGN03424",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144370846326989\u0026w=2"
        },
        {
          "name": "FEDORA-2015-11475",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10125"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "HPSBUX03388",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
        },
        {
          "name": "75652",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75652"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
        },
        {
          "name": "38640",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/38640/"
        },
        {
          "name": "SSA:2015-190-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.561427"
        },
        {
          "name": "NetBSD-SA2015-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-1793",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SSRT102180",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
            },
            {
              "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825",
              "refsource": "CONFIRM",
              "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825"
            },
            {
              "name": "1032817",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032817"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "GLSA-201507-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201507-15"
            },
            {
              "name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm",
              "refsource": "CONFIRM",
              "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
            },
            {
              "name": "20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl"
            },
            {
              "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8"
            },
            {
              "name": "FreeBSD-SA-15:12",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
            },
            {
              "name": "FEDORA-2015-11414",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "http://openssl.org/news/secadv_20150709.txt",
              "refsource": "CONFIRM",
              "url": "http://openssl.org/news/secadv_20150709.txt"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
            },
            {
              "name": "HPSBGN03424",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144370846326989\u0026w=2"
            },
            {
              "name": "FEDORA-2015-11475",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html"
            },
            {
              "name": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery",
              "refsource": "CONFIRM",
              "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10125",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10125"
            },
            {
              "name": "http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery",
              "refsource": "CONFIRM",
              "url": "http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
            },
            {
              "name": "91787",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91787"
            },
            {
              "name": "HPSBUX03388",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
            },
            {
              "name": "75652",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75652"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
            },
            {
              "name": "38640",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/38640/"
            },
            {
              "name": "SSA:2015-190-01",
              "refsource": "SLACKWARE",
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.561427"
            },
            {
              "name": "NetBSD-SA2015-008",
              "refsource": "NETBSD",
              "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-1793",
    "datePublished": "2015-07-09T19:00:00",
    "dateReserved": "2015-02-17T00:00:00",
    "dateUpdated": "2024-08-06T04:54:16.256Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3864
Vulnerability from cvelistv5
Published
2010-11-17 15:00
Modified
2024-08-07 03:26
Severity
Summary
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
References
URLTags
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051170.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=132828103218869&w=2vendor-advisory, x_refsource_HP
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793vendor-advisory, x_refsource_SLACKWARE
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/3041vdb-entry, x_refsource_VUPEN
http://support.apple.com/kb/HT4723x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=132828103218869&w=2vendor-advisory, x_refsource_HP
http://securitytracker.com/id?1024743vdb-entry, x_refsource_SECTRACK
http://blogs.sun.com/security/entry/cve_2010_3864_race_conditionx_refsource_CONFIRM
http://secunia.com/advisories/42413third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.htmlvendor-advisory, x_refsource_FEDORA
http://openssl.org/news/secadv_20101116.txtx_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.htmlvendor-advisory, x_refsource_SUSE
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlmailing-list, x_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.htmlvendor-advisory, x_refsource_FEDORA
http://www.kb.cert.org/vuls/id/737740third-party-advisory, x_refsource_CERT-VN
https://rhn.redhat.com/errata/RHSA-2010-0888.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/42397third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=130497251507577&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/42241third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=649304x_refsource_CONFIRM
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777vendor-advisory, x_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=129916880600544&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/57353third-party-advisory, x_refsource_SECUNIA
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlmailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2010/3097vdb-entry, x_refsource_VUPEN
http://www.adobe.com/support/security/bulletins/apsb11-11.htmlx_refsource_CONFIRM
http://secunia.com/advisories/42336third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/42309third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/3077vdb-entry, x_refsource_VUPEN
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://secunia.com/advisories/44269third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/43312third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlx_refsource_CONFIRM
http://secunia.com/advisories/42243third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=130497251507577&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2010/3121vdb-entry, x_refsource_VUPEN
http://marc.info/?l=bugtraq&m=129916880600544&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/42352third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/516397/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.debian.org/security/2010/dsa-2125vendor-advisory, x_refsource_DEBIAN
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:26:11.631Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2010-17827",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051170.html"
          },
          {
            "name": "HPSBGN02740",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132828103218869\u0026w=2"
          },
          {
            "name": "SSA:2010-326-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668793"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "ADV-2010-3041",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3041"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4723"
          },
          {
            "name": "SSRT100741",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132828103218869\u0026w=2"
          },
          {
            "name": "1024743",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024743"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.sun.com/security/entry/cve_2010_3864_race_condition"
          },
          {
            "name": "42413",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42413"
          },
          {
            "name": "FEDORA-2010-17826",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv_20101116.txt"
          },
          {
            "name": "APPLE-SA-2011-06-23-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
          },
          {
            "name": "SUSE-SR:2010:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
          },
          {
            "name": "FEDORA-2010-17847",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.html"
          },
          {
            "name": "VU#737740",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/737740"
          },
          {
            "name": "RHSA-2010:0888",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0888.html"
          },
          {
            "name": "42397",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42397"
          },
          {
            "name": "SSRT100475",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
          },
          {
            "name": "42241",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42241"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=649304"
          },
          {
            "name": "HPSBMA02658",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
          },
          {
            "name": "SSRT100413",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
          },
          {
            "name": "HPSBUX02638",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
          },
          {
            "name": "ADV-2010-3097",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3097"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-11.html"
          },
          {
            "name": "42336",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42336"
          },
          {
            "name": "42309",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42309"
          },
          {
            "name": "ADV-2010-3077",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3077"
          },
          {
            "name": "FreeBSD-SA-10:10",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc"
          },
          {
            "name": "44269",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44269"
          },
          {
            "name": "43312",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43312"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "42243",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42243"
          },
          {
            "name": "HPSBOV02670",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
          },
          {
            "name": "ADV-2010-3121",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3121"
          },
          {
            "name": "SSRT100339",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2"
          },
          {
            "name": "42352",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42352"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "DSA-2125",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2125"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-11-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2010-17827",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051170.html"
        },
        {
          "name": "HPSBGN02740",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132828103218869\u0026w=2"
        },
        {
          "name": "SSA:2010-326-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668793"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "ADV-2010-3041",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3041"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4723"
        },
        {
          "name": "SSRT100741",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132828103218869\u0026w=2"
        },
        {
          "name": "1024743",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024743"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.sun.com/security/entry/cve_2010_3864_race_condition"
        },
        {
          "name": "42413",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42413"
        },
        {
          "name": "FEDORA-2010-17826",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://openssl.org/news/secadv_20101116.txt"
        },
        {
          "name": "APPLE-SA-2011-06-23-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
        },
        {
          "name": "SUSE-SR:2010:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
        },
        {
          "name": "FEDORA-2010-17847",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.html"
        },
        {
          "name": "VU#737740",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/737740"
        },
        {
          "name": "RHSA-2010:0888",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2010-0888.html"
        },
        {
          "name": "42397",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42397"
        },
        {
          "name": "SSRT100475",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
        },
        {
          "name": "42241",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42241"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=649304"
        },
        {
          "name": "HPSBMA02658",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
        },
        {
          "name": "SSRT100413",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
        },
        {
          "name": "HPSBUX02638",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
        },
        {
          "name": "ADV-2010-3097",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3097"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb11-11.html"
        },
        {
          "name": "42336",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42336"
        },
        {
          "name": "42309",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42309"
        },
        {
          "name": "ADV-2010-3077",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3077"
        },
        {
          "name": "FreeBSD-SA-10:10",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc"
        },
        {
          "name": "44269",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44269"
        },
        {
          "name": "43312",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43312"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "42243",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42243"
        },
        {
          "name": "HPSBOV02670",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
        },
        {
          "name": "ADV-2010-3121",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3121"
        },
        {
          "name": "SSRT100339",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2"
        },
        {
          "name": "42352",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42352"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "DSA-2125",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2125"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-3864",
    "datePublished": "2010-11-17T15:00:00",
    "dateReserved": "2010-10-08T00:00:00",
    "dateUpdated": "2024-08-07T03:26:11.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-4619
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-07 00:09
Severity
Summary
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
References
URLTags
http://secunia.com/advisories/48528third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.htmlvendor-advisory, x_refsource_SUSE
http://www.mandriva.com/security/advisories?name=MDVSA-2012:006vendor-advisory, x_refsource_MANDRIVA
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlvendor-advisory, x_refsource_FEDORA
http://www.openssl.org/news/secadv_20120104.txtx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2012-1308.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2012-1307.htmlvendor-advisory, x_refsource_REDHAT
http://support.apple.com/kb/HT5784x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.kb.cert.org/vuls/id/737740third-party-advisory, x_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=132750648501816&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007vendor-advisory, x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2012-1306.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/57353third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=133728068926468&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=133951357207000&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=132750648501816&w=2vendor-advisory, x_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041vendor-advisory, x_refsource_HP
http://www.debian.org/security/2012/dsa-2390vendor-advisory, x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=133951357207000&w=2vendor-advisory, x_refsource_HP
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.ascx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=133728068926468&w=2vendor-advisory, x_refsource_HP
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:09:19.394Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48528",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48528"
          },
          {
            "name": "HPSBMU02786",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "openSUSE-SU-2012:0083",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
          },
          {
            "name": "MDVSA-2012:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006"
          },
          {
            "name": "FEDORA-2012-18035",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20120104.txt"
          },
          {
            "name": "SUSE-SU-2012:0084",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
          },
          {
            "name": "RHSA-2012:1308",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
          },
          {
            "name": "RHSA-2012:1307",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          },
          {
            "name": "VU#737740",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/737740"
          },
          {
            "name": "HPSBUX02734",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
          },
          {
            "name": "MDVSA-2012:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
          },
          {
            "name": "RHSA-2012:1306",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
          },
          {
            "name": "HPSBOV02793",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "HPSBUX02782",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          },
          {
            "name": "SSRT100891",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "SSRT100852",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "SSRT100729",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
          },
          {
            "name": "SSRT100877",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "name": "DSA-2390",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2390"
          },
          {
            "name": "HPSBMU02776",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
          },
          {
            "name": "SSRT100844",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-08-19T15:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "48528",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48528"
        },
        {
          "name": "HPSBMU02786",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "openSUSE-SU-2012:0083",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
        },
        {
          "name": "MDVSA-2012:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006"
        },
        {
          "name": "FEDORA-2012-18035",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20120104.txt"
        },
        {
          "name": "SUSE-SU-2012:0084",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
        },
        {
          "name": "RHSA-2012:1308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
        },
        {
          "name": "RHSA-2012:1307",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5784"
        },
        {
          "name": "APPLE-SA-2013-06-04-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
        },
        {
          "name": "VU#737740",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/737740"
        },
        {
          "name": "HPSBUX02734",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
        },
        {
          "name": "MDVSA-2012:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
        },
        {
          "name": "RHSA-2012:1306",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
        },
        {
          "name": "HPSBOV02793",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "HPSBUX02782",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
        },
        {
          "name": "SSRT100891",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "SSRT100852",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "name": "SSRT100729",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
        },
        {
          "name": "SSRT100877",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "name": "DSA-2390",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2390"
        },
        {
          "name": "HPSBMU02776",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
        },
        {
          "name": "SSRT100844",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4619",
    "datePublished": "2012-01-06T01:00:00",
    "dateReserved": "2011-11-29T00:00:00",
    "dateUpdated": "2024-08-07T00:09:19.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0131
Vulnerability from cvelistv5
Published
2003-03-21 05:00
Modified
2024-08-08 01:43
Severity
Summary
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."
References
URLTags
http://www.debian.org/security/2003/dsa-288vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2003-101.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2003-102.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=104878215721135&w=2vendor-advisory, x_refsource_TRUSTIX
http://eprint.iacr.org/2003/052/x_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A461vdb-entry, signature, x_refsource_OVAL
http://www.gentoo.org/security/en/glsa/glsa-200303-20.xmlvendor-advisory, x_refsource_GENTOO
https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.htmlvendor-advisory, x_refsource_SUSE
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txtvendor-advisory, x_refsource_CALDERA
http://www.securityfocus.com/bid/7148vdb-entry, x_refsource_BID
http://lists.apple.com/mhonarc/security-announce/msg00028.htmlx_refsource_CONFIRM
http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.htmlvendor-advisory, x_refsource_OPENPKG
http://www.linuxsecurity.com/advisories/immunix_advisory-3066.htmlx_refsource_MISC
http://www.securityfocus.com/archive/1/316577/30/25310/threadedvendor-advisory, x_refsource_IMMUNIX
http://www.openssl.org/news/secadv_20030319.txtx_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.ascvendor-advisory, x_refsource_NETBSD
http://www.mandriva.com/security/advisories?name=MDKSA-2003:035vendor-advisory, x_refsource_MANDRAKE
http://marc.info/?l=bugtraq&m=104852637112330&w=2mailing-list, x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/11586vdb-entry, x_refsource_XF
http://www.securityfocus.com/archive/1/316577/30/25310/threadedmailing-list, x_refsource_BUGTRAQ
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-Ivendor-advisory, x_refsource_SGI
http://marc.info/?l=bugtraq&m=104811162730834&w=2mailing-list, x_refsource_BUGTRAQ
http://www.kb.cert.org/vuls/id/888801third-party-advisory, x_refsource_CERT-VN
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625vendor-advisory, x_refsource_CONECTIVA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:43:35.728Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-288",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-288"
          },
          {
            "name": "RHSA-2003:101",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-101.html"
          },
          {
            "name": "RHSA-2003:102",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-102.html"
          },
          {
            "name": "2003-0013",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104878215721135\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://eprint.iacr.org/2003/052/"
          },
          {
            "name": "oval:org.mitre.oval:def:461",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A461"
          },
          {
            "name": "GLSA-200303-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml"
          },
          {
            "name": "SuSE-SA:2003:024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.html"
          },
          {
            "name": "CSSA-2003-014.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt"
          },
          {
            "name": "7148",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/7148"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html"
          },
          {
            "name": "OpenPKG-SA-2003.026",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html"
          },
          {
            "name": "IMNX-2003-7+-001-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_IMMUNIX",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20030319.txt"
          },
          {
            "name": "NetBSD-SA2003-007",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc"
          },
          {
            "name": "MDKSA-2003:035",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:035"
          },
          {
            "name": "20030324 GLSA:  openssl (200303-20)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104852637112330\u0026w=2"
          },
          {
            "name": "ssl-premaster-information-leak(11586)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11586"
          },
          {
            "name": "20030327 Immunix Secured OS 7+ openssl update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
          },
          {
            "name": "20030501-01-I",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I"
          },
          {
            "name": "20030319 [OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104811162730834\u0026w=2"
          },
          {
            "name": "VU#888801",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/888801"
          },
          {
            "name": "CLA-2003:625",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000625"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the \"Klima-Pokorny-Rosa attack.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-288",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-288"
        },
        {
          "name": "RHSA-2003:101",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-101.html"
        },
        {
          "name": "RHSA-2003:102",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-102.html"
        },
        {
          "name": "2003-0013",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104878215721135\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://eprint.iacr.org/2003/052/"
        },
        {
          "name": "oval:org.mitre.oval:def:461",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A461"
        },
        {
          "name": "GLSA-200303-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml"
        },
        {
          "name": "SuSE-SA:2003:024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.html"
        },
        {
          "name": "CSSA-2003-014.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt"
        },
        {
          "name": "7148",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/7148"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html"
        },
        {
          "name": "OpenPKG-SA-2003.026",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html"
        },
        {
          "name": "IMNX-2003-7+-001-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_IMMUNIX"
          ],
          "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20030319.txt"
        },
        {
          "name": "NetBSD-SA2003-007",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc"
        },
        {
          "name": "MDKSA-2003:035",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:035"
        },
        {
          "name": "20030324 GLSA:  openssl (200303-20)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104852637112330\u0026w=2"
        },
        {
          "name": "ssl-premaster-information-leak(11586)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11586"
        },
        {
          "name": "20030327 Immunix Secured OS 7+ openssl update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
        },
        {
          "name": "20030501-01-I",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I"
        },
        {
          "name": "20030319 [OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104811162730834\u0026w=2"
        },
        {
          "name": "VU#888801",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/888801"
        },
        {
          "name": "CLA-2003:625",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000625"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0131",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the \"Klima-Pokorny-Rosa attack.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-288",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-288"
            },
            {
              "name": "RHSA-2003:101",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-101.html"
            },
            {
              "name": "RHSA-2003:102",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-102.html"
            },
            {
              "name": "2003-0013",
              "refsource": "TRUSTIX",
              "url": "http://marc.info/?l=bugtraq\u0026m=104878215721135\u0026w=2"
            },
            {
              "name": "http://eprint.iacr.org/2003/052/",
              "refsource": "MISC",
              "url": "http://eprint.iacr.org/2003/052/"
            },
            {
              "name": "oval:org.mitre.oval:def:461",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A461"
            },
            {
              "name": "GLSA-200303-20",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml"
            },
            {
              "name": "SuSE-SA:2003:024",
              "refsource": "SUSE",
              "url": "https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.html"
            },
            {
              "name": "CSSA-2003-014.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt"
            },
            {
              "name": "7148",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/7148"
            },
            {
              "name": "http://lists.apple.com/mhonarc/security-announce/msg00028.html",
              "refsource": "CONFIRM",
              "url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html"
            },
            {
              "name": "OpenPKG-SA-2003.026",
              "refsource": "OPENPKG",
              "url": "http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.html"
            },
            {
              "name": "http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html",
              "refsource": "MISC",
              "url": "http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html"
            },
            {
              "name": "IMNX-2003-7+-001-01",
              "refsource": "IMMUNIX",
              "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20030319.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20030319.txt"
            },
            {
              "name": "NetBSD-SA2003-007",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc"
            },
            {
              "name": "MDKSA-2003:035",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:035"
            },
            {
              "name": "20030324 GLSA:  openssl (200303-20)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104852637112330\u0026w=2"
            },
            {
              "name": "ssl-premaster-information-leak(11586)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11586"
            },
            {
              "name": "20030327 Immunix Secured OS 7+ openssl update",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
            },
            {
              "name": "20030501-01-I",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I"
            },
            {
              "name": "20030319 [OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104811162730834\u0026w=2"
            },
            {
              "name": "VU#888801",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/888801"
            },
            {
              "name": "CLA-2003:625",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000625"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0131",
    "datePublished": "2003-03-21T05:00:00",
    "dateReserved": "2003-03-13T00:00:00",
    "dateUpdated": "2024-08-08T01:43:35.728Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2001-1141
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:44
Severity
Summary
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
References
URLTags
http://www.securityfocus.com/bid/3004vdb-entry, x_refsource_BID
http://www.securityfocus.com/advisories/3475vendor-advisory, x_refsource_FREEBSD
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.ascvendor-advisory, x_refsource_NETBSD
https://exchange.xforce.ibmcloud.com/vulnerabilities/6823vdb-entry, x_refsource_XF
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0vendor-advisory, x_refsource_MANDRAKE
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418vendor-advisory, x_refsource_CONECTIVA
http://www.securityfocus.com/archive/1/195829mailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2001-051.htmlvendor-advisory, x_refsource_REDHAT
http://www.osvdb.org/853vdb-entry, x_refsource_OSVDB
http://www.linuxsecurity.com/advisories/other_advisory-1483.htmlvendor-advisory, x_refsource_ENGARDE
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:44:07.880Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "3004",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3004"
          },
          {
            "name": "FreeBSD-SA-01:51",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/advisories/3475"
          },
          {
            "name": "NetBSD-SA2001-013",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc"
          },
          {
            "name": "openssl-prng-brute-force(6823)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6823"
          },
          {
            "name": "MDKSA-2001:065",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0"
          },
          {
            "name": "CLA-2001:418",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000418"
          },
          {
            "name": "20010710 OpenSSL Security Advisory: PRNG weakness in versions up to 0.9.6a",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/195829"
          },
          {
            "name": "RHSA-2001:051",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2001-051.html"
          },
          {
            "name": "853",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/853"
          },
          {
            "name": "ESA-20010709-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_ENGARDE",
              "x_transferred"
            ],
            "url": "http://www.linuxsecurity.com/advisories/other_advisory-1483.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-06-16T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "3004",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3004"
        },
        {
          "name": "FreeBSD-SA-01:51",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://www.securityfocus.com/advisories/3475"
        },
        {
          "name": "NetBSD-SA2001-013",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc"
        },
        {
          "name": "openssl-prng-brute-force(6823)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6823"
        },
        {
          "name": "MDKSA-2001:065",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0"
        },
        {
          "name": "CLA-2001:418",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000418"
        },
        {
          "name": "20010710 OpenSSL Security Advisory: PRNG weakness in versions up to 0.9.6a",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/195829"
        },
        {
          "name": "RHSA-2001:051",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2001-051.html"
        },
        {
          "name": "853",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/853"
        },
        {
          "name": "ESA-20010709-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_ENGARDE"
          ],
          "url": "http://www.linuxsecurity.com/advisories/other_advisory-1483.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-1141",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3004",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3004"
            },
            {
              "name": "FreeBSD-SA-01:51",
              "refsource": "FREEBSD",
              "url": "http://www.securityfocus.com/advisories/3475"
            },
            {
              "name": "NetBSD-SA2001-013",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc"
            },
            {
              "name": "openssl-prng-brute-force(6823)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6823"
            },
            {
              "name": "MDKSA-2001:065",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0"
            },
            {
              "name": "CLA-2001:418",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000418"
            },
            {
              "name": "20010710 OpenSSL Security Advisory: PRNG weakness in versions up to 0.9.6a",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/195829"
            },
            {
              "name": "RHSA-2001:051",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2001-051.html"
            },
            {
              "name": "853",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/853"
            },
            {
              "name": "ESA-20010709-01",
              "refsource": "ENGARDE",
              "url": "http://www.linuxsecurity.com/advisories/other_advisory-1483.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-1141",
    "datePublished": "2002-06-25T04:00:00",
    "dateReserved": "2002-03-15T00:00:00",
    "dateUpdated": "2024-08-08T04:44:07.880Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0799
Vulnerability from cvelistv5
Published
2016-03-03 00:00
Modified
2024-08-05 22:30
Severity
Summary
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
References
URLTags
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/83755vdb-entry
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
http://rhn.redhat.com/errata/RHSA-2016-2073.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://marc.info/?l=bugtraq&m=146108058503441&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.ascvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=145983526810210&w=2vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
http://www.ubuntu.com/usn/USN-2914-1vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.htmlvendor-advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.htmlvendor-advisory
http://openssl.org/news/secadv/20160301.txt
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-opensslvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441
http://www.debian.org/security/2016/dsa-3500vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-0996.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.htmlvendor-advisory
https://www.openssl.org/news/secadv/20160301.txt
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.securityfocus.com/bid/91787vdb-entry
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=578b956fe741bf8e84055547b1e83c28dd902c73
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
https://security.gentoo.org/glsa/201603-15vendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlvendor-advisory
http://www.securitytracker.com/id/1035133vdb-entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800
http://rhn.redhat.com/errata/RHSA-2016-0722.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:05.134Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "83755",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/83755"
          },
          {
            "name": "FEDORA-2016-2802690366",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
          },
          {
            "name": "RHSA-2016:2073",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
          },
          {
            "name": "FEDORA-2016-e6807b3394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "HPSBMU03575",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=146108058503441\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
          },
          {
            "name": "openSUSE-SU-2016:0638",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
          },
          {
            "name": "FreeBSD-SA-16:12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:0621",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "name": "HPSBGN03569",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "name": "USN-2914-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2914-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "SUSE-SU-2016:1057",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20160301.txt"
          },
          {
            "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877"
          },
          {
            "name": "openSUSE-SU-2016:0720",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "SUSE-SU-2016:0624",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441"
          },
          {
            "name": "DSA-3500",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3500"
          },
          {
            "name": "RHSA-2016:0996",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
          },
          {
            "name": "SUSE-SU-2016:0631",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160301.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=578b956fe741bf8e84055547b1e83c28dd902c73"
          },
          {
            "name": "SUSE-SU-2016:0617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "GLSA-201603-15",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201603-15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"
          },
          {
            "name": "openSUSE-SU-2016:0628",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
          },
          {
            "name": "1035133",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035133"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800"
          },
          {
            "name": "RHSA-2016:0722",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
          },
          {
            "name": "SUSE-SU-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
          },
          {
            "name": "SUSE-SU-2016:0620",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "name": "SUSE-SU-2016:0641",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "83755",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/83755"
        },
        {
          "name": "FEDORA-2016-2802690366",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
        },
        {
          "name": "RHSA-2016:2073",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
        },
        {
          "name": "FEDORA-2016-e6807b3394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "HPSBMU03575",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=146108058503441\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
        },
        {
          "name": "openSUSE-SU-2016:0638",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
        },
        {
          "name": "FreeBSD-SA-16:12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
        },
        {
          "name": "openSUSE-SU-2016:1239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:0621",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "name": "HPSBGN03569",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "name": "USN-2914-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2914-1"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "SUSE-SU-2016:1057",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404"
        },
        {
          "name": "openSUSE-SU-2016:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
        },
        {
          "url": "http://openssl.org/news/secadv/20160301.txt"
        },
        {
          "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877"
        },
        {
          "name": "openSUSE-SU-2016:0720",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "name": "SUSE-SU-2016:0624",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441"
        },
        {
          "name": "DSA-3500",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3500"
        },
        {
          "name": "RHSA-2016:0996",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
        },
        {
          "name": "SUSE-SU-2016:0631",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160301.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=578b956fe741bf8e84055547b1e83c28dd902c73"
        },
        {
          "name": "SUSE-SU-2016:0617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "GLSA-201603-15",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201603-15"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"
        },
        {
          "name": "openSUSE-SU-2016:0628",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
        },
        {
          "name": "1035133",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035133"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800"
        },
        {
          "name": "RHSA-2016:0722",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
        },
        {
          "name": "SUSE-SU-2016:0678",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
        },
        {
          "name": "SUSE-SU-2016:0620",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "name": "SUSE-SU-2016:0641",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0799",
    "datePublished": "2016-03-03T00:00:00",
    "dateReserved": "2015-12-16T00:00:00",
    "dateUpdated": "2024-08-05T22:30:05.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-0166
Vulnerability from cvelistv5
Published
2013-02-08 19:00
Modified
2024-08-06 14:18
Severity
Summary
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
References
URLTags
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-0587.htmlvendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/55139third-party-advisory, x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20130204.txtx_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=908052x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=136396549913849&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=137545771702053&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=136432043316835&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2013-0833.htmlvendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001x_refsource_CONFIRM
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7x_refsource_CONFIRM
http://secunia.com/advisories/53623third-party-advisory, x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/737740third-party-advisory, x_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=137545771702053&w=2vendor-advisory, x_refsource_HP
http://www.debian.org/security/2013/dsa-2621vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2013-0783.htmlvendor-advisory, x_refsource_REDHAT
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/55108third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2013-0782.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=136432043316835&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=136396549913849&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory, x_refsource_SUSE
http://www.splunk.com/view/SP-CAAAHXGx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754vdb-entry, signature, x_refsource_OVAL
http://support.apple.com/kb/HT5880x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081vdb-entry, signature, x_refsource_OVAL
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:18:09.381Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200"
          },
          {
            "name": "RHSA-2013:0587",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
          },
          {
            "name": "oval:org.mitre.oval:def:19360",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360"
          },
          {
            "name": "55139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55139"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20130204.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052"
          },
          {
            "name": "HPSBUX02856",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
          },
          {
            "name": "SSRT101289",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "name": "SSRT101108",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
          },
          {
            "name": "RHSA-2013:0833",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7"
          },
          {
            "name": "53623",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53623"
          },
          {
            "name": "VU#737740",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/737740"
          },
          {
            "name": "HPSBUX02909",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
          },
          {
            "name": "DSA-2621",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2621"
          },
          {
            "name": "RHSA-2013:0783",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
          },
          {
            "name": "APPLE-SA-2013-09-12-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
          },
          {
            "name": "55108",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55108"
          },
          {
            "name": "RHSA-2013:0782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
          },
          {
            "name": "HPSBOV02852",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
          },
          {
            "name": "SSRT101104",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAHXG"
          },
          {
            "name": "oval:org.mitre.oval:def:19487",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487"
          },
          {
            "name": "oval:org.mitre.oval:def:18754",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5880"
          },
          {
            "name": "oval:org.mitre.oval:def:19081",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-08T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200"
        },
        {
          "name": "RHSA-2013:0587",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
        },
        {
          "name": "oval:org.mitre.oval:def:19360",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360"
        },
        {
          "name": "55139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55139"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20130204.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052"
        },
        {
          "name": "HPSBUX02856",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
        },
        {
          "name": "SSRT101289",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "name": "SSRT101108",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
        },
        {
          "name": "RHSA-2013:0833",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7"
        },
        {
          "name": "53623",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53623"
        },
        {
          "name": "VU#737740",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/737740"
        },
        {
          "name": "HPSBUX02909",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
        },
        {
          "name": "DSA-2621",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2621"
        },
        {
          "name": "RHSA-2013:0783",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
        },
        {
          "name": "APPLE-SA-2013-09-12-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
        },
        {
          "name": "55108",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55108"
        },
        {
          "name": "RHSA-2013:0782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
        },
        {
          "name": "HPSBOV02852",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
        },
        {
          "name": "SSRT101104",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.splunk.com/view/SP-CAAAHXG"
        },
        {
          "name": "oval:org.mitre.oval:def:19487",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487"
        },
        {
          "name": "oval:org.mitre.oval:def:18754",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5880"
        },
        {
          "name": "oval:org.mitre.oval:def:19081",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-0166",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200",
              "refsource": "CONFIRM",
              "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200"
            },
            {
              "name": "RHSA-2013:0587",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
            },
            {
              "name": "oval:org.mitre.oval:def:19360",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360"
            },
            {
              "name": "55139",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55139"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20130204.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20130204.txt"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=908052",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052"
            },
            {
              "name": "HPSBUX02856",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
            },
            {
              "name": "SSRT101289",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "SSRT101108",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
            },
            {
              "name": "RHSA-2013:0833",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
            },
            {
              "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7",
              "refsource": "CONFIRM",
              "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7"
            },
            {
              "name": "53623",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53623"
            },
            {
              "name": "VU#737740",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/737740"
            },
            {
              "name": "HPSBUX02909",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
            },
            {
              "name": "DSA-2621",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2621"
            },
            {
              "name": "RHSA-2013:0783",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
            },
            {
              "name": "APPLE-SA-2013-09-12-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
            },
            {
              "name": "55108",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55108"
            },
            {
              "name": "RHSA-2013:0782",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
            },
            {
              "name": "HPSBOV02852",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
            },
            {
              "name": "SSRT101104",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
            },
            {
              "name": "SUSE-SU-2015:0578",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
            },
            {
              "name": "http://www.splunk.com/view/SP-CAAAHXG",
              "refsource": "CONFIRM",
              "url": "http://www.splunk.com/view/SP-CAAAHXG"
            },
            {
              "name": "oval:org.mitre.oval:def:19487",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487"
            },
            {
              "name": "oval:org.mitre.oval:def:18754",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754"
            },
            {
              "name": "http://support.apple.com/kb/HT5880",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5880"
            },
            {
              "name": "oval:org.mitre.oval:def:19081",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081"
            },
            {
              "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0",
              "refsource": "CONFIRM",
              "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0166",
    "datePublished": "2013-02-08T19:00:00",
    "dateReserved": "2012-12-06T00:00:00",
    "dateUpdated": "2024-08-06T14:18:09.381Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-2969
Vulnerability from cvelistv5
Published
2005-10-18 04:00
Modified
2024-08-07 22:53
Severity
Summary
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
References
URLTags
http://secunia.com/advisories/17259third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23915third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2005_61_openssl.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/26893third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/17389third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/3056vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2457vdb-entry, x_refsource_VUPEN
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htmx_refsource_CONFIRM
http://secunia.com/advisories/17813third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/15071vdb-entry, x_refsource_BID
http://secunia.com/advisories/18165third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23340third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18123third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2005/dsa-881vendor-advisory, x_refsource_DEBIAN
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754x_refsource_MISC
http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2005/2659vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/24799vdb-entry, x_refsource_BID
http://www.debian.org/security/2005/dsa-882vendor-advisory, x_refsource_DEBIAN
http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtmlvendor-advisory, x_refsource_CISCO
http://secunia.com/advisories/17153third-party-advisory, x_refsource_SECUNIA
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540vendor-advisory, x_refsource_HP
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.htmlvendor-advisory, x_refsource_TRUSTIX
http://secunia.com/advisories/17191third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/2908vdb-entry, x_refsource_VUPEN
http://securitytracker.com/id?1015032vdb-entry, x_refsource_SECTRACK
https://issues.rpath.com/browse/RPL-1633x_refsource_CONFIRM
http://secunia.com/advisories/17344third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19185third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/2036vdb-entry, x_refsource_VUPEN
http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txtx_refsource_MISC
http://secunia.com/advisories/17589third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/2710vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2005/3002vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/31492third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/17466third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0629.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/17146third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/17169third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/35287vdb-entry, x_refsource_XF
http://www.vupen.com/english/advisories/2007/0343vdb-entry, x_refsource_VUPEN
http://support.avaya.com/elmodocs2/security/ASA-2006-031.htmx_refsource_CONFIRM
http://secunia.com/advisories/23280third-party-advisory, x_refsource_SECUNIA
http://docs.info.apple.com/article.html?artnum=302847vendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/23843third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/17189third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21827third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/17288third-party-advisory, x_refsource_SECUNIA
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540vendor-advisory, x_refsource_HP
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdfx_refsource_MISC
http://www.mandriva.com/security/advisories?name=MDKSA-2005:179vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/17632third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/0326vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/17409third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/25973third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/17888third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/17210third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2005/dsa-875vendor-advisory, x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2006/3531vdb-entry, x_refsource_VUPEN
http://www.openssl.org/news/secadv_20051011.txtx_refsource_CONFIRM
http://secunia.com/advisories/17178third-party-advisory, x_refsource_SECUNIA
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100vendor-advisory, x_refsource_HP
http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.htmlx_refsource_CONFIRM
http://secunia.com/advisories/17432third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/17180third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1vendor-advisory, x_refsource_SUNALERT
http://www.securityfocus.com/bid/15647vdb-entry, x_refsource_BID
http://secunia.com/advisories/17335third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2005-762.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2005-800.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/17151third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18663third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/17617third-party-advisory, x_refsource_SECUNIA
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100vendor-advisory, x_refsource_HP
http://secunia.com/advisories/18045third-party-advisory, x_refsource_SECUNIA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:53:29.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "17259",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17259"
          },
          {
            "name": "23915",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "name": "SUSE-SA:2005:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_61_openssl.html"
          },
          {
            "name": "26893",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26893"
          },
          {
            "name": "17389",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17389"
          },
          {
            "name": "ADV-2005-3056",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/3056"
          },
          {
            "name": "ADV-2007-2457",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2457"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm"
          },
          {
            "name": "17813",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17813"
          },
          {
            "name": "15071",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15071"
          },
          {
            "name": "18165",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18165"
          },
          {
            "name": "23340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "name": "18123",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18123"
          },
          {
            "name": "DSA-881",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-881"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html"
          },
          {
            "name": "ADV-2005-2659",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2659"
          },
          {
            "name": "24799",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24799"
          },
          {
            "name": "DSA-882",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-882"
          },
          {
            "name": "20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml"
          },
          {
            "name": "17153",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17153"
          },
          {
            "name": "SSRT071299",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
          },
          {
            "name": "TSLSA-2005-0059",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
          },
          {
            "name": "17191",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17191"
          },
          {
            "name": "ADV-2005-2908",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2908"
          },
          {
            "name": "1015032",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015032"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1633"
          },
          {
            "name": "17344",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17344"
          },
          {
            "name": "19185",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19185"
          },
          {
            "name": "ADV-2005-2036",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2036"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt"
          },
          {
            "name": "17589",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17589"
          },
          {
            "name": "ADV-2005-2710",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2710"
          },
          {
            "name": "ADV-2005-3002",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/3002"
          },
          {
            "name": "31492",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "name": "17466",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17466"
          },
          {
            "name": "RHSA-2008:0629",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
          },
          {
            "name": "17146",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17146"
          },
          {
            "name": "17169",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17169"
          },
          {
            "name": "hitachi-hicommand-security-bypass(35287)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35287"
          },
          {
            "name": "ADV-2007-0343",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm"
          },
          {
            "name": "23280",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "name": "APPLE-SA-2005-11-29",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=302847"
          },
          {
            "name": "23843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23843"
          },
          {
            "name": "17189",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17189"
          },
          {
            "name": "21827",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21827"
          },
          {
            "name": "17288",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17288"
          },
          {
            "name": "HPSBUX02186",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf"
          },
          {
            "name": "MDKSA-2005:179",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:179"
          },
          {
            "name": "17632",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17632"
          },
          {
            "name": "ADV-2007-0326",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0326"
          },
          {
            "name": "17409",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17409"
          },
          {
            "name": "25973",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25973"
          },
          {
            "name": "oval:org.mitre.oval:def:11454",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454"
          },
          {
            "name": "17888",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17888"
          },
          {
            "name": "17210",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17210"
          },
          {
            "name": "DSA-875",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-875"
          },
          {
            "name": "ADV-2006-3531",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3531"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20051011.txt"
          },
          {
            "name": "17178",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17178"
          },
          {
            "name": "HPSBUX02174",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html"
          },
          {
            "name": "17432",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17432"
          },
          {
            "name": "17180",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17180"
          },
          {
            "name": "101974",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1"
          },
          {
            "name": "15647",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15647"
          },
          {
            "name": "17335",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17335"
          },
          {
            "name": "RHSA-2005:762",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
          },
          {
            "name": "RHSA-2005:800",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-800.html"
          },
          {
            "name": "17151",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17151"
          },
          {
            "name": "18663",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18663"
          },
          {
            "name": "17617",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17617"
          },
          {
            "name": "SSRT061239",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "name": "18045",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18045"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-10-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "17259",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17259"
        },
        {
          "name": "23915",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23915"
        },
        {
          "name": "SUSE-SA:2005:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_61_openssl.html"
        },
        {
          "name": "26893",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26893"
        },
        {
          "name": "17389",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17389"
        },
        {
          "name": "ADV-2005-3056",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/3056"
        },
        {
          "name": "ADV-2007-2457",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2457"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm"
        },
        {
          "name": "17813",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17813"
        },
        {
          "name": "15071",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15071"
        },
        {
          "name": "18165",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18165"
        },
        {
          "name": "23340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23340"
        },
        {
          "name": "18123",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18123"
        },
        {
          "name": "DSA-881",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-881"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html"
        },
        {
          "name": "ADV-2005-2659",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2659"
        },
        {
          "name": "24799",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24799"
        },
        {
          "name": "DSA-882",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-882"
        },
        {
          "name": "20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml"
        },
        {
          "name": "17153",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17153"
        },
        {
          "name": "SSRT071299",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
        },
        {
          "name": "TSLSA-2005-0059",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
        },
        {
          "name": "17191",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17191"
        },
        {
          "name": "ADV-2005-2908",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2908"
        },
        {
          "name": "1015032",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015032"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1633"
        },
        {
          "name": "17344",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17344"
        },
        {
          "name": "19185",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19185"
        },
        {
          "name": "ADV-2005-2036",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2036"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt"
        },
        {
          "name": "17589",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17589"
        },
        {
          "name": "ADV-2005-2710",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2710"
        },
        {
          "name": "ADV-2005-3002",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/3002"
        },
        {
          "name": "31492",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31492"
        },
        {
          "name": "17466",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17466"
        },
        {
          "name": "RHSA-2008:0629",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
        },
        {
          "name": "17146",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17146"
        },
        {
          "name": "17169",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17169"
        },
        {
          "name": "hitachi-hicommand-security-bypass(35287)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35287"
        },
        {
          "name": "ADV-2007-0343",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0343"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm"
        },
        {
          "name": "23280",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23280"
        },
        {
          "name": "APPLE-SA-2005-11-29",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=302847"
        },
        {
          "name": "23843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23843"
        },
        {
          "name": "17189",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17189"
        },
        {
          "name": "21827",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21827"
        },
        {
          "name": "17288",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17288"
        },
        {
          "name": "HPSBUX02186",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf"
        },
        {
          "name": "MDKSA-2005:179",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:179"
        },
        {
          "name": "17632",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17632"
        },
        {
          "name": "ADV-2007-0326",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0326"
        },
        {
          "name": "17409",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17409"
        },
        {
          "name": "25973",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25973"
        },
        {
          "name": "oval:org.mitre.oval:def:11454",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454"
        },
        {
          "name": "17888",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17888"
        },
        {
          "name": "17210",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17210"
        },
        {
          "name": "DSA-875",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-875"
        },
        {
          "name": "ADV-2006-3531",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3531"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20051011.txt"
        },
        {
          "name": "17178",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17178"
        },
        {
          "name": "HPSBUX02174",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html"
        },
        {
          "name": "17432",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17432"
        },
        {
          "name": "17180",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17180"
        },
        {
          "name": "101974",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1"
        },
        {
          "name": "15647",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15647"
        },
        {
          "name": "17335",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17335"
        },
        {
          "name": "RHSA-2005:762",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
        },
        {
          "name": "RHSA-2005:800",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-800.html"
        },
        {
          "name": "17151",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17151"
        },
        {
          "name": "18663",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18663"
        },
        {
          "name": "17617",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17617"
        },
        {
          "name": "SSRT061239",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
        },
        {
          "name": "18045",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18045"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2005-2969",
    "datePublished": "2005-10-18T04:00:00",
    "dateReserved": "2005-09-19T00:00:00",
    "dateUpdated": "2024-08-07T22:53:29.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6308
Vulnerability from cvelistv5
Published
2016-09-26 00:00
Modified
2024-08-06 01:29
Severity
Summary
statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.
References
URLTags
https://www.openssl.org/news/secadv/20160922.txt
https://www.tenable.com/security/tns-2016-20
http://www.securityfocus.com/bid/93151vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21e
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.securitytracker.com/id/1036885vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-21
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://bto.bluecoat.com/security-advisory/sa132
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:19.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160922.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "name": "93151",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93151"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "name": "1036885",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036885"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20160922.txt"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "name": "93151",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/93151"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21e"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "name": "1036885",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036885"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6308",
    "datePublished": "2016-09-26T00:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:19.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-6449
Vulnerability from cvelistv5
Published
2013-12-23 22:00
Modified
2024-08-06 17:39
Severity
Summary
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
References
URLTags
http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-01/msg00006.htmlvendor-advisory, x_refsource_SUSE
http://www-01.ibm.com/support/docview.wss?uid=isg400001843x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-01/msg00012.htmlvendor-advisory, x_refsource_SUSE
http://security.gentoo.org/glsa/glsa-201412-39.xmlvendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2014/dsa-2833vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/archive/1/534161/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory, x_refsource_FEDORA
http://www-01.ibm.com/support/docview.wss?uid=isg400001841x_refsource_CONFIRM
http://www.securityfocus.com/bid/64530vdb-entry, x_refsource_BID
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-01/msg00009.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.htmlvendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-2079-1vendor-advisory, x_refsource_UBUNTU
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124833.htmlvendor-advisory, x_refsource_FEDORA
http://rt.openssl.org/Ticket/Display.html?id=3200&user=guest&pass=guestx_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124854.htmlvendor-advisory, x_refsource_FEDORA
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-0015.htmlvendor-advisory, x_refsource_REDHAT
http://seclists.org/fulldisclosure/2014/Dec/23mailing-list, x_refsource_FULLDISC
https://issues.apache.org/jira/browse/TS-2355x_refsource_CONFIRM
http://www.securitytracker.com/id/1029548vdb-entry, x_refsource_SECTRACK
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlvendor-advisory, x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124858.htmlvendor-advisory, x_refsource_FEDORA
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ca989269a2876bae79393bd54c3e72d49975fc75x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1045363x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-0041.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:39:01.249Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "name": "openSUSE-SU-2014:0012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
          },
          {
            "name": "openSUSE-SU-2014:0018",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00012.html"
          },
          {
            "name": "GLSA-201412-39",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
          },
          {
            "name": "DSA-2833",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2833"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
          },
          {
            "name": "64530",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/64530"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "name": "openSUSE-SU-2014:0015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00009.html"
          },
          {
            "name": "openSUSE-SU-2014:0048",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.html"
          },
          {
            "name": "USN-2079-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2079-1"
          },
          {
            "name": "FEDORA-2013-23768",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124833.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rt.openssl.org/Ticket/Display.html?id=3200\u0026user=guest\u0026pass=guest"
          },
          {
            "name": "FEDORA-2013-23788",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124854.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "name": "RHSA-2014:0015",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0015.html"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/jira/browse/TS-2355"
          },
          {
            "name": "1029548",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029548"
          },
          {
            "name": "FEDORA-2014-9301",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
          },
          {
            "name": "FEDORA-2013-23794",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124858.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ca989269a2876bae79393bd54c3e72d49975fc75"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045363"
          },
          {
            "name": "RHSA-2014:0041",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
        },
        {
          "name": "openSUSE-SU-2014:0012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
        },
        {
          "name": "openSUSE-SU-2014:0018",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00012.html"
        },
        {
          "name": "GLSA-201412-39",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
        },
        {
          "name": "DSA-2833",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2833"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
        },
        {
          "name": "64530",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/64530"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
        },
        {
          "name": "openSUSE-SU-2014:0015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00009.html"
        },
        {
          "name": "openSUSE-SU-2014:0048",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.html"
        },
        {
          "name": "USN-2079-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2079-1"
        },
        {
          "name": "FEDORA-2013-23768",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124833.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rt.openssl.org/Ticket/Display.html?id=3200\u0026user=guest\u0026pass=guest"
        },
        {
          "name": "FEDORA-2013-23788",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124854.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
        },
        {
          "name": "RHSA-2014:0015",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0015.html"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.apache.org/jira/browse/TS-2355"
        },
        {
          "name": "1029548",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029548"
        },
        {
          "name": "FEDORA-2014-9301",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
        },
        {
          "name": "FEDORA-2013-23794",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124858.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ca989269a2876bae79393bd54c3e72d49975fc75"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045363"
        },
        {
          "name": "RHSA-2014:0041",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6449",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "openSUSE-SU-2014:0012",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00006.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
            },
            {
              "name": "openSUSE-SU-2014:0018",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00012.html"
            },
            {
              "name": "GLSA-201412-39",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
            },
            {
              "name": "DSA-2833",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2833"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            },
            {
              "name": "FEDORA-2014-9308",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
            },
            {
              "name": "64530",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/64530"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
            },
            {
              "name": "openSUSE-SU-2014:0015",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00009.html"
            },
            {
              "name": "openSUSE-SU-2014:0048",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.html"
            },
            {
              "name": "USN-2079-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2079-1"
            },
            {
              "name": "FEDORA-2013-23768",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124833.html"
            },
            {
              "name": "http://rt.openssl.org/Ticket/Display.html?id=3200\u0026user=guest\u0026pass=guest",
              "refsource": "CONFIRM",
              "url": "http://rt.openssl.org/Ticket/Display.html?id=3200\u0026user=guest\u0026pass=guest"
            },
            {
              "name": "FEDORA-2013-23788",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124854.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "RHSA-2014:0015",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0015.html"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "https://issues.apache.org/jira/browse/TS-2355",
              "refsource": "CONFIRM",
              "url": "https://issues.apache.org/jira/browse/TS-2355"
            },
            {
              "name": "1029548",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029548"
            },
            {
              "name": "FEDORA-2014-9301",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
            },
            {
              "name": "FEDORA-2013-23794",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124858.html"
            },
            {
              "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca989269a2876bae79393bd54c3e72d49975fc75",
              "refsource": "CONFIRM",
              "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca989269a2876bae79393bd54c3e72d49975fc75"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1045363",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045363"
            },
            {
              "name": "RHSA-2014:0041",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6449",
    "datePublished": "2013-12-23T22:00:00",
    "dateReserved": "2013-11-04T00:00:00",
    "dateUpdated": "2024-08-06T17:39:01.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0078
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:43
Severity
Summary
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
References
URLTags
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-Ivendor-advisory, x_refsource_SGI
http://www.osvdb.org/3945vdb-entry, x_refsource_OSVDB
http://www.iss.net/security_center/static/11369.phpvdb-entry, x_refsource_XF
http://www.openssl.org/news/secadv_20030219.txtx_refsource_CONFIRM
http://www.trustix.org/errata/2003/0005vendor-advisory, x_refsource_TRUSTIX
http://www.debian.org/security/2003/dsa-253vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2003-205.htmlvendor-advisory, x_refsource_REDHAT
http://www.linuxsecurity.com/advisories/engarde_advisory-2874.htmlvendor-advisory, x_refsource_ENGARDE
http://www.ciac.org/ciac/bulletins/n-051.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
http://marc.info/?l=bugtraq&m=104567627211904&w=2mailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2003-104.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/6884vdb-entry, x_refsource_BID
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.ascvendor-advisory, x_refsource_NETBSD
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020vendor-advisory, x_refsource_MANDRAKE
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570vendor-advisory, x_refsource_CONECTIVA
http://marc.info/?l=bugtraq&m=104568426824439&w=2mailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=104577183206905&w=2vendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2003-082.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2003-063.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2003-062.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:43:35.347Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030501-01-I",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I"
          },
          {
            "name": "3945",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/3945"
          },
          {
            "name": "ssl-cbc-information-leak(11369)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/11369.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20030219.txt"
          },
          {
            "name": "2003-0005",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2003/0005"
          },
          {
            "name": "DSA-253",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-253"
          },
          {
            "name": "RHSA-2003:205",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-205.html"
          },
          {
            "name": "ESA-20030220-005",
            "tags": [
              "vendor-advisory",
              "x_refsource_ENGARDE",
              "x_transferred"
            ],
            "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html"
          },
          {
            "name": "N-051",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/n-051.shtml"
          },
          {
            "name": "20030219 OpenSSL 0.9.7a and 0.9.6i released",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104567627211904\u0026w=2"
          },
          {
            "name": "RHSA-2003:104",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-104.html"
          },
          {
            "name": "6884",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6884"
          },
          {
            "name": "NetBSD-SA2003-001",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc"
          },
          {
            "name": "MDKSA-2003:020",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020"
          },
          {
            "name": "CLSA-2003:570",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000570"
          },
          {
            "name": "20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104568426824439\u0026w=2"
          },
          {
            "name": "GLSA-200302-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104577183206905\u0026w=2"
          },
          {
            "name": "RHSA-2003:082",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-082.html"
          },
          {
            "name": "RHSA-2003:063",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-063.html"
          },
          {
            "name": "RHSA-2003:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-062.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-02-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \"Vaudenay timing attack.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-02-23T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030501-01-I",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I"
        },
        {
          "name": "3945",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/3945"
        },
        {
          "name": "ssl-cbc-information-leak(11369)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/11369.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20030219.txt"
        },
        {
          "name": "2003-0005",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2003/0005"
        },
        {
          "name": "DSA-253",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-253"
        },
        {
          "name": "RHSA-2003:205",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-205.html"
        },
        {
          "name": "ESA-20030220-005",
          "tags": [
            "vendor-advisory",
            "x_refsource_ENGARDE"
          ],
          "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html"
        },
        {
          "name": "N-051",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/n-051.shtml"
        },
        {
          "name": "20030219 OpenSSL 0.9.7a and 0.9.6i released",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104567627211904\u0026w=2"
        },
        {
          "name": "RHSA-2003:104",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-104.html"
        },
        {
          "name": "6884",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6884"
        },
        {
          "name": "NetBSD-SA2003-001",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc"
        },
        {
          "name": "MDKSA-2003:020",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020"
        },
        {
          "name": "CLSA-2003:570",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000570"
        },
        {
          "name": "20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104568426824439\u0026w=2"
        },
        {
          "name": "GLSA-200302-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104577183206905\u0026w=2"
        },
        {
          "name": "RHSA-2003:082",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-082.html"
        },
        {
          "name": "RHSA-2003:063",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-063.html"
        },
        {
          "name": "RHSA-2003:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-062.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0078",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \"Vaudenay timing attack.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030501-01-I",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I"
            },
            {
              "name": "3945",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/3945"
            },
            {
              "name": "ssl-cbc-information-leak(11369)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/11369.php"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20030219.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20030219.txt"
            },
            {
              "name": "2003-0005",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2003/0005"
            },
            {
              "name": "DSA-253",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-253"
            },
            {
              "name": "RHSA-2003:205",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-205.html"
            },
            {
              "name": "ESA-20030220-005",
              "refsource": "ENGARDE",
              "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html"
            },
            {
              "name": "N-051",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/n-051.shtml"
            },
            {
              "name": "20030219 OpenSSL 0.9.7a and 0.9.6i released",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104567627211904\u0026w=2"
            },
            {
              "name": "RHSA-2003:104",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-104.html"
            },
            {
              "name": "6884",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6884"
            },
            {
              "name": "NetBSD-SA2003-001",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc"
            },
            {
              "name": "MDKSA-2003:020",
              "refsource": "MANDRAKE",
              "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020"
            },
            {
              "name": "CLSA-2003:570",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000570"
            },
            {
              "name": "20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104568426824439\u0026w=2"
            },
            {
              "name": "GLSA-200302-10",
              "refsource": "GENTOO",
              "url": "http://marc.info/?l=bugtraq\u0026m=104577183206905\u0026w=2"
            },
            {
              "name": "RHSA-2003:082",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-082.html"
            },
            {
              "name": "RHSA-2003:063",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-063.html"
            },
            {
              "name": "RHSA-2003:062",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-062.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0078",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2003-02-10T00:00:00",
    "dateUpdated": "2024-08-08T01:43:35.347Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-6129
Vulnerability from cvelistv5
Published
2024-01-09 16:36
Modified
2024-08-02 08:21
Severity
Summary
POLY1305 MAC implementation corrupts vector registers on PowerPC
References
URLTags
https://www.openssl.org/news/secadv/20240109.txtvendor-advisory
https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04patch
https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015patch
https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35patch
https://security.netapp.com/advisory/ntap-20240216-0009/
https://security.netapp.com/advisory/ntap-20240426-0013/
https://security.netapp.com/advisory/ntap-20240426-0008/
http://www.openwall.com/lists/oss-security/2024/03/11/1
https://security.netapp.com/advisory/ntap-20240503-0011/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:21:17.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20240109.txt"
          },
          {
            "name": "3.2.1 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04"
          },
          {
            "name": "3.1.5 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015"
          },
          {
            "name": "3.0.13 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240216-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240426-0013/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240426-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240503-0011/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.2.1",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1.5",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.13",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Sverker Eriksson"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rohan McLure"
        }
      ],
      "datePublic": "2024-01-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: The POLY1305 MAC (message authentication code) implementation\u003cbr\u003econtains a bug that might corrupt the internal state of applications running\u003cbr\u003eon PowerPC CPU based platforms if the CPU provides vector instructions.\u003cbr\u003e\u003cbr\u003eImpact summary: If an attacker can influence whether the POLY1305 MAC\u003cbr\u003ealgorithm is used, the application state might be corrupted with various\u003cbr\u003eapplication dependent consequences.\u003cbr\u003e\u003cbr\u003eThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\u003cbr\u003ePowerPC CPUs restores the contents of vector registers in a different order\u003cbr\u003ethan they are saved. Thus the contents of some of these vector registers\u003cbr\u003eare corrupted when returning to the caller. The vulnerable code is used only\u003cbr\u003eon newer PowerPC processors supporting the PowerISA 2.07 instructions.\u003cbr\u003e\u003cbr\u003eThe consequences of this kind of internal application state corruption can\u003cbr\u003ebe various - from no consequences, if the calling application does not\u003cbr\u003edepend on the contents of non-volatile XMM registers at all, to the worst\u003cbr\u003econsequences, where the attacker could get complete control of the application\u003cbr\u003eprocess. However unless the compiler uses the vector registers for storing\u003cbr\u003epointers, the most likely consequence, if any, would be an incorrect result\u003cbr\u003eof some application dependent calculations or a crash leading to a denial of\u003cbr\u003eservice.\u003cbr\u003e\u003cbr\u003eThe POLY1305 MAC algorithm is most frequently used as part of the\u003cbr\u003eCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\u003cbr\u003ealgorithm. The most common usage of this AEAD cipher is with TLS protocol\u003cbr\u003eversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\u003cbr\u003eclient can influence whether this AEAD cipher is used. This implies that\u003cbr\u003eTLS server applications using OpenSSL can be potentially impacted. However\u003cbr\u003ewe are currently not aware of any concrete application that would be affected\u003cbr\u003eby this issue therefore we consider this a Low severity security issue."
            }
          ],
          "value": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Passing Mutable Objects to an Untrusted Method",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-15T11:13:29.926Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20240109.txt"
        },
        {
          "name": "3.2.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04"
        },
        {
          "name": "3.1.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015"
        },
        {
          "name": "3.0.13 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240216-0009/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240426-0013/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240426-0008/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240503-0011/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "POLY1305 MAC implementation corrupts vector registers on PowerPC",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-6129",
    "datePublished": "2024-01-09T16:36:58.860Z",
    "dateReserved": "2023-11-14T16:12:12.656Z",
    "dateUpdated": "2024-08-02T08:21:17.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2109
Vulnerability from cvelistv5
Published
2016-05-05 00:00
Modified
2024-08-05 23:17
Severity
Summary
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
References
URLTags
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2056.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2073.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.debian.org/security/2016/dsa-3566vendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10160
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.htmlvendor-advisory
https://source.android.com/security/bulletin/2017-07-01
https://security.gentoo.org/glsa/201612-16vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.htmlvendor-advisory
http://www.securitytracker.com/id/1035721vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.htmlvendor-advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-opensslvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.htmlvendor-advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.htmlvendor-advisory
https://www.tenable.com/security/tns-2016-18
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.htmlvendor-advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
http://rhn.redhat.com/errata/RHSA-2016-0996.htmlvendor-advisory
https://security.netapp.com/advisory/ntap-20160504-0001/
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807
http://www.securityfocus.com/bid/91787vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-2959-1vendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.securityfocus.com/bid/87940vdb-entry
http://rhn.redhat.com/errata/RHSA-2016-0722.htmlvendor-advisory
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.ascvendor-advisory
https://www.openssl.org/news/secadv/20160503.txt
https://support.apple.com/HT206903
https://bto.bluecoat.com/security-advisory/sa123
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.542Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
          },
          {
            "name": "SSA:2016-124-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
          },
          {
            "name": "RHSA-2016:2056",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
          },
          {
            "name": "openSUSE-SU-2016:1238",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
          },
          {
            "name": "openSUSE-SU-2016:1242",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "SUSE-SU-2016:1267",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
          },
          {
            "name": "RHSA-2016:2073",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "DSA-3566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3566"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
          },
          {
            "name": "openSUSE-SU-2016:1243",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2017-07-01"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "name": "SUSE-SU-2016:1228",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
          },
          {
            "name": "1035721",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035721"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
          },
          {
            "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "SUSE-SU-2016:1231",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "openSUSE-SU-2016:1240",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "name": "APPLE-SA-2016-07-18-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
          },
          {
            "name": "SUSE-SU-2016:1360",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "SUSE-SU-2016:1233",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2016:1237",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
          },
          {
            "name": "RHSA-2016:0996",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "SUSE-SU-2016:1290",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2016:1273",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "USN-2959-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2959-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "87940",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/87940"
          },
          {
            "name": "RHSA-2016:0722",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
          },
          {
            "name": "FreeBSD-SA-16:17",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206903"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa123"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
        },
        {
          "name": "SSA:2016-124-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
        },
        {
          "name": "RHSA-2016:2056",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
        },
        {
          "name": "openSUSE-SU-2016:1238",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
        },
        {
          "name": "openSUSE-SU-2016:1242",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "SUSE-SU-2016:1267",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
        },
        {
          "name": "RHSA-2016:2073",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "DSA-3566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3566"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
        },
        {
          "name": "openSUSE-SU-2016:1243",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
        },
        {
          "url": "https://source.android.com/security/bulletin/2017-07-01"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "name": "SUSE-SU-2016:1228",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
        },
        {
          "name": "1035721",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035721"
        },
        {
          "name": "openSUSE-SU-2016:1239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:1206",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
        },
        {
          "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "SUSE-SU-2016:1231",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "openSUSE-SU-2016:1240",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
        },
        {
          "name": "openSUSE-SU-2016:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
        },
        {
          "name": "APPLE-SA-2016-07-18-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
        },
        {
          "name": "SUSE-SU-2016:1360",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-18"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "name": "SUSE-SU-2016:1233",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2016:1237",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
        },
        {
          "name": "RHSA-2016:0996",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "SUSE-SU-2016:1290",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2016:1273",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "USN-2959-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2959-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "87940",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/87940"
        },
        {
          "name": "RHSA-2016:0722",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
        },
        {
          "name": "FreeBSD-SA-16:17",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160503.txt"
        },
        {
          "url": "https://support.apple.com/HT206903"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa123"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2109",
    "datePublished": "2016-05-05T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.542Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-1386
Vulnerability from cvelistv5
Published
2009-06-04 16:00
Modified
2024-08-07 05:13
Severity
Summary
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
References
URLTags
http://secunia.com/advisories/38794third-party-advisory, x_refsource_SECUNIA
http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/35729third-party-advisory, x_refsource_SECUNIA
http://cvs.openssl.org/chngview?cn=17369x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2009/06/02/1mailing-list, x_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2009-1335.htmlvendor-advisory, x_refsource_REDHAT
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444vendor-advisory, x_refsource_HP
http://secunia.com/advisories/36533third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179vdb-entry, signature, x_refsource_OVAL
http://www.ubuntu.com/usn/USN-792-1vendor-advisory, x_refsource_UBUNTU
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469vdb-entry, signature, x_refsource_OVAL
http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guestx_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.ascvendor-advisory, x_refsource_NETBSD
http://secunia.com/advisories/38834third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/50963vdb-entry, x_refsource_XF
http://secunia.com/advisories/35685third-party-advisory, x_refsource_SECUNIA
https://www.exploit-db.com/exploits/8873exploit, x_refsource_EXPLOIT-DB
http://secunia.com/advisories/35571third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/35174vdb-entry, x_refsource_BID
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2010/0528vdb-entry, x_refsource_VUPEN
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:13:25.487Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "name": "35729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35729"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=17369"
          },
          {
            "name": "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
          },
          {
            "name": "RHSA-2009:1335",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
          },
          {
            "name": "HPSBMA02492",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "36533",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36533"
          },
          {
            "name": "oval:org.mitre.oval:def:11179",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179"
          },
          {
            "name": "USN-792-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-792-1"
          },
          {
            "name": "oval:org.mitre.oval:def:7469",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rt.openssl.org/Ticket/Display.html?id=1679\u0026user=guest\u0026pass=guest"
          },
          {
            "name": "NetBSD-SA2009-009",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
          },
          {
            "name": "38834",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "name": "openssl-changecipherspec-dos(50963)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50963"
          },
          {
            "name": "35685",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35685"
          },
          {
            "name": "8873",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8873"
          },
          {
            "name": "35571",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35571"
          },
          {
            "name": "SUSE-SR:2009:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
          },
          {
            "name": "35174",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35174"
          },
          {
            "name": "SSRT100079",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "ADV-2010-0528",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "38794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38794"
        },
        {
          "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
        },
        {
          "name": "35729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35729"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=17369"
        },
        {
          "name": "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
        },
        {
          "name": "RHSA-2009:1335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
        },
        {
          "name": "HPSBMA02492",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
        },
        {
          "name": "36533",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36533"
        },
        {
          "name": "oval:org.mitre.oval:def:11179",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179"
        },
        {
          "name": "USN-792-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-792-1"
        },
        {
          "name": "oval:org.mitre.oval:def:7469",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rt.openssl.org/Ticket/Display.html?id=1679\u0026user=guest\u0026pass=guest"
        },
        {
          "name": "NetBSD-SA2009-009",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
        },
        {
          "name": "38834",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38834"
        },
        {
          "name": "openssl-changecipherspec-dos(50963)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50963"
        },
        {
          "name": "35685",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35685"
        },
        {
          "name": "8873",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8873"
        },
        {
          "name": "35571",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35571"
        },
        {
          "name": "SUSE-SR:2009:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
        },
        {
          "name": "35174",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35174"
        },
        {
          "name": "SSRT100079",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
        },
        {
          "name": "ADV-2010-0528",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0528"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-1386",
    "datePublished": "2009-06-04T16:00:00",
    "dateReserved": "2009-04-23T00:00:00",
    "dateUpdated": "2024-08-07T05:13:25.487Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-0014
Vulnerability from cvelistv5
Published
2011-02-18 23:00
Modified
2024-08-06 21:36
Severity
Summary
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."
References
URLTags
http://www.vupen.com/english/advisories/2011/0361vdb-entry, x_refsource_VUPEN
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.668823vendor-advisory, x_refsource_SLACKWARE
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564x_refsource_CONFIRM
http://osvdb.org/70847vdb-entry, x_refsource_OSVDB
http://support.apple.com/kb/HT4723x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2011/0399vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2011-0677.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/43301third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985vdb-entry, signature, x_refsource_OVAL
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.vupen.com/english/advisories/2011/0387vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/43286third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlvendor-advisory, x_refsource_SUSE
http://www.debian.org/security/2011/dsa-2162vendor-advisory, x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2011/0395vdb-entry, x_refsource_VUPEN
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.ascvendor-advisory, x_refsource_NETBSD
http://www.ubuntu.com/usn/USN-1064-1vendor-advisory, x_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=130497251507577&w=2vendor-advisory, x_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777vendor-advisory, x_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777vendor-advisory, x_refsource_HP
http://secunia.com/advisories/43227third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0389vdb-entry, x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2011:028vendor-advisory, x_refsource_MANDRIVA
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.htmlvendor-advisory, x_refsource_FEDORA
http://www.securityfocus.com/bid/46264vdb-entry, x_refsource_BID
http://secunia.com/advisories/57353third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=131042179515633&w=2vendor-advisory, x_refsource_HP
http://www.openssl.org/news/secadv_20110208.txtx_refsource_CONFIRM
http://secunia.com/advisories/44269third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=130497251507577&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/43339third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=131042179515633&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2011/0603vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1025050vdb-entry, x_refsource_SECTRACK
https://support.f5.com/csp/article/K10534046x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:36:02.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-0361",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0361"
          },
          {
            "name": "SSA:2011-041-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.668823"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "70847",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70847"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4723"
          },
          {
            "name": "ADV-2011-0399",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0399"
          },
          {
            "name": "RHSA-2011:0677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0677.html"
          },
          {
            "name": "43301",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43301"
          },
          {
            "name": "oval:org.mitre.oval:def:18985",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985"
          },
          {
            "name": "APPLE-SA-2011-06-23-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
          },
          {
            "name": "ADV-2011-0387",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0387"
          },
          {
            "name": "43286",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43286"
          },
          {
            "name": "SUSE-SR:2011:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
          },
          {
            "name": "DSA-2162",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2162"
          },
          {
            "name": "ADV-2011-0395",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0395"
          },
          {
            "name": "NetBSD-SA2011-002",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc"
          },
          {
            "name": "USN-1064-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1064-1"
          },
          {
            "name": "SSRT100475",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
          },
          {
            "name": "HPSBMA02658",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
          },
          {
            "name": "SSRT100413",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
          },
          {
            "name": "43227",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43227"
          },
          {
            "name": "ADV-2011-0389",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0389"
          },
          {
            "name": "MDVSA-2011:028",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:028"
          },
          {
            "name": "FEDORA-2011-1273",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html"
          },
          {
            "name": "46264",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46264"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "HPSBUX02689",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20110208.txt"
          },
          {
            "name": "44269",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44269"
          },
          {
            "name": "HPSBOV02670",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
          },
          {
            "name": "43339",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43339"
          },
          {
            "name": "SSRT100494",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2"
          },
          {
            "name": "ADV-2011-0603",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0603"
          },
          {
            "name": "1025050",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025050"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K10534046"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka \"OCSP stapling vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T17:06:06",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "ADV-2011-0361",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0361"
        },
        {
          "name": "SSA:2011-041-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.668823"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "70847",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70847"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4723"
        },
        {
          "name": "ADV-2011-0399",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0399"
        },
        {
          "name": "RHSA-2011:0677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0677.html"
        },
        {
          "name": "43301",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43301"
        },
        {
          "name": "oval:org.mitre.oval:def:18985",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985"
        },
        {
          "name": "APPLE-SA-2011-06-23-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
        },
        {
          "name": "ADV-2011-0387",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0387"
        },
        {
          "name": "43286",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43286"
        },
        {
          "name": "SUSE-SR:2011:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
        },
        {
          "name": "DSA-2162",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2162"
        },
        {
          "name": "ADV-2011-0395",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0395"
        },
        {
          "name": "NetBSD-SA2011-002",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc"
        },
        {
          "name": "USN-1064-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1064-1"
        },
        {
          "name": "SSRT100475",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
        },
        {
          "name": "HPSBMA02658",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
        },
        {
          "name": "SSRT100413",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
        },
        {
          "name": "43227",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43227"
        },
        {
          "name": "ADV-2011-0389",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0389"
        },
        {
          "name": "MDVSA-2011:028",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:028"
        },
        {
          "name": "FEDORA-2011-1273",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html"
        },
        {
          "name": "46264",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46264"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "HPSBUX02689",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20110208.txt"
        },
        {
          "name": "44269",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44269"
        },
        {
          "name": "HPSBOV02670",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
        },
        {
          "name": "43339",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43339"
        },
        {
          "name": "SSRT100494",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2"
        },
        {
          "name": "ADV-2011-0603",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0603"
        },
        {
          "name": "1025050",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025050"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K10534046"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-0014",
    "datePublished": "2011-02-18T23:00:00",
    "dateReserved": "2010-12-07T00:00:00",
    "dateUpdated": "2024-08-06T21:36:02.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-5139
Vulnerability from cvelistv5
Published
2014-08-13 23:00
Modified
2024-08-06 11:34
Severity
Summary
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.
References
URLTags
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.htmlvendor-advisory, x_refsource_SUSE
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.htmlx_refsource_CONFIRM
http://secunia.com/advisories/60221third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21682293x_refsource_CONFIRM
http://secunia.com/advisories/61184third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/60022third-party-advisory, x_refsource_SECUNIA
https://www.openssl.org/news/secadv_20140806.txtx_refsource_CONFIRM
http://secunia.com/advisories/61017third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142350350616251&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21683389x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142791032306609&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142624619906067&w=2vendor-advisory, x_refsource_HP
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htmx_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201412-39.xmlvendor-advisory, x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/69077vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=142495837901899&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/60803third-party-advisory, x_refsource_SECUNIA
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=80bd7b41b30af6ee96f519e629463583318de3b0x_refsource_CONFIRM
http://secunia.com/advisories/59700third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id/1030693vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/60917third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142350350616251&w=2vendor-advisory, x_refsource_HP
http://www.tenable.com/security/tns-2014-06x_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.ascvendor-advisory, x_refsource_NETBSD
http://secunia.com/advisories/60493third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59710third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60921third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60810third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142624679706236&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240x_refsource_CONFIRM
http://secunia.com/advisories/61100third-party-advisory, x_refsource_SECUNIA
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://secunia.com/advisories/61775third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142495837901899&w=2vendor-advisory, x_refsource_HP
http://www.debian.org/security/2014/dsa-2998vendor-advisory, x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=143290437727362&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142624719706349&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61959third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59756third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142624719706349&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142624590206005&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=143290522027658&w=2vendor-advisory, x_refsource_HP
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.ascx_refsource_CONFIRM
http://secunia.com/advisories/61392third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142624679706236&w=2vendor-advisory, x_refsource_HP
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/61171third-party-advisory, x_refsource_SECUNIA
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=83764a989dcc87fbea337da5f8f86806fe767b7ex_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142624619906067vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21686997x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:34:37.376Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2014:1052",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html"
          },
          {
            "name": "60221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
          },
          {
            "name": "61184",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61184"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "60022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60022"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20140806.txt"
          },
          {
            "name": "61017",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61017"
          },
          {
            "name": "SSRT101818",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
          },
          {
            "name": "HPSBMU03304",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
          },
          {
            "name": "HPSBMU03259",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
          },
          {
            "name": "GLSA-201412-39",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "69077",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69077"
          },
          {
            "name": "HPSBMU03260",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "name": "60803",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60803"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=80bd7b41b30af6ee96f519e629463583318de3b0"
          },
          {
            "name": "59700",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59700"
          },
          {
            "name": "1030693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030693"
          },
          {
            "name": "60917",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60917"
          },
          {
            "name": "HPSBMU03216",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.tenable.com/security/tns-2014-06"
          },
          {
            "name": "NetBSD-SA2014-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
          },
          {
            "name": "60493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60493"
          },
          {
            "name": "59710",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59710"
          },
          {
            "name": "60921",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60921"
          },
          {
            "name": "60810",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60810"
          },
          {
            "name": "HPSBMU03283",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
          },
          {
            "name": "61100",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61100"
          },
          {
            "name": "FreeBSD-SA-14:18",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
          },
          {
            "name": "61775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61775"
          },
          {
            "name": "SSRT101894",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "name": "DSA-2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2998"
          },
          {
            "name": "HPSBMU03263",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
          },
          {
            "name": "SSRT101921",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
          },
          {
            "name": "61959",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61959"
          },
          {
            "name": "59756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59756"
          },
          {
            "name": "HPSBMU03262",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
          },
          {
            "name": "HPSBMU03267",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
          },
          {
            "name": "HPSBMU03261",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
          },
          {
            "name": "61392",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61392"
          },
          {
            "name": "SSRT101916",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
          },
          {
            "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
          },
          {
            "name": "61171",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61171"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=83764a989dcc87fbea337da5f8f86806fe767b7e"
          },
          {
            "name": "SSRT101922",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-04T20:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "openSUSE-SU-2014:1052",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html"
        },
        {
          "name": "60221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
        },
        {
          "name": "61184",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61184"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "60022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60022"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20140806.txt"
        },
        {
          "name": "61017",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61017"
        },
        {
          "name": "SSRT101818",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
        },
        {
          "name": "HPSBMU03304",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
        },
        {
          "name": "HPSBMU03259",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
        },
        {
          "name": "GLSA-201412-39",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "69077",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69077"
        },
        {
          "name": "HPSBMU03260",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "name": "60803",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60803"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=80bd7b41b30af6ee96f519e629463583318de3b0"
        },
        {
          "name": "59700",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59700"
        },
        {
          "name": "1030693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030693"
        },
        {
          "name": "60917",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60917"
        },
        {
          "name": "HPSBMU03216",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.tenable.com/security/tns-2014-06"
        },
        {
          "name": "NetBSD-SA2014-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
        },
        {
          "name": "60493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60493"
        },
        {
          "name": "59710",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59710"
        },
        {
          "name": "60921",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60921"
        },
        {
          "name": "60810",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60810"
        },
        {
          "name": "HPSBMU03283",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
        },
        {
          "name": "61100",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61100"
        },
        {
          "name": "FreeBSD-SA-14:18",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
        },
        {
          "name": "61775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61775"
        },
        {
          "name": "SSRT101894",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "name": "DSA-2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2998"
        },
        {
          "name": "HPSBMU03263",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
        },
        {
          "name": "SSRT101921",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
        },
        {
          "name": "61959",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61959"
        },
        {
          "name": "59756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59756"
        },
        {
          "name": "HPSBMU03262",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
        },
        {
          "name": "HPSBMU03267",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
        },
        {
          "name": "HPSBMU03261",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
        },
        {
          "name": "61392",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61392"
        },
        {
          "name": "SSRT101916",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
        },
        {
          "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
        },
        {
          "name": "61171",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61171"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=83764a989dcc87fbea337da5f8f86806fe767b7e"
        },
        {
          "name": "SSRT101922",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2014-5139",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2014:1052",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
            },
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html",
              "refsource": "CONFIRM",
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html"
            },
            {
              "name": "60221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60221"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
            },
            {
              "name": "61184",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61184"
            },
            {
              "name": "SSRT101846",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "60022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60022"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20140806.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20140806.txt"
            },
            {
              "name": "61017",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61017"
            },
            {
              "name": "SSRT101818",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
            },
            {
              "name": "HPSBMU03304",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
            },
            {
              "name": "HPSBMU03259",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
            },
            {
              "name": "GLSA-201412-39",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
            },
            {
              "name": "HPSBHF03293",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "69077",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69077"
            },
            {
              "name": "HPSBMU03260",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
            },
            {
              "name": "60803",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60803"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0"
            },
            {
              "name": "59700",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59700"
            },
            {
              "name": "1030693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030693"
            },
            {
              "name": "60917",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60917"
            },
            {
              "name": "HPSBMU03216",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
            },
            {
              "name": "http://www.tenable.com/security/tns-2014-06",
              "refsource": "CONFIRM",
              "url": "http://www.tenable.com/security/tns-2014-06"
            },
            {
              "name": "NetBSD-SA2014-008",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
            },
            {
              "name": "60493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60493"
            },
            {
              "name": "59710",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59710"
            },
            {
              "name": "60921",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60921"
            },
            {
              "name": "60810",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60810"
            },
            {
              "name": "HPSBMU03283",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
            },
            {
              "name": "61100",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61100"
            },
            {
              "name": "FreeBSD-SA-14:18",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
            },
            {
              "name": "61775",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61775"
            },
            {
              "name": "SSRT101894",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
            },
            {
              "name": "DSA-2998",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2998"
            },
            {
              "name": "HPSBMU03263",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
            },
            {
              "name": "SSRT101921",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
            },
            {
              "name": "61959",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61959"
            },
            {
              "name": "59756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59756"
            },
            {
              "name": "HPSBMU03262",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
            },
            {
              "name": "HPSBMU03267",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
            },
            {
              "name": "HPSBMU03261",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
            },
            {
              "name": "61392",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61392"
            },
            {
              "name": "SSRT101916",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
            },
            {
              "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
              "refsource": "MLIST",
              "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
            },
            {
              "name": "61171",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61171"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=83764a989dcc87fbea337da5f8f86806fe767b7e",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=83764a989dcc87fbea337da5f8f86806fe767b7e"
            },
            {
              "name": "SSRT101922",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2014-5139",
    "datePublished": "2014-08-13T23:00:00",
    "dateReserved": "2014-07-30T00:00:00",
    "dateUpdated": "2024-08-06T11:34:37.376Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-1790
Vulnerability from cvelistv5
Published
2015-06-12 00:00
Modified
2024-08-06 04:54
Severity
Summary
The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.
References
URLTags
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=143880121627664&w=2vendor-advisory
http://www.debian.org/security/2015/dsa-3287vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlvendor-advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.htmlvendor-advisory
http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965
https://openssl.org/news/secadv/20150611.txt
http://rhn.redhat.com/errata/RHSA-2015-1115.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://rhn.redhat.com/errata/RHSA-2015-1197.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.securitytracker.com/id/1032564vdb-entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-opensslvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.htmlvendor-advisory
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-2639-1vendor-advisory
http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
https://security.gentoo.org/glsa/201506-02vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.securityfocus.com/bid/91787vdb-entry
https://github.com/openssl/openssl/commit/59302b600e8d5b77ef144e447bb046fd7ab72686
http://marc.info/?l=bugtraq&m=143880121627664&w=2vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.htmlvendor-advisory
https://support.apple.com/kb/HT205031
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlvendor-advisory
https://bto.bluecoat.com/security-advisory/sa98
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.ascvendor-advisory
https://www.openssl.org/news/secadv_20150611.txt
http://www.securityfocus.com/bid/75157vdb-entry
http://marc.info/?l=bugtraq&m=143654156615516&w=2vendor-advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:54:15.966Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2015:1184",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
          },
          {
            "name": "SSRT102180",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
          },
          {
            "name": "DSA-3287",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3287"
          },
          {
            "name": "SUSE-SU-2015:1150",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
          },
          {
            "name": "SUSE-SU-2015:1183",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://openssl.org/news/secadv/20150611.txt"
          },
          {
            "name": "RHSA-2015:1115",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "RHSA-2015:1197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "SUSE-SU-2015:1182",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "SUSE-SU-2015:1143",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "1032564",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032564"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
          },
          {
            "name": "FEDORA-2015-10108",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "SUSE-SU-2015:1181",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
          },
          {
            "name": "APPLE-SA-2015-08-13-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
          },
          {
            "name": "USN-2639-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2639-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
          },
          {
            "name": "GLSA-201506-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201506-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/59302b600e8d5b77ef144e447bb046fd7ab72686"
          },
          {
            "name": "HPSBUX03388",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
          },
          {
            "name": "FEDORA-2015-10047",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT205031"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "SUSE-SU-2015:1185",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
          },
          {
            "name": "openSUSE-SU-2015:1139",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa98"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10733"
          },
          {
            "name": "NetBSD-SA2015-008",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150611.txt"
          },
          {
            "name": "75157",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75157"
          },
          {
            "name": "HPSBGN03371",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143654156615516\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SU-2015:1184",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
        },
        {
          "name": "SSRT102180",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
        },
        {
          "name": "DSA-3287",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3287"
        },
        {
          "name": "SUSE-SU-2015:1150",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
        },
        {
          "name": "SUSE-SU-2015:1183",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
        },
        {
          "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965"
        },
        {
          "url": "https://openssl.org/news/secadv/20150611.txt"
        },
        {
          "name": "RHSA-2015:1115",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "RHSA-2015:1197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "SUSE-SU-2015:1182",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "SUSE-SU-2015:1143",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "1032564",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032564"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
        },
        {
          "name": "FEDORA-2015-10108",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "name": "SUSE-SU-2015:1181",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
        },
        {
          "name": "APPLE-SA-2015-08-13-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
        },
        {
          "name": "USN-2639-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2639-1"
        },
        {
          "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
        },
        {
          "name": "GLSA-201506-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201506-02"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/59302b600e8d5b77ef144e447bb046fd7ab72686"
        },
        {
          "name": "HPSBUX03388",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
        },
        {
          "name": "FEDORA-2015-10047",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html"
        },
        {
          "url": "https://support.apple.com/kb/HT205031"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "SUSE-SU-2015:1185",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
        },
        {
          "name": "openSUSE-SU-2015:1139",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa98"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10733"
        },
        {
          "name": "NetBSD-SA2015-008",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150611.txt"
        },
        {
          "name": "75157",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/75157"
        },
        {
          "name": "HPSBGN03371",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143654156615516\u0026w=2"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-1790",
    "datePublished": "2015-06-12T00:00:00",
    "dateReserved": "2015-02-17T00:00:00",
    "dateUpdated": "2024-08-06T04:54:15.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-4354
Vulnerability from cvelistv5
Published
2012-01-27 00:00
Modified
2024-08-07 00:01
Severity
Summary
crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.
References
URLTags
http://crypto.di.uminho.pt/CACE/CT-RSA2012-openssl-src.zipx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=757909x_refsource_CONFIRM
http://openwall.com/lists/oss-security/2011/12/01/6mailing-list, x_refsource_MLIST
http://eprint.iacr.org/2011/633x_refsource_MISC
http://rt.openssl.org/Ticket/Display.html?id=1593&user=guest&pass=guestx_refsource_CONFIRM
http://cvs.openssl.org/filediff?f=openssl/crypto/bn/bn_nist.c&v1=1.14&v2=1.21x_refsource_CONFIRM
http://www.debian.org/security/2012/dsa-2390vendor-advisory, x_refsource_DEBIAN
http://marc.info/?t=119271238800004x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:01:51.637Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://crypto.di.uminho.pt/CACE/CT-RSA2012-openssl-src.zip"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=757909"
          },
          {
            "name": "[oss-security] 20111201 CVE-2011-4354 OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/12/01/6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://eprint.iacr.org/2011/633"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rt.openssl.org/Ticket/Display.html?id=1593\u0026user=guest\u0026pass=guest"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/filediff?f=openssl/crypto/bn/bn_nist.c\u0026v1=1.14\u0026v2=1.21"
          },
          {
            "name": "DSA-2390",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2390"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://marc.info/?t=119271238800004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-11-06T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://crypto.di.uminho.pt/CACE/CT-RSA2012-openssl-src.zip"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=757909"
        },
        {
          "name": "[oss-security] 20111201 CVE-2011-4354 OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/12/01/6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://eprint.iacr.org/2011/633"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rt.openssl.org/Ticket/Display.html?id=1593\u0026user=guest\u0026pass=guest"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/filediff?f=openssl/crypto/bn/bn_nist.c\u0026v1=1.14\u0026v2=1.21"
        },
        {
          "name": "DSA-2390",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2390"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://marc.info/?t=119271238800004"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4354",
    "datePublished": "2012-01-27T00:00:00",
    "dateReserved": "2011-11-04T00:00:00",
    "dateUpdated": "2024-08-07T00:01:51.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-1672
Vulnerability from cvelistv5
Published
2008-05-29 16:00
Modified
2024-08-07 08:32
Severity
Summary
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
References
URLTags
http://cert.fi/haavoittuvuudet/2008/advisory-openssl.htmlx_refsource_MISC
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004vendor-advisory, x_refsource_SLACKWARE
http://secunia.com/advisories/30852third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.htmlvendor-advisory, x_refsource_FEDORA
https://exchange.xforce.ibmcloud.com/vulnerabilities/42667vdb-entry, x_refsource_XF
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400x_refsource_MISC
http://secunia.com/advisories/30460third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30825third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/1680vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/492932/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.ubuntu.com/usn/usn-620-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/30868third-party-advisory, x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20080528.txtx_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200806-08.xmlvendor-advisory, x_refsource_GENTOO
http://sourceforge.net/project/shownotes.php?release_id=615606x_refsource_CONFIRM
http://secunia.com/advisories/31288third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30405third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/29405vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1020122vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2008/1937/referencesvdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/31228third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:107vendor-advisory, x_refsource_MANDRIVA
http://www.kb.cert.org/vuls/id/520586third-party-advisory, x_refsource_CERT-VN
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:32:01.259Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html"
          },
          {
            "name": "SSA:2008-210-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.562004"
          },
          {
            "name": "30852",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30852"
          },
          {
            "name": "FEDORA-2008-4723",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html"
          },
          {
            "name": "openssl-serverkey-dos(42667)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42667"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=738400"
          },
          {
            "name": "30460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30460"
          },
          {
            "name": "30825",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30825"
          },
          {
            "name": "ADV-2008-1680",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1680"
          },
          {
            "name": "20080602 rPSA-2008-0181-1 openssl openssl-scripts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/492932/100/0/threaded"
          },
          {
            "name": "USN-620-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-620-1"
          },
          {
            "name": "30868",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30868"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20080528.txt"
          },
          {
            "name": "GLSA-200806-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200806-08.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=615606"
          },
          {
            "name": "31288",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31288"
          },
          {
            "name": "30405",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30405"
          },
          {
            "name": "29405",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29405"
          },
          {
            "name": "1020122",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020122"
          },
          {
            "name": "ADV-2008-1937",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1937/references"
          },
          {
            "name": "31228",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31228"
          },
          {
            "name": "MDVSA-2008:107",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:107"
          },
          {
            "name": "VU#520586",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/520586"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses \"particular cipher suites,\" which triggers a NULL pointer dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html"
        },
        {
          "name": "SSA:2008-210-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.562004"
        },
        {
          "name": "30852",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30852"
        },
        {
          "name": "FEDORA-2008-4723",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html"
        },
        {
          "name": "openssl-serverkey-dos(42667)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42667"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=738400"
        },
        {
          "name": "30460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30460"
        },
        {
          "name": "30825",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30825"
        },
        {
          "name": "ADV-2008-1680",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1680"
        },
        {
          "name": "20080602 rPSA-2008-0181-1 openssl openssl-scripts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/492932/100/0/threaded"
        },
        {
          "name": "USN-620-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-620-1"
        },
        {
          "name": "30868",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30868"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20080528.txt"
        },
        {
          "name": "GLSA-200806-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200806-08.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=615606"
        },
        {
          "name": "31288",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31288"
        },
        {
          "name": "30405",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30405"
        },
        {
          "name": "29405",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29405"
        },
        {
          "name": "1020122",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020122"
        },
        {
          "name": "ADV-2008-1937",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1937/references"
        },
        {
          "name": "31228",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31228"
        },
        {
          "name": "MDVSA-2008:107",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:107"
        },
        {
          "name": "VU#520586",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/520586"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-1672",
    "datePublished": "2008-05-29T16:00:00",
    "dateReserved": "2008-04-03T00:00:00",
    "dateUpdated": "2024-08-07T08:32:01.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0701
Vulnerability from cvelistv5
Published
2016-02-15 00:00
Modified
2024-08-05 22:30
Severity
Summary
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
References
URLTags
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.htmlvendor-advisory
http://www.securitytracker.com/id/1034849vdb-entry
https://security.gentoo.org/glsa/201601-05vendor-advisory
http://www.securityfocus.com/bid/82233vdb-entry
http://www.securityfocus.com/bid/91787vdb-entry
https://www.kb.cert.org/vuls/id/257823third-party-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-2883-1vendor-advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/security-alerts/cpujan2020.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821
http://www.openssl.org/news/secadv/20160128.txt
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893
http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://www.oracle.com/security-alerts/cpuoct2020.html
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:03.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2016-527018d2ff",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html"
          },
          {
            "name": "1034849",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034849"
          },
          {
            "name": "GLSA-201601-05",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201601-05"
          },
          {
            "name": "82233",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/82233"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "VU#257823",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/257823"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "name": "USN-2883-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2883-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv/20160128.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03724en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2016-527018d2ff",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html"
        },
        {
          "name": "1034849",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034849"
        },
        {
          "name": "GLSA-201601-05",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201601-05"
        },
        {
          "name": "82233",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/82233"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "VU#257823",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.kb.cert.org/vuls/id/257823"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "name": "USN-2883-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2883-1"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821"
        },
        {
          "url": "http://www.openssl.org/news/secadv/20160128.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893"
        },
        {
          "url": "http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03724en_us"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0701",
    "datePublished": "2016-02-15T00:00:00",
    "dateReserved": "2015-12-16T00:00:00",
    "dateUpdated": "2024-08-05T22:30:03.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-1794
Vulnerability from cvelistv5
Published
2015-12-06 00:00
Modified
2024-08-06 04:54
Severity
Summary
The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.
References
URLTags
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-opensslvendor-advisory
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583vendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://www.ubuntu.com/usn/USN-2830-1vendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://openssl.org/news/secadv/20151203.txt
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=ada57746b6b80beae73111fe1291bf8dd89af91c
http://www.securitytracker.com/id/1034294vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlvendor-advisory
http://fortiguard.com/advisory/openssl-advisory-december-2015
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:54:16.274Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
          },
          {
            "name": "SSA:2015-349-04",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
          },
          {
            "name": "USN-2830-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2830-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20151203.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=ada57746b6b80beae73111fe1291bf8dd89af91c"
          },
          {
            "name": "1034294",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034294"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
        },
        {
          "name": "SSA:2015-349-04",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
        },
        {
          "name": "USN-2830-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2830-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "url": "http://openssl.org/news/secadv/20151203.txt"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=ada57746b6b80beae73111fe1291bf8dd89af91c"
        },
        {
          "name": "1034294",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034294"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-1794",
    "datePublished": "2015-12-06T00:00:00",
    "dateReserved": "2015-02-17T00:00:00",
    "dateUpdated": "2024-08-06T04:54:16.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6305
Vulnerability from cvelistv5
Published
2016-09-26 00:00
Modified
2024-08-06 01:29
Severity
Summary
The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.
References
URLTags
https://www.openssl.org/news/secadv/20160922.txt
https://www.tenable.com/security/tns-2016-20
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securitytracker.com/id/1036879vdb-entry
https://security.gentoo.org/glsa/201612-16vendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=63658103d4441924f8dbfc517b99bb54758a98b9
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-21
http://www.securityfocus.com/bid/93149vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://github.com/openssl/openssl/issues/1563
https://bto.bluecoat.com/security-advisory/sa132
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:19.058Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160922.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "1036879",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036879"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=63658103d4441924f8dbfc517b99bb54758a98b9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "name": "93149",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93149"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/issues/1563"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20160922.txt"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "1036879",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036879"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=63658103d4441924f8dbfc517b99bb54758a98b9"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "name": "93149",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/93149"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://github.com/openssl/openssl/issues/1563"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6305",
    "datePublished": "2016-09-26T00:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:19.058Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1551
Vulnerability from cvelistv5
Published
2019-12-06 17:20
Modified
2024-09-16 19:40
Severity
Summary
rsaz_512_sqr overflow bug on x86_64
References
URLTags
https://seclists.org/bugtraq/2019/Dec/39mailing-list, x_refsource_BUGTRAQ
https://www.debian.org/security/2019/dsa-4594vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Dec/46mailing-list, x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/202004-10vendor-advisory, x_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/vendor-advisory, x_refsource_FEDORA
https://usn.ubuntu.com/4376-1/vendor-advisory, x_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2019-09x_refsource_CONFIRM
https://www.openssl.org/news/secadv/20191206.txtx_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=419102400a2811582a7a3d4a4e317d72e5ce0a8fx_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f1c5eea8a817075d31e43f5876993c6710238c98x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20191210-0001/x_refsource_CONFIRM
http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2020-03x_refsource_CONFIRM
https://usn.ubuntu.com/4504-1/vendor-advisory, x_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2020-11x_refsource_CONFIRM
https://www.debian.org/security/2021/dsa-4855vendor-advisory, x_refsource_DEBIAN
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2021-10x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2022/03/msg00023.htmlmailing-list, x_refsource_MLIST
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:28.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20191225 [slackware-security] openssl (SSA:2019-354-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Dec/39"
          },
          {
            "name": "DSA-4594",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4594"
          },
          {
            "name": "20191229 [SECURITY] [DSA 4594-1] openssl1.0 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Dec/46"
          },
          {
            "name": "openSUSE-SU-2020:0062",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html"
          },
          {
            "name": "GLSA-202004-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202004-10"
          },
          {
            "name": "FEDORA-2020-fcc91a28e8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
          },
          {
            "name": "FEDORA-2020-da2d1ef2d7",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
          },
          {
            "name": "FEDORA-2020-d7b29838f6",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
          },
          {
            "name": "USN-4376-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4376-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-09"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20191206.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=419102400a2811582a7a3d4a4e317d72e5ce0a8f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f1c5eea8a817075d31e43f5876993c6710238c98"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191210-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2020-03"
          },
          {
            "name": "USN-4504-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4504-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2020-11"
          },
          {
            "name": "DSA-4855",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4855"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-10"
          },
          {
            "name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "OSS-Fuzz and Guido Vranken"
        }
      ],
      "datePublic": "2019-12-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Integer overflow bug",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-17T11:06:09",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "20191225 [slackware-security] openssl (SSA:2019-354-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Dec/39"
        },
        {
          "name": "DSA-4594",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4594"
        },
        {
          "name": "20191229 [SECURITY] [DSA 4594-1] openssl1.0 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Dec/46"
        },
        {
          "name": "openSUSE-SU-2020:0062",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html"
        },
        {
          "name": "GLSA-202004-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202004-10"
        },
        {
          "name": "FEDORA-2020-fcc91a28e8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
        },
        {
          "name": "FEDORA-2020-da2d1ef2d7",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
        },
        {
          "name": "FEDORA-2020-d7b29838f6",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
        },
        {
          "name": "USN-4376-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4376-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2019-09"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20191206.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=419102400a2811582a7a3d4a4e317d72e5ce0a8f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f1c5eea8a817075d31e43f5876993c6710238c98"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191210-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2020-03"
        },
        {
          "name": "USN-4504-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4504-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2020-11"
        },
        {
          "name": "DSA-4855",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4855"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-10"
        },
        {
          "name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
        }
      ],
      "title": "rsaz_512_sqr overflow bug on x86_64",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2019-12-06",
          "ID": "CVE-2019-1551",
          "STATE": "PUBLIC",
          "TITLE": "rsaz_512_sqr overflow bug on x86_64"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d)"
                          },
                          {
                            "version_value": "Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "OSS-Fuzz and Guido Vranken"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Low",
            "value": "Low"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Integer overflow bug"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20191225 [slackware-security] openssl (SSA:2019-354-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Dec/39"
            },
            {
              "name": "DSA-4594",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4594"
            },
            {
              "name": "20191229 [SECURITY] [DSA 4594-1] openssl1.0 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Dec/46"
            },
            {
              "name": "openSUSE-SU-2020:0062",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html"
            },
            {
              "name": "GLSA-202004-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202004-10"
            },
            {
              "name": "FEDORA-2020-fcc91a28e8",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
            },
            {
              "name": "FEDORA-2020-da2d1ef2d7",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
            },
            {
              "name": "FEDORA-2020-d7b29838f6",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
            },
            {
              "name": "USN-4376-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4376-1/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2019-09",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2019-09"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20191206.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20191206.txt"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191210-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191210-0001/"
            },
            {
              "name": "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-03",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2020-03"
            },
            {
              "name": "USN-4504-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4504-1/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-11",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2020-11"
            },
            {
              "name": "DSA-4855",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4855"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-10",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-10"
            },
            {
              "name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2019-1551",
    "datePublished": "2019-12-06T17:20:14.842234Z",
    "dateReserved": "2018-11-28T00:00:00",
    "dateUpdated": "2024-09-16T19:40:14.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-5678
Vulnerability from cvelistv5
Published
2023-11-06 15:47
Modified
2024-08-02 08:07
Severity
Summary
Excessive time spent in DH check / generation with large Q parameter value
References
URLTags
https://www.openssl.org/news/secadv/20231106.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0cpatch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6patch
https://security.netapp.com/advisory/ntap-20231130-0010/
http://www.openwall.com/lists/oss-security/2024/03/11/1
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:07:32.546Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20231106.txt"
          },
          {
            "name": "1.0.2zj git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055"
          },
          {
            "name": "1.1.1x git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c"
          },
          {
            "name": "3.0.13 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017"
          },
          {
            "name": "3.1.5 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231130-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "1.0.2zj",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            },
            {
              "lessThan": "1.1.1x",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "3.0.13",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1.5",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "David Benjamin (Google)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Richard Levitte"
        }
      ],
      "datePublic": "2023-11-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Generating excessively long X9.42 DH keys or checking\u003cbr\u003eexcessively long X9.42 DH keys or parameters may be very slow.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the functions DH_generate_key() to\u003cbr\u003egenerate an X9.42 DH key may experience long delays.  Likewise, applications\u003cbr\u003ethat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\u003cbr\u003eto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\u003cbr\u003eWhere the key or parameters that are being checked have been obtained from\u003cbr\u003ean untrusted source this may lead to a Denial of Service.\u003cbr\u003e\u003cbr\u003eWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\u003cbr\u003eDH_check_pub_key() doesn\u0027t make any of these checks, and is therefore\u003cbr\u003evulnerable for excessively large P and Q parameters.\u003cbr\u003e\u003cbr\u003eLikewise, while DH_generate_key() performs a check for an excessively large\u003cbr\u003eP, it doesn\u0027t check for an excessively large Q.\u003cbr\u003e\u003cbr\u003eAn application that calls DH_generate_key() or DH_check_pub_key() and\u003cbr\u003esupplies a key or parameters obtained from an untrusted source could be\u003cbr\u003evulnerable to a Denial of Service attack.\u003cbr\u003e\u003cbr\u003eDH_generate_key() and DH_check_pub_key() are also called by a number of\u003cbr\u003eother OpenSSL functions.  An application calling any of those other\u003cbr\u003efunctions may similarly be affected.  The other functions affected by this\u003cbr\u003eare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\u003cbr\u003e\u003cbr\u003eAlso vulnerable are the OpenSSL pkey command line application when using the\u003cbr\u003e\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays.  Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn\u0027t make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn\u0027t check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions.  An application calling any of those other\nfunctions may similarly be affected.  The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n"
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "LOW"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Excessive Iteration",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-07T13:51:56.427Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20231106.txt"
        },
        {
          "name": "1.0.2zj git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055"
        },
        {
          "name": "1.1.1x git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c"
        },
        {
          "name": "3.0.13 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017"
        },
        {
          "name": "3.1.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231130-0010/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Excessive time spent in DH check / generation with large Q parameter value",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-5678",
    "datePublished": "2023-11-06T15:47:30.795Z",
    "dateReserved": "2023-10-20T09:38:43.518Z",
    "dateUpdated": "2024-08-02T08:07:32.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0733
Vulnerability from cvelistv5
Published
2018-03-27 00:00
Modified
2024-08-05 03:35
Severity
Summary
Incorrect CRYPTO_memcmp on HP-UX PA-RISC
References
URLTags
https://www.tenable.com/security/tns-2018-07x_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-04x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://security.gentoo.org/glsa/201811-21vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/103517vdb-entry, x_refsource_BID
https://www.tenable.com/security/tns-2018-06x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180330-0002/x_refsource_CONFIRM
http://www.securitytracker.com/id/1040576vdb-entry, x_refsource_SECTRACK
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2fx_refsource_CONFIRM
https://www.openssl.org/news/secadv/20180327.txtx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:49.271Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-07"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-04"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "GLSA-201811-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-21"
          },
          {
            "name": "103517",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103517"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-06"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180330-0002/"
          },
          {
            "name": "1040576",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040576"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20180327.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Peter Waltenberg (IBM)"
        }
      ],
      "datePublic": "2018-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Message forgery",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-23T22:31:34",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-07"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-04"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "name": "GLSA-201811-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-21"
        },
        {
          "name": "103517",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103517"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-06"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180330-0002/"
        },
        {
          "name": "1040576",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040576"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20180327.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        }
      ],
      "title": "Incorrect CRYPTO_memcmp on HP-UX PA-RISC",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2018-03-27",
          "ID": "CVE-2018-0733",
          "STATE": "PUBLIC",
          "TITLE": "Incorrect CRYPTO_memcmp on HP-UX PA-RISC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Peter Waltenberg (IBM)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
            "value": "Moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Message forgery"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/tns-2018-07",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-07"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-04",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-04"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "GLSA-201811-21",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-21"
            },
            {
              "name": "103517",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103517"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-06",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-06"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180330-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180330-0002/"
            },
            {
              "name": "1040576",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040576"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20180327.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20180327.txt"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2018-0733",
    "datePublished": "2018-03-27T00:00:00",
    "dateReserved": "2017-11-30T00:00:00",
    "dateUpdated": "2024-08-05T03:35:49.271Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3766
Vulnerability from cvelistv5
Published
2009-10-23 19:00
Modified
2024-08-07 06:38
Severity
Summary
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
URLTags
http://www.openwall.com/lists/oss-security/2009/10/26/1mailing-list, x_refsource_MLIST
http://dev.mutt.org/trac/ticket/3087x_refsource_CONFIRM
http://marc.info/?l=oss-security&m=125198917018936&w=2mailing-list, x_refsource_MLIST
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:38:30.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20091026 Re: More CVE-2009-2408 like issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/10/26/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mutt.org/trac/ticket/3087"
          },
          {
            "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-11-11T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20091026 Re: More CVE-2009-2408 like issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/10/26/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mutt.org/trac/ticket/3087"
        },
        {
          "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3766",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20091026 Re: More CVE-2009-2408 like issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/10/26/1"
            },
            {
              "name": "http://dev.mutt.org/trac/ticket/3087",
              "refsource": "CONFIRM",
              "url": "http://dev.mutt.org/trac/ticket/3087"
            },
            {
              "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3766",
    "datePublished": "2009-10-23T19:00:00",
    "dateReserved": "2009-10-23T00:00:00",
    "dateUpdated": "2024-08-07T06:38:30.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3567
Vulnerability from cvelistv5
Published
2014-10-19 01:00
Modified
2024-08-06 10:50
Severity
Summary
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.
References
URLTags
http://marc.info/?l=bugtraq&m=142103967620673&w=2vendor-advisory, x_refsource_HP
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.ascx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142804214608580&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=141477196830952&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61130third-party-advisory, x_refsource_SECUNIA
https://www.openssl.org/news/secadv_20141015.txtx_refsource_CONFIRM
http://www.securitytracker.com/id/1031052vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/62070third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/70586vdb-entry, x_refsource_BID
http://secunia.com/advisories/61073third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-2385-1vendor-advisory, x_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=142791032306609&w=2vendor-advisory, x_refsource_HP
http://security.gentoo.org/glsa/glsa-201412-39.xmlvendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2014/dsa-3053vendor-advisory, x_refsource_DEBIAN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=143290583027876&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142118135300698&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142495837901899&w=2vendor-advisory, x_refsource_HP
https://support.apple.com/HT205217x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142103967620673&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=7fd4ce6a997be5f5c9e744ac527725c2850de203x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlx_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.htmlvendor-advisory, x_refsource_APPLE
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.htmlvendor-advisory, x_refsource_SUSE
https://kc.mcafee.com/corporate/index?page=content&id=SB10091x_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.ascvendor-advisory, x_refsource_NETBSD
http://www.splunk.com/view/SP-CAAANSTx_refsource_CONFIRM
http://secunia.com/advisories/61837third-party-advisory, x_refsource_SECUNIA
http://support.apple.com/HT204244x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=141477196830952&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61207third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-1652.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/62124third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59627third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142495837901899&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61298third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=143290437727362&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=142834685803386&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/61990third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61959third-party-advisory, x_refsource_SECUNIA
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6x_refsource_CONFIRM
http://advisories.mageia.org/MGASA-2014-0416.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142624590206005&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=143290522027658&w=2vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2015-0126.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/61058third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=142118135300698&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2014:203vendor-advisory, x_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=142118135300698&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/62030third-party-advisory, x_refsource_SECUNIA
https://support.citrix.com/article/CTX216642x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/61819third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21686997x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-1692.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:18.055Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBOV03227",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
          },
          {
            "name": "HPSBHF03300",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2014:1331",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "HPSBUX03162",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
          },
          {
            "name": "61130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61130"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20141015.txt"
          },
          {
            "name": "1031052",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031052"
          },
          {
            "name": "62070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62070"
          },
          {
            "name": "70586",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70586"
          },
          {
            "name": "61073",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61073"
          },
          {
            "name": "USN-2385-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2385-1"
          },
          {
            "name": "HPSBMU03304",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
          },
          {
            "name": "GLSA-201412-39",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
          },
          {
            "name": "DSA-3053",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3053"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "HPSBMU03223",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
          },
          {
            "name": "SSRT101868",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
          },
          {
            "name": "HPSBMU03260",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205217"
          },
          {
            "name": "SSRT101779",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=7fd4ce6a997be5f5c9e744ac527725c2850de203"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "name": "APPLE-SA-2015-09-16-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
          },
          {
            "name": "SUSE-SU-2014:1357",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
          },
          {
            "name": "NetBSD-SA2014-015",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAANST"
          },
          {
            "name": "61837",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61837"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/HT204244"
          },
          {
            "name": "SSRT101767",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
          },
          {
            "name": "61207",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61207"
          },
          {
            "name": "RHSA-2014:1652",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html"
          },
          {
            "name": "62124",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62124"
          },
          {
            "name": "59627",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59627"
          },
          {
            "name": "SSRT101894",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "name": "61298",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61298"
          },
          {
            "name": "HPSBMU03263",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
          },
          {
            "name": "SUSE-SU-2014:1361",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
          },
          {
            "name": "HPSBMU03296",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142834685803386\u0026w=2"
          },
          {
            "name": "61990",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61990"
          },
          {
            "name": "61959",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61959"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0416.html"
          },
          {
            "name": "HPSBMU03267",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
          },
          {
            "name": "HPSBMU03261",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
          },
          {
            "name": "RHSA-2015:0126",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0126.html"
          },
          {
            "name": "61058",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61058"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "name": "HPSBGN03233",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
          },
          {
            "name": "MDVSA-2014:203",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203"
          },
          {
            "name": "SSRT101739",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
          },
          {
            "name": "62030",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62030"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "APPLE-SA-2015-01-27-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
          },
          {
            "name": "61819",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61819"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
          },
          {
            "name": "RHSA-2014:1692",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-14T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "HPSBOV03227",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
        },
        {
          "name": "HPSBHF03300",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2014:1331",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "HPSBUX03162",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
        },
        {
          "name": "61130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61130"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20141015.txt"
        },
        {
          "name": "1031052",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031052"
        },
        {
          "name": "62070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62070"
        },
        {
          "name": "70586",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70586"
        },
        {
          "name": "61073",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61073"
        },
        {
          "name": "USN-2385-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2385-1"
        },
        {
          "name": "HPSBMU03304",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
        },
        {
          "name": "GLSA-201412-39",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
        },
        {
          "name": "DSA-3053",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3053"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "HPSBMU03223",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
        },
        {
          "name": "SSRT101868",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
        },
        {
          "name": "HPSBMU03260",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205217"
        },
        {
          "name": "SSRT101779",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=7fd4ce6a997be5f5c9e744ac527725c2850de203"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "name": "APPLE-SA-2015-09-16-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
        },
        {
          "name": "SUSE-SU-2014:1357",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
        },
        {
          "name": "NetBSD-SA2014-015",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.splunk.com/view/SP-CAAANST"
        },
        {
          "name": "61837",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61837"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/HT204244"
        },
        {
          "name": "SSRT101767",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
        },
        {
          "name": "61207",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61207"
        },
        {
          "name": "RHSA-2014:1652",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html"
        },
        {
          "name": "62124",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62124"
        },
        {
          "name": "59627",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59627"
        },
        {
          "name": "SSRT101894",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "name": "61298",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61298"
        },
        {
          "name": "HPSBMU03263",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
        },
        {
          "name": "SUSE-SU-2014:1361",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
        },
        {
          "name": "HPSBMU03296",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142834685803386\u0026w=2"
        },
        {
          "name": "61990",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61990"
        },
        {
          "name": "61959",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61959"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0416.html"
        },
        {
          "name": "HPSBMU03267",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
        },
        {
          "name": "HPSBMU03261",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
        },
        {
          "name": "RHSA-2015:0126",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0126.html"
        },
        {
          "name": "61058",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61058"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "name": "HPSBGN03233",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
        },
        {
          "name": "MDVSA-2014:203",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203"
        },
        {
          "name": "SSRT101739",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
        },
        {
          "name": "62030",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62030"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "APPLE-SA-2015-01-27-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
        },
        {
          "name": "61819",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61819"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
        },
        {
          "name": "RHSA-2014:1692",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3567",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBOV03227",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
            },
            {
              "name": "HPSBHF03300",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2014:1331",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "HPSBUX03162",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
            },
            {
              "name": "61130",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61130"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20141015.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20141015.txt"
            },
            {
              "name": "1031052",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031052"
            },
            {
              "name": "62070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62070"
            },
            {
              "name": "70586",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70586"
            },
            {
              "name": "61073",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61073"
            },
            {
              "name": "USN-2385-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2385-1"
            },
            {
              "name": "HPSBMU03304",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
            },
            {
              "name": "GLSA-201412-39",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
            },
            {
              "name": "DSA-3053",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3053"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
            },
            {
              "name": "HPSBMU03223",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
            },
            {
              "name": "SSRT101868",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
            },
            {
              "name": "HPSBMU03260",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
            },
            {
              "name": "https://support.apple.com/HT205217",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205217"
            },
            {
              "name": "SSRT101779",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7fd4ce6a997be5f5c9e744ac527725c2850de203",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7fd4ce6a997be5f5c9e744ac527725c2850de203"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
            },
            {
              "name": "APPLE-SA-2015-09-16-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
            },
            {
              "name": "SUSE-SU-2014:1357",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
            },
            {
              "name": "NetBSD-SA2014-015",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
            },
            {
              "name": "http://www.splunk.com/view/SP-CAAANST",
              "refsource": "CONFIRM",
              "url": "http://www.splunk.com/view/SP-CAAANST"
            },
            {
              "name": "61837",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61837"
            },
            {
              "name": "http://support.apple.com/HT204244",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/HT204244"
            },
            {
              "name": "SSRT101767",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
            },
            {
              "name": "61207",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61207"
            },
            {
              "name": "RHSA-2014:1652",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html"
            },
            {
              "name": "62124",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62124"
            },
            {
              "name": "59627",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59627"
            },
            {
              "name": "SSRT101894",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
            },
            {
              "name": "61298",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61298"
            },
            {
              "name": "HPSBMU03263",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
            },
            {
              "name": "SUSE-SU-2014:1361",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
            },
            {
              "name": "HPSBMU03296",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142834685803386\u0026w=2"
            },
            {
              "name": "61990",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61990"
            },
            {
              "name": "61959",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61959"
            },
            {
              "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6",
              "refsource": "CONFIRM",
              "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0416.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0416.html"
            },
            {
              "name": "HPSBMU03267",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
            },
            {
              "name": "HPSBMU03261",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
            },
            {
              "name": "RHSA-2015:0126",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0126.html"
            },
            {
              "name": "61058",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61058"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "HPSBGN03233",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
            },
            {
              "name": "MDVSA-2014:203",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203"
            },
            {
              "name": "SSRT101739",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
            },
            {
              "name": "62030",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62030"
            },
            {
              "name": "https://support.citrix.com/article/CTX216642",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX216642"
            },
            {
              "name": "APPLE-SA-2015-01-27-4",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
            },
            {
              "name": "61819",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61819"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
            },
            {
              "name": "RHSA-2014:1692",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3567",
    "datePublished": "2014-10-19T01:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:18.055Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-7043
Vulnerability from cvelistv5
Published
2020-02-27 17:30
Modified
2024-08-04 09:18
Severity
Summary
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.
References
URLTags
https://github.com/adrienverge/openfortivpn/issues/536x_refsource_MISC
https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FF6HYIBREQGATRM5COF57MRQWKOKCWZ3/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF/vendor-advisory, x_refsource_FEDORA
https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a62439c30f2a8x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:18:03.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/adrienverge/openfortivpn/issues/536"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4"
          },
          {
            "name": "openSUSE-SU-2020:0301",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html"
          },
          {
            "name": "openSUSE-SU-2020:0305",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html"
          },
          {
            "name": "FEDORA-2020-42eb8821db",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/"
          },
          {
            "name": "FEDORA-2020-c96ab3c813",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FF6HYIBREQGATRM5COF57MRQWKOKCWZ3/"
          },
          {
            "name": "FEDORA-2020-dcdffcc368",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a62439c30f2a8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider \u0027\\0\u0027 characters, as demonstrated by a good.example.com\\x00evil.example.com attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-24T22:05:45",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/adrienverge/openfortivpn/issues/536"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4"
        },
        {
          "name": "openSUSE-SU-2020:0301",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html"
        },
        {
          "name": "openSUSE-SU-2020:0305",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html"
        },
        {
          "name": "FEDORA-2020-42eb8821db",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/"
        },
        {
          "name": "FEDORA-2020-c96ab3c813",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FF6HYIBREQGATRM5COF57MRQWKOKCWZ3/"
        },
        {
          "name": "FEDORA-2020-dcdffcc368",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a62439c30f2a8"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-7043",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider \u0027\\0\u0027 characters, as demonstrated by a good.example.com\\x00evil.example.com attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/adrienverge/openfortivpn/issues/536",
              "refsource": "MISC",
              "url": "https://github.com/adrienverge/openfortivpn/issues/536"
            },
            {
              "name": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4",
              "refsource": "MISC",
              "url": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4"
            },
            {
              "name": "openSUSE-SU-2020:0301",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html"
            },
            {
              "name": "openSUSE-SU-2020:0305",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html"
            },
            {
              "name": "FEDORA-2020-42eb8821db",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/"
            },
            {
              "name": "FEDORA-2020-c96ab3c813",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FF6HYIBREQGATRM5COF57MRQWKOKCWZ3/"
            },
            {
              "name": "FEDORA-2020-dcdffcc368",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF/"
            },
            {
              "name": "https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a62439c30f2a8",
              "refsource": "CONFIRM",
              "url": "https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a62439c30f2a8"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-7043",
    "datePublished": "2020-02-27T17:30:51",
    "dateReserved": "2020-01-14T00:00:00",
    "dateUpdated": "2024-08-04T09:18:03.013Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2108
Vulnerability from cvelistv5
Published
2016-05-05 00:00
Modified
2024-08-05 23:17
Severity
Summary
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
References
URLTags
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2056.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2073.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
http://www.debian.org/security/2016/dsa-3566vendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.htmlvendor-advisory
https://security.gentoo.org/glsa/201612-16vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.htmlvendor-advisory
http://www.securitytracker.com/id/1035721vdb-entry
http://support.citrix.com/article/CTX212736
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.htmlvendor-advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-opensslvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.htmlvendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3661bb4e7934668bd99ca777ea8b30eedfafa871
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.htmlvendor-advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.htmlvendor-advisory
https://www.tenable.com/security/tns-2016-18
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.htmlvendor-advisory
https://access.redhat.com/errata/RHSA-2017:0194vendor-advisory
http://source.android.com/security/bulletin/2016-07-01.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
https://access.redhat.com/errata/RHSA-2017:0193vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.htmlvendor-advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
http://rhn.redhat.com/errata/RHSA-2016-0996.htmlvendor-advisory
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr
https://security.netapp.com/advisory/ntap-20160504-0001/
http://www.securityfocus.com/bid/91787vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-2959-1vendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://rhn.redhat.com/errata/RHSA-2016-0722.htmlvendor-advisory
https://www.openssl.org/news/secadv/20160503.txt
https://support.apple.com/HT206903
https://bto.bluecoat.com/security-advisory/sa123
http://www.securityfocus.com/bid/89752vdb-entry
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.htmlvendor-advisory
https://access.redhat.com/errata/RHSA-2016:1137vendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.714Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSA:2016-124-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
          },
          {
            "name": "RHSA-2016:2056",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
          },
          {
            "name": "openSUSE-SU-2016:1238",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
          },
          {
            "name": "openSUSE-SU-2016:1242",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
          },
          {
            "name": "SUSE-SU-2016:1267",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
          },
          {
            "name": "RHSA-2016:2073",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
          },
          {
            "name": "DSA-3566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3566"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03726en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "openSUSE-SU-2016:1243",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "name": "SUSE-SU-2016:1228",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
          },
          {
            "name": "1035721",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035721"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX212736"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345"
          },
          {
            "name": "FEDORA-2016-1e39d934ed",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
          },
          {
            "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
          },
          {
            "name": "SUSE-SU-2016:1231",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3661bb4e7934668bd99ca777ea8b30eedfafa871"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "FEDORA-2016-1411324654",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
          },
          {
            "name": "openSUSE-SU-2016:1240",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "name": "APPLE-SA-2016-07-18-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
          },
          {
            "name": "SUSE-SU-2016:1360",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-18"
          },
          {
            "name": "SUSE-SU-2016:1233",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
          },
          {
            "name": "RHSA-2017:0194",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0194"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-07-01.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"
          },
          {
            "name": "RHSA-2017:0193",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0193"
          },
          {
            "name": "openSUSE-SU-2016:1237",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
          },
          {
            "name": "RHSA-2016:0996",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067\u0026languageid=en-fr"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "SUSE-SU-2016:1290",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2016:1273",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "USN-2959-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2959-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "RHSA-2016:0722",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206903"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa123"
          },
          {
            "name": "89752",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/89752"
          },
          {
            "name": "FEDORA-2016-05c567df1a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
          },
          {
            "name": "RHSA-2016:1137",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1137"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SSA:2016-124-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
        },
        {
          "name": "RHSA-2016:2056",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
        },
        {
          "name": "openSUSE-SU-2016:1238",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
        },
        {
          "name": "openSUSE-SU-2016:1242",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
        },
        {
          "name": "SUSE-SU-2016:1267",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
        },
        {
          "name": "RHSA-2016:2073",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
        },
        {
          "name": "DSA-3566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3566"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03726en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "openSUSE-SU-2016:1243",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "name": "SUSE-SU-2016:1228",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
        },
        {
          "name": "1035721",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035721"
        },
        {
          "url": "http://support.citrix.com/article/CTX212736"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27"
        },
        {
          "name": "openSUSE-SU-2016:1239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:1206",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345"
        },
        {
          "name": "FEDORA-2016-1e39d934ed",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
        },
        {
          "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
        },
        {
          "name": "SUSE-SU-2016:1231",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3661bb4e7934668bd99ca777ea8b30eedfafa871"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "FEDORA-2016-1411324654",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
        },
        {
          "name": "openSUSE-SU-2016:1240",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
        },
        {
          "name": "openSUSE-SU-2016:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
        },
        {
          "name": "APPLE-SA-2016-07-18-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
        },
        {
          "name": "SUSE-SU-2016:1360",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-18"
        },
        {
          "name": "SUSE-SU-2016:1233",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
        },
        {
          "name": "RHSA-2017:0194",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0194"
        },
        {
          "url": "http://source.android.com/security/bulletin/2016-07-01.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"
        },
        {
          "name": "RHSA-2017:0193",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0193"
        },
        {
          "name": "openSUSE-SU-2016:1237",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
        },
        {
          "name": "RHSA-2016:0996",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
        },
        {
          "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067\u0026languageid=en-fr"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "SUSE-SU-2016:1290",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2016:1273",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "USN-2959-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2959-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "RHSA-2016:0722",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160503.txt"
        },
        {
          "url": "https://support.apple.com/HT206903"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa123"
        },
        {
          "name": "89752",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/89752"
        },
        {
          "name": "FEDORA-2016-05c567df1a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
        },
        {
          "name": "RHSA-2016:1137",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1137"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2108",
    "datePublished": "2016-05-05T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.714Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6307
Vulnerability from cvelistv5
Published
2016-09-26 00:00
Modified
2024-08-06 01:29
Severity
Summary
The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c.
References
URLTags
https://www.openssl.org/news/secadv/20160922.txt
https://www.tenable.com/security/tns-2016-20
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.securitytracker.com/id/1036885vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-21
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://bto.bluecoat.com/security-advisory/sa132
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.securityfocus.com/bid/93152vdb-entry
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:18.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160922.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "name": "1036885",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036885"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "93152",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93152"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20160922.txt"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "name": "1036885",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036885"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "93152",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/93152"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6307",
    "datePublished": "2016-09-26T00:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:18.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0076
Vulnerability from cvelistv5
Published
2014-03-25 01:00
Modified
2024-08-06 09:05
Severity
Summary
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
References
URLTags
http://www.novell.com/support/kb/doc.php?id=7015300x_refsource_CONFIRM
http://secunia.com/advisories/59264third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59454third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/66363vdb-entry, x_refsource_BID
http://secunia.com/advisories/58492third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/support/kb/doc.php?id=7015264x_refsource_CONFIRM
https://bugs.gentoo.org/show_bug.cgi?id=505278x_refsource_CONFIRM
http://secunia.com/advisories/59445third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140266410314613&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21676655x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676092x_refsource_CONFIRM
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=isg400001843x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140317760000786&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21677828x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140621259019789&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59300third-party-advisory, x_refsource_SECUNIA
http://advisories.mageia.org/MGASA-2014-0165.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677695x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/59495third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=isg400001841x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59655third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59374third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676501x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140389274407904&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/58939third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140266410314613&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59514third-party-advisory, x_refsource_SECUNIA
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-opensslvendor-advisory, x_refsource_CISCO
https://kc.mcafee.com/corporate/index?page=content&id=SB10075x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676419x_refsource_CONFIRM
http://secunia.com/advisories/59438third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140482916501310&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/58727third-party-advisory, x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20140605.txtx_refsource_CONFIRM
http://support.apple.com/kb/HT6443x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2165-1vendor-advisory, x_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=140904544427729&w=2vendor-advisory, x_refsource_HP
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2014:067vendor-advisory, x_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=140752315422991&w=2vendor-advisory, x_refsource_HP
https://bugzilla.novell.com/show_bug.cgi?id=869945x_refsource_CONFIRM
http://secunia.com/advisories/59040third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140389355508263&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59175third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140448122410568&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59413third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59721third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676062x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21673137x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
http://www-01.ibm.com/support/docview.wss?uid=swg21676035x_refsource_CONFIRM
http://secunia.com/advisories/59450third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59364third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676424x_refsource_CONFIRM
http://secunia.com/advisories/60571third-party-advisory, x_refsource_SECUNIA
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htmx_refsource_CONFIRM
http://secunia.com/advisories/59162third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59490third-party-advisory, x_refsource_SECUNIA
http://eprint.iacr.org/2014/140x_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:05:37.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
          },
          {
            "name": "59264",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59264"
          },
          {
            "name": "59454",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59454"
          },
          {
            "name": "66363",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66363"
          },
          {
            "name": "58492",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58492"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/show_bug.cgi?id=505278"
          },
          {
            "name": "59445",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59445"
          },
          {
            "name": "HPSBUX03046",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
          },
          {
            "name": "HPSBOV03047",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
          },
          {
            "name": "HPSBMU03074",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
          },
          {
            "name": "59300",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59300"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0165.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
          },
          {
            "name": "openSUSE-SU-2014:0480",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html"
          },
          {
            "name": "59495",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59495"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "name": "59655",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59655"
          },
          {
            "name": "59374",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59374"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "HPSBMU03057",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
          },
          {
            "name": "58939",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58939"
          },
          {
            "name": "SSRT101590",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
          },
          {
            "name": "59514",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59514"
          },
          {
            "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
          },
          {
            "name": "59438",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59438"
          },
          {
            "name": "HPSBGN03050",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
          },
          {
            "name": "58727",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58727"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20140605.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT6443"
          },
          {
            "name": "USN-2165-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2165-1"
          },
          {
            "name": "HPSBMU03076",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
          },
          {
            "name": "MDVSA-2014:067",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:067"
          },
          {
            "name": "HPSBMU03062",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=869945"
          },
          {
            "name": "59040",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59040"
          },
          {
            "name": "HPSBMU03056",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
          },
          {
            "name": "59175",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59175"
          },
          {
            "name": "HPSBMU03051",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
          },
          {
            "name": "59413",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59413"
          },
          {
            "name": "59721",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59721"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
          },
          {
            "name": "59450",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59450"
          },
          {
            "name": "59364",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59364"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676424"
          },
          {
            "name": "60571",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60571"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
          },
          {
            "name": "59162",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59162"
          },
          {
            "name": "59490",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59490"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://eprint.iacr.org/2014/140"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-15T17:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
        },
        {
          "name": "59264",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59264"
        },
        {
          "name": "59454",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59454"
        },
        {
          "name": "66363",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66363"
        },
        {
          "name": "58492",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58492"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.gentoo.org/show_bug.cgi?id=505278"
        },
        {
          "name": "59445",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59445"
        },
        {
          "name": "HPSBUX03046",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
        },
        {
          "name": "HPSBOV03047",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
        },
        {
          "name": "HPSBMU03074",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
        },
        {
          "name": "59300",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59300"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0165.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
        },
        {
          "name": "openSUSE-SU-2014:0480",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html"
        },
        {
          "name": "59495",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59495"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
        },
        {
          "name": "59655",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59655"
        },
        {
          "name": "59374",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59374"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "HPSBMU03057",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
        },
        {
          "name": "58939",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58939"
        },
        {
          "name": "SSRT101590",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
        },
        {
          "name": "59514",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59514"
        },
        {
          "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
        },
        {
          "name": "59438",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59438"
        },
        {
          "name": "HPSBGN03050",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
        },
        {
          "name": "58727",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58727"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20140605.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT6443"
        },
        {
          "name": "USN-2165-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2165-1"
        },
        {
          "name": "HPSBMU03076",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
        },
        {
          "name": "MDVSA-2014:067",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:067"
        },
        {
          "name": "HPSBMU03062",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=869945"
        },
        {
          "name": "59040",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59040"
        },
        {
          "name": "HPSBMU03056",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
        },
        {
          "name": "59175",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59175"
        },
        {
          "name": "HPSBMU03051",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
        },
        {
          "name": "59413",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59413"
        },
        {
          "name": "59721",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59721"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
        },
        {
          "name": "59450",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59450"
        },
        {
          "name": "59364",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59364"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676424"
        },
        {
          "name": "60571",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60571"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
        },
        {
          "name": "59162",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59162"
        },
        {
          "name": "59490",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59490"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://eprint.iacr.org/2014/140"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-0076",
    "datePublished": "2014-03-25T01:00:00",
    "dateReserved": "2013-12-03T00:00:00",
    "dateUpdated": "2024-08-06T09:05:37.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-1797
Vulnerability from cvelistv5
Published
2005-06-01 04:00
Modified
2024-08-07 22:06
Severity
Summary
The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.
References
URLTags
http://www.securityfocus.com/bid/13785vdb-entry, x_refsource_BID
http://cr.yp.to/antiforgery/cachetiming-20050414.pdfx_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:06:57.454Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "13785",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/13785"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://cr.yp.to/antiforgery/cachetiming-20050414.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-05-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-15T16:38:27",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "13785",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/13785"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://cr.yp.to/antiforgery/cachetiming-20050414.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-1797",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "13785",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/13785"
            },
            {
              "name": "http://cr.yp.to/antiforgery/cachetiming-20050414.pdf",
              "refsource": "MISC",
              "url": "http://cr.yp.to/antiforgery/cachetiming-20050414.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-1797",
    "datePublished": "2005-06-01T04:00:00",
    "dateReserved": "2005-06-01T00:00:00",
    "dateUpdated": "2024-08-07T22:06:57.454Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-7056
Vulnerability from cvelistv5
Published
2018-09-10 16:00
Modified
2024-08-06 01:50
Severity
5.5 (Medium) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
References
URLTags
https://eprint.iacr.org/2016/1195x_refsource_MISC
https://access.redhat.com/errata/RHSA-2017:1801vendor-advisory, x_refsource_REDHAT
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1413vendor-advisory, x_refsource_REDHAT
https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sigx_refsource_CONFIRM
http://www.securitytracker.com/id/1037575vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1414vendor-advisory, x_refsource_REDHAT
https://seclists.org/oss-sec/2017/q1/52mailing-list, x_refsource_MLIST
https://www.debian.org/security/2017/dsa-3773vendor-advisory, x_refsource_DEBIAN
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056x_refsource_CONFIRM
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/95375vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2017-1415.htmlvendor-advisory, x_refsource_REDHAT
https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sigx_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2016-7056x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1802vendor-advisory, x_refsource_REDHAT
Impacted products
VendorProduct
The OpenSSL Projectopenssl
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:50:46.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://eprint.iacr.org/2016/1195"
          },
          {
            "name": "RHSA-2017:1801",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1801"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008"
          },
          {
            "name": "RHSA-2017:1413",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1413"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig"
          },
          {
            "name": "1037575",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037575"
          },
          {
            "name": "RHSA-2017:1414",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1414"
          },
          {
            "name": "[oss-security] 20170110 CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://seclists.org/oss-sec/2017/q1/52"
          },
          {
            "name": "DSA-3773",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3773"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html"
          },
          {
            "name": "95375",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95375"
          },
          {
            "name": "RHSA-2017:1415",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2016-7056"
          },
          {
            "name": "RHSA-2017:1802",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1802"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openssl",
          "vendor": "The OpenSSL Project",
          "versions": [
            {
              "status": "affected",
              "version": "openssl 1.0.1u"
            }
          ]
        }
      ],
      "datePublic": "2017-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-385",
              "description": "CWE-385",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-11T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://eprint.iacr.org/2016/1195"
        },
        {
          "name": "RHSA-2017:1801",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1801"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008"
        },
        {
          "name": "RHSA-2017:1413",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1413"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig"
        },
        {
          "name": "1037575",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037575"
        },
        {
          "name": "RHSA-2017:1414",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1414"
        },
        {
          "name": "[oss-security] 20170110 CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://seclists.org/oss-sec/2017/q1/52"
        },
        {
          "name": "DSA-3773",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3773"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html"
        },
        {
          "name": "95375",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95375"
        },
        {
          "name": "RHSA-2017:1415",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2016-7056"
        },
        {
          "name": "RHSA-2017:1802",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1802"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-7056",
    "datePublished": "2018-09-10T16:00:00",
    "dateReserved": "2016-08-23T00:00:00",
    "dateUpdated": "2024-08-06T01:50:46.703Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0401
Vulnerability from cvelistv5
Published
2023-02-08 19:00
Modified
2024-08-02 05:10
Severity
Summary
NULL dereference during PKCS7 data verification
References
URLTags
https://www.openssl.org/news/secadv/20230207.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674patch
https://security.gentoo.org/glsa/202402-08
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:10:55.825Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230207.txt"
          },
          {
            "name": "3.0.8 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.0.8",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Hubert Kario (Red Hat)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Dmitry Belyavsky (Red Hat)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tom\u00e1\u0161 Mr\u00e1z"
        }
      ],
      "datePublic": "2023-02-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A NULL pointer can be dereferenced when signatures are being\u003cbr\u003everified on PKCS7 signed or signedAndEnveloped data. In case the hash\u003cbr\u003ealgorithm used for the signature is known to the OpenSSL library but\u003cbr\u003ethe implementation of the hash algorithm is not available the digest\u003cbr\u003einitialization will fail. There is a missing check for the return\u003cbr\u003evalue from the initialization function which later leads to invalid\u003cbr\u003eusage of the digest API most likely leading to a crash.\u003cbr\u003e\u003cbr\u003eThe unavailability of an algorithm can be caused by using FIPS\u003cbr\u003eenabled configuration of providers or more commonly by not loading\u003cbr\u003ethe legacy provider.\u003cbr\u003e\u003cbr\u003ePKCS7 data is processed by the SMIME library calls and also by the\u003cbr\u003etime stamp (TS) library calls. The TLS implementation in OpenSSL does\u003cbr\u003enot call these functions however third party applications would be\u003cbr\u003eaffected if they call these functions to verify signatures on untrusted\u003cbr\u003edata.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "A NULL pointer can be dereferenced when signatures are being\nverified on PKCS7 signed or signedAndEnveloped data. In case the hash\nalgorithm used for the signature is known to the OpenSSL library but\nthe implementation of the hash algorithm is not available the digest\ninitialization will fail. There is a missing check for the return\nvalue from the initialization function which later leads to invalid\nusage of the digest API most likely leading to a crash.\n\nThe unavailability of an algorithm can be caused by using FIPS\nenabled configuration of providers or more commonly by not loading\nthe legacy provider.\n\nPKCS7 data is processed by the SMIME library calls and also by the\ntime stamp (TS) library calls. The TLS implementation in OpenSSL does\nnot call these functions however third party applications would be\naffected if they call these functions to verify signatures on untrusted\ndata.\n\n"
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Moderate"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "NULL pointer deference",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-24T14:45:24.701Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230207.txt"
        },
        {
          "name": "3.0.8 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "NULL dereference during PKCS7 data verification",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-0401",
    "datePublished": "2023-02-08T19:00:53.435Z",
    "dateReserved": "2023-01-19T14:01:41.081Z",
    "dateUpdated": "2024-08-02T05:10:55.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3470
Vulnerability from cvelistv5
Published
2014-06-05 21:00
Modified
2024-08-06 10:43
Severity
Summary
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
References
URLTags
http://secunia.com/advisories/59342third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59669third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59525third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21675626x_refsource_CONFIRM
http://secunia.com/advisories/59282third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/support/kb/doc.php?id=7015300x_refsource_CONFIRM
http://secunia.com/advisories/59990third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59264third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59126third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/support/kb/doc.php?id=7015264x_refsource_CONFIRM
http://secunia.com/advisories/59306third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21678289x_refsource_CONFIRM
http://secunia.com/advisories/59445third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140266410314613&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59340third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61254third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676655x_refsource_CONFIRM
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=Ex_refsource_CONFIRM
http://secunia.com/advisories/59223third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59895third-party-advisory, x_refsource_SECUNIA
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=8011cd56e39a433b1837465259a9bd24a38727fbx_refsource_CONFIRM
http://secunia.com/advisories/59449third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=isg400001843x_refsource_CONFIRM
http://secunia.com/advisories/59442third-party-advisory, x_refsource_SECUNIA
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140317760000786&w=2vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21676879x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg24037761x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677828x_refsource_CONFIRM
http://secunia.com/advisories/59441third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140621259019789&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59189third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2014:106vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/58742third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59300third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58667third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-201407-05.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/59191third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59284third-party-advisory, x_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg24037783x_refsource_CONFIRM
http://secunia.com/advisories/59365third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21677695x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676529x_refsource_CONFIRM
http://secunia.com/advisories/59483third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/534161/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/59495third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676889x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/58945third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=isg400001841x_refsource_CONFIRM
http://secunia.com/advisories/59659third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59440third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59655third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58716third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676071x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677836x_refsource_CONFIRM
http://secunia.com/advisories/59437third-party-advisory, x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2014-0006.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59310third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676501x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.ascx_refsource_CONFIRM
http://www.splunk.com/view/SP-CAAAM2Dx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlvendor-advisory, x_refsource_SUSE
http://www.ibm.com/support/docview.wss?uid=swg21676793x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=swg21676356x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140389274407904&w=2vendor-advisory, x_refsource_HP
http://support.citrix.com/article/CTX140876x_refsource_CONFIRM
http://secunia.com/advisories/59167third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59120third-party-advisory, x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140499827729550&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2014:105vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/59460third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58939third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140266410314613&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59514third-party-advisory, x_refsource_SECUNIA
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-opensslvendor-advisory, x_refsource_CISCO
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10075x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676419x_refsource_CONFIRM
http://secunia.com/advisories/59438third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676496x_refsource_CONFIRM
http://secunia.com/advisories/58714third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140482916501310&w=2vendor-advisory, x_refsource_HP
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15342.htmlx_refsource_CONFIRM
http://www.openssl.org/news/secadv_20140605.txtx_refsource_CONFIRM
http://secunia.com/advisories/58615third-party-advisory, x_refsource_SECUNIA
http://seclists.org/fulldisclosure/2014/Dec/23mailing-list, x_refsource_FULLDISC
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory, x_refsource_SUSE
http://support.apple.com/kb/HT6443x_refsource_CONFIRM
http://secunia.com/advisories/59301third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59784third-party-advisory, x_refsource_SECUNIA
https://kb.bluecoat.com/index?page=content&id=SA80x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140904544427729&w=2vendor-advisory, x_refsource_HP
http://www.f-secure.com/en/web/labs_global/fsc-2014-6x_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21678167x_refsource_CONFIRM
http://www.securityfocus.com/bid/67898vdb-entry, x_refsource_BID
http://secunia.com/advisories/59192third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=140752315422991&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/58579third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140389355508263&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59175third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140448122410568&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59666third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140431828824371&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/59413third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21675821x_refsource_CONFIRM
http://secunia.com/advisories/59721third-party-advisory, x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676062x_refsource_CONFIRM
http://secunia.com/advisories/58713third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21673137x_refsource_CONFIRM
http://secunia.com/advisories/59362third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
http://www-01.ibm.com/support/docview.wss?uid=swg21676035x_refsource_CONFIRM
http://secunia.com/advisories/59450third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59287third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21683332x_refsource_CONFIRM
http://secunia.com/advisories/59491third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59364third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59451third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/58977third-party-advisory, x_refsource_SECUNIA
https://www.novell.com/support/kb/doc.php?id=7015271x_refsource_CONFIRM
http://secunia.com/advisories/60571third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59459third-party-advisory, x_refsource_SECUNIA
http://www.blackberry.com/btsc/KB36051x_refsource_CONFIRM
http://secunia.com/advisories/59431third-party-advisory, x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755x_refsource_CONFIRM
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htmx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677527x_refsource_CONFIRM
http://secunia.com/advisories/58337third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59518third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59162third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=1103600x_refsource_CONFIRM
http://secunia.com/advisories/59490third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59916third-party-advisory, x_refsource_SECUNIA
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=Ex_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=140491231331543&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/58797third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676615x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdfx_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:06.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59342"
          },
          {
            "name": "59669",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59669"
          },
          {
            "name": "59525",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59525"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626"
          },
          {
            "name": "59282",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59282"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
          },
          {
            "name": "59990",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59990"
          },
          {
            "name": "59264",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59264"
          },
          {
            "name": "59126",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59126"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
          },
          {
            "name": "59306",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59306"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
          },
          {
            "name": "59445",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59445"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "name": "HPSBUX03046",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
          },
          {
            "name": "59340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59340"
          },
          {
            "name": "61254",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61254"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E"
          },
          {
            "name": "59223",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59223"
          },
          {
            "name": "59895",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59895"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=8011cd56e39a433b1837465259a9bd24a38727fb"
          },
          {
            "name": "59449",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59449"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
          },
          {
            "name": "59442",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59442"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
          },
          {
            "name": "HPSBOV03047",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
          },
          {
            "name": "59441",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59441"
          },
          {
            "name": "HPSBMU03074",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
          },
          {
            "name": "59189",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59189"
          },
          {
            "name": "MDVSA-2014:106",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106"
          },
          {
            "name": "58742",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58742"
          },
          {
            "name": "59300",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59300"
          },
          {
            "name": "58667",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58667"
          },
          {
            "name": "GLSA-201407-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
          },
          {
            "name": "59191",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59191"
          },
          {
            "name": "59284",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59284"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
          },
          {
            "name": "59365",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59365"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
          },
          {
            "name": "59483",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59483"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "name": "59495",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59495"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "name": "58945",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58945"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
          },
          {
            "name": "59659",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59659"
          },
          {
            "name": "59440",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59440"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "name": "59655",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59655"
          },
          {
            "name": "58716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58716"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
          },
          {
            "name": "59437",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59437"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
          },
          {
            "name": "59310",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59310"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAM2D"
          },
          {
            "name": "SUSE-SU-2015:0743",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
          },
          {
            "name": "HPSBMU03057",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX140876"
          },
          {
            "name": "59167",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59167"
          },
          {
            "name": "59120",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59120"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
          },
          {
            "name": "HPSBMU03069",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2"
          },
          {
            "name": "MDVSA-2014:105",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:105"
          },
          {
            "name": "59460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59460"
          },
          {
            "name": "58939",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58939"
          },
          {
            "name": "SSRT101590",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
          },
          {
            "name": "59514",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59514"
          },
          {
            "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
          },
          {
            "name": "59438",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59438"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496"
          },
          {
            "name": "58714",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58714"
          },
          {
            "name": "HPSBGN03050",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15342.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20140605.txt"
          },
          {
            "name": "58615",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58615"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT6443"
          },
          {
            "name": "59301",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59301"
          },
          {
            "name": "59784",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59784"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
          },
          {
            "name": "HPSBMU03076",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
          },
          {
            "name": "67898",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67898"
          },
          {
            "name": "59192",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59192"
          },
          {
            "name": "FEDORA-2014-9301",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
          },
          {
            "name": "HPSBMU03062",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
          },
          {
            "name": "58579",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58579"
          },
          {
            "name": "HPSBMU03056",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
          },
          {
            "name": "59175",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59175"
          },
          {
            "name": "HPSBMU03051",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
          },
          {
            "name": "59666",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59666"
          },
          {
            "name": "HPSBMU03055",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
          },
          {
            "name": "59413",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59413"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
          },
          {
            "name": "59721",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59721"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
          },
          {
            "name": "58713",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58713"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
          },
          {
            "name": "59362",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59362"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
          },
          {
            "name": "59450",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59450"
          },
          {
            "name": "59287",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59287"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
          },
          {
            "name": "59491",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59491"
          },
          {
            "name": "59364",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59364"
          },
          {
            "name": "59451",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59451"
          },
          {
            "name": "58977",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58977"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
          },
          {
            "name": "60571",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60571"
          },
          {
            "name": "59459",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59459"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.blackberry.com/btsc/KB36051"
          },
          {
            "name": "59431",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59431"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
          },
          {
            "name": "58337",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58337"
          },
          {
            "name": "59518",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59518"
          },
          {
            "name": "59162",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59162"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103600"
          },
          {
            "name": "59490",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59490"
          },
          {
            "name": "59916",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59916"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E"
          },
          {
            "name": "HPSBMU03065",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
          },
          {
            "name": "58797",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58797"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-10T14:06:38",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "59342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59342"
        },
        {
          "name": "59669",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59669"
        },
        {
          "name": "59525",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59525"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626"
        },
        {
          "name": "59282",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59282"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
        },
        {
          "name": "59990",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59990"
        },
        {
          "name": "59264",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59264"
        },
        {
          "name": "59126",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59126"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
        },
        {
          "name": "59306",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59306"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
        },
        {
          "name": "59445",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59445"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
        },
        {
          "name": "HPSBUX03046",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
        },
        {
          "name": "59340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59340"
        },
        {
          "name": "61254",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61254"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E"
        },
        {
          "name": "59223",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59223"
        },
        {
          "name": "59895",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59895"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=8011cd56e39a433b1837465259a9bd24a38727fb"
        },
        {
          "name": "59449",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59449"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
        },
        {
          "name": "59442",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59442"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
        },
        {
          "name": "HPSBOV03047",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
        },
        {
          "name": "59441",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59441"
        },
        {
          "name": "HPSBMU03074",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
        },
        {
          "name": "59189",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59189"
        },
        {
          "name": "MDVSA-2014:106",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106"
        },
        {
          "name": "58742",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58742"
        },
        {
          "name": "59300",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59300"
        },
        {
          "name": "58667",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58667"
        },
        {
          "name": "GLSA-201407-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
        },
        {
          "name": "59191",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59191"
        },
        {
          "name": "59284",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59284"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
        },
        {
          "name": "59365",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59365"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
        },
        {
          "name": "59483",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59483"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
        },
        {
          "name": "59495",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59495"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "name": "58945",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58945"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
        },
        {
          "name": "59659",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59659"
        },
        {
          "name": "59440",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59440"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
        },
        {
          "name": "59655",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59655"
        },
        {
          "name": "58716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58716"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
        },
        {
          "name": "59437",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59437"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
        },
        {
          "name": "59310",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59310"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.splunk.com/view/SP-CAAAM2D"
        },
        {
          "name": "SUSE-SU-2015:0743",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
        },
        {
          "name": "HPSBMU03057",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX140876"
        },
        {
          "name": "59167",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59167"
        },
        {
          "name": "59120",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59120"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
        },
        {
          "name": "HPSBMU03069",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2"
        },
        {
          "name": "MDVSA-2014:105",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:105"
        },
        {
          "name": "59460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59460"
        },
        {
          "name": "58939",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58939"
        },
        {
          "name": "SSRT101590",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
        },
        {
          "name": "59514",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59514"
        },
        {
          "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
        },
        {
          "name": "59438",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59438"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496"
        },
        {
          "name": "58714",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58714"
        },
        {
          "name": "HPSBGN03050",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15342.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20140605.txt"
        },
        {
          "name": "58615",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58615"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT6443"
        },
        {
          "name": "59301",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59301"
        },
        {
          "name": "59784",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59784"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
        },
        {
          "name": "HPSBMU03076",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
        },
        {
          "name": "67898",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67898"
        },
        {
          "name": "59192",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59192"
        },
        {
          "name": "FEDORA-2014-9301",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
        },
        {
          "name": "HPSBMU03062",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
        },
        {
          "name": "58579",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58579"
        },
        {
          "name": "HPSBMU03056",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
        },
        {
          "name": "59175",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59175"
        },
        {
          "name": "HPSBMU03051",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
        },
        {
          "name": "59666",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59666"
        },
        {
          "name": "HPSBMU03055",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
        },
        {
          "name": "59413",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59413"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
        },
        {
          "name": "59721",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59721"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
        },
        {
          "name": "58713",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58713"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
        },
        {
          "name": "59362",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59362"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
        },
        {
          "name": "59450",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59450"
        },
        {
          "name": "59287",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59287"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
        },
        {
          "name": "59491",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59491"
        },
        {
          "name": "59364",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59364"
        },
        {
          "name": "59451",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59451"
        },
        {
          "name": "58977",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58977"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
        },
        {
          "name": "60571",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60571"
        },
        {
          "name": "59459",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59459"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.blackberry.com/btsc/KB36051"
        },
        {
          "name": "59431",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59431"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
        },
        {
          "name": "58337",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58337"
        },
        {
          "name": "59518",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59518"
        },
        {
          "name": "59162",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59162"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103600"
        },
        {
          "name": "59490",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59490"
        },
        {
          "name": "59916",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59916"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E"
        },
        {
          "name": "HPSBMU03065",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
        },
        {
          "name": "58797",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58797"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3470",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59342",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59342"
            },
            {
              "name": "59669",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59669"
            },
            {
              "name": "59525",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59525"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626"
            },
            {
              "name": "59282",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59282"
            },
            {
              "name": "http://www.novell.com/support/kb/doc.php?id=7015300",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
            },
            {
              "name": "59990",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59990"
            },
            {
              "name": "59264",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59264"
            },
            {
              "name": "59126",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59126"
            },
            {
              "name": "http://www.novell.com/support/kb/doc.php?id=7015264",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
            },
            {
              "name": "59306",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59306"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
            },
            {
              "name": "59445",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59445"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "HPSBUX03046",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
            },
            {
              "name": "59340",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59340"
            },
            {
              "name": "61254",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61254"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E",
              "refsource": "CONFIRM",
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E"
            },
            {
              "name": "59223",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59223"
            },
            {
              "name": "59895",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59895"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8011cd56e39a433b1837465259a9bd24a38727fb",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8011cd56e39a433b1837465259a9bd24a38727fb"
            },
            {
              "name": "59449",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59449"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
            },
            {
              "name": "59442",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59442"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
            },
            {
              "name": "HPSBOV03047",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
            },
            {
              "name": "59441",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59441"
            },
            {
              "name": "HPSBMU03074",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
            },
            {
              "name": "59189",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59189"
            },
            {
              "name": "MDVSA-2014:106",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106"
            },
            {
              "name": "58742",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58742"
            },
            {
              "name": "59300",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59300"
            },
            {
              "name": "58667",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58667"
            },
            {
              "name": "GLSA-201407-05",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
            },
            {
              "name": "59191",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59191"
            },
            {
              "name": "59284",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59284"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg24037783",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
            },
            {
              "name": "59365",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59365"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
            },
            {
              "name": "59483",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59483"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            },
            {
              "name": "59495",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59495"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
            },
            {
              "name": "FEDORA-2014-9308",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
            },
            {
              "name": "58945",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58945"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
            },
            {
              "name": "59659",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59659"
            },
            {
              "name": "59440",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59440"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
            },
            {
              "name": "59655",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59655"
            },
            {
              "name": "58716",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58716"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
            },
            {
              "name": "59437",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59437"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
            },
            {
              "name": "59310",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59310"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
            },
            {
              "name": "http://www.splunk.com/view/SP-CAAAM2D",
              "refsource": "CONFIRM",
              "url": "http://www.splunk.com/view/SP-CAAAM2D"
            },
            {
              "name": "SUSE-SU-2015:0743",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21676793",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21676356",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
            },
            {
              "name": "HPSBMU03057",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
            },
            {
              "name": "http://support.citrix.com/article/CTX140876",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX140876"
            },
            {
              "name": "59167",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59167"
            },
            {
              "name": "59120",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59120"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
            },
            {
              "name": "HPSBMU03069",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2"
            },
            {
              "name": "MDVSA-2014:105",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:105"
            },
            {
              "name": "59460",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59460"
            },
            {
              "name": "58939",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58939"
            },
            {
              "name": "SSRT101590",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
            },
            {
              "name": "59514",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59514"
            },
            {
              "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
            },
            {
              "name": "59438",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59438"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496"
            },
            {
              "name": "58714",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58714"
            },
            {
              "name": "HPSBGN03050",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
            },
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15342.html",
              "refsource": "CONFIRM",
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15342.html"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20140605.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20140605.txt"
            },
            {
              "name": "58615",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58615"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "SUSE-SU-2015:0578",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
            },
            {
              "name": "http://support.apple.com/kb/HT6443",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT6443"
            },
            {
              "name": "59301",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59301"
            },
            {
              "name": "59784",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59784"
            },
            {
              "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA80",
              "refsource": "CONFIRM",
              "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
            },
            {
              "name": "HPSBMU03076",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
            },
            {
              "name": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6",
              "refsource": "CONFIRM",
              "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
            },
            {
              "name": "67898",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67898"
            },
            {
              "name": "59192",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59192"
            },
            {
              "name": "FEDORA-2014-9301",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
            },
            {
              "name": "HPSBMU03062",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
            },
            {
              "name": "58579",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58579"
            },
            {
              "name": "HPSBMU03056",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
            },
            {
              "name": "59175",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59175"
            },
            {
              "name": "HPSBMU03051",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
            },
            {
              "name": "59666",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59666"
            },
            {
              "name": "HPSBMU03055",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
            },
            {
              "name": "59413",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59413"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
            },
            {
              "name": "59721",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59721"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
            },
            {
              "name": "58713",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58713"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
            },
            {
              "name": "59362",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59362"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
            },
            {
              "name": "59450",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59450"
            },
            {
              "name": "59287",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59287"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
            },
            {
              "name": "59491",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59491"
            },
            {
              "name": "59364",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59364"
            },
            {
              "name": "59451",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59451"
            },
            {
              "name": "58977",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58977"
            },
            {
              "name": "https://www.novell.com/support/kb/doc.php?id=7015271",
              "refsource": "CONFIRM",
              "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
            },
            {
              "name": "60571",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60571"
            },
            {
              "name": "59459",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59459"
            },
            {
              "name": "http://www.blackberry.com/btsc/KB36051",
              "refsource": "CONFIRM",
              "url": "http://www.blackberry.com/btsc/KB36051"
            },
            {
              "name": "59431",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59431"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
            },
            {
              "name": "58337",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58337"
            },
            {
              "name": "59518",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59518"
            },
            {
              "name": "59162",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59162"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1103600",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103600"
            },
            {
              "name": "59490",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59490"
            },
            {
              "name": "59916",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59916"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E",
              "refsource": "CONFIRM",
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E"
            },
            {
              "name": "HPSBMU03065",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
            },
            {
              "name": "58797",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58797"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3470",
    "datePublished": "2014-06-05T21:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:43:06.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3449
Vulnerability from cvelistv5
Published
2021-03-25 00:00
Modified
2024-08-03 16:53
Severity
Summary
NULL pointer deref in signature_algorithms processing
References
URLTags
https://www.openssl.org/news/secadv/20210325.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJdvendor-advisory
https://www.debian.org/security/2021/dsa-4875vendor-advisory
http://www.openwall.com/lists/oss-security/2021/03/27/1mailing-list
http://www.openwall.com/lists/oss-security/2021/03/27/2mailing-list
http://www.openwall.com/lists/oss-security/2021/03/28/3mailing-list
http://www.openwall.com/lists/oss-security/2021/03/28/4mailing-list
https://security.gentoo.org/glsa/202103-03vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/vendor-advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.tenable.com/security/tns-2021-10
https://www.tenable.com/security/tns-2021-09
https://security.netapp.com/advisory/ntap-20210513-0002/
https://security.netapp.com/advisory/ntap-20210326-0006/
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
https://www.tenable.com/security/tns-2021-06
https://www.tenable.com/security/tns-2021-05
https://kc.mcafee.com/corporate/index?page=content&id=SB10356
https://www.oracle.com//security-alerts/cpujul2021.html
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
https://lists.debian.org/debian-lts-announce/2021/08/msg00029.htmlmailing-list
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://www.oracle.com/security-alerts/cpujul2022.html
https://security.netapp.com/advisory/ntap-20240621-0006/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:53:17.609Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20210325.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148"
          },
          {
            "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
          },
          {
            "name": "DSA-4875",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4875"
          },
          {
            "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
          },
          {
            "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
          },
          {
            "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
          },
          {
            "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
          },
          {
            "name": "GLSA-202103-03",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202103-03"
          },
          {
            "name": "FEDORA-2021-cbf14ab8f9",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-06"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
          },
          {
            "name": "[debian-lts-announce] 20210831 [SECURITY] [DLA 2751-1] postgresql-9.6 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Peter K\u00e4stle (Nokia) and Samuel Sapalski (Nokia)"
        }
      ],
      "datePublic": "2021-03-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#High",
              "value": "High"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "NULL pointer dereference",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:05:57.096577",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20210325.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148"
        },
        {
          "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
        },
        {
          "name": "DSA-4875",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4875"
        },
        {
          "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
        },
        {
          "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
        },
        {
          "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
        },
        {
          "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
        },
        {
          "name": "GLSA-202103-03",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202103-03"
        },
        {
          "name": "FEDORA-2021-cbf14ab8f9",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-10"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-09"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
        },
        {
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-06"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-05"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
        },
        {
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
        },
        {
          "name": "[debian-lts-announce] 20210831 [SECURITY] [DLA 2751-1] postgresql-9.6 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "title": "NULL pointer deref in signature_algorithms processing"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2021-3449",
    "datePublished": "2021-03-25T00:00:00",
    "dateReserved": "2021-03-17T00:00:00",
    "dateUpdated": "2024-08-03T16:53:17.609Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-3817
Vulnerability from cvelistv5
Published
2023-07-31 15:34
Modified
2024-08-02 07:08
Severity
Summary
Excessive time spent checking DH q parameter value
References
URLTags
https://www.openssl.org/news/secadv/20230731.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7fpatch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644patch
http://seclists.org/fulldisclosure/2023/Jul/43
http://www.openwall.com/lists/oss-security/2023/07/31/1
https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html
https://security.netapp.com/advisory/ntap-20230818-0014/
http://www.openwall.com/lists/oss-security/2023/09/22/9
http://www.openwall.com/lists/oss-security/2023/09/22/11
https://security.netapp.com/advisory/ntap-20231027-0008/
http://www.openwall.com/lists/oss-security/2023/11/06/2
https://security.gentoo.org/glsa/202402-08
https://security.netapp.com/advisory/ntap-20240621-0006/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:08:50.496Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230731.txt"
          },
          {
            "name": "3.1.2 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5"
          },
          {
            "name": "3.0.10 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f"
          },
          {
            "name": "1.1.1v git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5"
          },
          {
            "name": "1.0.2zi patch (premium)",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jul/43"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/31/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230818-0014/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231027-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.1.2",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.10",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1v",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zi",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Bernd Edlinger"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tomas Mraz"
        }
      ],
      "datePublic": "2023-07-31T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the functions DH_check(), DH_check_ex()\u003cbr\u003eor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\u003cbr\u003edelays. Where the key or parameters that are being checked have been obtained\u003cbr\u003efrom an untrusted source this may lead to a Denial of Service.\u003cbr\u003e\u003cbr\u003eThe function DH_check() performs various checks on DH parameters. After fixing\u003cbr\u003eCVE-2023-3446 it was discovered that a large q parameter value can also trigger\u003cbr\u003ean overly long computation during some of these checks. A correct q value,\u003cbr\u003eif present, cannot be larger than the modulus p parameter, thus it is\u003cbr\u003eunnecessary to perform these checks if q is larger than p.\u003cbr\u003e\u003cbr\u003eAn application that calls DH_check() and supplies a key or parameters obtained\u003cbr\u003efrom an untrusted source could be vulnerable to a Denial of Service attack.\u003cbr\u003e\u003cbr\u003eThe function DH_check() is itself called by a number of other OpenSSL functions.\u003cbr\u003eAn application calling any of those other functions may similarly be affected.\u003cbr\u003eThe other functions affected by this are DH_check_ex() and\u003cbr\u003eEVP_PKEY_param_check().\u003cbr\u003e\u003cbr\u003eAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\u003cbr\u003ewhen using the \"-check\" option.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue."
            }
          ],
          "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Excessive Iteration",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-31T15:34:13.627Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230731.txt"
        },
        {
          "name": "3.1.2 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5"
        },
        {
          "name": "3.0.10 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f"
        },
        {
          "name": "1.1.1v git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5"
        },
        {
          "name": "1.0.2zi patch (premium)",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Jul/43"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/31/1"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230818-0014/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231027-0008/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Excessive time spent checking DH q parameter value",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-3817",
    "datePublished": "2023-07-31T15:34:13.627Z",
    "dateReserved": "2023-07-21T08:47:25.638Z",
    "dateUpdated": "2024-08-02T07:08:50.496Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-3197
Vulnerability from cvelistv5
Published
2016-02-15 00:00
Modified
2024-08-06 05:39
Severity
Summary
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.
References
URLTags
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlvendor-advisory
http://www.securitytracker.com/id/1034849vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.openssl.org/news/secadv/20160128.txt
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893
https://security.gentoo.org/glsa/201601-05vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.securityfocus.com/bid/91787vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlvendor-advisory
https://www.kb.cert.org/vuls/id/257823third-party-advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.securityfocus.com/bid/82237vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:11.openssl.ascvendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d81a1600588b726c2bdccda7efad3cc7a87d6245
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:39:31.828Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "FEDORA-2016-527018d2ff",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "openSUSE-SU-2016:0638",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:0621",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
          },
          {
            "name": "1034849",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034849"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv/20160128.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "SUSE-SU-2016:1057",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893"
          },
          {
            "name": "GLSA-201601-05",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201601-05"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "name": "openSUSE-SU-2016:0720",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03724en_us"
          },
          {
            "name": "SUSE-SU-2016:0624",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
          },
          {
            "name": "SUSE-SU-2016:0631",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "SUSE-SU-2016:0617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
          },
          {
            "name": "VU#257823",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/257823"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "name": "openSUSE-SU-2016:0628",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "82237",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/82237"
          },
          {
            "name": "SUSE-SU-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
          },
          {
            "name": "SUSE-SU-2016:0620",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "name": "SUSE-SU-2016:0641",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "name": "FreeBSD-SA-16:11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:11.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d81a1600588b726c2bdccda7efad3cc7a87d6245"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "FEDORA-2016-527018d2ff",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "openSUSE-SU-2016:0638",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "openSUSE-SU-2016:1239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:0621",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
        },
        {
          "name": "1034849",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034849"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "http://www.openssl.org/news/secadv/20160128.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "SUSE-SU-2016:1057",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893"
        },
        {
          "name": "GLSA-201601-05",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201601-05"
        },
        {
          "name": "openSUSE-SU-2016:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
        },
        {
          "name": "openSUSE-SU-2016:0720",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03724en_us"
        },
        {
          "name": "SUSE-SU-2016:0624",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
        },
        {
          "name": "SUSE-SU-2016:0631",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "SUSE-SU-2016:0617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
        },
        {
          "name": "VU#257823",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.kb.cert.org/vuls/id/257823"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "name": "openSUSE-SU-2016:0628",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "82237",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/82237"
        },
        {
          "name": "SUSE-SU-2016:0678",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
        },
        {
          "name": "SUSE-SU-2016:0620",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "name": "SUSE-SU-2016:0641",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "name": "FreeBSD-SA-16:11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:11.openssl.asc"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d81a1600588b726c2bdccda7efad3cc7a87d6245"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-3197",
    "datePublished": "2016-02-15T00:00:00",
    "dateReserved": "2015-04-10T00:00:00",
    "dateUpdated": "2024-08-06T05:39:31.828Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6302
Vulnerability from cvelistv5
Published
2016-09-16 00:00
Modified
2024-08-06 01:29
Severity
Summary
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
References
URLTags
https://www.tenable.com/security/tns-2016-20
https://access.redhat.com/errata/RHSA-2018:2185vendor-advisory
https://access.redhat.com/errata/RHSA-2018:2186vendor-advisory
http://www.splunk.com/view/SP-CAAAPUE
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://rhn.redhat.com/errata/RHSA-2016-1940.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.securityfocus.com/bid/92628vdb-entry
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=e97763c92c655dcf4af2860b3abd2bc4c8a267f9
http://www.splunk.com/view/SP-CAAAPSV
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.securitytracker.com/id/1036885vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-21
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://bto.bluecoat.com/security-advisory/sa132
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.ascvendor-advisory
https://access.redhat.com/errata/RHSA-2018:2187vendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:18.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "name": "RHSA-2018:2185",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2185"
          },
          {
            "name": "RHSA-2018:2186",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2186"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "92628",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92628"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=e97763c92c655dcf4af2860b3abd2bc4c8a267f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "name": "1036885",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036885"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "name": "RHSA-2018:2187",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2187"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "name": "RHSA-2018:2185",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2185"
        },
        {
          "name": "RHSA-2018:2186",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2186"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "92628",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92628"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=e97763c92c655dcf4af2860b3abd2bc4c8a267f9"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "name": "1036885",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036885"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "name": "RHSA-2018:2187",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6302",
    "datePublished": "2016-09-16T00:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:18.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2107
Vulnerability from cvelistv5
Published
2016-05-05 00:00
Modified
2024-08-05 23:17
Severity
Summary
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
References
URLTags
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://rhn.redhat.com/errata/RHSA-2016-2073.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
http://www.debian.org/security/2016/dsa-3566vendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10160
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.htmlvendor-advisory
https://security.gentoo.org/glsa/201612-16vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us
http://www.securitytracker.com/id/1035721vdb-entry
http://support.citrix.com/article/CTX212736
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.htmlvendor-advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-opensslvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.htmlvendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.htmlvendor-advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlvendor-advisory
https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/
https://www.tenable.com/security/tns-2016-18
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.htmlvendor-advisory
http://source.android.com/security/bulletin/2016-07-01.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.htmlvendor-advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
http://rhn.redhat.com/errata/RHSA-2016-0996.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://security.netapp.com/advisory/ntap-20160504-0001/
http://www.securityfocus.com/bid/91787vdb-entry
http://www.securityfocus.com/bid/89760vdb-entry
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-2959-1vendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html
http://rhn.redhat.com/errata/RHSA-2016-0722.htmlvendor-advisory
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.ascvendor-advisory
https://www.openssl.org/news/secadv/20160503.txt
https://support.apple.com/HT206903
https://bto.bluecoat.com/security-advisory/sa123
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.htmlvendor-advisory
https://www.exploit-db.com/exploits/39768/exploit
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.633Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
          },
          {
            "name": "SSA:2016-124-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
          },
          {
            "name": "openSUSE-SU-2016:1238",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2016:2073",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
          },
          {
            "name": "DSA-3566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3566"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03726en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
          },
          {
            "name": "openSUSE-SU-2016:1243",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "name": "SUSE-SU-2016:1228",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03728en_us"
          },
          {
            "name": "1035721",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035721"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX212736"
          },
          {
            "name": "SUSE-SU-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
          },
          {
            "name": "FEDORA-2016-1e39d934ed",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
          },
          {
            "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "FEDORA-2016-1411324654",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
          },
          {
            "name": "openSUSE-SU-2016:1240",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
          },
          {
            "name": "openSUSE-SU-2016:1566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
          },
          {
            "name": "APPLE-SA-2016-07-18-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "SUSE-SU-2016:1233",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-07-01.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"
          },
          {
            "name": "openSUSE-SU-2016:1237",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
          },
          {
            "name": "RHSA-2016:0996",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "89760",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/89760"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "USN-2959-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2959-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html"
          },
          {
            "name": "RHSA-2016:0722",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
          },
          {
            "name": "FreeBSD-SA-16:17",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206903"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa123"
          },
          {
            "name": "FEDORA-2016-05c567df1a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
          },
          {
            "name": "39768",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39768/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
        },
        {
          "name": "SSA:2016-124-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
        },
        {
          "name": "openSUSE-SU-2016:1238",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2016:2073",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
        },
        {
          "name": "DSA-3566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3566"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03726en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
        },
        {
          "name": "openSUSE-SU-2016:1243",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "name": "SUSE-SU-2016:1228",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03728en_us"
        },
        {
          "name": "1035721",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035721"
        },
        {
          "url": "http://support.citrix.com/article/CTX212736"
        },
        {
          "name": "SUSE-SU-2016:1206",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
        },
        {
          "name": "FEDORA-2016-1e39d934ed",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
        },
        {
          "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "FEDORA-2016-1411324654",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
        },
        {
          "name": "openSUSE-SU-2016:1240",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
        },
        {
          "name": "openSUSE-SU-2016:1566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
        },
        {
          "name": "APPLE-SA-2016-07-18-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
        },
        {
          "url": "https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-18"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "name": "SUSE-SU-2016:1233",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
        },
        {
          "url": "http://source.android.com/security/bulletin/2016-07-01.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"
        },
        {
          "name": "openSUSE-SU-2016:1237",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
        },
        {
          "name": "RHSA-2016:0996",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "89760",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/89760"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "USN-2959-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2959-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "url": "http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html"
        },
        {
          "name": "RHSA-2016:0722",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
        },
        {
          "name": "FreeBSD-SA-16:17",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160503.txt"
        },
        {
          "url": "https://support.apple.com/HT206903"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa123"
        },
        {
          "name": "FEDORA-2016-05c567df1a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
        },
        {
          "name": "39768",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/39768/"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2107",
    "datePublished": "2016-05-05T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3730
Vulnerability from cvelistv5
Published
2017-05-04 19:00
Modified
2024-09-16 17:48
Severity
Summary
Bad (EC)DHE parameters cause a client crash
References
URLTags
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://www.exploit-db.com/exploits/41192/exploit, x_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/95812vdb-entry, x_refsource_BID
https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaax_refsource_MISC
https://www.openssl.org/news/secadv/20170126.txtx_refsource_CONFIRM
http://www.securitytracker.com/id/1037717vdb-entry, x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
https://security.gentoo.org/glsa/201702-07vendor-advisory, x_refsource_GENTOO
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_usx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "41192",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41192/"
          },
          {
            "name": "95812",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95812"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20170126.txt"
          },
          {
            "name": "1037717",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037717"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "GLSA-201702-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-07"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "openssl-1.1.0"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0a"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0b"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0c"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Guido Vranken"
        }
      ],
      "datePublic": "2017-01-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "NULL pointer deference",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-23T19:08:15",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "41192",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41192/"
        },
        {
          "name": "95812",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95812"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20170126.txt"
        },
        {
          "name": "1037717",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037717"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "GLSA-201702-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-07"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        }
      ],
      "title": "Bad (EC)DHE parameters cause a client crash",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2017-01-26",
          "ID": "CVE-2017-3730",
          "STATE": "PUBLIC",
          "TITLE": "Bad (EC)DHE parameters cause a client crash"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "openssl-1.1.0"
                          },
                          {
                            "version_value": "openssl-1.1.0a"
                          },
                          {
                            "version_value": "openssl-1.1.0b"
                          },
                          {
                            "version_value": "openssl-1.1.0c"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Guido Vranken"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
            "value": "Moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "NULL pointer deference"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "41192",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41192/"
            },
            {
              "name": "95812",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95812"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa",
              "refsource": "MISC",
              "url": "https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20170126.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20170126.txt"
            },
            {
              "name": "1037717",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037717"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "GLSA-201702-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-07"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2017-3730",
    "datePublished": "2017-05-04T19:00:00Z",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-09-16T17:48:53.722Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-2940
Vulnerability from cvelistv5
Published
2006-09-28 18:00
Modified
2024-08-07 18:06
Severity
Summary
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.
References
URLTags
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/22212third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-353-2vendor-advisory, x_refsource_UBUNTU
http://support.attachmate.com/techdocs/2374.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4750vdb-entry, x_refsource_VUPEN
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.htmlx_refsource_CONFIRM
http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=enx_refsource_MISC
http://secunia.com/advisories/23915third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1vendor-advisory, x_refsource_SUNALERT
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771vendor-advisory, x_refsource_HP
http://securitytracker.com/id?1016943vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/23038third-party-advisory, x_refsource_SECUNIA
http://www.trustix.org/errata/2006/0054vendor-advisory, x_refsource_TRUSTIX
http://www.debian.org/security/2006/dsa-1195vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/23309third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/26893third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4401vdb-entry, x_refsource_VUPEN
http://www.ubuntu.com/usn/usn-353-1vendor-advisory, x_refsource_UBUNTU
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227x_refsource_CONFIRM
http://secunia.com/advisories/22116third-party-advisory, x_refsource_SECUNIA
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144vendor-advisory, x_refsource_HP
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htmx_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/22166third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0695.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/23340third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22385third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_24_sr.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/22758third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22487third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_58_openssl.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/22772third-party-advisory, x_refsource_SECUNIA
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540vendor-advisory, x_refsource_HP
http://secunia.com/advisories/31531third-party-advisory, x_refsource_SECUNIA
http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdfx_refsource_CONFIRM
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://secunia.com/advisories/22165third-party-advisory, x_refsource_SECUNIA
http://docs.info.apple.com/article.html?artnum=304829x_refsource_CONFIRM
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.htmlmailing-list, x_refsource_FULLDISC
http://secunia.com/advisories/23794third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=130497311408250&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/22220third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23680third-party-advisory, x_refsource_SECUNIA
http://openvpn.net/changelog.htmlx_refsource_CONFIRM
http://www.vmware.com/support/server/doc/releasenotes_server.htmlx_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-1633x_refsource_CONFIRM
http://secunia.com/advisories/25889third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4036vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311vdb-entry, signature, x_refsource_OVAL
http://www.vupen.com/english/advisories/2006/4019vdb-entry, x_refsource_VUPEN
http://openbsd.org/errata.html#openssl2vendor-advisory, x_refsource_OPENBSD
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlx_refsource_CONFIRM
http://secunia.com/advisories/30124third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22626third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/29230vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/22083vdb-entry, x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/23351third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3869vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22671third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22544third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22298third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlx_refsource_CONFIRM
http://secunia.com/advisories/22130third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31492third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4329vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22284third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24930third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4327vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2008-0629.htmlvendor-advisory, x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-200610-11.xmlvendor-advisory, x_refsource_GENTOO
http://issues.rpath.com/browse/RPL-613x_refsource_CONFIRM
http://secunia.com/advisories/26329third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22260third-party-advisory, x_refsource_SECUNIA
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdfx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/0343vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/3860vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/23280third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/447318/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144vendor-advisory, x_refsource_HP
http://www.vmware.com/support/player/doc/releasenotes_player.htmlx_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htmx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4264vdb-entry, x_refsource_VUPEN
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlx_refsource_CONFIRM
http://secunia.com/advisories/22193third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/2396vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/23155third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22799third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1vendor-advisory, x_refsource_SUNALERT
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946vendor-advisory, x_refsource_SLACKWARE
http://www.vupen.com/english/advisories/2006/4417vdb-entry, x_refsource_VUPEN
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=130497311408250&w=2vendor-advisory, x_refsource_HP
http://www.serv-u.com/releasenotes/x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.htmlx_refsource_CONFIRM
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.htmlx_refsource_CONFIRM
http://marc.info/?l=bind-announce&m=116253119512445&w=2mailing-list, x_refsource_MLIST
http://secunia.com/advisories/22094third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22186third-party-advisory, x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20060928.txtx_refsource_CONFIRM
http://kolab.org/security/kolab-vendor-notice-11.txtx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/2315vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22500third-party-advisory, x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlvendor-advisory, x_refsource_APPLE
http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlthird-party-advisory, x_refsource_CERT
http://www.securityfocus.com/archive/1/489739/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/22216third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3820vdb-entry, x_refsource_VUPEN
http://lists.vmware.com/pipermail/security-announce/2008/000008.htmlmailing-list, x_refsource_MLIST
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100vendor-advisory, x_refsource_HP
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.htmlvendor-advisory, x_refsource_OPENPKG
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlx_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2008/0905/referencesvdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/1401vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/20247vdb-entry, x_refsource_BID
http://www.osvdb.org/29261vdb-entry, x_refsource_OSVDB
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.ascvendor-advisory, x_refsource_NETBSD
http://www.vmware.com/security/advisories/VMSA-2008-0005.htmlx_refsource_CONFIRM
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771vendor-advisory, x_refsource_HP
http://www.securityfocus.com/archive/1/456546/100/200/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/447393/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2006/3936vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/4980vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22240third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22330third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.htmlx_refsource_CONFIRM
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144vendor-advisory, x_refsource_HP
http://www.debian.org/security/2006/dsa-1185vendor-advisory, x_refsource_DEBIAN
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.ascvendor-advisory, x_refsource_SGI
http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdfx_refsource_CONFIRM
http://secunia.com/advisories/22207third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177vendor-advisory, x_refsource_MANDRIVA
http://securitytracker.com/id?1017522vdb-entry, x_refsource_SECTRACK
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.htmlvendor-advisory, x_refsource_CISCO
http://www.vupen.com/english/advisories/2006/3902vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2783vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22259third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22460third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22172third-party-advisory, x_refsource_SECUNIA
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.htmlx_refsource_CONFIRM
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/28276vdb-entry, x_refsource_BID
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1vendor-advisory, x_refsource_SUNALERT
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtmlvendor-advisory, x_refsource_CISCO
http://secunia.com/advisories/24950third-party-advisory, x_refsource_SECUNIA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:06:27.233Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDKSA-2006:172",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172"
          },
          {
            "name": "22212",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "name": "USN-353-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-353-2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "name": "ADV-2006-4750",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "name": "23915",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "name": "201534",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "name": "HPSBMA02250",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
          },
          {
            "name": "1016943",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "name": "23038",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "name": "2006-0054",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "name": "DSA-1195",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "name": "23309",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "name": "26893",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26893"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "name": "ADV-2006-4401",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "name": "USN-353-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "name": "22116",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "name": "SSRT071304",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm"
          },
          {
            "name": "GLSA-200612-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "name": "22166",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "name": "RHSA-2006:0695",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html"
          },
          {
            "name": "23340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "name": "22385",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "name": "SUSE-SR:2006:024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "name": "22758",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "name": "22487",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "name": "SUSE-SA:2006:058",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "name": "22772",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "name": "SSRT071299",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
          },
          {
            "name": "31531",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf"
          },
          {
            "name": "FreeBSD-SA-06:23.openssl",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc"
          },
          {
            "name": "22165",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html"
          },
          {
            "name": "23794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "name": "SSRT090208",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "name": "22220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "name": "23680",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1633"
          },
          {
            "name": "25889",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "name": "ADV-2006-4036",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "name": "oval:org.mitre.oval:def:10311",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311"
          },
          {
            "name": "ADV-2006-4019",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "name": "30124",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "name": "22626",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "name": "openssl-publickey-dos(29230)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230"
          },
          {
            "name": "22083",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "name": "MDKSA-2006:178",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178"
          },
          {
            "name": "23351",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "name": "ADV-2006-3869",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "name": "22671",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "name": "22544",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "name": "22298",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "name": "22130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "name": "31492",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "name": "ADV-2006-4329",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "name": "22284",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "name": "24930",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "name": "ADV-2006-4327",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "name": "RHSA-2008:0629",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
          },
          {
            "name": "GLSA-200610-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://issues.rpath.com/browse/RPL-613"
          },
          {
            "name": "26329",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "name": "22260",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf"
          },
          {
            "name": "ADV-2007-0343",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "name": "ADV-2006-3860",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "name": "23280",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "name": "SSRT061213",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm"
          },
          {
            "name": "ADV-2006-4264",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "name": "22193",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "name": "ADV-2008-2396",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "name": "23155",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "name": "22799",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "name": "200585",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "name": "SSA:2006-272-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "name": "ADV-2006-4417",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "name": "HPSBUX02186",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
          },
          {
            "name": "HPSBOV02683",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "name": "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "name": "22094",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "name": "22186",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "name": "ADV-2007-2315",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "name": "22500",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "name": "APPLE-SA-2006-11-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
          },
          {
            "name": "TA06-333A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
          },
          {
            "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "name": "22216",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "name": "ADV-2006-3820",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "name": "HPSBUX02174",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "name": "OpenPKG-SA-2006.021",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "name": "102747",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "name": "ADV-2008-0905",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "name": "ADV-2007-1401",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "name": "20247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20247"
          },
          {
            "name": "29261",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/29261"
          },
          {
            "name": "NetBSD-SA2008-007",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
          },
          {
            "name": "SSRT061275",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
          },
          {
            "name": "20070110 VMware ESX server security updates",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "name": "ADV-2006-3936",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "name": "ADV-2006-4980",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "name": "22240",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "name": "22330",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "name": "HPSBTU02207",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
          },
          {
            "name": "DSA-1185",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "name": "20061001-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf"
          },
          {
            "name": "22207",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "name": "MDKSA-2006:177",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177"
          },
          {
            "name": "1017522",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "name": "20061108 Multiple Vulnerabilities in OpenSSL Library",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "name": "ADV-2006-3902",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "name": "ADV-2007-2783",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "name": "22259",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "name": "22460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "name": "22172",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "name": "SSRT061239",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "name": "28276",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "name": "102668",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "name": "20061108 Multiple Vulnerabilities in OpenSSL library",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "name": "24950",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24950"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "MDKSA-2006:172",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172"
        },
        {
          "name": "22212",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22212"
        },
        {
          "name": "USN-353-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-353-2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.attachmate.com/techdocs/2374.html"
        },
        {
          "name": "ADV-2006-4750",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4750"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
        },
        {
          "name": "23915",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23915"
        },
        {
          "name": "201534",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
        },
        {
          "name": "HPSBMA02250",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
        },
        {
          "name": "1016943",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016943"
        },
        {
          "name": "23038",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23038"
        },
        {
          "name": "2006-0054",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2006/0054"
        },
        {
          "name": "DSA-1195",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1195"
        },
        {
          "name": "23309",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23309"
        },
        {
          "name": "26893",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26893"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
        },
        {
          "name": "ADV-2006-4401",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4401"
        },
        {
          "name": "USN-353-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-353-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
        },
        {
          "name": "22116",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22116"
        },
        {
          "name": "SSRT071304",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm"
        },
        {
          "name": "GLSA-200612-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
        },
        {
          "name": "22166",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22166"
        },
        {
          "name": "RHSA-2006:0695",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0695.html"
        },
        {
          "name": "23340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23340"
        },
        {
          "name": "22385",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22385"
        },
        {
          "name": "SUSE-SR:2006:024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
        },
        {
          "name": "22758",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22758"
        },
        {
          "name": "22487",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22487"
        },
        {
          "name": "SUSE-SA:2006:058",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
        },
        {
          "name": "22772",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22772"
        },
        {
          "name": "SSRT071299",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
        },
        {
          "name": "31531",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31531"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf"
        },
        {
          "name": "FreeBSD-SA-06:23.openssl",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc"
        },
        {
          "name": "22165",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22165"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=304829"
        },
        {
          "name": "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html"
        },
        {
          "name": "23794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23794"
        },
        {
          "name": "SSRT090208",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "name": "22220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22220"
        },
        {
          "name": "23680",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23680"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://openvpn.net/changelog.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1633"
        },
        {
          "name": "25889",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25889"
        },
        {
          "name": "ADV-2006-4036",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4036"
        },
        {
          "name": "oval:org.mitre.oval:def:10311",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311"
        },
        {
          "name": "ADV-2006-4019",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4019"
        },
        {
          "name": "[3.9] 20061007 013: SECURITY FIX: October 7, 2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://openbsd.org/errata.html#openssl2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
        },
        {
          "name": "30124",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30124"
        },
        {
          "name": "22626",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22626"
        },
        {
          "name": "openssl-publickey-dos(29230)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230"
        },
        {
          "name": "22083",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22083"
        },
        {
          "name": "MDKSA-2006:178",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178"
        },
        {
          "name": "23351",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23351"
        },
        {
          "name": "ADV-2006-3869",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3869"
        },
        {
          "name": "22671",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22671"
        },
        {
          "name": "22544",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22544"
        },
        {
          "name": "22298",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22298"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
        },
        {
          "name": "22130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22130"
        },
        {
          "name": "31492",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31492"
        },
        {
          "name": "ADV-2006-4329",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4329"
        },
        {
          "name": "22284",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22284"
        },
        {
          "name": "24930",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24930"
        },
        {
          "name": "ADV-2006-4327",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4327"
        },
        {
          "name": "RHSA-2008:0629",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
        },
        {
          "name": "GLSA-200610-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://issues.rpath.com/browse/RPL-613"
        },
        {
          "name": "26329",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26329"
        },
        {
          "name": "22260",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22260"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf"
        },
        {
          "name": "ADV-2007-0343",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0343"
        },
        {
          "name": "ADV-2006-3860",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3860"
        },
        {
          "name": "23280",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23280"
        },
        {
          "name": "20060928 rPSA-2006-0175-1 openssl openssl-scripts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
        },
        {
          "name": "SSRT061213",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm"
        },
        {
          "name": "ADV-2006-4264",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4264"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
        },
        {
          "name": "22193",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22193"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
        },
        {
          "name": "ADV-2008-2396",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2396"
        },
        {
          "name": "23155",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23155"
        },
        {
          "name": "22799",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22799"
        },
        {
          "name": "200585",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
        },
        {
          "name": "SSA:2006-272-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
        },
        {
          "name": "ADV-2006-4417",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4417"
        },
        {
          "name": "HPSBUX02186",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
        },
        {
          "name": "HPSBOV02683",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.serv-u.com/releasenotes/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
        },
        {
          "name": "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
        },
        {
          "name": "22094",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22094"
        },
        {
          "name": "22186",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22186"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20060928.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
        },
        {
          "name": "ADV-2007-2315",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2315"
        },
        {
          "name": "22500",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22500"
        },
        {
          "name": "APPLE-SA-2006-11-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
        },
        {
          "name": "TA06-333A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
        },
        {
          "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
        },
        {
          "name": "22216",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22216"
        },
        {
          "name": "ADV-2006-3820",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3820"
        },
        {
          "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
        },
        {
          "name": "HPSBUX02174",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
        },
        {
          "name": "OpenPKG-SA-2006.021",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
        },
        {
          "name": "102747",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
        },
        {
          "name": "ADV-2008-0905",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0905/references"
        },
        {
          "name": "ADV-2007-1401",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1401"
        },
        {
          "name": "20247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20247"
        },
        {
          "name": "29261",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/29261"
        },
        {
          "name": "NetBSD-SA2008-007",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
        },
        {
          "name": "SSRT061275",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771"
        },
        {
          "name": "20070110 VMware ESX server security updates",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
        },
        {
          "name": "20060929 rPSA-2006-0175-2 openssl openssl-scripts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
        },
        {
          "name": "ADV-2006-3936",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3936"
        },
        {
          "name": "ADV-2006-4980",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4980"
        },
        {
          "name": "22240",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22240"
        },
        {
          "name": "22330",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22330"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
        },
        {
          "name": "HPSBTU02207",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
        },
        {
          "name": "DSA-1185",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1185"
        },
        {
          "name": "20061001-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf"
        },
        {
          "name": "22207",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22207"
        },
        {
          "name": "MDKSA-2006:177",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177"
        },
        {
          "name": "1017522",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017522"
        },
        {
          "name": "20061108 Multiple Vulnerabilities in OpenSSL Library",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
        },
        {
          "name": "ADV-2006-3902",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3902"
        },
        {
          "name": "ADV-2007-2783",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2783"
        },
        {
          "name": "22259",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22259"
        },
        {
          "name": "22460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22460"
        },
        {
          "name": "22172",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22172"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
        },
        {
          "name": "SSRT061239",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
        },
        {
          "name": "28276",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28276"
        },
        {
          "name": "102668",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
        },
        {
          "name": "20061108 Multiple Vulnerabilities in OpenSSL library",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
        },
        {
          "name": "24950",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24950"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-2940",
    "datePublished": "2006-09-28T18:00:00",
    "dateReserved": "2006-06-09T00:00:00",
    "dateUpdated": "2024-08-07T18:06:27.233Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0290
Vulnerability from cvelistv5
Published
2015-03-19 00:00
Modified
2024-08-06 04:03
Severity
Summary
The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.
References
URLTags
http://www.securityfocus.com/bid/73226vdb-entry
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
https://bugzilla.redhat.com/show_bug.cgi?id=1202345
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=77c77f0a1b9f15b869ca3342186dfbedd1119d0e
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory
http://www.securitytracker.com/id/1031929vdb-entry
https://security.gentoo.org/glsa/201503-11vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.838Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "73226",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73226"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202345"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=77c77f0a1b9f15b869ca3342186dfbedd1119d0e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "73226",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73226"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202345"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=77c77f0a1b9f15b869ca3342186dfbedd1119d0e"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0290",
    "datePublished": "2015-03-19T00:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0466
Vulnerability from cvelistv5
Published
2023-03-28 14:30
Modified
2024-08-02 05:10
Severity
Summary
Certificate policy check not enabled
References
URLTags
https://www.openssl.org/news/secadv/20230328.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0apatch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72patch
https://security.netapp.com/advisory/ntap-20230414-0001/
https://www.debian.org/security/2023/dsa-5417
https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
http://www.openwall.com/lists/oss-security/2023/09/28/4
https://security.gentoo.org/glsa/202402-08
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:10:56.167Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230328.txt"
          },
          {
            "name": "3.1.1 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061"
          },
          {
            "name": "3.0.9 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908"
          },
          {
            "name": "1.1.1u git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a"
          },
          {
            "name": "1.0.2zh patch (premium)",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230414-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5417"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.1.1",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.9",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1u",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zh",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "David Benjamin (Google)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tomas Mraz"
        }
      ],
      "datePublic": "2023-03-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrect policies to pass the certificate verification.\u003cbr\u003eAs suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function.\u003cbr\u003eInstead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument.\u003cbr\u003eCertificate policy checks are disabled by default in OpenSSL and are not commonly used by applications."
            }
          ],
          "value": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "improper certificate validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-28T14:30:49.595Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230328.txt"
        },
        {
          "name": "3.1.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061"
        },
        {
          "name": "3.0.9 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908"
        },
        {
          "name": "1.1.1u git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a"
        },
        {
          "name": "1.0.2zh patch (premium)",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230414-0001/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5417"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Certificate policy check not enabled",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-0466",
    "datePublished": "2023-03-28T14:30:49.595Z",
    "dateReserved": "2023-01-24T13:52:42.631Z",
    "dateUpdated": "2024-08-02T05:10:56.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-1343
Vulnerability from cvelistv5
Published
2022-05-03 00:00
Modified
2024-08-03 00:03
Severity
Summary
OCSP_basic_verify may incorrectly verify the response signing certificate
References
URLTags
https://www.openssl.org/news/secadv/20220503.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
https://security.netapp.com/advisory/ntap-20220602-0009/
https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:03:05.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20220503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Raul Metsma"
        }
      ],
      "datePublic": "2022-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL \"ocsp\" application. When verifying an ocsp response with the \"-no_cert_checks\" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Incorrect signature verfication",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-14T00:00:00",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20220503.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
        }
      ],
      "title": "OCSP_basic_verify may incorrectly verify the response signing certificate"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-1343",
    "datePublished": "2022-05-03T00:00:00",
    "dateReserved": "2022-04-13T00:00:00",
    "dateUpdated": "2024-08-03T00:03:05.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-0727
Vulnerability from cvelistv5
Published
2024-01-26 08:57
Modified
2024-08-01 18:18
Severity
Summary
PKCS12 Decoding crashes
References
URLTags
https://www.openssl.org/news/secadv/20240125.txtvendor-advisory
https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844apatch
https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2cpatch
https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2patch
https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8patch
https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539patch
https://security.netapp.com/advisory/ntap-20240208-0006/
http://www.openwall.com/lists/oss-security/2024/03/11/1
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:18:17.369Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20240125.txt"
          },
          {
            "name": "3.2.1 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"
          },
          {
            "name": "3.1.5 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"
          },
          {
            "name": "3.0.13 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"
          },
          {
            "name": "1.1.1x git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8"
          },
          {
            "name": "1.0.2zj git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240208-0006/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.2.1",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1.5",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.13",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1x",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zj",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Bahaa Naamneh (Crosspoint Labs)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Matt Caswell"
        }
      ],
      "datePublic": "2024-01-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\u003cbr\u003eto crash leading to a potential Denial of Service attack\u003cbr\u003e\u003cbr\u003eImpact summary: Applications loading files in the PKCS12 format from untrusted\u003cbr\u003esources might terminate abruptly.\u003cbr\u003e\u003cbr\u003eA file in PKCS12 format can contain certificates and keys and may come from an\u003cbr\u003euntrusted source. The PKCS12 specification allows certain fields to be NULL, but\u003cbr\u003eOpenSSL does not correctly check for this case. This can lead to a NULL pointer\u003cbr\u003edereference that results in OpenSSL crashing. If an application processes PKCS12\u003cbr\u003efiles from an untrusted source using the OpenSSL APIs then that application will\u003cbr\u003ebe vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\u003cbr\u003ePKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\u003cbr\u003eand PKCS12_newpass().\u003cbr\u003e\u003cbr\u003eWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\u003cbr\u003efunction is related to writing data we do not consider it security significant.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue."
            }
          ],
          "value": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "NULL Pointer Dereference",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-26T08:57:19.579Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20240125.txt"
        },
        {
          "name": "3.2.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"
        },
        {
          "name": "3.1.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"
        },
        {
          "name": "3.0.13 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"
        },
        {
          "name": "1.1.1x git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8"
        },
        {
          "name": "1.0.2zj git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240208-0006/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "PKCS12 Decoding crashes",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2024-0727",
    "datePublished": "2024-01-26T08:57:19.579Z",
    "dateReserved": "2024-01-19T11:01:11.010Z",
    "dateUpdated": "2024-08-01T18:18:17.369Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2105
Vulnerability from cvelistv5
Published
2016-05-05 00:00
Modified
2024-08-05 23:17
Severity
Summary
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
References
URLTags
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2056.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2073.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
http://www.securityfocus.com/bid/89757vdb-entry
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.debian.org/security/2016/dsa-3566vendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10160
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.htmlvendor-advisory
https://security.gentoo.org/glsa/201612-16vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.htmlvendor-advisory
http://www.securitytracker.com/id/1035721vdb-entry
http://rhn.redhat.com/errata/RHSA-2016-1648.htmlvendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.htmlvendor-advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-opensslvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.htmlvendor-advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlvendor-advisory
https://source.android.com/security/bulletin/pixel/2017-11-01
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.htmlvendor-advisory
https://www.tenable.com/security/tns-2016-18
http://rhn.redhat.com/errata/RHSA-2016-1649.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-0996.htmlvendor-advisory
https://security.netapp.com/advisory/ntap-20160504-0001/
http://www.securityfocus.com/bid/91787vdb-entry
http://rhn.redhat.com/errata/RHSA-2016-1650.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-2959-1vendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://rhn.redhat.com/errata/RHSA-2016-0722.htmlvendor-advisory
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.ascvendor-advisory
https://www.openssl.org/news/secadv/20160503.txt
https://support.apple.com/HT206903
https://bto.bluecoat.com/security-advisory/sa123
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.709Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
          },
          {
            "name": "SSA:2016-124-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
          },
          {
            "name": "RHSA-2016:2056",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
          },
          {
            "name": "openSUSE-SU-2016:1238",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
          },
          {
            "name": "openSUSE-SU-2016:1242",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "SUSE-SU-2016:1267",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
          },
          {
            "name": "RHSA-2016:2073",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
          },
          {
            "name": "89757",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/89757"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "DSA-3566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3566"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
          },
          {
            "name": "openSUSE-SU-2016:1243",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "name": "SUSE-SU-2016:1228",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
          },
          {
            "name": "1035721",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035721"
          },
          {
            "name": "RHSA-2016:1648",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
          },
          {
            "name": "FEDORA-2016-1e39d934ed",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
          },
          {
            "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "SUSE-SU-2016:1231",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "FEDORA-2016-1411324654",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
          },
          {
            "name": "openSUSE-SU-2016:1240",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
          },
          {
            "name": "openSUSE-SU-2016:1566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "name": "APPLE-SA-2016-07-18-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
          },
          {
            "name": "SUSE-SU-2016:1360",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-18"
          },
          {
            "name": "RHSA-2016:1649",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "SUSE-SU-2016:1233",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2016:1237",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
          },
          {
            "name": "RHSA-2016:0996",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "RHSA-2016:1650",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
          },
          {
            "name": "SUSE-SU-2016:1290",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2016:1273",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "USN-2959-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2959-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "RHSA-2016:0722",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
          },
          {
            "name": "FreeBSD-SA-16:17",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206903"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa123"
          },
          {
            "name": "FEDORA-2016-05c567df1a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
        },
        {
          "name": "SSA:2016-124-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
        },
        {
          "name": "RHSA-2016:2056",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
        },
        {
          "name": "openSUSE-SU-2016:1238",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
        },
        {
          "name": "openSUSE-SU-2016:1242",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "SUSE-SU-2016:1267",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
        },
        {
          "name": "RHSA-2016:2073",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
        },
        {
          "name": "89757",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/89757"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "DSA-3566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3566"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
        },
        {
          "name": "openSUSE-SU-2016:1243",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "name": "SUSE-SU-2016:1228",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
        },
        {
          "name": "1035721",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035721"
        },
        {
          "name": "RHSA-2016:1648",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a"
        },
        {
          "name": "openSUSE-SU-2016:1239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:1206",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
        },
        {
          "name": "FEDORA-2016-1e39d934ed",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
        },
        {
          "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "SUSE-SU-2016:1231",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "FEDORA-2016-1411324654",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
        },
        {
          "name": "openSUSE-SU-2016:1240",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
        },
        {
          "name": "openSUSE-SU-2016:1566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
        },
        {
          "name": "openSUSE-SU-2016:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
        },
        {
          "name": "APPLE-SA-2016-07-18-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
        },
        {
          "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
        },
        {
          "name": "SUSE-SU-2016:1360",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-18"
        },
        {
          "name": "RHSA-2016:1649",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "name": "SUSE-SU-2016:1233",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2016:1237",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
        },
        {
          "name": "RHSA-2016:0996",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "RHSA-2016:1650",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
        },
        {
          "name": "SUSE-SU-2016:1290",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2016:1273",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "USN-2959-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2959-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "RHSA-2016:0722",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
        },
        {
          "name": "FreeBSD-SA-16:17",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160503.txt"
        },
        {
          "url": "https://support.apple.com/HT206903"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa123"
        },
        {
          "name": "FEDORA-2016-05c567df1a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2105",
    "datePublished": "2016-05-05T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3711
Vulnerability from cvelistv5
Published
2021-08-24 14:50
Modified
2024-09-16 18:29
Severity
Summary
SM2 Decryption Buffer Overflow
References
URLTags
https://www.openssl.org/news/secadv/20210824.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46
https://www.debian.org/security/2021/dsa-4963vendor-advisory
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3Emailing-list
http://www.openwall.com/lists/oss-security/2021/08/26/2mailing-list
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3Emailing-list
https://security.netapp.com/advisory/ntap-20210827-0010/
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://www.oracle.com/security-alerts/cpujan2022.html
https://security.netapp.com/advisory/ntap-20211022-0003/
https://www.tenable.com/security/tns-2022-02
https://www.oracle.com/security-alerts/cpuapr2022.html
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://security.gentoo.org/glsa/202209-02vendor-advisory
https://security.gentoo.org/glsa/202210-02vendor-advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:08.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20210824.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
          },
          {
            "name": "DSA-4963",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4963"
          },
          {
            "name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
          },
          {
            "name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2022-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "name": "GLSA-202209-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-02"
          },
          {
            "name": "GLSA-202210-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "John Ouyang"
        }
      ],
      "datePublic": "2021-08-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#High",
              "value": "High"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:59.573968",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20210824.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
        },
        {
          "name": "DSA-4963",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4963"
        },
        {
          "name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
        },
        {
          "name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-16"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
        },
        {
          "url": "https://www.tenable.com/security/tns-2022-02"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
        },
        {
          "name": "GLSA-202209-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202209-02"
        },
        {
          "name": "GLSA-202210-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-02"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "title": "SM2 Decryption Buffer Overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2021-3711",
    "datePublished": "2021-08-24T14:50:13.114745Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-16T18:29:03.742Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-3358
Vulnerability from cvelistv5
Published
2022-10-11 15:00
Modified
2024-09-16 16:33
Severity
Summary
Using a Custom Cipher with NID_undef may lead to NULL encryption
References
URLTags
https://www.openssl.org/news/secadv/20221011.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b
https://security.netapp.com/advisory/ntap-20221028-0014/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
https://security.gentoo.org/glsa/202402-08vendor-advisory
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:07:06.484Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20221011.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221028-0014/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023"
          },
          {
            "name": "GLSA-202402-08",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Chris Rapier (Pittsburgh Supercomputing Center)"
        }
      ],
      "datePublic": "2022-09-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "NULL encryption",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-04T09:06:42.670169",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20221011.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221028-0014/"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023"
        },
        {
          "name": "GLSA-202402-08",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202402-08"
        }
      ],
      "title": "Using a Custom Cipher with NID_undef may lead to NULL encryption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-3358",
    "datePublished": "2022-10-11T15:00:14.123507Z",
    "dateReserved": "2022-09-29T00:00:00",
    "dateUpdated": "2024-09-16T16:33:30.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-5077
Vulnerability from cvelistv5
Published
2009-01-07 17:00
Modified
2024-08-07 10:40
Severity
Summary
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
References
URLTags
http://marc.info/?l=bugtraq&m=123859864430555&w=2vendor-advisory, x_refsource_HP
http://www.vmware.com/security/advisories/VMSA-2009-0004.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.htmlvendor-advisory, x_refsource_SUSE
http://support.apple.com/kb/HT3549x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/499827/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1vendor-advisory, x_refsource_SUNALERT
http://www.openssl.org/news/secadv_20090107.txtx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/0558vdb-entry, x_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=123859864430555&w=2vendor-advisory, x_refsource_HP
http://www.securitytracker.com/id?1021523vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2009/0362vdb-entry, x_refsource_VUPEN
http://security.gentoo.org/glsa/glsa-200902-02.xmlvendor-advisory, x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=124277349419254&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2009/0289vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/35074third-party-advisory, x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2009-038.htmx_refsource_CONFIRM
http://secunia.com/advisories/34211third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/0040vdb-entry, x_refsource_VUPEN
http://marc.info/?l=bugtraq&m=127678688104458&w=2vendor-advisory, x_refsource_HP
http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlvendor-advisory, x_refsource_APPLE
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.544796vendor-advisory, x_refsource_SLACKWARE
http://www.vupen.com/english/advisories/2009/0904vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/0913vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/33557third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/33765third-party-advisory, x_refsource_SECUNIA
http://www.ocert.org/advisories/ocert-2008-016.htmlx_refsource_MISC
http://secunia.com/advisories/33673third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/502322/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/33436third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35108third-party-advisory, x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlthird-party-advisory, x_refsource_CERT
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653x_refsource_CONFIRM
http://www.securityfocus.com/bid/33150vdb-entry, x_refsource_BID
http://www.redhat.com/support/errata/RHSA-2009-0004.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/1297vdb-entry, x_refsource_VUPEN
https://usn.ubuntu.com/704-1/vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/33338third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1338vdb-entry, x_refsource_VUPEN
http://marc.info/?l=bugtraq&m=124277349419254&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/33394third-party-advisory, x_refsource_SECUNIA
http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.htmlx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6380vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/39005third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9155vdb-entry, signature, x_refsource_OVAL
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:40:16.908Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT090002",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=123859864430555\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
          },
          {
            "name": "SUSE-SU-2011:0847",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3549"
          },
          {
            "name": "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded"
          },
          {
            "name": "250826",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20090107.txt"
          },
          {
            "name": "ADV-2009-0558",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0558"
          },
          {
            "name": "openSUSE-SU-2011:0845",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
          },
          {
            "name": "HPSBUX02418",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=123859864430555\u0026w=2"
          },
          {
            "name": "1021523",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021523"
          },
          {
            "name": "ADV-2009-0362",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0362"
          },
          {
            "name": "GLSA-200902-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200902-02.xml"
          },
          {
            "name": "HPSBMA02426",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124277349419254\u0026w=2"
          },
          {
            "name": "ADV-2009-0289",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0289"
          },
          {
            "name": "35074",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35074"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm"
          },
          {
            "name": "34211",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34211"
          },
          {
            "name": "ADV-2009-0040",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0040"
          },
          {
            "name": "HPSBOV02540",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
          },
          {
            "name": "APPLE-SA-2009-05-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
          },
          {
            "name": "SSA:2009-014-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.544796"
          },
          {
            "name": "ADV-2009-0904",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0904"
          },
          {
            "name": "ADV-2009-0913",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0913"
          },
          {
            "name": "33557",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33557"
          },
          {
            "name": "33765",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33765"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ocert.org/advisories/ocert-2008-016.html"
          },
          {
            "name": "33673",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33673"
          },
          {
            "name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
          },
          {
            "name": "33436",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33436"
          },
          {
            "name": "35108",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35108"
          },
          {
            "name": "TA09-133A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=837653"
          },
          {
            "name": "33150",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33150"
          },
          {
            "name": "RHSA-2009:0004",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0004.html"
          },
          {
            "name": "ADV-2009-1297",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1297"
          },
          {
            "name": "USN-704-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/704-1/"
          },
          {
            "name": "33338",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33338"
          },
          {
            "name": "ADV-2009-1338",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1338"
          },
          {
            "name": "SSRT090053",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124277349419254\u0026w=2"
          },
          {
            "name": "33394",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33394"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6380",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6380"
          },
          {
            "name": "39005",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39005"
          },
          {
            "name": "oval:org.mitre.oval:def:9155",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9155"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SSRT090002",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=123859864430555\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
        },
        {
          "name": "SUSE-SU-2011:0847",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3549"
        },
        {
          "name": "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded"
        },
        {
          "name": "250826",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20090107.txt"
        },
        {
          "name": "ADV-2009-0558",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0558"
        },
        {
          "name": "openSUSE-SU-2011:0845",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
        },
        {
          "name": "HPSBUX02418",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=123859864430555\u0026w=2"
        },
        {
          "name": "1021523",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021523"
        },
        {
          "name": "ADV-2009-0362",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0362"
        },
        {
          "name": "GLSA-200902-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200902-02.xml"
        },
        {
          "name": "HPSBMA02426",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124277349419254\u0026w=2"
        },
        {
          "name": "ADV-2009-0289",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0289"
        },
        {
          "name": "35074",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35074"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm"
        },
        {
          "name": "34211",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34211"
        },
        {
          "name": "ADV-2009-0040",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0040"
        },
        {
          "name": "HPSBOV02540",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
        },
        {
          "name": "APPLE-SA-2009-05-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
        },
        {
          "name": "SSA:2009-014-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.544796"
        },
        {
          "name": "ADV-2009-0904",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0904"
        },
        {
          "name": "ADV-2009-0913",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0913"
        },
        {
          "name": "33557",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33557"
        },
        {
          "name": "33765",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33765"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ocert.org/advisories/ocert-2008-016.html"
        },
        {
          "name": "33673",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33673"
        },
        {
          "name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
        },
        {
          "name": "33436",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33436"
        },
        {
          "name": "35108",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35108"
        },
        {
          "name": "TA09-133A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=837653"
        },
        {
          "name": "33150",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33150"
        },
        {
          "name": "RHSA-2009:0004",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0004.html"
        },
        {
          "name": "ADV-2009-1297",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1297"
        },
        {
          "name": "USN-704-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/704-1/"
        },
        {
          "name": "33338",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33338"
        },
        {
          "name": "ADV-2009-1338",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1338"
        },
        {
          "name": "SSRT090053",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124277349419254\u0026w=2"
        },
        {
          "name": "33394",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33394"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6380",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6380"
        },
        {
          "name": "39005",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39005"
        },
        {
          "name": "oval:org.mitre.oval:def:9155",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9155"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-5077",
    "datePublished": "2009-01-07T17:00:00",
    "dateReserved": "2008-11-14T00:00:00",
    "dateUpdated": "2024-08-07T10:40:16.908Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-2511
Vulnerability from cvelistv5
Published
2024-04-08 13:51
Modified
2024-08-01 19:18
Severity
Summary
Unbounded memory growth with session handling in TLSv1.3
References
URLTags
https://www.openssl.org/news/secadv/20240408.txtvendor-advisory
https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08patch
https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bcepatch
https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5dpatch
https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640patch
http://www.openwall.com/lists/oss-security/2024/04/08/5
https://security.netapp.com/advisory/ntap-20240503-0013/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2511",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-09T15:14:41.481807Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:30:50.015Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:18:46.968Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20240408.txt"
          },
          {
            "name": "3.2.2 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08"
          },
          {
            "name": "3.1.6 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce"
          },
          {
            "name": "3.0.14 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d"
          },
          {
            "name": "1.1.1y git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/08/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240503-0013/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.2.2",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1.6",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.14",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1y",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Manish Patidar (Hewlett Packard Enterprise)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Matt Caswell"
        }
      ],
      "datePublic": "2024-04-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Some non-default TLS server configurations can cause unbounded\u003cbr\u003ememory growth when processing TLSv1.3 sessions\u003cbr\u003e\u003cbr\u003eImpact summary: An attacker may exploit certain server configurations to trigger\u003cbr\u003eunbounded memory growth that would lead to a Denial of Service\u003cbr\u003e\u003cbr\u003eThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\u003cbr\u003ebeing used (but not if early_data support is also configured and the default\u003cbr\u003eanti-replay protection is in use). In this case, under certain conditions, the\u003cbr\u003esession cache can get into an incorrect state and it will fail to flush properly\u003cbr\u003eas it fills. The session cache will continue to grow in an unbounded manner. A\u003cbr\u003emalicious client could deliberately create the scenario for this failure to\u003cbr\u003eforce a Denial of Service. It may also happen by accident in normal operation.\u003cbr\u003e\u003cbr\u003eThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\u003cbr\u003eclients.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\u003cbr\u003e1.0.2 is also not affected by this issue."
            }
          ],
          "value": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improperly Controlled Sequential Memory Allocation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-08T13:51:12.349Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20240408.txt"
        },
        {
          "name": "3.2.2 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08"
        },
        {
          "name": "3.1.6 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce"
        },
        {
          "name": "3.0.14 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d"
        },
        {
          "name": "1.1.1y git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/04/08/5"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240503-0013/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unbounded memory growth with session handling in TLSv1.3",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2024-2511",
    "datePublished": "2024-04-08T13:51:12.349Z",
    "dateReserved": "2024-03-15T15:33:52.037Z",
    "dateUpdated": "2024-08-01T19:18:46.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2106
Vulnerability from cvelistv5
Published
2016-05-05 00:00
Modified
2024-08-05 23:17
Severity
Summary
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
References
URLTags
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2056.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.htmlvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2073.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.debian.org/security/2016/dsa-3566vendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10160
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.htmlvendor-advisory
https://security.gentoo.org/glsa/201612-16vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.htmlvendor-advisory
http://www.securitytracker.com/id/1035721vdb-entry
http://rhn.redhat.com/errata/RHSA-2016-1648.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.htmlvendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3f3582139fbb259a1c3cbb0a25236500a409bf26
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.htmlvendor-advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-opensslvendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.htmlvendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.htmlvendor-advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlvendor-advisory
https://source.android.com/security/bulletin/pixel/2017-11-01
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.htmlvendor-advisory
http://www.securityfocus.com/bid/89744vdb-entry
https://www.tenable.com/security/tns-2016-18
http://rhn.redhat.com/errata/RHSA-2016-1649.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.htmlvendor-advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
http://rhn.redhat.com/errata/RHSA-2016-0996.htmlvendor-advisory
https://security.netapp.com/advisory/ntap-20160504-0001/
http://www.securityfocus.com/bid/91787vdb-entry
http://rhn.redhat.com/errata/RHSA-2016-1650.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
http://www.ubuntu.com/usn/USN-2959-1vendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://rhn.redhat.com/errata/RHSA-2016-0722.htmlvendor-advisory
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.ascvendor-advisory
https://www.openssl.org/news/secadv/20160503.txt
https://support.apple.com/HT206903
https://bto.bluecoat.com/security-advisory/sa123
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.739Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
          },
          {
            "name": "SSA:2016-124-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
          },
          {
            "name": "RHSA-2016:2056",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
          },
          {
            "name": "openSUSE-SU-2016:1238",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
          },
          {
            "name": "openSUSE-SU-2016:1242",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "SUSE-SU-2016:1267",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
          },
          {
            "name": "RHSA-2016:2073",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "DSA-3566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3566"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
          },
          {
            "name": "openSUSE-SU-2016:1243",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "name": "SUSE-SU-2016:1228",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
          },
          {
            "name": "1035721",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035721"
          },
          {
            "name": "RHSA-2016:1648",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3f3582139fbb259a1c3cbb0a25236500a409bf26"
          },
          {
            "name": "FEDORA-2016-1e39d934ed",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
          },
          {
            "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "SUSE-SU-2016:1231",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "FEDORA-2016-1411324654",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
          },
          {
            "name": "openSUSE-SU-2016:1240",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "name": "APPLE-SA-2016-07-18-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
          },
          {
            "name": "SUSE-SU-2016:1360",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
          },
          {
            "name": "89744",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/89744"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-18"
          },
          {
            "name": "RHSA-2016:1649",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "SUSE-SU-2016:1233",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2016:1237",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
          },
          {
            "name": "RHSA-2016:0996",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "RHSA-2016:1650",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
          },
          {
            "name": "SUSE-SU-2016:1290",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2016:1273",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "USN-2959-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2959-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "RHSA-2016:0722",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
          },
          {
            "name": "FreeBSD-SA-16:17",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206903"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa123"
          },
          {
            "name": "FEDORA-2016-05c567df1a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
        },
        {
          "name": "SSA:2016-124-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
        },
        {
          "name": "RHSA-2016:2056",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
        },
        {
          "name": "openSUSE-SU-2016:1238",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
        },
        {
          "name": "openSUSE-SU-2016:1242",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "SUSE-SU-2016:1267",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
        },
        {
          "name": "RHSA-2016:2073",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "DSA-3566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3566"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
        },
        {
          "name": "openSUSE-SU-2016:1243",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "name": "SUSE-SU-2016:1228",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
        },
        {
          "name": "1035721",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035721"
        },
        {
          "name": "RHSA-2016:1648",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
        },
        {
          "name": "openSUSE-SU-2016:1239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:1206",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3f3582139fbb259a1c3cbb0a25236500a409bf26"
        },
        {
          "name": "FEDORA-2016-1e39d934ed",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
        },
        {
          "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "SUSE-SU-2016:1231",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "FEDORA-2016-1411324654",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
        },
        {
          "name": "openSUSE-SU-2016:1240",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
        },
        {
          "name": "openSUSE-SU-2016:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
        },
        {
          "name": "APPLE-SA-2016-07-18-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
        },
        {
          "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
        },
        {
          "name": "SUSE-SU-2016:1360",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
        },
        {
          "name": "89744",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/89744"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-18"
        },
        {
          "name": "RHSA-2016:1649",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "name": "SUSE-SU-2016:1233",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2016:1237",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
        },
        {
          "name": "RHSA-2016:0996",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "RHSA-2016:1650",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
        },
        {
          "name": "SUSE-SU-2016:1290",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2016:1273",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "USN-2959-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2959-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "RHSA-2016:0722",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
        },
        {
          "name": "FreeBSD-SA-16:17",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160503.txt"
        },
        {
          "url": "https://support.apple.com/HT206903"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa123"
        },
        {
          "name": "FEDORA-2016-05c567df1a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2106",
    "datePublished": "2016-05-05T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0291
Vulnerability from cvelistv5
Published
2015-03-19 00:00
Modified
2024-08-06 04:03
Severity
Summary
The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation.
References
URLTags
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
http://www.securityfocus.com/bid/73235vdb-entry
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=76343947ada960b6269090638f5391068daee88d
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory
http://www.securitytracker.com/id/1031929vdb-entry
https://security.gentoo.org/glsa/201503-11vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1202338
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.909Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "name": "73235",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73235"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=76343947ada960b6269090638f5391068daee88d"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202338"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "name": "73235",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73235"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=76343947ada960b6269090638f5391068daee88d"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202338"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0291",
    "datePublished": "2015-03-19T00:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.909Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3712
Vulnerability from cvelistv5
Published
2021-08-24 00:00
Modified
2024-08-03 17:01
Severity
Summary
Read buffer overruns processing ASN.1 strings
References
URLTags
https://www.openssl.org/news/secadv/20210824.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12
https://www.debian.org/security/2021/dsa-4963vendor-advisory
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3Emailing-list
http://www.openwall.com/lists/oss-security/2021/08/26/2mailing-list
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3Emailing-list
https://security.netapp.com/advisory/ntap-20210827-0010/
https://lists.debian.org/debian-lts-announce/2021/09/msg00014.htmlmailing-list
https://lists.debian.org/debian-lts-announce/2021/09/msg00021.htmlmailing-list
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://kc.mcafee.com/corporate/index?page=content&id=SB10366
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.tenable.com/security/tns-2022-02
https://www.oracle.com/security-alerts/cpuapr2022.html
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf
https://security.gentoo.org/glsa/202209-02vendor-advisory
https://security.gentoo.org/glsa/202210-02vendor-advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:08.180Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20210824.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
          },
          {
            "name": "DSA-4963",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4963"
          },
          {
            "name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
          },
          {
            "name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
          },
          {
            "name": "[debian-lts-announce] 20210926 [SECURITY] [DLA 2766-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html"
          },
          {
            "name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2774-1] openssl1.0 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2022-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
          },
          {
            "name": "GLSA-202209-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-02"
          },
          {
            "name": "GLSA-202210-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ingo Schwarze"
        }
      ],
      "datePublic": "2021-08-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL\u0027s own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:21.902973",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20210824.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
        },
        {
          "name": "DSA-4963",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4963"
        },
        {
          "name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
        },
        {
          "name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
        },
        {
          "name": "[debian-lts-announce] 20210926 [SECURITY] [DLA 2766-1] openssl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html"
        },
        {
          "name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2774-1] openssl1.0 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-16"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2022-02"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
        },
        {
          "name": "GLSA-202209-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202209-02"
        },
        {
          "name": "GLSA-202210-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-02"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "title": "Read buffer overruns processing ASN.1 strings"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2021-3712",
    "datePublished": "2021-08-24T00:00:00",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-08-03T17:01:08.180Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0545
Vulnerability from cvelistv5
Published
2003-10-01 04:00
Modified
2024-08-08 01:58
Severity
Summary
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
References
URLTags
http://www.redhat.com/support/errata/RHSA-2003-292.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2006/3900vdb-entry, x_refsource_VUPEN
http://www-1.ibm.com/support/docview.wss?uid=swg21247112x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/935264third-party-advisory, x_refsource_CERT-VN
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htmx_refsource_MISC
http://www.debian.org/security/2003/dsa-394vendor-advisory, x_refsource_DEBIAN
http://www.cert.org/advisories/CA-2003-26.htmlthird-party-advisory, x_refsource_CERT
http://secunia.com/advisories/22249third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/bid/8732vdb-entry, x_refsource_BID
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:58:11.016Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2003:292",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
          },
          {
            "name": "ADV-2006-3900",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3900"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
          },
          {
            "name": "VU#935264",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/935264"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
          },
          {
            "name": "DSA-394",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-394"
          },
          {
            "name": "CA-2003-26",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.cert.org/advisories/CA-2003-26.html"
          },
          {
            "name": "22249",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22249"
          },
          {
            "name": "oval:org.mitre.oval:def:2590",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590"
          },
          {
            "name": "8732",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/8732"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-09-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2003:292",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
        },
        {
          "name": "ADV-2006-3900",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3900"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
        },
        {
          "name": "VU#935264",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/935264"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
        },
        {
          "name": "DSA-394",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-394"
        },
        {
          "name": "CA-2003-26",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.cert.org/advisories/CA-2003-26.html"
        },
        {
          "name": "22249",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22249"
        },
        {
          "name": "oval:org.mitre.oval:def:2590",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590"
        },
        {
          "name": "8732",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/8732"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0545",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2003:292",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
            },
            {
              "name": "ADV-2006-3900",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3900"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
            },
            {
              "name": "VU#935264",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/935264"
            },
            {
              "name": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm",
              "refsource": "MISC",
              "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
            },
            {
              "name": "DSA-394",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-394"
            },
            {
              "name": "CA-2003-26",
              "refsource": "CERT",
              "url": "http://www.cert.org/advisories/CA-2003-26.html"
            },
            {
              "name": "22249",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22249"
            },
            {
              "name": "oval:org.mitre.oval:def:2590",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590"
            },
            {
              "name": "8732",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/8732"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0545",
    "datePublished": "2003-10-01T04:00:00",
    "dateReserved": "2003-07-14T00:00:00",
    "dateUpdated": "2024-08-08T01:58:11.016Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-1473
Vulnerability from cvelistv5
Published
2022-05-03 15:15
Modified
2024-09-16 18:19
Severity
Summary
Resource leakage when decoding certificates and keys
References
URLTags
https://www.openssl.org/news/secadv/20220503.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1
https://security.netapp.com/advisory/ntap-20220602-0009/
https://security.gentoo.org/glsa/202210-02vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:03:06.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20220503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
          },
          {
            "name": "GLSA-202210-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Aliaksei Levin"
        }
      ],
      "datePublic": "2022-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-14T00:00:00",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20220503.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
        },
        {
          "name": "GLSA-202210-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-02"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
        }
      ],
      "title": "Resource leakage when decoding certificates and keys"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-1473",
    "datePublished": "2022-05-03T15:15:25.051136Z",
    "dateReserved": "2022-04-26T00:00:00",
    "dateUpdated": "2024-09-16T18:19:16.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0734
Vulnerability from cvelistv5
Published
2018-10-30 00:00
Modified
2024-08-05 03:35
Severity
Summary
Timing attack against DSA
References
URLTags
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://usn.ubuntu.com/3840-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4355vendor-advisory, x_refsource_DEBIAN
https://security.netapp.com/advisory/ntap-20181105-0002/x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070fx_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-17x_refsource_CONFIRM
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/x_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-16x_refsource_CONFIRM
http://www.securityfocus.com/bid/105758vdb-entry, x_refsource_BID
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7x_refsource_CONFIRM
https://www.debian.org/security/2018/dsa-4348vendor-advisory, x_refsource_DEBIAN
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871acx_refsource_CONFIRM
https://www.openssl.org/news/secadv/20181030.txtx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190118-0002/x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20190423-0002/x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.htmlvendor-advisory, x_refsource_SUSE
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.htmlvendor-advisory, x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2019:2304vendor-advisory, x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/vendor-advisory, x_refsource_FEDORA
https://access.redhat.com/errata/RHSA-2019:3700vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3933vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3935vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3932vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:49.290Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "USN-3840-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3840-1/"
          },
          {
            "name": "DSA-4355",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4355"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-17"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-16"
          },
          {
            "name": "105758",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105758"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
          },
          {
            "name": "DSA-4348",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4348"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20181030.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
          },
          {
            "name": "openSUSE-SU-2019:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "openSUSE-SU-2019:1814",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
          },
          {
            "name": "RHSA-2019:2304",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2304"
          },
          {
            "name": "FEDORA-2019-db06efdea1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
          },
          {
            "name": "FEDORA-2019-00c25b9379",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
          },
          {
            "name": "FEDORA-2019-9a0a7c0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
          },
          {
            "name": "RHSA-2019:3700",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3700"
          },
          {
            "name": "RHSA-2019:3933",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3933"
          },
          {
            "name": "RHSA-2019:3935",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3935"
          },
          {
            "name": "RHSA-2019:3932",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3932"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Samuel Weiser"
        }
      ],
      "datePublic": "2018-10-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Constant time issue",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T21:06:42",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "name": "USN-3840-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3840-1/"
        },
        {
          "name": "DSA-4355",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4355"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-17"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-16"
        },
        {
          "name": "105758",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105758"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
        },
        {
          "name": "DSA-4348",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4348"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20181030.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
        },
        {
          "name": "openSUSE-SU-2019:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "openSUSE-SU-2019:1814",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
        },
        {
          "name": "RHSA-2019:2304",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2304"
        },
        {
          "name": "FEDORA-2019-db06efdea1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
        },
        {
          "name": "FEDORA-2019-00c25b9379",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
        },
        {
          "name": "FEDORA-2019-9a0a7c0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
        },
        {
          "name": "RHSA-2019:3700",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3700"
        },
        {
          "name": "RHSA-2019:3933",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        },
        {
          "name": "RHSA-2019:3935",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        },
        {
          "name": "RHSA-2019:3932",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        }
      ],
      "title": "Timing attack against DSA",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2018-10-30",
          "ID": "CVE-2018-0734",
          "STATE": "PUBLIC",
          "TITLE": "Timing attack against DSA"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
                          },
                          {
                            "version_value": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
                          },
                          {
                            "version_value": "Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Samuel Weiser"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Low",
            "value": "Low"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Constant time issue"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "USN-3840-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3840-1/"
            },
            {
              "name": "DSA-4355",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4355"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181105-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-17",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-17"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-16",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-16"
            },
            {
              "name": "105758",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105758"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
            },
            {
              "name": "DSA-4348",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4348"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20181030.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20181030.txt"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190118-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190423-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
            },
            {
              "name": "openSUSE-SU-2019:1547",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "openSUSE-SU-2019:1814",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
            },
            {
              "name": "RHSA-2019:2304",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2304"
            },
            {
              "name": "FEDORA-2019-db06efdea1",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
            },
            {
              "name": "FEDORA-2019-00c25b9379",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
            },
            {
              "name": "FEDORA-2019-9a0a7c0986",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
            },
            {
              "name": "RHSA-2019:3700",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3700"
            },
            {
              "name": "RHSA-2019:3933",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3933"
            },
            {
              "name": "RHSA-2019:3935",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3935"
            },
            {
              "name": "RHSA-2019:3932",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3932"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2018-0734",
    "datePublished": "2018-10-30T00:00:00",
    "dateReserved": "2017-11-30T00:00:00",
    "dateUpdated": "2024-08-05T03:35:49.290Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-0591
Vulnerability from cvelistv5
Published
2009-03-27 16:00
Modified
2024-08-07 04:40
Severity
Summary
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.
References
URLTags
http://marc.info/?l=bugtraq&m=124464882609472&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2009/0850vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/1175vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/42724third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/49432vdb-entry, x_refsource_XF
http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847x_refsource_CONFIRM
http://secunia.com/advisories/34666third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=124464882609472&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2009/1020vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/35729third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35380third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=127678688104458&w=2vendor-advisory, x_refsource_HP
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/35065third-party-advisory, x_refsource_SECUNIA
http://www.php.net/archive/2009.php#id2009-04-08-1x_refsource_CONFIRM
http://secunia.com/advisories/34411third-party-advisory, x_refsource_SECUNIA
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.ascvendor-advisory, x_refsource_NETBSD
http://www.osvdb.org/52865vdb-entry, x_refsource_OSVDB
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlvendor-advisory, x_refsource_SUSE
http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.htmlx_refsource_CONFIRM
http://support.apple.com/kb/HT3865x_refsource_CONFIRM
http://www.openssl.org/news/secadv_20090325.txtx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/1548vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/36701third-party-advisory, x_refsource_SECUNIA
https://kb.bluecoat.com/index?page=content&id=SA50x_refsource_CONFIRM
http://secunia.com/advisories/34460third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/34256vdb-entry, x_refsource_BID
http://securitytracker.com/id?1021907vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/42733third-party-advisory, x_refsource_SECUNIA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:40:05.194Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT090059",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
          },
          {
            "name": "ADV-2009-0850",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0850"
          },
          {
            "name": "ADV-2009-1175",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1175"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "openssl-cmsverify-security-bypass(49432)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49432"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
          },
          {
            "name": "34666",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34666"
          },
          {
            "name": "HPSBUX02435",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
          },
          {
            "name": "ADV-2009-1020",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1020"
          },
          {
            "name": "35729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35729"
          },
          {
            "name": "35380",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35380"
          },
          {
            "name": "HPSBOV02540",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
          },
          {
            "name": "APPLE-SA-2009-09-10-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
          },
          {
            "name": "35065",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35065"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
          },
          {
            "name": "34411",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34411"
          },
          {
            "name": "NetBSD-SA2009-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
          },
          {
            "name": "52865",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/52865"
          },
          {
            "name": "SUSE-SR:2009:010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3865"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20090325.txt"
          },
          {
            "name": "ADV-2009-1548",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1548"
          },
          {
            "name": "36701",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36701"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "34460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34460"
          },
          {
            "name": "34256",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34256"
          },
          {
            "name": "1021907",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021907"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SSRT090059",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
        },
        {
          "name": "ADV-2009-0850",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0850"
        },
        {
          "name": "ADV-2009-1175",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1175"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "openssl-cmsverify-security-bypass(49432)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49432"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
        },
        {
          "name": "34666",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34666"
        },
        {
          "name": "HPSBUX02435",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
        },
        {
          "name": "ADV-2009-1020",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1020"
        },
        {
          "name": "35729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35729"
        },
        {
          "name": "35380",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35380"
        },
        {
          "name": "HPSBOV02540",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
        },
        {
          "name": "APPLE-SA-2009-09-10-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
        },
        {
          "name": "35065",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35065"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
        },
        {
          "name": "34411",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34411"
        },
        {
          "name": "NetBSD-SA2009-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
        },
        {
          "name": "52865",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/52865"
        },
        {
          "name": "SUSE-SR:2009:010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3865"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20090325.txt"
        },
        {
          "name": "ADV-2009-1548",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1548"
        },
        {
          "name": "36701",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36701"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "34460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34460"
        },
        {
          "name": "34256",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34256"
        },
        {
          "name": "1021907",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021907"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-0591",
    "datePublished": "2009-03-27T16:00:00",
    "dateReserved": "2009-02-13T00:00:00",
    "dateUpdated": "2024-08-07T04:40:05.194Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0544
Vulnerability from cvelistv5
Published
2003-10-01 04:00
Modified
2024-08-08 01:58
Severity
Summary
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.
References
URLTags
http://www.redhat.com/support/errata/RHSA-2003-292.htmlvendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574vdb-entry, signature, x_refsource_OVAL
http://www.kb.cert.org/vuls/id/380864third-party-advisory, x_refsource_CERT-VN
https://exchange.xforce.ibmcloud.com/vulnerabilities/43041vdb-entry, x_refsource_XF
http://www.vupen.com/english/advisories/2006/3900vdb-entry, x_refsource_VUPEN
http://www.debian.org/security/2003/dsa-393vendor-advisory, x_refsource_DEBIAN
http://www-1.ibm.com/support/docview.wss?uid=swg21247112x_refsource_CONFIRM
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htmx_refsource_MISC
http://www.debian.org/security/2003/dsa-394vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2003-291.htmlvendor-advisory, x_refsource_REDHAT
http://www.cert.org/advisories/CA-2003-26.htmlthird-party-advisory, x_refsource_CERT
http://secunia.com/advisories/22249third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/8732vdb-entry, x_refsource_BID
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1vendor-advisory, x_refsource_SUNALERT
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893x_refsource_CONFIRM
http://www.linuxsecurity.com/advisories/engarde_advisory-3693.htmlvendor-advisory, x_refsource_ENGARDE
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:58:10.811Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2003:292",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
          },
          {
            "name": "oval:org.mitre.oval:def:4574",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574"
          },
          {
            "name": "VU#380864",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/380864"
          },
          {
            "name": "openssl-asn1-sslclient-dos(43041)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43041"
          },
          {
            "name": "ADV-2006-3900",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3900"
          },
          {
            "name": "DSA-393",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-393"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
          },
          {
            "name": "DSA-394",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-394"
          },
          {
            "name": "RHSA-2003:291",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-291.html"
          },
          {
            "name": "CA-2003-26",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.cert.org/advisories/CA-2003-26.html"
          },
          {
            "name": "22249",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22249"
          },
          {
            "name": "8732",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/8732"
          },
          {
            "name": "201029",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
          },
          {
            "name": "ESA-20030930-027",
            "tags": [
              "vendor-advisory",
              "x_refsource_ENGARDE",
              "x_transferred"
            ],
            "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-09-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2003:292",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
        },
        {
          "name": "oval:org.mitre.oval:def:4574",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574"
        },
        {
          "name": "VU#380864",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/380864"
        },
        {
          "name": "openssl-asn1-sslclient-dos(43041)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43041"
        },
        {
          "name": "ADV-2006-3900",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3900"
        },
        {
          "name": "DSA-393",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-393"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
        },
        {
          "name": "DSA-394",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-394"
        },
        {
          "name": "RHSA-2003:291",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-291.html"
        },
        {
          "name": "CA-2003-26",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.cert.org/advisories/CA-2003-26.html"
        },
        {
          "name": "22249",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22249"
        },
        {
          "name": "8732",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/8732"
        },
        {
          "name": "201029",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
        },
        {
          "name": "ESA-20030930-027",
          "tags": [
            "vendor-advisory",
            "x_refsource_ENGARDE"
          ],
          "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0544",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2003:292",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
            },
            {
              "name": "oval:org.mitre.oval:def:4574",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574"
            },
            {
              "name": "VU#380864",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/380864"
            },
            {
              "name": "openssl-asn1-sslclient-dos(43041)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43041"
            },
            {
              "name": "ADV-2006-3900",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3900"
            },
            {
              "name": "DSA-393",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-393"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
            },
            {
              "name": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm",
              "refsource": "MISC",
              "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
            },
            {
              "name": "DSA-394",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-394"
            },
            {
              "name": "RHSA-2003:291",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-291.html"
            },
            {
              "name": "CA-2003-26",
              "refsource": "CERT",
              "url": "http://www.cert.org/advisories/CA-2003-26.html"
            },
            {
              "name": "22249",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22249"
            },
            {
              "name": "8732",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/8732"
            },
            {
              "name": "201029",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
            },
            {
              "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
            },
            {
              "name": "ESA-20030930-027",
              "refsource": "ENGARDE",
              "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0544",
    "datePublished": "2003-10-01T04:00:00",
    "dateReserved": "2003-07-14T00:00:00",
    "dateUpdated": "2024-08-08T01:58:10.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8275
Vulnerability from cvelistv5
Published
2015-01-09 02:00
Modified
2024-08-06 13:10
Severity
Summary
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.
References
URLTags
http://marc.info/?l=bugtraq&m=142895206924048&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.htmlvendor-advisory, x_refsource_SUSE
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-sslvendor-advisory, x_refsource_CISCO
http://marc.info/?l=bugtraq&m=142720981827617&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory, x_refsource_HP
https://support.apple.com/HT204659x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.htmlvendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id/1033378vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=142721102728110&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory, x_refsource_SUSE
https://www.openssl.org/news/secadv_20150108.txtx_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019vendor-advisory, x_refsource_MANDRIVA
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlx_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisory, x_refsource_SUSE
https://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811bx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-0066.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=142496289803847&w=2vendor-advisory, x_refsource_HP
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlvendor-advisory, x_refsource_APPLE
https://kc.mcafee.com/corporate/index?page=content&id=SB10108x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory, x_refsource_SUSE
https://kc.mcafee.com/corporate/index?page=content&id=SB10102x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/71935vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2015-0800.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=144050205101530&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142496179803395&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142720981827617&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory, x_refsource_MANDRIVA
https://support.citrix.com/article/CTX216642x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050254401665&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142496289803847&w=2vendor-advisory, x_refsource_HP
https://bto.bluecoat.com/security-advisory/sa88x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3125vendor-advisory, x_refsource_DEBIAN
https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3ex_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:50.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBOV03318",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "openSUSE-SU-2015:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
          },
          {
            "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
          },
          {
            "name": "HPSBGN03299",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204659"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "name": "FEDORA-2015-0601",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
          },
          {
            "name": "1033378",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033378"
          },
          {
            "name": "HPSBHF03289",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150108.txt"
          },
          {
            "name": "MDVSA-2015:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811b"
          },
          {
            "name": "RHSA-2015:0066",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
          },
          {
            "name": "HPSBUX03244",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "name": "APPLE-SA-2015-04-08-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
          },
          {
            "name": "SUSE-SU-2015:0946",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "71935",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71935"
          },
          {
            "name": "RHSA-2015:0800",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
          },
          {
            "name": "HPSBMU03396",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
          },
          {
            "name": "HPSBUX03162",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
          },
          {
            "name": "SSRT101987",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "HPSBMU03413",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "name": "SSRT101885",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa88"
          },
          {
            "name": "DSA-3125",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3125"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3e"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate\u0027s unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-14T10:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "HPSBOV03318",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "openSUSE-SU-2015:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
        },
        {
          "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
        },
        {
          "name": "HPSBGN03299",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204659"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "name": "FEDORA-2015-0601",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
        },
        {
          "name": "1033378",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033378"
        },
        {
          "name": "HPSBHF03289",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20150108.txt"
        },
        {
          "name": "MDVSA-2015:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811b"
        },
        {
          "name": "RHSA-2015:0066",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
        },
        {
          "name": "HPSBUX03244",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
        },
        {
          "name": "APPLE-SA-2015-04-08-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
        },
        {
          "name": "SUSE-SU-2015:0946",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "71935",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71935"
        },
        {
          "name": "RHSA-2015:0800",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
        },
        {
          "name": "HPSBMU03396",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
        },
        {
          "name": "HPSBUX03162",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
        },
        {
          "name": "SSRT101987",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "HPSBMU03413",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
        },
        {
          "name": "SSRT101885",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa88"
        },
        {
          "name": "DSA-3125",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3125"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3e"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2014-8275",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate\u0027s unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBOV03318",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "openSUSE-SU-2015:0130",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
            },
            {
              "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
            },
            {
              "name": "HPSBGN03299",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
            },
            {
              "name": "HPSBMU03409",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
            },
            {
              "name": "https://support.apple.com/HT204659",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
            },
            {
              "name": "HPSBMU03380",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
            },
            {
              "name": "FEDORA-2015-0601",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
            },
            {
              "name": "1033378",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033378"
            },
            {
              "name": "HPSBHF03289",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20150108.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20150108.txt"
            },
            {
              "name": "MDVSA-2015:019",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "openSUSE-SU-2015:1277",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811b",
              "refsource": "CONFIRM",
              "url": "https://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811b"
            },
            {
              "name": "RHSA-2015:0066",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
            },
            {
              "name": "HPSBUX03244",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
            },
            {
              "name": "SUSE-SU-2015:0578",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
            },
            {
              "name": "SUSE-SU-2015:0946",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
            },
            {
              "name": "HPSBMU03397",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "71935",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71935"
            },
            {
              "name": "RHSA-2015:0800",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
            },
            {
              "name": "HPSBMU03396",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
            },
            {
              "name": "HPSBUX03162",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
            },
            {
              "name": "SSRT101987",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "https://support.citrix.com/article/CTX216642",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX216642"
            },
            {
              "name": "HPSBMU03413",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
            },
            {
              "name": "SSRT101885",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa88",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa88"
            },
            {
              "name": "DSA-3125",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3125"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3e",
              "refsource": "CONFIRM",
              "url": "https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3e"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2014-8275",
    "datePublished": "2015-01-09T02:00:00",
    "dateReserved": "2014-10-12T00:00:00",
    "dateUpdated": "2024-08-06T13:10:50.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-0433
Vulnerability from cvelistv5
Published
2010-03-05 19:00
Modified
2024-08-07 00:52
Severity
Summary
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
References
URLTags
http://www.vupen.com/english/advisories/2010/0916vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/42724third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/39461third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9856vdb-entry, signature, x_refsource_OVAL
https://bugzilla.redhat.com/show_bug.cgi?id=569774x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=127557640302499&w=2vendor-advisory, x_refsource_HP
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12260vdb-entry, signature, x_refsource_OVAL
http://www.openwall.com/lists/oss-security/2010/03/03/5mailing-list, x_refsource_MLIST
http://www.mail-archive.com/dovecot%40dovecot.org/msg26224.htmlmailing-list, x_refsource_MLIST
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlmailing-list, x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=567711x_refsource_CONFIRM
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0839vdb-entry, x_refsource_VUPEN
http://cvs.openssl.org/chngview?cn=19374x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=127557640302499&w=2vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076vendor-advisory, x_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=127128920008563&w=2vendor-advisory, x_refsource_HP
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/39932third-party-advisory, x_refsource_SECUNIA
http://www.openssl.org/news/changelog.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0933vdb-entry, x_refsource_VUPEN
http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=127128920008563&w=2vendor-advisory, x_refsource_HP
https://kb.bluecoat.com/index?page=content&id=SA50x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/516397/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/43311third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/1216vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6718vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/42733third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.htmlvendor-advisory, x_refsource_FEDORA
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.ascx_refsource_CONFIRM
http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7x_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:52:17.351Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2010-0916",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0916"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "39461",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39461"
          },
          {
            "name": "oval:org.mitre.oval:def:9856",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9856"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=569774"
          },
          {
            "name": "FEDORA-2010-5357",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
          },
          {
            "name": "HPSBUX02531",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:12260",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12260"
          },
          {
            "name": "[oss-security] 20100303 OpenSSL (with KRB5) remote crash - CVE-2010-0433",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/03/03/5"
          },
          {
            "name": "[dovecot] 20100219 segfault - (imap|pop3)-login during nessus scan",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.mail-archive.com/dovecot%40dovecot.org/msg26224.html"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567711"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
          },
          {
            "name": "ADV-2010-0839",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0839"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=19374"
          },
          {
            "name": "SSRT100108",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
          },
          {
            "name": "MDVSA-2010:076",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
          },
          {
            "name": "HPSBUX02517",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
          },
          {
            "name": "39932",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39932"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/changelog.html"
          },
          {
            "name": "ADV-2010-0933",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0933"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "SSRT100058",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "43311",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43311"
          },
          {
            "name": "ADV-2010-1216",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1216"
          },
          {
            "name": "oval:org.mitre.oval:def:6718",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6718"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "FEDORA-2010-5744",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "ADV-2010-0916",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0916"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "39461",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39461"
        },
        {
          "name": "oval:org.mitre.oval:def:9856",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9856"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=569774"
        },
        {
          "name": "FEDORA-2010-5357",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
        },
        {
          "name": "HPSBUX02531",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:12260",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12260"
        },
        {
          "name": "[oss-security] 20100303 OpenSSL (with KRB5) remote crash - CVE-2010-0433",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/03/03/5"
        },
        {
          "name": "[dovecot] 20100219 segfault - (imap|pop3)-login during nessus scan",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.mail-archive.com/dovecot%40dovecot.org/msg26224.html"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567711"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
        },
        {
          "name": "ADV-2010-0839",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0839"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=19374"
        },
        {
          "name": "SSRT100108",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
        },
        {
          "name": "MDVSA-2010:076",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
        },
        {
          "name": "HPSBUX02517",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
        },
        {
          "name": "39932",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39932"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/changelog.html"
        },
        {
          "name": "ADV-2010-0933",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0933"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "SSRT100058",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "43311",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43311"
        },
        {
          "name": "ADV-2010-1216",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1216"
        },
        {
          "name": "oval:org.mitre.oval:def:6718",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6718"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "FEDORA-2010-5744",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-0433",
    "datePublished": "2010-03-05T19:00:00",
    "dateReserved": "2010-01-27T00:00:00",
    "dateUpdated": "2024-08-07T00:52:17.351Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0975
Vulnerability from cvelistv5
Published
2004-10-20 04:00
Modified
2024-08-08 00:39
Severity
Summary
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
References
URLTags
http://www.gentoo.org/security/en/glsa/glsa-200411-15.xmlvendor-advisory, x_refsource_GENTOO
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583vdb-entry, x_refsource_XF
http://www.trustix.org/errata/2004/0050vendor-advisory, x_refsource_TRUSTIX
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164vdb-entry, signature, x_refsource_OVAL
http://www.debian.org/security/2004/dsa-603vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2005-476.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/11293vdb-entry, x_refsource_BID
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/12973third-party-advisory, x_refsource_SECUNIA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:39:00.442Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-200411-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302"
          },
          {
            "name": "script-temporary-file-overwrite(17583)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
          },
          {
            "name": "2004-0050",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2004/0050"
          },
          {
            "name": "oval:org.mitre.oval:def:164",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164"
          },
          {
            "name": "DSA-603",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-603"
          },
          {
            "name": "RHSA-2005:476",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-476.html"
          },
          {
            "name": "11293",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11293"
          },
          {
            "name": "oval:org.mitre.oval:def:10621",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621"
          },
          {
            "name": "12973",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12973"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-200411-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302"
        },
        {
          "name": "script-temporary-file-overwrite(17583)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
        },
        {
          "name": "2004-0050",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2004/0050"
        },
        {
          "name": "oval:org.mitre.oval:def:164",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164"
        },
        {
          "name": "DSA-603",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-603"
        },
        {
          "name": "RHSA-2005:476",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-476.html"
        },
        {
          "name": "11293",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11293"
        },
        {
          "name": "oval:org.mitre.oval:def:10621",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621"
        },
        {
          "name": "12973",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12973"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0975",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-200411-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
            },
            {
              "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302"
            },
            {
              "name": "script-temporary-file-overwrite(17583)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
            },
            {
              "name": "2004-0050",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2004/0050"
            },
            {
              "name": "oval:org.mitre.oval:def:164",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164"
            },
            {
              "name": "DSA-603",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-603"
            },
            {
              "name": "RHSA-2005:476",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-476.html"
            },
            {
              "name": "11293",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11293"
            },
            {
              "name": "oval:org.mitre.oval:def:10621",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621"
            },
            {
              "name": "12973",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12973"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0975",
    "datePublished": "2004-10-20T04:00:00",
    "dateReserved": "2004-10-19T00:00:00",
    "dateUpdated": "2024-08-08T00:39:00.442Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-5363
Vulnerability from cvelistv5
Published
2023-10-24 15:31
Modified
2024-08-02 07:59
Severity
Summary
Incorrect cipher key & IV length processing
References
URLTags
https://www.openssl.org/news/secadv/20231024.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1eepatch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2dpatch
http://www.openwall.com/lists/oss-security/2023/10/24/1
https://www.debian.org/security/2023/dsa-5532
https://security.netapp.com/advisory/ntap-20231027-0010/
https://security.netapp.com/advisory/ntap-20240201-0003/
https://security.netapp.com/advisory/ntap-20240201-0004/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:59:44.527Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20231024.txt"
          },
          {
            "name": "3.1.4 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee"
          },
          {
            "name": "3.0.12 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/24/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5532"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231027-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240201-0003/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240201-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.0.12",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1.4",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tony Battersby (Cybernetics)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Dr Paul Dale"
        }
      ],
      "datePublic": "2023-10-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: A bug has been identified in the processing of key and\u003cbr\u003einitialisation vector (IV) lengths.  This can lead to potential truncation\u003cbr\u003eor overruns during the initialisation of some symmetric ciphers.\u003cbr\u003e\u003cbr\u003eImpact summary: A truncation in the IV can result in non-uniqueness,\u003cbr\u003ewhich could result in loss of confidentiality for some cipher modes.\u003cbr\u003e\u003cbr\u003eWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\u003cbr\u003eEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\u003cbr\u003ethe key and IV have been established.  Any alterations to the key length,\u003cbr\u003evia the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter,\u003cbr\u003ewithin the OSSL_PARAM array will not take effect as intended, potentially\u003cbr\u003ecausing truncation or overreading of these values.  The following ciphers\u003cbr\u003eand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\u003cbr\u003e\u003cbr\u003eFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\u003cbr\u003eloss of confidentiality.  For example, when following NIST\u0027s SP 800-38D\u003cbr\u003esection 8.2.1 guidance for constructing a deterministic IV for AES in\u003cbr\u003eGCM mode, truncation of the counter portion could lead to IV reuse.\u003cbr\u003e\u003cbr\u003eBoth truncations and overruns of the key and overruns of the IV will\u003cbr\u003eproduce incorrect results and could, in some cases, trigger a memory\u003cbr\u003eexception.  However, these issues are not currently assessed as security\u003cbr\u003ecritical.\u003cbr\u003e\u003cbr\u003eChanging the key and/or IV lengths is not considered to be a common operation\u003cbr\u003eand the vulnerable API was recently introduced. Furthermore it is likely that\u003cbr\u003eapplication developers will have spotted this problem during testing since\u003cbr\u003edecryption would fail unless both peers in the communication were similarly\u003cbr\u003evulnerable. For these reasons we expect the probability of an application being\u003cbr\u003evulnerable to this to be quite low. However if an application is vulnerable then\u003cbr\u003ethis issue is considered very serious. For these reasons we have assessed this\u003cbr\u003eissue as Moderate severity overall.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\u003cbr\u003ethe issue lies outside of the FIPS provider boundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.1 and 3.0 are vulnerable to this issue."
            }
          ],
          "value": "Issue summary: A bug has been identified in the processing of key and\ninitialisation vector (IV) lengths.  This can lead to potential truncation\nor overruns during the initialisation of some symmetric ciphers.\n\nImpact summary: A truncation in the IV can result in non-uniqueness,\nwhich could result in loss of confidentiality for some cipher modes.\n\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\nEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\nthe key and IV have been established.  Any alterations to the key length,\nvia the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter,\nwithin the OSSL_PARAM array will not take effect as intended, potentially\ncausing truncation or overreading of these values.  The following ciphers\nand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\n\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\nloss of confidentiality.  For example, when following NIST\u0027s SP 800-38D\nsection 8.2.1 guidance for constructing a deterministic IV for AES in\nGCM mode, truncation of the counter portion could lead to IV reuse.\n\nBoth truncations and overruns of the key and overruns of the IV will\nproduce incorrect results and could, in some cases, trigger a memory\nexception.  However, these issues are not currently assessed as security\ncritical.\n\nChanging the key and/or IV lengths is not considered to be a common operation\nand the vulnerable API was recently introduced. Furthermore it is likely that\napplication developers will have spotted this problem during testing since\ndecryption would fail unless both peers in the communication were similarly\nvulnerable. For these reasons we expect the probability of an application being\nvulnerable to this to be quite low. However if an application is vulnerable then\nthis issue is considered very serious. For these reasons we have assessed this\nissue as Moderate severity overall.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\nthe issue lies outside of the FIPS provider boundary.\n\nOpenSSL 3.1 and 3.0 are vulnerable to this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "MODERATE"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "API issues",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T15:51:07.614Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20231024.txt"
        },
        {
          "name": "3.1.4 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee"
        },
        {
          "name": "3.0.12 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/24/1"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5532"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231027-0010/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240201-0003/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240201-0004/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Incorrect cipher key \u0026 IV length processing",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-5363",
    "datePublished": "2023-10-24T15:31:40.890Z",
    "dateReserved": "2023-10-03T16:19:46.060Z",
    "dateUpdated": "2024-08-02T07:59:44.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-23841
Vulnerability from cvelistv5
Published
2021-02-16 00:00
Modified
2024-08-03 19:14
Severity
Summary
Null pointer deref in X509_issuer_and_serial_hash()
References
URLTags
https://www.openssl.org/news/secadv/20210216.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=122a19ab48091c657f7cb1fb3af9fc07bd557bbf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807
https://www.debian.org/security/2021/dsa-4855vendor-advisory
https://security.gentoo.org/glsa/202103-03vendor-advisory
http://seclists.org/fulldisclosure/2021/May/70mailing-list
http://seclists.org/fulldisclosure/2021/May/68mailing-list
http://seclists.org/fulldisclosure/2021/May/67mailing-list
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.tenable.com/security/tns-2021-09
https://security.netapp.com/advisory/ntap-20210513-0002/
https://security.netapp.com/advisory/ntap-20210219-0009/
https://www.tenable.com/security/tns-2021-03
https://support.apple.com/kb/HT212529
https://support.apple.com/kb/HT212528
https://support.apple.com/kb/HT212534
https://www.oracle.com//security-alerts/cpujul2021.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
https://security.netapp.com/advisory/ntap-20240621-0006/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-23841",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T20:18:08.118870Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T20:18:17.204Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:14:09.152Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20210216.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=122a19ab48091c657f7cb1fb3af9fc07bd557bbf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807"
          },
          {
            "name": "DSA-4855",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4855"
          },
          {
            "name": "GLSA-202103-03",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202103-03"
          },
          {
            "name": "20210526 APPLE-SA-2021-05-25-2 macOS Big Sur 11.4",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/May/70"
          },
          {
            "name": "20210526 APPLE-SA-2021-05-25-5 Safari 14.1.1",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/May/68"
          },
          {
            "name": "20210526 APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/May/67"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212529"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212528"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212534"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tavis Ormandy (Google)"
        }
      ],
      "datePublic": "2021-02-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "NULL pointer dereference",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:57.206585",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20210216.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=122a19ab48091c657f7cb1fb3af9fc07bd557bbf"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807"
        },
        {
          "name": "DSA-4855",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4855"
        },
        {
          "name": "GLSA-202103-03",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202103-03"
        },
        {
          "name": "20210526 APPLE-SA-2021-05-25-2 macOS Big Sur 11.4",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/May/70"
        },
        {
          "name": "20210526 APPLE-SA-2021-05-25-5 Safari 14.1.1",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/May/68"
        },
        {
          "name": "20210526 APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/May/67"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-09"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-03"
        },
        {
          "url": "https://support.apple.com/kb/HT212529"
        },
        {
          "url": "https://support.apple.com/kb/HT212528"
        },
        {
          "url": "https://support.apple.com/kb/HT212534"
        },
        {
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "title": "Null pointer deref in X509_issuer_and_serial_hash()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2021-23841",
    "datePublished": "2021-02-16T00:00:00",
    "dateReserved": "2021-01-12T00:00:00",
    "dateUpdated": "2024-08-03T19:14:09.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-1787
Vulnerability from cvelistv5
Published
2015-03-19 00:00
Modified
2024-08-06 04:54
Severity
Summary
The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.
References
URLTags
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=b19d8143212ae5fbc9cebfd51c01f802fabccd33
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
https://bugzilla.redhat.com/show_bug.cgi?id=1202406
http://www.securityfocus.com/bid/73238vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory
http://www.securitytracker.com/id/1031929vdb-entry
https://security.gentoo.org/glsa/201503-11vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:54:16.146Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=b19d8143212ae5fbc9cebfd51c01f802fabccd33"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202406"
          },
          {
            "name": "73238",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73238"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=b19d8143212ae5fbc9cebfd51c01f802fabccd33"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202406"
        },
        {
          "name": "73238",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73238"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-1787",
    "datePublished": "2015-03-19T00:00:00",
    "dateReserved": "2015-02-17T00:00:00",
    "dateUpdated": "2024-08-06T04:54:16.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-5535
Vulnerability from cvelistv5
Published
2024-06-27 10:30
Modified
2024-08-15 12:04
Severity
Summary
SSL_select_next_proto buffer overread
References
URLTags
https://www.openssl.org/news/secadv/20240627.txtvendor-advisory
https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2cpatch
https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51epatch
https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37patch
https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260cpatch
https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87patch
https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21cpatch
http://www.openwall.com/lists/oss-security/2024/06/27/1
http://www.openwall.com/lists/oss-security/2024/06/28/4
https://security.netapp.com/advisory/ntap-20240712-0005/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openssl",
            "vendor": "openssl",
            "versions": [
              {
                "lessThan": "3.3.2",
                "status": "affected",
                "version": "3.3.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.2.3",
                "status": "affected",
                "version": "3.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.1.7",
                "status": "affected",
                "version": "3.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.0.15",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "1.1.1za",
                "status": "affected",
                "version": "1.1.1",
                "versionType": "custom"
              },
              {
                "lessThan": "1.0.2zk",
                "status": "affected",
                "version": "1.0.2",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-5535",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-27T13:50:16.969601Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-27T13:50:22.221Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-15T12:04:53.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20240627.txt"
          },
          {
            "name": "3.3.2 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c"
          },
          {
            "name": "3.2.3 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e"
          },
          {
            "name": "3.1.7 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37"
          },
          {
            "name": "3.0.15 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c"
          },
          {
            "name": "1.1.1za git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87"
          },
          {
            "name": "1.0.2zk git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/27/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/28/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240712-0005/"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/08/15/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.3.2",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.2.3",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1.7",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.15",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1za",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zk",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Joseph Birr-Pixton"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "David Benjamin (Google)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Matt Caswell"
        }
      ],
      "datePublic": "2024-06-26T23:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an\u003cbr\u003eempty supported client protocols buffer may cause a crash or memory contents to\u003cbr\u003ebe sent to the peer.\u003cbr\u003e\u003cbr\u003eImpact summary: A buffer overread can have a range of potential consequences\u003cbr\u003esuch as unexpected application beahviour or a crash. In particular this issue\u003cbr\u003ecould result in up to 255 bytes of arbitrary private data from memory being sent\u003cbr\u003eto the peer leading to a loss of confidentiality. However, only applications\u003cbr\u003ethat directly call the SSL_select_next_proto function with a 0 length list of\u003cbr\u003esupported client protocols are affected by this issue. This would normally never\u003cbr\u003ebe a valid scenario and is typically not under attacker control but may occur by\u003cbr\u003eaccident in the case of a configuration or programming error in the calling\u003cbr\u003eapplication.\u003cbr\u003e\u003cbr\u003eThe OpenSSL API function SSL_select_next_proto is typically used by TLS\u003cbr\u003eapplications that support ALPN (Application Layer Protocol Negotiation) or NPN\u003cbr\u003e(Next Protocol Negotiation). NPN is older, was never standardised and\u003cbr\u003eis deprecated in favour of ALPN. We believe that ALPN is significantly more\u003cbr\u003ewidely deployed than NPN. The SSL_select_next_proto function accepts a list of\u003cbr\u003eprotocols from the server and a list of protocols from the client and returns\u003cbr\u003ethe first protocol that appears in the server list that also appears in the\u003cbr\u003eclient list. In the case of no overlap between the two lists it returns the\u003cbr\u003efirst item in the client list. In either case it will signal whether an overlap\u003cbr\u003ebetween the two lists was found. In the case where SSL_select_next_proto is\u003cbr\u003ecalled with a zero length client list it fails to notice this condition and\u003cbr\u003ereturns the memory immediately following the client list pointer (and reports\u003cbr\u003ethat there was no overlap in the lists).\u003cbr\u003e\u003cbr\u003eThis function is typically called from a server side application callback for\u003cbr\u003eALPN or a client side application callback for NPN. In the case of ALPN the list\u003cbr\u003eof protocols supplied by the client is guaranteed by libssl to never be zero in\u003cbr\u003elength. The list of server protocols comes from the application and should never\u003cbr\u003enormally be expected to be of zero length. In this case if the\u003cbr\u003eSSL_select_next_proto function has been called as expected (with the list\u003cbr\u003esupplied by the client passed in the client/client_len parameters), then the\u003cbr\u003eapplication will not be vulnerable to this issue. If the application has\u003cbr\u003eaccidentally been configured with a zero length server list, and has\u003cbr\u003eaccidentally passed that zero length server list in the client/client_len\u003cbr\u003eparameters, and has additionally failed to correctly handle a \"no overlap\"\u003cbr\u003eresponse (which would normally result in a handshake failure in ALPN) then it\u003cbr\u003ewill be vulnerable to this problem.\u003cbr\u003e\u003cbr\u003eIn the case of NPN, the protocol permits the client to opportunistically select\u003cbr\u003ea protocol when there is no overlap. OpenSSL returns the first client protocol\u003cbr\u003ein the no overlap case in support of this. The list of client protocols comes\u003cbr\u003efrom the application and should never normally be expected to be of zero length.\u003cbr\u003eHowever if the SSL_select_next_proto function is accidentally called with a\u003cbr\u003eclient_len of 0 then an invalid memory pointer will be returned instead. If the\u003cbr\u003eapplication uses this output as the opportunistic protocol then the loss of\u003cbr\u003econfidentiality will occur.\u003cbr\u003e\u003cbr\u003eThis issue has been assessed as Low severity because applications are most\u003cbr\u003elikely to be vulnerable if they are using NPN instead of ALPN - but NPN is not\u003cbr\u003ewidely used. It also requires an application configuration or programming error.\u003cbr\u003eFinally, this issue would not typically be under attacker control making active\u003cbr\u003eexploitation unlikely.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\u003cbr\u003e\u003cbr\u003e\n\nDue to the low severity of this issue we are not issuing new releases of\u003cbr\u003eOpenSSL at this time. The fix will be included in the next releases when they\u003cbr\u003ebecome available."
            }
          ],
          "value": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an\nempty supported client protocols buffer may cause a crash or memory contents to\nbe sent to the peer.\n\nImpact summary: A buffer overread can have a range of potential consequences\nsuch as unexpected application beahviour or a crash. In particular this issue\ncould result in up to 255 bytes of arbitrary private data from memory being sent\nto the peer leading to a loss of confidentiality. However, only applications\nthat directly call the SSL_select_next_proto function with a 0 length list of\nsupported client protocols are affected by this issue. This would normally never\nbe a valid scenario and is typically not under attacker control but may occur by\naccident in the case of a configuration or programming error in the calling\napplication.\n\nThe OpenSSL API function SSL_select_next_proto is typically used by TLS\napplications that support ALPN (Application Layer Protocol Negotiation) or NPN\n(Next Protocol Negotiation). NPN is older, was never standardised and\nis deprecated in favour of ALPN. We believe that ALPN is significantly more\nwidely deployed than NPN. The SSL_select_next_proto function accepts a list of\nprotocols from the server and a list of protocols from the client and returns\nthe first protocol that appears in the server list that also appears in the\nclient list. In the case of no overlap between the two lists it returns the\nfirst item in the client list. In either case it will signal whether an overlap\nbetween the two lists was found. In the case where SSL_select_next_proto is\ncalled with a zero length client list it fails to notice this condition and\nreturns the memory immediately following the client list pointer (and reports\nthat there was no overlap in the lists).\n\nThis function is typically called from a server side application callback for\nALPN or a client side application callback for NPN. In the case of ALPN the list\nof protocols supplied by the client is guaranteed by libssl to never be zero in\nlength. The list of server protocols comes from the application and should never\nnormally be expected to be of zero length. In this case if the\nSSL_select_next_proto function has been called as expected (with the list\nsupplied by the client passed in the client/client_len parameters), then the\napplication will not be vulnerable to this issue. If the application has\naccidentally been configured with a zero length server list, and has\naccidentally passed that zero length server list in the client/client_len\nparameters, and has additionally failed to correctly handle a \"no overlap\"\nresponse (which would normally result in a handshake failure in ALPN) then it\nwill be vulnerable to this problem.\n\nIn the case of NPN, the protocol permits the client to opportunistically select\na protocol when there is no overlap. OpenSSL returns the first client protocol\nin the no overlap case in support of this. The list of client protocols comes\nfrom the application and should never normally be expected to be of zero length.\nHowever if the SSL_select_next_proto function is accidentally called with a\nclient_len of 0 then an invalid memory pointer will be returned instead. If the\napplication uses this output as the opportunistic protocol then the loss of\nconfidentiality will occur.\n\nThis issue has been assessed as Low severity because applications are most\nlikely to be vulnerable if they are using NPN instead of ALPN - but NPN is not\nwidely used. It also requires an application configuration or programming error.\nFinally, this issue would not typically be under attacker control making active\nexploitation unlikely.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\nDue to the low severity of this issue we are not issuing new releases of\nOpenSSL at this time. The fix will be included in the next releases when they\nbecome available."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-27T10:30:53.118Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20240627.txt"
        },
        {
          "name": "3.3.2 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c"
        },
        {
          "name": "3.2.3 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e"
        },
        {
          "name": "3.1.7 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37"
        },
        {
          "name": "3.0.15 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c"
        },
        {
          "name": "1.1.1za git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87"
        },
        {
          "name": "1.0.2zk git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/06/27/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/06/28/4"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240712-0005/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SSL_select_next_proto buffer overread",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2024-5535",
    "datePublished": "2024-06-27T10:30:53.118Z",
    "dateReserved": "2024-05-30T15:34:36.813Z",
    "dateUpdated": "2024-08-15T12:04:53.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1945
Vulnerability from cvelistv5
Published
2011-05-31 20:00
Modified
2024-08-06 22:46
Severity
Summary
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
References
URLTags
http://www.mandriva.com/security/advisories?name=MDVSA-2011:136vendor-advisory, x_refsource_MANDRIVA
http://www.kb.cert.org/vuls/id/MAPG-8FENZ3x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2011:137vendor-advisory, x_refsource_MANDRIVA
http://www.debian.org/security/2011/dsa-2309vendor-advisory, x_refsource_DEBIAN
http://support.apple.com/kb/HT5784x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
https://hermes.opensuse.org/messages/8760466vendor-advisory, x_refsource_SUSE
http://www.kb.cert.org/vuls/id/536044third-party-advisory, x_refsource_CERT-VN
https://hermes.opensuse.org/messages/8764170vendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/44935third-party-advisory, x_refsource_SECUNIA
http://eprint.iacr.org/2011/232.pdfx_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:46:00.682Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2011:136",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:136"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/MAPG-8FENZ3"
          },
          {
            "name": "MDVSA-2011:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137"
          },
          {
            "name": "DSA-2309",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2309"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2011:0634",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/8760466"
          },
          {
            "name": "VU#536044",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/536044"
          },
          {
            "name": "SUSE-SU-2011:0636",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/8764170"
          },
          {
            "name": "44935",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44935"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://eprint.iacr.org/2011/232.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-09-07T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "MDVSA-2011:136",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:136"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kb.cert.org/vuls/id/MAPG-8FENZ3"
        },
        {
          "name": "MDVSA-2011:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137"
        },
        {
          "name": "DSA-2309",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2309"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5784"
        },
        {
          "name": "APPLE-SA-2013-06-04-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2011:0634",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/8760466"
        },
        {
          "name": "VU#536044",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/536044"
        },
        {
          "name": "SUSE-SU-2011:0636",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/8764170"
        },
        {
          "name": "44935",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44935"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://eprint.iacr.org/2011/232.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1945",
    "datePublished": "2011-05-31T20:00:00",
    "dateReserved": "2011-05-09T00:00:00",
    "dateUpdated": "2024-08-06T22:46:00.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-6237
Vulnerability from cvelistv5
Published
2024-04-25 06:27
Modified
2024-08-20 14:45
Severity
Summary
Excessive time spent checking invalid RSA public keys
References
URLTags
https://www.openssl.org/news/secadv/20240115.txtvendor-advisory
https://github.com/openssl/openssl/commit/18c02492138d1eb8b6548cb26e7b625fb2414a2apatch
https://github.com/openssl/openssl/commit/a830f551557d3d66a84bbb18a5b889c640c36294patch
https://github.com/openssl/openssl/commit/0b0f7abfb37350794a4b8960fafc292cd5d1b84dpatch
http://www.openwall.com/lists/oss-security/2024/03/11/1
https://security.netapp.com/advisory/ntap-20240531-0007/
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:21:18.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20240115.txt"
          },
          {
            "name": "3.0.13 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/18c02492138d1eb8b6548cb26e7b625fb2414a2a"
          },
          {
            "name": "3.1.5 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/a830f551557d3d66a84bbb18a5b889c640c36294"
          },
          {
            "name": "3.2.1 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/0b0f7abfb37350794a4b8960fafc292cd5d1b84d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240531-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6237",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-20T14:44:52.382969Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-20T14:45:03.523Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.0.13",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1.5",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.2.1",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "OSS-Fuzz"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tomas Mraz"
        }
      ],
      "datePublic": "2024-01-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Checking excessively long invalid RSA public keys may take\u003cbr\u003ea long time.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the function EVP_PKEY_public_check()\u003cbr\u003eto check RSA public keys may experience long delays. Where the key that\u003cbr\u003eis being checked has been obtained from an untrusted source this may lead\u003cbr\u003eto a Denial of Service.\u003cbr\u003e\u003cbr\u003eWhen function EVP_PKEY_public_check() is called on RSA public keys,\u003cbr\u003ea computation is done to confirm that the RSA modulus, n, is composite.\u003cbr\u003eFor valid RSA keys, n is a product of two or more large primes and this\u003cbr\u003ecomputation completes quickly. However, if n is an overly large prime,\u003cbr\u003ethen this computation would take a long time.\u003cbr\u003e\u003cbr\u003eAn application that calls EVP_PKEY_public_check() and supplies an RSA key\u003cbr\u003eobtained from an untrusted source could be vulnerable to a Denial of Service\u003cbr\u003eattack.\u003cbr\u003e\u003cbr\u003eThe function EVP_PKEY_public_check() is not called from other OpenSSL\u003cbr\u003efunctions however it is called from the OpenSSL pkey command line\u003cbr\u003eapplication. For that reason that application is also vulnerable if used\u003cbr\u003ewith the \u0027-pubin\u0027 and \u0027-check\u0027 options on untrusted data.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue."
            }
          ],
          "value": "Issue summary: Checking excessively long invalid RSA public keys may take\na long time.\n\nImpact summary: Applications that use the function EVP_PKEY_public_check()\nto check RSA public keys may experience long delays. Where the key that\nis being checked has been obtained from an untrusted source this may lead\nto a Denial of Service.\n\nWhen function EVP_PKEY_public_check() is called on RSA public keys,\na computation is done to confirm that the RSA modulus, n, is composite.\nFor valid RSA keys, n is a product of two or more large primes and this\ncomputation completes quickly. However, if n is an overly large prime,\nthen this computation would take a long time.\n\nAn application that calls EVP_PKEY_public_check() and supplies an RSA key\nobtained from an untrusted source could be vulnerable to a Denial of Service\nattack.\n\nThe function EVP_PKEY_public_check() is not called from other OpenSSL\nfunctions however it is called from the OpenSSL pkey command line\napplication. For that reason that application is also vulnerable if used\nwith the \u0027-pubin\u0027 and \u0027-check\u0027 options on untrusted data.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Excessive Iteration",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-25T06:27:26.990Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20240115.txt"
        },
        {
          "name": "3.0.13 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/18c02492138d1eb8b6548cb26e7b625fb2414a2a"
        },
        {
          "name": "3.1.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/a830f551557d3d66a84bbb18a5b889c640c36294"
        },
        {
          "name": "3.2.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/0b0f7abfb37350794a4b8960fafc292cd5d1b84d"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240531-0007/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Excessive time spent checking invalid RSA public keys",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-6237",
    "datePublished": "2024-04-25T06:27:26.990Z",
    "dateReserved": "2023-11-21T10:16:34.346Z",
    "dateUpdated": "2024-08-20T14:45:03.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-7270
Vulnerability from cvelistv5
Published
2010-12-06 22:00
Modified
2024-08-07 12:03
Severity
Summary
OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.
References
URLTags
http://cvs.openssl.org/chngview?cn=17489x_refsource_CONFIRM
http://secunia.com/advisories/42493third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/522176vendor-advisory, x_refsource_HP
http://ubuntu.com/usn/usn-1029-1vendor-advisory, x_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=132077688910227&w=2vendor-advisory, x_refsource_HP
https://bugzilla.redhat.com/show_bug.cgi?id=659462x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/522176vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/45254vdb-entry, x_refsource_BID
http://www.redhat.com/support/errata/RHSA-2010-0977.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2010-0978.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2011-0896.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=132077688910227&w=2vendor-advisory, x_refsource_HP
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:03:36.415Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=17489"
          },
          {
            "name": "42493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42493"
          },
          {
            "name": "SSRT100817",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/522176"
          },
          {
            "name": "USN-1029-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1029-1"
          },
          {
            "name": "HPSBHF02706",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462"
          },
          {
            "name": "HPSBMU02759",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/522176"
          },
          {
            "name": "45254",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45254"
          },
          {
            "name": "RHSA-2010:0977",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html"
          },
          {
            "name": "RHSA-2010:0978",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0978.html"
          },
          {
            "name": "RHSA-2011:0896",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
          },
          {
            "name": "SSRT100613",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-12-10T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=17489"
        },
        {
          "name": "42493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42493"
        },
        {
          "name": "SSRT100817",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/522176"
        },
        {
          "name": "USN-1029-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1029-1"
        },
        {
          "name": "HPSBHF02706",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462"
        },
        {
          "name": "HPSBMU02759",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/522176"
        },
        {
          "name": "45254",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45254"
        },
        {
          "name": "RHSA-2010:0977",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html"
        },
        {
          "name": "RHSA-2010:0978",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0978.html"
        },
        {
          "name": "RHSA-2011:0896",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
        },
        {
          "name": "SSRT100613",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-7270",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://cvs.openssl.org/chngview?cn=17489",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=17489"
            },
            {
              "name": "42493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42493"
            },
            {
              "name": "SSRT100817",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/522176"
            },
            {
              "name": "USN-1029-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/usn/usn-1029-1"
            },
            {
              "name": "HPSBHF02706",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=659462",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462"
            },
            {
              "name": "HPSBMU02759",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/522176"
            },
            {
              "name": "45254",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45254"
            },
            {
              "name": "RHSA-2010:0977",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html"
            },
            {
              "name": "RHSA-2010:0978",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0978.html"
            },
            {
              "name": "RHSA-2011:0896",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
            },
            {
              "name": "SSRT100613",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-7270",
    "datePublished": "2010-12-06T22:00:00",
    "dateReserved": "2010-12-06T00:00:00",
    "dateUpdated": "2024-08-07T12:03:36.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-2110
Vulnerability from cvelistv5
Published
2012-04-19 17:00
Modified
2024-08-06 19:26
Severity
Summary
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
References
URLTags
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.htmlvendor-advisory, x_refsource_SUSE
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564x_refsource_CONFIRM
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/48899third-party-advisory, x_refsource_SECUNIA
http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.htmlmailing-list, x_refsource_FULLDISC
http://rhn.redhat.com/errata/RHSA-2012-1308.htmlvendor-advisory, x_refsource_REDHAT
http://cvs.openssl.org/chngview?cn=22434x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2012:060vendor-advisory, x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2012-1307.htmlvendor-advisory, x_refsource_REDHAT
http://www.exploit-db.com/exploits/18756exploit, x_refsource_EXPLOIT-DB
http://rhn.redhat.com/errata/RHSA-2012-0518.htmlvendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2012/dsa-2454vendor-advisory, x_refsource_DEBIAN
http://support.apple.com/kb/HT5784x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.ubuntu.com/usn/USN-1424-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/48895third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/48847third-party-advisory, x_refsource_SECUNIA
http://cvs.openssl.org/chngview?cn=22439x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2012-1306.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2012-0522.htmlvendor-advisory, x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.htmlvendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/57353third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/53158vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=133728068926468&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=134039053214295&w=2vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.htmlvendor-advisory, x_refsource_FEDORA
http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=133951357207000&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/48942third-party-advisory, x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20120419.txtx_refsource_CONFIRM
http://cvs.openssl.org/chngview?cn=22431x_refsource_CONFIRM
http://www.securitytracker.com/id?1026957vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/48999third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=133951357207000&w=2vendor-advisory, x_refsource_HP
http://osvdb.org/81223vdb-entry, x_refsource_OSVDB
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.htmlvendor-advisory, x_refsource_FEDORA
https://kb.juniper.net/KB27376x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=133728068926468&w=2vendor-advisory, x_refsource_HP
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:07.655Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2012:0623",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
          },
          {
            "name": "SUSE-SU-2012:1149",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "SSRT101210",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
          },
          {
            "name": "FEDORA-2012-18035",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
          },
          {
            "name": "48899",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48899"
          },
          {
            "name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html"
          },
          {
            "name": "RHSA-2012:1308",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=22434"
          },
          {
            "name": "MDVSA-2012:060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060"
          },
          {
            "name": "RHSA-2012:1307",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
          },
          {
            "name": "18756",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/18756"
          },
          {
            "name": "RHSA-2012:0518",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html"
          },
          {
            "name": "DSA-2454",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2454"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          },
          {
            "name": "USN-1424-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1424-1"
          },
          {
            "name": "48895",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48895"
          },
          {
            "name": "48847",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48847"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=22439"
          },
          {
            "name": "RHSA-2012:1306",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
          },
          {
            "name": "SUSE-SU-2012:0637",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
          },
          {
            "name": "RHSA-2012:0522",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html"
          },
          {
            "name": "FEDORA-2012-6343",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html"
          },
          {
            "name": "HPSBOV02793",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "53158",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53158"
          },
          {
            "name": "HPSBUX02782",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          },
          {
            "name": "SSRT100891",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "FEDORA-2012-6395",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
          },
          {
            "name": "SSRT100852",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "48942",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48942"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20120419.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=22431"
          },
          {
            "name": "1026957",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026957"
          },
          {
            "name": "48999",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48999"
          },
          {
            "name": "HPSBMU02776",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "81223",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/81223"
          },
          {
            "name": "HPSBMU02900",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
          },
          {
            "name": "FEDORA-2012-6403",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/KB27376"
          },
          {
            "name": "SSRT100844",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SU-2012:0623",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
        },
        {
          "name": "SUSE-SU-2012:1149",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "SSRT101210",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
        },
        {
          "name": "FEDORA-2012-18035",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
        },
        {
          "name": "48899",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48899"
        },
        {
          "name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html"
        },
        {
          "name": "RHSA-2012:1308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=22434"
        },
        {
          "name": "MDVSA-2012:060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060"
        },
        {
          "name": "RHSA-2012:1307",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
        },
        {
          "name": "18756",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/18756"
        },
        {
          "name": "RHSA-2012:0518",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html"
        },
        {
          "name": "DSA-2454",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2454"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5784"
        },
        {
          "name": "APPLE-SA-2013-06-04-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
        },
        {
          "name": "USN-1424-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1424-1"
        },
        {
          "name": "48895",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48895"
        },
        {
          "name": "48847",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48847"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=22439"
        },
        {
          "name": "RHSA-2012:1306",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
        },
        {
          "name": "SUSE-SU-2012:0637",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
        },
        {
          "name": "RHSA-2012:0522",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html"
        },
        {
          "name": "FEDORA-2012-6343",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html"
        },
        {
          "name": "HPSBOV02793",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "53158",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53158"
        },
        {
          "name": "HPSBUX02782",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
        },
        {
          "name": "SSRT100891",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "FEDORA-2012-6395",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
        },
        {
          "name": "SSRT100852",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "name": "48942",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48942"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20120419.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=22431"
        },
        {
          "name": "1026957",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026957"
        },
        {
          "name": "48999",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48999"
        },
        {
          "name": "HPSBMU02776",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "name": "81223",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/81223"
        },
        {
          "name": "HPSBMU02900",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
        },
        {
          "name": "FEDORA-2012-6403",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/KB27376"
        },
        {
          "name": "SSRT100844",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-2110",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2012:0623",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
            },
            {
              "name": "SUSE-SU-2012:1149",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
            },
            {
              "name": "SSRT101210",
              "refsource": "HP",
              "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
            },
            {
              "name": "FEDORA-2012-18035",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
            },
            {
              "name": "48899",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48899"
            },
            {
              "name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html"
            },
            {
              "name": "RHSA-2012:1308",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=22434",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=22434"
            },
            {
              "name": "MDVSA-2012:060",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060"
            },
            {
              "name": "RHSA-2012:1307",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
            },
            {
              "name": "18756",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/18756"
            },
            {
              "name": "RHSA-2012:0518",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html"
            },
            {
              "name": "DSA-2454",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2454"
            },
            {
              "name": "http://support.apple.com/kb/HT5784",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5784"
            },
            {
              "name": "APPLE-SA-2013-06-04-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
            },
            {
              "name": "USN-1424-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1424-1"
            },
            {
              "name": "48895",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48895"
            },
            {
              "name": "48847",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48847"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=22439",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=22439"
            },
            {
              "name": "RHSA-2012:1306",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
            },
            {
              "name": "SUSE-SU-2012:0637",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
            },
            {
              "name": "RHSA-2012:0522",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html"
            },
            {
              "name": "FEDORA-2012-6343",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html"
            },
            {
              "name": "HPSBOV02793",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
            },
            {
              "name": "57353",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57353"
            },
            {
              "name": "53158",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53158"
            },
            {
              "name": "HPSBUX02782",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
            },
            {
              "name": "SSRT100891",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
            },
            {
              "name": "FEDORA-2012-6395",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html"
            },
            {
              "name": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578",
              "refsource": "CONFIRM",
              "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
            },
            {
              "name": "SSRT100852",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
            },
            {
              "name": "48942",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48942"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20120419.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20120419.txt"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=22431",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=22431"
            },
            {
              "name": "1026957",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026957"
            },
            {
              "name": "48999",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48999"
            },
            {
              "name": "HPSBMU02776",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
            },
            {
              "name": "81223",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/81223"
            },
            {
              "name": "HPSBMU02900",
              "refsource": "HP",
              "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
            },
            {
              "name": "FEDORA-2012-6403",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html"
            },
            {
              "name": "https://kb.juniper.net/KB27376",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/KB27376"
            },
            {
              "name": "SSRT100844",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-2110",
    "datePublished": "2012-04-19T17:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:07.655Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-4044
Vulnerability from cvelistv5
Published
2021-12-14 00:00
Modified
2024-08-03 17:16
Severity
Summary
Invalid handling of X509_verify_cert() internal errors in libssl
References
URLTags
https://www.openssl.org/news/secadv/20211214.txtx_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20211229-0003/x_refsource_CONFIRM
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:16:03.437Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20211214.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 3.0.1 (Affected 3.0.0)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tobias Nie\u00dfen"
        }
      ],
      "datePublic": "2021-12-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Invalid error handling",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-29T20:06:26",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20211214.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
        }
      ],
      "title": "Invalid handling of X509_verify_cert() internal errors in libssl",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2021-12-14",
          "ID": "CVE-2021-4044",
          "STATE": "PUBLIC",
          "TITLE": "Invalid handling of X509_verify_cert() internal errors in libssl"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 3.0.1 (Affected 3.0.0)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Tobias Nie\u00dfen"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
            "value": "Moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Invalid error handling"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openssl.org/news/secadv/20211214.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20211214.txt"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211229-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2021-4044",
    "datePublished": "2021-12-14T00:00:00",
    "dateReserved": "2021-12-02T00:00:00",
    "dateUpdated": "2024-08-03T17:16:03.437Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-4304
Vulnerability from cvelistv5
Published
2023-02-08 19:04
Modified
2024-08-03 01:34
Severity
Summary
Timing Oracle in RSA Decryption
References
URLTags
https://www.openssl.org/news/secadv/20230207.txtvendor-advisory
https://security.gentoo.org/glsa/202402-08
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:34:50.158Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230207.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.0.8",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1t",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zg",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Hubert Kario from RedHat"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Dmitry Belyavsky from RedHat"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": " Hubert Kario from RedHat"
        }
      ],
      "datePublic": "2023-02-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\u003cbr\u003ewhich could be sufficient to recover a plaintext across a network in a\u003cbr\u003eBleichenbacher style attack. To achieve a successful decryption an attacker\u003cbr\u003ewould have to be able to send a very large number of trial messages for\u003cbr\u003edecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\u003cbr\u003eRSA-OEAP and RSASVE.\u003cbr\u003e\u003cbr\u003eFor example, in a TLS connection, RSA is commonly used by a client to send an\u003cbr\u003eencrypted pre-master secret to the server. An attacker that had observed a\u003cbr\u003egenuine connection between a client and a server could use this flaw to send\u003cbr\u003etrial messages to the server and record the time taken to process them. After a\u003cbr\u003esufficiently large number of messages the attacker could recover the pre-master\u003cbr\u003esecret used for the original connection and thus be able to decrypt the\u003cbr\u003eapplication data sent over that connection.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.\n\n"
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "MODERATE"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "timing based side channel attack",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-08T19:04:28.890Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230207.txt"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Timing Oracle in RSA Decryption",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-4304",
    "datePublished": "2023-02-08T19:04:28.890Z",
    "dateReserved": "2022-12-06T10:38:40.463Z",
    "dateUpdated": "2024-08-03T01:34:50.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-2946
Vulnerability from cvelistv5
Published
2005-09-16 04:00
Modified
2024-08-07 22:53
Severity
Summary
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.
References
URLTags
https://bugzilla.ubuntu.com/show_bug.cgi?id=13593x_refsource_MISC
http://www.ubuntu.com/usn/usn-179-1vendor-advisory, x_refsource_UBUNTU
http://www.cits.rub.de/MD5Collisions/x_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:53:29.917Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=13593"
          },
          {
            "name": "USN-179-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-179-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.cits.rub.de/MD5Collisions/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-01-07T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=13593"
        },
        {
          "name": "USN-179-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-179-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.cits.rub.de/MD5Collisions/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-2946",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.ubuntu.com/show_bug.cgi?id=13593",
              "refsource": "MISC",
              "url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=13593"
            },
            {
              "name": "USN-179-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-179-1"
            },
            {
              "name": "http://www.cits.rub.de/MD5Collisions/",
              "refsource": "MISC",
              "url": "http://www.cits.rub.de/MD5Collisions/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-2946",
    "datePublished": "2005-09-16T04:00:00",
    "dateReserved": "2005-09-16T00:00:00",
    "dateUpdated": "2024-08-07T22:53:29.917Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0160
Vulnerability from cvelistv5
Published
2014-04-07 00:00
Modified
2024-08-06 09:05
Severity
Summary
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
References
URLTags
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
http://www.securitytracker.com/id/1030077vdb-entry
http://seclists.org/fulldisclosure/2014/Apr/90mailing-list
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
http://www.debian.org/security/2014/dsa-2896vendor-advisory
http://marc.info/?l=bugtraq&m=139774054614965&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139889113431619&w=2vendor-advisory
http://rhn.redhat.com/errata/RHSA-2014-0396.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=139835815211508&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=141287864628122&w=2vendor-advisory
http://www.kb.cert.org/vuls/id/720951third-party-advisory
http://www.splunk.com/view/SP-CAAAMB3
http://marc.info/?l=bugtraq&m=139905295427946&w=2vendor-advisory
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
http://marc.info/?l=bugtraq&m=139833395230364&w=2vendor-advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21670161
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory
http://seclists.org/fulldisclosure/2014/Apr/109mailing-list
http://marc.info/?l=bugtraq&m=140724451518351&w=2vendor-advisory
http://www.securitytracker.com/id/1030080vdb-entry
http://secunia.com/advisories/57836third-party-advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://marc.info/?l=bugtraq&m=139808058921905&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139758572430452&w=2vendor-advisory
http://www.securityfocus.com/bid/66690vdb-entry
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
https://filezilla-project.org/versions.php?type=server
http://marc.info/?l=bugtraq&m=139843768401936&w=2vendor-advisory
http://secunia.com/advisories/57483third-party-advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleedvendor-advisory
http://www.kerio.com/support/kerio-control/release-history
http://advisories.mageia.org/MGASA-2014-0165.html
http://www.blackberry.com/btsc/KB35882
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=140075368411126&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905351928096&w=2vendor-advisory
http://www.securitytracker.com/id/1030081vdb-entry
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.htmlvendor-advisory
http://www.securityfocus.com/archive/1/534161/100/0/threadedmailing-list
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.htmlvendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1084875
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://marc.info/?l=bugtraq&m=139824993005633&w=2vendor-advisory
http://www.securitytracker.com/id/1030079vdb-entry
http://rhn.redhat.com/errata/RHSA-2014-0377.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=139722163017074&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139889295732144&w=2vendor-advisory
https://code.google.com/p/mod-spdy/issues/detail?id=85
http://marc.info/?l=bugtraq&m=139765756720506&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139774703817488&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905202427693&w=2vendor-advisory
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
http://heartbleed.com/
http://marc.info/?l=bugtraq&m=139817782017443&w=2vendor-advisory
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
http://marc.info/?l=bugtraq&m=140015787404650&w=2vendor-advisory
http://cogentdatahub.com/ReleaseNotes.html
http://marc.info/?l=bugtraq&m=139869720529462&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139842151128341&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905243827825&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905458328378&w=2vendor-advisory
http://www.f-secure.com/en/web/labs_global/fsc-2014-1
http://www.us-cert.gov/ncas/alerts/TA14-098Athird-party-advisory
http://secunia.com/advisories/57347third-party-advisory
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.htmlmailing-list
http://seclists.org/fulldisclosure/2014/Apr/173mailing-list
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetokenvendor-advisory
http://seclists.org/fulldisclosure/2014/Dec/23mailing-list
http://marc.info/?l=bugtraq&m=139905653828999&w=2vendor-advisory
http://www.ubuntu.com/usn/USN-2165-1vendor-advisory
http://rhn.redhat.com/errata/RHSA-2014-0378.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=139757919027752&w=2vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.htmlvendor-advisory
http://www.exploit-db.com/exploits/32764exploit
http://marc.info/?l=bugtraq&m=139757726426985&w=2vendor-advisory
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
http://marc.info/?l=bugtraq&m=139869891830365&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905868529690&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139817685517037&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=140752315422991&w=2vendor-advisory
http://seclists.org/fulldisclosure/2014/Apr/91mailing-list
http://www.securitytracker.com/id/1030078vdb-entry
http://secunia.com/advisories/59243third-party-advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
http://marc.info/?l=bugtraq&m=139836085512508&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139824923705461&w=2vendor-advisory
http://rhn.redhat.com/errata/RHSA-2014-0376.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=139835844111589&w=2vendor-advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory
https://www.cert.fi/en/reports/2014/vulnerability788210.html
http://secunia.com/advisories/57721third-party-advisory
http://secunia.com/advisories/57968third-party-advisory
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=139905405728262&w=2vendor-advisory
http://www.securitytracker.com/id/1030082vdb-entry
http://marc.info/?l=bugtraq&m=139757819327350&w=2vendor-advisory
http://www.exploit-db.com/exploits/32745exploit
http://seclists.org/fulldisclosure/2014/Apr/190mailing-list
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
http://marc.info/?l=bugtraq&m=139817727317190&w=2vendor-advisory
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
http://www.openssl.org/news/secadv_20140407.txt
https://gist.github.com/chapmajs/10473815
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
http://www.securitytracker.com/id/1030074vdb-entry
http://support.citrix.com/article/CTX140605
http://secunia.com/advisories/59139third-party-advisory
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
http://secunia.com/advisories/57966third-party-advisory
http://www.securitytracker.com/id/1030026vdb-entry
http://secunia.com/advisories/59347third-party-advisory
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3Emailing-list
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3Emailing-list
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3Emailing-list
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3Emailing-list
https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:05:39.056Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217"
          },
          {
            "name": "1030077",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030077"
          },
          {
            "name": "20140408 heartbleed OpenSSL bug CVE-2014-0160",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Apr/90"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/"
          },
          {
            "name": "DSA-2896",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2896"
          },
          {
            "name": "HPSBGN03008",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139774054614965\u0026w=2"
          },
          {
            "name": "HPSBMU03024",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139889113431619\u0026w=2"
          },
          {
            "name": "RHSA-2014:0396",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0396.html"
          },
          {
            "name": "HPSBHF03021",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139835815211508\u0026w=2"
          },
          {
            "name": "HPSBHF03136",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141287864628122\u0026w=2"
          },
          {
            "name": "VU#720951",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/720951"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAMB3"
          },
          {
            "name": "HPSBMU03033",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139905295427946\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
          },
          {
            "name": "HPSBGN03011",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139833395230364\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670161"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "name": "openSUSE-SU-2014:0492",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "20140409 Re: heartbleed OpenSSL bug CVE-2014-0160",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Apr/109"
          },
          {
            "name": "HPSBMU03037",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140724451518351\u0026w=2"
          },
          {
            "name": "1030080",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030080"
          },
          {
            "name": "57836",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57836"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
          },
          {
            "name": "HPSBMU03012",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139808058921905\u0026w=2"
          },
          {
            "name": "HPSBST03001",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139758572430452\u0026w=2"
          },
          {
            "name": "66690",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66690"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://filezilla-project.org/versions.php?type=server"
          },
          {
            "name": "HPSBMU03023",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139843768401936\u0026w=2"
          },
          {
            "name": "57483",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57483"
          },
          {
            "name": "20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.kerio.com/support/kerio-control/release-history"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0165.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.blackberry.com/btsc/KB35882"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "HPSBMU03044",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140075368411126\u0026w=2"
          },
          {
            "name": "HPSBMU03030",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139905351928096\u0026w=2"
          },
          {
            "name": "1030081",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030081"
          },
          {
            "name": "FEDORA-2014-4879",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "name": "FEDORA-2014-4910",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084875"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
          },
          {
            "name": "HPSBMU03013",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139824993005633\u0026w=2"
          },
          {
            "name": "1030079",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030079"
          },
          {
            "name": "RHSA-2014:0377",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0377.html"
          },
          {
            "name": "HPSBMU02995",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139722163017074\u0026w=2"
          },
          {
            "name": "HPSBPI03031",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139889295732144\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://code.google.com/p/mod-spdy/issues/detail?id=85"
          },
          {
            "name": "HPSBMU02999",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139765756720506\u0026w=2"
          },
          {
            "name": "HPSBGN03010",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139774703817488\u0026w=2"
          },
          {
            "name": "HPSBMU03029",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139905202427693\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://heartbleed.com/"
          },
          {
            "name": "HPSBMU03018",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139817782017443\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01"
          },
          {
            "name": "HPSBMU03040",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140015787404650\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://cogentdatahub.com/ReleaseNotes.html"
          },
          {
            "name": "HPSBMU03025",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139869720529462\u0026w=2"
          },
          {
            "name": "HPSBST03016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139842151128341\u0026w=2"
          },
          {
            "name": "HPSBMU03028",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139905243827825\u0026w=2"
          },
          {
            "name": "HPSBMU03009",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139905458328378\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-1"
          },
          {
            "name": "TA14-098A",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/ncas/alerts/TA14-098A"
          },
          {
            "name": "57347",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57347"
          },
          {
            "name": "[syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been released",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html"
          },
          {
            "name": "20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Apr/173"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3"
          },
          {
            "name": "HPSBST03000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay\u0026spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result\u0026javax.portlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vignette.cachetoken"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "name": "HPSBST03004",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139905653828999\u0026w=2"
          },
          {
            "name": "USN-2165-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2165-1"
          },
          {
            "name": "RHSA-2014:0378",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0378.html"
          },
          {
            "name": "HPSBMU02997",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139757919027752\u0026w=2"
          },
          {
            "name": "SUSE-SA:2014:002",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html"
          },
          {
            "name": "32764",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/32764"
          },
          {
            "name": "HPSBMU02994",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139757726426985\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160512_00"
          },
          {
            "name": "HPSBMU03022",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139869891830365\u0026w=2"
          },
          {
            "name": "HPSBST03027",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139905868529690\u0026w=2"
          },
          {
            "name": "HPSBMU03019",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139817685517037\u0026w=2"
          },
          {
            "name": "HPSBMU03062",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
          },
          {
            "name": "20140408 Re: heartbleed OpenSSL bug CVE-2014-0160",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Apr/91"
          },
          {
            "name": "1030078",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030078"
          },
          {
            "name": "59243",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59243"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661"
          },
          {
            "name": "HPSBMU03020",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139836085512508\u0026w=2"
          },
          {
            "name": "HPSBST03015",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139824923705461\u0026w=2"
          },
          {
            "name": "RHSA-2014:0376",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0376.html"
          },
          {
            "name": "HPSBPI03014",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139835844111589\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cert.fi/en/reports/2014/vulnerability788210.html"
          },
          {
            "name": "57721",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57721"
          },
          {
            "name": "57968",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57968"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3"
          },
          {
            "name": "openSUSE-SU-2014:0560",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html"
          },
          {
            "name": "HPSBMU03032",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139905405728262\u0026w=2"
          },
          {
            "name": "1030082",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030082"
          },
          {
            "name": "HPSBMU02998",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139757819327350\u0026w=2"
          },
          {
            "name": "32745",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/32745"
          },
          {
            "name": "20140412 Re: heartbleed OpenSSL bug CVE-2014-0160",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Apr/190"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
          },
          {
            "name": "HPSBMU03017",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139817727317190\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20140407.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gist.github.com/chapmajs/10473815"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1"
          },
          {
            "name": "1030074",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030074"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX140605"
          },
          {
            "name": "59139",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59139"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
          },
          {
            "name": "57966",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57966"
          },
          {
            "name": "1030026",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030026"
          },
          {
            "name": "59347",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59347"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-15T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217"
        },
        {
          "name": "1030077",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1030077"
        },
        {
          "name": "20140408 heartbleed OpenSSL bug CVE-2014-0160",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Apr/90"
        },
        {
          "url": "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/"
        },
        {
          "name": "DSA-2896",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2896"
        },
        {
          "name": "HPSBGN03008",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139774054614965\u0026w=2"
        },
        {
          "name": "HPSBMU03024",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139889113431619\u0026w=2"
        },
        {
          "name": "RHSA-2014:0396",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0396.html"
        },
        {
          "name": "HPSBHF03021",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139835815211508\u0026w=2"
        },
        {
          "name": "HPSBHF03136",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141287864628122\u0026w=2"
        },
        {
          "name": "VU#720951",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://www.kb.cert.org/vuls/id/720951"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAMB3"
        },
        {
          "name": "HPSBMU03033",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139905295427946\u0026w=2"
        },
        {
          "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
        },
        {
          "url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
        },
        {
          "name": "HPSBGN03011",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139833395230364\u0026w=2"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670161"
        },
        {
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
        },
        {
          "name": "openSUSE-SU-2014:0492",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "20140409 Re: heartbleed OpenSSL bug CVE-2014-0160",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Apr/109"
        },
        {
          "name": "HPSBMU03037",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140724451518351\u0026w=2"
        },
        {
          "name": "1030080",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1030080"
        },
        {
          "name": "57836",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/57836"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
        },
        {
          "name": "HPSBMU03012",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139808058921905\u0026w=2"
        },
        {
          "name": "HPSBST03001",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139758572430452\u0026w=2"
        },
        {
          "name": "66690",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/66690"
        },
        {
          "url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf"
        },
        {
          "url": "https://filezilla-project.org/versions.php?type=server"
        },
        {
          "name": "HPSBMU03023",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139843768401936\u0026w=2"
        },
        {
          "name": "57483",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/57483"
        },
        {
          "name": "20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed"
        },
        {
          "url": "http://www.kerio.com/support/kerio-control/release-history"
        },
        {
          "url": "http://advisories.mageia.org/MGASA-2014-0165.html"
        },
        {
          "url": "http://www.blackberry.com/btsc/KB35882"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "HPSBMU03044",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140075368411126\u0026w=2"
        },
        {
          "name": "HPSBMU03030",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139905351928096\u0026w=2"
        },
        {
          "name": "1030081",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1030081"
        },
        {
          "name": "FEDORA-2014-4879",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
        },
        {
          "name": "FEDORA-2014-4910",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084875"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
        },
        {
          "name": "HPSBMU03013",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139824993005633\u0026w=2"
        },
        {
          "name": "1030079",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1030079"
        },
        {
          "name": "RHSA-2014:0377",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0377.html"
        },
        {
          "name": "HPSBMU02995",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139722163017074\u0026w=2"
        },
        {
          "name": "HPSBPI03031",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139889295732144\u0026w=2"
        },
        {
          "url": "https://code.google.com/p/mod-spdy/issues/detail?id=85"
        },
        {
          "name": "HPSBMU02999",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139765756720506\u0026w=2"
        },
        {
          "name": "HPSBGN03010",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139774703817488\u0026w=2"
        },
        {
          "name": "HPSBMU03029",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139905202427693\u0026w=2"
        },
        {
          "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
        },
        {
          "url": "http://heartbleed.com/"
        },
        {
          "name": "HPSBMU03018",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139817782017443\u0026w=2"
        },
        {
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01"
        },
        {
          "name": "HPSBMU03040",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140015787404650\u0026w=2"
        },
        {
          "url": "http://cogentdatahub.com/ReleaseNotes.html"
        },
        {
          "name": "HPSBMU03025",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139869720529462\u0026w=2"
        },
        {
          "name": "HPSBST03016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139842151128341\u0026w=2"
        },
        {
          "name": "HPSBMU03028",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139905243827825\u0026w=2"
        },
        {
          "name": "HPSBMU03009",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139905458328378\u0026w=2"
        },
        {
          "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-1"
        },
        {
          "name": "TA14-098A",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://www.us-cert.gov/ncas/alerts/TA14-098A"
        },
        {
          "name": "57347",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/57347"
        },
        {
          "name": "[syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been released",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html"
        },
        {
          "name": "20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Apr/173"
        },
        {
          "url": "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html"
        },
        {
          "url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html"
        },
        {
          "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3"
        },
        {
          "name": "HPSBST03000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay\u0026spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result\u0026javax.portlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vignette.cachetoken"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
        },
        {
          "name": "HPSBST03004",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139905653828999\u0026w=2"
        },
        {
          "name": "USN-2165-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2165-1"
        },
        {
          "name": "RHSA-2014:0378",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0378.html"
        },
        {
          "name": "HPSBMU02997",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139757919027752\u0026w=2"
        },
        {
          "name": "SUSE-SA:2014:002",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html"
        },
        {
          "name": "32764",
          "tags": [
            "exploit"
          ],
          "url": "http://www.exploit-db.com/exploits/32764"
        },
        {
          "name": "HPSBMU02994",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139757726426985\u0026w=2"
        },
        {
          "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160512_00"
        },
        {
          "name": "HPSBMU03022",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139869891830365\u0026w=2"
        },
        {
          "name": "HPSBST03027",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139905868529690\u0026w=2"
        },
        {
          "name": "HPSBMU03019",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139817685517037\u0026w=2"
        },
        {
          "name": "HPSBMU03062",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
        },
        {
          "name": "20140408 Re: heartbleed OpenSSL bug CVE-2014-0160",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Apr/91"
        },
        {
          "name": "1030078",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1030078"
        },
        {
          "name": "59243",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/59243"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661"
        },
        {
          "name": "HPSBMU03020",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139836085512508\u0026w=2"
        },
        {
          "name": "HPSBST03015",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139824923705461\u0026w=2"
        },
        {
          "name": "RHSA-2014:0376",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0376.html"
        },
        {
          "name": "HPSBPI03014",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139835844111589\u0026w=2"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "url": "https://www.cert.fi/en/reports/2014/vulnerability788210.html"
        },
        {
          "name": "57721",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/57721"
        },
        {
          "name": "57968",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/57968"
        },
        {
          "url": "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/"
        },
        {
          "url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3"
        },
        {
          "name": "openSUSE-SU-2014:0560",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html"
        },
        {
          "name": "HPSBMU03032",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139905405728262\u0026w=2"
        },
        {
          "name": "1030082",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1030082"
        },
        {
          "name": "HPSBMU02998",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139757819327350\u0026w=2"
        },
        {
          "name": "32745",
          "tags": [
            "exploit"
          ],
          "url": "http://www.exploit-db.com/exploits/32745"
        },
        {
          "name": "20140412 Re: heartbleed OpenSSL bug CVE-2014-0160",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Apr/190"
        },
        {
          "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
        },
        {
          "name": "HPSBMU03017",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139817727317190\u0026w=2"
        },
        {
          "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
        },
        {
          "url": "http://www.openssl.org/news/secadv_20140407.txt"
        },
        {
          "url": "https://gist.github.com/chapmajs/10473815"
        },
        {
          "url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1"
        },
        {
          "name": "1030074",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1030074"
        },
        {
          "url": "http://support.citrix.com/article/CTX140605"
        },
        {
          "name": "59139",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/59139"
        },
        {
          "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
        },
        {
          "name": "57966",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/57966"
        },
        {
          "name": "1030026",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1030026"
        },
        {
          "name": "59347",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/59347"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "url": "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "url": "https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-0160",
    "datePublished": "2014-04-07T00:00:00",
    "dateReserved": "2013-12-03T00:00:00",
    "dateUpdated": "2024-08-06T09:05:39.056Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2000-1254
Vulnerability from cvelistv5
Published
2016-05-05 01:00
Modified
2024-08-08 05:53
Severity
Summary
crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms.
References
URLTags
http://www.securitytracker.com/id/1035750vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=openssl-users&m=95961024500509mailing-list, x_refsource_MLIST
http://www-01.ibm.com/support/docview.wss?uid=swg21995039x_refsource_CONFIRM
http://www.securityfocus.com/bid/90109vdb-entry, x_refsource_BID
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=db82b8f9bd432a59aea8e1014694e15fc457c2bbx_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/05/04/17mailing-list, x_refsource_MLIST
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T05:53:28.389Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1035750",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035750"
          },
          {
            "name": "[openssl-users] 20000529 64 bit problem in RSA_generate_key in 0.9.5a",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=openssl-users\u0026m=95961024500509"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "name": "90109",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/90109"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=db82b8f9bd432a59aea8e1014694e15fc457c2bb"
          },
          {
            "name": "[oss-security] 20160504 broken RSA keys",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/05/04/17"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2000-05-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-31T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1035750",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035750"
        },
        {
          "name": "[openssl-users] 20000529 64 bit problem in RSA_generate_key in 0.9.5a",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=openssl-users\u0026m=95961024500509"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "name": "90109",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/90109"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=db82b8f9bd432a59aea8e1014694e15fc457c2bb"
        },
        {
          "name": "[oss-security] 20160504 broken RSA keys",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/05/04/17"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2000-1254",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1035750",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035750"
            },
            {
              "name": "[openssl-users] 20000529 64 bit problem in RSA_generate_key in 0.9.5a",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=openssl-users\u0026m=95961024500509"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
            },
            {
              "name": "90109",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/90109"
            },
            {
              "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=db82b8f9bd432a59aea8e1014694e15fc457c2bb",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=db82b8f9bd432a59aea8e1014694e15fc457c2bb"
            },
            {
              "name": "[oss-security] 20160504 broken RSA keys",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/05/04/17"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2000-1254",
    "datePublished": "2016-05-05T01:00:00",
    "dateReserved": "2016-05-04T00:00:00",
    "dateUpdated": "2024-08-08T05:53:28.389Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-4000
Vulnerability from cvelistv5
Published
2015-05-21 00:00
Modified
2024-08-06 06:04
Severity
Summary
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
References
URLTags
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=143880121627664&w=2vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1243.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.htmlvendor-advisory
http://www.securitytracker.com/id/1033208vdb-entry
http://www.securitytracker.com/id/1032637vdb-entry
http://marc.info/?l=bugtraq&m=144050121701297&w=2vendor-advisory
http://www.debian.org/security/2016/dsa-3688vendor-advisory
http://www.debian.org/security/2015/dsa-3287vendor-advisory
http://marc.info/?l=bugtraq&m=144493176821532&w=2vendor-advisory
http://www.securitytracker.com/id/1032865vdb-entry
http://marc.info/?l=bugtraq&m=143557934009303&w=2vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlvendor-advisory
http://www.securitytracker.com/id/1034728vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.htmlvendor-advisory
http://www.securitytracker.com/id/1032656vdb-entry
http://rhn.redhat.com/errata/RHSA-2016-2056.htmlvendor-advisory
http://openwall.com/lists/oss-security/2015/05/20/8mailing-list
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=143628304012255&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=144060576831314&w=2vendor-advisory
http://www.securitytracker.com/id/1032475vdb-entry
http://www.securitytracker.com/id/1032960vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.htmlvendor-advisory
http://www.securitytracker.com/id/1032653vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.htmlvendor-advisory
http://www.securitytracker.com/id/1033385vdb-entry
https://security.gentoo.org/glsa/201512-10vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1229.htmlvendor-advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.htmlvendor-advisory
http://www.securitytracker.com/id/1032864vdb-entry
http://www.securitytracker.com/id/1032910vdb-entry
http://www.securitytracker.com/id/1032645vdb-entry
http://www.ubuntu.com/usn/USN-2706-1vendor-advisory
https://security.gentoo.org/glsa/201701-46vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1526.htmlvendor-advisory
http://www.securitytracker.com/id/1033760vdb-entry
http://rhn.redhat.com/errata/RHSA-2015-1485.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1197.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=144104533800819&w=2vendor-advisory
http://www.securitytracker.com/id/1032699vdb-entry
http://www.securitytracker.com/id/1032476vdb-entry
http://www.securitytracker.com/id/1032649vdb-entry
http://marc.info/?l=bugtraq&m=144043644216842&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=143637549705650&w=2vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1544.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlvendor-advisory
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196vendor-advisory
http://www.securitytracker.com/id/1032688vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlvendor-advisory
http://www.securitytracker.com/id/1032652vdb-entry
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1185.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=143558092609708&w=2vendor-advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=144069189622016&w=2vendor-advisory
http://www.securitytracker.com/id/1032648vdb-entry
http://www.securitytracker.com/id/1032759vdb-entry
http://rhn.redhat.com/errata/RHSA-2015-1228.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=144060606031437&w=2vendor-advisory
http://www.debian.org/security/2015/dsa-3316vendor-advisory
http://www.securitytracker.com/id/1033209vdb-entry
http://www.securitytracker.com/id/1032871vdb-entry
http://www.debian.org/security/2015/dsa-3324vendor-advisory
http://www.securitytracker.com/id/1032655vdb-entry
http://www.securitytracker.com/id/1033210vdb-entry
http://marc.info/?l=bugtraq&m=144061542602287&w=2vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=145409266329539&w=2vendor-advisory
http://www.ubuntu.com/usn/USN-2673-1vendor-advisory
http://www.securitytracker.com/id/1034884vdb-entry
http://marc.info/?l=bugtraq&m=143506486712441&w=2vendor-advisory
https://security.gentoo.org/glsa/201603-11vendor-advisory
http://www.securitytracker.com/id/1033064vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.htmlvendor-advisory
http://www.securitytracker.com/id/1032778vdb-entry
http://www.securitytracker.com/id/1032474vdb-entry
http://marc.info/?l=bugtraq&m=144493176821532&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=144102017024820&w=2vendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.htmlvendor-advisory
http://www.securitytracker.com/id/1032784vdb-entry
http://www.securitytracker.com/id/1032777vdb-entry
http://www.securitytracker.com/id/1033416vdb-entry
http://www.securitytracker.com/id/1033991vdb-entry
http://www.securitytracker.com/id/1032647vdb-entry
http://www.securitytracker.com/id/1032654vdb-entry
http://www.securitytracker.com/id/1033341vdb-entry
http://rhn.redhat.com/errata/RHSA-2015-1486.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.htmlvendor-advisory
http://www.securitytracker.com/id/1033433vdb-entry
http://www.ubuntu.com/usn/USN-2696-1vendor-advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.htmlvendor-advisory
http://www.securitytracker.com/id/1032702vdb-entry
http://www.debian.org/security/2015/dsa-3339vendor-advisory
http://www.securitytracker.com/id/1032727vdb-entry
http://rhn.redhat.com/errata/RHSA-2015-1242.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.htmlvendor-advisory
https://security.gentoo.org/glsa/201506-02vendor-advisory
http://www.securityfocus.com/bid/91787vdb-entry
http://rhn.redhat.com/errata/RHSA-2016-1624.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1488.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.htmlvendor-advisory
http://www.securitytracker.com/id/1033430vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1241.htmlvendor-advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=143880121627664&w=2vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1230.htmlvendor-advisory
http://www.securityfocus.com/bid/74733vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.htmlvendor-advisory
http://www.securitytracker.com/id/1032651vdb-entry
http://www.securitytracker.com/id/1033065vdb-entry
http://www.ubuntu.com/usn/USN-2656-1vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlvendor-advisory
http://www.securitytracker.com/id/1033222vdb-entry
http://www.securitytracker.com/id/1036218vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=143655800220052&w=2vendor-advisory
http://www.securitytracker.com/id/1040630vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlvendor-advisory
http://www.securitytracker.com/id/1034087vdb-entry
http://www.securitytracker.com/id/1033513vdb-entry
http://www.securitytracker.com/id/1032884vdb-entry
http://rhn.redhat.com/errata/RHSA-2015-1604.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.htmlvendor-advisory
http://www.securitytracker.com/id/1032932vdb-entry
http://www.securitytracker.com/id/1033891vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.htmlvendor-advisory
http://www.securitytracker.com/id/1032783vdb-entry
http://www.securitytracker.com/id/1032856vdb-entry
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.ascvendor-advisory
http://www.debian.org/security/2015/dsa-3300vendor-advisory
http://www.ubuntu.com/usn/USN-2656-2vendor-advisory
http://www.securitytracker.com/id/1033067vdb-entry
http://www.securitytracker.com/id/1033019vdb-entry
http://rhn.redhat.com/errata/RHSA-2015-1072.htmlvendor-advisory
http://www.securitytracker.com/id/1032650vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://www.oracle.com/security-alerts/cpujan2021.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681
http://www-01.ibm.com/support/docview.wss?uid=swg21962739
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
http://support.apple.com/kb/HT204941
http://www-304.ibm.com/support/docview.wss?uid=swg21962816
http://www-01.ibm.com/support/docview.wss?uid=swg21959812
https://www-304.ibm.com/support/docview.wss?uid=swg21959745
https://weakdh.org/imperfect-forward-secrecy.pdf
http://www-304.ibm.com/support/docview.wss?uid=swg21959132
https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/
http://www-01.ibm.com/support/docview.wss?uid=swg21959539
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
http://www-01.ibm.com/support/docview.wss?uid=swg21959325
https://openssl.org/news/secadv/20150611.txt
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
http://www-304.ibm.com/support/docview.wss?uid=swg21967893
http://www-304.ibm.com/support/docview.wss?uid=swg21958984
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www-01.ibm.com/support/docview.wss?uid=swg21959517
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www-01.ibm.com/support/docview.wss?uid=swg21959195
http://www-01.ibm.com/support/docview.wss?uid=swg21961717
http://www-304.ibm.com/support/docview.wss?uid=swg21960041
http://www-304.ibm.com/support/docview.wss?uid=swg21960194
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
http://www-01.ibm.com/support/docview.wss?uid=swg21959453
https://security.netapp.com/advisory/ntap-20150619-0001/
http://www-01.ibm.com/support/docview.wss?uid=swg21959111
http://www-304.ibm.com/support/docview.wss?uid=swg21960418
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
https://www.suse.com/security/cve/CVE-2015-4000.html
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722
http://support.citrix.com/article/CTX201114
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
http://www-304.ibm.com/support/docview.wss?uid=swg21960380
http://support.apple.com/kb/HT204942
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083
http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
http://www-01.ibm.com/support/docview.wss?uid=swg21959530
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www-01.ibm.com/support/docview.wss?uid=swg21960191
http://www-01.ibm.com/support/docview.wss?uid=swg21959636
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
https://puppet.com/security/cve/CVE-2015-4000
http://www.mozilla.org/security/announce/2015/mfsa2015-70.html
http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
https://support.citrix.com/article/CTX216642
https://weakdh.org/
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
http://www-01.ibm.com/support/docview.wss?uid=swg21959481
https://bto.bluecoat.com/security-advisory/sa98
https://bugzilla.mozilla.org/show_bug.cgi?id=1138554
http://www-01.ibm.com/support/docview.wss?uid=swg21962455
https://www.openssl.org/news/secadv_20150611.txt
http://www.fortiguard.com/advisory/2015-05-20-logjam-attack
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:04:02.725Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2015:1184",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
          },
          {
            "name": "SUSE-SU-2015:1177",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"
          },
          {
            "name": "SSRT102180",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
          },
          {
            "name": "RHSA-2015:1243",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"
          },
          {
            "name": "openSUSE-SU-2015:1229",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
          },
          {
            "name": "1033208",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033208"
          },
          {
            "name": "1032637",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032637"
          },
          {
            "name": "HPSBGN03404",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050121701297\u0026w=2"
          },
          {
            "name": "DSA-3688",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3688"
          },
          {
            "name": "DSA-3287",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3287"
          },
          {
            "name": "HPSBUX03512",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
          },
          {
            "name": "1032865",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032865"
          },
          {
            "name": "HPSBGN03351",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143557934009303\u0026w=2"
          },
          {
            "name": "SUSE-SU-2015:1268",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
          },
          {
            "name": "SUSE-SU-2015:1150",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
          },
          {
            "name": "1034728",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034728"
          },
          {
            "name": "SUSE-SU-2015:1183",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
          },
          {
            "name": "1032656",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032656"
          },
          {
            "name": "RHSA-2016:2056",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
          },
          {
            "name": "[oss-security] 20150520 CVE-2015-4000 - TLS does not properly convey server\u0027s ciphersuite choice",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2015/05/20/8"
          },
          {
            "name": "openSUSE-SU-2015:1684",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
          },
          {
            "name": "HPSBGN03361",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143628304012255\u0026w=2"
          },
          {
            "name": "HPSBGN03399",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
          },
          {
            "name": "1032475",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032475"
          },
          {
            "name": "1032960",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032960"
          },
          {
            "name": "openSUSE-SU-2016:0255",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"
          },
          {
            "name": "1032653",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032653"
          },
          {
            "name": "SUSE-SU-2016:0224",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"
          },
          {
            "name": "1033385",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033385"
          },
          {
            "name": "GLSA-201512-10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201512-10"
          },
          {
            "name": "RHSA-2015:1229",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"
          },
          {
            "name": "openSUSE-SU-2016:0483",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"
          },
          {
            "name": "1032864",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032864"
          },
          {
            "name": "1032910",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032910"
          },
          {
            "name": "1032645",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032645"
          },
          {
            "name": "USN-2706-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2706-1"
          },
          {
            "name": "GLSA-201701-46",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-46"
          },
          {
            "name": "RHSA-2015:1526",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"
          },
          {
            "name": "1033760",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033760"
          },
          {
            "name": "RHSA-2015:1485",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html"
          },
          {
            "name": "RHSA-2015:1197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
          },
          {
            "name": "HPSBMU03401",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
          },
          {
            "name": "1032699",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032699"
          },
          {
            "name": "1032476",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032476"
          },
          {
            "name": "1032649",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032649"
          },
          {
            "name": "HPSBMU03345",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
          },
          {
            "name": "HPSBUX03363",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143637549705650\u0026w=2"
          },
          {
            "name": "RHSA-2015:1544",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html"
          },
          {
            "name": "FEDORA-2015-9130",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html"
          },
          {
            "name": "SUSE-SU-2015:1182",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
          },
          {
            "name": "SSRT102112",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196"
          },
          {
            "name": "1032688",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032688"
          },
          {
            "name": "SUSE-SU-2015:1143",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
          },
          {
            "name": "1032652",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032652"
          },
          {
            "name": "FEDORA-2015-9048",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html"
          },
          {
            "name": "RHSA-2015:1185",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
          },
          {
            "name": "HPSBGN03362",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143558092609708\u0026w=2"
          },
          {
            "name": "APPLE-SA-2015-06-30-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2015:1289",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
          },
          {
            "name": "FEDORA-2015-9161",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html"
          },
          {
            "name": "HPSBGN03402",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
          },
          {
            "name": "1032648",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032648"
          },
          {
            "name": "1032759",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032759"
          },
          {
            "name": "RHSA-2015:1228",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
          },
          {
            "name": "HPSBGN03405",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
          },
          {
            "name": "DSA-3316",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3316"
          },
          {
            "name": "1033209",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033209"
          },
          {
            "name": "1032871",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032871"
          },
          {
            "name": "DSA-3324",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3324"
          },
          {
            "name": "1032655",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032655"
          },
          {
            "name": "1033210",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033210"
          },
          {
            "name": "HPSBGN03411",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144061542602287\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "HPSBGN03533",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145409266329539\u0026w=2"
          },
          {
            "name": "USN-2673-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2673-1"
          },
          {
            "name": "1034884",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034884"
          },
          {
            "name": "HPSBMU03356",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143506486712441\u0026w=2"
          },
          {
            "name": "GLSA-201603-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201603-11"
          },
          {
            "name": "1033064",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033064"
          },
          {
            "name": "SUSE-SU-2015:1181",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
          },
          {
            "name": "1032778",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032778"
          },
          {
            "name": "1032474",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032474"
          },
          {
            "name": "SSRT102254",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
          },
          {
            "name": "HPSBGN03407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2015:1209",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"
          },
          {
            "name": "1032784",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032784"
          },
          {
            "name": "1032777",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032777"
          },
          {
            "name": "1033416",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033416"
          },
          {
            "name": "1033991",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033991"
          },
          {
            "name": "1032647",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032647"
          },
          {
            "name": "1032654",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032654"
          },
          {
            "name": "1033341",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033341"
          },
          {
            "name": "RHSA-2015:1486",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html"
          },
          {
            "name": "SUSE-SU-2015:1663",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
          },
          {
            "name": "1033433",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033433"
          },
          {
            "name": "USN-2696-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2696-1"
          },
          {
            "name": "APPLE-SA-2015-06-30-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
          },
          {
            "name": "1032702",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032702"
          },
          {
            "name": "DSA-3339",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3339"
          },
          {
            "name": "1032727",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032727"
          },
          {
            "name": "RHSA-2015:1242",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
          },
          {
            "name": "SUSE-SU-2015:1269",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
          },
          {
            "name": "GLSA-201506-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201506-02"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "RHSA-2016:1624",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
          },
          {
            "name": "openSUSE-SU-2015:1266",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
          },
          {
            "name": "RHSA-2015:1488",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html"
          },
          {
            "name": "SUSE-SU-2015:1319",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
          },
          {
            "name": "SUSE-SU-2015:1320",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
          },
          {
            "name": "1033430",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033430"
          },
          {
            "name": "openSUSE-SU-2015:1288",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
          },
          {
            "name": "RHSA-2015:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
          },
          {
            "name": "openSUSE-SU-2016:0478",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"
          },
          {
            "name": "SUSE-SU-2015:1581",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
          },
          {
            "name": "HPSBUX03388",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
          },
          {
            "name": "RHSA-2015:1230",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"
          },
          {
            "name": "74733",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74733"
          },
          {
            "name": "openSUSE-SU-2016:0261",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"
          },
          {
            "name": "1032651",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032651"
          },
          {
            "name": "1033065",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033065"
          },
          {
            "name": "USN-2656-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2656-1"
          },
          {
            "name": "SUSE-SU-2015:1185",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
          },
          {
            "name": "1033222",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033222"
          },
          {
            "name": "1036218",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036218"
          },
          {
            "name": "SUSE-SU-2015:1449",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
          },
          {
            "name": "HPSBGN03373",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143655800220052\u0026w=2"
          },
          {
            "name": "1040630",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040630"
          },
          {
            "name": "openSUSE-SU-2015:1139",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
          },
          {
            "name": "1034087",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034087"
          },
          {
            "name": "1033513",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033513"
          },
          {
            "name": "1032884",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032884"
          },
          {
            "name": "RHSA-2015:1604",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html"
          },
          {
            "name": "SUSE-SU-2016:0262",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"
          },
          {
            "name": "1032932",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032932"
          },
          {
            "name": "1033891",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033891"
          },
          {
            "name": "openSUSE-SU-2016:0226",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"
          },
          {
            "name": "1032783",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032783"
          },
          {
            "name": "1032856",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032856"
          },
          {
            "name": "NetBSD-SA2015-008",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
          },
          {
            "name": "DSA-3300",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3300"
          },
          {
            "name": "USN-2656-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2656-2"
          },
          {
            "name": "1033067",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033067"
          },
          {
            "name": "1033019",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033019"
          },
          {
            "name": "RHSA-2015:1072",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1072.html"
          },
          {
            "name": "1032650",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032650"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10681"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204941"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://openssl.org/news/secadv/20150611.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03831en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20150619-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.suse.com/security/cve/CVE-2015-4000.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX201114"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/CVE-2015-4000"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://weakdh.org/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa98"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150611.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SU-2015:1184",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
        },
        {
          "name": "SUSE-SU-2015:1177",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"
        },
        {
          "name": "SSRT102180",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
        },
        {
          "name": "RHSA-2015:1243",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"
        },
        {
          "name": "openSUSE-SU-2015:1229",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
        },
        {
          "name": "1033208",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033208"
        },
        {
          "name": "1032637",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032637"
        },
        {
          "name": "HPSBGN03404",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050121701297\u0026w=2"
        },
        {
          "name": "DSA-3688",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3688"
        },
        {
          "name": "DSA-3287",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3287"
        },
        {
          "name": "HPSBUX03512",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
        },
        {
          "name": "1032865",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032865"
        },
        {
          "name": "HPSBGN03351",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143557934009303\u0026w=2"
        },
        {
          "name": "SUSE-SU-2015:1268",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
        },
        {
          "name": "SUSE-SU-2015:1150",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
        },
        {
          "name": "1034728",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034728"
        },
        {
          "name": "SUSE-SU-2015:1183",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
        },
        {
          "name": "1032656",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032656"
        },
        {
          "name": "RHSA-2016:2056",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
        },
        {
          "name": "[oss-security] 20150520 CVE-2015-4000 - TLS does not properly convey server\u0027s ciphersuite choice",
          "tags": [
            "mailing-list"
          ],
          "url": "http://openwall.com/lists/oss-security/2015/05/20/8"
        },
        {
          "name": "openSUSE-SU-2015:1684",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
        },
        {
          "name": "HPSBGN03361",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143628304012255\u0026w=2"
        },
        {
          "name": "HPSBGN03399",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
        },
        {
          "name": "1032475",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032475"
        },
        {
          "name": "1032960",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032960"
        },
        {
          "name": "openSUSE-SU-2016:0255",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"
        },
        {
          "name": "1032653",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032653"
        },
        {
          "name": "SUSE-SU-2016:0224",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"
        },
        {
          "name": "1033385",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033385"
        },
        {
          "name": "GLSA-201512-10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201512-10"
        },
        {
          "name": "RHSA-2015:1229",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"
        },
        {
          "name": "openSUSE-SU-2016:0483",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"
        },
        {
          "name": "1032864",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032864"
        },
        {
          "name": "1032910",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032910"
        },
        {
          "name": "1032645",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032645"
        },
        {
          "name": "USN-2706-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2706-1"
        },
        {
          "name": "GLSA-201701-46",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201701-46"
        },
        {
          "name": "RHSA-2015:1526",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"
        },
        {
          "name": "1033760",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033760"
        },
        {
          "name": "RHSA-2015:1485",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html"
        },
        {
          "name": "RHSA-2015:1197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
        },
        {
          "name": "HPSBMU03401",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
        },
        {
          "name": "1032699",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032699"
        },
        {
          "name": "1032476",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032476"
        },
        {
          "name": "1032649",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032649"
        },
        {
          "name": "HPSBMU03345",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
        },
        {
          "name": "HPSBUX03363",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143637549705650\u0026w=2"
        },
        {
          "name": "RHSA-2015:1544",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html"
        },
        {
          "name": "FEDORA-2015-9130",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html"
        },
        {
          "name": "SUSE-SU-2015:1182",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
        },
        {
          "name": "SSRT102112",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196"
        },
        {
          "name": "1032688",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032688"
        },
        {
          "name": "SUSE-SU-2015:1143",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
        },
        {
          "name": "1032652",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032652"
        },
        {
          "name": "FEDORA-2015-9048",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html"
        },
        {
          "name": "RHSA-2015:1185",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
        },
        {
          "name": "HPSBGN03362",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143558092609708\u0026w=2"
        },
        {
          "name": "APPLE-SA-2015-06-30-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2015:1289",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
        },
        {
          "name": "FEDORA-2015-9161",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html"
        },
        {
          "name": "HPSBGN03402",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
        },
        {
          "name": "1032648",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032648"
        },
        {
          "name": "1032759",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032759"
        },
        {
          "name": "RHSA-2015:1228",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
        },
        {
          "name": "HPSBGN03405",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
        },
        {
          "name": "DSA-3316",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3316"
        },
        {
          "name": "1033209",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033209"
        },
        {
          "name": "1032871",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032871"
        },
        {
          "name": "DSA-3324",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3324"
        },
        {
          "name": "1032655",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032655"
        },
        {
          "name": "1033210",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033210"
        },
        {
          "name": "HPSBGN03411",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144061542602287\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "name": "HPSBGN03533",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145409266329539\u0026w=2"
        },
        {
          "name": "USN-2673-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2673-1"
        },
        {
          "name": "1034884",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034884"
        },
        {
          "name": "HPSBMU03356",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143506486712441\u0026w=2"
        },
        {
          "name": "GLSA-201603-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201603-11"
        },
        {
          "name": "1033064",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033064"
        },
        {
          "name": "SUSE-SU-2015:1181",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
        },
        {
          "name": "1032778",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032778"
        },
        {
          "name": "1032474",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032474"
        },
        {
          "name": "SSRT102254",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
        },
        {
          "name": "HPSBGN03407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2015:1209",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"
        },
        {
          "name": "1032784",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032784"
        },
        {
          "name": "1032777",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032777"
        },
        {
          "name": "1033416",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033416"
        },
        {
          "name": "1033991",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033991"
        },
        {
          "name": "1032647",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032647"
        },
        {
          "name": "1032654",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032654"
        },
        {
          "name": "1033341",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033341"
        },
        {
          "name": "RHSA-2015:1486",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html"
        },
        {
          "name": "SUSE-SU-2015:1663",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
        },
        {
          "name": "1033433",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033433"
        },
        {
          "name": "USN-2696-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2696-1"
        },
        {
          "name": "APPLE-SA-2015-06-30-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
        },
        {
          "name": "1032702",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032702"
        },
        {
          "name": "DSA-3339",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3339"
        },
        {
          "name": "1032727",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032727"
        },
        {
          "name": "RHSA-2015:1242",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
        },
        {
          "name": "SUSE-SU-2015:1269",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
        },
        {
          "name": "GLSA-201506-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201506-02"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "RHSA-2016:1624",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
        },
        {
          "name": "openSUSE-SU-2015:1266",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
        },
        {
          "name": "RHSA-2015:1488",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html"
        },
        {
          "name": "SUSE-SU-2015:1319",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
        },
        {
          "name": "SUSE-SU-2015:1320",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
        },
        {
          "name": "1033430",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033430"
        },
        {
          "name": "openSUSE-SU-2015:1288",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
        },
        {
          "name": "RHSA-2015:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
        },
        {
          "name": "openSUSE-SU-2016:0478",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"
        },
        {
          "name": "SUSE-SU-2015:1581",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
        },
        {
          "name": "HPSBUX03388",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
        },
        {
          "name": "RHSA-2015:1230",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"
        },
        {
          "name": "74733",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/74733"
        },
        {
          "name": "openSUSE-SU-2016:0261",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"
        },
        {
          "name": "1032651",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032651"
        },
        {
          "name": "1033065",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033065"
        },
        {
          "name": "USN-2656-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2656-1"
        },
        {
          "name": "SUSE-SU-2015:1185",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
        },
        {
          "name": "1033222",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033222"
        },
        {
          "name": "1036218",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036218"
        },
        {
          "name": "SUSE-SU-2015:1449",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
        },
        {
          "name": "HPSBGN03373",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143655800220052\u0026w=2"
        },
        {
          "name": "1040630",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1040630"
        },
        {
          "name": "openSUSE-SU-2015:1139",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
        },
        {
          "name": "1034087",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034087"
        },
        {
          "name": "1033513",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033513"
        },
        {
          "name": "1032884",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032884"
        },
        {
          "name": "RHSA-2015:1604",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html"
        },
        {
          "name": "SUSE-SU-2016:0262",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"
        },
        {
          "name": "1032932",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032932"
        },
        {
          "name": "1033891",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033891"
        },
        {
          "name": "openSUSE-SU-2016:0226",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"
        },
        {
          "name": "1032783",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032783"
        },
        {
          "name": "1032856",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032856"
        },
        {
          "name": "NetBSD-SA2015-008",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
        },
        {
          "name": "DSA-3300",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3300"
        },
        {
          "name": "USN-2656-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2656-2"
        },
        {
          "name": "1033067",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033067"
        },
        {
          "name": "1033019",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033019"
        },
        {
          "name": "RHSA-2015:1072",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1072.html"
        },
        {
          "name": "1032650",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032650"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10681"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"
        },
        {
          "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403"
        },
        {
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
        },
        {
          "url": "http://support.apple.com/kb/HT204941"
        },
        {
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"
        },
        {
          "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"
        },
        {
          "url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
        },
        {
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"
        },
        {
          "url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"
        },
        {
          "url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"
        },
        {
          "url": "https://openssl.org/news/secadv/20150611.txt"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03831en_us"
        },
        {
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"
        },
        {
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"
        },
        {
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"
        },
        {
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
        },
        {
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"
        },
        {
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20150619-0001/"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"
        },
        {
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"
        },
        {
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"
        },
        {
          "url": "https://www.suse.com/security/cve/CVE-2015-4000.html"
        },
        {
          "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722"
        },
        {
          "url": "http://support.citrix.com/article/CTX201114"
        },
        {
          "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
        },
        {
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"
        },
        {
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083"
        },
        {
          "url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727"
        },
        {
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"
        },
        {
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
        },
        {
          "url": "https://puppet.com/security/cve/CVE-2015-4000"
        },
        {
          "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"
        },
        {
          "url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm"
        },
        {
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"
        },
        {
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "url": "https://weakdh.org/"
        },
        {
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa98"
        },
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150611.txt"
        },
        {
          "url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-4000",
    "datePublished": "2015-05-21T00:00:00",
    "dateReserved": "2015-05-15T00:00:00",
    "dateUpdated": "2024-08-06T06:04:02.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0465
Vulnerability from cvelistv5
Published
2023-03-28 14:30
Modified
2024-08-02 05:10
Severity
Summary
Invalid certificate policies in leaf certificates are silently ignored
References
URLTags
https://www.openssl.org/news/secadv/20230328.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5cpatch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bbpatch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947apatch
https://security.netapp.com/advisory/ntap-20230414-0001/
https://www.debian.org/security/2023/dsa-5417
https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
https://security.gentoo.org/glsa/202402-08
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:10:56.368Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230328.txt"
          },
          {
            "name": "3.1.1 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c"
          },
          {
            "name": "3.0.9 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb"
          },
          {
            "name": "1.1.1u git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95"
          },
          {
            "name": "1.0.2zh patch (premium)",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230414-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5417"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.1.1",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.9",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1u",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zh",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "David Benjamin (Google)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Matt Caswell"
        }
      ],
      "datePublic": "2023-03-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Applications that use a non-default option when verifying certificates may be\u003cbr\u003evulnerable to an attack from a malicious CA to circumvent certain checks.\u003cbr\u003e\u003cbr\u003eInvalid certificate policies in leaf certificates are silently ignored by\u003cbr\u003eOpenSSL and other certificate policy checks are skipped for that certificate.\u003cbr\u003eA malicious CA could use this to deliberately assert invalid certificate policies\u003cbr\u003ein order to circumvent policy checking on the certificate altogether.\u003cbr\u003e\u003cbr\u003ePolicy processing is disabled by default but can be enabled by passing\u003cbr\u003ethe `-policy\u0027 argument to the command line utilities or by calling the\u003cbr\u003e`X509_VERIFY_PARAM_set1_policies()\u0027 function."
            }
          ],
          "value": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy\u0027 argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()\u0027 function."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "improper certificate validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-28T14:30:39.707Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230328.txt"
        },
        {
          "name": "3.1.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c"
        },
        {
          "name": "3.0.9 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb"
        },
        {
          "name": "1.1.1u git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95"
        },
        {
          "name": "1.0.2zh patch (premium)",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230414-0001/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5417"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Invalid certificate policies in leaf certificates are silently ignored",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-0465",
    "datePublished": "2023-03-28T14:30:39.707Z",
    "dateReserved": "2023-01-24T13:51:42.650Z",
    "dateUpdated": "2024-08-02T05:10:56.368Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2000-0535
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:21
Severity
Summary
OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.
References
URLTags
http://www.securityfocus.com/bid/1340vdb-entry, x_refsource_BID
http://archives.neohapsis.com/archives/freebsd/2000-06/0083.htmlvendor-advisory, x_refsource_FREEBSD
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T05:21:30.731Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1340",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/1340"
          },
          {
            "name": "FreeBSD-SA-00:25",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/freebsd/2000-06/0083.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2000-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2003-03-21T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1340",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/1340"
        },
        {
          "name": "FreeBSD-SA-00:25",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://archives.neohapsis.com/archives/freebsd/2000-06/0083.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2000-0535",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1340",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/1340"
            },
            {
              "name": "FreeBSD-SA-00:25",
              "refsource": "FREEBSD",
              "url": "http://archives.neohapsis.com/archives/freebsd/2000-06/0083.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2000-0535",
    "datePublished": "2000-07-12T04:00:00",
    "dateReserved": "2000-07-11T00:00:00",
    "dateUpdated": "2024-08-08T05:21:30.731Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0207
Vulnerability from cvelistv5
Published
2015-03-19 00:00
Modified
2024-08-06 04:03
Severity
Summary
The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.
References
URLTags
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
https://bugzilla.redhat.com/show_bug.cgi?id=1202351
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.securityfocus.com/bid/73229vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory
http://www.securitytracker.com/id/1031929vdb-entry
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=819418110b6fff4a7b96f01a5d68f71df3e3b736
https://security.gentoo.org/glsa/201503-11vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.442Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202351"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "73229",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73229"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=819418110b6fff4a7b96f01a5d68f71df3e3b736"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202351"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "73229",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73229"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=819418110b6fff4a7b96f01a5d68f71df3e3b736"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0207",
    "datePublished": "2015-03-19T00:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.442Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0217
Vulnerability from cvelistv5
Published
2023-02-08 19:02
Modified
2024-08-02 05:02
Severity
Summary
NULL dereference validating DSA public key
References
URLTags
https://www.openssl.org/news/secadv/20230207.txtvendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096patch
https://security.gentoo.org/glsa/202402-08
Impacted products
VendorProduct
OpenSSLOpenSSL
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:02:43.920Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230207.txt"
          },
          {
            "name": "3.0.8 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.0.8",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Kurt Roeckx"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Shane Lontis from Oracle"
        }
      ],
      "datePublic": "2023-02-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An invalid pointer dereference on read can be triggered when an\u003cbr\u003eapplication tries to check a malformed DSA public key by the\u003cbr\u003eEVP_PKEY_public_check() function. This will most likely lead\u003cbr\u003eto an application crash. This function can be called on public\u003cbr\u003ekeys supplied from untrusted sources which could allow an attacker\u003cbr\u003eto cause a denial of service attack.\u003cbr\u003e\u003cbr\u003eThe TLS implementation in OpenSSL does not call this function\u003cbr\u003ebut applications might call the function if there are additional\u003cbr\u003esecurity requirements imposed by standards such as FIPS 140-3.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "An invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\nEVP_PKEY_public_check() function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack.\n\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3.\n\n"
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Moderate"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "invalid pointer dereference",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-24T14:44:48.097Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230207.txt"
        },
        {
          "name": "3.0.8 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "NULL dereference validating DSA public key",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-0217",
    "datePublished": "2023-02-08T19:02:48.524Z",
    "dateReserved": "2023-01-11T12:02:46.441Z",
    "dateUpdated": "2024-08-02T05:02:43.920Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0702
Vulnerability from cvelistv5
Published
2016-03-03 00:00
Modified
2024-08-05 22:30
Severity
Summary
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
References
URLTags
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.ascvendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=145889460330120&w=2vendor-advisory
http://www.ubuntu.com/usn/USN-2914-1vendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.htmlvendor-advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.htmlvendor-advisory
http://openssl.org/news/secadv/20160301.txt
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.htmlvendor-advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-opensslvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.htmlvendor-advisory
http://www.debian.org/security/2016/dsa-3500vendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.htmlvendor-advisory
https://www.openssl.org/news/secadv/20160301.txt
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
https://security.gentoo.org/glsa/201603-15vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlvendor-advisory
http://www.securitytracker.com/id/1035133vdb-entry
http://cachebleed.info
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:03.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2016-2802690366",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
          },
          {
            "name": "openSUSE-SU-2016:1242",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
          },
          {
            "name": "SUSE-SU-2016:1267",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
          },
          {
            "name": "FEDORA-2016-e6807b3394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
          },
          {
            "name": "openSUSE-SU-2016:0638",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
          },
          {
            "name": "FreeBSD-SA-16:12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:0621",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
          },
          {
            "name": "HPSBGN03563",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
          },
          {
            "name": "USN-2914-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2914-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "SUSE-SU-2016:1057",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
          },
          {
            "name": "openSUSE-SU-2016:1566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20160301.txt"
          },
          {
            "name": "SUSE-SU-2016:1360",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
          },
          {
            "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
          },
          {
            "name": "openSUSE-SU-2016:0720",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "SUSE-SU-2016:0624",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
          },
          {
            "name": "DSA-3500",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3500"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
          },
          {
            "name": "SUSE-SU-2016:0631",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160301.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "SUSE-SU-2016:0617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
          },
          {
            "name": "SUSE-SU-2016:1290",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2016:1273",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "GLSA-201603-15",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201603-15"
          },
          {
            "name": "openSUSE-SU-2016:0628",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
          },
          {
            "name": "1035133",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035133"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://cachebleed.info"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1"
          },
          {
            "name": "SUSE-SU-2016:0620",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "name": "openSUSE-SU-2016:0627",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
          },
          {
            "name": "SUSE-SU-2016:0641",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2016-2802690366",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
        },
        {
          "name": "openSUSE-SU-2016:1242",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
        },
        {
          "name": "SUSE-SU-2016:1267",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
        },
        {
          "name": "FEDORA-2016-e6807b3394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
        },
        {
          "name": "openSUSE-SU-2016:0638",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
        },
        {
          "name": "FreeBSD-SA-16:12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "openSUSE-SU-2016:1239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:0621",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
        },
        {
          "name": "HPSBGN03563",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
        },
        {
          "name": "USN-2914-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2914-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "SUSE-SU-2016:1057",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
        },
        {
          "name": "openSUSE-SU-2016:1566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
        },
        {
          "name": "openSUSE-SU-2016:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
        },
        {
          "url": "http://openssl.org/news/secadv/20160301.txt"
        },
        {
          "name": "SUSE-SU-2016:1360",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
        },
        {
          "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
        },
        {
          "name": "openSUSE-SU-2016:0720",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "name": "SUSE-SU-2016:0624",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
        },
        {
          "name": "DSA-3500",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3500"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
        },
        {
          "name": "SUSE-SU-2016:0631",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160301.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "SUSE-SU-2016:0617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
        },
        {
          "name": "SUSE-SU-2016:1290",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2016:1273",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "GLSA-201603-15",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201603-15"
        },
        {
          "name": "openSUSE-SU-2016:0628",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
        },
        {
          "name": "1035133",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035133"
        },
        {
          "url": "http://cachebleed.info"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1"
        },
        {
          "name": "SUSE-SU-2016:0620",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "name": "openSUSE-SU-2016:0627",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
        },
        {
          "name": "SUSE-SU-2016:0641",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0702",
    "datePublished": "2016-03-03T00:00:00",
    "dateReserved": "2015-12-16T00:00:00",
    "dateUpdated": "2024-08-05T22:30:03.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4353
Vulnerability from cvelistv5
Published
2014-01-09 01:00
Modified
2024-08-06 16:38
Severity
Summary
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.
References
URLTags
http://www.splunk.com/view/SP-CAAAMB3x_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-2837vendor-advisory, x_refsource_DEBIAN
http://www-01.ibm.com/support/docview.wss?uid=isg400001843x_refsource_CONFIRM
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=blob_plain%3Bf=CHANGES%3Bhb=refs/heads/OpenSSL_1_0_1-stablex_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory, x_refsource_FEDORA
http://www-01.ibm.com/support/docview.wss?uid=isg400001841x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2079-1vendor-advisory, x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2014-0015.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2014-01/msg00070.htmlvendor-advisory, x_refsource_SUSE
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=197e0ea817ad64820789d86711d55ff50d71f631x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlvendor-advisory, x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=1049058x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-0041.htmlvendor-advisory, x_refsource_REDHAT
http://www.openssl.org/news/vulnerabilities.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-01/msg00067.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2014-01/msg00065.htmlvendor-advisory, x_refsource_SUSE
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.888Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAMB3"
          },
          {
            "name": "DSA-2837",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2837"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=blob_plain%3Bf=CHANGES%3Bhb=refs/heads/OpenSSL_1_0_1-stable"
          },
          {
            "name": "FEDORA-2014-9308",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
          },
          {
            "name": "USN-2079-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2079-1"
          },
          {
            "name": "RHSA-2014:0015",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0015.html"
          },
          {
            "name": "openSUSE-SU-2014:0099",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00070.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=197e0ea817ad64820789d86711d55ff50d71f631"
          },
          {
            "name": "FEDORA-2014-9301",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049058"
          },
          {
            "name": "RHSA-2014:0041",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/vulnerabilities.html"
          },
          {
            "name": "openSUSE-SU-2014:0096",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00067.html"
          },
          {
            "name": "openSUSE-SU-2014:0094",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00065.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-04T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.splunk.com/view/SP-CAAAMB3"
        },
        {
          "name": "DSA-2837",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2837"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=blob_plain%3Bf=CHANGES%3Bhb=refs/heads/OpenSSL_1_0_1-stable"
        },
        {
          "name": "FEDORA-2014-9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
        },
        {
          "name": "USN-2079-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2079-1"
        },
        {
          "name": "RHSA-2014:0015",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0015.html"
        },
        {
          "name": "openSUSE-SU-2014:0099",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00070.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=197e0ea817ad64820789d86711d55ff50d71f631"
        },
        {
          "name": "FEDORA-2014-9301",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049058"
        },
        {
          "name": "RHSA-2014:0041",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/vulnerabilities.html"
        },
        {
          "name": "openSUSE-SU-2014:0096",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00067.html"
        },
        {
          "name": "openSUSE-SU-2014:0094",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00065.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4353",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.splunk.com/view/SP-CAAAMB3",
              "refsource": "CONFIRM",
              "url": "http://www.splunk.com/view/SP-CAAAMB3"
            },
            {
              "name": "DSA-2837",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2837"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
            },
            {
              "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=blob_plain;f=CHANGES;hb=refs/heads/OpenSSL_1_0_1-stable",
              "refsource": "CONFIRM",
              "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=blob_plain;f=CHANGES;hb=refs/heads/OpenSSL_1_0_1-stable"
            },
            {
              "name": "FEDORA-2014-9308",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
            },
            {
              "name": "USN-2079-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2079-1"
            },
            {
              "name": "RHSA-2014:0015",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0015.html"
            },
            {
              "name": "openSUSE-SU-2014:0099",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00070.html"
            },
            {
              "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=197e0ea817ad64820789d86711d55ff50d71f631",
              "refsource": "CONFIRM",
              "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=197e0ea817ad64820789d86711d55ff50d71f631"
            },
            {
              "name": "FEDORA-2014-9301",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1049058",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049058"
            },
            {
              "name": "RHSA-2014:0041",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html"
            },
            {
              "name": "http://www.openssl.org/news/vulnerabilities.html",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/vulnerabilities.html"
            },
            {
              "name": "openSUSE-SU-2014:0096",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00067.html"
            },
            {
              "name": "openSUSE-SU-2014:0094",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00065.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4353",
    "datePublished": "2014-01-09T01:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-0027
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-06 18:09
Severity
Summary
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.
References
URLTags
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.htmlvendor-advisory, x_refsource_SUSE
http://www.openssl.org/news/secadv_20120104.txtx_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/57353third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041vendor-advisory, x_refsource_HP
http://osvdb.org/78191vdb-entry, x_refsource_OSVDB
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:09:17.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBMU02786",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "openSUSE-SU-2012:0083",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20120104.txt"
          },
          {
            "name": "MDVSA-2012:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "SSRT100877",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "name": "78191",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/78191"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-03-18T11:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "HPSBMU02786",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "openSUSE-SU-2012:0083",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20120104.txt"
        },
        {
          "name": "MDVSA-2012:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "SSRT100877",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "name": "78191",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/78191"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0027",
    "datePublished": "2012-01-06T01:00:00",
    "dateReserved": "2011-12-07T00:00:00",
    "dateUpdated": "2024-08-06T18:09:17.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0286
Vulnerability from cvelistv5
Published
2015-03-19 00:00
Modified
2024-08-06 04:03
Severity
Summary
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.
References
URLTags
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://rhn.redhat.com/errata/RHSA-2015-0715.htmlvendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.htmlvendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680
http://www.debian.org/security/2015/dsa-3197vendor-advisory
http://www.ubuntu.com/usn/USN-2537-1vendor-advisory
http://marc.info/?l=bugtraq&m=144050155601375&w=2vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.htmlvendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
https://support.apple.com/HT205212
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlvendor-advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.htmlvendor-advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisory
https://access.redhat.com/articles/1384453
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.securitytracker.com/id/1032917vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisory
https://support.apple.com/HT205267
http://marc.info/?l=bugtraq&m=143213830203296&w=2vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1202366
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.htmlvendor-advisory
http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://rhn.redhat.com/errata/RHSA-2015-0716.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=142841429220765&w=2vendor-advisory
http://support.apple.com/kb/HT204942
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisory
https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.ascvendor-advisory
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://rhn.redhat.com/errata/RHSA-2015-0752.htmlvendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
http://www.securitytracker.com/id/1031929vdb-entry
http://marc.info/?l=bugtraq&m=143213830203296&w=2vendor-advisory
http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.htmlvendor-advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.htmlvendor-advisory
https://support.citrix.com/article/CTX216642
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=144050254401665&w=2vendor-advisory
http://www.securityfocus.com/bid/73225vdb-entry
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.760Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "RHSA-2015:0715",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
          },
          {
            "name": "openSUSE-SU-2015:0554",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
          },
          {
            "name": "DSA-3197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3197"
          },
          {
            "name": "USN-2537-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2537-1"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "name": "FEDORA-2015-4303",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205212"
          },
          {
            "name": "APPLE-SA-2015-09-30-3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "FEDORA-2015-4300",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
          },
          {
            "name": "APPLE-SA-2015-06-30-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "FEDORA-2015-6951",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/1384453"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "1032917",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032917"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205267"
          },
          {
            "name": "HPSBUX03334",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202366"
          },
          {
            "name": "MDVSA-2015:063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
          },
          {
            "name": "SUSE-SU-2015:0541",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "RHSA-2015:0716",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
          },
          {
            "name": "HPSBGN03306",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "name": "FreeBSD-SA-15:06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "RHSA-2015:0752",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "SSRT102000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "APPLE-SA-2015-09-16-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FEDORA-2015-4320",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "FEDORA-2015-6855",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
          },
          {
            "name": "HPSBMU03413",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "name": "73225",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73225"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "RHSA-2015:0715",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
        },
        {
          "name": "openSUSE-SU-2015:0554",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
        },
        {
          "name": "DSA-3197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3197"
        },
        {
          "name": "USN-2537-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2537-1"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "name": "FEDORA-2015-4303",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "https://support.apple.com/HT205212"
        },
        {
          "name": "APPLE-SA-2015-09-30-3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "FEDORA-2015-4300",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
        },
        {
          "name": "APPLE-SA-2015-06-30-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        },
        {
          "name": "FEDORA-2015-6951",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "https://access.redhat.com/articles/1384453"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "1032917",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032917"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "url": "https://support.apple.com/HT205267"
        },
        {
          "name": "HPSBUX03334",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202366"
        },
        {
          "name": "MDVSA-2015:063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
        },
        {
          "name": "SUSE-SU-2015:0541",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
        },
        {
          "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "RHSA-2015:0716",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
        },
        {
          "name": "HPSBGN03306",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
        },
        {
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "name": "FreeBSD-SA-15:06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "RHSA-2015:0752",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "SSRT102000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "APPLE-SA-2015-09-16-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FEDORA-2015-4320",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
        },
        {
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "FEDORA-2015-6855",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
        },
        {
          "name": "HPSBMU03413",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
        },
        {
          "name": "73225",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73225"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0286",
    "datePublished": "2015-03-19T00:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-7052
Vulnerability from cvelistv5
Published
2016-09-26 19:00
Modified
2024-08-06 01:50
Severity
Summary
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
References
URLTags
https://www.tenable.com/security/tns-2016-20x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://www.openssl.org/news/secadv/20160926.txtx_refsource_CONFIRM
https://security.gentoo.org/glsa/201612-16vendor-advisory, x_refsource_GENTOO
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6e629b5be45face20b4ca71c4fcbfed78b864a2ex_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_usx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21995039x_refsource_CONFIRM
http://www.securitytracker.com/id/1036885vdb-entry, x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlx_refsource_CONFIRM
https://www.tenable.com/security/tns-2016-16x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10171x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
https://www.tenable.com/security/tns-2016-19x_refsource_CONFIRM
https://bto.bluecoat.com/security-advisory/sa132x_refsource_CONFIRM
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.ascvendor-advisory, x_refsource_FREEBSD
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/93171vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.htmlvendor-advisory, x_refsource_SUSE
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:50:47.317Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160926.txt"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6e629b5be45face20b4ca71c4fcbfed78b864a2e"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "name": "1036885",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036885"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-19"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "name": "FreeBSD-SA-16:27",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "93171",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93171"
          },
          {
            "name": "SUSE-SU-2016:2470",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20160926.txt"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6e629b5be45face20b4ca71c4fcbfed78b864a2e"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "name": "1036885",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036885"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2016-19"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "name": "FreeBSD-SA-16:27",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "93171",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93171"
        },
        {
          "name": "SUSE-SU-2016:2470",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7052",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/tns-2016-20",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2016-20"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20160926.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20160926.txt"
            },
            {
              "name": "GLSA-201612-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201612-16"
            },
            {
              "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=6e629b5be45face20b4ca71c4fcbfed78b864a2e",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=6e629b5be45face20b4ca71c4fcbfed78b864a2e"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
            },
            {
              "name": "1036885",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036885"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2016-16",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2016-16"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2016-19",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2016-19"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa132",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa132"
            },
            {
              "name": "FreeBSD-SA-16:27",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "93171",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93171"
            },
            {
              "name": "SUSE-SU-2016:2470",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-7052",
    "datePublished": "2016-09-26T19:00:00",
    "dateReserved": "2016-08-23T00:00:00",
    "dateUpdated": "2024-08-06T01:50:47.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0705
Vulnerability from cvelistv5
Published
2016-03-03 00:00
Modified
2024-08-05 22:30
Severity
Summary
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
References
URLTags
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
http://source.android.com/security/bulletin/2016-05-01.html
https://access.redhat.com/errata/RHSA-2018:2713vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=146108058503441&w=2vendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6c88c71b4e4825c7bc0489306d062d017634eb88
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.ascvendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617
http://marc.info/?l=bugtraq&m=145889460330120&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=145983526810210&w=2vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
https://access.redhat.com/errata/RHSA-2018:2575vendor-advisory
http://www.ubuntu.com/usn/USN-2914-1vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.htmlvendor-advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404
http://openssl.org/news/secadv/20160301.txt
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-opensslvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://access.redhat.com/errata/RHSA-2018:2568vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441
http://www.debian.org/security/2016/dsa-3500vendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.htmlvendor-advisory
https://www.openssl.org/news/secadv/20160301.txt
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.securityfocus.com/bid/91787vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.htmlvendor-advisory
https://security.gentoo.org/glsa/201603-15vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlvendor-advisory
http://www.securitytracker.com/id/1035133vdb-entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.htmlvendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990
http://www.securityfocus.com/bid/83754vdb-entry
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:04.546Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2016-2802690366",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-05-01.html"
          },
          {
            "name": "RHSA-2018:2713",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2713"
          },
          {
            "name": "FEDORA-2016-e6807b3394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
          },
          {
            "name": "HPSBMU03575",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=146108058503441\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6c88c71b4e4825c7bc0489306d062d017634eb88"
          },
          {
            "name": "openSUSE-SU-2016:1332",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html"
          },
          {
            "name": "openSUSE-SU-2016:0638",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
          },
          {
            "name": "FreeBSD-SA-16:12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "SUSE-SU-2016:0621",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617"
          },
          {
            "name": "HPSBGN03563",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
          },
          {
            "name": "HPSBGN03569",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "name": "RHSA-2018:2575",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2575"
          },
          {
            "name": "USN-2914-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2914-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "SUSE-SU-2016:1057",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
          },
          {
            "name": "openSUSE-SU-2016:1566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20160301.txt"
          },
          {
            "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "RHSA-2018:2568",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2568"
          },
          {
            "name": "SUSE-SU-2016:0624",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441"
          },
          {
            "name": "DSA-3500",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3500"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
          },
          {
            "name": "SUSE-SU-2016:0631",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160301.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "SUSE-SU-2016:0617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "GLSA-201603-15",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201603-15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"
          },
          {
            "name": "openSUSE-SU-2016:0628",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
          },
          {
            "name": "1035133",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035133"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800"
          },
          {
            "name": "SUSE-SU-2016:0620",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "name": "openSUSE-SU-2016:0627",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
          },
          {
            "name": "83754",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/83754"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2016-2802690366",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
        },
        {
          "url": "http://source.android.com/security/bulletin/2016-05-01.html"
        },
        {
          "name": "RHSA-2018:2713",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2713"
        },
        {
          "name": "FEDORA-2016-e6807b3394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
        },
        {
          "name": "HPSBMU03575",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=146108058503441\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6c88c71b4e4825c7bc0489306d062d017634eb88"
        },
        {
          "name": "openSUSE-SU-2016:1332",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html"
        },
        {
          "name": "openSUSE-SU-2016:0638",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
        },
        {
          "name": "FreeBSD-SA-16:12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "SUSE-SU-2016:0621",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617"
        },
        {
          "name": "HPSBGN03563",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
        },
        {
          "name": "HPSBGN03569",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "name": "RHSA-2018:2575",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2575"
        },
        {
          "name": "USN-2914-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2914-1"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "SUSE-SU-2016:1057",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
        },
        {
          "name": "openSUSE-SU-2016:1566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404"
        },
        {
          "url": "http://openssl.org/news/secadv/20160301.txt"
        },
        {
          "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "name": "RHSA-2018:2568",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2568"
        },
        {
          "name": "SUSE-SU-2016:0624",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441"
        },
        {
          "name": "DSA-3500",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3500"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
        },
        {
          "name": "SUSE-SU-2016:0631",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160301.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "SUSE-SU-2016:0617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "GLSA-201603-15",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201603-15"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"
        },
        {
          "name": "openSUSE-SU-2016:0628",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
        },
        {
          "name": "1035133",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035133"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800"
        },
        {
          "name": "SUSE-SU-2016:0620",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "name": "openSUSE-SU-2016:0627",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
        },
        {
          "name": "83754",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/83754"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0705",
    "datePublished": "2016-03-03T00:00:00",
    "dateReserved": "2015-12-16T00:00:00",
    "dateUpdated": "2024-08-05T22:30:04.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6309
Vulnerability from cvelistv5
Published
2016-09-26 19:00
Modified
2024-08-06 01:29
Severity
Summary
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
References
URLTags
https://www.tenable.com/security/tns-2016-20x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://www.openssl.org/news/secadv/20160926.txtx_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_usx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21995039x_refsource_CONFIRM
http://www.securitytracker.com/id/1036885vdb-entry, x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlx_refsource_CONFIRM
https://www.tenable.com/security/tns-2016-16x_refsource_CONFIRM
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=acacbfa7565c78d2273c0b2a2e5e803f44afefebx_refsource_CONFIRM
http://www.securityfocus.com/bid/93177vdb-entry, x_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
https://bto.bluecoat.com/security-advisory/sa132x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:18.440Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160926.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "name": "1036885",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036885"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=acacbfa7565c78d2273c0b2a2e5e803f44afefeb"
          },
          {
            "name": "93177",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93177"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20160926.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "name": "1036885",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036885"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=acacbfa7565c78d2273c0b2a2e5e803f44afefeb"
        },
        {
          "name": "93177",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93177"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-6309",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/tns-2016-20",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2016-20"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20160926.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20160926.txt"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
            },
            {
              "name": "1036885",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036885"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2016-16",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2016-16"
            },
            {
              "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=acacbfa7565c78d2273c0b2a2e5e803f44afefeb",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=acacbfa7565c78d2273c0b2a2e5e803f44afefeb"
            },
            {
              "name": "93177",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93177"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa132",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa132"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6309",
    "datePublished": "2016-09-26T19:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:18.440Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0079
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:01
Severity
Summary
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
References
URLTags
http://www.securityfocus.com/bid/9899vdb-entry, x_refsource_BID
http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.htmlvendor-advisory, x_refsource_FEDORA
http://www.linuxsecurity.com/advisories/engarde_advisory-4135.htmlvendor-advisory, x_refsource_ENGARDE
http://marc.info/?l=bugtraq&m=108403806509920&w=2vendor-advisory, x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2004-121.htmlvendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2004:023vendor-advisory, x_refsource_MANDRAKE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621vdb-entry, signature, x_refsource_OVAL
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834vendor-advisory, x_refsource_CONECTIVA
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txtvendor-advisory, x_refsource_SCO
http://secunia.com/advisories/17381third-party-advisory, x_refsource_SECUNIA
http://www.uniras.gov.uk/vuls/2004/224012/index.htmx_refsource_MISC
http://fedoranews.org/updates/FEDORA-2004-095.shtmlvendor-advisory, x_refsource_FEDORA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975vdb-entry, signature, x_refsource_OVAL
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524vendor-advisory, x_refsource_SUNALERT
http://www.novell.com/linux/security/advisories/2004_07_openssl.htmlvendor-advisory, x_refsource_SUSE
http://lists.apple.com/mhonarc/security-announce/msg00045.htmlx_refsource_CONFIRM
http://www.openssl.org/news/secadv_20040317.txtx_refsource_CONFIRM
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.ascvendor-advisory, x_refsource_FREEBSD
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.ascvendor-advisory, x_refsource_NETBSD
http://www.ciac.org/ciac/bulletins/o-101.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
http://www.us-cert.gov/cas/techalerts/TA04-078A.htmlthird-party-advisory, x_refsource_CERT
http://secunia.com/advisories/17401third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2005-829.htmlvendor-advisory, x_refsource_REDHAT
http://support.avaya.com/elmodocs2/security/ASA-2005-239.htmx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-830.htmlvendor-advisory, x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-200403-03.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/11139third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2004-120.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=107953412903636&w=2mailing-list, x_refsource_BUGTRAQ
http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_USx_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/17398third-party-advisory, x_refsource_SECUNIA
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961vendor-advisory, x_refsource_SLACKWARE
http://www.redhat.com/support/errata/RHSA-2004-139.htmlvendor-advisory, x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/15505vdb-entry, x_refsource_XF
http://www.trustix.org/errata/2004/0012vendor-advisory, x_refsource_TRUSTIX
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtmlvendor-advisory, x_refsource_CISCO
http://docs.info.apple.com/article.html?artnum=61798x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/288574third-party-advisory, x_refsource_CERT-VN
http://www.debian.org/security/2004/dsa-465vendor-advisory, x_refsource_DEBIAN
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/18247third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770vdb-entry, signature, x_refsource_OVAL
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:01:23.689Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "9899",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9899"
          },
          {
            "name": "FEDORA-2005-1042",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
          },
          {
            "name": "ESA-20040317-003",
            "tags": [
              "vendor-advisory",
              "x_refsource_ENGARDE",
              "x_transferred"
            ],
            "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
          },
          {
            "name": "SSRT4717",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
          },
          {
            "name": "RHSA-2004:121",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
          },
          {
            "name": "MDKSA-2004:023",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
          },
          {
            "name": "oval:org.mitre.oval:def:2621",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
          },
          {
            "name": "CLA-2004:834",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
          },
          {
            "name": "SCOSA-2004.10",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
          },
          {
            "name": "17381",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17381"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
          },
          {
            "name": "FEDORA-2004-095",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
          },
          {
            "name": "oval:org.mitre.oval:def:9779",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
          },
          {
            "name": "oval:org.mitre.oval:def:975",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
          },
          {
            "name": "57524",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
          },
          {
            "name": "SuSE-SA:2004:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20040317.txt"
          },
          {
            "name": "FreeBSD-SA-04:05",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
          },
          {
            "name": "NetBSD-SA2004-005",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
          },
          {
            "name": "O-101",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
          },
          {
            "name": "TA04-078A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
          },
          {
            "name": "17401",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17401"
          },
          {
            "name": "RHSA-2005:829",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
          },
          {
            "name": "oval:org.mitre.oval:def:870",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
          },
          {
            "name": "RHSA-2005:830",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
          },
          {
            "name": "GLSA-200403-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
          },
          {
            "name": "11139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/11139"
          },
          {
            "name": "RHSA-2004:120",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
          },
          {
            "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
          },
          {
            "name": "APPLE-SA-2005-08-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
          },
          {
            "name": "17398",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17398"
          },
          {
            "name": "SSA:2004-077",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
          },
          {
            "name": "RHSA-2004:139",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
          },
          {
            "name": "openssl-dochangecipherspec-dos(15505)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
          },
          {
            "name": "2004-0012",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2004/0012"
          },
          {
            "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=61798"
          },
          {
            "name": "VU#288574",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/288574"
          },
          {
            "name": "DSA-465",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-465"
          },
          {
            "name": "APPLE-SA-2005-08-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
          },
          {
            "name": "18247",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18247"
          },
          {
            "name": "oval:org.mitre.oval:def:5770",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-03-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "9899",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9899"
        },
        {
          "name": "FEDORA-2005-1042",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
        },
        {
          "name": "ESA-20040317-003",
          "tags": [
            "vendor-advisory",
            "x_refsource_ENGARDE"
          ],
          "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
        },
        {
          "name": "SSRT4717",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
        },
        {
          "name": "RHSA-2004:121",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
        },
        {
          "name": "MDKSA-2004:023",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
        },
        {
          "name": "oval:org.mitre.oval:def:2621",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
        },
        {
          "name": "CLA-2004:834",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
        },
        {
          "name": "SCOSA-2004.10",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
        },
        {
          "name": "17381",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17381"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
        },
        {
          "name": "FEDORA-2004-095",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
        },
        {
          "name": "oval:org.mitre.oval:def:9779",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
        },
        {
          "name": "oval:org.mitre.oval:def:975",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
        },
        {
          "name": "57524",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
        },
        {
          "name": "SuSE-SA:2004:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20040317.txt"
        },
        {
          "name": "FreeBSD-SA-04:05",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
        },
        {
          "name": "NetBSD-SA2004-005",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
        },
        {
          "name": "O-101",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
        },
        {
          "name": "TA04-078A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
        },
        {
          "name": "17401",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17401"
        },
        {
          "name": "RHSA-2005:829",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
        },
        {
          "name": "oval:org.mitre.oval:def:870",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
        },
        {
          "name": "RHSA-2005:830",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
        },
        {
          "name": "GLSA-200403-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
        },
        {
          "name": "11139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/11139"
        },
        {
          "name": "RHSA-2004:120",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
        },
        {
          "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
        },
        {
          "name": "APPLE-SA-2005-08-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
        },
        {
          "name": "17398",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17398"
        },
        {
          "name": "SSA:2004-077",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
        },
        {
          "name": "RHSA-2004:139",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
        },
        {
          "name": "openssl-dochangecipherspec-dos(15505)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
        },
        {
          "name": "2004-0012",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2004/0012"
        },
        {
          "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=61798"
        },
        {
          "name": "VU#288574",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/288574"
        },
        {
          "name": "DSA-465",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-465"
        },
        {
          "name": "APPLE-SA-2005-08-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
        },
        {
          "name": "18247",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18247"
        },
        {
          "name": "oval:org.mitre.oval:def:5770",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0079",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "9899",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "FEDORA-2005-1042",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
            },
            {
              "name": "ESA-20040317-003",
              "refsource": "ENGARDE",
              "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
            },
            {
              "name": "SSRT4717",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "MDKSA-2004:023",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
            },
            {
              "name": "oval:org.mitre.oval:def:2621",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
            },
            {
              "name": "CLA-2004:834",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "refsource": "SCO",
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "name": "17381",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17381"
            },
            {
              "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
              "refsource": "MISC",
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "FEDORA-2004-095",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
            },
            {
              "name": "oval:org.mitre.oval:def:9779",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
            },
            {
              "name": "oval:org.mitre.oval:def:975",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
            },
            {
              "name": "57524",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "SuSE-SA:2004:007",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
            },
            {
              "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
              "refsource": "CONFIRM",
              "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20040317.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20040317.txt"
            },
            {
              "name": "FreeBSD-SA-04:05",
              "refsource": "FREEBSD",
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
            },
            {
              "name": "NetBSD-SA2004-005",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
            },
            {
              "name": "O-101",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
            },
            {
              "name": "TA04-078A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "17401",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17401"
            },
            {
              "name": "RHSA-2005:829",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
            },
            {
              "name": "oval:org.mitre.oval:def:870",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
            },
            {
              "name": "RHSA-2005:830",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
            },
            {
              "name": "GLSA-200403-03",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "11139",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
            },
            {
              "name": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US",
              "refsource": "CONFIRM",
              "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
            },
            {
              "name": "APPLE-SA-2005-08-15",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
            },
            {
              "name": "17398",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17398"
            },
            {
              "name": "SSA:2004-077",
              "refsource": "SLACKWARE",
              "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
            },
            {
              "name": "RHSA-2004:139",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
            },
            {
              "name": "openssl-dochangecipherspec-dos(15505)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
            },
            {
              "name": "2004-0012",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=61798",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=61798"
            },
            {
              "name": "VU#288574",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/288574"
            },
            {
              "name": "DSA-465",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-465"
            },
            {
              "name": "APPLE-SA-2005-08-17",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
            },
            {
              "name": "18247",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18247"
            },
            {
              "name": "oval:org.mitre.oval:def:5770",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0079",
    "datePublished": "2004-03-18T05:00:00",
    "dateReserved": "2004-01-19T00:00:00",
    "dateUpdated": "2024-08-08T00:01:23.689Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

var-200110-0192
Vulnerability from variot

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0192",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "jre 011",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 011",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 010",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 010",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 013",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 014",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": "sdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 15",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 015",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jdk 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jdk 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "jre 1.4.2 12",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "sdk 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre .0 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "sdk 07",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk b 005",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "sdk 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk .0 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk .0 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk .0 4",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk 008",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2"
      },
      {
        "model": "sdk 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre .0 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 015",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "sdk 012",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 014",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 009",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": "jre 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jdk 003",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk .0 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "sdk 13",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre .0 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jdk 006",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk 05",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk .0 03",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sybase",
        "version": "3.1"
      },
      {
        "model": "jdk 06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre b 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jdk 002",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 008",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 004",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 009",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "jdk 004",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "sdk 013",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk b 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "jre 012",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 009",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.5"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.1"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.9"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "java system web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.10"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.5"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "5.2.2"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ffi global fix lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "java web proxy server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.6"
      },
      {
        "model": "2-stable-20061018",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "jre b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "4,0 beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "jre .0 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "software opera web browser 1win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "jdk 09",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "7.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "6.2.3"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.51"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "sdk 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "java web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "thunderbird",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.5"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "jdk 1.5.0.0 06",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "one application server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "java system web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "sdk 04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.6"
      },
      {
        "model": "thunderbird",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.7"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "java system web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "solonde etl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.6"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "jsse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.2"
      },
      {
        "model": "one web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.54"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "one web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.51"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "one web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.1"
      },
      {
        "model": "java system web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "www-client/opera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gentoo",
        "version": "9.0.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.3"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.10"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.12"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.4"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "sdk 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.02"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-release-p32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.1.1"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5.1"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "jre 01a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "reflection ftp client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "12.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "ffi global fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.1"
      },
      {
        "model": "jsse 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "java system web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "java system application server 2004q2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "java web proxy server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "jre 009",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.52"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "jre b 005",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "jsse 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "jre 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "international cryptographic infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.7.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.54"
      },
      {
        "model": "software opera web browser beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "83"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.53"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.21"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "java system web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "data auditing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.5.3"
      },
      {
        "model": "openoffice",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.2"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "-release-p42",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "java system application server 2004q2 r1standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "seamonkey",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.5"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.0"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "data direct odbc/ole-db drivers for ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "java system web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "communications security tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "global fix lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.3"
      },
      {
        "model": "software opera web browser win32 beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.01"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.7"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.22"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.4"
      },
      {
        "model": "virtualvault a.04.50",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "jdk 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "integrated management",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "jre 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "one web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.2.1"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.1"
      },
      {
        "model": "jdk 1.5.0.0 04",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "java system web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.5"
      },
      {
        "model": "tomboy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "one application server platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "x0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "ecda",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.6"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.2"
      },
      {
        "model": "software opera web browser j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "solaris 8 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.1"
      },
      {
        "model": "one web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.50"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.06"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "ecda",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "sdk 05a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "java web proxy server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "software opera web browser beta build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.2012981"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "9"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.2"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "sdk 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.53"
      },
      {
        "model": "reflection sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.1"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "current pre20010701",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "jdk b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "-release-p38",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.13"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "corp banking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "java system application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "tomboy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.9"
      },
      {
        "model": "one web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.10"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.5"
      },
      {
        "model": "java system application server 2004q2 r1enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "jdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "seamonkey",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.3"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.1"
      },
      {
        "model": "-release-p17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "9.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0.4"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser .6win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "data integration suite di",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.0"
      },
      {
        "model": "linux enterprise sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.14"
      },
      {
        "model": "java web proxy server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "java system application server platform edition q1 ur1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "data auditing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.5.2"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.1"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.4"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.2"
      },
      {
        "model": "stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "java system web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "sdk 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "4.10-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "java enterprise system 2005q1",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "reflection sftp client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "solaris 8 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "java system application server platform edition q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "iq extended enterpirse edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.7"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "jdk 13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "java system application server standard 2004q2 r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "sdk 07a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "interactive response",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.1"
      },
      {
        "model": "software opera web browser mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.1"
      },
      {
        "model": "java system application server enterprise edition 2005q1rhel2.1/rhel3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "international cryptographic infostructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.6.1"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.8"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "software opera web browser b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "project openssl k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "java system application server standard 2004q2 r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "9.01"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "java system application server 2004q2 r2 enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java system web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "current august",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "232006"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "jre 05a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "sdk 007",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "one web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.2"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.3"
      },
      {
        "model": "jdk 15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "cvlan",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "jre 099",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "java system application server 2004q2 r3 enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java enterprise system 2003q4",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "java system application server 2004q2 r3 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "jre beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.10"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "java system application server 2004q2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20090"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "3.1 rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "e-biz impact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.5"
      },
      {
        "model": "ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "11.5"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.02"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "java system application server enterprise 2004q2 r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "-release-p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "8.0"
      },
      {
        "model": "one web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "jre 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "jre 13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "10.5"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "jdk 12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "mach desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "jdk 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "advanced linux environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "secure global desktop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.0.2"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.4"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "one web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "7.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "java system application server standard platform q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.52"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3)4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "webproxy a.02.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.2"
      },
      {
        "model": "java system application server enterprise 2004q2 r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "java system web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "java system web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "one web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "project openssl c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bpi for healthcare",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2"
      },
      {
        "model": "jdk 099",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 006",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "10.2.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.13"
      },
      {
        "model": "webproxy a.02.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "virtualvault a.04.70",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "11.0"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "e-biz impact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.4.5"
      },
      {
        "model": "java system application server enterprise edition q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "jdk 1.5.0.0 03",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.3-1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "jdk 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "ffi uofx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.50"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.0"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "java web proxy server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "reflection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0.5"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "seamonkey",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.6"
      },
      {
        "model": "ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5.2"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.4"
      },
      {
        "model": "jsse 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "one web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "e1.0-solid",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.2"
      },
      {
        "model": "-release/alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "ffi bptw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "java web proxy server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "java system application server 2004q2 r2 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.2"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "virtualvault a.04.60",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.3"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "10.0"
      },
      {
        "model": "java enterprise system 2005q4",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "hat fedora core5",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "one web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "sdk 01a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "solaris 9 x86 update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0.x"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "network security services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.11.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "jre 004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.23"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "8.1"
      },
      {
        "model": "legion of the bouncy castle java cryptography api",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "the",
        "version": "1.37"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "-stablepre2002-03-07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.0"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.2"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1"
      },
      {
        "model": "thunderbird",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.8"
      },
      {
        "model": "ffi cons banking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "java enterprise system 2004q2",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "securefx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "van dyke",
        "version": "4.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "java system web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.5"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "software opera web browser 3win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "java web proxy server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.0"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "jre 09",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "software opera web browser 2win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.01"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.8"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.7"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "bpi for healthcare",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2.1"
      },
      {
        "model": "java web proxy server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "sdk .0 05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.20"
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "java system web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.14"
      },
      {
        "model": "sdk .0 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.12"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3"
      },
      {
        "model": "jre .0 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.3.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "mfolio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.2.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.11"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "jdk 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "software opera web browser win32 beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.02"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.6"
      },
      {
        "model": "firefox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.8"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.11"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "jsse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "current pre20010805",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "java web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.0"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "legion of the bouncy castle java cryptography api",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "the",
        "version": "1.38"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "java system web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "java web proxy server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "solaris update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "95"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "solonde etl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "vshell",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "van dyke",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "interactive response",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.3"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andy Davis advisories@irmplc.com\u203bVicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es\u203bAlexander Kornbrust ak@red-database-security.com David Litchfield",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-4339",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4339",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#594904",
            "trust": 0.8,
            "value": "0.63"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-044",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. \nAn attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. \nAll versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "BID",
        "id": "19849"
      }
    ],
    "trust": 3.33
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 2.1
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "19849",
        "trust": 1.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "25399",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22936",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23841",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21785",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22325",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21870",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22044",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22934",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22689",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22036",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22509",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21927",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22939",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "28115",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22446",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22733",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22938",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21852",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22932",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21873",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22711",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22066",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "60799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "38567",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22937",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "41818",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21930",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "38568",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21776",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22523",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25649",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21982",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21767",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21906",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22232",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22513",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21846",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22949",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21823",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22161",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22940",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26893",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22226",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21778",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23455",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22948",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21812",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22585",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22545",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24099",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-4224",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4366",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3793",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4586",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4216",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-5146",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3899",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4205",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3730",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4206",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1945",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4744",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0366",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0254",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3453",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4207",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3748",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3566",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1815",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2163",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1016791",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000079",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "28549",
        "trust": 1.0
      },
      {
        "db": "JVN",
        "id": "JVN51615542",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1017143",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22646",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "id": "VAR-200110-0192",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.32525984999999996
  },
  "last_update_date": "2024-07-23T21:57:58.746000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "OOo_3.2.1_Win_x86_install-wJRE_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3189"
      },
      {
        "title": "OOo_3.2.0_Linux_x86-64_install-deb_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3193"
      },
      {
        "title": "OOo_3.2.0_Linux_x86-64_install-rpm-wJRE_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3192"
      },
      {
        "title": "OOo_3.2.1_Linux_x86_install-deb_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3191"
      },
      {
        "title": "OOo_3.2.0_Solaris_x86_install-wJRE_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3195"
      },
      {
        "title": "OOo_3.2.1_Linux_x86_install-rpm-wJRE_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3190"
      },
      {
        "title": "OOo_3.2.0_MacOS_x86_install_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3194"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 1.3,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=3117"
      },
      {
        "trust": 1.3,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-188.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://support.attachmate.com/techdocs/2137.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.openssl.org/news/secadv_20060905.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.openoffice.org/security/cves/cve-2006-4339.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.bluecoat.com/support/knowledge/openssl_rsa_signature_forgery.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/845620"
      },
      {
        "trust": 1.3,
        "url": "http://docs.info.apple.com/article.html?artnum=307177"
      },
      {
        "trust": 1.3,
        "url": "https://secure-support.novell.com/kanisaplatform/publishing/41/3143224_f.sal_public.html"
      },
      {
        "trust": 1.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1"
      },
      {
        "trust": 1.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "trust": 1.3,
        "url": "http://www.sybase.com/detail?id=1047991"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://dev2dev.bea.com/pub/advisory/238"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c01070495"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://jvn.jp/en/jp/jvn51615542/index.html"
      },
      {
        "trust": 1.0,
        "url": "http://jvndb.jvn.jp/ja/contents/2012/jvndb-2012-000079.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2007/dec/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21709"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21767"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21776"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21778"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21785"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21812"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21823"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21846"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21852"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21870"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21873"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21906"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21927"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21982"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22036"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22044"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22066"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22161"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22226"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22232"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22325"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22446"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22509"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22513"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22523"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22545"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22585"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22689"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22711"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22733"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22932"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22934"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22936"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22937"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22938"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22939"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22940"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22948"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22949"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23455"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23841"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24099"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25399"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25649"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26893"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/28115"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/38567"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/38568"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/41818"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/60799"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:19.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200609-05.xml"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200609-18.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016791"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.566955"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.605306"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2127.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2128.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/40ak-2006-04-fr-1.1_ssl360_openssl_rsa.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1174"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:161"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:207"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_61_opera.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openbsd.org/errata.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.com/security/advisories/openpkg-sa-2006.018.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.029-bind.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.opera.com/support/search/supsearch.dml?index=845"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/28549"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0661.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0062.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0072.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0073.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/445231/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/445822/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/450327/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/19849"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-339-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.us.debian.org/security/2006/dsa-1173"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3453"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3566"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3730"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3748"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3793"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3899"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4205"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4206"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4207"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4216"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4366"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4586"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4744"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/5146"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0254"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1815"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1945"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2163"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/4224"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2010/0366"
      },
      {
        "trust": 1.0,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00771742"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28755"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-1633"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-616"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11656"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.sun.com/software/products/appsrvr/index.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.sun.com/download/products.xml?id=438cfb75"
      },
      {
        "trust": 0.8,
        "url": "http://www.sun.com/download/products.xml?id=43a84f89"
      },
      {
        "trust": 0.8,
        "url": "http://www.mozilla.org/projects/security/pki/nss/"
      },
      {
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102670-1 "
      },
      {
        "trust": 0.8,
        "url": "http://en.wikipedia.org/wiki/ssl"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/4299 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1017143 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22646 "
      },
      {
        "trust": 0.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1\u0026searchclause="
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.3,
        "url": "http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-196.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-224.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-246.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.cdc.informatik.tu-darmstadt.de/securebrowser/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
      },
      {
        "trust": 0.3,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2006-023.txt.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-451.php"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0735.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0661.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0675.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0676.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0677.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0733.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0734.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/44ak-2006-04-en-1.1_ssl360_openssl_rsa.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www1.vandyke.com/support/advisory/2007/01/845620.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.slackware.com/security/list.php?l=slackware-security\u0026y=2006"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "/archive/1/446038"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2007-091.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-250.htm"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?admit=-1335382922+1174502331230+28353475\u0026docid=c00774579"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-january/051708.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2007-0062.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2007-0072.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/594904"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "date": "2006-09-05T00:00:00",
        "db": "BID",
        "id": "19849"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "date": "2006-09-05T17:04:00",
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "date": "2015-03-19T08:19:00",
        "db": "BID",
        "id": "19849"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "date": "2018-10-17T21:35:10.617000",
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      }
    ],
    "trust": 0.6
  }
}

var-200609-0828
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)

files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02824490 Version: 1

HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-05-05 Last Updated: 2011-05-05

Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications.

References: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html

CSWS_PHP V2.2 http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html

HISTORY Version:1 (rev.1) - 5 May 2011 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0828",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.2.6-p1"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.3.2-p1"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-2937",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02824490\nVersion: 1\n\nHPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-05-05\nLast Updated: 2011-05-05\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. \n\nReferences: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \n http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html\n\nCSWS_PHP V2.2\n http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html\n\nHISTORY\nVersion:1 (rev.1) - 5 May 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n    -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n    -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      }
    ],
    "trust": 5.67
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 3.7
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200609-0828",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-03-31T07:11:43.681000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "BIND 9: OpenSSL Vulnerabilities",
        "trust": 0.8,
        "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "title": "102759",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.6,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 1.2,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.2,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2011-05-10T00:45:11",
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  }
}

var-201408-0089
Vulnerability from variot

Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function. OpenSSL is prone to a denial-of-service vulnerability. Attackers may exploit this issue to cause a memory leak, resulting in a denial-of-service condition. The following versions are vulnerable: OpenSSL 0.9.8 versions prior to 0.9.8zb. OpenSSL 1.0.0 versions prior to 1.0.0n. OpenSSL 1.0.1 versions prior to 1.0.1i. - The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. Corrected: 2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE) 2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8) 2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE) 2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1) 2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11) 2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18) 2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE) 2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15) CVE Name: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510, CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project.

II. [CVE-2014-5139]

III. Additionally, a remote attacker may be able to run arbitrary code on a vulnerable system if the application has been set up for SRP.

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.0]

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc

gpg --verify openssl-10.0.patch.asc

[FreeBSD 9.3]

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc

gpg --verify openssl-9.3.patch.asc

[FreeBSD 9.2, 9.1, 8.4]

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc

gpg --verify openssl-9.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

3) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r269687 releng/8.4/ r271305 stable/9/ r269687 releng/9.1/ r271305 releng/9.2/ r271305 releng/9.3/ r271305 stable/10/ r269686 releng/10.0/ r271304

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII.

Detailed descriptions of the vulnerabilities can be found at: https://www.openssl.org/news/secadv_20140806.txt

It's important that you upgrade the libssl1.0.0 package and not just the openssl package. Alternatively, you may reboot your system.

For the testing distribution (jessie), these problems will be fixed soon. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04426586

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04426586 Version: 1

HPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS) or Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-09-12 Last Updated: 2014-09-12

Potential Security Impact: Remote Denial of Service (DoS), disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL.

References:

CVE-2014-3505 - Remote Denial of Service (DoS) CVE-2014-3506 - Remote Denial of Service (DoS) CVE-2014-3507 - Remote Denial of Service (DoS) CVE-2014-3508 - Remote Disclosure of Information CVE-2014-3510 - Remote Denial of Service (DoS)

SSRT101686

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL Version 1.4-476 and earlier for OpenVMS

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-3505 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3506 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3507 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3510 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software update available to resolve the vulnerabilities with HP OpenVMS running OpenSSL. 

HP SSL Version 1.4-493 for OpenVMS is available from the following

location:

    http://h71000.www7.hp.com/openvms/products/ssl/ssl.html

HISTORY Version:1 (rev.1) - 12 September 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2014:1052-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1052.html Issue date: 2014-08-13 CVE Names: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.

A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code. (CVE-2014-3509)

It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3508)

A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. (CVE-2014-3511)

Multiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507)

A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. (CVE-2014-3510)

All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm

x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm

ppc64: openssl-1.0.1e-16.el6_5.15.ppc.rpm openssl-1.0.1e-16.el6_5.15.ppc64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.ppc.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm openssl-devel-1.0.1e-16.el6_5.15.ppc.rpm openssl-devel-1.0.1e-16.el6_5.15.ppc64.rpm

s390x: openssl-1.0.1e-16.el6_5.15.s390.rpm openssl-1.0.1e-16.el6_5.15.s390x.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.s390.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm openssl-devel-1.0.1e-16.el6_5.15.s390.rpm openssl-devel-1.0.1e-16.el6_5.15.s390x.rpm

x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm openssl-perl-1.0.1e-16.el6_5.15.ppc64.rpm openssl-static-1.0.1e-16.el6_5.15.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm openssl-perl-1.0.1e-16.el6_5.15.s390x.rpm openssl-static-1.0.1e-16.el6_5.15.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm

x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-34.el7_0.4.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-34.el7_0.4.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-34.el7_0.4.src.rpm

ppc64: openssl-1.0.1e-34.el7_0.4.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.4.ppc.rpm openssl-devel-1.0.1e-34.el7_0.4.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.4.ppc.rpm openssl-libs-1.0.1e-34.el7_0.4.ppc64.rpm

s390x: openssl-1.0.1e-34.el7_0.4.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm openssl-devel-1.0.1e-34.el7_0.4.s390.rpm openssl-devel-1.0.1e-34.el7_0.4.s390x.rpm openssl-libs-1.0.1e-34.el7_0.4.s390.rpm openssl-libs-1.0.1e-34.el7_0.4.s390x.rpm

x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.4.ppc64.rpm openssl-static-1.0.1e-34.el7_0.4.ppc.rpm openssl-static-1.0.1e-34.el7_0.4.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm openssl-perl-1.0.1e-34.el7_0.4.s390x.rpm openssl-static-1.0.1e-34.el7_0.4.s390.rpm openssl-static-1.0.1e-34.el7_0.4.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-34.el7_0.4.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2014-3505.html https://www.redhat.com/security/data/cve/CVE-2014-3506.html https://www.redhat.com/security/data/cve/CVE-2014-3507.html https://www.redhat.com/security/data/cve/CVE-2014-3508.html https://www.redhat.com/security/data/cve/CVE-2014-3509.html https://www.redhat.com/security/data/cve/CVE-2014-3510.html https://www.redhat.com/security/data/cve/CVE-2014-3511.html https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20140806.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFT69raXlSAg2UNWIIRAiQAAKCbp6Iou4mHuootBfgs0jm7zP/wWACgt50C pHXxupQnHYYH+zJFOmk5u8o= =DwUW -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

The updated packages have been upgraded to the 1.0.0n version where these security flaws has been fixed.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510 http://www.openssl.org/news/secadv_20140806.txt

Updated Packages:

Mandriva Business Server 1/X86_64: 17007f558e739eb863c8507d520ffbc9 mbs1/x86_64/lib64openssl1.0.0-1.0.0n-1.mbs1.x86_64.rpm f810bbe20b2de26cb99d13ddaf0ac2fa mbs1/x86_64/lib64openssl-devel-1.0.0n-1.mbs1.x86_64.rpm 54d87a61ca0440dc5f344931de1ff43e mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0n-1.mbs1.x86_64.rpm 5b1748370e5a855cc31d3eec7673da5e mbs1/x86_64/lib64openssl-static-devel-1.0.0n-1.mbs1.x86_64.rpm 7e19a555629b4a2d3d4533be7786ce5e mbs1/x86_64/openssl-1.0.0n-1.mbs1.x86_64.rpm a9e74f2bab2878f601cfb44620c76dbb mbs1/SRPMS/openssl-1.0.0n-1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFT5HsDmqjQ0CJFipgRAhA5AJ0ZoDe2+SA7K7xk+NZLedQBVoFVvgCffPW9 5geoq7aMnxbnw5eTuuH+iIs= =CK7e -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2308-1 August 07, 2014

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain applications, an attacker may use this issue to possibly gain access to sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.5

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.17

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.20

After a standard system update you need to reboot your computer to make all the necessary changes.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz 3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: 3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz 075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz 92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: df5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz 582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz b80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz 0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz

Slackware 14.0 packages: d1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz ec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz 25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz 4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: f2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz 4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz

Slackware -current packages: 49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz 27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz

Slackware x86_64 -current packages: 8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz fd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014] ========================================

Information leak in pretty printing functions (CVE-2014-3508)

A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.

Thanks to Ivan Fratric (Google) for discovering this issue. This issue was reported to OpenSSL on 19th June 2014.

The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL development team. This can be exploited through a Denial of Service attack.

OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. This issue was reported to OpenSSL on 2nd July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. This issue was reported to OpenSSL on 8th July 2014.

The fix was developed by Gabor Tyukasz.

Double Free when processing DTLS packets (CVE-2014-3505)

An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack.

Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley. This can be exploited through a Denial of Service attack.

Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley. This can be exploited through a Denial of Service attack.

Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley.

OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages.

OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.

Thanks to Felix Gröbert (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 18th July 2014.

The fix was developed by Emilia Käsper of the OpenSSL development team.

OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.

Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 21st July 2014.

The fix was developed by David Benjamin.

SRP buffer overrun (CVE-2014-3512)

A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.

Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC Group) for discovering this issue. This issue was reported to OpenSSL on 31st July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20140806.txt

Note: the online version of the advisory may be updated with additional details over time

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0089",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8u"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8t"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8y"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8za"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8w"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8 thats all  0.9.8zb"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0 thats all  1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1 thats all  1.0.1i"
      },
      {
        "model": "hp virtual connect",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "8gb 24 port fiber channel module  3.00   (vc ( virtual connect ) 4.40  )"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "8.4-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "10.0-beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "-release-p2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "8.4-release-p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.8"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "big-ip webaccelerator hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "8.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "9.2-release-p11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "vios fp-25 sp-02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.4"
      },
      {
        "model": "9.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.3-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7530061.121.225.06100"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "7.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.4-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip asm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "7.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge gateway hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "idatplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2407863"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "idatplex dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79180"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x35007383"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "78450"
      },
      {
        "model": "release-p4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "72250"
      },
      {
        "model": "10.0-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "9.1-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2207906"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "megaraid storage manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "15.03.01.00"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "hp-ux b.11.23 (11i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v2)"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip webaccelerator hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "-release/alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "8.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.1"
      },
      {
        "model": "9.2-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5"
      },
      {
        "model": "2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "78350"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "9.1--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "idatplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "6.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "9.3-beta3-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "72200"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "57350"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7556061.121.225.06100"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "9.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "-stablepre2001-07-20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5855072.060.134.32804"
      },
      {
        "model": "8.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "6.3-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "9.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.0"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x33007382"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "7.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "7.0-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.0-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "78300"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x638370"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "big-ip ltm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "9.1-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "7.1-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "7.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75300"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "9.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7955"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "nextscale nx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54550"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "7.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.2x"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "7.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.0-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "8.4-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2408738"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5875072.060.134.32804"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "8.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75450"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0.x"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.3-rc",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "9.3-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "8.4-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.0-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9301072.180.134.32804"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.7"
      },
      {
        "model": "big-ip edge gateway hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "-pre-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079150"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75560"
      },
      {
        "model": "8.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "enterprise linux load balancer eus 6.5.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "9.2-rc2-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "58750"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.2-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x35507914"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.1"
      },
      {
        "model": "8.3-release-p15",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "9.1-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "9.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.3"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.5"
      },
      {
        "model": "7.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.2-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.3x"
      },
      {
        "model": "9.3-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "8.3-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "-stablepre2002-03-07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087330"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.2"
      },
      {
        "model": "8.3-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.6.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "7.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.3"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "8.3-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.2-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "7.3-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "6.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand workflow automation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "oncommand unified manager core package 5.2.1p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "89000"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "8.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "7.4-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "big-ip edge gateway hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "8.3-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2202585"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "10.0-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "9.1-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "9.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.21"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75250"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "open systems snapvault 3.0.1p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.5"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7525061.121.225.06100"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.1"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-release-p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "9.3-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge gateway hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7835072.010.134.32804"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "8-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2227916"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "-release-p6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "8.4-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "8.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "8.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "7.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "8.4-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2-"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip wom hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "9.1-release-p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip analytics 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "10.0-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "7.3-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.4x"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0.x"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "7.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.3"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "10.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "hp-ux b.11.11 (11i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v1)"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.7"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.3"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.4"
      },
      {
        "model": "6.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x8804259"
      },
      {
        "model": "10.0-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge gateway hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.1-release-p15",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-493"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.21"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "7.0-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1.5.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x37508752"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "8700072.161.134.32804"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.3"
      },
      {
        "model": "8.2-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.3-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "8.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "6.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "9.2-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5x"
      },
      {
        "model": "8.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "-release-p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release-p32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "7.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x36307158"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "workcentre",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5745061.132.224.35203"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "campaign",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7830072.010.134.32804"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.0-release-p8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "93020"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "8.1-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "bladecenter advanced management module 3.66g",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "8.4-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "58550"
      },
      {
        "model": "contact optimization",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "8900072.161.134.32804"
      },
      {
        "model": "9.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.1x"
      },
      {
        "model": "9.3-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2408737"
      },
      {
        "model": "9.0--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "9.2-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.2"
      },
      {
        "model": "7.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0.x"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9302072.180.134.32804"
      },
      {
        "model": "9.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "3655072.060.134.32804"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "release -p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2-"
      },
      {
        "model": "8.4-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.1-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "57550"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "9.3-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tivoli netcool system service monitor fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2x"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "7.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.0"
      },
      {
        "model": "9.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "8-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "7.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "8.2-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x32502583"
      },
      {
        "model": "9.2-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "-release-p38",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.15"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "93030"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.4"
      },
      {
        "model": "workcentre",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5755061.132.224.35203"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.2"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "8.4-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7225072.030.134.32804"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x31002582"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "6.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1.5"
      },
      {
        "model": "9.2-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.4"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "58450"
      },
      {
        "model": "10.0-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.6"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5845072.060.134.32804"
      },
      {
        "model": "8.4-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.21"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1x"
      },
      {
        "model": "9.3-release-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "8.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "8.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tssc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.16"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "workcentre",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5740061.132.224.35203"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "57450"
      },
      {
        "model": "8.1-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.5"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "big-ip psm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.7.1"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "87000"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "9.1-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310054570"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x35307160"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.2"
      },
      {
        "model": "9.2-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6.1"
      },
      {
        "model": "7.2-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "9.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "7.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "flashsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8400"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "36550"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "release p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.3--"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7535061.121.225.06100"
      },
      {
        "model": "release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "9.1-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.1-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.00"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release-p10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087180"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "66550"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.3-beta1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "cms r17ac.g",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "78550"
      },
      {
        "model": "idatplex dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79190"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x638370"
      },
      {
        "model": "10.0-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "57400"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "10.0-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "hp-ux b.11.31 (11i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v3)"
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2408956"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8731"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "93010"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x8807903"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "9.2-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "8.4-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip analytics hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "system m4 hd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x36305466"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "-release-p17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "7.0-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "9.1-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7845072.040.134.32804"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7545061.121.225.06100"
      },
      {
        "model": "10.0-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x4407917"
      },
      {
        "model": "flashsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v8400"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system m4 hd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x36505460"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087220"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8734"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "model": "storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "79700"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "9.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7970072.200.134.32804"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75350"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7220072.030.134.32804"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "cms r17ac.h",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "contact optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9303072.180.134.32804"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "workcentre",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5735061.132.224.35203"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "big-ip edge gateway hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "9.2-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "8.2-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325054580"
      },
      {
        "model": "-release-p42",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "big-ip edge gateway hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7855072.040.134.32804"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "6655072.060.134.32804"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "6.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "6.4-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "69078"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003811"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-131"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3507"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3507"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Adam Langley of Google",
    "sources": [
      {
        "db": "BID",
        "id": "69078"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-131"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2014-3507",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-3507",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3507",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201408-131",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3507",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3507"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003811"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-131"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3507"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function. OpenSSL is prone to a denial-of-service vulnerability. \nAttackers may exploit this issue to cause a memory leak, resulting in a denial-of-service condition. \nThe following versions are vulnerable:\nOpenSSL 0.9.8 versions prior to 0.9.8zb. \nOpenSSL 1.0.0 versions prior to 1.0.0n. \nOpenSSL 1.0.1 versions prior to 1.0.1i. \n  - The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely\nresulting in disclosure of information. \nCorrected:      2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE)\n                2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8)\n                2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE)\n                2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1)\n                2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11)\n                2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18)\n                2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE)\n                2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15)\nCVE Name:       CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510,\n                CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2014-5139]\n\nIII.  Additionally, a remote attacker may be able\nto run arbitrary code on a vulnerable system if the application has been\nset up for SRP. \n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 9.3]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 9.2, 9.1, 8.4]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc\n# gpg --verify openssl-9.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r269687\nreleng/8.4/                                                       r271305\nstable/9/                                                         r269687\nreleng/9.1/                                                       r271305\nreleng/9.2/                                                       r271305\nreleng/9.3/                                                       r271305\nstable/10/                                                        r269686\nreleng/10.0/                                                      r271304\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n\nDetailed descriptions of the vulnerabilities can be found at:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nIt\u0027s important that you upgrade the libssl1.0.0 package and not just\nthe openssl package. Alternatively, you may reboot your system. \n\nFor the testing distribution (jessie), these problems will be fixed\nsoon. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04426586\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04426586\nVersion: 1\n\nHPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service\n(DoS) or Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-09-12\nLast Updated: 2014-09-12\n\nPotential Security Impact: Remote Denial of Service (DoS), disclosure of\ninformation\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP OpenVMS\nrunning OpenSSL. \n\nReferences:\n\nCVE-2014-3505 - Remote Denial of Service (DoS)\nCVE-2014-3506 - Remote Denial of Service (DoS)\nCVE-2014-3507 - Remote Denial of Service (DoS)\nCVE-2014-3508 - Remote Disclosure of Information\nCVE-2014-3510 - Remote Denial of Service (DoS)\n\nSSRT101686\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL Version 1.4-476 and earlier for OpenVMS\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3505    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3506    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3507    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3508    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-3510    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software update available to resolve the\nvulnerabilities with HP OpenVMS running OpenSSL. \n\n    HP SSL Version 1.4-493 for OpenVMS is available from the following\nlocation:\n\n        http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\nHISTORY\nVersion:1 (rev.1) - 12 September 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2014:1052-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-1052.html\nIssue date:        2014-08-13\nCVE Names:         CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 \n                   CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 \n                   CVE-2014-3511 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets. \nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets. \nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\n\nppc64:\nopenssl-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-static-1.0.1e-16.el6_5.15.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.4.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.4.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-3505.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3506.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3507.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3508.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3509.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3510.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3511.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20140806.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFT69raXlSAg2UNWIIRAiQAAKCbp6Iou4mHuootBfgs0jm7zP/wWACgt50C\npHXxupQnHYYH+zJFOmk5u8o=\n=DwUW\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n \n The updated packages have been upgraded to the 1.0.0n version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n http://www.openssl.org/news/secadv_20140806.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 17007f558e739eb863c8507d520ffbc9  mbs1/x86_64/lib64openssl1.0.0-1.0.0n-1.mbs1.x86_64.rpm\n f810bbe20b2de26cb99d13ddaf0ac2fa  mbs1/x86_64/lib64openssl-devel-1.0.0n-1.mbs1.x86_64.rpm\n 54d87a61ca0440dc5f344931de1ff43e  mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0n-1.mbs1.x86_64.rpm\n 5b1748370e5a855cc31d3eec7673da5e  mbs1/x86_64/lib64openssl-static-devel-1.0.0n-1.mbs1.x86_64.rpm\n 7e19a555629b4a2d3d4533be7786ce5e  mbs1/x86_64/openssl-1.0.0n-1.mbs1.x86_64.rpm \n a9e74f2bab2878f601cfb44620c76dbb  mbs1/SRPMS/openssl-1.0.0n-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFT5HsDmqjQ0CJFipgRAhA5AJ0ZoDe2+SA7K7xk+NZLedQBVoFVvgCffPW9\n5geoq7aMnxbnw5eTuuH+iIs=\n=CK7e\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2308-1\nAugust 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access to\nsensitive information. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-5139)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.17\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.20\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz:  Upgraded. \n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd  openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200  openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413  openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544  openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb  openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d  openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c  openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da  openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620  openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691  openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023  openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843  openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180  openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231  openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58  openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c  openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7  openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7  openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d  openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250  openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269  a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f  n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc  a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8  n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014]\n========================================\n\nInformation leak in pretty printing functions (CVE-2014-3508)\n=============================================================\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information from the\nstack. Applications may be affected if they echo pretty printing output to the\nattacker. OpenSSL SSL/TLS clients and servers themselves are not affected. \n\nThanks to Ivan Fratric (Google) for discovering this issue. This issue\nwas reported to OpenSSL on 19th June 2014. \n\nThe fix was developed by Emilia K\u00e4sper and Stephen Henson of the OpenSSL\ndevelopment team. This can\nbe exploited through a Denial of Service attack. \n\nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Joonas Kuorilehto and Riku Hietam\u00e4ki (Codenomicon) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 2nd July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this\nissue. This issue was reported to OpenSSL on 8th July 2014. \n\nThe fix was developed by Gabor Tyukasz. \n\n\nDouble Free when processing DTLS packets (CVE-2014-3505)\n========================================================\n\nAn attacker can force an error condition which causes openssl to crash whilst\nprocessing DTLS packets due to memory being freed twice. This can be exploited\nthrough a Denial of Service attack. \n\nThanks to Adam Langley and Wan-Teh Chang (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 6th June\n2014. \n\nThe fix was developed by Adam Langley. This can be exploited through a Denial of\nService attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. This can be exploited through a Denial of Service attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\nOpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n===============================================================\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a\ndenial of service attack. A malicious server can crash the client with a null\npointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and\nsending carefully crafted handshake messages. \n\nOpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i. \n\nThanks to Felix Gr\u00f6bert (Google) for discovering and researching this issue. \nThis issue was reported to OpenSSL on 18th July 2014. \n\nThe fix was developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nOpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i. \n\nThanks to David Benjamin and Adam Langley (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 21st July 2014. \n\nThe fix was developed by David Benjamin. \n\n\nSRP buffer overrun (CVE-2014-3512)\n==================================\n\nA malicious client or server can send invalid SRP parameters and overrun\nan internal buffer. Only applications which are explicitly set up for SRP\nuse are affected. \n\nThanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC\nGroup) for discovering this issue. This issue was reported to OpenSSL\non 31st July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3507"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003811"
      },
      {
        "db": "BID",
        "id": "69078"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3507"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "127861"
      },
      {
        "db": "PACKETSTORM",
        "id": "127869"
      },
      {
        "db": "PACKETSTORM",
        "id": "127799"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3507",
        "trust": 3.8
      },
      {
        "db": "BID",
        "id": "69078",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "61250",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59710",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61184",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60938",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60684",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61775",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60022",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60493",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60221",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59743",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60778",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61017",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59756",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60921",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61959",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60917",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61040",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59700",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60803",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60824",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61100",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58962",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030693",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10109",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003811",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-24443",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-131",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3507",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130868",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128214",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128248",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127861",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127869",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127799",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127790",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127811",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169648",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3507"
      },
      {
        "db": "BID",
        "id": "69078"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003811"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "127861"
      },
      {
        "db": "PACKETSTORM",
        "id": "127869"
      },
      {
        "db": "PACKETSTORM",
        "id": "127799"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-131"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3507"
      }
    ]
  },
  "id": "VAR-201408-0089",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44401007833333334
  },
  "last_update_date": "2024-07-23T21:30:26.317000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBUX03095 SSRT101674",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04404655"
      },
      {
        "title": "HPSBOV03099 SSRT101686",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04426586"
      },
      {
        "title": "HPSBHF03293",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
      },
      {
        "title": "1682293",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "title": "1686997",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "title": "Fix memory leak from zero-length DTLS fragments.",
        "trust": 0.8,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74"
      },
      {
        "title": "DTLS memory leak from zero-length fragments (CVE-2014-3507)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20140806.txt"
      },
      {
        "title": "Huawei-SA-20141008-OpenSSL",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
      },
      {
        "title": "openssl-0.9.8zb",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51694"
      },
      {
        "title": "openssl-1.0.1i",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51696"
      },
      {
        "title": "openssl-1.0.0n",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51695"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2308-1"
      },
      {
        "title": "Debian Security Advisories: DSA-2998-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=bfd576c692d8814b2a331baf29ad367c"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-391",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-391"
      },
      {
        "title": "Symantec Security Advisories: SA85 : OpenSSL Security Advisory 06-Aug-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=02a206cf2efb06aecdaf29aeca851b55"
      },
      {
        "title": "MiniProject2019",
        "trust": 0.1,
        "url": "https://github.com/ruan777/miniproject2019 "
      },
      {
        "title": "wormhole",
        "trust": 0.1,
        "url": "https://github.com/jumanjihouse/wormhole "
      },
      {
        "title": "oval",
        "trust": 0.1,
        "url": "https://github.com/jumanjihouse/oval "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/hrbrmstr/internetdb "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3507"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003811"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-131"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003811"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3507"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://www.openssl.org/news/secadv_20140806.txt"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "trust": 1.4,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:18.openssl.asc"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60824"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60917"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60938"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60921"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2014/dsa-2998"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61775"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61959"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59756"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10109"
      },
      {
        "trust": 1.1,
        "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127502"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030693"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/69078"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:158"
      },
      {
        "trust": 1.1,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61250"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61184"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61100"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61040"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61017"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60803"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60778"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60684"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60493"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60221"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60022"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59743"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59710"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59700"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58962"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
      },
      {
        "trust": 1.1,
        "url": "http://linux.oracle.com/errata/elsa-2014-1052.html"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95161"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3507"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/solutions/len-24443"
      },
      {
        "trust": 0.4,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1052.html"
      },
      {
        "trust": 0.4,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1054.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684444"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684903"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004917"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004931"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004872"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/mar/84"
      },
      {
        "trust": 0.3,
        "url": "aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100182969"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04426586"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04404655"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684570"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2b8d8-513128526dd97/cert_security_mini-_bulletin_xrx15m_for_wc75xx_v1_1.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2a20e-5105457a515cc/cert_security_mini-_bulletin_xrx15e_for_wc57xx_v1_0.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2deee-50da9c14daae3/cert_mini_security_bulletin_xrx15a_v1-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2df3c-51055b159fd50/cert_security_mini_bulletin_xrx15f_for_connectkey_1.5_v1-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685467"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098196"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097658"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691014"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683389"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097903"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098585"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686182"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685967"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096510"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.2,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3509.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3505.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3506.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3508.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3507.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3511.html"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3510.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35206"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2308-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20140806.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.patch"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-14:18.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2308-1"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3507"
      },
      {
        "db": "BID",
        "id": "69078"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003811"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "127861"
      },
      {
        "db": "PACKETSTORM",
        "id": "127869"
      },
      {
        "db": "PACKETSTORM",
        "id": "127799"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-131"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3507"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3507"
      },
      {
        "db": "BID",
        "id": "69078"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003811"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "127861"
      },
      {
        "db": "PACKETSTORM",
        "id": "127869"
      },
      {
        "db": "PACKETSTORM",
        "id": "127799"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-131"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3507"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-08-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3507"
      },
      {
        "date": "2014-08-06T00:00:00",
        "db": "BID",
        "id": "69078"
      },
      {
        "date": "2014-08-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003811"
      },
      {
        "date": "2015-03-18T00:44:34",
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "date": "2014-09-09T17:32:22",
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "date": "2014-08-08T21:50:05",
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "date": "2014-09-15T17:53:34",
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "date": "2014-08-14T02:24:57",
        "db": "PACKETSTORM",
        "id": "127861"
      },
      {
        "date": "2014-08-14T22:49:56",
        "db": "PACKETSTORM",
        "id": "127869"
      },
      {
        "date": "2014-08-08T21:48:03",
        "db": "PACKETSTORM",
        "id": "127799"
      },
      {
        "date": "2014-08-08T21:44:17",
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "date": "2014-08-11T11:11:00",
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "date": "2014-08-06T12:12:12",
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "date": "2014-08-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201408-131"
      },
      {
        "date": "2014-08-13T23:55:07.450000",
        "db": "NVD",
        "id": "CVE-2014-3507"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3507"
      },
      {
        "date": "2016-07-26T23:00:00",
        "db": "BID",
        "id": "69078"
      },
      {
        "date": "2015-06-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003811"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201408-131"
      },
      {
        "date": "2023-11-07T02:20:09.987000",
        "db": "NVD",
        "id": "CVE-2014-3507"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-131"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  DTLS Implementation of  d1_both.c Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003811"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-131"
      }
    ],
    "trust": 0.6
  }
}

var-201404-0008
Vulnerability from variot

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. OpenSSL is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible; however, this has not been confirmed. As long as all other products which SMH V7.3.3.1 for Linux x86 communicates with have been upgraded to the latest versions, it will not be vulnerable to the exploits described in CVE-2014-0224. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities

EMC Identifier: ESA-2014-079

CVE Identifier: See below for individual CVEs

Severity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE

Affected products:
\x95 All EMC Documentum Content Server versions of 7.1 prior to P07 \x95 All EMC Documentum Content Server versions of 7.0 \x95 All EMC Documentum Content Server versions of 6.7 SP2 prior to P16 \x95 All EMC Documentum Content Server versions of 6.7 SP1 \x95 All EMC Documentum Content Server versions prior to 6.7 SP1

Summary:
EMC Documentum Content Server contains fixes for multiple vulnerabilities which also include vulnerabilities disclosed by the OpenSSL project on June 5, 2014 in OpenSSL.

Details: EMC Documentum Content Server may be susceptible to the following vulnerabilities:

\x95 Arbitrary Code Execution (CVE-2014-4618): Authenticated non-privileged users can potentially execute Documentum methods with higher level privileges (up to and including superuser privileges) due to improper authorization checks being performed on user-created system objects. CVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)

\x95 DQL Injection (CVE-2014-2520): Certain DQL hints in EMC Documentum Content Server may be potentially exploited by an authenticated non-privileged malicious user to conduct DQL injection attacks and read the database contents. CVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)

\x95 Information Disclosure (CVE-2014-2521): Authenticated non-privileged users are allowed to retrieve meta-data of unauthorized system objects due to improper authorization checks being performed on certain RPC commands in Content Server. CVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)

\x95 Multiple OpenSSL vulnerabilities (See individual CVEs below and refer to NVD for each of their scores): SSL/TLS Man-in-the-middle (MITM) vulnerability (CVE-2014-0224) DTLS recursion flaw (CVE-2014-0221) DTLS invalid fragment vulnerability (CVE-2014-0195) SSL_MODE_RELEASE_BUFFERS NULL pointer deference (CVE-2014-0198) SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298) Anonymous ECDH denial of service (CVE-2014-3470) FLUSH + RELOAD cache side-channel attack (CVE-2014-0076) For more information about these vulnerabilities, please visit the original OpenSSL advisory https://www.openssl.org/news/secadv_20140605.txt

Resolution: The following versions contain the resolution for these issues: \x95 EMC Documentum Content Server version 7.1 P07 and later \x95 EMC Documentum Content Server version 7.0: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \x95 EMC Documentum Content Server version 6.7 SP2 P16 and later \x95 EMC Documentum Content Server version 6.7 SP1: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests.

EMC recommends all customers to upgrade to one of the above versions at the earliest opportunity.

Link to remedies: Registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/2732_Documentum-Server

For Hotfix, contact EMC Support.

Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867.

For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Release Date: 2014-08-08 Last Updated: 2014-08-08

Potential Security Impact: Remote denial of service (DoS), code execution, unauthorized access, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information.

HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. This bulletin provides the information needed to update the HP Insight Control server deployment solution.

Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware

References:

CVE-2010-5298 Remote Denial of Service CVE-2014-0076 Unauthorized Disclosure of Information CVE-2014-0195 Remote Unauthorized Access CVE-2014-0198 Remote Denial of Service CVE-2014-0221 Remote Denial of Service (DoS) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101628

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following updates to v7.3.1 of HP Insight Control server deployment to resolve this vulnerability. HP has provided manual update steps if a version upgrade is not possible; if users wish to remain at v7.1.2, v7.2.0, or v7.2.1.

Note: It is important to check your current running version of HP Insight Control server deployment and to follow the correct steps listed below. For HP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and follow the steps below to remove the vulnerability. The vulnerability known as Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server deployment v7.3.1. That Security Bulletin with instructions on how to upgrade to v7.3.1 can be found here:

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n a-c04267749

HP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should take the following steps to remove this vulnerability.

Delete the files smhamd64-.exe/smhx86-.exe" from Component Copy Location listed in the following table, rows 1 and 2. Delete the files "vcax86-.exe/vcaamd64-.exe from Component Copy Location listed in the following table, rows 3 and 4. Delete the files hpsmh-7.*.rpm" from Component Copy Location listed in row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location specified in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location

1 http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba smhamd64-ccp023716.exe \express\hpfeatures\hpagents-ws\components\Win2008

2 http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05 smhx86-cp023715.exe \express\hpfeatures\hpagents-ws\components\Win2008

3 http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13 vcax86-cp023742.exe \express\hpfeatures\hpagents-ws\components\Win2008

4 http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2 vcaamd64-cp023743.exe \express\hpfeatures\hpagents-ws\components\Win2008

5 http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components \express\hpfeatures\hpagents-sles10-x64\components \express\hpfeatures\hpagents-rhel5-x64\components \express\hpfeatures\hpagents-rhel6-x64\components

Download and extract the HPSUM 5.3.6 component from ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793

Copy all content from extracted ZIP folder and paste into \eXpress\hpfeatures\fw-proLiant\components Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 on targets running Windows.

HP Insight Control server deployment users with v7.2.2:

Please upgrade to Insight Control server deployment v7.3.1 and follow the steps below for v7.3.1.

HP Insight Control server deployment users with v7.3.1:

Perform steps 1 - 4 as outlined above for users with HP Insight Control server deployment v7.1.2, v7.2.0, and v7.2.1. Download the HP SUM ZIP file from http://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f

Extract the contents from the HP SUM ZIP file to \eXpress\hpfeatures\fw-proLiant\components location on the Insight Control server deployment server

Related security bulletins:

For System Management Homepage please see Security bulletin HPSBMU03051 https ://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04 345210

For HP Version Control Agent please see Security bulletin HPSBMU03057 https:/ /h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434 9897

HISTORY Version:1 (rev.1) - 8 August 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2014:0625-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0625.html Issue date: 2014-06-05 CVE Names: CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224)

Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433

A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195)

Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)

A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221)

A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)

Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470.

All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free 1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write() 1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability 1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake 1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment 1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-16.el6_5.14.src.rpm

i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm

x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source: openssl-1.0.1e-16.el6_5.14.src.rpm

i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-16.el6_5.14.src.rpm

x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source: openssl-1.0.1e-16.el6_5.14.src.rpm

x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-16.el6_5.14.src.rpm

i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm

ppc64: openssl-1.0.1e-16.el6_5.14.ppc.rpm openssl-1.0.1e-16.el6_5.14.ppc64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm openssl-devel-1.0.1e-16.el6_5.14.ppc.rpm openssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm

s390x: openssl-1.0.1e-16.el6_5.14.s390.rpm openssl-1.0.1e-16.el6_5.14.s390x.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm openssl-devel-1.0.1e-16.el6_5.14.s390.rpm openssl-devel-1.0.1e-16.el6_5.14.s390x.rpm

x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source: openssl-1.0.1e-16.el6_5.14.src.rpm

i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm openssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm openssl-static-1.0.1e-16.el6_5.14.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm openssl-perl-1.0.1e-16.el6_5.14.s390x.rpm openssl-static-1.0.1e-16.el6_5.14.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-16.el6_5.14.src.rpm

i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm

x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source: openssl-1.0.1e-16.el6_5.14.src.rpm

i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2010-5298.html https://www.redhat.com/security/data/cve/CVE-2014-0195.html https://www.redhat.com/security/data/cve/CVE-2014-0198.html https://www.redhat.com/security/data/cve/CVE-2014-0221.html https://www.redhat.com/security/data/cve/CVE-2014-0224.html https://www.redhat.com/security/data/cve/CVE-2014-3470.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/articles/904433 https://access.redhat.com/site/solutions/905793

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFTkGAKXlSAg2UNWIIRAnrwAJ9sLrj3wCAZhJU00jxgt03unDAHywCfVjUB pJJhdOUzRUL8R2haDM4xrsk= =hZF8 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. Unvalidated Redirect Vulnerability (CVE-2015-0512)

A potential vulnerability in Unisphere Central may allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The attacker can specify the location of the arbitrary site in the unvalidated parameter of a crafted URL. If this URL is accessed, the browser is redirected to the arbitrary site specified in the parameter.

CVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

  1. To search for a particular CVE, use the NVD database\x92s search utility at http://web.nvd.nist.gov/view/vuln/search

Resolution: The following Unisphere Central release contains resolutions to the above issues: \x95 Unisphere Central version 4.0.

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).

The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt

Updated Packages:

Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . These vulnerabilities include:

  • The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information.

  • HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5

  • HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2010-5298
  4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
  4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)

CVE-2014-0076
  4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)

CVE-2014-0195
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2014-0198
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2014-0221
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2014-0224
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2014-3470
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2014-3566
  3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
  4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE-2016-0705
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE recommends applying the following software updates to resolve the vulnerabilities in the impacted versions of HPE StoreVirtual products running HPE LeftHand OS.

LeftHand OS v11.5 - Patches 45019-00 and 45020 LeftHand OS v12.0 - Patches 50016-00 and 50017-00 LeftHand OS v12.5 - Patch 55016-00 LeftHand OS v12.6 - Patch 56002-00

Notes:

These patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision to OpenSSL v1.0.1e 48. These patches migrate Certificate Authority Hashing Algorithm from a weak hashing algorithm SHA1 to the stronger hashing algorithm SHA256. Summary

VMware product updates address OpenSSL security vulnerabilities. Relevant Releases

ESXi 5.5 prior to ESXi550-201406401-SG

  1. Problem Description

a. 

  The Common Vulnerabilities and Exposures project (cve.mitre.org)

  has assigned the names CVE-2014-0224, CVE-2014-0198, 
  CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to
  these issues. The most important of these issues is 
  CVE-2014-0224.

  CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to
  be of moderate severity. Exploitation is highly unlikely or is
  mitigated due to the application configuration.

  CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL 
  Security Advisory (see Reference section below), do not affect
  any VMware products. For readability
  the affected products have been split into 3 tables below, 
  based on the different client-server configurations and
  deployment scenarios. Applying these patches to 
  affected servers will mitigate the affected clients (See Table 1
  below). can be mitigated by using a secure network such as 
  VPN (see Table 2 below).

  Clients and servers that are deployed on an isolated network are
  less exposed to CVE-2014-0224 (see Table 3 below). The affected
  products are typically deployed to communicate over the
  management network.

  RECOMMENDATIONS

  VMware recommends customers evaluate and deploy patches for
  affected Servers in Table 1 below as these patches become
  available. Patching these servers will remove the ability to
  exploit the vulnerability described in CVE-2014-0224 on both
  clients and servers. VMware recommends customers consider 
  applying patches to products listed in Table 2 & 3 as required.

  Column 4 of the following tables lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

  VMware                          Product  Running   Replace with/
  Product                         Version  on        Apply Patch 
  ==============                  =======  =======   =============
  ESXi                            5.5       ESXi     ESXi550-
                                                     201406401-SG

  Big Data Extensions             1.1                patch pending 
  Charge Back Manager             2.6                patch pending

  Horizon Workspace Server 
  GATEWAY                         1.8.1              patch pending 
  Horizon Workspace Server 
  GATEWAY                         1.5                patch pending

  Horizon Workspace Server 
  DATA                            1.8.1              patch pending

  Horizon Mirage Edge Gateway     4.4.2              patch pending 
  Horizon View                    5.3.1              patch pending

  Horizon View Feature Pack       5.3 SP2            patch pending

  NSX for Multi-Hypervisor        4.1.2              patch pending 
  NSX for Multi-Hypervisor        4.0.3              patch pending 
  NSX for vSphere                 6.0.4              patch pending 
  NVP                             3.2.2              patch pending 
  vCAC                            6.0.1              patch pending

  vCloud Networking and Security  5.5.2          patch pending 
  vCloud Networking and Security  5.1.2          patch pending

  vFabric Web Server              5.3.4              patch pending

  vCHS - DPS-Data Protection      2.0                patch pending 
  Service

  Table 2
  ========
  Affected clients running a vulnerable version of OpenSSL 0.9.8 
  or 1.0.1 and communicating over an untrusted network.

  VMware                          Product  Running   Replace with/
  Product                         Version  on        Apply Patch 
  ==============                  =======  =======   =============
  vCSA                            5.5                patch pending 
  vCSA                            5.1                patch pending 
  vCSA                            5.0                patch pending


  ESXi                            5.1       ESXi     patch pending 
  ESXi                            5.0       ESXi     patch pending

  Workstation                     10.0.2    any      patch pending 
  Workstation                     9.0.3     any      patch pending 
  Fusion                          6.x       OSX      patch pending 
  Fusion                          5.x       OSX      patch pending 
  Player                          10.0.2    any      patch pending 
  Player                          9.0.3     any      patch pending

  Chargeback Manager              2.5.x              patch pending

  Horizon Workspace Client for    1.8.1    OSX       patch pending 
  Mac
  Horizon Workspace Client for    1.5      OSX       patch pending 
  Mac
  Horizon Workspace Client for    1.8.1    Windows   patch pending 
  Windows       
  Horizon Workspace Client for    1.5      Windows   patch pending

  OVF Tool                        3.5.1              patch pending 
  OVF Tool                        3.0.1              patch pending

  vCenter Operations Manager      5.8.1              patch pending

  vCenter Support Assistant       5.5.0              patch pending 
  vCenter Support Assistant       5.5.1              patch pending

  vCD                             5.1.2              patch pending    
  vCD                             5.1.3              patch pending 
  vCD                             5.5.1.1            patch pending 
  vCenter Site Recovery Manager   5.0.3.1            patch pending

  Table 3
  =======
  The following table lists all affected clients running a
  vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating
  over an untrusted network.

  VMware                          Product  Running   Replace with/
  Product                         Version  on        Apply Patch 
  ==============                  =======  =======   =============
  vCenter Server                  5.5       any      patch pending
  vCenter Server                  5.1       any      patch pending
  vCenter Server                  5.0       any      patch pending

  Update Manager                  5.5       Windows  patch pending
  Update Manager                  5.1       Windows  patch pending
  Update Manager                  5.0       Windows  patch pending

  Config Manager (VCM)            5.6                patch pending

  Horizon View Client             5.3.1              patch pending 
  Horizon View Client             4.x                patch pending
  Horizon Workspace               1.8.1              patch pending 
  Horizon Workspace               1.5                patch pending


  ITBM Standard                   1.0.1              patch pending 
  ITBM Standard                   1.0                patch pending

  Studio                          2.6.0.0            patch pending

  Usage Meter                     3.3                patch pending 
  vCenter Chargeback Manager      2.6                patch pending 
  vCenter Converter Standalone    5.5                patch pending 
  vCenter Converter Standalone    5.1                patch pending 
  vCD (VCHS)                      5.6.2              patch pending

  vCenter Site Recovery Manager   5.5.1              patch pending 
  vCenter Site Recovery Manager   5.1.1              patch pending

  vFabric Application Director    5.2.0              patch pending 
  vFabric Application Director    5.0.0              patch pending 
  View Client                     5.3.1              patch pending 
  View Client                     4.x                patch pending
  VIX API                         5.5                patch pending 
  VIX API                         1.12               patch pending

  vMA (Management Assistant)      5.1.0.1            patch pending


  VMware Data Recovery            2.0.3              patch pending

  VMware vSphere CLI              5.5                patch pending

  vSphere Replication             5.5.1              patch pending 
  vSphere Replication             5.6                patch pending 
  vSphere SDK for Perl            5.5                patch pending 
  vSphere Storage Appliance       5.5.1              patch pending 
  vSphere Storage Appliance       5.1.3              patch pending 
  vSphere Support Assistant       5.5.1              patch pending 
  vSphere Support Assistant       5.5.0              patch pending
  vSphere Virtual Disk            5.5                patch pending 
  Development Kit                  
  vSphere Virtual Disk            5.1                patch pending 
  Development Kit
  vSphere Virtual Disk            5.0                patch pending 
  Development Kit
  1. Solution

ESXi 5.5

Download: https://www.vmware.com/patchmgr/download.portal

Release Notes and Remediation Instructions: http://kb.vmware.com/kb/2077359

  1. Change Log

2014-06-10 VMSA-2014-0006 Initial security advisory in conjunction with the release of ESXi 5.5 updates on 2014-06-10

  1. Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html

Twitter https://twitter.com/VMwareSRC

Copyright 2014 VMware Inc. All rights reserved.

The attack can only be performed between a vulnerable client and server.

Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC.

The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi.

DTLS recursion flaw (CVE-2014-0221)

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This issue was reported to OpenSSL on 9th May 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Thanks to Jüri Aedla for reporting this issue. This issue was reported to OpenSSL on 23rd April 2014 via HP ZDI.

The fix was developed by Stephen Henson of the OpenSSL core team. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public. The fix was developed by Matt Caswell of the OpenSSL development team. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public.

OpenSSL 0.9.8 users should upgrade to 0.9.8za OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.

Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this issue. This issue was reported to OpenSSL on 28th May 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

Other issues

OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g.

References

URL for this Security Advisory: http://www.openssl.org/news/secadv_20140605.txt

Note: the online version of the advisory may be updated with additional details over time.

HP Systems Insight Manager v7.3 Hotfix kit HP Systems Insight Manager v7.2 Hotfix kit

http://h18013.www1.hp.com/products/servers/management/hpsim/download.html

NOTE: No reboot of the system is required after applying the HP SIM Hotfix kit. ============================================================================ Ubuntu Security Notice USN-2192-1 May 05, 2014

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 13.10
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS

Summary:

OpenSSL could be made to crash if it received specially crafted network traffic. (CVE-2010-5298)

It was discovered that OpenSSL incorrectly handled memory in the do_ssl3_write() function. (CVE-2014-0198)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.1

Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.3

Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.8

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.13

After a standard system update you need to reboot your computer to make all the necessary changes

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0008",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "19"
      },
      {
        "model": "linux enterprise software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "mariadb",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mariadb",
        "version": "10.0.13"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "20"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "mariadb",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mariadb",
        "version": "10.0.0"
      },
      {
        "model": "linux enterprise workstation extension",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "bladecenter advanced management module 3.66e",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ssl vpn 8.0r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "security enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8.106"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "policy center v100r003c00spc305",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.20.5.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58200"
      },
      {
        "model": "documentum content server p06",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos os 13.1r4-s3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "junos 12.1r8-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "ip video phone e20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ios software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.5"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mate products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.12"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "cp1543-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "junos 12.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "isoc v200r001c00spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "60000"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.9"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "small business isa500 series integrated security appliances",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.2"
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1"
      },
      {
        "model": "junos 12.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v2-480"
      },
      {
        "model": "junos 13.3r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 11.4r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.28"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "56000"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.3"
      },
      {
        "model": "uacos c4.4r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "dsr-500n 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "msr3000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "video surveillance series ip camera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "idp 4.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "10.4"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.3"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2"
      },
      {
        "model": "m220 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7775"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "usg9500 usg9500 v300r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58300"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "spa510 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "espace u19** v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "4800g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "uma v200r001c00spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "idp 4.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.5"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "usg9500 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "vpn client v100r001c02spc702",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "secure analytics 2013.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "uma v200r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "oceanstor s6800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "isoc v200r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "119000"
      },
      {
        "model": "secure analytics 2014.2r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "enterprise linux server eus 6.5.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.10"
      },
      {
        "model": "simatic wincc oa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.12"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.2"
      },
      {
        "model": "junos 13.1r3-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "manageone v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "eupp v100r001c10spc002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "10"
      },
      {
        "model": "prime performance manager for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "oneview",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.10"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "f1000a and s family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "s7700\u0026s9700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.6"
      },
      {
        "model": "prime access registrar appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "u200a and m family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.10"
      },
      {
        "model": "flex system fc5022",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "850/8700"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "junos 11.4r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "s3900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "unified communications widgets click to call",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agile controller v100r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace usm v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "softco v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5500t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7765"
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence t series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5"
      },
      {
        "model": "junos d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mds switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart update manager for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.3"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "documentum content server p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "hsr6602 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.4"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "wag310g wireless-g adsl2+ gateway with voip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "security threat response manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2012.1"
      },
      {
        "model": "nexus switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "31640"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.2"
      },
      {
        "model": "fastsetup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "unified wireless ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "29200"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.5"
      },
      {
        "model": "fusionsphere v100r003c10spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "msr93x family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "smc2.0 v100r002c01b025sp07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "s2700\u0026s3700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "espace cc v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "wx5002/5004 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "ida pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hex ray",
        "version": "6.5"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-3"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "jabber for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "usg5000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "junos 11.4r12",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.0-release-p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "a6600 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "isoc v200r001c01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "si switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51200"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vsr1000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "esight-ewl v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 13.3r2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.4"
      },
      {
        "model": "junos 12.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "10.1"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c91",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "asg2000 v100r001c10sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "manageone v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "10.2"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart call home",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "simatic wincc oa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.8"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.2"
      },
      {
        "model": "s7700\u0026s9700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.3"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "oic v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "s6900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "14.1"
      },
      {
        "model": "vsm v200r002c00spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "model": "ecns610 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ucs b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "junos 12.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 13.2r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos r7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "documentum content server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.4"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.9"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "msr20 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 12.1r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s5900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 13.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 11.4r10-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "documentum content server p05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "oceanstor s6800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "junos 5.0r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129000"
      },
      {
        "model": "fortios build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0589"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "documentum content server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.10"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "hsr6800 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "jabber im for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "snapdrive for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "ssl vpn 7.4r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.1"
      },
      {
        "model": "small cell factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.0"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "msr20 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "manageone v100r002c10 spc320",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "svn2200 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.3.10"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "msr1000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.1"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "secblade iii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "espace vtm v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "junos 10.4r",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "junos 12.1r8-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "junos 13.2r5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "advanced settings utility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "spa525 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "junos 13.1r4-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "(comware family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12500v7)0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4.0.15"
      },
      {
        "model": "automation stratix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "590015.6.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.2"
      },
      {
        "model": "cp1543-1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.1.25"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "secure analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "advanced settings utility",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "eupp v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "msr30 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "nexus series fabric extenders",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.0"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "strm 2012.1r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "telepresence mxp series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "documentum content server p02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "espace u2980 v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos os 12.1x47-d10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "uma-db v2r1coospc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security information and event management hf6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "jsa 2014.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.2"
      },
      {
        "model": "telepresence exchange system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7900.00"
      },
      {
        "model": "usg9300 usg9300 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s12700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "f1000e family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "desktop collaboration experience dx650",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos os 12.2r9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "oncommand unified manager core package 5.2.1p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "automation stratix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "59000"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "oceanstor s2200t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19200"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.3"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7600-"
      },
      {
        "model": "espace u2990 v200r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hsr6602 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.0"
      },
      {
        "model": "msr93x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "secure analytics 2014.2r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s7-1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "s2900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02spc800",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "dsr-1000n rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.10"
      },
      {
        "model": "junos 13.3r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.6"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51200"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.21"
      },
      {
        "model": "svn5500 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "telepresence ip gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "junos 12.1r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "simatic s7-1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.5.0"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.2.0.1055"
      },
      {
        "model": "msr50 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1"
      },
      {
        "model": "open systems snapvault 3.0.1p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.2"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "usg5000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "jabber voice for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "idp 4.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.9"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7700"
      },
      {
        "model": "virusscan enterprise for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "1.7.1"
      },
      {
        "model": "strm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2012.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.4"
      },
      {
        "model": "msr50 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4x27"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "junos 12.1x45-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cc v200r001c31",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.5.0.15"
      },
      {
        "model": "junos 13.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "junos 13.2r2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "u200s and cs family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.4"
      },
      {
        "model": "security threat response manager 2013.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s12700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s5900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "xenmobile app controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "2.10"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.10648"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "xenmobile app controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "2.9"
      },
      {
        "model": "esight v2r3c10spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5500t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "isoc v200r001c02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.1"
      },
      {
        "model": "software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.4"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "security information and event management hf3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1.4"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.6"
      },
      {
        "model": "hsr6800 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "documentum content server sp2 p13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "s3900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.01"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v5)0"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "anyoffice emm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "2.6.0601.0090"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ddos secure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.14.1-1"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.2"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "tivoli storage flashcopy manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.12"
      },
      {
        "model": "vsm v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 13.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "simatic s7-1500",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.6"
      },
      {
        "model": "strm/jsa 2013.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ngfw family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "powervu d9190 comditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.3"
      },
      {
        "model": "junos 10.4r16",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "msr9xx russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 12.3r4-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.203"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "msr50-g2 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.21"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "usg9500 usg9500 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "softco v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "documentum content server sp2 p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "junos 5.0r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2700\u0026s3700 v100r006c05+v100r06h",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "oceanstor s6800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "11.16"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "ecns600 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.13"
      },
      {
        "model": "telepresence mcu series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "jabber voice for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asg2000 v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "idp 5.1r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "virusscan enterprise for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "1.8"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "oic v100r001c00spc402",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.0"
      },
      {
        "model": "junos os 12.1x46-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "uacos c5.0r4.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 13.1r.3-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "nac manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s7700\u0026s9700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smc2.0 v100r002c01b017sp17",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.6"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58000"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.8"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.5"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.7"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "junos os 12.1x46-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.6"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "dsr-1000 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v20"
      },
      {
        "model": "junos 12.1x45-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "tivoli storage flashcopy manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "uacos c5.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7755"
      },
      {
        "model": "strm/jsa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "vtm v100r001c30",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "logcenter v200r003c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5500t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "dynamic system analysis",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "imc uam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.00"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.2.0.9"
      },
      {
        "model": "usg2000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.4"
      },
      {
        "model": "dsm v100r002c05spc615",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 10.4s",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.6"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "espace u2980 v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v7)0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 11.4r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.6"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "s7700\u0026s9700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ecns600 v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oceanstor s2600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u19** v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.5"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.20"
      },
      {
        "model": "oceanstor s5600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "9500e family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ace application control engine module ace20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "msr30-16 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.2"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0.1880"
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c09",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.10"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0.2354"
      },
      {
        "model": "agent desktop for cisco unified contact center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "toolscenter suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.53"
      },
      {
        "model": "simatic s7-1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "telepresence ip vcr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "msr20-1x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "unified communications series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "si switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "virusscan enterprise for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "2.0"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "ape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "hyperdp v200r001c91spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.1"
      },
      {
        "model": "unified attendant console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security threat response manager 2012.1r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "dsr-500 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "s3900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.1"
      },
      {
        "model": "documentum content server sp1 p26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security information and event management hf11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3.2"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "junos 12.1x45-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "eupp v100r001c01spc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ace application control engine module ace10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 10.4s15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "20"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "ecns600 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "36100"
      },
      {
        "model": "junos 13.2r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hi switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "msr30-1x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.7"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "oceanstor s2600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "msr9xx family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "msr2000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "10.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.12"
      },
      {
        "model": "junos os 13.3r2-s3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "msr30 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "manageone v100r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463011.5"
      },
      {
        "model": "junos 12.2r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "ave2000 v100r001c00sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security information and event management ga",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4.0"
      },
      {
        "model": "svn2200 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125000"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.2"
      },
      {
        "model": "esight-ewl v300r001c10spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ave2000 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.4"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "usg9500 v300r001c01spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "msr30-16 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "imc ead",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.00"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.1"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v20"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "fortios b064",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "documentum content server sp2 p15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "10.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.3"
      },
      {
        "model": "usg9500 v300r001c20sph102",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "asa cx context-aware security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.13"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "msr4000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "unified im and presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.2r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.21"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "usg9300 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "elog v100r003c01spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "anyoffice v200r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.5"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.6"
      },
      {
        "model": "vpn client v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "metro ethernet series access devices",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12000"
      },
      {
        "model": "mcp russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66000"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.1"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.1"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.2"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "s5900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "13.10"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s6900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ecns610 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.0.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.1"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "a6600 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "junos 12.1r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "f5000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19100"
      },
      {
        "model": "fusionsphere v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "junos 13.3r2-s3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "usg9500 usg9500 v300r001c20",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tsm v100r002c07spc219",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u2990 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "prime infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "espace iad v300r002c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos r11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "ace application control engine appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "documentum content server sp1 p28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66020"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4x27.62"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "oceanstor s5600t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos os 12.1x44-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "espace iad v300r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "virusscan enterprise for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "1.9"
      },
      {
        "model": "pk family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1810v10"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "junos os 13.3r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59200"
      },
      {
        "model": "oceanstor s6800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "manageone v100r001c02 spc901",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 11.4r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-2"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x45-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6.1"
      },
      {
        "model": "oceanstor s2600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "dsr-500n rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "4210g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "oceanstor s5800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "isoc v200r001c02spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "ios xr software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "junos r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "14.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "ons series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154000"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "nip2000\u00265000 v100r002c10spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hyperdp v200r001c09spc501",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "webapp secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7.0"
      },
      {
        "model": "security threat response manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "eupp v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "toolscenter suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "junos 13.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "dsr-500 rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "policy center v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "junos d15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45-"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13100"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cms r17ac.g",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9900"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59000"
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "oceanstor s5800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "usg2000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart update manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4.1"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "mcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66000"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.92743"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75000"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69000"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8300"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "junos 12.2r8-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "oceanstor s5600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "10.0-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.7"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "jabber video for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secblade fw family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tssc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.15"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.2r5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.2"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.2"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "junos os 14.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex connect client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "junos 10.4r15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "uacos c4.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "elog v100r003c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security module for cisco network registar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "p2 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1810v10"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "junos 10.0s25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "softco v200r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "s6900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.10"
      },
      {
        "model": "svn5500 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.2"
      },
      {
        "model": "junos d10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.1"
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "msr50 g2 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "junos 10.4r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "agent desktop for cisco unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.3r4-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "dsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "cms r17ac.h",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "agile controller v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.1"
      },
      {
        "model": "nip2000\u00265000 v100r002c10hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66020"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.4"
      },
      {
        "model": "junos r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "oceanstor s5800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5500t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "css series content services switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "115000"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.10"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smc2.0 v100r002c01b017sp16",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "espace iad v300r001c07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.0"
      },
      {
        "model": "dynamic system analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "s7700\u0026s9700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "blackberry link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "1.2"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.05"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "msr20-1x family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.107"
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.6"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "msr30-1x family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "4510g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "physical access gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "dsr-1000 rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "session border controller enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "s7700\u0026s9700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "dsr-1000n 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "junos 12.1r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89410"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "isoc v200r001c01spc101",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      },
      {
        "model": "documentum content server sp2 p16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "oceanstor s2200t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "espace usm v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos os 12.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "66801"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-5298"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.1g",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.13",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-5298"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127326"
      },
      {
        "db": "PACKETSTORM",
        "id": "128001"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2010-5298",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "id": "CVE-2010-5298",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-5298",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2010-5298",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-5298"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-5298"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. OpenSSL is prone to a remote memory-corruption vulnerability. \nAn attacker can exploit this issue to cause denial-of-service condition. Due to the nature of  this issue,  arbitrary code execution may be possible; however, this has  not been  confirmed. As long as all other products which SMH V7.3.3.1 for Linux\nx86 communicates with have been upgraded to the latest versions, it will not\nbe vulnerable to the exploits described in CVE-2014-0224. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities \n\nEMC Identifier: ESA-2014-079\n\nCVE Identifier:  See below for individual CVEs\n\nSeverity Rating: CVSS v2 Base Score:  See below for individual CVSS score for each CVE\n\nAffected products:  \n\\x95\tAll EMC Documentum Content Server versions of 7.1 prior to P07\n\\x95\tAll EMC Documentum Content Server versions of 7.0\n\\x95\tAll EMC Documentum Content Server versions of 6.7 SP2 prior to P16\n\\x95\tAll EMC Documentum Content Server versions of 6.7 SP1\n\\x95\tAll EMC Documentum Content Server versions prior to 6.7 SP1\n \nSummary:  \nEMC Documentum Content Server contains fixes for multiple vulnerabilities which also include vulnerabilities disclosed by the OpenSSL project on June 5, 2014 in OpenSSL. \n\nDetails: \nEMC Documentum Content Server may be susceptible to the following vulnerabilities:\n\n\\x95\tArbitrary Code Execution (CVE-2014-4618):\nAuthenticated non-privileged users can potentially execute Documentum methods with higher level privileges (up to and including superuser privileges) due to improper authorization checks being performed on user-created system objects. \nCVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)\n\n\\x95\tDQL Injection (CVE-2014-2520):\nCertain DQL hints in EMC Documentum Content Server may be potentially exploited by an authenticated non-privileged malicious user to conduct DQL injection attacks and read the database contents. \nCVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)\n\n\\x95\tInformation Disclosure (CVE-2014-2521):\nAuthenticated non-privileged users are allowed to retrieve meta-data of unauthorized system objects due to improper authorization checks being performed on certain RPC commands in Content Server. \nCVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)\n\n\\x95\tMultiple OpenSSL vulnerabilities (See individual CVEs below and refer to NVD for each of their scores):\n\tSSL/TLS Man-in-the-middle (MITM) vulnerability (CVE-2014-0224)\n\tDTLS recursion flaw  (CVE-2014-0221)\n\tDTLS invalid fragment vulnerability (CVE-2014-0195)\n\tSSL_MODE_RELEASE_BUFFERS NULL pointer deference  (CVE-2014-0198)\n\tSSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)\n\tAnonymous ECDH denial of service (CVE-2014-3470)\n\tFLUSH + RELOAD cache side-channel attack (CVE-2014-0076)\nFor more information about these vulnerabilities, please visit the original OpenSSL advisory https://www.openssl.org/news/secadv_20140605.txt   \n\nResolution: \nThe following versions contain the resolution for these issues: \n\\x95\tEMC Documentum Content Server version 7.1 P07 and later\n\\x95\tEMC Documentum Content Server version 7.0: Hotfixes are available for Windows \u0026 Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \n\\x95\tEMC Documentum Content Server version 6.7 SP2 P16 and later\n\\x95\tEMC Documentum Content Server version 6.7 SP1: Hotfixes are available for Windows \u0026 Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \n\nEMC recommends all customers to upgrade to one of the above versions at the earliest opportunity. \n\nLink to remedies:\nRegistered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/2732_Documentum-Server\n\nFor Hotfix, contact EMC Support. \n\n\n\nRead and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. \n\nFor an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\nEMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. \n\nRelease Date: 2014-08-08\nLast Updated: 2014-08-08\n\nPotential Security Impact: Remote denial of service (DoS), code execution,\nunauthorized access, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH), HP Smart Update Manager (SUM), and HP Version\nControl Agent (VCA) running on Linux and Windows. These components of HP\nInsight Control server deployment could be exploited remotely resulting in\ndenial of service (DoS), code execution, unauthorized access, or disclosure\nof information. \n\nHP Insight Control server deployment packages HP System Management Homepage\n(SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM)\nand deploys them through the following components. This bulletin provides the\ninformation needed to update the HP Insight Control server deployment\nsolution. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\nUpgrade Proliant Firmware\n\nReferences:\n\nCVE-2010-5298 Remote Denial of Service\nCVE-2014-0076 Unauthorized Disclosure of Information\nCVE-2014-0195 Remote Unauthorized Access\nCVE-2014-0198 Remote Denial of Service\nCVE-2014-0221 Remote Denial of Service (DoS)\nCVE-2014-0224 Remote Unauthorized Access or Disclosure of Information\nCVE-2014-3470 Remote Code Execution or Unauthorized Access\nSSRT101628\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5298    (AV:N/AC:H/Au:N/C:N/I:P/A:P)       4.0\nCVE-2014-0076    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-0195    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-0198    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0221    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0224    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-3470    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to v7.3.1 of HP Insight Control server\ndeployment to resolve this vulnerability. HP has provided manual update steps\nif a version upgrade is not possible; if users wish to remain at v7.1.2,\nv7.2.0, or v7.2.1. \n\nNote: It is important to check your current running version of HP Insight\nControl server deployment and to follow the correct steps listed below. For\nHP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and\nfollow the steps below to remove the vulnerability. The vulnerability known\nas Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server\ndeployment v7.3.1. That Security Bulletin with instructions on how to upgrade\nto v7.3.1 can be found here:\n\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n\na-c04267749\n\nHP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should\ntake the following steps to remove this vulnerability. \n\nDelete the files smhamd64-*.exe/smhx86-*.exe\" from Component Copy Location\nlisted in the following table, rows 1 and 2. \nDelete the files \"vcax86-*.exe/vcaamd64-*.exe from Component Copy Location\nlisted in the following table, rows 3 and 4. \nDelete the files hpsmh-7.*.rpm\" from Component Copy Location listed in row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nspecified in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba\n smhamd64-ccp023716.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n2\n http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05\n smhx86-cp023715.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n3\n http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13\n vcax86-cp023742.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2\n vcaamd64-cp023743.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\nDownload and extract the HPSUM 5.3.6 component from\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793\n\nCopy all content from extracted ZIP folder and paste into\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components\nInitiate Install HP Management Agents for SLES 11 x64 on targets running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on targets running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL\n6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL\n5 x64. \nInitiate Install HP Management Agents for Windows x86/x64 on targets running\nWindows. \n\nHP Insight Control server deployment users with v7.2.2:\n\nPlease upgrade to Insight Control server deployment v7.3.1 and follow the\nsteps below for v7.3.1. \n\nHP Insight Control server deployment users with v7.3.1:\n\nPerform steps 1 - 4 as outlined above for users with HP Insight Control\nserver deployment v7.1.2, v7.2.0, and v7.2.1. \nDownload the HP SUM ZIP file from\nhttp://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f\n\nExtract the contents from the HP SUM ZIP file to\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components location on the Insight Control\nserver deployment server\n\nRelated security bulletins:\n\nFor System Management Homepage please see Security bulletin HPSBMU03051 https\n://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04\n345210\n\nFor HP Version Control Agent please see Security bulletin HPSBMU03057 https:/\n/h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434\n9897\n\nHISTORY\nVersion:1 (rev.1) - 8 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2014:0625-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-0625.html\nIssue date:        2014-06-05\nCVE Names:         CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 \n                   CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. \nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470. \n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free\n1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()\n1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability\n1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake\n1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment\n1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\n\nppc64:\nopenssl-1.0.1e-16.el6_5.14.ppc.rpm\nopenssl-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.ppc.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-16.el6_5.14.s390.rpm\nopenssl-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.s390.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.14.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-static-1.0.1e-16.el6_5.14.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2010-5298.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0195.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0198.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0221.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0224.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3470.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/site/articles/904433\nhttps://access.redhat.com/site/solutions/905793\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTkGAKXlSAg2UNWIIRAnrwAJ9sLrj3wCAZhJU00jxgt03unDAHywCfVjUB\npJJhdOUzRUL8R2haDM4xrsk=\n=hZF8\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. \tUnvalidated Redirect Vulnerability (CVE-2015-0512)\n\nA potential vulnerability in Unisphere Central may allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The attacker can specify the location of the arbitrary site in the unvalidated parameter of a crafted URL. If this URL is accessed, the browser is redirected to the arbitrary site specified in the parameter. \n\nCVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)\n\n2. To search for a particular CVE, use the NVD database\\x92s search utility at http://web.nvd.nist.gov/view/vuln/search\n\nResolution: \nThe following Unisphere Central release contains resolutions to the above issues:\n\\x95\tUnisphere Central version 4.0. \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599  mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f  mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b  mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a  mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784  mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1  mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. These vulnerabilities include: \n\n* The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"POODLE\", which could be exploited remotely\nresulting in disclosure of information. \n\n  - HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2010-5298\n      4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\n      4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)\n\n    CVE-2014-0076\n      4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n      1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)\n\n    CVE-2014-0195\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-0198\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2014-0221\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2014-0224\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-3470\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2014-3566\n      3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\n      4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n    CVE-2016-0705\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE recommends applying the following software updates to resolve the\nvulnerabilities in the impacted versions of HPE StoreVirtual products running\nHPE LeftHand OS. \n\nLeftHand OS v11.5 - Patches 45019-00 and 45020 \nLeftHand OS v12.0 - Patches 50016-00 and 50017-00 \nLeftHand OS v12.5 - Patch 55016-00 \nLeftHand OS v12.6 - Patch 56002-00 \n\n**Notes:**\n\nThese patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision\nto OpenSSL v1.0.1e 48. \nThese patches migrate Certificate Authority Hashing Algorithm from a weak\nhashing algorithm SHA1 to the stronger hashing algorithm SHA256. Summary\n\n   VMware product updates address OpenSSL security vulnerabilities. Relevant Releases\n\n   ESXi 5.5 prior to ESXi550-201406401-SG\n\n\n3. Problem Description\n\n   a. \n \n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n\n      has assigned the names CVE-2014-0224, CVE-2014-0198, \n      CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to\n      these issues. The most important of these issues is \n      CVE-2014-0224. \n\n      CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to\n      be of moderate severity. Exploitation is highly unlikely or is\n      mitigated due to the application configuration. \n\n      CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL \n      Security Advisory (see Reference section below), do not affect\n      any VMware products. For readability\n      the affected products have been split into 3 tables below, \n      based on the different client-server configurations and\n      deployment scenarios. Applying these patches to \n      affected servers will mitigate the affected clients (See Table 1\n      below). can be mitigated by using a secure network such as \n      VPN (see Table 2 below). \n      \n      Clients and servers that are deployed on an isolated network are\n      less exposed to CVE-2014-0224 (see Table 3 below). The affected\n      products are typically deployed to communicate over the\n      management network. \n\n      RECOMMENDATIONS\n\n      VMware recommends customers evaluate and deploy patches for\n      affected Servers in Table 1 below as these patches become\n      available. Patching these servers will remove the ability to\n      exploit the vulnerability described in CVE-2014-0224 on both\n      clients and servers. VMware recommends customers consider \n      applying patches to products listed in Table 2 \u0026 3 as required. \n\n      Column 4 of the following tables lists the action required to\n      remediate the vulnerability in each release, if a solution is\n      available. \n\n      VMware                          Product  Running   Replace with/\n      Product                         Version  on        Apply Patch \n      ==============                  =======  =======   =============\n      ESXi                            5.5       ESXi     ESXi550-\n                                                         201406401-SG \n\n      Big Data Extensions             1.1                patch pending \n      Charge Back Manager             2.6                patch pending \n\n      Horizon Workspace Server \n      GATEWAY                         1.8.1              patch pending \n      Horizon Workspace Server \n      GATEWAY                         1.5                patch pending \n\n      Horizon Workspace Server \n      DATA                            1.8.1              patch pending \n\n      Horizon Mirage Edge Gateway     4.4.2              patch pending \n      Horizon View                    5.3.1              patch pending \n\n      Horizon View Feature Pack       5.3 SP2            patch pending \n\n      NSX for Multi-Hypervisor        4.1.2              patch pending \n      NSX for Multi-Hypervisor        4.0.3              patch pending \n      NSX for vSphere                 6.0.4              patch pending \n      NVP                             3.2.2              patch pending \n      vCAC                            6.0.1              patch pending \n\n      vCloud Networking and Security  5.5.2 \t\t patch pending \n      vCloud Networking and Security  5.1.2 \t\t patch pending \n\n      vFabric Web Server              5.3.4              patch pending \n\n      vCHS - DPS-Data Protection      2.0                patch pending \n      Service\n\n      Table 2\n      ========\n      Affected clients running a vulnerable version of OpenSSL 0.9.8 \n      or 1.0.1 and communicating over an untrusted network. \n\n      VMware                          Product  Running   Replace with/\n      Product                         Version  on        Apply Patch \n      ==============                  =======  =======   =============\n      vCSA                            5.5                patch pending \n      vCSA                            5.1                patch pending \n      vCSA                            5.0                patch pending \n\n\n      ESXi                            5.1       ESXi     patch pending \n      ESXi                            5.0       ESXi     patch pending  \n\n      Workstation                     10.0.2    any      patch pending \n      Workstation                     9.0.3     any      patch pending \n      Fusion                          6.x       OSX      patch pending \n      Fusion                          5.x       OSX      patch pending \n      Player                          10.0.2    any      patch pending \n      Player                          9.0.3     any      patch pending \n\n      Chargeback Manager              2.5.x              patch pending \n\n      Horizon Workspace Client for    1.8.1    OSX       patch pending \n      Mac\n      Horizon Workspace Client for    1.5      OSX       patch pending \n      Mac\n      Horizon Workspace Client for    1.8.1    Windows   patch pending \n      Windows       \n      Horizon Workspace Client for    1.5      Windows   patch pending \n\n      OVF Tool                        3.5.1              patch pending \n      OVF Tool                        3.0.1              patch pending \n\n      vCenter Operations Manager      5.8.1              patch pending \n\n      vCenter Support Assistant       5.5.0              patch pending \n      vCenter Support Assistant       5.5.1              patch pending \n      \n      vCD                             5.1.2              patch pending    \n      vCD                             5.1.3              patch pending \n      vCD                             5.5.1.1            patch pending \n      vCenter Site Recovery Manager   5.0.3.1            patch pending \n\n      Table 3\n      =======\n      The following table lists all affected clients running a\n      vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating\n      over an untrusted network. \n\n      VMware                          Product  Running   Replace with/\n      Product                         Version  on        Apply Patch \n      ==============                  =======  =======   =============\n      vCenter Server                  5.5       any      patch pending\n      vCenter Server                  5.1       any      patch pending\n      vCenter Server                  5.0       any      patch pending\n\n      Update Manager                  5.5       Windows  patch pending\n      Update Manager                  5.1       Windows  patch pending\n      Update Manager                  5.0       Windows  patch pending \n\n      Config Manager (VCM)            5.6                patch pending \n\n      Horizon View Client             5.3.1              patch pending \n      Horizon View Client             4.x                patch pending\n      Horizon Workspace               1.8.1              patch pending \n      Horizon Workspace               1.5                patch pending     \n \n   \n      ITBM Standard                   1.0.1              patch pending \n      ITBM Standard                   1.0                patch pending \n   \n      Studio                          2.6.0.0            patch pending \n    \n      Usage Meter                     3.3                patch pending \n      vCenter Chargeback Manager      2.6                patch pending \n      vCenter Converter Standalone    5.5                patch pending \n      vCenter Converter Standalone    5.1                patch pending \n      vCD (VCHS)                      5.6.2              patch pending \n      \n      vCenter Site Recovery Manager   5.5.1              patch pending \n      vCenter Site Recovery Manager   5.1.1              patch pending\n\n      vFabric Application Director    5.2.0              patch pending \n      vFabric Application Director    5.0.0              patch pending \n      View Client                     5.3.1              patch pending \n      View Client                     4.x                patch pending\n      VIX API                         5.5                patch pending \n      VIX API                         1.12               patch pending \n      \n      vMA (Management Assistant)      5.1.0.1            patch pending     \n  \n\n      VMware Data Recovery            2.0.3              patch pending \n     \n      VMware vSphere CLI              5.5                patch pending \n     \n      vSphere Replication             5.5.1              patch pending \n      vSphere Replication             5.6                patch pending \n      vSphere SDK for Perl            5.5                patch pending \n      vSphere Storage Appliance       5.5.1              patch pending \n      vSphere Storage Appliance       5.1.3              patch pending \n      vSphere Support Assistant       5.5.1              patch pending \n      vSphere Support Assistant       5.5.0              patch pending\n      vSphere Virtual Disk            5.5                patch pending \n      Development Kit                  \n      vSphere Virtual Disk            5.1                patch pending \n      Development Kit\n      vSphere Virtual Disk            5.0                patch pending \n      Development Kit\n \n   4. Solution\n\n   ESXi 5.5\n   ----------------------------\n\n   Download:\n   https://www.vmware.com/patchmgr/download.portal\n\n   Release Notes and Remediation Instructions:\n   http://kb.vmware.com/kb/2077359\n\n   5. Change Log\n\n   2014-06-10 VMSA-2014-0006\n   Initial security advisory in conjunction with the release of\n   ESXi 5.5 updates on 2014-06-10\n\n- -----------------------------------------------------------------------\n \n7. Contact\n\n   E-mail list for product security notifications and announcements:\n   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n   This Security Advisory is posted to the following lists:\n\n    security-announce at lists.vmware.com\n    bugtraq at securityfocus.com\n    fulldisclosure at seclists.org\n\n   E-mail: security at vmware.com\n   PGP key at: http://kb.vmware.com/kb/1055\n\n   VMware Security Advisories\n   http://www.vmware.com/security/advisories\n\n   VMware Security Response Policy\n   https://www.vmware.com/support/policies/security_response.html\n\n   VMware Lifecycle Support Phases\n   https://www.vmware.com/support/policies/lifecycle.html\n \n   Twitter\n   https://twitter.com/VMwareSRC\n\n   Copyright 2014 VMware Inc.  All rights reserved. \n\nThe attack can only be performed between a vulnerable client *and*\nserver. \n\nThanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and\nresearching this issue.  This issue was reported to OpenSSL on 1st May\n2014 via JPCERT/CC. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team partly based\non an original patch from KIKUCHI Masashi. \n\nDTLS recursion flaw (CVE-2014-0221)\n====================================\n\nBy sending an invalid DTLS handshake to an OpenSSL DTLS client the code\ncan be made to recurse eventually crashing in a DoS attack. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.  This\nissue was reported to OpenSSL on 9th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to J\u00fcri Aedla for reporting this issue.  This issue was\nreported to OpenSSL on 23rd April 2014 via HP ZDI. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team.  This flaw\nonly affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is\nenabled, which is not the default and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public.  The fix was developed by\nMatt Caswell of the OpenSSL development team. \nThis flaw only affects multithreaded applications using OpenSSL 1.0.0\nand 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the\ndefault and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public. \n\nOpenSSL 0.9.8 users should upgrade to 0.9.8za\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThanks to Felix Gr\u00f6bert and Ivan Fratri\u0107 at Google for discovering this\nissue.  This issue was reported to OpenSSL on 28th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOther issues\n============\n\nOpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for\nCVE-2014-0076: Fix for the attack described in the paper \"Recovering\nOpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack\"\nReported by Yuval Yarom and Naomi Benger.  This issue was previously\nfixed in OpenSSL 1.0.1g. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20140605.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nHP Systems Insight Manager v7.3 Hotfix kit\nHP Systems Insight Manager v7.2 Hotfix kit\n\nhttp://h18013.www1.hp.com/products/servers/management/hpsim/download.html\n\nNOTE: No reboot of the system is required after applying the HP SIM Hotfix\nkit. ============================================================================\nUbuntu Security Notice USN-2192-1\nMay 05, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 13.10\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n\nSummary:\n\nOpenSSL could be made to crash if it received specially crafted network\ntraffic. \n(CVE-2010-5298)\n\nIt was discovered that OpenSSL incorrectly handled memory in the\ndo_ssl3_write() function. \n(CVE-2014-0198)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.1\n\nUbuntu 13.10:\n  libssl1.0.0                     1.0.1e-3ubuntu1.3\n\nUbuntu 12.10:\n  libssl1.0.0                     1.0.1c-3ubuntu2.8\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.13\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-5298"
      },
      {
        "db": "BID",
        "id": "66801"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-5298"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127923"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "126927"
      },
      {
        "db": "PACKETSTORM",
        "id": "130188"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127326"
      },
      {
        "db": "PACKETSTORM",
        "id": "127045"
      },
      {
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "db": "PACKETSTORM",
        "id": "128001"
      },
      {
        "db": "PACKETSTORM",
        "id": "126481"
      },
      {
        "db": "PACKETSTORM",
        "id": "126930"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-5298",
        "trust": 2.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10629",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "66801",
        "trust": 1.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10075",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "59490",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59666",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59440",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59437",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58977",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59301",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59450",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59287",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59342",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59721",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59413",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58337",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59655",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58713",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59669",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59162",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58939",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59300",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59438",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2014/04/13/1",
        "trust": 1.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03G",
        "trust": 0.4
      },
      {
        "db": "DLINK",
        "id": "SAP10045",
        "trust": 0.3
      },
      {
        "db": "JUNIPER",
        "id": "JSA10643",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-094-04",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03F",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03B",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03C",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03D",
        "trust": 0.3
      },
      {
        "db": "MCAFEE",
        "id": "SB10071",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-5298",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127362",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127923",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127807",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126927",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130188",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131044",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140720",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127326",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127045",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126961",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128001",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126481",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126930",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-5298"
      },
      {
        "db": "BID",
        "id": "66801"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127923"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "126927"
      },
      {
        "db": "PACKETSTORM",
        "id": "130188"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127326"
      },
      {
        "db": "PACKETSTORM",
        "id": "127045"
      },
      {
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "db": "PACKETSTORM",
        "id": "128001"
      },
      {
        "db": "PACKETSTORM",
        "id": "126481"
      },
      {
        "db": "PACKETSTORM",
        "id": "126930"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-5298"
      }
    ]
  },
  "id": "VAR-201404-0008",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.416493127826087
  },
  "last_update_date": "2024-07-23T20:53:19.246000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/07/10/fireeye_patches_os_torpedo_exploitdb_disclosure/"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2192-1"
      },
      {
        "title": "Debian Security Advisories: DSA-2908-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=438bf64e25a46a5ac11098b5720d1bb6"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0198 Null pointer dereference bug in OpenSSL 1.0.1g and earlier",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=94b6140bb563b66b3bcd98992e854bf3"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0076",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1fc1fc75c3cab4aa04eb437a09a1da4f"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-349",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-349"
      },
      {
        "title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6"
      },
      {
        "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60"
      },
      {
        "title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/hrbrmstr/internetdb "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-5298"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-5298"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.openssl.org/news/secadv_20140605.txt"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
      },
      {
        "trust": 1.4,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
      },
      {
        "trust": 1.4,
        "url": "http://www.fortiguard.com/advisory/fg-ir-14-018/"
      },
      {
        "trust": 1.4,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757"
      },
      {
        "trust": 1.4,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756"
      },
      {
        "trust": 1.4,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755"
      },
      {
        "trust": 1.4,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
      },
      {
        "trust": 1.4,
        "url": "http://support.citrix.com/article/ctx140876"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
      },
      {
        "trust": 1.1,
        "url": "http://openwall.com/lists/oss-security/2014/04/13/1"
      },
      {
        "trust": 1.1,
        "url": "http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191\u0026view=markup"
      },
      {
        "trust": 1.1,
        "url": "http://ftp.openbsd.org/pub/openbsd/patches/5.5/common/004_openssl.patch.sig"
      },
      {
        "trust": 1.1,
        "url": "http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse"
      },
      {
        "trust": 1.1,
        "url": "https://rt.openssl.org/ticket/display.html?id=3265\u0026user=guest\u0026pass=guest"
      },
      {
        "trust": 1.1,
        "url": "http://www.openbsd.org/errata55.html#004_openssl"
      },
      {
        "trust": 1.1,
        "url": "https://rt.openssl.org/ticket/display.html?id=2167\u0026user=guest\u0026pass=guest"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/66801"
      },
      {
        "trust": 1.1,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80"
      },
      {
        "trust": 1.1,
        "url": "http://www.blackberry.com/btsc/kb36051"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59438"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59301"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59450"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59721"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59655"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59162"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58939"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59666"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59490"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59669"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59413"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59300"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59342"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/dec/23"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:090"
      },
      {
        "trust": 1.1,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
      },
      {
        "trust": 1.1,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59440"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59437"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59287"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58977"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58713"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58337"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29195"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629"
      },
      {
        "trust": 1.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0187.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
      },
      {
        "trust": 0.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03g"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946"
      },
      {
        "trust": 0.4,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.4,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.3,
        "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/oss-sec/2014/q2/102"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list\u0026showdraft=false"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/"
      },
      {
        "trust": 0.3,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_5298_race_conditions"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.freebsd.org/security/advisories/freebsd-sa-14:09.openssl.asc"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10643\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181245"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15328.html"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181099"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100180978"
      },
      {
        "trust": 0.3,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-03"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03d"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
      },
      {
        "trust": 0.3,
        "url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368264"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04347622"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004830"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10071"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/29a7e-50e49f9c009f9/cert_security_mini_bulletin_xrx14g_for_77xx_v1.1.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory8.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356"
      },
      {
        "trust": 0.3,
        "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690128"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004695"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03b"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03c"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03f"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-bd9a1cf60e344c549c4888db93"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-3395d737d98f42149125b9bb05"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-e8076c2a35804685ad65b2b1ba"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0224.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/site/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0198.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/site/articles/904433"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2010-5298.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3470.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0221.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0195.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/362.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33860"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2192-1/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-511c3e0b2f6f4f6bbc796fc619"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-3a7aa5e233904ebe847a5e1555"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-d775367b0a28449ca05660778b"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2520"
      },
      {
        "trust": 0.1,
        "url": "https://support.emc.com/downloads/2732_documentum-server"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2521"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-f6c141a7feeb4a358bbb28300f"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-c0d32bac154a4d93839d8cd1f2"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-8aefeaf490284a7691eca97d13"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/site/solutions/905793"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1796"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6549"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0064"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1774"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1899"
      },
      {
        "trust": 0.1,
        "url": "http://web.nvd.nist.gov/view/vuln/search"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1798"
      },
      {
        "trust": 0.1,
        "url": "https://support.emc.com/products/28224_unisphere-central"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2137"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0311"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1792"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0914"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0349"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1848"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0268"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1767"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1860"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6085"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0913"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/home.cfm."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6548"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1772"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "http://h17007.www1.hp.com/us/en/enterprise/servers/products/service_pack/hpsu"
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/vmwaresrc"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2077359"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/lifecycle.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/patchmgr/download.portal"
      },
      {
        "trust": 0.1,
        "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.13"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.8"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2192-1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/site/solutions/906703"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0628.html"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-5298"
      },
      {
        "db": "BID",
        "id": "66801"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127923"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "126927"
      },
      {
        "db": "PACKETSTORM",
        "id": "130188"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127326"
      },
      {
        "db": "PACKETSTORM",
        "id": "127045"
      },
      {
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "db": "PACKETSTORM",
        "id": "128001"
      },
      {
        "db": "PACKETSTORM",
        "id": "126481"
      },
      {
        "db": "PACKETSTORM",
        "id": "126930"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-5298"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2010-5298"
      },
      {
        "db": "BID",
        "id": "66801"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127923"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "126927"
      },
      {
        "db": "PACKETSTORM",
        "id": "130188"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127326"
      },
      {
        "db": "PACKETSTORM",
        "id": "127045"
      },
      {
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "db": "PACKETSTORM",
        "id": "128001"
      },
      {
        "db": "PACKETSTORM",
        "id": "126481"
      },
      {
        "db": "PACKETSTORM",
        "id": "126930"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-5298"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-04-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-5298"
      },
      {
        "date": "2014-04-13T00:00:00",
        "db": "BID",
        "id": "66801"
      },
      {
        "date": "2014-07-06T18:53:39",
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "date": "2014-08-19T16:52:04",
        "db": "PACKETSTORM",
        "id": "127923"
      },
      {
        "date": "2014-08-08T21:53:16",
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "date": "2014-06-05T15:17:27",
        "db": "PACKETSTORM",
        "id": "126927"
      },
      {
        "date": "2015-01-30T22:43:20",
        "db": "PACKETSTORM",
        "id": "130188"
      },
      {
        "date": "2015-03-27T20:42:44",
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "date": "2017-01-25T21:54:44",
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "date": "2014-07-02T21:43:37",
        "db": "PACKETSTORM",
        "id": "127326"
      },
      {
        "date": "2014-06-11T23:18:46",
        "db": "PACKETSTORM",
        "id": "127045"
      },
      {
        "date": "2014-06-05T21:13:52",
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "date": "2014-08-26T11:11:00",
        "db": "PACKETSTORM",
        "id": "128001"
      },
      {
        "date": "2014-05-05T17:16:01",
        "db": "PACKETSTORM",
        "id": "126481"
      },
      {
        "date": "2014-06-05T15:19:35",
        "db": "PACKETSTORM",
        "id": "126930"
      },
      {
        "date": "2014-04-14T22:38:08.590000",
        "db": "NVD",
        "id": "CVE-2010-5298"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-08-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-5298"
      },
      {
        "date": "2017-05-23T16:24:00",
        "db": "BID",
        "id": "66801"
      },
      {
        "date": "2022-08-29T20:53:02.917000",
        "db": "NVD",
        "id": "CVE-2010-5298"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "66801"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL \u0027ssl3_release_read_buffer()\u0027 Use-After-Free Memory Corruption Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "66801"
      }
    ],
    "trust": 0.3
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "66801"
      }
    ],
    "trust": 0.3
  }
}

var-201606-0477
Vulnerability from variot

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. OpenSSL is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)

  • It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. (CVE-2016-2178)

  • It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. (CVE-2016-2179)

  • A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181)

  • An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code. (CVE-2016-2182)

  • A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)

This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.

  • An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets. (CVE-2016-6302)

  • Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)

  • An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. (CVE-2016-2180)

  • Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304 and CVE-2016-6306; and Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters of CVE-2016-2183.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm

ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm

s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm

ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm

s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm

s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as aCritical Severity,a one as aModerate Severity,a and the other 12 as aLow Severity.a

Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. One of the new vulnerabilities was rated as aHigh Severitya and the other as aModerate Severity.a

Of the 16 released vulnerabilities: Fourteen track issues that could result in a denial of service (DoS) condition One (CVE-2016-2183, aka SWEET32) tracks an implementation of a Birthday attack against Transport Layer Security (TLS) block ciphers that use a 64-bit block size that could result in loss of confidentiality One (CVE-2016-2178) is a timing side-channel attack that, in specific circumstances, could allow an attacker to derive the private DSA key that belongs to another user or service running on the same system

Five of the 16 vulnerabilities affect exclusively the recently released OpenSSL versions that belong to the 1.1.0 code train, which has not yet been integrated into any Cisco product.

Gentoo Linux Security Advisory GLSA 201612-16

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2j >= 1.0.2j

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"

References

[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201612-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. Description:

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.

This release includes bug fixes as well as a new release of OpenSSL. For further information, see the knowledge base article linked to in the References section. The JBoss server process must be restarted for the update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016

openssl regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

USN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.

We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38

After a standard system update you need to reboot your computer to make all the necessary changes. (CVE-2016-4459, CVE-2016-8612)

  • A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808)

  • A memory leak flaw was fixed in expat. Solution:

The References section of this erratum contains a download link (you must log in to download the update). JIRA issues fixed (https://issues.jboss.org/):

JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

6

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0477",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1r"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.16"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.2.0"
      },
      {
        "model": "linux enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1t"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.1.2"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2g"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.47"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.0"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "linux enterprise module for web scripting",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "(linux edition )"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "sg3600 all series"
      },
      {
        "model": "ix1000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard v8.2 to  v9.4"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v8.5"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "stealthwatch udp director",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud web security",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.26"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.9"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.3"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9.15.9.8"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.8.15.7.15"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3.8"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.5"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.3.0.1098"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.4.1102"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.4.7895"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.15"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.14"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.13"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.12"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.9"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.8"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.7"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.5"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.33"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.32"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.31"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.30"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.28"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.27"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.26"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.24"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.23"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.17"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.12"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.11"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.10"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.9"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.11"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.10"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.8"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.7"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.5"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.29"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.19"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.18"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.14"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.13"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.1.1"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2.0.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1.0.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.2.0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.1.0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.0.2"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.0.1"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.4.1.5.0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.2.0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9.0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7.0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.3.0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.11"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0x"
      },
      {
        "model": "project openssl 1.0.0t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zh",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zg",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zf",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8."
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.405"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.403"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.402"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.401"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.400"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "email gateway 7.6.405h1165239",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "email gateway 7.6.405h1157986",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "email gateway 7.6.2h968406",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment 5.1.fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "tealeaf customer experience on cloud network capture add-on",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "16.1.01"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.6.1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.6.0.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.6.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.4"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.3"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "storediq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.4"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.9"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.8"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.6"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.5"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.10"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.1"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0.1"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.2"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.6.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.6.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.5.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.4.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.3.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.1.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.9"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.8"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.14"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.13"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.12"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.11"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.10"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.21"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.20"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.19"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.18"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "openssh for gpfs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.3.0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "bigfix remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "api connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "webex meetings server multimedia platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client on-premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell iuh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization quality management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified wireless ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "unified ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center enterprise live data server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager im \u0026 presence service (formerly c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs series and series fabric interconnects",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "620063000"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "telepresence system tx9000",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-37"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-32"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1100"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8200"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103200"
      },
      {
        "model": "telepresence server and mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087100"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence isdn gateway mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "telepresence isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "tandberg codian isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "stealthwatch management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "stealthwatch identity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa525g 5-line ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa51x ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart net total care local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "smart care",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "small business spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "small business series managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "small business series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "services provisioning platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime optical for service providers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime optical",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime infrastructure plug and play standalone gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "physical access gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "partner support service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "onepk all-in-one virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "one portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches standalone nx-os mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus series blade switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "nexus intercloud for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "nexus intercloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "network performance analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nac appliance clean access server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "nac appliance clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "mxe series media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobility services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber client framework components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip series phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "ios xr software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "content security appliance update servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "connected analytics for collaboration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "configuration professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud object storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "broadband access center telco and wireless",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x0"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27000"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agent desktop",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47100"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "series stackable managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "series stackable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "series smart plus switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2200"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.7"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.0"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "10.0"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.9"
      },
      {
        "model": "ssl visibility 3.8.4fc",
        "scope": null,
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": null
      },
      {
        "model": "policycenter s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "policycenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.6"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.5"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.4"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.3"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.2"
      },
      {
        "model": "packetshaper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.7"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.28"
      },
      {
        "model": "oss support tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.15.17.3.14"
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.406-3402.103"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13150-13"
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.5"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3.1"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.5"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.11"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.7.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.15"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.23"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.3-6513"
      },
      {
        "model": "bigfix remote control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "wireless lan controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1.30"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82.8"
      },
      {
        "model": "webex meetings client on-premises t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings client hosted t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex centers t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtualization experience media edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.6"
      },
      {
        "model": "videoscape anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.7.2"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.9"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.9"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.9"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.9"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.003(002)"
      },
      {
        "model": "universal small cell iuh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.23"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.23"
      },
      {
        "model": "unity express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "unified workforce optimization quality management solution 11.5 su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified sip proxy software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "unified meetingplace 8.6mr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified ip conference phone for third-party call control 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip conference phone 10.3.1sr4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip phone 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6(1)"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-3.0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.3"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "telepresence system ex series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system ex series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-376.1"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-326.1"
      },
      {
        "model": "telepresence system series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30006.1"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13006.1"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11006.1"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10006.1"
      },
      {
        "model": "telepresence sx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence sx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8204.4"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103204.4"
      },
      {
        "model": "telepresence server and mse",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087104.4"
      },
      {
        "model": "telepresence profile series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence profile series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence mx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence mx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence mcu",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5(1.89)"
      },
      {
        "model": "telepresence integrator c series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence integrator c series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "services provisioning platform sfp1.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.13"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.8"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.7"
      },
      {
        "model": "prime performance manager sp1611",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "prime network services controller 1.01u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.5"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "prime network",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "431"
      },
      {
        "model": "prime infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.7"
      },
      {
        "model": "nexus series switches standalone nx-os mode 7.0 i5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.19"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.19"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.19"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "nexus series blade switches 4.1 e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "network analysis module 6.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "netflow generation appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(1)"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.19"
      },
      {
        "model": "mds series multilayer switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11"
      },
      {
        "model": "jabber for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "jabber for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "jabber client framework components",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.4"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.2"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.1"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.5(3)"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.0.1"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.1.3"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.9"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.10"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.9"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0.1"
      },
      {
        "model": "edge digital media player 1.2rb1.0.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "340"
      },
      {
        "model": "edge digital media player 1.6rb5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "digital media manager 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "digital media manager 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dcm series d9900 digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "content security management appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.140"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.8.9"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.11"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.2"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2(1)"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0.7"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.4"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.4"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.3"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.2"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.1"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270015.5(3)"
      },
      {
        "model": "industrial router 1.2.1rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "91081"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003305"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2178"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.12.16",
                "versionStartIncluding": "0.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.10.47",
                "versionStartIncluding": "0.10.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.6.0",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.7.0",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2178"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2016-2178",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-2178",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-2178",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2178",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-2178",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2178"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003305"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2178"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. OpenSSL is prone to a local information-disclosure vulnerability. \nLocal attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2016:1940-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1940.html\nIssue date:        2016-09-27\nCVE Names:         CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 \n                   CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 \n                   CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* A memory leak flaw was found in the way OpenSSL handled TLS status\nrequest extension data during session renegotiation. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. (CVE-2016-6304)\n\n* It was discovered that OpenSSL did not always use constant time\noperations when computing Digital Signature Algorithm (DSA) signatures. \n(CVE-2016-2178)\n\n* It was discovered that the Datagram TLS (DTLS) implementation could fail\nto release memory in certain cases. A malicious DTLS client could cause a\nDTLS server using OpenSSL to consume an excessive amount of memory and,\npossibly, exit unexpectedly after exhausting all available memory. \n(CVE-2016-2179)\n\n* A flaw was found in the Datagram TLS (DTLS) replay protection\nimplementation in OpenSSL. A remote attacker could possibly use this flaw\nto make a DTLS server using OpenSSL to reject further packets sent from a\nDTLS client over an established DTLS connection. (CVE-2016-2181)\n\n* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()\nfunction. An attacker able to make an application using OpenSSL to process\na large BIGNUM could cause the application to crash or, possibly, execute\narbitrary code. (CVE-2016-2182)\n\n* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL\nprotocol. A man-in-the-middle attacker could use this flaw to recover some\nplaintext data by capturing large amounts of encrypted traffic between\nTLS/SSL server and client if the communication used a DES/3DES based\nciphersuite. (CVE-2016-2183)\n\nThis update mitigates the CVE-2016-2183 issue by lowering priority of DES\ncipher suites so they are not preferred over cipher suites using AES. For\ncompatibility reasons, DES cipher suites remain enabled by default and\nincluded in the set of cipher suites identified by the HIGH cipher string. \nFuture updates may move them to MEDIUM or not enable them by default. \n\n* An integer underflow flaw leading to a buffer over-read was found in the\nway OpenSSL parsed TLS session tickets. A remote attacker could use this\nflaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for\nsession tickets. (CVE-2016-6302)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* An out of bounds read flaw was found in the way OpenSSL formatted Public\nKey Infrastructure Time-Stamp Protocol data for printing. An attacker could\npossibly cause an application using OpenSSL to crash if it printed time\nstamp data from the attacker. (CVE-2016-2180)\n\n* Multiple out of bounds read flaws were found in the way OpenSSL handled\ncertain TLS/SSL protocol handshake messages. A remote attacker could\npossibly use these flaws to crash a TLS/SSL server or client using OpenSSL. \n(CVE-2016-6306)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. Upstream\nacknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter\nof CVE-2016-6304 and CVE-2016-6306; and Karthikeyan Bhargavan (Inria) and\nGaA\u003c\u003ctan Leurent (Inria) as the original reporters of CVE-2016-2183. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2179\nhttps://access.redhat.com/security/cve/CVE-2016-2180\nhttps://access.redhat.com/security/cve/CVE-2016-2181\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.openssl.org/news/secadv/20160922.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI\nxpTW7ApBLmKhVjs49DGYouI=\n=4VgY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as aCritical Severity,a one as aModerate Severity,a and the other 12 as aLow Severity.a\n\nSubsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. One of the new vulnerabilities was rated as aHigh Severitya and the other as aModerate Severity.a\n\nOf the 16 released vulnerabilities:\n    Fourteen track issues that could result in a denial of service (DoS) condition\n    One (CVE-2016-2183, aka SWEET32) tracks an implementation of a Birthday attack against Transport Layer Security (TLS) block ciphers that use a 64-bit block size that could result in loss of confidentiality\n    One (CVE-2016-2178) is a timing side-channel attack that, in specific circumstances, could allow an attacker to derive the private DSA key that belongs to another user or service running on the same system\n\nFive of the 16 vulnerabilities affect exclusively the recently released OpenSSL versions that belong to the 1.1.0 code train, which has not yet been integrated into any Cisco product. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 07, 2016\n     Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n           #592082, #594500, #595186\n       ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2j                  \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[  1 ] CVE-2016-2105\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[  2 ] CVE-2016-2106\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[  3 ] CVE-2016-2107\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[  4 ] CVE-2016-2108\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[  5 ] CVE-2016-2109\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[  6 ] CVE-2016-2176\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[  7 ] CVE-2016-2177\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[  8 ] CVE-2016-2178\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[  9 ] CVE-2016-2180\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n       http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. Description:\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server. \n\nThis release includes bug fixes as well as a new release of OpenSSL. For\nfurther information, see the knowledge base article linked to in the\nReferences section. The JBoss server process must be restarted for the update\nto take effect. After installing the updated\npackages, the httpd daemon will be restarted automatically. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. This\n issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n  Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2181)\n  Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n  Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. \n (CVE-2016-2183)\n  Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)\n  Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2178"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003305"
      },
      {
        "db": "BID",
        "id": "91081"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2178"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "138889"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2178",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "91081",
        "trust": 1.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10215",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/06/08/6",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/06/08/7",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/06/08/5",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/06/09/8",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/06/08/2",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/06/08/12",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/06/08/8",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/06/08/11",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/06/09/2",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/06/08/10",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/06/08/4",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-16",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-21",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-20",
        "trust": 1.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1036054",
        "trust": 1.1
      },
      {
        "db": "PULSESECURE",
        "id": "SA40312",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU98667810",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003305",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2178",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138870",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143176",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138889",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140056",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138820",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143181",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138826",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140182",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2178"
      },
      {
        "db": "BID",
        "id": "91081"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003305"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "138889"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2178"
      }
    ]
  },
  "id": "VAR-201606-0477",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.4102494200000001
  },
  "last_update_date": "2024-07-23T19:37:05.973000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160927-openssl",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "title": "HPSBGN03658",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448"
      },
      {
        "title": "1995039",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "title": "NV17-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "Security updates for all active release lines, September 2016",
        "trust": 0.8,
        "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
      },
      {
        "title": "Fix DSA, preserve BN_FLG_CONSTTIME",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2"
      },
      {
        "title": "SUSE-SU-2016:2470",
        "trust": 0.8,
        "url": "https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Oracle Linux Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "title": "Bug 1343400",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400"
      },
      {
        "title": "SA132",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "title": "SA40312",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaapsv"
      },
      {
        "title": "TNS-2016-16",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "title": "TLSA-2016-17",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-17j.html"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171659 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171658 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 7",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170194 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 6",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170193 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2016-2178",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2178"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-2178"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-755",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16"
      },
      {
        "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20"
      },
      {
        "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-2178 "
      },
      {
        "title": "alpine-cvecheck",
        "trust": 0.1,
        "url": "https://github.com/tomwillfixit/alpine-cvecheck "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2178"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003305"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-203",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003305"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2178"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "trust": 1.4,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.4,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.ubuntu.com/usn/usn-3087-1"
      },
      {
        "trust": 1.2,
        "url": "http://eprint.iacr.org/2016/594.pdf"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201612-16"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2017:1658"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2017-1659.html"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-3087-2"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2016/06/09/8"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2016/06/08/2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
      },
      {
        "trust": 1.1,
        "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/91081"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036054"
      },
      {
        "trust": 1.1,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "trust": 1.1,
        "url": "http://www.splunk.com/view/sp-caaapsv"
      },
      {
        "trust": 1.1,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-21"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-20"
      },
      {
        "trust": 1.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2017:0194"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2017:0193"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2016/dsa-3673"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/csp/article/k53084033"
      },
      {
        "trust": 1.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en\u0026docid=emr_na-hpesbhf03856en_us"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2016/06/08/12"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2016/06/08/11"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2016/06/08/10"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2016/06/08/6"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2016/06/08/5"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2016/06/08/4"
      },
      {
        "trust": 1.1,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2016/06/08/8"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2016/06/08/7"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2017/jul/31"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05302448"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2016/06/09/2"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=399944622df7bd81af62e67ea967c470534090e2"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2178"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98667810/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2178"
      },
      {
        "trust": 0.8,
        "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://eprint.iacr.org/2016/594"
      },
      {
        "trust": 0.3,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995935"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991896"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994870"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009586"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1009648"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992427"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992681"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21994534"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994861"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000242"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-6304"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/2688611"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/solutions/222023"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-8610"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8610"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/203.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2017:1659"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3087-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2181"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2179"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2182"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6302"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1626883"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-8612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5420"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5419"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7141"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2178"
      },
      {
        "db": "BID",
        "id": "91081"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003305"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "138889"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2178"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2178"
      },
      {
        "db": "BID",
        "id": "91081"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003305"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "138889"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2178"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-06-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2178"
      },
      {
        "date": "2016-06-08T00:00:00",
        "db": "BID",
        "id": "91081"
      },
      {
        "date": "2016-06-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-003305"
      },
      {
        "date": "2016-09-27T19:32:00",
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "date": "2017-06-28T22:12:00",
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "date": "2016-09-28T23:24:00",
        "db": "PACKETSTORM",
        "id": "138889"
      },
      {
        "date": "2016-12-07T16:37:31",
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "date": "2016-09-22T22:25:00",
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "date": "2017-06-28T22:37:00",
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "date": "2016-09-23T19:19:00",
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "date": "2016-12-16T16:34:49",
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "date": "2016-06-20T01:59:03.023000",
        "db": "NVD",
        "id": "CVE-2016-2178"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2178"
      },
      {
        "date": "2018-02-05T14:00:00",
        "db": "BID",
        "id": "91081"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-003305"
      },
      {
        "date": "2023-11-07T02:31:01.430000",
        "db": "NVD",
        "id": "CVE-2016-2178"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "91081"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/dsa/dsa_ossl.c of  dsa_sign_setup In function  DSA Vulnerability to obtain a private key",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003305"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "91081"
      }
    ],
    "trust": 0.3
  }
}

var-200110-0211
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)

files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

Full-Disclosure - We believe in it.

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01118771 Version: 1

HPSBMA02250 SSRT061275 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-08-01 Last Updated: 2007-08-01

Potential Security Impact: Remote execution of arbitrary code and Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified HP System Management Homepage (SMH) for Linux and Windows.

References: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-4339, CVE-2006-4343

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. A more recent version is available: System Management Homepage (SMH) version 2.1.8

HP System Management Homepage for Linux (x86) version 2.1.8-177 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26864.html

HP System Management Homepage for Linux (AMD64/EM64T) version 2.1.8-177 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26866.html

HP System Management Homepage for Windows version 2.1.8-179 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26977.html

PRODUCT SPECIFIC INFORMATION

HISTORY: Version:1 (rev.1) - 1 August 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0211",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01118771\nVersion: 1\n\nHPSBMA02250 SSRT061275 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-08-01\nLast Updated: 2007-08-01\n\n\nPotential Security Impact: Remote execution of arbitrary code and Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified HP System Management Homepage (SMH) for Linux and Windows. \n\nReferences: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-4339, CVE-2006-4343\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \nA more recent version is available: System Management Homepage (SMH) version 2.1.8 \n\nHP System Management Homepage for Linux (x86) version 2.1.8-177 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26864.html \n\nHP System Management Homepage for Linux (AMD64/EM64T) version 2.1.8-177 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26866.html \n\nHP System Management Homepage for Windows version 2.1.8-179 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26977.html \n\nPRODUCT SPECIFIC INFORMATION \n\nHISTORY: \nVersion:1 (rev.1) - 1 August 2007 Initial Release \n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux \nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      }
    ],
    "trust": 4.77
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200110-0211",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-04-30T19:15:10.457000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.6,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  }
}

var-201201-0170
Vulnerability from variot

Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions.

Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code.

Warning: Before applying this update, back up your JBoss Enterprise Application Platform's "server/[PROFILE]/deploy/" directory, along with all other customized configuration files.

All users of JBoss Enterprise Application Platform 5.1.2 for Solaris and Microsoft Windows as provided from the Red Hat Customer Portal are advised to apply this update. Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Application Platform installation (including all applications and configuration files). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: rhev-hypervisor5 security and bug fix update Advisory ID: RHSA-2012:0168-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0168.html Issue date: 2012-02-21 CVE Names: CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 CVE-2012-0029 CVE-2012-0207 =====================================================================

  1. Summary:

An updated rhev-hypervisor5 package that fixes several security issues and various bugs is now available.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

RHEV Hypervisor for RHEL-5 - noarch

  1. Description:

The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.

A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029)

A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2011-4109)

An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)

It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)

Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029, and Simon McVittie for reporting CVE-2012-0207.

This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers:

CVE-2006-1168 and CVE-2011-2716 (busybox issues)

CVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc issues)

CVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and CVE-2012-0028 (kernel issues)

CVE-2011-1526 (krb5 issue)

CVE-2011-4347 (kvm issue)

CVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2011-1944 (libxml2 issues)

CVE-2011-1749 (nfs-utils issue)

CVE-2011-4108 (openssl issue)

CVE-2011-0010 (sudo issue)

CVE-2011-1675 and CVE-2011-1677 (util-linux issues)

CVE-2010-0424 (vixie-cron issue)

This updated rhev-hypervisor5 package fixes various bugs. Documentation of these changes will be available shortly in the Technical Notes document:

https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html

Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.

  1. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

  1. Bugs fixed (http://bugzilla.redhat.com/):

606191 - after upgrade , reboot can't shut off network successfully and back to firstboot menu again 627538 - System will not boot sometimes when using rhevm to do upgrade twice. 650179 - rhevm bridge came up instead of breth0 after fail to configure network 675325 - Changes to networking always clear the contents of resolv.conf 696875 - RHEVH bootup hanging in ovirt-early when doing LVM scanning 717535 - [RFE] No confirm message for ntp server setting 728895 - RHEV-H rpm should include a versions text file 732948 - CCISS: Auto install fail at creating physical volume. 734110 - rhevh - upgrade ovirt node fails due to nonexistent breth0 734480 - [RFE] Add virt-who package to RHEVH 734710 - Register RHN satellite will fail if RHN satellite password include space. 740127 - Provide our CPE name in a new system file 743938 - Make rhev-hypervisor RPM multi-installable like the kernel 747519 - RHEV-H 5.8 register to RHN will fail. 747647 - Change rhev-hypervisor RPM to be rhev-hypervisor5 to allow coinstallations with rhev-hypervisor6 756178 - remove redundant brcm-iscsi.log rotation from ovirt-node now that it is in iscsi-initiator-utils 758465 - RHEV-H 5.8 register to RHN will fail if password contains quotes or spaces 759462 - Can not retrieve running guests UUID in RHEVH node. 759632 - virt-who debugging output going to stderr always 759635 - Revert workaround of virt-who output 761357 - Multipathd service is stopped by default cause change password failed in single mode. 768256 - network layout is incorrect when configure network with nic up 771771 - CVE-2011-4109 openssl: double-free in policy checks 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771780 - CVE-2011-4619 openssl: SGC restart DoS attack 772075 - CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow 772867 - CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries 783625 - The setup command should only allow password setting and viewing logs in single mode.

  1. Package List:

RHEV Hypervisor for RHEL-5:

noarch: rhev-hypervisor5-5.8-20120202.0.el5.noarch.rpm rhev-hypervisor5-tools-5.8-20120202.0.el5.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2011-4109.html https://www.redhat.com/security/data/cve/CVE-2011-4576.html https://www.redhat.com/security/data/cve/CVE-2011-4619.html https://www.redhat.com/security/data/cve/CVE-2012-0029.html https://www.redhat.com/security/data/cve/CVE-2012-0207.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQ1yHXlSAg2UNWIIRAl9/AJ9JmPpSO5U2xwDBKDZA8y5To8EVcwCfZFGN bzF952CZ/r5T3LUF9kY6X8c= =IdNq -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

============================================================================= FreeBSD-SA-12:01.openssl Security Advisory The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib Module: openssl Announced: 2012-05-03 Credits: Adam Langley, George Kadianakis, Ben Laurie, Ivan Nestlerode, Tavis Ormandy Affects: All supported versions of FreeBSD. Corrected: 2012-05-03 15:25:11 UTC (RELENG_7, 7.4-STABLE) 2012-05-03 15:25:11 UTC (RELENG_7_4, 7.4-RELEASE-p7) 2012-05-03 15:25:11 UTC (RELENG_8, 8.3-STABLE) 2012-05-03 15:25:11 UTC (RELENG_8_3, 8.3-RELEASE-p1) 2012-05-03 15:25:11 UTC (RELENG_8_2, 8.2-RELEASE-p7) 2012-05-03 15:25:11 UTC (RELENG_8_1, 8.1-RELEASE-p9) 2012-05-03 15:25:11 UTC (RELENG_9, 9.0-STABLE) 2012-05-03 15:25:11 UTC (RELENG_9_0, 9.0-RELEASE-p1) CVE Name: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109, CVE-2012-0884, CVE-2012-2110

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. This could include sensitive contents of previously freed memory. [CVE-2011-4109]

A weakness in the OpenSSL PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA). [CVE-2012-0884]

The asn1_d2i_read_bio() function, used by the d2i_bio and d2i_fp functions, in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can occur on systems that parse untrusted ASN.1 data, such as X.509 certificates or RSA public keys. [CVE-2012-2110]

III. Impact

Sensitive contents of the previously freed memory can be exposed when communicating with a SSL 3.0 peer. However, FreeBSD OpenSSL version does not support SSL_MODE_RELEASE_BUFFERS SSL mode and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer than any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue. [CVE-2011-4619]

The double-free, when an application performs X509 certificate policy checking, can lead to denial of service in that application. [CVE-2011-4109]

A weakness in the OpenSSL PKCS #7 code can lead to a successful Bleichenbacher attack. Only users of PKCS #7 decryption operations are affected. A successful attack needs on average 2^20 messages. In practice only automated systems will be affected as humans will not be willing to process this many messages. SSL/TLS applications are not affected. [CVE-2012-0884]

The vulnerability in the asn1_d2i_read_bio() OpenSSL function can lead to a potentially exploitable attack via buffer overflow. The SSL/TLS code in OpenSSL is not affected by this issue, nor are applications using the memory based ASN.1 functions. There are no applications in FreeBSD base system affected by this issue, though some 3rd party consumers of these functions might be vulnerable when processing untrusted ASN.1 data. [CVE-2012-2110]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE or 9-STABLE, or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, RELENG_9_0 security branch dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to FreeBSD 7.4, 8.3, 8.2, 8.1, and 9.0 systems.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

fetch http://security.FreeBSD.org/patches/SA-12:01/openssl.patch

fetch http://security.FreeBSD.org/patches/SA-12:01/openssl.patch.asc

b) Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system as described in and reboot the system.

NOTE: Any third-party applications, including those installed from the FreeBSD ports collection, which are statically linked to libcrypto(3) should be recompiled in order to use the corrected code.

3) To update your vulnerable system via a binary patch:

Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

VI. Correction details

The following list contains the revision numbers of each file that was corrected in FreeBSD.

CVS:

Branch Revision Path

RELENG_7 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.2.2 src/crypto/openssl/crypto/mem.c 1.1.1.8.2.2 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.1.1.1.2.2 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.1.1.2.2.2 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.2.1 src/crypto/openssl/crypto/buffer/buffer.c 1.1.1.4.2.2 src/crypto/openssl/ssl/ssl_err.c 1.1.1.11.2.3 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.7 src/crypto/openssl/ssl/ssl.h 1.1.1.16.2.3 src/crypto/openssl/ssl/s3_enc.c 1.1.1.13.2.2 src/crypto/openssl/ssl/ssl3.h 1.1.1.6.2.2 RELENG_7_4 src/UPDATING 1.507.2.36.2.9 src/sys/conf/newvers.sh 1.72.2.18.2.12 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.2.1.2.1 src/crypto/openssl/crypto/mem.c 1.1.1.8.2.1.2.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.1.1.1.2.1.2.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.1.1.2.2.1.2.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.20.1 src/crypto/openssl/crypto/buffer/buffer.c 1.1.1.4.2.1.2.1 src/crypto/openssl/ssl/ssl_err.c 1.1.1.11.2.2.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.5.2.1 src/crypto/openssl/ssl/ssl.h 1.1.1.16.2.2.2.1 src/crypto/openssl/ssl/s3_enc.c 1.1.1.13.2.1.2.1 src/crypto/openssl/ssl/ssl3.h 1.1.1.6.2.1.2.1 RELENG_8 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.2 src/crypto/openssl/crypto/mem.c 1.2.2.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.2.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.2 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.10.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.2.1 src/crypto/openssl/ssl/ssl_err.c 1.2.2.2 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.5 src/crypto/openssl/ssl/ssl.h 1.2.2.2 src/crypto/openssl/ssl/s3_enc.c 1.2.2.2 src/crypto/openssl/ssl/ssl3.h 1.2.2.2 RELENG_8_3 src/UPDATING 1.632.2.26.2.3 src/sys/conf/newvers.sh 1.83.2.15.2.5 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.1.4.1 src/crypto/openssl/crypto/mem.c 1.2.14.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.14.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.6.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.26.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.14.1 src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.6.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.4.2.1 src/crypto/openssl/ssl/ssl.h 1.2.2.1.6.1 src/crypto/openssl/ssl/s3_enc.c 1.2.2.1.4.1 src/crypto/openssl/ssl/ssl3.h 1.2.2.1.6.1 RELENG_8_2 src/UPDATING 1.632.2.19.2.9 src/sys/conf/newvers.sh 1.83.2.12.2.12 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.1.2.1 src/crypto/openssl/crypto/mem.c 1.2.8.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.8.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.4.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.18.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.8.1 src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.3.2.1 src/crypto/openssl/ssl/ssl.h 1.2.2.1.4.1 src/crypto/openssl/ssl/s3_enc.c 1.2.2.1.2.1 src/crypto/openssl/ssl/ssl3.h 1.2.2.1.4.1 RELENG_8_1 src/UPDATING 1.632.2.14.2.12 src/sys/conf/newvers.sh 1.83.2.10.2.13 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.16.1 src/crypto/openssl/crypto/mem.c 1.2.6.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.6.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.2.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.16.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.6.1 src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.2.2.1 src/crypto/openssl/ssl/ssl.h 1.2.2.1.2.1 src/crypto/openssl/ssl/s3_enc.c 1.2.6.1 src/crypto/openssl/ssl/ssl3.h 1.2.2.1.2.1 RELENG_9 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.2.2.1 src/crypto/openssl/crypto/mem.c 1.2.10.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.10.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.3.2.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.22.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.10.1 src/crypto/openssl/ssl/ssl_err.c 1.3.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.7.2.1 src/crypto/openssl/ssl/ssl.h 1.3.2.1 src/crypto/openssl/ssl/s3_enc.c 1.3.2.1 src/crypto/openssl/ssl/ssl3.h 1.3.2.1 RELENG_9_0 src/UPDATING 1.702.2.4.2.3 src/sys/conf/newvers.sh 1.95.2.4.2.5 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.2.4.1 src/crypto/openssl/crypto/mem.c 1.2.12.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.12.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.3.4.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.24.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.12.1 src/crypto/openssl/ssl/ssl_err.c 1.3.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.7.4.1 src/crypto/openssl/ssl/ssl.h 1.3.4.1 src/crypto/openssl/ssl/s3_enc.c 1.3.4.1 src/crypto/openssl/ssl/ssl3.h 1.3.4.1

Subversion:

Branch/path Revision

stable/7/ r234954 releng/7.4/ r234954 stable/8/ r234954 releng/8.3/ r234954 releng/8.2/ r234954 releng/8.1/ r234954 stable/9/ r234954 releng/9.0/ r234954

VII. Content-Disposition: inline

==========================================================================Ubuntu Security Notice USN-1357-1 February 09, 2012

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.10
  • Ubuntu 10.04 LTS
  • Ubuntu 8.04 LTS

Summary:

Multiple vulnerabilities exist in OpenSSL that could expose sensitive information or cause applications to crash.

Software Description: - openssl: Secure Socket Layer (SSL) binary and related cryptographic tools

Details:

It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)

Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. This could allow a remote attacker to recover plaintext. (CVE-2011-4108)

Antonio Martin discovered that a flaw existed in the fix to address CVE-2011-4108, the DTLS MAC check failure. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109)

It was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4576)

Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. (CVE-2011-4619)

Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL did not properly handle invalid parameters. This could allow a remote attacker to cause a denial of service via crafted data from a TLS client. This issue only affected Ubuntu 11.10. (CVE-2012-0027)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.10: libssl1.0.0 1.0.0e-2ubuntu4.2 openssl 1.0.0e-2ubuntu4.2

Ubuntu 11.04: libssl0.9.8 0.9.8o-5ubuntu1.2 openssl 0.9.8o-5ubuntu1.2

Ubuntu 10.10: libssl0.9.8 0.9.8o-1ubuntu4.6 openssl 0.9.8o-1ubuntu4.6

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.8 openssl 0.9.8k-7ubuntu8.8

Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.15 openssl 0.9.8g-4ubuntu3.15

After a standard system update you need to reboot your computer to make all the necessary changes. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Bugs fixed (http://bugzilla.redhat.com/):

771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack 771771 - CVE-2011-4109 openssl: double-free in policy checks 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771780 - CVE-2011-4619 openssl: SGC restart DoS attack

  1. 5 client):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-20.el5_7.1.src.rpm

i386: openssl-0.9.8e-20.el5_7.1.i386.rpm openssl-0.9.8e-20.el5_7.1.i686.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.i386.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm openssl-perl-0.9.8e-20.el5_7.1.i386.rpm

x86_64: openssl-0.9.8e-20.el5_7.1.i686.rpm openssl-0.9.8e-20.el5_7.1.x86_64.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.x86_64.rpm openssl-perl-0.9.8e-20.el5_7.1.x86_64.rpm

RHEL Desktop Workstation (v. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPFFiBmqjQ0CJFipgRAkIUAJ9foScZELNgGkHUEaaSx9sgdWNMFwCgnsst eph27yO3eEECVX28+SNUKyw= =wTFq -----END PGP SIGNATURE----- .

Release Date: 2012-01-19 Last Updated: 2012-01-19

Potential Security Impact: Remote Denial of Service (DoS), unauthorized access

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08s.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4109 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 9.3 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided upgrades to resolve this vulnerability. The upgrades are available from the following location ftp://ossl098s:Secure12@ftp.usa.hp.com

HP-UX Release / Depot Name

B.11.11 PA (32 and 64) / OpenSSL_A.00.09.08s.001_HP-UX_B.11.11_32+64.depot

B.11.23 (PA and IA) / OpenSSL_A.00.09.08s.002_HP-UX_B.11.23_IA-PA.depot

B.11.31 (PA and IA) / OpenSSL_A.00.09.08s.003_HP-UX_B.11.31_IA-PA.depot

MANUAL ACTIONS: Yes - Update

Install OpenSSL A.00.09.08s or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.11

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.001 or subsequent

HP-UX B.11.23

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.002 or subsequent

HP-UX B.11.31

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.003 or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) 19 January 2012 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0170",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "efi",
        "version": null
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.32"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16.2"
      },
      {
        "model": "aura system platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "hardware management console 7r7.7.0",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux enterprise sdk sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.41"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.1"
      },
      {
        "model": "big-ip webaccelerator hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "aura system manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "hardware management console 7r7.2.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "hardware management console 7r7.1.0 sp4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "8.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "junos space ja1500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip asm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "proactive contact",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "voice portal",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.3"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "junos space ja2500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411.2"
      },
      {
        "model": "linux enterprise server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "reflection sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "aura communication manager sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.0.52"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip webaccelerator hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "8.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "xiv storage system gen3 mtm 11.1.0.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-114"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.44"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "hardware management console 7r7.1.0 sp3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "junos space 14.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "8.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "tivoli network manager fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "pfsense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.1"
      },
      {
        "model": "big-ip ltm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "junos space 13.1p1.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.2"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "reflection for ibm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20070"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "hardware management console 7r7.3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.3"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "big-ip ltm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "messaging storage server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.14"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "linux enterprise server sp3 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.01"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "voice portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "enterprise linux desktop version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.50"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.55"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56001"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "big-ip psm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.00"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.1.2"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411.1.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4"
      },
      {
        "model": "meeting exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "jboss enterprise web server for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "1.0.2"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411.2"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "tivoli remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "big-ip edge gateway hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "message networking sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux enterprise server for vmware sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "infosphere balanced warehouse d5100",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "hardware management console 7r7.2.0 sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.7"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip wom hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "messaging storage server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip analytics 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip afm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.2"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "onboard administrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.56"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.12"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.1"
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "xiv storage system gen3 mtm 11.0.1.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-114"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "fiery print controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "efi",
        "version": "2.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "docucolor dc260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "docucolor dc242",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "linux enterprise server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.13"
      },
      {
        "model": "aura sip enablement services sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "reflection for ibm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20080"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.5.0.15"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.1"
      },
      {
        "model": "7.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.9"
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "pfsense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.3"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.4"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411.1.1"
      },
      {
        "model": "reflection sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.1"
      },
      {
        "model": "big-ip psm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aura application server sip core pb26",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "xiv storage system gen3 mtm 11.1.0.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-114"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411"
      },
      {
        "model": "sterling connect:direct",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.61"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "enterprise virtualization hypervisor for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "60"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "linux enterprise sdk sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56002"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "76000"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "junos space r1.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.40"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.00"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux enterprise desktop sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "reflection for unix and openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20080"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0"
      },
      {
        "model": "enterprise virtualization hypervisor for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "50"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "tivoli network manager fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9"
      },
      {
        "model": "jboss enterprise web server for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "1.0.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77100"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "hardware management console 7r7.1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm 11.0.1.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-114"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip analytics hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77000"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16.3"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "docucolor dc252",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "ds8870",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "linux enterprise desktop sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip pem hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "aura conferencing standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "hardware management console 7r7.2.0 sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "pfsense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "message networking",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.5"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4109"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4109"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "116824"
      },
      {
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "db": "PACKETSTORM",
        "id": "109055"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2011-4109",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2011-4109",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-4109",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2011-4109",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2011-4109"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4109"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. \n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\nfrom BIO (OpenSSL\u0027s I/O abstraction) inputs. Specially-crafted DER\n(Distinguished Encoding Rules) encoded data read from a file or other BIO\ninput could cause an application using the OpenSSL library to crash or,\npotentially, execute arbitrary code. \n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform\u0027s \"server/[PROFILE]/deploy/\" directory, along with all\nother customized configuration files. \n\nAll users of JBoss Enterprise Application Platform 5.1.2 for Solaris and\nMicrosoft Windows as provided from the Red Hat Customer Portal are advised\nto apply this update. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: rhev-hypervisor5 security and bug fix update\nAdvisory ID:       RHSA-2012:0168-01\nProduct:           Red Hat Enterprise Virtualization\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2012-0168.html\nIssue date:        2012-02-21\nCVE Names:         CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 \n                   CVE-2012-0029 CVE-2012-0207 \n=====================================================================\n\n1. Summary:\n\nAn updated rhev-hypervisor5 package that fixes several security issues and\nvarious bugs is now available. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEV Hypervisor for RHEL-5 - noarch\n\n3. Description:\n\nThe rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization\nHypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. \nIt includes everything necessary to run and manage virtual machines: A\nsubset of the Red Hat Enterprise Linux operating environment and the Red\nHat Enterprise Virtualization Agent. \n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions. \n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nA divide-by-zero flaw was found in the Linux kernel\u0027s igmp_heard_query()\nfunction. An attacker able to send certain IGMP (Internet Group Management\nProtocol) packets to a target system could use this flaw to cause a denial\nof service. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection. \n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake. \n(CVE-2011-4619)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029,\nand Simon McVittie for reporting CVE-2012-0207. \n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2006-1168 and CVE-2011-2716 (busybox issues)\n\nCVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc\nissues)\n\nCVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and\nCVE-2012-0028 (kernel issues)\n\nCVE-2011-1526 (krb5 issue)\n\nCVE-2011-4347 (kvm issue)\n\nCVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919\nand CVE-2011-1944 (libxml2 issues)\n\nCVE-2011-1749 (nfs-utils issue)\n\nCVE-2011-4108 (openssl issue)\n\nCVE-2011-0010 (sudo issue)\n\nCVE-2011-1675 and CVE-2011-1677 (util-linux issues)\n\nCVE-2010-0424 (vixie-cron issue)\n\nThis updated rhev-hypervisor5 package fixes various bugs. Documentation of\nthese changes will be available shortly in the Technical Notes document:\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n606191 - after upgrade , reboot can\u0027t shut off network successfully and back to firstboot menu again\n627538 - System will not boot sometimes when using rhevm to do upgrade twice. \n650179 - rhevm bridge came up instead of breth0 after fail to configure network\n675325 - Changes to networking always clear the contents of resolv.conf\n696875 - RHEVH bootup hanging in ovirt-early when doing LVM scanning\n717535 - [RFE] No confirm message for ntp server setting\n728895 - RHEV-H rpm should include a versions text file\n732948 - CCISS: Auto install fail at creating physical volume. \n734110 - rhevh - upgrade ovirt node fails due to nonexistent breth0\n734480 - [RFE] Add virt-who package to RHEVH\n734710 - Register RHN satellite will fail if RHN satellite password include space. \n740127 - Provide our CPE name in a new system file\n743938 - Make rhev-hypervisor RPM multi-installable like the kernel\n747519 - RHEV-H 5.8 register to RHN will fail. \n747647 - Change rhev-hypervisor RPM to be rhev-hypervisor5 to allow coinstallations with rhev-hypervisor6\n756178 - remove redundant brcm-iscsi.log rotation from ovirt-node now that it is in iscsi-initiator-utils\n758465 - RHEV-H 5.8 register to RHN will fail if password contains quotes or spaces\n759462 - Can not retrieve running guests UUID in RHEVH node. \n759632 - virt-who debugging output going to stderr always\n759635 - Revert workaround of virt-who output\n761357 - Multipathd service is stopped by default cause change password failed in single mode. \n768256 - network layout is incorrect when configure network with  nic up\n771771 - CVE-2011-4109 openssl: double-free in policy checks\n771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding\n771780 - CVE-2011-4619 openssl: SGC restart DoS attack\n772075 - CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow\n772867 - CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries\n783625 - The setup command should only allow password setting and viewing logs in single mode. \n\n6. Package List:\n\nRHEV Hypervisor for RHEL-5:\n\nnoarch:\nrhev-hypervisor5-5.8-20120202.0.el5.noarch.rpm\nrhev-hypervisor5-tools-5.8-20120202.0.el5.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-4109.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4576.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4619.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0029.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0207.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPQ1yHXlSAg2UNWIIRAl9/AJ9JmPpSO5U2xwDBKDZA8y5To8EVcwCfZFGN\nbzF952CZ/r5T3LUF9kY6X8c=\n=IdNq\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-12:01.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          OpenSSL multiple vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2012-05-03\nCredits:        Adam Langley, George Kadianakis, Ben Laurie,\n                Ivan Nestlerode, Tavis Ormandy\nAffects:        All supported versions of FreeBSD. \nCorrected:      2012-05-03 15:25:11 UTC (RELENG_7, 7.4-STABLE)\n                2012-05-03 15:25:11 UTC (RELENG_7_4, 7.4-RELEASE-p7)\n                2012-05-03 15:25:11 UTC (RELENG_8, 8.3-STABLE)\n                2012-05-03 15:25:11 UTC (RELENG_8_3, 8.3-RELEASE-p1)\n                2012-05-03 15:25:11 UTC (RELENG_8_2, 8.2-RELEASE-p7)\n                2012-05-03 15:25:11 UTC (RELENG_8_1, 8.1-RELEASE-p9)\n                2012-05-03 15:25:11 UTC (RELENG_9, 9.0-STABLE)\n                2012-05-03 15:25:11 UTC (RELENG_9_0, 9.0-RELEASE-p1)\nCVE Name:       CVE-2011-4576, CVE-2011-4619, CVE-2011-4109,\n                CVE-2012-0884, CVE-2012-2110\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII.  This could include\nsensitive contents of previously freed memory. [CVE-2011-4109]\n\nA weakness in the OpenSSL PKCS #7 code can be exploited using\nBleichenbacher\u0027s attack on PKCS #1 v1.5 RSA padding also known as the\nmillion message attack (MMA). [CVE-2012-0884]\n\nThe asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp\nfunctions, in OpenSSL contains multiple integer errors that can cause\nmemory corruption when parsing encoded ASN.1 data.  This error can occur\non systems that parse untrusted ASN.1 data, such as X.509 certificates\nor RSA public keys. [CVE-2012-2110]\n\nIII. Impact\n\nSensitive contents of the previously freed memory can be exposed\nwhen communicating with a SSL 3.0 peer.  However, FreeBSD OpenSSL\nversion does not support SSL_MODE_RELEASE_BUFFERS SSL mode and\ntherefore have a single write buffer per connection.  That write buffer\nis partially filled with non-sensitive, handshake data at the beginning\nof the connection and, thereafter, only records which are longer than\nany previously sent record leak any non-encrypted data.  This, combined\nwith the small number of bytes leaked per record, serves to limit to\nseverity of this issue. [CVE-2011-4619]\n\nThe double-free, when an application performs X509 certificate policy\nchecking, can lead to denial of service in that application. \n[CVE-2011-4109]\n\nA weakness in the OpenSSL PKCS #7 code can lead to a successful\nBleichenbacher attack.  Only users of PKCS #7 decryption operations are\naffected.  A successful attack needs on average 2^20 messages. In\npractice only automated systems will be affected as humans will not be\nwilling to process this many messages.  SSL/TLS applications are not\naffected. [CVE-2012-0884]\n\nThe vulnerability in the asn1_d2i_read_bio() OpenSSL function can lead\nto a potentially exploitable attack via buffer overflow.  The SSL/TLS\ncode in OpenSSL is not affected by this issue, nor are applications\nusing the memory based ASN.1 functions.  There are no applications in\nFreeBSD base system affected by this issue, though some 3rd party\nconsumers of these functions might be vulnerable when processing\nuntrusted ASN.1 data.  [CVE-2012-2110]\n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE or 9-STABLE,\nor to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, RELENG_9_0\nsecurity branch dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to FreeBSD 7.4, 8.3,\n8.2, 8.1, and 9.0 systems. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl.patch\n# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system as described in\n\u003cURL: http://www.freebsd.org/handbook/makeworld.html\u003e and reboot the\nsystem. \n\nNOTE: Any third-party applications, including those installed from the\nFreeBSD ports collection, which are statically linked to libcrypto(3)\nshould be recompiled in order to use the corrected code. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE or\n9.0-RELEASE on the i386 or amd64 platforms can be updated via the\nfreebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI.  Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nCVS:\n\nBranch                                                           Revision\n  Path\n- - -------------------------------------------------------------------------\nRELENG_7\n  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                 1.1.1.13.2.2\n  src/crypto/openssl/crypto/mem.c                             1.1.1.8.2.2\n  src/crypto/openssl/crypto/x509v3/pcy_map.c                  1.1.1.1.2.2\n  src/crypto/openssl/crypto/x509v3/pcy_tree.c                 1.1.1.2.2.2\n  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                   1.1.1.3.2.1\n  src/crypto/openssl/crypto/buffer/buffer.c                   1.1.1.4.2.2\n  src/crypto/openssl/ssl/ssl_err.c                           1.1.1.11.2.3\n  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.17.2.7\n  src/crypto/openssl/ssl/ssl.h                               1.1.1.16.2.3\n  src/crypto/openssl/ssl/s3_enc.c                            1.1.1.13.2.2\n  src/crypto/openssl/ssl/ssl3.h                               1.1.1.6.2.2\nRELENG_7_4\n  src/UPDATING                                             1.507.2.36.2.9\n  src/sys/conf/newvers.sh                                  1.72.2.18.2.12\n  src/crypto/openssl/crypto/pkcs7/pk7_doit.c             1.1.1.13.2.1.2.1\n  src/crypto/openssl/crypto/mem.c                         1.1.1.8.2.1.2.1\n  src/crypto/openssl/crypto/x509v3/pcy_map.c              1.1.1.1.2.1.2.1\n  src/crypto/openssl/crypto/x509v3/pcy_tree.c             1.1.1.2.2.1.2.1\n  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.20.1\n  src/crypto/openssl/crypto/buffer/buffer.c               1.1.1.4.2.1.2.1\n  src/crypto/openssl/ssl/ssl_err.c                       1.1.1.11.2.2.2.1\n  src/crypto/openssl/ssl/s3_srvr.c                       1.1.1.17.2.5.2.1\n  src/crypto/openssl/ssl/ssl.h                           1.1.1.16.2.2.2.1\n  src/crypto/openssl/ssl/s3_enc.c                        1.1.1.13.2.1.2.1\n  src/crypto/openssl/ssl/ssl3.h                           1.1.1.6.2.1.2.1\nRELENG_8\n  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                1.1.1.13.10.2\n  src/crypto/openssl/crypto/mem.c                                 1.2.2.1\n  src/crypto/openssl/crypto/x509v3/pcy_map.c                      1.2.2.1\n  src/crypto/openssl/crypto/x509v3/pcy_tree.c                     1.2.2.2\n  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.10.1\n  src/crypto/openssl/crypto/buffer/buffer.c                       1.2.2.1\n  src/crypto/openssl/ssl/ssl_err.c                                1.2.2.2\n  src/crypto/openssl/ssl/s3_srvr.c                                1.3.2.5\n  src/crypto/openssl/ssl/ssl.h                                    1.2.2.2\n  src/crypto/openssl/ssl/s3_enc.c                                 1.2.2.2\n  src/crypto/openssl/ssl/ssl3.h                                   1.2.2.2\nRELENG_8_3\n  src/UPDATING                                             1.632.2.26.2.3\n  src/sys/conf/newvers.sh                                   1.83.2.15.2.5\n  src/crypto/openssl/crypto/pkcs7/pk7_doit.c            1.1.1.13.10.1.4.1\n  src/crypto/openssl/crypto/mem.c                                1.2.14.1\n  src/crypto/openssl/crypto/x509v3/pcy_map.c                     1.2.14.1\n  src/crypto/openssl/crypto/x509v3/pcy_tree.c                 1.2.2.1.6.1\n  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.26.1\n  src/crypto/openssl/crypto/buffer/buffer.c                      1.2.14.1\n  src/crypto/openssl/ssl/ssl_err.c                            1.2.2.1.6.1\n  src/crypto/openssl/ssl/s3_srvr.c                            1.3.2.4.2.1\n  src/crypto/openssl/ssl/ssl.h                                1.2.2.1.6.1\n  src/crypto/openssl/ssl/s3_enc.c                             1.2.2.1.4.1\n  src/crypto/openssl/ssl/ssl3.h                               1.2.2.1.6.1\nRELENG_8_2\n  src/UPDATING                                             1.632.2.19.2.9\n  src/sys/conf/newvers.sh                                  1.83.2.12.2.12\n  src/crypto/openssl/crypto/pkcs7/pk7_doit.c            1.1.1.13.10.1.2.1\n  src/crypto/openssl/crypto/mem.c                                 1.2.8.1\n  src/crypto/openssl/crypto/x509v3/pcy_map.c                      1.2.8.1\n  src/crypto/openssl/crypto/x509v3/pcy_tree.c                 1.2.2.1.4.1\n  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.18.1\n  src/crypto/openssl/crypto/buffer/buffer.c                       1.2.8.1\n  src/crypto/openssl/ssl/ssl_err.c                            1.2.2.1.4.1\n  src/crypto/openssl/ssl/s3_srvr.c                            1.3.2.3.2.1\n  src/crypto/openssl/ssl/ssl.h                                1.2.2.1.4.1\n  src/crypto/openssl/ssl/s3_enc.c                             1.2.2.1.2.1\n  src/crypto/openssl/ssl/ssl3.h                               1.2.2.1.4.1\nRELENG_8_1\n  src/UPDATING                                            1.632.2.14.2.12\n  src/sys/conf/newvers.sh                                  1.83.2.10.2.13\n  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                1.1.1.13.16.1\n  src/crypto/openssl/crypto/mem.c                                 1.2.6.1\n  src/crypto/openssl/crypto/x509v3/pcy_map.c                      1.2.6.1\n  src/crypto/openssl/crypto/x509v3/pcy_tree.c                 1.2.2.1.2.1\n  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.16.1\n  src/crypto/openssl/crypto/buffer/buffer.c                       1.2.6.1\n  src/crypto/openssl/ssl/ssl_err.c                            1.2.2.1.2.1\n  src/crypto/openssl/ssl/s3_srvr.c                            1.3.2.2.2.1\n  src/crypto/openssl/ssl/ssl.h                                1.2.2.1.2.1\n  src/crypto/openssl/ssl/s3_enc.c                                 1.2.6.1\n  src/crypto/openssl/ssl/ssl3.h                               1.2.2.1.2.1\nRELENG_9\n  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                      1.2.2.1\n  src/crypto/openssl/crypto/mem.c                                1.2.10.1\n  src/crypto/openssl/crypto/x509v3/pcy_map.c                     1.2.10.1\n  src/crypto/openssl/crypto/x509v3/pcy_tree.c                     1.3.2.1\n  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.22.1\n  src/crypto/openssl/crypto/buffer/buffer.c                      1.2.10.1\n  src/crypto/openssl/ssl/ssl_err.c                                1.3.2.1\n  src/crypto/openssl/ssl/s3_srvr.c                                1.7.2.1\n  src/crypto/openssl/ssl/ssl.h                                    1.3.2.1\n  src/crypto/openssl/ssl/s3_enc.c                                 1.3.2.1\n  src/crypto/openssl/ssl/ssl3.h                                   1.3.2.1\nRELENG_9_0\n  src/UPDATING                                              1.702.2.4.2.3\n  src/sys/conf/newvers.sh                                    1.95.2.4.2.5\n  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                      1.2.4.1\n  src/crypto/openssl/crypto/mem.c                                1.2.12.1\n  src/crypto/openssl/crypto/x509v3/pcy_map.c                     1.2.12.1\n  src/crypto/openssl/crypto/x509v3/pcy_tree.c                     1.3.4.1\n  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.24.1\n  src/crypto/openssl/crypto/buffer/buffer.c                      1.2.12.1\n  src/crypto/openssl/ssl/ssl_err.c                                1.3.4.1\n  src/crypto/openssl/ssl/s3_srvr.c                                1.7.4.1\n  src/crypto/openssl/ssl/ssl.h                                    1.3.4.1\n  src/crypto/openssl/ssl/s3_enc.c                                 1.3.4.1\n  src/crypto/openssl/ssl/ssl3.h                                   1.3.4.1\n- - -------------------------------------------------------------------------\n\nSubversion:\n\nBranch/path                                                      Revision\n- - -------------------------------------------------------------------------\nstable/7/                                                         r234954\nreleng/7.4/                                                       r234954\nstable/8/                                                         r234954\nreleng/8.3/                                                       r234954\nreleng/8.2/                                                       r234954\nreleng/8.1/                                                       r234954\nstable/9/                                                         r234954\nreleng/9.0/                                                       r234954\n- - -------------------------------------------------------------------------\n\nVII. Content-Disposition: inline\n\n==========================================================================Ubuntu Security Notice USN-1357-1\nFebruary 09, 2012\n\nopenssl vulnerabilities\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nMultiple vulnerabilities exist in OpenSSL that could expose\nsensitive information or cause applications to crash. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) binary and related cryptographic tools\n\nDetails:\n\nIt was discovered that the elliptic curve cryptography (ECC) subsystem\nin OpenSSL, when using the Elliptic Curve Digital Signature Algorithm\n(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement\ncurves over binary fields. This could allow an attacker to determine\nprivate keys via a timing attack. This issue only affected Ubuntu 8.04\nLTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\nAdam Langley discovered that the ephemeral Elliptic Curve\nDiffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread\nsafety while processing handshake messages from clients. This issue only\naffected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu\n11.04. This could allow a remote\nattacker to recover plaintext. (CVE-2011-4108)\n\nAntonio Martin discovered that a flaw existed in the fix to address\nCVE-2011-4108, the DTLS MAC check failure. This\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. (CVE-2011-4109)\n\nIt was discovered that OpenSSL, in certain circumstances involving\nECDH or ECDHE cipher suites, used an incorrect modular reduction\nalgorithm in its implementation of the P-256 and P-384 NIST elliptic\ncurves. This issue only\naffected Ubuntu 8.04 LTS. (CVE-2011-4576)\n\nAndrew Chi discovered that OpenSSL, when RFC 3779 support is enabled,\ncould trigger an assert when handling an X.509 certificate containing\ncertificate-extension data associated with IP address blocks or\nAutonomous System (AS) identifiers. (CVE-2011-4619)\n\nAndrey Kulikov discovered that the GOST block cipher engine in OpenSSL\ndid not properly handle invalid parameters. This could allow a remote\nattacker to cause a denial of service via crafted data from a TLS\nclient. This issue only affected Ubuntu 11.10. (CVE-2012-0027)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n  libssl1.0.0                     1.0.0e-2ubuntu4.2\n  openssl                         1.0.0e-2ubuntu4.2\n\nUbuntu 11.04:\n  libssl0.9.8                     0.9.8o-5ubuntu1.2\n  openssl                         0.9.8o-5ubuntu1.2\n\nUbuntu 10.10:\n  libssl0.9.8                     0.9.8o-1ubuntu4.6\n  openssl                         0.9.8o-1ubuntu4.6\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.8\n  openssl                         0.9.8k-7ubuntu8.8\n\nUbuntu 8.04 LTS:\n  libssl0.9.8                     0.9.8g-4ubuntu3.15\n  openssl                         0.9.8g-4ubuntu3.15\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\n\n3. \n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted. Bugs fixed (http://bugzilla.redhat.com/):\n\n771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack\n771771 - CVE-2011-4109 openssl: double-free in policy checks\n771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding\n771780 - CVE-2011-4619 openssl: SGC restart DoS attack\n\n6. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-20.el5_7.1.src.rpm\n\ni386:\nopenssl-0.9.8e-20.el5_7.1.i386.rpm\nopenssl-0.9.8e-20.el5_7.1.i686.rpm\nopenssl-debuginfo-0.9.8e-20.el5_7.1.i386.rpm\nopenssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm\nopenssl-perl-0.9.8e-20.el5_7.1.i386.rpm\n\nx86_64:\nopenssl-0.9.8e-20.el5_7.1.i686.rpm\nopenssl-0.9.8e-20.el5_7.1.x86_64.rpm\nopenssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm\nopenssl-debuginfo-0.9.8e-20.el5_7.1.x86_64.rpm\nopenssl-perl-0.9.8e-20.el5_7.1.x86_64.rpm\n\nRHEL Desktop Workstation (v.  The verification\n of md5 checksums and GPG signatures is performed automatically for you.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFPFFiBmqjQ0CJFipgRAkIUAJ9foScZELNgGkHUEaaSx9sgdWNMFwCgnsst\neph27yO3eEECVX28+SNUKyw=\n=wTFq\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2012-01-19\nLast Updated: 2012-01-19\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized access\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08s. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2011-3210    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2011-4108    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2011-4109    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       9.3\nCVE-2011-4576    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\nCVE-2011-4577    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2011-4619    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided upgrades to resolve this vulnerability. \nThe upgrades are available from the following location\nftp://ossl098s:Secure12@ftp.usa.hp.com\n\nHP-UX Release / Depot Name\n\nB.11.11 PA (32 and 64) / OpenSSL_A.00.09.08s.001_HP-UX_B.11.11_32+64.depot\n\nB.11.23 (PA and IA) / OpenSSL_A.00.09.08s.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (PA and IA) / OpenSSL_A.00.09.08s.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08s or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 19 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel.  For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4109"
      },
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4109"
      },
      {
        "db": "PACKETSTORM",
        "id": "116824"
      },
      {
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "db": "PACKETSTORM",
        "id": "112452"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "109055"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "PACKETSTORM",
        "id": "109073"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#737740",
        "trust": 2.2
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4109",
        "trust": 2.2
      },
      {
        "db": "SECUNIA",
        "id": "48528",
        "trust": 1.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10659",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "51281",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4109",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116824",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116826",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "110012",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "112452",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109614",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109055",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "108735",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109073",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4109"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "PACKETSTORM",
        "id": "116824"
      },
      {
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "db": "PACKETSTORM",
        "id": "112452"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "109055"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "PACKETSTORM",
        "id": "109073"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4109"
      }
    ]
  },
  "id": "VAR-201201-0170",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44401007833333334
  },
  "last_update_date": "2024-07-23T21:46:58.960000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2017/07/29/us_voting_machines_hacking/"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120060 - security advisory"
      },
      {
        "title": "Debian CVElist Bug Report Logs: CVE-2011-4354: OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ea25fd33228ddfe870d0eb9177265369"
      },
      {
        "title": "Debian CVElist Bug Report Logs: Potential DTLS crasher bug",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=42b9da1ce27bbcacbdb9142890b6ad6b"
      },
      {
        "title": "Debian Security Advisories: DSA-2390-1 openssl -- several vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e583d2cd94d02b09eb008edba3c25e28"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1357-1"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/hrbrmstr/internetdb "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2011-4109"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4109"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://www.openssl.org/news/secadv_20120104.txt"
      },
      {
        "trust": 1.5,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-1307.html"
      },
      {
        "trust": 1.5,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-1308.html"
      },
      {
        "trust": 1.5,
        "url": "http://www.kb.cert.org/vuls/id/737740"
      },
      {
        "trust": 1.4,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
      },
      {
        "trust": 1.4,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-1306.html"
      },
      {
        "trust": 1.4,
        "url": "http://support.apple.com/kb/ht5784"
      },
      {
        "trust": 1.1,
        "url": "http://w3.efi.com/fiery"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:006"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:007"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/48528"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2012/dsa-2390"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2013/jun/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72129"
      },
      {
        "trust": 0.8,
        "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64"
      },
      {
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4109"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4109.html"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4576.html"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4619.html"
      },
      {
        "trust": 0.4,
        "url": "http://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "http://www.attachmate.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg400001530"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg400001529"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us"
      },
      {
        "trust": 0.3,
        "url": "https://www14.software.ibm.com/webapp/iwm/web/prelogin.do?source=aixbp"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100157565"
      },
      {
        "trust": 0.3,
        "url": "http://blog.pfsense.org/?p=676"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21637929"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/1708.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2502.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631429"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626257"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651196"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100156631"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100156392"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100157969"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100161892"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100161590"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643698"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041"
      },
      {
        "trust": 0.3,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03383940"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638022"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/support/docview.wss?uid=swg21619837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631322"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001560"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24030251"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033501"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004323"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643442"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651176"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21627934"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21633107"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635888"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638669"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638670"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643439"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643437"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15314.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15388.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15389.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15395.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15460.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15461.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643316"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100158312"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100150578"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100156392"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0884"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4108.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2333"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-2333.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-2110.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-0884.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-1165.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/kb/docs/doc-11259"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4576"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4109"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4619"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3210"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2012:0060"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/1357-1/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=5.1.2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.0.0"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-0168.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-0029.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0029"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-0207.html"
      },
      {
        "trust": 0.1,
        "url": "https://docs.redhat.com/docs/en-us/red_hat_enterprise_virtualization_for_servers/2.2/html/technical_notes/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0207"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-12:01/openssl.patch"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2110"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-12:01.openssl.asc"
      },
      {
        "trust": 0.1,
        "url": "http://lists.openwall.net/full-disclosure/2012/04/19/4"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/news/secadv_20120419.txt"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-12:01/openssl.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://www.freebsd.org/handbook/makeworld.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0884"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/news/secadv_20120312.txt"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8g-4ubuntu3.15"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-1357-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1945"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8o-1ubuntu4.6"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4354"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8o-5ubuntu1.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.8"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.0e-2ubuntu4.2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0050"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-0060.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0027"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4108"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4109"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "PACKETSTORM",
        "id": "116824"
      },
      {
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "db": "PACKETSTORM",
        "id": "112452"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "109055"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "PACKETSTORM",
        "id": "109073"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4109"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4109"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "PACKETSTORM",
        "id": "116824"
      },
      {
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "db": "PACKETSTORM",
        "id": "112452"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "109055"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "PACKETSTORM",
        "id": "109073"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4109"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-03-18T00:00:00",
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "date": "2012-01-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-4109"
      },
      {
        "date": "2012-01-05T00:00:00",
        "db": "BID",
        "id": "51281"
      },
      {
        "date": "2012-09-25T00:15:05",
        "db": "PACKETSTORM",
        "id": "116824"
      },
      {
        "date": "2012-09-25T00:15:41",
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "date": "2012-02-21T15:34:06",
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "date": "2012-05-03T23:13:24",
        "db": "PACKETSTORM",
        "id": "112452"
      },
      {
        "date": "2012-02-10T07:44:13",
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "date": "2012-01-24T23:59:19",
        "db": "PACKETSTORM",
        "id": "109055"
      },
      {
        "date": "2012-01-17T01:20:23",
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "date": "2012-01-25T16:35:29",
        "db": "PACKETSTORM",
        "id": "109073"
      },
      {
        "date": "2012-01-06T01:55:00.830000",
        "db": "NVD",
        "id": "CVE-2011-4109"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-05-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-4109"
      },
      {
        "date": "2015-04-13T21:31:00",
        "db": "BID",
        "id": "51281"
      },
      {
        "date": "2017-08-29T01:30:27.507000",
        "db": "NVD",
        "id": "CVE-2011-4109"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "51281"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "51281"
      }
    ],
    "trust": 0.3
  }
}

var-200208-0244
Vulnerability from variot

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. The DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10 contains buffer overflows in code that handles responses for network name and address requests. Other resolver libraries derived from BIND 4 such as BSD libc, GNU glibc, and those used by System V UNIX systems may also be affected. An attacker could execute arbitrary code with the privileges of the application that made the request or cause a denial of service. This vulnerability is resolved in BIND versions 4.9.11, 8.2.7, 8.3.4, and BIND 9. Based on recent reports, we believe this vulnerability is being actively exploited. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the server. OpenSSL Is OpenSSL On the server SSL version 2.0 ( Less than, SSLv2) The buffer overflow vulnerability is caused by handshake processing. The issue occurs in the handling of the client key value during the negotiation of the SSLv2 protocol. ***UPDATE: A worm that likely exploits this vulnerability has been discovered propagating in the wild. Additionally, this code includes peer-to-peer and distributed denial-of-service capabilities. There have been numerous reports of intrusions in Europe. It is not yet confirmed whether this vulnerability is in OpenSSL, mod_ssl, or another component. Administrators are advised to upgrade to the most recent versions or to disable Apache, if possible, until more information is available. OpenSSL is prone to a buffer-overflow vulnerability involving overly long SSLv3 session IDs. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc.

-----BEGIN PGP SIGNED MESSAGE-----

CERT Summary CS-2002-04

November 26, 2002

Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT Summary to draw attention to the types of attacks reported to our incident response team, as well as other noteworthy incident and vulnerability information. The summary includes pointers to sources of information for dealing with the problems.

Past CERT summaries are available from:

      CERT Summaries
      http://www.cert.org/summaries/

Recent Activity

Since the last regularly scheduled CERT summary, issued in August 2002 (CS-2002-03), we have seen trojan horses for three popular distributions, new self-propagating malicious code (Apache/mod_ssl), and multiple vulnerabilities in BIND. In addition, we have issued a new PGP Key.

For more current information on activity being reported to the CERT/CC, please visit the CERT/CC Current Activity page. The Current Activity page is a regularly updated summary of the most frequent, high-impact types of security incidents and vulnerabilities being reported to the CERT/CC. The information on the Current Activity page is reviewed and updated as reporting trends change. 

      CERT/CC Current Activity
      http://www.cert.org/current/current_activity.html


1. Reports received by the CERT/CC indicate
   that  the  Apache/mod_ssl  worm  has already infected thousands of
   systems.  Over  a  month  earlier,  the CERT/CC issued an advisory
   (CA-2002-23) describing four remotely exploitable buffer overflows
   in OpenSSL. Trojan Horse Sendmail Distribution

   The  CERT/CC  has  received  confirmation  that some copies of the
   source  code  for  the  Sendmail  package have been modified by an
   intruder  to  contain a Trojan horse. These copies began to appear
   in  downloads  from  the  FTP server ftp.sendmail.org on or around
   September  28,  2002.  On  October  8, 2002, the CERT/CC issued an
   advisory   (CA-2002-28)   describing  various  methods  to  verify
   software authenticity.

    CERT Advisory CA-2002-28
    Trojan Horse Sendmail Distribution
    http://www.cert.org/advisories/CA-2002-28.html


3. Trojan Horse tcpdump and libpcap Distributions

   The  CERT/CC  has  received reports that some copies of the source
   code  for  libpcap,  a  packet acquisition library, and tcpdump, a
   network  sniffer,  have been modified by an intruder and contain a
   Trojan  horse.  These  modified  distributions  began to appear in
   downloads  from  the  HTTP server www.tcpdump.org on or around Nov
   11,  2002. The CERT/CC issued an advisory (CA-2002-30) listing MD5
   checksums and official distribution sites for libpcap and tcpdump.

    CERT Advisory CA-2002-30
    Trojan Horse tcpdump and libpcap Distributions
    http://www.cert.org/advisories/CA-2002-30.html


4. Multiple Vulnerabilities in BIND

   The  CERT/CC  has documented multiple vulnerabilities in BIND, the
   popular  domain  name  server  and client library software package
   from  the  Internet  Software  Consortium  (ISC).  Several  vulnerabilities  are  referenced in the advisory;
   they are listed here individually.

    CERT Advisory CA-2002-31
    Multiple Vulnerabilities in BIND
    http://www.cert.org/advisories/CA-2002-31.html

    Vulnerability Note #852283
    Cached malformed SIG record buffer overflow
    http://www.kb.cert.org/vuls/id/852283

    Vulnerability Note #229595
    Overly large OPT record assertion
    http://www.kb.cert.org/vuls/id/229595

    Vulnerability Note #581682
    ISC Bind 8 fails to properly dereference cache SIG RR 
    elements invalid expiry times from the internal database
    http://www.kb.cert.org/vuls/id/581682

    Vulnerability Note #844360
    Domain Name System (DNS) stub resolver libraries  
    vulnerable to buffer overflows via network name or 
    address lookups
    http://www.kb.cert.org/vuls/id/844360

5. Heap  Overflow  Vulnerability  in Microsoft Data Access Components
   (MDAC)

   On  November  21, 2002 the CERT/CC issued an advisory (CA-2002-33)
   describing  a  vulnerability  in  MDAC,  a collection of Microsoft
   utilities and routines that process requests between databases and
   network applications.

       CERT Advisory CA-2002-33
       Heap Overflow Vulnerability in Microsoft Data Access 
       Components (MDAC)
       http://www.cert.org/advisories/CA-2002-33.html

New CERT/CC PGP Key

On September 19, the CERT/CC issued a new PGP key, which should be used when sending sensitive information to the CERT/CC. 

      CERT/CC PGP Public Key
      https://www.cert.org/pgp/cert_pgp_key.asc
      Sending Sensitive Information To The CERT/CC

      http://www.cert.org/contact_cert/encryptmail.html

What's New and Updated

Since the last CERT Summary, we have published new and updated * Advisories http://www.cert.org/advisories/ * Congressional Testimony http://www.cert.org/congressional_testimony/ * CERT/CC Statistics http://www.cert.org/stats/cert_stats.html * Home User Security http://www.cert.org/homeusers/HomeComputerSecurity * Tech Tips http://www.cert.org/tech_tips/ * Training Schedule http:/www.cert.org/training/

This document is available from: http://www.cert.org/summaries/CS-2002-04.html

CERT/CC Contact Information

Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.

CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends. 

Using encryption

We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key

If you prefer to use DES, please call the CERT hotline for more information. 

Getting security information

CERT publications and other security information are available from our web site http://www.cert.org/

To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message

subscribe cert-advisory

  • "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.

NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________

Conditions for use, disclaimers, and sponsorship information

Copyright \xa92002 Carnegie Mellon University.

-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8

iQCVAwUBPePMQWjtSoHZUTs5AQGdxwP9HK4mSF15bMQ9MZ4mMFcLIhvdXykANg8A 6nEIAyB8CJpbuWdP7sPh3qAwaZ9BhRFEGeLakONOpoo7bmjkwAWrJHxF3b1CrgHS ZuKQsgEhnm9wpPdU6w6SG1cJBkwz70b8d7YK0vcVuKhmaW0JOx9OLGKsAe3SFePD OiZbNHX+eb8= =Mnbn -----END PGP SIGNATURE----- . OpenSSL Security Advisory [30 July 2002]

This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory.

Advisory 1

A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are conducting a security review of OpenSSL, under the DARPA program CHATS.

  1. The client master key in SSL2 could be oversized and overrun a buffer. Exploit code is NOT available at this time.

  3. This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled.

  4. Various buffers for ASCII representations of integers were too small on 64 bit platforms.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue 3, and CAN-2002-0655 to issue 4.

In addition various potential buffer overflows not known to be exploitable have had assertions added to defend against them.

Who is affected?

Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable.

SSLeay is probably also affected.

Recommendations

Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL to provide SSL or TLS.

A patch for 0.9.7 is available from the OpenSSL website (https://www.openssl.org/).

Servers can disable SSL2, alternatively disable all applications using SSL or TLS until the patches are applied. Users of 0.9.7 pre-release versions with Kerberos enabled will also have to disable Kerberos.

Client should be disabled altogether until the patches are applied.

Known Exploits

There are no know exploits available for these vulnerabilities. As noted above, Neohapsis have demonstrated internally that an exploit is possible, but have not released the exploit code.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657

Acknowledgements

The project leading to this advisory is sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.

The patch and advisory were prepared by Ben Laurie.

Advisory 2

Vulnerabilities

The ASN1 parser can be confused by supplying it with certain invalid encodings.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0659 to this issue.

Who is affected?

Any OpenSSL program which uses the ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.

Recommendations

Apply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL.

Users of 0.9.7 pre-release versions should apply the patch or upgrade to 0.9.7-beta3 or later. Recompile all applications using OpenSSL.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659

Acknowledgements

This vulnerability was discovered by Adi Stav stav@mercury.co.il and James Yonan jim@ntlp.com independently. The patch is partly based on a version by Adi Stav.

The patch and advisory were prepared by Dr. Stephen Henson.

Combined patches for OpenSSL 0.9.6d: https://www.openssl.org/news/patch_20020730_0_9_6d.txt

Combined patches for OpenSSL 0.9.7 beta 2: https://www.openssl.org/news/patch_20020730_0_9_7.txt

URL for this Security Advisory: https://www.openssl.org/news/secadv_20020730.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200208-0244",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 4.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 4.0,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 4.0,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "debian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "mandrakesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "trustix",
        "version": null
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "apple",
        "version": "10.0.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "apple",
        "version": "10.0.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "apple",
        "version": "10.0.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "apple",
        "version": "10.1.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "apple",
        "version": "10.1.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "apple",
        "version": "10.1.5"
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "guardian digital",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openldap",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "secure computing",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "isc",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "*"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "1.0.2.1s"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "corporate time outlook connector",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "3.1"
      },
      {
        "model": "corporate time outlook connector",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "3.1.1"
      },
      {
        "model": "corporate time outlook connector",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "3.1.2"
      },
      {
        "model": "corporate time outlook connector",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "3.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "apple",
        "version": "10.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "alcatel",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnu glibc",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "metasolv",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sgi",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "the sco group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "xerox",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "conectiva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "engarde",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "the openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "covalent",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "application server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.2.0.0"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9ias"
      },
      {
        "model": "database",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.1.7.1"
      },
      {
        "model": "database",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "cobalt raq3",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raq4",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raqxtr",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.00"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.20"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.22"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1.1"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.0.4"
      },
      {
        "model": "internet express eak",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "gentoo",
        "version": "1.2"
      },
      {
        "model": "linux affinity toolkit",
        "scope": null,
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "oracle9i application server .1s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "linux rc3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "gentoo",
        "version": "1.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "gentoo",
        "version": "0.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "openssl for openvms alpha",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "project openssl beta3",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux rc1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "gentoo",
        "version": "1.4"
      },
      {
        "model": "webproxy",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "hp",
        "version": "5.9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1"
      },
      {
        "model": "corporatetime outlook connector",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "3.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1.3"
      },
      {
        "model": "enterprise ready server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "covalent",
        "version": "2.2"
      },
      {
        "model": "netmail b",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "enterprise ready server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "covalent",
        "version": "2.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1.5"
      },
      {
        "model": "netmail e",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "virtualvault",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "4.6"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "5.8.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "netmail a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "project openssl g",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "hp",
        "version": "5.8.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.0.1"
      },
      {
        "model": "corporatetime outlook connector",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "3.1.2"
      },
      {
        "model": "corporatetime outlook connector",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "3.1.1"
      },
      {
        "model": "webproxy",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "netmail c",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "project openssl e",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "corporatetime outlook connector",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1.2"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "fast start server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "covalent",
        "version": "3.1"
      },
      {
        "model": "tru64 unix internet express",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "5.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.0.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.0.3"
      },
      {
        "model": "tcp/ip services for openvms",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "openssl for openvms alpha -a",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "oracle9i application server",
        "scope": null,
        "trust": 0.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "virtualvault",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "4.5"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "hp",
        "version": "5.9.2"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "netmail d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "linux a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "gentoo",
        "version": "1.1"
      },
      {
        "model": "secure os software for linux",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "linux rc2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "gentoo",
        "version": "1.4"
      },
      {
        "model": "mgetty-sendfax-1.1.14-8.i386.rpm",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "redhat",
        "version": "2.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "gentoo",
        "version": "0.5"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.19"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.35"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.1.1"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.39"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.32"
      },
      {
        "model": "-dev",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.7"
      },
      {
        "model": "bsafe ssl-j sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "3.0.1"
      },
      {
        "model": "-beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.32"
      },
      {
        "model": "bsafe ssl-c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "2.2"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.22"
      },
      {
        "model": "ssl-r6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sonicwall",
        "version": "4.0.18"
      },
      {
        "model": "bsafe ssl-c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "2.1"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.9"
      },
      {
        "model": "safeword premieraccess",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "securecomputing",
        "version": "3.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.4"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.1"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.16"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.6"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.13"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.0.5"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.20"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.26"
      },
      {
        "model": "bsafe ssl-c me",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rsa",
        "version": null
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.25"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.37"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.14"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.0.2"
      },
      {
        "model": "bsafe ssl-j sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "3.0"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.11"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.4"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.0"
      },
      {
        "model": "bsafe ssl-j sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "3.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.2"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.12"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.2"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.1"
      },
      {
        "model": "ssl-r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sonicwall",
        "version": "4.0.18"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.38"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.15"
      },
      {
        "model": "ssl-rx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sonicwall",
        "version": "4.0.18"
      },
      {
        "model": "mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.14"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.24"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.28"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.3"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.40"
      },
      {
        "model": "bsafe ssl-c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "2.3"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.23"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3"
      },
      {
        "model": "sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1.1"
      },
      {
        "model": "-beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.34"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.19"
      },
      {
        "model": "sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.18"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.2.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.28"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.3"
      },
      {
        "model": "secure content accelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.0.3"
      },
      {
        "model": "-beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.28"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.36"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.6"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.17"
      },
      {
        "model": "ssl-r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sonicwall",
        "version": "4.0.18"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.5"
      },
      {
        "model": "jetdirect rev. u.23.99",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "networks junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      },
      {
        "model": "security bsafe ssl-j sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "3.1"
      },
      {
        "model": "networks m-series router m5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "88000"
      },
      {
        "model": "omniaccess",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "2100"
      },
      {
        "model": "crypto accelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1000"
      },
      {
        "model": "networks m-series router m20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.4"
      },
      {
        "model": "security bsafe ssl-c me",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rsa",
        "version": null
      },
      {
        "model": "security bsafe ssl-c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "2.3"
      },
      {
        "model": "networks junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.6"
      },
      {
        "model": "networks m-series router m160",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks t-series router t320",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1.1"
      },
      {
        "model": "networks sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1"
      },
      {
        "model": "networks junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.2"
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "77000"
      },
      {
        "model": "rcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "77700"
      },
      {
        "model": "networks m-series router m10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "computing safeword premieraccess",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1"
      },
      {
        "model": "networks m-series router m40e",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security bsafe ssl-j sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "3.0.1"
      },
      {
        "model": "networks junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.3"
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "66000"
      },
      {
        "model": "networks t-series router t640",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security bsafe ssl-c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "2.2"
      },
      {
        "model": "security bsafe ssl-c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "2.1"
      },
      {
        "model": "networks junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "security bsafe ssl-j sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "3.0"
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "78000"
      },
      {
        "model": "jetdirect rev. l.23.99",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "jetdirect rev. u.22.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "jetdirect rev. l.22.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "networks junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.5"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#258555"
      },
      {
        "db": "CERT/CC",
        "id": "VU#844360"
      },
      {
        "db": "CERT/CC",
        "id": "VU#852283"
      },
      {
        "db": "CERT/CC",
        "id": "VU#581682"
      },
      {
        "db": "CERT/CC",
        "id": "VU#229595"
      },
      {
        "db": "CERT/CC",
        "id": "VU#102795"
      },
      {
        "db": "VULMON",
        "id": "CVE-2002-0656"
      },
      {
        "db": "BID",
        "id": "5363"
      },
      {
        "db": "BID",
        "id": "5362"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000172"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0656"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-027"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:9.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:9.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-0656"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A.L. Digital Ltd\nThe Bunker",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-027"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2002-0656",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2002-0656",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-5047",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2002-0656",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#258555",
            "trust": 0.8,
            "value": "3.19"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#844360",
            "trust": 0.8,
            "value": "8.91"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#852283",
            "trust": 0.8,
            "value": "30.38"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#581682",
            "trust": 0.8,
            "value": "27.54"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#229595",
            "trust": 0.8,
            "value": "33.05"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#102795",
            "trust": 0.8,
            "value": "17.63"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200208-027",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-5047",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2002-0656",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#258555"
      },
      {
        "db": "CERT/CC",
        "id": "VU#844360"
      },
      {
        "db": "CERT/CC",
        "id": "VU#852283"
      },
      {
        "db": "CERT/CC",
        "id": "VU#581682"
      },
      {
        "db": "CERT/CC",
        "id": "VU#229595"
      },
      {
        "db": "CERT/CC",
        "id": "VU#102795"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5047"
      },
      {
        "db": "VULMON",
        "id": "CVE-2002-0656"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000172"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0656"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-027"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. The DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10 contains buffer overflows in code that handles responses for network name and address requests.  Other resolver libraries derived from BIND 4 such as BSD libc, GNU glibc, and those used by System V UNIX systems may also be affected.  An attacker could execute arbitrary code with the privileges of the application that made the request or cause a denial of service. This vulnerability is resolved in BIND versions 4.9.11, 8.2.7, 8.3.4, and BIND 9. Based on recent reports, we believe this vulnerability is being actively exploited. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the server. OpenSSL Is OpenSSL On the server SSL version 2.0 ( Less than, SSLv2) The buffer overflow vulnerability is caused by handshake processing. \nThe issue occurs in the handling of the client key value during the negotiation of the SSLv2 protocol. \n***UPDATE: A worm that likely exploits this vulnerability has been discovered propagating in the wild. Additionally, this code includes peer-to-peer and distributed denial-of-service capabilities.  There have been numerous reports of intrusions in Europe.  It is not yet confirmed whether this vulnerability is in OpenSSL, mod_ssl, or another component.  Administrators are advised to upgrade to the most recent versions or to disable Apache, if possible, until more information is available. OpenSSL is prone to a buffer-overflow vulnerability involving overly long SSLv3 session IDs. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Summary CS-2002-04\n\n   November 26, 2002\n\n   Each  quarter, the CERT Coordination Center (CERT/CC) issues the CERT\n   Summary  to  draw  attention  to  the types of attacks reported to our\n   incident  response  team,  as  well  as  other noteworthy incident and\n   vulnerability information. The summary includes pointers to sources of\n   information for dealing with the problems. \n\n   Past CERT summaries are available from:\n\n          CERT Summaries\n          http://www.cert.org/summaries/\n   ______________________________________________________________________\n\nRecent Activity\n\n   Since the last regularly scheduled CERT summary, issued in August 2002\n   (CS-2002-03),   we   have   seen   trojan  horses  for  three  popular\n   distributions,  new  self-propagating malicious code (Apache/mod_ssl),\n   and  multiple  vulnerabilities  in BIND. In addition, we have issued a\n   new PGP Key. \n\n   For  more  current  information  on  activity  being  reported  to the\n   CERT/CC,  please  visit the CERT/CC Current Activity page. The Current\n   Activity  page  is  a  regularly updated summary of the most frequent,\n   high-impact  types  of  security  incidents  and vulnerabilities being\n   reported  to the CERT/CC. The information on the Current Activity page\n   is reviewed and updated as reporting trends change. \n\n          CERT/CC Current Activity\n          http://www.cert.org/current/current_activity.html\n\n\n    1. Reports received by the CERT/CC indicate\n       that  the  Apache/mod_ssl  worm  has already infected thousands of\n       systems.  Over  a  month  earlier,  the CERT/CC issued an advisory\n       (CA-2002-23) describing four remotely exploitable buffer overflows\n       in OpenSSL. Trojan Horse Sendmail Distribution\n\n       The  CERT/CC  has  received  confirmation  that some copies of the\n       source  code  for  the  Sendmail  package have been modified by an\n       intruder  to  contain a Trojan horse. These copies began to appear\n       in  downloads  from  the  FTP server ftp.sendmail.org on or around\n       September  28,  2002.  On  October  8, 2002, the CERT/CC issued an\n       advisory   (CA-2002-28)   describing  various  methods  to  verify\n       software authenticity. \n\n\t\tCERT Advisory CA-2002-28\n\t\tTrojan Horse Sendmail Distribution\n\t\thttp://www.cert.org/advisories/CA-2002-28.html\n\n\n    3. Trojan Horse tcpdump and libpcap Distributions\n\n       The  CERT/CC  has  received reports that some copies of the source\n       code  for  libpcap,  a  packet acquisition library, and tcpdump, a\n       network  sniffer,  have been modified by an intruder and contain a\n       Trojan  horse.  These  modified  distributions  began to appear in\n       downloads  from  the  HTTP server www.tcpdump.org on or around Nov\n       11,  2002. The CERT/CC issued an advisory (CA-2002-30) listing MD5\n       checksums and official distribution sites for libpcap and tcpdump. \n\n\t\tCERT Advisory CA-2002-30\n\t\tTrojan Horse tcpdump and libpcap Distributions\n\t\thttp://www.cert.org/advisories/CA-2002-30.html\n\n\n    4. Multiple Vulnerabilities in BIND\n\n       The  CERT/CC  has documented multiple vulnerabilities in BIND, the\n       popular  domain  name  server  and client library software package\n       from  the  Internet  Software  Consortium  (ISC).  Several  vulnerabilities  are  referenced in the advisory;\n       they are listed here individually. \n\n\t\tCERT Advisory CA-2002-31\n\t\tMultiple Vulnerabilities in BIND\n\t\thttp://www.cert.org/advisories/CA-2002-31.html\n\n\t\tVulnerability Note #852283\n\t\tCached malformed SIG record buffer overflow\n\t\thttp://www.kb.cert.org/vuls/id/852283\n\n\t\tVulnerability Note #229595\n\t\tOverly large OPT record assertion\n\t\thttp://www.kb.cert.org/vuls/id/229595\n\n\t\tVulnerability Note #581682\n\t\tISC Bind 8 fails to properly dereference cache SIG RR \n\t\telements invalid expiry times from the internal database\n\t\thttp://www.kb.cert.org/vuls/id/581682\n\n\t\tVulnerability Note #844360\n\t\tDomain Name System (DNS) stub resolver libraries  \n\t\tvulnerable to buffer overflows via network name or \n\t\taddress lookups\n\t\thttp://www.kb.cert.org/vuls/id/844360\n\n    5. Heap  Overflow  Vulnerability  in Microsoft Data Access Components\n       (MDAC)\n\n       On  November  21, 2002 the CERT/CC issued an advisory (CA-2002-33)\n       describing  a  vulnerability  in  MDAC,  a collection of Microsoft\n       utilities and routines that process requests between databases and\n       network applications. \n\n\t       CERT Advisory CA-2002-33\n\t       Heap Overflow Vulnerability in Microsoft Data Access \n\t       Components (MDAC)\n\t       http://www.cert.org/advisories/CA-2002-33.html\n   ______________________________________________________________________\n\nNew CERT/CC PGP Key\n\n   On  September  19,  the  CERT/CC issued a new PGP key, which should be\n   used when sending sensitive information to the CERT/CC. \n\n          CERT/CC PGP Public Key\n          https://www.cert.org/pgp/cert_pgp_key.asc\n          Sending Sensitive Information To The CERT/CC\n\n          http://www.cert.org/contact_cert/encryptmail.html\n   ______________________________________________________________________\n\nWhat\u0027s New and Updated\n\n   Since the last CERT Summary, we have published new and updated\n     * Advisories\n       http://www.cert.org/advisories/\n     * Congressional Testimony\n       http://www.cert.org/congressional_testimony/\n     * CERT/CC Statistics\n       http://www.cert.org/stats/cert_stats.html\n     * Home User Security\n       http://www.cert.org/homeusers/HomeComputerSecurity\n     * Tech Tips\n       http://www.cert.org/tech_tips/\n     * Training Schedule\n       http:/www.cert.org/training/\n   ______________________________________________________________________\n\n   This document is available from:\n   http://www.cert.org/summaries/CS-2002-04.html\n   ______________________________________________________________________\n\nCERT/CC Contact Information\n\n   Email: cert@cert.org\n          Phone: +1 412-268-7090 (24-hour hotline)\n          Fax: +1 412-268-6989\n          Postal address:\n          CERT Coordination Center\n          Software Engineering Institute\n          Carnegie Mellon University\n          Pittsburgh PA 15213-3890\n          U.S.A. \n\n   CERT/CC   personnel   answer  the  hotline  08:00-17:00  EST(GMT-5)  /\n   EDT(GMT-4)  Monday  through  Friday;  they are on call for emergencies\n   during other hours, on U.S. holidays, and on weekends. \n\n    Using encryption\n\n   We  strongly  urge you to encrypt sensitive information sent by email. \n   Our public PGP key is available from\n   http://www.cert.org/CERT_PGP.key\n\n   If  you  prefer  to  use  DES,  please  call the CERT hotline for more\n   information. \n\n    Getting security information\n\n   CERT  publications  and  other security information are available from\n   our web site\n   http://www.cert.org/\n\n   To  subscribe  to  the CERT mailing list for advisories and bulletins,\n   send  email  to majordomo@cert.org. Please include in the body of your\n   message\n\n   subscribe cert-advisory\n\n   *  \"CERT\"  and  \"CERT  Coordination Center\" are registered in the U.S. \n   Patent and Trademark Office. \n   ______________________________________________________________________\n\n   NO WARRANTY\n   Any  material furnished by Carnegie Mellon University and the Software\n   Engineering  Institute  is  furnished  on  an  \"as is\" basis. Carnegie\n   Mellon University makes no warranties of any kind, either expressed or\n   implied  as  to  any matter including, but not limited to, warranty of\n   fitness  for  a  particular purpose or merchantability, exclusivity or\n   results  obtained from use of the material. Carnegie Mellon University\n   does  not  make  any warranty of any kind with respect to freedom from\n   patent, trademark, or copyright infringement. \n     _________________________________________________________________\n\n   Conditions for use, disclaimers, and sponsorship information\n\n   Copyright \\xa92002 Carnegie Mellon University. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPePMQWjtSoHZUTs5AQGdxwP9HK4mSF15bMQ9MZ4mMFcLIhvdXykANg8A\n6nEIAyB8CJpbuWdP7sPh3qAwaZ9BhRFEGeLakONOpoo7bmjkwAWrJHxF3b1CrgHS\nZuKQsgEhnm9wpPdU6w6SG1cJBkwz70b8d7YK0vcVuKhmaW0JOx9OLGKsAe3SFePD\nOiZbNHX+eb8=\n=Mnbn\n-----END PGP SIGNATURE-----\n. OpenSSL Security Advisory [30 July 2002]\n\nThis advisory consists of two independent advisories, merged, and is\nan official OpenSSL advisory. \n\nAdvisory 1\n==========\n\nA.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are\nconducting a security review of OpenSSL, under the DARPA program\nCHATS. \n\n1. The client master key in SSL2 could be oversized and overrun a\n    buffer. Exploit code is\n    NOT available at this time. \n\n2. \n\n3. This issues only affects OpenSSL\n    0.9.7 before 0.9.7-beta3 with Kerberos enabled. \n\n4. Various buffers for ASCII representations of integers were too\n    small on 64 bit platforms. \n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue\n3, and CAN-2002-0655 to issue 4. \n\nIn addition various potential buffer overflows not known to be\nexploitable have had assertions added to defend against them. \n\nWho is affected?\n----------------\n\nEveryone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or\ncurrent development snapshots of 0.9.7 to provide SSL or TLS is\nvulnerable, whether client or server. 0.9.6d servers on 32-bit systems\nwith SSL 2.0 disabled are not vulnerable. \n\nSSLeay is probably also affected. \n\nRecommendations\n---------------\n\nApply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL\n0.9.6e. Recompile all applications using OpenSSL to provide SSL or\nTLS. \n\nA patch for 0.9.7 is available from the OpenSSL website\n(https://www.openssl.org/). \n\nServers can disable SSL2, alternatively disable all applications using\nSSL or TLS until the patches are applied. Users of 0.9.7 pre-release\nversions with Kerberos enabled will also have to disable Kerberos. \n\nClient should be disabled altogether until the patches are applied. \n\nKnown Exploits\n--------------\n\nThere are no know exploits available for these vulnerabilities. As\nnoted above, Neohapsis have demonstrated internally that an exploit is\npossible, but have not released the exploit code. \n\nReferences\n----------\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657\n\nAcknowledgements\n----------------\n\nThe project leading to this advisory is sponsored by the Defense\nAdvanced Research Projects Agency (DARPA) and Air Force Research\nLaboratory, Air Force Materiel Command, USAF, under agreement number\nF30602-01-2-0537. \n\nThe patch and advisory were prepared by Ben Laurie. \n\n\n\nAdvisory 2\n==========\n\nVulnerabilities\n---------------\n\nThe ASN1 parser can be confused by supplying it with certain invalid\nencodings. \n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0659 to this issue. \n\nWho is affected?\n----------------\n\nAny OpenSSL program which uses the ASN1 library to parse untrusted\ndata. This includes all SSL or TLS applications, those using S/MIME\n(PKCS#7) or certificate generation routines. \n\nRecommendations\n---------------\n\nApply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile\nall applications using OpenSSL. \n\nUsers of 0.9.7 pre-release versions should apply the patch or upgrade\nto 0.9.7-beta3 or later. Recompile all applications using OpenSSL. \n\nReferences\n----------\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659\n\nAcknowledgements\n----------------\n\nThis vulnerability was discovered by Adi Stav \u003cstav@mercury.co.il\u003e\nand James Yonan \u003cjim@ntlp.com\u003e independently. The patch is partly\nbased on a version by Adi Stav. \n\nThe patch and advisory were prepared by Dr. Stephen Henson. \n\n\n\n\nCombined patches for OpenSSL 0.9.6d:\nhttps://www.openssl.org/news/patch_20020730_0_9_6d.txt\n\nCombined patches for OpenSSL 0.9.7 beta 2:\nhttps://www.openssl.org/news/patch_20020730_0_9_7.txt\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20020730.txt\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-0656"
      },
      {
        "db": "CERT/CC",
        "id": "VU#258555"
      },
      {
        "db": "CERT/CC",
        "id": "VU#844360"
      },
      {
        "db": "CERT/CC",
        "id": "VU#852283"
      },
      {
        "db": "CERT/CC",
        "id": "VU#581682"
      },
      {
        "db": "CERT/CC",
        "id": "VU#229595"
      },
      {
        "db": "CERT/CC",
        "id": "VU#102795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000172"
      },
      {
        "db": "BID",
        "id": "5363"
      },
      {
        "db": "BID",
        "id": "5362"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5047"
      },
      {
        "db": "VULMON",
        "id": "CVE-2002-0656"
      },
      {
        "db": "PACKETSTORM",
        "id": "30532"
      },
      {
        "db": "PACKETSTORM",
        "id": "169647"
      }
    ],
    "trust": 6.84
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-5047",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=40347",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-5047"
      },
      {
        "db": "VULMON",
        "id": "CVE-2002-0656"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2002-0656",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "5362",
        "trust": 3.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#102795",
        "trust": 2.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#258555",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "5363",
        "trust": 1.5
      },
      {
        "db": "CERT/CC",
        "id": "VU#844360",
        "trust": 0.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#852283",
        "trust": 0.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#581682",
        "trust": 0.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#229595",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000172",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-027",
        "trust": 0.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "40347",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-75494",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-75495",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-5047",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2002-0656",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "30532",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169647",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#258555"
      },
      {
        "db": "CERT/CC",
        "id": "VU#844360"
      },
      {
        "db": "CERT/CC",
        "id": "VU#852283"
      },
      {
        "db": "CERT/CC",
        "id": "VU#581682"
      },
      {
        "db": "CERT/CC",
        "id": "VU#229595"
      },
      {
        "db": "CERT/CC",
        "id": "VU#102795"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5047"
      },
      {
        "db": "VULMON",
        "id": "CVE-2002-0656"
      },
      {
        "db": "BID",
        "id": "5363"
      },
      {
        "db": "BID",
        "id": "5362"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000172"
      },
      {
        "db": "PACKETSTORM",
        "id": "30532"
      },
      {
        "db": "PACKETSTORM",
        "id": "169647"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0656"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-027"
      }
    ]
  },
  "id": "VAR-200208-0244",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-5047"
      }
    ],
    "trust": 0.38947368000000004
  },
  "last_update_date": "2023-12-18T11:36:12Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBUX0209-217",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1041818851527+28353475\u0026amp;docid=hpsbux0209-217"
      },
      {
        "title": "HPSBUX0209-217",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0209-217.html"
      },
      {
        "title": "secadv_20020730",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20020730.txt"
      },
      {
        "title": "#37",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/htdocs/opensslalert.html"
      },
      {
        "title": "RHSA-2002:155",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2002-155.html"
      },
      {
        "title": "46424",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-46424-1"
      },
      {
        "title": "RHSA-2002:155",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2002-155j.html"
      },
      {
        "title": "Debian Security Advisories: DSA-136-1 openssl -- multiple remote exploits",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=8ab1654e85c2f0d32d45eef6fce839f1"
      },
      {
        "title": "LinuxFlaw",
        "trust": 0.1,
        "url": "https://github.com/mudongliang/linuxflaw "
      },
      {
        "title": "cve-",
        "trust": 0.1,
        "url": "https://github.com/oneoy/cve- "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2002-0656"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000172"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-0656"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://www.securityfocus.com/bid/5362"
      },
      {
        "trust": 2.4,
        "url": "http://www.isc.org/products/bind/bind-security.html"
      },
      {
        "trust": 2.2,
        "url": "http://www.kb.cert.org/vuls/id/102795"
      },
      {
        "trust": 2.1,
        "url": "http://www.cert.org/advisories/ca-2002-23.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.kb.cert.org/vuls/id/258555"
      },
      {
        "trust": 1.6,
        "url": "about vulnerability notes"
      },
      {
        "trust": 1.6,
        "url": "contact us about this vulnerability"
      },
      {
        "trust": 1.6,
        "url": "provide a vendor statement"
      },
      {
        "trust": 1.6,
        "url": "http://bvlive01.iss.net/issen/delivery/xforce/alertdetail.jsp?oid=21469"
      },
      {
        "trust": 1.6,
        "url": "http://www.ciac.org/ciac/bulletins/n-013.shtml"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/5363"
      },
      {
        "trust": 1.2,
        "url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.0.txt"
      },
      {
        "trust": 1.2,
        "url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.1.txt"
      },
      {
        "trust": 1.2,
        "url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-02:33.openssl.asc"
      },
      {
        "trust": 1.2,
        "url": "http://www.linux-mandrake.com/en/security/2002/mdksa-2002-046.php"
      },
      {
        "trust": 1.2,
        "url": "http://www.iss.net/security_center/static/9714.php"
      },
      {
        "trust": 1.2,
        "url": "http://www.iss.net/security_center/static/9716.php"
      },
      {
        "trust": 1.1,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513"
      },
      {
        "trust": 0.9,
        "url": "http://www.cert.org/advisories/ca-2002-27.html"
      },
      {
        "trust": 0.8,
        "url": "http://wp.netscape.com/eng/ssl3/draft302.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.isc.org/products/bind/patches/bind4910.diff"
      },
      {
        "trust": 0.8,
        "url": "http://www.ciac.org/ciac/bulletins/m-103.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0656"
      },
      {
        "trust": 0.8,
        "url": "http://www.ipa.go.jp/security/ciadr/20020731openssl.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr023001.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr023101.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr023201.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr023601.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnca-2002-27"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnca-2002-23"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0656"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/20030424_144742.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/20030416_114510.html"
      },
      {
        "trust": 0.6,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2965676.htm"
      },
      {
        "trust": 0.6,
        "url": "http://otn.oracle.com/deploy/security/htdocs/opensslalert.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.rsasecurity.com/products/bsafe/bulletins/bsafe_ssl_products_security_bulletin_aug_8_2002.pdf"
      },
      {
        "trust": 0.6,
        "url": "http://docs.info.apple.com/article.html?artnum=120139"
      },
      {
        "trust": 0.6,
        "url": "http://docs.info.apple.com/article.html?artnum=120141"
      },
      {
        "trust": 0.4,
        "url": "http://www.openssl.org/news/secadv_20020730.txt"
      },
      {
        "trust": 0.3,
        "url": "http://support.coresecurity.com/impact/exploits/b4bc2930d33dc6d98cf1c6c819f241e1.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.sonicwall.com/support/security_advisories/security_advisory-openssl.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.hp.com/cposupport/networking/support_doc/bpj05999.html#p26_2431"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/securitypatch"
      },
      {
        "trust": 0.1,
        "url": ""
      },
      {
        "trust": 0.1,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000513"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/http-openssl-malformed-client-key-bof"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/40347/"
      },
      {
        "trust": 0.1,
        "url": "https://www.tcpdump.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/summaries/cs-2002-04.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/homeusers/homecomputersecurity"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/852283"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/581682"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/summaries/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/844360"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/stats/cert_stats.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/congressional_testimony/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/advisories/ca-2002-31.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/current/current_activity.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/229595"
      },
      {
        "trust": 0.1,
        "url": "https://www.cert.org/training/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/contact_cert/encryptmail.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/cert_pgp.key"
      },
      {
        "trust": 0.1,
        "url": "https://www.cert.org/pgp/cert_pgp_key.asc"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/advisories/ca-2002-30.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/tech_tips/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/advisories/ca-2002-33.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/advisories/ca-2002-28.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.neohapsis.com/)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0656"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0657"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0657"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/patch_20020730_0_9_6d.txt"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0656"
      },
      {
        "trust": 0.1,
        "url": "http://www.thebunker.net/)"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/patch_20020730_0_9_7.txt"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/)."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0655"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0655"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0659"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#258555"
      },
      {
        "db": "CERT/CC",
        "id": "VU#844360"
      },
      {
        "db": "CERT/CC",
        "id": "VU#852283"
      },
      {
        "db": "CERT/CC",
        "id": "VU#581682"
      },
      {
        "db": "CERT/CC",
        "id": "VU#229595"
      },
      {
        "db": "CERT/CC",
        "id": "VU#102795"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5047"
      },
      {
        "db": "VULMON",
        "id": "CVE-2002-0656"
      },
      {
        "db": "BID",
        "id": "5363"
      },
      {
        "db": "BID",
        "id": "5362"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000172"
      },
      {
        "db": "PACKETSTORM",
        "id": "30532"
      },
      {
        "db": "PACKETSTORM",
        "id": "169647"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0656"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#258555"
      },
      {
        "db": "CERT/CC",
        "id": "VU#844360"
      },
      {
        "db": "CERT/CC",
        "id": "VU#852283"
      },
      {
        "db": "CERT/CC",
        "id": "VU#581682"
      },
      {
        "db": "CERT/CC",
        "id": "VU#229595"
      },
      {
        "db": "CERT/CC",
        "id": "VU#102795"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5047"
      },
      {
        "db": "VULMON",
        "id": "CVE-2002-0656"
      },
      {
        "db": "BID",
        "id": "5363"
      },
      {
        "db": "BID",
        "id": "5362"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000172"
      },
      {
        "db": "PACKETSTORM",
        "id": "30532"
      },
      {
        "db": "PACKETSTORM",
        "id": "169647"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0656"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-027"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2002-07-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#258555"
      },
      {
        "date": "2002-11-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#844360"
      },
      {
        "date": "2002-11-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#852283"
      },
      {
        "date": "2002-11-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#581682"
      },
      {
        "date": "2002-11-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#229595"
      },
      {
        "date": "2002-07-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#102795"
      },
      {
        "date": "2002-08-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-5047"
      },
      {
        "date": "2002-08-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2002-0656"
      },
      {
        "date": "2002-07-30T00:00:00",
        "db": "BID",
        "id": "5363"
      },
      {
        "date": "2002-07-30T00:00:00",
        "db": "BID",
        "id": "5362"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2002-000172"
      },
      {
        "date": "2002-11-30T11:13:52",
        "db": "PACKETSTORM",
        "id": "30532"
      },
      {
        "date": "2002-07-30T12:12:12",
        "db": "PACKETSTORM",
        "id": "169647"
      },
      {
        "date": "2002-08-12T04:00:00",
        "db": "NVD",
        "id": "CVE-2002-0656"
      },
      {
        "date": "2002-07-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200208-027"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2002-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#258555"
      },
      {
        "date": "2003-04-24T00:00:00",
        "db": "CERT/CC",
        "id": "VU#844360"
      },
      {
        "date": "2004-10-18T00:00:00",
        "db": "CERT/CC",
        "id": "VU#852283"
      },
      {
        "date": "2003-02-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#581682"
      },
      {
        "date": "2003-05-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#229595"
      },
      {
        "date": "2002-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#102795"
      },
      {
        "date": "2008-09-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-5047"
      },
      {
        "date": "2008-09-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2002-0656"
      },
      {
        "date": "2007-12-20T17:11:00",
        "db": "BID",
        "id": "5363"
      },
      {
        "date": "2007-11-15T00:40:00",
        "db": "BID",
        "id": "5362"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2002-000172"
      },
      {
        "date": "2008-09-10T19:12:40.070000",
        "db": "NVD",
        "id": "CVE-2002-0656"
      },
      {
        "date": "2006-09-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200208-027"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "5363"
      },
      {
        "db": "BID",
        "id": "5362"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL clients contain a buffer overflow during the SSL3 handshake process",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#258555"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "5363"
      },
      {
        "db": "BID",
        "id": "5362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-027"
      }
    ],
    "trust": 1.2
  }
}

var-201609-0349
Vulnerability from variot

The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. OpenSSL version 1.1.0 is vulnerable.

Gentoo Linux Security Advisory GLSA 201612-16

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2j >= 1.0.2j

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"

References

[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201612-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. OpenSSL Security Advisory [22 Sep 2016] ========================================

OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

Severity: High

A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.

Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.

OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

SSL_peek() hang on empty record (CVE-2016-6305)

Severity: Moderate

OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.

SWEET32 Mitigation (CVE-2016-2183)

Severity: Low

SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.

OOB write in MDC2_Update() (CVE-2016-6303)

Severity: Low

An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.

The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Malformed SHA512 ticket DoS (CVE-2016-6302)

Severity: Low

If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.

The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB write in BN_bn2dec() (CVE-2016-2182)

Severity: Low

The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB read in TS_OBJ_print_bio() (CVE-2016-2180)

Severity: Low

The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Pointer arithmetic undefined behaviour (CVE-2016-2177)

Severity: Low

Avoid some undefined pointer arithmetic

A common idiom in the codebase is to check limits in the following manner: "p + len > limit"

Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS message).

The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.

For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

Constant time flag not preserved in DSA signing (CVE-2016-2178)

Severity: Low

Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.

DTLS buffered message DoS (CVE-2016-2179)

Severity: Low

In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.

DTLS replay protection DoS (CVE-2016-2181)

Severity: Low

A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.

Certificate message OOB reads (CVE-2016-6306)

Severity: Low

In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.

The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)

Severity: Low

A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect DTLS users.

OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)

Severity: Low

This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.

A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect TLS users.

OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0349",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions  (linux edition )"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.4"
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0a"
      },
      {
        "model": "ix1000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v8.5"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "sg3600 all series"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "webex centers t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13150-13"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series blade switches 4.1 e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "stealthwatch management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.2"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router 1.2.1rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "nexus series switches standalone nx-os mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches standalone nx-os mode 7.0 i5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.9"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.8"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "telepresence sx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0.1"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8200"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "unified communications manager im \u0026 presence service (formerly c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.1.3"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0.7"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.11"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "partner support service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.8"
      },
      {
        "model": "webex meetings client on-premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6(1)"
      },
      {
        "model": "services provisioning platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "nac appliance clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "services provisioning platform sfp1.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.5"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "jabber for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.4"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.9"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3.8"
      },
      {
        "model": "stealthwatch identity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.2"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2(1)"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.1"
      },
      {
        "model": "unified workforce optimization quality management solution 11.5 su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "universal small cell iuh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber client framework components",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings client on-premises t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dcm series d9900 digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.19"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.4"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "prime network services controller 1.01u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9.15.9.8"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.10"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103204.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.5(3)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series blade switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-376.1"
      },
      {
        "model": "jabber for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence profile series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1.0.0"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.28"
      },
      {
        "model": "edge digital media player 1.6rb5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "telepresence isdn gateway mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "wireless lan controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.3"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "telepresence mx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.23"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "tandberg codian isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.9"
      },
      {
        "model": "digital media manager 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.2"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.7"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone 10.3.1sr4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "webex meetings server multimedia platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.5"
      },
      {
        "model": "series stackable managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "aironet series access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27000"
      },
      {
        "model": "onepk all-in-one virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13006.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7.1"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11006.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "telepresence sx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5"
      },
      {
        "model": "nac appliance clean access server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.0.1"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime optical for service providers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart care",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player 1.2rb1.0.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "340"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "network performance analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.19"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82.8"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.7"
      },
      {
        "model": "telepresence integrator c series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "content security management appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.140"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "jabber client framework components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "telepresence server and mse",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087104.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "ucs series and series fabric interconnects",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "620063000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "netflow generation appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(1)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.9"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.8.15.7.15"
      },
      {
        "model": "prime infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103200"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.1"
      },
      {
        "model": "content security appliance update servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "videoscape anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.7.2"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.9"
      },
      {
        "model": "universal small cell iuh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1.1"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.4"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-326.1"
      },
      {
        "model": "unity express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.8"
      },
      {
        "model": "small business series managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10006.1"
      },
      {
        "model": "telepresence isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "series smart plus switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2200"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "telepresence system series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30006.1"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.13"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.9"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.9"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "mds series multilayer switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-3.0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.1"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tealeaf customer experience on cloud network capture add-on",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "16.1.01"
      },
      {
        "model": "smart net total care local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.12"
      },
      {
        "model": "project openssl 1.1.0a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.8.9"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "prime performance manager sp1611",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "unified ip phone 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "telepresence server and mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087100"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.19"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270015.5(3)"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.11"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "digital media manager 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified workforce optimization quality management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "cloud object storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47100"
      },
      {
        "model": "oss support tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.15.17.3.14"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "prime infrastructure plug and play standalone gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.6"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.19"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4.1"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.8"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5(1.89)"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.003(002)"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8204.4"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.3"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "prime network",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "431"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.26"
      },
      {
        "model": "network analysis module 6.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system ex series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mxe series media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip series phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "tandberg codian mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2.0.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "unified meetingplace 8.6mr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.9"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "spa525g 5-line ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone for third-party call control 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.6"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.23"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client hosted t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1.30"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004991"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6305"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-594"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6305"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-594"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-6305",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6305",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6305",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6305",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201609-594",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-6305",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6305"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004991"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6305"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-594"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. \nOpenSSL version 1.1.0 is vulnerable. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 07, 2016\n     Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n           #592082, #594500, #595186\n       ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2j                  \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[  1 ] CVE-2016-2105\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[  2 ] CVE-2016-2106\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[  3 ] CVE-2016-2107\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[  4 ] CVE-2016-2108\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[  5 ] CVE-2016-2109\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[  6 ] CVE-2016-2176\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[  7 ] CVE-2016-2177\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[  8 ] CVE-2016-2178\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[  9 ] CVE-2016-2180\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n       http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2.  OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6305"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004991"
      },
      {
        "db": "BID",
        "id": "93149"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6305"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6305",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "93149",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1036879",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-21",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-20",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-16",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU98667810",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004991",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-594",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6305",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140056",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169633",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6305"
      },
      {
        "db": "BID",
        "id": "93149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004991"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6305"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-594"
      }
    ]
  },
  "id": "VAR-201609-0349",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.3797576935714285
  },
  "last_update_date": "2023-12-25T21:44:27.109000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160927-openssl",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "title": "OpenSSL 1.1.0 hangs (CPU pegged) when SSL_peek is used with TLSv1 #1563",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/issues/1563"
      },
      {
        "title": "1995039",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "title": "NV17-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html"
      },
      {
        "title": "OpenSSL 1.1.0 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.1.0-notes.html"
      },
      {
        "title": "Fix a hang with SSL_peek()",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=63658103d4441924f8dbfc517b99bb54758a98b9"
      },
      {
        "title": "SSL_peek() hang on empty record (CVE-2016-6305)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "SA132",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "title": "SA40312",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "title": "TNS-2016-16",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=64372"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/09/23/openssl_swats_a_dozen_bugs_one_notable_nasty/"
      },
      {
        "title": "Red Hat: CVE-2016-6305",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-6305"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16"
      },
      {
        "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20"
      },
      {
        "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "hackerone-publicy-disclosed",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      },
      {
        "title": "OpenSSL-CVE-lib",
        "trust": 0.1,
        "url": "https://github.com/chnzzh/openssl-cve-lib "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6305"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004991"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-594"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004991"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6305"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "trust": 1.8,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/93149"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201612-16"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/openssl/openssl/issues/1563"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1036879"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-21"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-20"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=63658103d4441924f8dbfc517b99bb54758a98b9"
      },
      {
        "trust": 0.9,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6305"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98667810/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6305"
      },
      {
        "trust": 0.8,
        "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=63658103d4441924f8dbfc517b99bb54758a98b9"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21994534"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994861"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000242"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "http://eprint.iacr.org/2016/594.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.1,
        "url": "https://sweet32.info)"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6305"
      },
      {
        "db": "BID",
        "id": "93149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004991"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6305"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-594"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6305"
      },
      {
        "db": "BID",
        "id": "93149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004991"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6305"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-594"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6305"
      },
      {
        "date": "2016-09-22T00:00:00",
        "db": "BID",
        "id": "93149"
      },
      {
        "date": "2016-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004991"
      },
      {
        "date": "2016-12-07T16:37:31",
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "date": "2016-09-22T12:12:12",
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "date": "2016-09-26T19:59:01.597000",
        "db": "NVD",
        "id": "CVE-2016-6305"
      },
      {
        "date": "2016-09-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-594"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6305"
      },
      {
        "date": "2017-05-02T01:06:00",
        "db": "BID",
        "id": "93149"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004991"
      },
      {
        "date": "2023-11-07T02:33:57.163000",
        "db": "NVD",
        "id": "CVE-2016-6305"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-594"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-594"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  record/rec_layer_s3.c of  ssl3_read_bytes Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004991"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-594"
      }
    ],
    "trust": 0.6
  }
}

var-200110-0275
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- .

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. (CVE-2006-4343)

Updated packages are patched to address these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20060928.txt . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

BACKGROUND

RESOLUTION

HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

PRODUCT SPECIFIC INFORMATION

The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0275",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.2.6-p1"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.3.2-p1"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. Henson  of the OpenSSL core team and Open Network Security is credited  with the discovery of this vulnerability. He created the test suite that uncovered this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-2937",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20060928.txt\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      }
    ],
    "trust": 5.67
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 3.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200110-0275",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-06-16T21:14:55.754000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "BIND 9: OpenSSL Vulnerabilities",
        "trust": 0.8,
        "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "title": "102759",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.6,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 1.2,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
      },
      {
        "trust": 0.1,
        "url": "http://h30097.www3.hp.com/cma/patches.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2007-04-19T00:58:08",
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2011-05-10T00:45:11",
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  }
}

var-201512-0484
Vulnerability from variot

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications.

OpenSSL's handling of X509_ATTRIBUTE has a security vulnerability. A remote attacker can use the vulnerability to send a message containing a special X509_ATTRIBUTE structure to trigger a memory leak. The attacker can obtain sensitive information. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The vulnerability is due to the error caused by the program not correctly handling the malformed X509_ATTRIBUTE data. The following versions are affected: OpenSSL prior to 0.9.8zh, 1.0.0 prior to 1.0.0t, 1.0.1 prior to 1.0.1q, 1.0.2 prior to 1.0.2e. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05398322 Version: 1

HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-02-21 Last Updated: 2017-02-21

Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE Network products including Comware 5, Comware 7, IMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.

References:

  • CVE-2015-1794 - Remote Denial of Service (DoS)
  • CVE-2015-3193 - Remote disclosure of sensitive information
  • CVE-2015-3194 - Remote Denial of Service (DoS)
  • CVE-2015-3195 - Remote disclosure of sensitive information
  • CVE-2015-3196 - Remote Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • HPE Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.
  • VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2015-1794
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3193
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2015-3194
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3195
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3196
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software updates to resolve the vulnerabilities in the Comware, IMC and VCX products running OpenSSL.

COMWARE 5 Products

  • A6600 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • HSR6602 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JC176A HP 6602 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • MSR20 (Comware 5) - Version: R2516
    • HP Network Products
    • JD432A HP A-MSR20-21 Router
    • JD662A HP MSR20-20 Router
    • JD663A HP A-MSR20-21 Router
    • JD663B HP MSR20-21 Router
    • JD664A HP MSR20-40 Router
    • JF228A HP MSR20-40 Router
    • JF283A HP MSR20-20 Router
  • MSR20-1X (Comware 5) - Version: R2516
    • HP Network Products
    • JD431A HP MSR20-10 Router
    • JD667A HP MSR20-15 IW Multi-Service Router
    • JD668A HP MSR20-13 Multi-Service Router
    • JD669A HP MSR20-13 W Multi-Service Router
    • JD670A HP MSR20-15 A Multi-Service Router
    • JD671A HP MSR20-15 AW Multi-Service Router
    • JD672A HP MSR20-15 I Multi-Service Router
    • JD673A HP MSR20-11 Multi-Service Router
    • JD674A HP MSR20-12 Multi-Service Router
    • JD675A HP MSR20-12 W Multi-Service Router
    • JD676A HP MSR20-12 T1 Multi-Service Router
    • JF236A HP MSR20-15-I Router
    • JF237A HP MSR20-15-A Router
    • JF238A HP MSR20-15-I-W Router
    • JF239A HP MSR20-11 Router
    • JF240A HP MSR20-13 Router
    • JF241A HP MSR20-12 Router
    • JF806A HP MSR20-12-T Router
    • JF807A HP MSR20-12-W Router
    • JF808A HP MSR20-13-W Router
    • JF809A HP MSR20-15-A-W Router
    • JF817A HP MSR20-15 Router
    • JG209A HP MSR20-12-T-W Router (NA)
    • JG210A HP MSR20-13-W Router (NA)
  • MSR 30 (Comware 5) - Version: R2516
    • HP Network Products
    • JD654A HP MSR30-60 POE Multi-Service Router
    • JD657A HP MSR30-40 Multi-Service Router
    • JD658A HP MSR30-60 Multi-Service Router
    • JD660A HP MSR30-20 POE Multi-Service Router
    • JD661A HP MSR30-40 POE Multi-Service Router
    • JD666A HP MSR30-20 Multi-Service Router
    • JF229A HP MSR30-40 Router
    • JF230A HP MSR30-60 Router
    • JF232A HP RTMSR3040-AC-OVSAS-H3
    • JF235A HP MSR30-20 DC Router
    • JF284A HP MSR30-20 Router
    • JF287A HP MSR30-40 DC Router
    • JF801A HP MSR30-60 DC Router
    • JF802A HP MSR30-20 PoE Router
    • JF803A HP MSR30-40 PoE Router
    • JF804A HP MSR30-60 PoE Router
    • JG728A HP MSR30-20 TAA-compliant DC Router
    • JG729A HP MSR30-20 TAA-compliant Router
  • MSR 30-16 (Comware 5) - Version: R2516
    • HP Network Products
    • JD659A HP MSR30-16 POE Multi-Service Router
    • JD665A HP MSR30-16 Multi-Service Router
    • JF233A HP MSR30-16 Router
    • JF234A HP MSR30-16 PoE Router
  • MSR 30-1X (Comware 5) - Version: R2516
    • HP Network Products
    • JF800A HP MSR30-11 Router
    • JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
    • JG182A HP MSR30-11E Router
    • JG183A HP MSR30-11F Router
    • JG184A HP MSR30-10 DC Router
  • MSR 50 (Comware 5) - Version: R2516
    • HP Network Products
    • JD433A HP MSR50-40 Router
    • JD653A HP MSR50 Processor Module
    • JD655A HP MSR50-40 Multi-Service Router
    • JD656A HP MSR50-60 Multi-Service Router
    • JF231A HP MSR50-60 Router
    • JF285A HP MSR50-40 DC Router
    • JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
  • MSR 50-G2 (Comware 5) - Version: R2516
    • HP Network Products
    • JD429A HP MSR50 G2 Processor Module
    • JD429B HP MSR50 G2 Processor Module
  • MSR 9XX (Comware 5) - Version: R2516
    • HP Network Products
    • JF812A HP MSR900 Router
    • JF813A HP MSR920 Router
    • JF814A HP MSR900-W Router
    • JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
    • JG207A HP MSR900-W Router (NA)
    • JG208A HP MSR920-W Router (NA)
  • MSR 93X (Comware 5) - Version: R2516
    • HP Network Products
    • JG511A HP MSR930 Router
    • JG511B HP MSR930 Router
    • JG512A HP MSR930 Wireless Router
    • JG513A HP MSR930 3G Router
    • JG513B HP MSR930 3G Router
    • JG514A HP MSR931 Router
    • JG514B HP MSR931 Router
    • JG515A HP MSR931 3G Router
    • JG516A HP MSR933 Router
    • JG517A HP MSR933 3G Router
    • JG518A HP MSR935 Router
    • JG518B HP MSR935 Router
    • JG519A HP MSR935 Wireless Router
    • JG520A HP MSR935 3G Router
    • JG531A HP MSR931 Dual 3G Router
    • JG531B HP MSR931 Dual 3G Router
    • JG596A HP MSR930 4G LTE/3G CDMA Router
    • JG597A HP MSR936 Wireless Router
    • JG665A HP MSR930 4G LTE/3G WCDMA Global Router
    • JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
    • JH009A HP MSR931 Serial (TI) Router
    • JH010A HP MSR933 G.SHDSL (TI) Router
    • JH011A HP MSR935 ADSL2+ (TI) Router
    • JH012A HP MSR930 Wireless 802.11n (NA) Router
    • JH012B HP MSR930 Wireless 802.11n (NA) Router
    • JH013A HP MSR935 Wireless 802.11n (NA) Router
  • MSR1000 (Comware 5) - Version: See Mitigation
    • HP Network Products
    • JG732A HP MSR1003-8 AC Router
  • 12500 (Comware 5) - Version: R1829P02
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JC808A HP 12500 TAA Main Processing Unit
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
  • 9500E (Comware 5) - Version: R1829P02
    • HP Network Products
    • JC124A HP A9508 Switch Chassis
    • JC124B HP 9505 Switch Chassis
    • JC125A HP A9512 Switch Chassis
    • JC125B HP 9512 Switch Chassis
    • JC474A HP A9508-V Switch Chassis
    • JC474B HP 9508-V Switch Chassis
  • 10500 (Comware 5) - Version: R1210P02
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC614A HP 10500 Main Processing Unit
    • JC748A HP 10512 Switch Chassis
    • JG375A HP 10500 TAA-compliant Main Processing Unit
    • JG820A HP 10504 TAA-compliant Switch Chassis
    • JG821A HP 10508 TAA-compliant Switch Chassis
    • JG822A HP 10508-V TAA-compliant Switch Chassis
    • JG823A HP 10512 TAA-compliant Switch Chassis
  • 7500 (Comware 5) - Version: R6710P02
    • HP Network Products
    • JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
    • JC697A HP 7502 TAA-compliant Main Processing Unit
    • JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
    • JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
    • JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
    • JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
    • JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD194A HP 7500 384Gbps Fabric Module
    • JD194B HP 7500 384Gbps Fabric Module
    • JD195A HP 7500 384Gbps Advanced Fabric Module
    • JD196A HP 7502 Fabric Module
    • JD220A HP 7500 768Gbps Fabric Module
    • JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
    • JD238A HP 7510 Switch Chassis
    • JD238B HP 7510 Switch Chassis
    • JD239A HP 7506 Switch Chassis
    • JD239B HP 7506 Switch Chassis
    • JD240A HP 7503 Switch Chassis
    • JD240B HP 7503 Switch Chassis
    • JD241A HP 7506-V Switch Chassis
    • JD241B HP 7506-V Switch Chassis
    • JD242A HP 7502 Switch Chassis
    • JD242B HP 7502 Switch Chassis
    • JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
    • JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
    • JE164A HP E7902 Switch Chassis
    • JE165A HP E7903 Switch Chassis
    • JE166A HP E7903 1 Fabric Slot Switch Chassis
    • JE167A HP E7906 Switch Chassis
    • JE168A HP E7906 Vertical Switch Chassis
    • JE169A HP E7910 Switch Chassis
  • 6125G/XG Blade Switch - Version: R2112P05
    • HP Network Products
    • 737220-B21 HP 6125G Blade Switch with TAA
    • 737226-B21 HP 6125G/XG Blade Switch with TAA
    • 658250-B21 HP 6125G/XG Blade Switch Opt Kit
    • 658247-B21 HP 6125G Blade Switch Opt Kit
  • 5830 (Comware 5) - Version: R1118P13
    • HP Network Products
    • JC691A HP 5830AF-48G Switch with 1 Interface Slot
    • JC694A HP 5830AF-96G Switch
    • JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
    • JG374A HP 5830AF-96G TAA-compliant Switch
  • 5800 (Comware 5) - Version: R1810P03
    • HP Network Products
    • JC099A HP 5800-24G-PoE Switch
    • JC099B HP 5800-24G-PoE+ Switch
    • JC100A HP 5800-24G Switch
    • JC100B HP 5800-24G Switch
    • JC101A HP 5800-48G Switch with 2 Slots
    • JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
    • JC103A HP 5800-24G-SFP Switch
    • JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
    • JC104A HP 5800-48G-PoE Switch
    • JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
    • JC105A HP 5800-48G Switch
    • JC105B HP 5800-48G Switch with 1 Interface Slot
    • JG254A HP 5800-24G-PoE+ TAA-compliant Switch
    • JG254B HP 5800-24G-PoE+ TAA-compliant Switch
    • JG255A HP 5800-24G TAA-compliant Switch
    • JG255B HP 5800-24G TAA-compliant Switch
    • JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG225A HP 5800AF-48G Switch
    • JG225B HP 5800AF-48G Switch
    • JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
    • JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
    • JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
    • JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
    • JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
    • JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
    • JG219A HP 5820AF-24XG Switch
    • JG219B HP 5820AF-24XG Switch
    • JC102A HP 5820-24XG-SFP+ Switch
    • JC102B HP 5820-24XG-SFP+ Switch
  • 5500 HI (Comware 5) - Version: R5501P21
    • HP Network Products
    • JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
    • JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
    • JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
    • JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
  • 5500 EI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD373A HP 5500-24G DC EI Switch
    • JD374A HP 5500-24G-SFP EI Switch
    • JD375A HP 5500-48G EI Switch
    • JD376A HP 5500-48G-PoE EI Switch
    • JD377A HP 5500-24G EI Switch
    • JD378A HP 5500-24G-PoE EI Switch
    • JD379A HP 5500-24G-SFP DC EI Switch
    • JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
    • JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
    • JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
    • JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
    • JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
  • 4800G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD007A HP 4800-24G Switch
    • JD008A HP 4800-24G-PoE Switch
    • JD009A HP 4800-24G-SFP Switch
    • JD010A HP 4800-48G Switch
    • JD011A HP 4800-48G-PoE Switch
  • 5500SI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD369A HP 5500-24G SI Switch
    • JD370A HP 5500-48G SI Switch
    • JD371A HP 5500-24G-PoE SI Switch
    • JD372A HP 5500-48G-PoE SI Switch
    • JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
    • JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
  • 4500G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JF428A HP 4510-48G Switch
    • JF847A HP 4510-24G Switch
  • 5120 EI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JE066A HP 5120-24G EI Switch
    • JE067A HP 5120-48G EI Switch
    • JE068A HP 5120-24G EI Switch with 2 Interface Slots
    • JE069A HP 5120-48G EI Switch with 2 Interface Slots
    • JE070A HP 5120-24G-PoE EI 2-slot Switch
    • JE071A HP 5120-48G-PoE EI 2-slot Switch
    • JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
    • JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
    • JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
    • JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
  • 4210G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JF844A HP 4210-24G Switch
    • JF845A HP 4210-48G Switch
    • JF846A HP 4210-24G-PoE Switch
  • 5120 SI (Comware 5) - Version: R1517
    • HP Network Products
    • JE072A HP 5120-48G SI Switch
    • JE072B HPE 5120 48G SI Switch
    • JE073A HP 5120-16G SI Switch
    • JE073B HPE 5120 16G SI Switch
    • JE074A HP 5120-24G SI Switch
    • JE074B HPE 5120 24G SI Switch
    • JG091A HP 5120-24G-PoE+ (370W) SI Switch
    • JG091B HPE 5120 24G PoE+ (370W) SI Switch
    • JG092A HP 5120-24G-PoE+ (170W) SI Switch
    • JG309B HPE 5120 8G PoE+ (180W) SI Switch
    • JG310B HPE 5120 8G PoE+ (65W) SI Switch
  • 3610 (Comware 5) - Version: R5319P15
    • HP Network Products
    • JD335A HP 3610-48 Switch
    • JD336A HP 3610-24-4G-SFP Switch
    • JD337A HP 3610-24-2G-2G-SFP Switch
    • JD338A HP 3610-24-SFP Switch
  • 3600V2 (Comware 5) - Version: R2111P01
    • HP Network Products
    • JG299A HP 3600-24 v2 EI Switch
    • JG299B HP 3600-24 v2 EI Switch
    • JG300A HP 3600-48 v2 EI Switch
    • JG300B HP 3600-48 v2 EI Switch
    • JG301A HP 3600-24-PoE+ v2 EI Switch
    • JG301B HP 3600-24-PoE+ v2 EI Switch
    • JG301C HP 3600-24-PoE+ v2 EI Switch
    • JG302A HP 3600-48-PoE+ v2 EI Switch
    • JG302B HP 3600-48-PoE+ v2 EI Switch
    • JG302C HP 3600-48-PoE+ v2 EI Switch
    • JG303A HP 3600-24-SFP v2 EI Switch
    • JG303B HP 3600-24-SFP v2 EI Switch
    • JG304A HP 3600-24 v2 SI Switch
    • JG304B HP 3600-24 v2 SI Switch
    • JG305A HP 3600-48 v2 SI Switch
    • JG305B HP 3600-48 v2 SI Switch
    • JG306A HP 3600-24-PoE+ v2 SI Switch
    • JG306B HP 3600-24-PoE+ v2 SI Switch
    • JG306C HP 3600-24-PoE+ v2 SI Switch
    • JG307A HP 3600-48-PoE+ v2 SI Switch
    • JG307B HP 3600-48-PoE+ v2 SI Switch
    • JG307C HP 3600-48-PoE+ v2 SI Switch
  • 3100V2 (Comware 5) - Version: R5213P01
    • HP Network Products
    • JD313B HPE 3100 24 PoE v2 EI Switch
    • JD318B HPE 3100 8 v2 EI Switch
    • JD319B HPE 3100 16 v2 EI Switch
    • JD320B HPE 3100 24 v2 EI Switch
    • JG221A HPE 3100 8 v2 SI Switch
    • JG222A HPE 3100 16 v2 SI Switch
    • JG223A HPE 3100 24 v2 SI Switch
  • HP870 (Comware 5) - Version: R2607P51
    • HP Network Products
    • JG723A HP 870 Unified Wired-WLAN Appliance
    • JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
  • HP850 (Comware 5) - Version: R2607P51
    • HP Network Products
    • JG722A HP 850 Unified Wired-WLAN Appliance
    • JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
  • HP830 (Comware 5) - Version: R3507P51
    • HP Network Products
    • JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
    • JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
    • JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
    • JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
  • HP6000 (Comware 5) - Version: R2507P44
    • HP Network Products
    • JG639A HP 10500/7500 20G Unified Wired-WLAN Module
    • JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
  • WX5004-EI (Comware 5) - Version: R2507P44
    • HP Network Products
    • JD447B HP WX5002 Access Controller
    • JD448A HP WX5004 Access Controller
    • JD448B HP WX5004 Access Controller
    • JD469A HP WX5004 Access Controller
  • SecBlade FW (Comware 5) - Version: R3181P07
    • HP Network Products
    • JC635A HP 12500 VPN Firewall Module
    • JD245A HP 9500 VPN Firewall Module
    • JD249A HP 10500/7500 Advanced VPN Firewall Module
    • JD250A HP 6600 Firewall Processing Router Module
    • JD251A HP 8800 Firewall Processing Module
    • JD255A HP 5820 VPN Firewall Module
  • F1000-E (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JD272A HP F1000-E VPN Firewall Appliance
  • F1000-A-EI (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG214A HP F1000-A-EI VPN Firewall Appliance
  • F1000-S-EI (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG213A HP F1000-S-EI VPN Firewall Appliance
  • F5000-A (Comware 5) - Version: F3210P26
    • HP Network Products
    • JD259A HP A5000-A5 VPN Firewall Chassis
    • JG215A HP F5000 Firewall Main Processing Unit
    • JG216A HP F5000 Firewall Standalone Chassis
  • U200S and CS (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD273A HP U200-S UTM Appliance
  • U200A and M (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD275A HP U200-A UTM Appliance
  • F5000-C/S (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG650A HP F5000-C VPN Firewall Appliance
    • JG370A HP F5000-S VPN Firewall Appliance
  • SecBlade III (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG371A HP 12500 20Gbps VPN Firewall Module
    • JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
  • 6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
  • 6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HPE FlexNetwork 6608 Router Chassis
    • JC178A HPE FlexNetwork 6604 Router Chassis
    • JC178B HPE FlexNetwork 6604 Router Chassis
    • JC496A HPE FlexNetwork 6616 Router Chassis
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • 6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC176A HP 6602 Router Chassis
  • HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • SMB1910 (Comware 5) - Version: R1113
    • HP Network Products
    • JG540A HP 1910-48 Switch
    • JG539A HP 1910-24-PoE+ Switch
    • JG538A HP 1910-24 Switch
    • JG537A HP 1910-8 -PoE+ Switch
    • JG536A HP 1910-8 Switch
  • SMB1920 (Comware 5) - Version: R1112
    • HP Network Products
    • JG928A HP 1920-48G-PoE+ (370W) Switch
    • JG927A HP 1920-48G Switch
    • JG926A HP 1920-24G-PoE+ (370W) Switch
    • JG925A HP 1920-24G-PoE+ (180W) Switch
    • JG924A HP 1920-24G Switch
    • JG923A HP 1920-16G Switch
    • JG922A HP 1920-8G-PoE+ (180W) Switch
    • JG921A HP 1920-8G-PoE+ (65W) Switch
    • JG920A HP 1920-8G Switch
  • V1910 (Comware 5) - Version: R1517P01
    • HP Network Products
    • JE005A HP 1910-16G Switch
    • JE006A HP 1910-24G Switch
    • JE007A HP 1910-24G-PoE (365W) Switch
    • JE008A HP 1910-24G-PoE(170W) Switch
    • JE009A HP 1910-48G Switch
    • JG348A HP 1910-8G Switch
    • JG349A HP 1910-8G-PoE+ (65W) Switch
    • JG350A HP 1910-8G-PoE+ (180W) Switch
  • SMB 1620 (Comware 5) - Version: R1110
    • HP Network Products
    • JG914A HP 1620-48G Switch
    • JG913A HP 1620-24G Switch
    • JG912A HP 1620-8G Switch
  • NJ5000 - Version: R1107
    • HP Network Products
    • JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7377
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
  • 10500 (Comware 7) - Version: R7180
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
  • 12900 (Comware 7) - Version: R1150
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
  • 5900 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
  • MSR1000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
  • MSR2000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
  • MSR3000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
  • MSR4000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
  • VSR (Comware 7) - Version: E0322P01
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
  • 7900 (Comware 7) - Version: R2150
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
  • 5130 (Comware 7) - Version: R3113P02
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
  • 6125XLG - Version: R2432P01
    • HP Network Products
    • 711307-B21 HP 6125XLG Blade Switch
    • 737230-B21 HP 6125XLG Blade Switch with TAA
  • 6127XLG - Version: R2432P01
    • HP Network Products
    • 787635-B21 HP 6127XLG Blade Switch Opt Kit
    • 787635-B22 HP 6127XLG Blade Switch with TAA
  • Moonshot - Version: R2432P01
    • HP Network Products
    • 786617-B21 - HP Moonshot-45Gc Switch Module
    • 704654-B21 - HP Moonshot-45XGc Switch Module
    • 786619-B21 - HP Moonshot-180XGc Switch Module
  • 5700 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
  • 5930 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
  • HSR6600 (Comware 7) - Version: R7103P09
    • HP Network Products
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
  • HSR6800 (Comware 7) - Version: R7103P09
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
    • JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
  • 1950 (Comware 7) - Version: R3113P02
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
  • 7500 (Comware 7) - Version: R7180
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
  • 5510HI (Comware 7) - Version: R1120
    • HP Network Products
    • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
    • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
    • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
    • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
    • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
  • 5130HI (Comware 7) - Version: R1120
    • HP Network Products
    • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
    • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
    • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
    • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch

iMC Products

  • IMC PLAT - Version: 7.2 E0403P04
    • HP Network Products
    • JD125A HP IMC Std S/W Platform w/100-node
    • JD126A HP IMC Ent S/W Platform w/100-node
    • JD808A HP IMC Ent Platform w/100-node License
    • JD814A HP A-IMC Enterprise Edition Software DVD Media
    • JD815A HP IMC Std Platform w/100-node License
    • JD816A HP A-IMC Standard Edition Software DVD Media
    • JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
    • JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
    • JF377A HP IMC Std S/W Platform w/100-node Lic
    • JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
    • JF378A HP IMC Ent S/W Platform w/200-node Lic
    • JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
    • JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
    • JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
    • JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
    • JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
    • JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
    • JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
  • IMC iNode - Version: 7.2 E0407
    • HP Network Products
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
  • iMC UAM_TAM - Version: 7.1 E0406
    • HP Network Products
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
  • IMC WSM - Version: 7.2 E0502P04
    • HP Network Products
    • JD456A HP IMC WSM Software Module with 50-Access Point License
    • JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
    • JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
    • JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
    • JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
    • JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU

VCX Products

  • VCX - Version: 9.8.19
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 21 February 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

References:

CVE-2007-6750 CVE-2011-4969 CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3569 CVE-2014-3568 CVE-2014-3567 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-0205 CVE-2015-3194 CVE-2015-3195 CVE-2015-3237 CVE-2015-6565 CVE-2015-7501 CVE-2015-7547 CVE-2015-7995 CVE-2015-8035 CVE-2016-0705 CVE-2016-0728 CVE-2016-0799 CVE-2016-2015 CVE-2016-2017 CVE-2016-2018 CVE-2016-2019 CVE-2016-2020 CVE-2016-2021 CVE-2016-2022 CVE-2016-2024 CVE-2016-2030 CVE-2016-2842 PSRT110092 PSRT110093 PSRT110094 PSRT110095 PSRT110096 PSRT110138

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 7 Advisory ID: RHSA-2016:2054-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2054.html Issue date: 2016-10-12 CVE Names: CVE-2015-3183 CVE-2015-3195 CVE-2015-4000 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 CVE-2016-3110 CVE-2016-4459 =====================================================================

  1. Summary:

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.10 natives, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - noarch, ppc64, x86_64

  1. Description:

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.

This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

Security Fix(es):

  • A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)

  • Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)

  • A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. (CVE-2015-3195)

  • A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2015-4000)

  • An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105)

  • An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2106)

  • It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-3110)

  • A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)

  • It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. (CVE-2016-4459)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for reporting CVE-2016-3110. The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105 and CVE-2016-2106.

  1. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1345989 - RHEL7 RPMs: Upgrade mod_cluster-native to 1.2.13.Final-redhat-1 1345993 - RHEL7 RPMs: Upgrade mod_jk to 1.2.41.redhat-1 1345997 - RHEL7 RPMs: Upgrade tomcat-native to 1.1.34

  1. Package List:

Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server:

Source: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.src.rpm httpd22-2.2.26-56.ep6.el7.src.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.src.rpm mod_jk-1.2.41-2.redhat_4.ep6.el7.src.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.src.rpm

noarch: jbcs-httpd24-1-3.jbcs.el7.noarch.rpm jbcs-httpd24-runtime-1-3.jbcs.el7.noarch.rpm

ppc64: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm hornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm httpd22-2.2.26-56.ep6.el7.ppc64.rpm httpd22-debuginfo-2.2.26-56.ep6.el7.ppc64.rpm httpd22-devel-2.2.26-56.ep6.el7.ppc64.rpm httpd22-manual-2.2.26-56.ep6.el7.ppc64.rpm httpd22-tools-2.2.26-56.ep6.el7.ppc64.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.ppc64.rpm jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm mod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm mod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm mod_ldap22-2.2.26-56.ep6.el7.ppc64.rpm mod_ssl22-2.2.26-56.ep6.el7.ppc64.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm tomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm

x86_64: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm hornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm httpd22-2.2.26-56.ep6.el7.x86_64.rpm httpd22-debuginfo-2.2.26-56.ep6.el7.x86_64.rpm httpd22-devel-2.2.26-56.ep6.el7.x86_64.rpm httpd22-manual-2.2.26-56.ep6.el7.x86_64.rpm httpd22-tools-2.2.26-56.ep6.el7.x86_64.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.x86_64.rpm jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm mod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm mod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm mod_ldap22-2.2.26-56.ep6.el7.x86_64.rpm mod_ssl22-2.2.26-56.ep6.el7.x86_64.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm tomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2015-3183 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-3110 https://access.redhat.com/security/cve/CVE-2016-4459 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2688611 https://access.redhat.com/solutions/222023 https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFX/nCuXlSAg2UNWIIRAq6gAKCk3O4+LVrC6nN6yUHOOzpm8GB7NQCcDcA0 n7n6E5uqbAY0W1AG5Z+9yy8= =6ET2 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002

OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following:

apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš

AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team

AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team

AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path

Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB

Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher

dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1738 : beist and ABH of BoB

FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)

HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659

Intel Graphics Driver Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero

IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1745 : sweetchip of Grayhash

IOGraphics Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)

IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad

IOUSBFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team

Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762

Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University

Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox

NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero

OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. CVE-ID CVE-2016-0777 : Qualys CVE-2016-0778 : Qualys

OpenSSH Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 : Qualys CVE-2015-5334 : Qualys

OpenSSL Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to cause a denial of service Description: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195

Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš

QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG

QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG

Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. CVE-ID CVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca

Ruby Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648. CVE-ID CVE-2015-7551

Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc.

Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab

Tcl Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by removing libpng. CVE-ID CVE-2015-8126 : Adam Mariš

TrueTypeScaler Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)

Wi-Fi Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher

OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171

OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE----- .

The References section of this erratum contains a download link (you must log in to download the update). (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)

  • This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)

  • This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)

  • This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)

  • This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)

  • A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808)

  • A memory leak flaw was fixed in expat.

After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/):

JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

  1. 5 client) - i386, x86_64

  2. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. The Common Vulnerabilities and Exposures project identifies the following issues:

CVE-2015-3194

Loic Jonas Etienne of Qnective AG discovered that the signature
verification routines will crash with a NULL pointer dereference if
presented with an ASN.1 signature using the RSA PSS algorithm and
absent mask generation function parameter. A remote attacker can
exploit this flaw to crash any certificate verification operation
and mount a denial of service attack.

CVE-2015-3196

A race condition flaw in the handling of PSK identify hints was
discovered, potentially leading to a double free of the identify
hint data.

For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u18.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u2.

For the unstable distribution (sid), these problems have been fixed in version 1.0.2e-1 or earlier

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0484",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "sun ray software",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "1.0"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "model": "life sciences data hub",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "2.1"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "11.1.2.3.0"
      },
      {
        "model": "1.0.1",
        "scope": null,
        "trust": 1.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "vm server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.2"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "22"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "11.4"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.2"
      },
      {
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zh"
      },
      {
        "model": "vm virtualbox",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.0.0"
      },
      {
        "model": "integrated lights out manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "integrated lights out manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.0.4"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.3.36"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0t"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "hpe systems insight manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "sun blade 6000 ethernet switched nem 24p 10ge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.2"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 to  10.11.3"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.7.10 and earlier"
      },
      {
        "model": "hpe server migration pack",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "communications applications",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle enterprise session border controller ecz7.3m1p4 and earlier"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.28 and earlier"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "none"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "4.4.1.5.0"
      },
      {
        "model": "hpe version control repository manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "hpe matrix operating environment",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "switch es1-24",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.3"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.0.0.2.0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.0.2.0.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0t"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "40g 10g 72/64 ethernet switch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "2.0.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "sun network 10ge switch 72p",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.2"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.0.0.1.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.0.1.0.0"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "server provisioning"
      },
      {
        "model": "\u003c0.9.8zh",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "1.0.2",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0i"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.11.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:sun_ray_software:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:transportation_management:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:life_sciences_data_hub:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:transportation_management:6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.14",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.36",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:11.5.10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.0.4",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.8zh",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.0t",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.1q",
                "versionStartIncluding": "1.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.2e",
                "versionStartIncluding": "1.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2015-3195",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-3195",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-07950",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-81156",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-3195",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-3195",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3195",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-07950",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-075",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81156",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3195",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications. \n\nOpenSSL\u0027s handling of X509_ATTRIBUTE has a security vulnerability. A remote attacker can use the vulnerability to send a message containing a special X509_ATTRIBUTE structure to trigger a memory leak. The attacker can obtain sensitive information. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The vulnerability is due to the error caused by the program not correctly handling the malformed X509_ATTRIBUTE data. The following versions are affected: OpenSSL prior to 0.9.8zh, 1.0.0 prior to 1.0.0t, 1.0.1 prior to 1.0.1q, 1.0.2 prior to 1.0.2e. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05398322\nVersion: 1\n\nHPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-02-21\nLast Updated: 2017-02-21\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nNetwork products including Comware 5, Comware 7, IMC, and VCX. The\nvulnerabilities could be remotely exploited resulting in Denial of Service\n(DoS) or disclosure of sensitive information. \n\nReferences:\n\n  - CVE-2015-1794 - Remote Denial of Service (DoS)\n  - CVE-2015-3193 - Remote disclosure of sensitive information\n  - CVE-2015-3194 - Remote Denial of Service (DoS)\n  - CVE-2015-3195 - Remote disclosure of sensitive information\n  - CVE-2015-3196 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - HPE Intelligent Management Center (iMC) All versions - Please refer to\nthe RESOLUTION below for a list of updated products. \n  - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2015-1794\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3193\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n    CVE-2015-3194\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3195\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3196\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates to resolve the vulnerabilities in\nthe Comware, IMC and VCX products running OpenSSL. \n\n\n**COMWARE 5 Products**\n\n  + **A6600 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **HSR6602 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **MSR20 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD432A HP A-MSR20-21 Router\n      - JD662A HP MSR20-20 Router\n      - JD663A HP A-MSR20-21 Router\n      - JD663B HP MSR20-21 Router\n      - JD664A HP MSR20-40 Router\n      - JF228A HP MSR20-40 Router\n      - JF283A HP MSR20-20 Router\n  + **MSR20-1X  (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD431A HP MSR20-10 Router\n      - JD667A HP MSR20-15 IW Multi-Service Router\n      - JD668A HP MSR20-13 Multi-Service Router\n      - JD669A HP MSR20-13 W Multi-Service Router\n      - JD670A HP MSR20-15 A Multi-Service Router\n      - JD671A HP MSR20-15 AW Multi-Service Router\n      - JD672A HP MSR20-15 I Multi-Service Router\n      - JD673A HP MSR20-11 Multi-Service Router\n      - JD674A HP MSR20-12 Multi-Service Router\n      - JD675A HP MSR20-12 W Multi-Service Router\n      - JD676A HP MSR20-12 T1 Multi-Service Router\n      - JF236A HP MSR20-15-I Router\n      - JF237A HP MSR20-15-A Router\n      - JF238A HP MSR20-15-I-W Router\n      - JF239A HP MSR20-11 Router\n      - JF240A HP MSR20-13 Router\n      - JF241A HP MSR20-12 Router\n      - JF806A HP MSR20-12-T Router\n      - JF807A HP MSR20-12-W Router\n      - JF808A HP MSR20-13-W Router\n      - JF809A HP MSR20-15-A-W Router\n      - JF817A HP MSR20-15 Router\n      - JG209A HP MSR20-12-T-W Router (NA)\n      - JG210A HP MSR20-13-W Router (NA)\n  + **MSR 30 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD654A HP MSR30-60 POE Multi-Service Router\n      - JD657A HP MSR30-40 Multi-Service Router\n      - JD658A HP MSR30-60 Multi-Service Router\n      - JD660A HP MSR30-20 POE Multi-Service Router\n      - JD661A HP MSR30-40 POE Multi-Service Router\n      - JD666A HP MSR30-20 Multi-Service Router\n      - JF229A HP MSR30-40 Router\n      - JF230A HP MSR30-60 Router\n      - JF232A HP RTMSR3040-AC-OVSAS-H3\n      - JF235A HP MSR30-20 DC Router\n      - JF284A HP MSR30-20 Router\n      - JF287A HP MSR30-40 DC Router\n      - JF801A HP MSR30-60 DC Router\n      - JF802A HP MSR30-20 PoE Router\n      - JF803A HP MSR30-40 PoE Router\n      - JF804A HP MSR30-60 PoE Router\n      - JG728A HP MSR30-20 TAA-compliant DC Router\n      - JG729A HP MSR30-20 TAA-compliant Router\n  + **MSR 30-16 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD659A HP MSR30-16 POE Multi-Service Router\n      - JD665A HP MSR30-16 Multi-Service Router\n      - JF233A HP MSR30-16 Router\n      - JF234A HP MSR30-16 PoE Router\n  + **MSR 30-1X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF800A HP MSR30-11 Router\n      - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n      - JG182A HP MSR30-11E Router\n      - JG183A HP MSR30-11F Router\n      - JG184A HP MSR30-10 DC Router\n  + **MSR 50 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD433A HP MSR50-40 Router\n      - JD653A HP MSR50 Processor Module\n      - JD655A HP MSR50-40 Multi-Service Router\n      - JD656A HP MSR50-60 Multi-Service Router\n      - JF231A HP MSR50-60 Router\n      - JF285A HP MSR50-40 DC Router\n      - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n  + **MSR 50-G2 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD429A HP MSR50 G2 Processor Module\n      - JD429B HP MSR50 G2 Processor Module\n  + **MSR 9XX (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF812A HP MSR900 Router\n      - JF813A HP MSR920 Router\n      - JF814A HP MSR900-W Router\n      - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n      - JG207A HP MSR900-W Router (NA)\n      - JG208A HP MSR920-W Router (NA)\n  + **MSR 93X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JG511A HP MSR930 Router\n      - JG511B HP MSR930 Router\n      - JG512A HP MSR930 Wireless Router\n      - JG513A HP MSR930 3G Router\n      - JG513B HP MSR930 3G Router\n      - JG514A HP MSR931 Router\n      - JG514B HP MSR931 Router\n      - JG515A HP MSR931 3G Router\n      - JG516A HP MSR933 Router\n      - JG517A HP MSR933 3G Router\n      - JG518A HP MSR935 Router\n      - JG518B HP MSR935 Router\n      - JG519A HP MSR935 Wireless Router\n      - JG520A HP MSR935 3G Router\n      - JG531A HP MSR931 Dual 3G Router\n      - JG531B HP MSR931 Dual 3G Router\n      - JG596A HP MSR930 4G LTE/3G CDMA Router\n      - JG597A HP MSR936 Wireless Router\n      - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n      - JG704A HP MSR930 4G LTE/3G WCDMA  ATT Router\n      - JH009A HP MSR931 Serial (TI) Router\n      - JH010A HP MSR933 G.SHDSL (TI) Router\n      - JH011A HP MSR935 ADSL2+ (TI) Router\n      - JH012A HP MSR930 Wireless 802.11n (NA) Router\n      - JH012B HP MSR930 Wireless 802.11n (NA) Router\n      - JH013A HP MSR935 Wireless 802.11n (NA) Router\n  + **MSR1000 (Comware 5) - Version: See Mitigation**\n    * HP Network Products\n      - JG732A HP MSR1003-8 AC Router\n  + **12500 (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JC808A HP 12500 TAA Main Processing Unit\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n  + **9500E (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC124A HP A9508 Switch Chassis\n      - JC124B HP 9505 Switch Chassis\n      - JC125A HP A9512 Switch Chassis\n      - JC125B HP 9512 Switch Chassis\n      - JC474A HP A9508-V Switch Chassis\n      - JC474B HP 9508-V Switch Chassis\n  + **10500 (Comware 5) - Version: R1210P02**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC614A HP 10500 Main Processing Unit\n      - JC748A HP 10512 Switch Chassis\n      - JG375A HP 10500 TAA-compliant Main Processing Unit\n      - JG820A HP 10504 TAA-compliant Switch Chassis\n      - JG821A HP 10508 TAA-compliant Switch Chassis\n      - JG822A HP 10508-V TAA-compliant Switch Chassis\n      - JG823A HP 10512 TAA-compliant Switch Chassis\n  + **7500 (Comware 5) - Version: R6710P02**\n    * HP Network Products\n      - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n      - JC697A HP 7502 TAA-compliant Main Processing Unit\n      - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n      - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n      - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n      - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n      - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD194A HP 7500 384Gbps Fabric Module\n      - JD194B HP 7500 384Gbps Fabric Module\n      - JD195A HP 7500 384Gbps Advanced Fabric Module\n      - JD196A HP 7502 Fabric Module\n      - JD220A HP 7500 768Gbps Fabric Module\n      - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n      - JD238A HP 7510 Switch Chassis\n      - JD238B HP 7510 Switch Chassis\n      - JD239A HP 7506 Switch Chassis\n      - JD239B HP 7506 Switch Chassis\n      - JD240A HP 7503 Switch Chassis\n      - JD240B HP 7503 Switch Chassis\n      - JD241A HP 7506-V Switch Chassis\n      - JD241B HP 7506-V Switch Chassis\n      - JD242A HP 7502 Switch Chassis\n      - JD242B HP 7502 Switch Chassis\n      - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JE164A HP E7902 Switch Chassis\n      - JE165A HP E7903 Switch Chassis\n      - JE166A HP E7903 1 Fabric Slot Switch Chassis\n      - JE167A HP E7906 Switch Chassis\n      - JE168A HP E7906 Vertical Switch Chassis\n      - JE169A HP E7910 Switch Chassis\n  + **6125G/XG Blade Switch - Version: R2112P05**\n    * HP Network Products\n      - 737220-B21 HP 6125G Blade Switch with TAA\n      - 737226-B21 HP 6125G/XG Blade Switch with TAA\n      - 658250-B21 HP 6125G/XG Blade Switch Opt Kit\n      - 658247-B21 HP 6125G Blade Switch Opt Kit\n  + **5830 (Comware 5) - Version: R1118P13**\n    * HP Network Products\n      - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n      - JC694A HP 5830AF-96G Switch\n      - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n      - JG374A HP 5830AF-96G TAA-compliant Switch\n  + **5800 (Comware 5) - Version: R1810P03**\n    * HP Network Products\n      - JC099A HP 5800-24G-PoE Switch\n      - JC099B HP 5800-24G-PoE+ Switch\n      - JC100A HP 5800-24G Switch\n      - JC100B HP 5800-24G Switch\n      - JC101A HP 5800-48G Switch with 2 Slots\n      - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n      - JC103A HP 5800-24G-SFP Switch\n      - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n      - JC104A HP 5800-48G-PoE Switch\n      - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n      - JC105A HP 5800-48G Switch\n      - JC105B HP 5800-48G Switch with 1 Interface Slot\n      - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG255A HP 5800-24G TAA-compliant Switch\n      - JG255B HP 5800-24G TAA-compliant Switch\n      - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG225A HP 5800AF-48G Switch\n      - JG225B HP 5800AF-48G Switch\n      - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n      - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n      - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n      - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n      - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n      - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n      - JG219A HP 5820AF-24XG Switch\n      - JG219B HP 5820AF-24XG Switch\n      - JC102A HP 5820-24XG-SFP+ Switch\n      - JC102B HP 5820-24XG-SFP+ Switch\n  + **5500 HI (Comware 5) - Version: R5501P21**\n    * HP Network Products\n      - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n      - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n      - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n      - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n  + **5500 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD373A HP 5500-24G DC EI Switch\n      - JD374A HP 5500-24G-SFP EI Switch\n      - JD375A HP 5500-48G EI Switch\n      - JD376A HP 5500-48G-PoE EI Switch\n      - JD377A HP 5500-24G EI Switch\n      - JD378A HP 5500-24G-PoE EI Switch\n      - JD379A HP 5500-24G-SFP DC EI Switch\n      - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n      - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n      - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n  + **4800G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD007A HP 4800-24G Switch\n      - JD008A HP 4800-24G-PoE Switch\n      - JD009A HP 4800-24G-SFP Switch\n      - JD010A HP 4800-48G Switch\n      - JD011A HP 4800-48G-PoE Switch\n  + **5500SI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD369A HP 5500-24G SI Switch\n      - JD370A HP 5500-48G SI Switch\n      - JD371A HP 5500-24G-PoE SI Switch\n      - JD372A HP 5500-48G-PoE SI Switch\n      - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n      - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n  + **4500G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF428A HP 4510-48G Switch\n      - JF847A HP 4510-24G Switch\n  + **5120 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JE066A HP 5120-24G EI Switch\n      - JE067A HP 5120-48G EI Switch\n      - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n      - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n      - JE070A HP 5120-24G-PoE EI 2-slot Switch\n      - JE071A HP 5120-48G-PoE EI 2-slot Switch\n      - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n      - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n  + **4210G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF844A HP 4210-24G Switch\n      - JF845A HP 4210-48G Switch\n      - JF846A HP 4210-24G-PoE Switch\n  + **5120 SI (Comware 5) - Version: R1517**\n    * HP Network Products\n      - JE072A HP 5120-48G SI Switch\n      - JE072B HPE 5120 48G SI Switch\n      - JE073A HP 5120-16G SI Switch\n      - JE073B HPE 5120 16G SI Switch\n      - JE074A HP 5120-24G SI Switch\n      - JE074B HPE 5120 24G SI Switch\n      - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n      - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n      - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n      - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n      - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n  + **3610 (Comware 5) - Version: R5319P15**\n    * HP Network Products\n      - JD335A HP 3610-48 Switch\n      - JD336A HP 3610-24-4G-SFP Switch\n      - JD337A HP 3610-24-2G-2G-SFP Switch\n      - JD338A HP 3610-24-SFP Switch\n  + **3600V2 (Comware 5) - Version: R2111P01**\n    * HP Network Products\n      - JG299A HP 3600-24 v2 EI Switch\n      - JG299B HP 3600-24 v2 EI Switch\n      - JG300A HP 3600-48 v2 EI Switch\n      - JG300B HP 3600-48 v2 EI Switch\n      - JG301A HP 3600-24-PoE+ v2 EI Switch\n      - JG301B HP 3600-24-PoE+ v2 EI Switch\n      - JG301C HP 3600-24-PoE+ v2 EI Switch\n      - JG302A HP 3600-48-PoE+ v2 EI Switch\n      - JG302B HP 3600-48-PoE+ v2 EI Switch\n      - JG302C HP 3600-48-PoE+ v2 EI Switch\n      - JG303A HP 3600-24-SFP v2 EI Switch\n      - JG303B HP 3600-24-SFP v2 EI Switch\n      - JG304A HP 3600-24 v2 SI Switch\n      - JG304B HP 3600-24 v2 SI Switch\n      - JG305A HP 3600-48 v2 SI Switch\n      - JG305B HP 3600-48 v2 SI Switch\n      - JG306A HP 3600-24-PoE+ v2 SI Switch\n      - JG306B HP 3600-24-PoE+ v2 SI Switch\n      - JG306C HP 3600-24-PoE+ v2 SI Switch\n      - JG307A HP 3600-48-PoE+ v2 SI Switch\n      - JG307B HP 3600-48-PoE+ v2 SI Switch\n      - JG307C HP 3600-48-PoE+ v2 SI Switch\n  + **3100V2 (Comware 5) - Version: R5213P01**\n    * HP Network Products\n      - JD313B HPE 3100 24 PoE v2 EI Switch\n      - JD318B HPE 3100 8 v2 EI Switch\n      - JD319B HPE 3100 16 v2 EI Switch\n      - JD320B HPE 3100 24 v2 EI Switch\n      - JG221A HPE 3100 8 v2 SI Switch\n      - JG222A HPE 3100 16 v2 SI Switch\n      - JG223A HPE 3100 24 v2 SI Switch\n  + **HP870 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG723A HP 870 Unified Wired-WLAN Appliance\n      - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP850 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG722A HP 850 Unified Wired-WLAN Appliance\n      - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP830 (Comware 5) - Version: R3507P51**\n    * HP Network Products\n      - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n      - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n      - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n      - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n  + **HP6000 (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n      - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n  + **WX5004-EI (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JD447B HP WX5002 Access Controller\n      - JD448A HP WX5004 Access Controller\n      - JD448B HP WX5004 Access Controller\n      - JD469A HP WX5004 Access Controller\n  + **SecBlade FW (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JC635A HP 12500 VPN Firewall Module\n      - JD245A HP 9500 VPN Firewall Module\n      - JD249A HP 10500/7500 Advanced VPN Firewall Module\n      - JD250A HP 6600 Firewall Processing Router Module\n      - JD251A HP 8800 Firewall Processing Module\n      - JD255A HP 5820 VPN Firewall Module\n  + **F1000-E (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JD272A HP F1000-E VPN Firewall Appliance\n  + **F1000-A-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG214A HP F1000-A-EI VPN Firewall Appliance\n  + **F1000-S-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG213A HP F1000-S-EI VPN Firewall Appliance\n  + **F5000-A (Comware 5) - Version: F3210P26**\n    * HP Network Products\n      - JD259A HP A5000-A5 VPN Firewall Chassis\n      - JG215A HP F5000 Firewall Main Processing Unit\n      - JG216A HP F5000 Firewall Standalone Chassis\n  + **U200S and CS (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD273A HP U200-S UTM Appliance\n  + **U200A and M (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD275A HP U200-A UTM Appliance\n  + **F5000-C/S (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG650A HP F5000-C VPN Firewall Appliance\n      - JG370A HP F5000-S VPN Firewall Appliance\n  + **SecBlade III (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG371A HP 12500 20Gbps VPN Firewall Module\n      - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n  + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n  + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HPE FlexNetwork 6608 Router Chassis\n      - JC178A HPE FlexNetwork 6604 Router Chassis\n      - JC178B HPE FlexNetwork 6604 Router Chassis\n      - JC496A HPE FlexNetwork 6616 Router Chassis\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n  + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **SMB1910 (Comware 5) - Version: R1113**\n    * HP Network Products\n      - JG540A HP 1910-48 Switch\n      - JG539A HP 1910-24-PoE+ Switch\n      - JG538A HP 1910-24 Switch\n      - JG537A HP 1910-8 -PoE+ Switch\n      - JG536A HP 1910-8 Switch\n  + **SMB1920 (Comware 5) - Version: R1112**\n    * HP Network Products\n      - JG928A HP 1920-48G-PoE+ (370W) Switch\n      - JG927A HP 1920-48G Switch\n      - JG926A HP 1920-24G-PoE+ (370W) Switch\n      - JG925A HP 1920-24G-PoE+ (180W) Switch\n      - JG924A HP 1920-24G Switch\n      - JG923A HP 1920-16G Switch\n      - JG922A HP 1920-8G-PoE+ (180W) Switch\n      - JG921A HP 1920-8G-PoE+ (65W) Switch\n      - JG920A HP 1920-8G Switch\n  + **V1910 (Comware 5) - Version: R1517P01**\n    * HP Network Products\n      - JE005A HP 1910-16G Switch\n      - JE006A HP 1910-24G Switch\n      - JE007A HP 1910-24G-PoE (365W) Switch\n      - JE008A HP 1910-24G-PoE(170W) Switch\n      - JE009A HP 1910-48G Switch\n      - JG348A HP 1910-8G Switch\n      - JG349A HP 1910-8G-PoE+ (65W) Switch\n      - JG350A HP 1910-8G-PoE+ (180W) Switch\n  + **SMB 1620 (Comware 5) - Version: R1110**\n    * HP Network Products\n      - JG914A HP 1620-48G Switch\n      - JG913A HP 1620-24G Switch\n      - JG912A HP 1620-8G Switch\n  + **NJ5000 - Version: R1107**\n    * HP Network Products\n      - JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack\n\n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7377**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1150**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0322P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2150**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **6125XLG - Version: R2432P01**\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n  + **6127XLG - Version: R2432P01**\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n  + **Moonshot - Version: R2432P01**\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n  + **5700 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n  + **5510HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n  + **5130HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n\n\n**iMC Products**\n\n  + **IMC PLAT - Version: 7.2 E0403P04**\n    * HP Network Products\n      - JD125A  HP IMC Std S/W Platform w/100-node\n      - JD126A  HP IMC Ent S/W Platform w/100-node\n      - JD808A  HP IMC Ent Platform w/100-node License\n      - JD814A   HP A-IMC Enterprise Edition Software DVD Media\n      - JD815A  HP IMC Std Platform w/100-node License\n      - JD816A  HP A-IMC Standard Edition Software DVD Media\n      - JF288AAE  HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n      - JF289AAE  HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n      - JF377A  HP IMC Std S/W Platform w/100-node Lic\n      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU\n      - JF378A  HP IMC Ent S/W Platform w/200-node Lic\n      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU\n      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU\n      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU\n      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU\n      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n  + **IMC iNode - Version: 7.2 E0407**\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n  + **iMC UAM_TAM - Version: 7.1 E0406**\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n  + **IMC WSM - Version: 7.2 E0502P04**\n    * HP Network Products\n      - JD456A HP IMC WSM Software Module with 50-Access Point License\n      - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n      - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n      - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n      - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n      - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n  + **VCX - Version: 9.8.19**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 February 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\nReferences:\n\nCVE-2007-6750\nCVE-2011-4969\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3569\nCVE-2014-3568\nCVE-2014-3567\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-0205\nCVE-2015-3194\nCVE-2015-3195\nCVE-2015-3237\nCVE-2015-6565\nCVE-2015-7501\nCVE-2015-7547\nCVE-2015-7995\nCVE-2015-8035\nCVE-2016-0705\nCVE-2016-0728\nCVE-2016-0799\nCVE-2016-2015\nCVE-2016-2017\nCVE-2016-2018\nCVE-2016-2019\nCVE-2016-2020\nCVE-2016-2021\nCVE-2016-2022\nCVE-2016-2024\nCVE-2016-2030\nCVE-2016-2842\nPSRT110092\nPSRT110093\nPSRT110094\nPSRT110095\nPSRT110096\nPSRT110138\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 7\nAdvisory ID:       RHSA-2016:2054-01\nProduct:           Red Hat JBoss Enterprise Application Platform\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2054.html\nIssue date:        2016-10-12\nCVE Names:         CVE-2015-3183 CVE-2015-3195 CVE-2015-4000 \n                   CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 \n                   CVE-2016-2109 CVE-2016-3110 CVE-2016-4459 \n=====================================================================\n\n1. Summary:\n\nUpdated packages that provide Red Hat JBoss Enterprise Application Platform\n6.4.10 natives, fix several bugs, and add various enhancements are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release includes bug fixes and enhancements, as well as a new release\nof OpenSSL that addresses a number of outstanding security flaws. For\nfurther information, see the knowledge base article linked to in the\nReferences section. All users of Red Hat JBoss Enterprise Application\nPlatform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these\nupdated packages. The JBoss server process must be restarted for the update\nto take effect. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. \n(CVE-2016-2108)\n\n* Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\n* A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. (CVE-2015-3195)\n\n* A flaw was found in the way the TLS protocol composes the Diffie-Hellman\nexchange (for both export and non-export grade cipher suites). An attacker\ncould use this flaw to downgrade a DHE connection to use export-grade key\nsizes, which could then be broken by sufficient pre-computation. This can\nlead to a passive man-in-the-middle attack in which the attacker is able to\ndecrypt all traffic. (CVE-2015-4000)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of\ninput data. A remote attacker could use this flaw to crash an application\nusing OpenSSL or, possibly, execute arbitrary code with the permissions of\nthe user running that application. (CVE-2016-2105)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts\nof input data. A remote attacker could use this flaw to crash an\napplication using OpenSSL or, possibly, execute arbitrary code with the\npermissions of the user running that application. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-3110)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. (CVE-2016-4459)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for\nreporting CVE-2016-3110. The CVE-2016-4459 issue was discovered by Robert\nBost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno\nBAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105\nand CVE-2016-2106. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks\n1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1345989 - RHEL7 RPMs: Upgrade mod_cluster-native to 1.2.13.Final-redhat-1\n1345993 - RHEL7 RPMs: Upgrade mod_jk to 1.2.41.redhat-1\n1345997 - RHEL7 RPMs: Upgrade tomcat-native to 1.1.34\n\n6. Package List:\n\nRed Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server:\n\nSource:\nhornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.src.rpm\nhttpd22-2.2.26-56.ep6.el7.src.rpm\njbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.src.rpm\nmod_jk-1.2.41-2.redhat_4.ep6.el7.src.rpm\ntomcat-native-1.1.34-5.redhat_1.ep6.el7.src.rpm\n\nnoarch:\njbcs-httpd24-1-3.jbcs.el7.noarch.rpm\njbcs-httpd24-runtime-1-3.jbcs.el7.noarch.rpm\n\nppc64:\nhornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm\nhornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm\nhttpd22-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-debuginfo-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-devel-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-manual-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-tools-2.2.26-56.ep6.el7.ppc64.rpm\njbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.ppc64.rpm\njbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm\njbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm\nmod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm\nmod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm\nmod_ldap22-2.2.26-56.ep6.el7.ppc64.rpm\nmod_ssl22-2.2.26-56.ep6.el7.ppc64.rpm\ntomcat-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm\ntomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm\n\nx86_64:\nhornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm\nhornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm\nhttpd22-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-debuginfo-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-devel-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-manual-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-tools-2.2.26-56.ep6.el7.x86_64.rpm\njbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.x86_64.rpm\njbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm\njbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm\nmod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm\nmod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm\nmod_ldap22-2.2.26-56.ep6.el7.x86_64.rpm\nmod_ssl22-2.2.26-56.ep6.el7.x86_64.rpm\ntomcat-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm\ntomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3183\nhttps://access.redhat.com/security/cve/CVE-2015-3195\nhttps://access.redhat.com/security/cve/CVE-2015-4000\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-3110\nhttps://access.redhat.com/security/cve/CVE-2016-4459\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/2688611\nhttps://access.redhat.com/solutions/222023\nhttps://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX/nCuXlSAg2UNWIIRAq6gAKCk3O4+LVrC6nN6yUHOOzpm8GB7NQCcDcA0\nn7n6E5uqbAY0W1AG5Z+9yy8=\n=6ET2\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update\n2016-002\n\nOS X El Capitan 10.11.4 and Security Update 2016-002 is now available\nand addresses the following:\n\napache_mod_php\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription:  Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nAppleRAID\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team\n\nAppleRAID\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team\n\nAppleUSBNetworking\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the parsing of\ndata from USB devices. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path\n\nBluetooth\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1735 : Jeonghoon Shin@A.D.D\nCVE-2016-1736 : beist and ABH of BoB\n\nCarbon\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .dfont file may lead to\narbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2016-1737 : an anonymous researcher\n\ndyld\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An attacker may tamper with code-signed applications to\nexecute arbitrary code in the application\u0027s context\nDescription:  A code signing verification issue existed in dyld. This\nissue was addressed with improved validation. \nCVE-ID\nCVE-2016-1738 : beist and ABH of BoB\n\nFontParser\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIntel Graphics Driver\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1743 : Piotr Bania of Cisco Talos\nCVE-2016-1744 : Ian Beer of Google Project Zero\n\nIOFireWireFamily\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local user may be able to cause a denial of service\nDescription:  A null pointer dereference was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1745 : sweetchip of Grayhash\n\nIOGraphics\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\nCVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\n\nIOHIDFamily\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to determine kernel memory layout\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nIOUSBFamily\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of\nTrend Micro working with Trend Micro\u0027s Zero Day Initiative (ZDI)\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A race condition existed during the creation of new\nprocesses. This was addressed through improved state handling. \nCVE-ID\nCVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\nCVE-2016-1759 : lokihardt\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to determine kernel memory layout\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1758 : Brandon Azad\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to cause a denial of service\nDescription:  A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1761 : wol0xff working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1762\n\nMessages\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An attacker who is able to bypass Apple\u0027s certificate\npinning, intercept TLS connections, inject messages, and record\nencrypted attachment-type messages may be able to read attachments\nDescription:  A cryptographic issue was addressed by rejecting\nduplicate messages on the client. \nCVE-ID\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,\nIan Miers, and Michael Rushanan of Johns Hopkins University\n\nMessages\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Clicking a JavaScript link can reveal sensitive user\ninformation\nDescription:  An issue existed in the processing of JavaScript links. \nThis issue was addressed through improved content security policy\nchecks. \nCVE-ID\nCVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of\nBishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox\n\nNVIDIA Graphics Drivers\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1741 : Ian Beer of Google Project Zero\n\nOpenSSH\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Connecting to a server may leak sensitive user information,\nsuch as a client\u0027s private keys\nDescription:  Roaming, which was on by default in the OpenSSH client,\nexposed an information leak and a buffer overflow. These issues were\naddressed by disabling roaming in the client. \nCVE-ID\nCVE-2016-0777 : Qualys\nCVE-2016-0778 : Qualys\n\nOpenSSH\nAvailable for:  OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact:  Multiple vulnerabilities in LibreSSL\nDescription:  Multiple vulnerabilities existed in LibreSSL versions\nprior to 2.1.8. These were addressed by updating LibreSSL to version\n2.1.8. \nCVE-ID\nCVE-2015-5333 : Qualys\nCVE-2015-5334 : Qualys\n\nOpenSSL\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A memory leak existed in OpenSSL versions prior to\n0.9.8zh. This issue was addressed by updating OpenSSL to version\n0.9.8zh. \nCVE-ID\nCVE-2015-3195\n\nPython\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription:  Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2014-9495\nCVE-2015-0973\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1767 : Francis Provencher from COSIG\nCVE-2016-1768 : Francis Provencher from COSIG\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1769 : Francis Provencher from COSIG\n\nReminders\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Clicking a tel link can make a call without prompting the\nuser\nDescription:  A user was not prompted before invoking a call. This\nwas addressed through improved entitlement checks. \nCVE-ID\nCVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of\nLaurent.ca\n\nRuby\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription:  An unsafe tainted string usage vulnerability existed in\nversions prior to 2.0.0-p648. This issue was addressed by updating to\nversion 2.0.0-p648. \nCVE-ID\nCVE-2015-7551\n\nSecurity\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local user may be able to check for the existence of\narbitrary files\nDescription:  A permissions issue existed in code signing tools. This\nwas addressed though additional ownership checks. \nCVE-ID\nCVE-2016-1773 : Mark Mentovai of Google Inc. \n\nSecurity\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTcl\nAvailable for:  \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription:  Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by removing libpng. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\n\nTrueTypeScaler\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWi-Fi\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription:  A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nOS X El Capitan 10.11.4 includes the security content of Safari 9.1. \nhttps://support.apple.com/kb/HT206171\n\nOS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6\nARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w\nHiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l\nJy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau\n/71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi\nUhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng\nO+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78\njuPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF\ni9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP\nIzo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X\nqlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q\nVZmOKa8qMxB1L/JmdCqy\n=mZR+\n-----END PGP SIGNATURE-----\n. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. 5 client) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. The Common Vulnerabilities and Exposures project\nidentifies the following issues:\n\nCVE-2015-3194\n\n    Loic Jonas Etienne of Qnective AG discovered that the signature\n    verification routines will crash with a NULL pointer dereference if\n    presented with an ASN.1 signature using the RSA PSS algorithm and\n    absent mask generation function parameter. A remote attacker can\n    exploit this flaw to crash any certificate verification operation\n    and mount a denial of service attack. \n\nCVE-2015-3196\n\n    A race condition flaw in the handling of PSK identify hints was\n    discovered, potentially leading to a double free of the identify\n    hint data. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u18. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u2. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2e-1 or earlier",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3195",
        "trust": 4.0
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "78626",
        "trust": 1.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA10733",
        "trust": 1.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA10761",
        "trust": 1.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1034294",
        "trust": 1.8
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.8
      },
      {
        "db": "PULSESECURE",
        "id": "SA40100",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95113540",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97668313",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "134783",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156",
        "trust": 0.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141239",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139114",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139116",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140182",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134632",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "id": "VAR-201512-0484",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T20:40:42.235000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
      },
      {
        "title": "HT206167",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206167"
      },
      {
        "title": "HT206167",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206167"
      },
      {
        "title": "HPSBMU03590",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "title": "HPSBMU03611",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "title": "HPSBMU03612",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "title": "Release Strategy",
        "trust": 0.8,
        "url": "https://www.openssl.org/policies/releasestrat.html"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "OpenSSL 1.0.0 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.0-notes.html"
      },
      {
        "title": "OpenSSL 0.9.8 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-0.9.8-notes.html"
      },
      {
        "title": "Fix leak with ASN.1 combine.",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d"
      },
      {
        "title": "X509_ATTRIBUTE memory leak (CVE-2015-3195)",
        "trust": 0.8,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "title": "Oracle Linux Bulletin - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "title": "April 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "October 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "TLSA-2015-20",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-20j.html"
      },
      {
        "title": "Patch for OpenSSL X509_ATTRIBUTE Structure Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/67698"
      },
      {
        "title": "OpenSSL ASN1_TFLG_COMBINE Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=58937"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152616 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152617 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2015-3195",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3195"
      },
      {
        "title": "Debian Security Advisories: DSA-3413-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=82bedc073c0f22b408ebaf092ed8621c"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2830-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-614",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-614"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720151203\u0027 Advisory Affects Tenable SecurityCenter",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-01"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151204-openssl"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2015-3194, 3195, 3196 -- Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=62ab21cc073446940abce12c35db3049"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "Symantec Security Advisories: SA105 : OpenSSL Vulnerabilities 3-Dec-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a924415f718a299b2d1e8046890941f3"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3195 "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.debian.org/security/2015/dsa-3413"
      },
      {
        "trust": 1.9,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-2616.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/78626"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151204-openssl"
      },
      {
        "trust": 1.8,
        "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.8,
        "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04944173"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05111017"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131085"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05398322"
      },
      {
        "trust": 1.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40100"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206167"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-december/173801.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-2617.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1034294"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2830-1"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=cc598f321fbac9c04da5766243ed55d55948637d"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3195"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95113540/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97668313"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3195"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d"
      },
      {
        "trust": 0.6,
        "url": "https://www.openssl.org/news/secadv/20151203.txt"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/2688611"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/solutions/222023"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4000"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3110"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3183"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10733"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10759"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10761"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=145382583417444\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2015\u0026amp;m=slackware-security.754583"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:2616"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2830-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42530"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05398322"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1794"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightcontrol"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-2054.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7551"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0777"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht206171"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1732"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9495"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1734"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5334"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0778"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5333"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1737"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0973"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-8612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5420"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5419"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7141"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "date": "2015-12-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "date": "2015-12-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "date": "2015-12-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "date": "2017-02-23T17:10:09",
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "date": "2016-06-02T19:12:12",
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "date": "2016-10-12T20:16:45",
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "date": "2016-03-22T15:18:02",
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "date": "2016-10-12T23:44:55",
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "date": "2016-12-16T16:34:49",
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "date": "2015-12-14T16:40:07",
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "date": "2015-12-04T17:22:00",
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "date": "2015-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "date": "2015-12-06T20:59:05.973000",
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "date": "2022-12-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "date": "2016-11-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "date": "2023-11-07T02:25:31.687000",
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/asn1/tasn_dec.c of  ASN1_TFLG_COMBINE Vulnerability in the implementation of critical information obtained from process memory",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      }
    ],
    "trust": 0.6
  }
}

var-201609-0595
Vulnerability from variot

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. ( Out-of-bounds writes and application crashes ) There are vulnerabilities that are subject to unspecified impact, such as being put into a state. Supplementary information : CWE Vulnerability type by CWE-787: Out-of-bounds Write ( Out-of-bounds writing ) Has been identified. http://cwe.mitre.org/data/definitions/787.htmlService disruption by a third party ( Out-of-bounds writes and application crashes ) There is a possibility of being affected unspecified, such as being in a state. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to crash the affected application, resulting in denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-2178)

  • It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181)

  • An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. (CVE-2016-2182)

  • A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)

This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.

  • An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. (CVE-2016-6302)

  • Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)

  • An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm

ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm

s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm

ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm

s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm

s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

After installing the updated packages, the httpd daemon will be restarted automatically. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/

CVE-2016-2178

Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.

CVE-2016-2179 / CVE-2016-2181

Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4.

For the unstable distribution (sid), these problems will be fixed soon. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016

openssl regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

USN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.

We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38

After a standard system update you need to reboot your computer to make all the necessary changes. Description:

This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):

JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7

  1. OpenSSL Security Advisory [22 Sep 2016]

OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

Severity: High

A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.

Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.

OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

SSL_peek() hang on empty record (CVE-2016-6305)

Severity: Moderate

OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.

SWEET32 Mitigation (CVE-2016-2183)

Severity: Low

SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.

OOB write in MDC2_Update() (CVE-2016-6303)

Severity: Low

An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.

The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Malformed SHA512 ticket DoS (CVE-2016-6302)

Severity: Low

If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.

The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB write in BN_bn2dec() (CVE-2016-2182)

Severity: Low

The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB read in TS_OBJ_print_bio() (CVE-2016-2180)

Severity: Low

The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Pointer arithmetic undefined behaviour (CVE-2016-2177)

Severity: Low

Avoid some undefined pointer arithmetic

A common idiom in the codebase is to check limits in the following manner: "p + len > limit"

Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS message).

The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.

For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

Constant time flag not preserved in DSA signing (CVE-2016-2178)

Severity: Low

Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.

DTLS buffered message DoS (CVE-2016-2179)

Severity: Low

In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.

DTLS replay protection DoS (CVE-2016-2181)

Severity: Low

A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.

Certificate message OOB reads (CVE-2016-6306)

Severity: Low

In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.

The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.

OpenSSL 1.1.0 is not affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)

Severity: Low

A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect DTLS users.

OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)

Severity: Low

This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.

A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect TLS users.

OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0595",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1t"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1r"
      },
      {
        "model": "icewall sso",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "icewall federation agent",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "icewall federation agent",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "icewall mcrp",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "certd"
      },
      {
        "model": "icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw"
      },
      {
        "model": "icewall sso agent option",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "(linux edition )"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "sg3600 all series"
      },
      {
        "model": "ix1000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard v8.2 to  v9.4"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v8.5"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "cosminexus http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "application server for developers",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "(64)"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "-r"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "express"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "standard-r"
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "01"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional for plug-in"
      },
      {
        "model": "ucosminexus developer light",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base(64)"
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "(64)"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- messaging"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.26"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.9"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.3"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9.15.9.8"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.8.15.7.15"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3.8"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.5"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.15"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.14"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.13"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.12"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.9"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.8"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.7"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.5"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.33"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.32"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.31"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.30"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.28"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.27"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.26"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.24"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.23"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.17"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.12"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.11"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.10"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.9"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.11"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.10"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.8"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.7"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.5"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.29"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.19"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.18"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.14"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.13"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2.0.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1.0.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.2.0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9.0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7.0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.3.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.405"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.403"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.402"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.401"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.400"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "email gateway 7.6.405h1165239",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "email gateway 7.6.405h1157986",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "email gateway 7.6.2h968406",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment 5.1.fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.9"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.8"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.6"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.5"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.10"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.1"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0.1"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.2"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.3.0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "pixel xl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "pixel c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "pixel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "nexus player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7(2013)"
      },
      {
        "model": "nexus 6p",
        "scope": null,
        "trust": 0.3,
        "vendor": "google",
        "version": null
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5x"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.1.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.1.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.2"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.4.4"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server multimedia platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client on-premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell iuh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization quality management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "unified ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager im \u0026 presence service (formerly c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs series and series fabric interconnects",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "620063000"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8200"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103200"
      },
      {
        "model": "telepresence server and mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087100"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence isdn gateway mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "telepresence isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "tandberg codian isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "stealthwatch management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "stealthwatch identity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa525g 5-line ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart net total care local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "smart care",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "small business series managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "services provisioning platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime optical for service providers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime infrastructure plug and play standalone gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "partner support service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "onepk all-in-one virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches standalone nx-os mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus series blade switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "network performance analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nac appliance clean access server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "nac appliance clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "mxe series media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber client framework components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip series phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "content security appliance update servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud object storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x0"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27000"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47100"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "series stackable managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "series smart plus switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2200"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.28"
      },
      {
        "model": "oss support tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.15.17.3.14"
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.406-3402.103"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13150-13"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3.1"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.5"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.11"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.23"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.3-6513"
      },
      {
        "model": "wireless lan controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1.30"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82.8"
      },
      {
        "model": "webex meetings client on-premises t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings client hosted t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex centers t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtualization experience media edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.6"
      },
      {
        "model": "videoscape anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.7.2"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.9"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.9"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.9"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.9"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.003(002)"
      },
      {
        "model": "universal small cell iuh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.23"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.23"
      },
      {
        "model": "unity express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "unified workforce optimization quality management solution 11.5 su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified sip proxy software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "unified meetingplace 8.6mr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified ip conference phone for third-party call control 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip conference phone 10.3.1sr4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip phone 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6(1)"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-3.0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.3"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "telepresence system ex series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system ex series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-376.1"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-326.1"
      },
      {
        "model": "telepresence system series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30006.1"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13006.1"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11006.1"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10006.1"
      },
      {
        "model": "telepresence sx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence sx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8204.4"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103204.4"
      },
      {
        "model": "telepresence server and mse",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087104.4"
      },
      {
        "model": "telepresence profile series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence profile series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence mx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence mx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence mcu",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5(1.89)"
      },
      {
        "model": "telepresence integrator c series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence integrator c series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "services provisioning platform sfp1.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.13"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.8"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.7"
      },
      {
        "model": "prime performance manager sp1611",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "prime network services controller 1.01u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.5"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "prime network",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "431"
      },
      {
        "model": "prime infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.7"
      },
      {
        "model": "nexus series switches standalone nx-os mode 7.0 i5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.19"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.19"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.19"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "nexus series blade switches 4.1 e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "network analysis module 6.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "netflow generation appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(1)"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.19"
      },
      {
        "model": "mds series multilayer switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11"
      },
      {
        "model": "jabber for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "jabber for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "jabber client framework components",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.4"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.2"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.1"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.5(3)"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.0.1"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.1.3"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.9"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.10"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.9"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0.1"
      },
      {
        "model": "edge digital media player 1.2rb1.0.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "340"
      },
      {
        "model": "edge digital media player 1.6rb5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "digital media manager 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "digital media manager 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dcm series d9900 digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "content security management appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.140"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.8.9"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.11"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.2"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2(1)"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0.7"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.4"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.4"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.3"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.2"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.1"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270015.5(3)"
      },
      {
        "model": "industrial router 1.2.1rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "92557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004780"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2182"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2182"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2016-2182",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-2182",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-2182",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2182",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-2182",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2182"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004780"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2182"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. ( Out-of-bounds writes and application crashes ) There are vulnerabilities that are subject to unspecified impact, such as being put into a state. Supplementary information : CWE Vulnerability type by CWE-787: Out-of-bounds Write ( Out-of-bounds writing ) Has been identified. http://cwe.mitre.org/data/definitions/787.htmlService disruption by a third party ( Out-of-bounds writes and application crashes ) There is a possibility of being affected unspecified, such as being in a state. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the affected application, resulting in denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2016:1940-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1940.html\nIssue date:        2016-09-27\nCVE Names:         CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 \n                   CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 \n                   CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. \n(CVE-2016-2178)\n\n* It was discovered that the Datagram TLS (DTLS) implementation could fail\nto release memory in certain cases. A malicious DTLS client could cause a\nDTLS server using OpenSSL to consume an excessive amount of memory and,\npossibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw\nto make a DTLS server using OpenSSL to reject further packets sent from a\nDTLS client over an established DTLS connection. (CVE-2016-2181)\n\n* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()\nfunction. (CVE-2016-2182)\n\n* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL\nprotocol. A man-in-the-middle attacker could use this flaw to recover some\nplaintext data by capturing large amounts of encrypted traffic between\nTLS/SSL server and client if the communication used a DES/3DES based\nciphersuite. (CVE-2016-2183)\n\nThis update mitigates the CVE-2016-2183 issue by lowering priority of DES\ncipher suites so they are not preferred over cipher suites using AES. For\ncompatibility reasons, DES cipher suites remain enabled by default and\nincluded in the set of cipher suites identified by the HIGH cipher string. \nFuture updates may move them to MEDIUM or not enable them by default. \n\n* An integer underflow flaw leading to a buffer over-read was found in the\nway OpenSSL parsed TLS session tickets. (CVE-2016-6302)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* An out of bounds read flaw was found in the way OpenSSL formatted Public\nKey Infrastructure Time-Stamp Protocol data for printing. A remote attacker could\npossibly use these flaws to crash a TLS/SSL server or client using OpenSSL. \n(CVE-2016-6306)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2179\nhttps://access.redhat.com/security/cve/CVE-2016-2180\nhttps://access.redhat.com/security/cve/CVE-2016-2181\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.openssl.org/news/secadv/20160922.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI\nxpTW7ApBLmKhVjs49DGYouI=\n=4VgY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Additional information can be found at\n    https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/    \n\nCVE-2016-2178\n\n    Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n    leak in the DSA code. \n\nCVE-2016-2179 / CVE-2016-2181\n\n    Quan Luo and the OCAP audit team discovered denial of service\n    vulnerabilities in DTLS. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4. \n\nFor the unstable distribution (sid), these problems will be fixed soon. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. This\n issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n  Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2181)\n  Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n  Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. \n (CVE-2016-2183)\n  Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)\n  Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Description:\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-373 - Errata for httpd 2.4.29 GA RHEL 7\n\n7. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2.  OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2182"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004780"
      },
      {
        "db": "BID",
        "id": "92557"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2182"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2182",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "92557",
        "trust": 1.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10171",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10215",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-21",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-20",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-16",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1036688",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1037968",
        "trust": 1.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.1
      },
      {
        "db": "PULSESECURE",
        "id": "SA40312",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU98667810",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004780",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2182",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138870",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148521",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148525",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138817",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138820",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138826",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148524",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169633",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2182"
      },
      {
        "db": "BID",
        "id": "92557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004780"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2182"
      }
    ]
  },
  "id": "VAR-201609-0595",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.39427244733333333
  },
  "last_update_date": "2024-07-23T22:06:46.651000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160927-openssl",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "title": "hitachi-sec-2017-102",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-102/index.html"
      },
      {
        "title": "HPSBGN03658",
        "trust": 0.8,
        "url": "https://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05302448"
      },
      {
        "title": "1995039",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "title": "SB10171",
        "trust": 0.8,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10171"
      },
      {
        "title": "NV17-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "Check for errors in BN_bn2dec()",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Oracle Linux Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "title": "SA40312",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "title": "SA132",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaapsv"
      },
      {
        "title": "TNS-2016-16",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "title": "TLSA-2016-28",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-28j.html"
      },
      {
        "title": "hitachi-sec-2017-102",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2017-102/index.html"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29  RHEL 7 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182185 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182187 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182186 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2016-2182",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2182"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-2182"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-755",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24"
      },
      {
        "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Android Security Bulletins: Android Security Bulletin\u2014March 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=65d776aaa82a91341631d2aa61736067"
      },
      {
        "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16"
      },
      {
        "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20"
      },
      {
        "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "CVE Scanning of Alpine base images using Multi Stage builds in Docker 17.05\nSummary",
        "trust": 0.1,
        "url": "https://github.com/tomwillfixit/alpine-cvecheck "
      },
      {
        "title": "hackerone-publicy-disclosed",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      },
      {
        "title": "OpenSSL-CVE-lib",
        "trust": 0.1,
        "url": "https://github.com/chnzzh/openssl-cve-lib "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2182"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004780"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004780"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2182"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "trust": 1.4,
        "url": "https://source.android.com/security/bulletin/2017-03-01.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.ubuntu.com/usn/usn-3087-1"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/92557"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-3087-2"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2018:2185"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2018:2186"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2018:2187"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "trust": 1.1,
        "url": "http://www.splunk.com/view/sp-caaapsv"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10171"
      },
      {
        "trust": 1.1,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1037968"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036688"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-21"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-20"
      },
      {
        "trust": 1.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2017/jul/31"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05302448"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en\u0026docid=emr_na-hpesbhf03856en_us"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2016/dsa-3673"
      },
      {
        "trust": 1.1,
        "url": "https://source.android.com/security/bulletin/2017-03-01"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/csp/article/k01276005"
      },
      {
        "trust": 1.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=07bed46f332fce8c1d157689a2cdf915a982ae34"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2182"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98667810/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2182"
      },
      {
        "trust": 0.8,
        "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-6306"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-2182"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-6302"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367340"
      },
      {
        "trust": 0.3,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3738"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3731"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3737"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3738"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3732"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-7055"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3737"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3736"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3736"
      },
      {
        "trust": 0.2,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "trust": 0.2,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/787.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=48600"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3087-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2181"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2179"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1626883"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://sweet32.info)"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2182"
      },
      {
        "db": "BID",
        "id": "92557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004780"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2182"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2182"
      },
      {
        "db": "BID",
        "id": "92557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004780"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2182"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2182"
      },
      {
        "date": "2016-08-16T00:00:00",
        "db": "BID",
        "id": "92557"
      },
      {
        "date": "2016-09-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004780"
      },
      {
        "date": "2016-09-27T19:32:00",
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "date": "2018-07-12T21:45:18",
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "date": "2018-07-12T21:48:57",
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "date": "2016-09-22T22:22:00",
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "date": "2016-09-22T22:25:00",
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "date": "2016-09-23T19:19:00",
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "date": "2018-07-12T21:48:49",
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "date": "2016-09-22T12:12:12",
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "date": "2016-09-16T05:59:02.627000",
        "db": "NVD",
        "id": "CVE-2016-2182"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2182"
      },
      {
        "date": "2018-02-05T15:00:00",
        "db": "BID",
        "id": "92557"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004780"
      },
      {
        "date": "2023-11-07T02:31:01.797000",
        "db": "NVD",
        "id": "CVE-2016-2182"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      }
    ],
    "trust": 0.5
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/bn/bn_print.c of  BN_bn2dec Service disruption in functionality  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004780"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "92557"
      }
    ],
    "trust": 0.3
  }
}

var-201410-1151
Vulnerability from variot

OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c. OpenSSL is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz: Upgraded. ( Security fix ) patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz: Upgraded. For more information, see: https://www.openssl.org/news/secadv_20141015.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zc-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zc-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zc-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1j-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1j-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1j-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1j-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1j-i486-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1j-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1j-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 44d336a121b39296f0e6bbeeb283dd2b openssl-0.9.8zc-i486-1_slack13.0.txz 8342cfb351e59ecf5ea6d8cba66f0040 openssl-solibs-0.9.8zc-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: 671f12535bdc10ab24388b713351aca2 openssl-0.9.8zc-x86_64-1_slack13.0.txz 21e380284cdfab2fd15fffe2e0aed526 openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 64cb819f1e07522bd5d7ceedd0a9ab50 openssl-0.9.8zc-i486-1_slack13.1.txz 5fe4e385b2251cfd7e8ae5963ec6cef1 openssl-solibs-0.9.8zc-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 94feb6699d6f2cc7750a6b2e17ccaaa2 openssl-0.9.8zc-x86_64-1_slack13.1.txz 2c17e4286509c29074ab0168367b851e openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 4483d91c776c7e23c59246c4e0aa24aa openssl-0.9.8zc-i486-1_slack13.37.txz fedd58eb19bc13c9dd88d947827a7370 openssl-solibs-0.9.8zc-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 5d48ac1e9339efc35e304c7d48b2e762 openssl-0.9.8zc-x86_64-1_slack13.37.txz 6f5e2b576259477c13f12cbed9be8804 openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz

Slackware 14.0 packages: 2b678160283bc696565dc8bd8b28c0eb openssl-1.0.1j-i486-1_slack14.0.txz f7762615c990713e9e86d4da962f1022 openssl-solibs-1.0.1j-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 41010ca37d49b74e7d7dc3f1c6ddc57e openssl-1.0.1j-x86_64-1_slack14.0.txz 40dc6f3de217279d6140c1efcc0d45c8 openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 024ecea55e22e47f9fbb4b81a7b72a51 openssl-1.0.1j-i486-1_slack14.1.txz 0a575668bb41ec4c2160800611f7f627 openssl-solibs-1.0.1j-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: d07fe289f7998a584c2b0d9810a8b9aa openssl-1.0.1j-x86_64-1_slack14.1.txz 1ffc5d0c02b0c60cefa5cf9189bfc71d openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz

Slackware -current packages: 53c9f51a79460bbfc5dec5720317cd53 a/openssl-solibs-1.0.1j-i486-1.txz cc059aa63494f3b005a886c70bc3f5d6 n/openssl-1.0.1j-i486-1.txz

Slackware x86_64 -current packages: 500709555e652adcd84b4e02dfab4eeb a/openssl-solibs-1.0.1j-x86_64-1.txz c483ca9c450fa90a901ac013276ccc53 n/openssl-1.0.1j-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1j-i486-1_slack14.1.txz openssl-solibs-1.0.1j-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001

OS X 10.10.2 and Security Update 2015-001 are now available and address the following:

AFP Server Available for: OS X Mavericks v10.9.5 Impact: A remote attacker may be able to determine all the network addresses of the system Description: The AFP file server supported a command which returned all the network addresses of the system. This issue was addressed by removing the addresses from the result. CVE-ID CVE-2014-4426 : Craig Young of Tripwire VERT

bash Available for: OS X Yosemite v10.10 and v10.10.1 Impact: Multiple vulnerabilities in bash, including one that may allow local attackers to execute arbitrary code Description: Multiple vulnerabilities existed in bash. These issues were addressed by updating bash to patch level 57. CVE-ID CVE-2014-6277 CVE-2014-7186 CVE-2014-7187

Bluetooth Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer signedness error existed in IOBluetoothFamily which allowed manipulation of kernel memory. This issue was addressed through improved bounds checking. This issue does not affect OS X Yosemite systems. CVE-ID CVE-2014-4497

Bluetooth Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An error existed in the Bluetooth driver that allowed a malicious application to control the size of a write to kernel memory. The issue was addressed through additional input validation. CVE-ID CVE-2014-8836 : Ian Beer of Google Project Zero

Bluetooth Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple security issues existed in the Bluetooth driver, allowing a malicious application to execute arbitrary code with system privilege. The issues were addressed through additional input validation. CVE-ID CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze Networks

CFNetwork Cache Available for: OS X Yosemite v10.10 and v10.10.1 Impact: Website cache may not be fully cleared after leaving private browsing Description: A privacy issue existed where browsing data could remain in the cache after leaving private browsing. This issue was addressed through a change in caching behavior. CVE-ID CVE-2014-4460

CoreGraphics Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the iSIGHT Partners GVP Program

CPU Software Available for: OS X Yosemite v10.10 and v10.10.1, for: MacBook Pro Retina, MacBook Air (Mid 2013 and later), iMac (Late 2013 and later), Mac Pro (Late 2013) Impact: A malicious Thunderbolt device may be able to affect firmware flashing Description: Thunderbolt devices could modify the host firmware if connected during an EFI update. This issue was addressed by not loading option ROMs during updates. CVE-ID CVE-2014-4498 : Trammell Hudson of Two Sigma Investments

CommerceKit Framework Available for: OS X Yosemite v10.10 and v10.10.1 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of App Store logs. The App Store process could log Apple ID credentials in the log when additional logging was enabled. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-4499 : Sten Petersen

CoreGraphics Available for: OS X Yosemite v10.10 and v10.10.1 Impact: Some third-party applications with non-secure text entry and mouse events may log those events Description: Due to the combination of an uninitialized variable and an application's custom allocator, non-secure text entry and mouse events may have been logged. This issue was addressed by ensuring that logging is off by default. This issue did not affect systems prior to OS X Yosemite. CVE-ID CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard

CoreGraphics Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PDF files. The issue was addressed through improved bounds checking. This issue does not affect OS X Yosemite systems. CVE-ID CVE-2014-8816 : Mike Myers, of Digital Operatives LLC

CoreSymbolication Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple type confusion issues existed in coresymbolicationd's handling of XPC messages. These issues were addressed through improved type checking. CVE-ID CVE-2014-8817 : Ian Beer of Google Project Zero

FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Processing a maliciously crafted .dfont file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .dfont files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative

FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4483 : Apple

Foundation Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Viewing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the XML parser. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4485 : Apple

Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Multiple vulnerabilities in Intel graphics driver Description: Multiple vulnerabilities existed in the Intel graphics driver, the most serious of which may have led to arbitrary code execution with system privileges. This update addresses the issues through additional bounds checks. CVE-ID CVE-2014-8819 : Ian Beer of Google Project Zero CVE-2014-8820 : Ian Beer of Google Project Zero CVE-2014-8821 : Ian Beer of Google Project Zero

IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOAcceleratorFamily's handling of certain IOService userclient types. This issue was addressed through improved validation of IOAcceleratorFamily contexts. CVE-ID CVE-2014-4486 : Ian Beer of Google Project Zero

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in IOHIDFamily. This issue was addressed with improved bounds checking. CVE-ID CVE-2014-4487 : TaiG Jailbreak Team

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in IOHIDFamily's handling of resource queue metadata. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-4488 : Apple

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of event queues. This issue was addressed through improved validation of IOHIDFamily event queue initialization. CVE-ID CVE-2014-4489 : @beist

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: A bounds checking issue existed in a user client vended by the IOHIDFamily driver which allowed a malicious application to overwrite arbitrary portions of the kernel address space. The issue is addressed by removing the vulnerable user client method. CVE-ID CVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative

IOKit Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2014-4389 : Ian Beer of Google Project Zero

IOUSBFamily Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A privileged application may be able to read arbitrary data from kernel memory Description: A memory access issue existed in the handling of IOUSB controller user client functions. This issue was addressed through improved argument validation. CVE-ID CVE-2014-8823 : Ian Beer of Google Project Zero

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Specifying a custom cache mode allowed writing to kernel read-only shared memory segments. This issue was addressed by not granting write permissions as a side-effect of some custom cache modes. CVE-ID CVE-2014-4495 : Ian Beer of Google Project Zero

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-8824 : @PanguTeam

Kernel Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A local attacker can spoof directory service responses to the kernel, elevate privileges, or gain kernel execution Description: Issues existed in identitysvc validation of the directory service resolving process, flag handling, and error handling. This issue was addressed through improved validation. CVE-ID CVE-2014-8825 : Alex Radocea of CrowdStrike

Kernel Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A local user may be able to determine kernel memory layout Description: Multiple uninitialized memory issues existed in the network statistics interface, which led to the disclosure of kernel memory content. This issue was addressed through additional memory initialization. CVE-ID CVE-2014-4371 : Fermin J. Serna of the Google Security Team CVE-2014-4419 : Fermin J. Serna of the Google Security Team CVE-2014-4420 : Fermin J. Serna of the Google Security Team CVE-2014-4421 : Fermin J. Serna of the Google Security Team

Kernel Available for: OS X Mavericks v10.9.5 Impact: A person with a privileged network position may cause a denial of service Description: A race condition issue existed in the handling of IPv6 packets. This issue was addressed through improved lock state checking. CVE-ID CVE-2011-2391

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Maliciously crafted or compromised applications may be able to determine addresses in the kernel Description: An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them. CVE-ID CVE-2014-4491 : @PanguTeam, Stefan Esser

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed through relocation of the metadata. CVE-ID CVE-2014-4461 : @PanguTeam

LaunchServices Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious JAR file may bypass Gatekeeper checks Description: An issue existed in the handling of application launches which allowed certain malicious JAR files to bypass Gatekeeper checks. This issue was addressed through improved handling of file type metadata. CVE-ID CVE-2014-8826 : Hernan Ochoa of Amplia Security

libnetcore Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious, sandboxed app can compromise the networkd daemon Description: Multiple type confusion issues existed in networkd's handling of interprocess communication. By sending networkd a maliciously formatted message, it may have been possible to execute arbitrary code as the networkd process. The issue is addressed through additional type checking. CVE-ID CVE-2014-4492 : Ian Beer of Google Project Zero

LoginWindow Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A Mac may not lock immediately upon wake Description: An issue existed in the rendering of the lock screen. This issue was address through improved screen rendering while locked. CVE-ID CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed testers

lukemftp Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Using the command line ftp tool to fetch files from a malicious http server may lead to arbitrary code execution Description: A command injection issue existed in the handling of HTTP redirects. This issue was addressed through improved validation of special characters. CVE-ID CVE-2014-8517

OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one that may allow an attacker to downgrade connections to use weaker cipher-suites in applications using the library Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za. These issues were addressed by updating OpenSSL to version 0.9.8zc. CVE-ID CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

Sandbox Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A design issue existed in the caching of sandbox profiles which allowed sandboxed applications to gain write access to the cache. This issue was addressed by restricting write access to paths containing a "com.apple.sandbox" segment. This issue does not affect OS X Yosemite v10.10 or later. CVE-ID CVE-2014-8828 : Apple

SceneKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: Multiple out of bounds write issues existed in SceneKit. These issues were addressed through improved bounds checking. CVE-ID CVE-2014-8829 : Jose Duart of the Google Security Team

SceneKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Viewing a maliciously crafted Collada file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. Viewing a maliciously crafted Collada file may have led to an unexpected application termination or arbitrary code execution. This issue was addressed through improved validation of accessor elements. CVE-ID CVE-2014-8830 : Jose Duart of Google Security Team

Security Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A downloaded application signed with a revoked Developer ID certificate may pass Gatekeeper checks Description: An issue existed with how cached application certificate information was evaluated. This issue was addressed with cache logic improvements. CVE-ID CVE-2014-8838 : Apple

security_taskgate Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: An app may access keychain items belonging to other apps Description: An access control issue existed in the Keychain. Applications signed with self-signed or Developer ID certificates could access keychain items whose access control lists were based on keychain groups. This issue was addressed by validating the signing identity when granting access to keychain groups. CVE-ID CVE-2014-8831 : Apple

Spotlight Available for: OS X Yosemite v10.10 and v10.10.1 Impact: The sender of an email could determine the IP address of the recipient Description: Spotlight did not check the status of Mail's "Load remote content in messages" setting. This issue was addressed by improving configuration checking. CVE-ID CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of LastFriday.no

Spotlight Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Spotlight may save unexpected information to an external hard drive Description: An issue existed in Spotlight where memory contents may have been written to external hard drives when indexing. This issue was addressed with better memory management. CVE-ID CVE-2014-8832 : F-Secure

SpotlightIndex Available for: OS X Yosemite v10.10 and v10.10.1 Impact: Spotlight may display results for files not belonging to the user Description: A deserialization issue existed in Spotlight's handling of permission caches. A user performing a Spotlight query may have been shown search results referencing files for which they don't have sufficient privileges to read. This issue was addressed with improved bounds checking. CVE-ID CVE-2014-8833 : David J Peacock, Independent Technology Consultant

sysmond Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: A type confusion vulnerability existed in sysmond that allowed a local application to escalate privileges. The issue was addressed with improved type checking. CVE-ID CVE-2014-8835 : Ian Beer of Google Project Zero

UserAccountUpdater Available for: OS X Yosemite v10.10 and v10.10.1 Impact: Printing-related preference files may contain sensitive information about PDF documents Description: OS X Yosemite v10.10 addressed an issue in the handling of password-protected PDF files created from the Print dialog where passwords may have been included in printing preference files. This update removes such extraneous information that may have been present in printing preference files. CVE-ID CVE-2014-8834 : Apple

Note: OS X Yosemite 10.10.2 includes the security content of Safari 8.0.3. For further details see https://support.apple.com/kb/HT204243

OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin)

iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6 8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/ qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V 0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA 0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq nggZl3Sa+QhfaHSUqSJI =uAqk -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-39

                                        http://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 26, 2014 Bugs: #494816, #519264, #525468 ID: 201412-39

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1j *>= 0.9.8z_p2 >= 1.0.1j

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Resolution

All OpenSSL 1.0.1 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j"

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.

References

[ 1 ] CVE-2013-6449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449 [ 2 ] CVE-2013-6450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450 [ 3 ] CVE-2014-3505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505 [ 4 ] CVE-2014-3506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506 [ 5 ] CVE-2014-3507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507 [ 6 ] CVE-2014-3509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509 [ 7 ] CVE-2014-3510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510 [ 8 ] CVE-2014-3511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511 [ 9 ] CVE-2014-3512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512 [ 10 ] CVE-2014-3513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513 [ 11 ] CVE-2014-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567 [ 12 ] CVE-2014-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568 [ 13 ] CVE-2014-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201412-39.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 .

Release Date: 2015-03-16 Last Updated: 2015-05-20

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information.

References:

CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-5139 SSRT101920 SSRT101921 SSRT101922 SSRT101894

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control impacted software components and versions

HP Insight Control 7.2, 7.3 and 7.4

HP Insight Control server migration v7.2.0, v7.2.1, v7.2.2, v7.3.0, v7.3.1, v7.3.2 v7.3.3 and v 7.4.0

HP Systems Insight Manager (SIM) v7.2.0, v7.2.1, v7.2.2, v7.3.0, v7.3.1, v7.4.0, and 7.4.0a for Linux and Windows bundled with the following software:

HP System Management Homepage (SMH) v7.2, v7.2.1, v7.2.2, v7.3.0, v7.3.1, v7.3.2, v7.3.3, v7.4.0, and 7.4.0a for Linux and Windows HP Version Control Agent (VCA) v7.2.0, v7.2.2, v7.3.0, v7.3.1, v7.3.2 and v7.3.3 for Windows HP Version Control Agent (VCA) v7.2.0, v7.2.2(A), v7.3.0, v7.3.2 and v7.3.3 for Linux HP Version Control Repository Manager (VCRM) v7.2.0, v7.2.2, v7.3.0, v7.3.1, v7.3.2, v7.3.3, v7.3.4, v7.4.0, and 7.4.0a for Windows HP Version Control Repository Manager (VCRM) v7.2.0, v7.3.4, v7.4.0 and v7.4.0a for Linux

HP System Management Homepage (SMH) v7.2, v7.2.1, v7.2.2, v7.3.0, v7.3.1, v7.3.2, v7.3.3, v7.4.0, and 7.4.0a for Linux and Windows

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-5139 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has released the following software updates to resolve these vulnerabilities in HP Insight Control 7.2. The HP Insight Control 7.2.1 Update kit applicable to HP Insight Control 7.2.x installations is available at the following location:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPICE

NOTE: Please read the readme.txt file before proceeding with the installation.

HP has addressed these vulnerabilities for the impacted software components bundled with HP Insight Control in the following HP Security Bulletins:

HP Insight Control software components HP Security Bulletin Security Bulletin Location

HP Systems Insight Manager (SIM) HPSBMU03261 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04571454

HP System Management Homepage (SMH) HPSBMU03260 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04571379

HP Version Control Agent (VCA) HPSBMU03262 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04571956

Version Control Repository Manager (VCRM) HPSBMU03259 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04570627

HISTORY Version:1 (rev.1) - 16 March 2015 Initial release Version:2 (rev.2) - 14 April 2015 Incorrect version in Resolution Version:3 (rev.3) - 20 May 2015 Updated impacted versions

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

               VMware Security Advisory

Advisory ID: VMSA-2015-0001 Synopsis: VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues Issue date: 2015-01-27 Updated on: 2015-01-27 (Initial Advisory) CVE number: CVE-2014-8370, CVE-2015-1043, CVE-2015-1044

         --- OPENSSL---
         CVE-2014-3513, CVE-2014-3567,CVE-2014-3566, CVE-2014-3568

         --- libxml2 ---
         CVE-2014-3660
  1. Summary

VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues.

  1. Relevant Releases

VMware Workstation 10.x prior to version 10.0.5

VMware Player 6.x prior to version 6.0.5

VMware Fusion 7.x prior to version 7.0.1 VMware Fusion 6.x prior to version 6.0.5

vCenter Server 5.5 prior to Update 2d

ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG ESXi 5.1 without patch ESXi510-201404101-SG ESXi 5.0 without patch ESXi500-201405101-SG

  1. Problem Description

a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability

  VMware ESXi, Workstation, Player and Fusion contain an arbitrary 
  file write issue. Exploitation this issue may allow for privilege
  escalation on the host.

  The vulnerability does not allow for privilege escalation from 
  the guest Operating System to the host or vice-versa. This means
  that host memory can not be manipulated from the Guest Operating
  System.

  Mitigation

  For ESXi to be affected, permissions must have been added to ESXi
  (or a vCenter Server managing it) for a virtual machine 
  administrator role or greater.

  VMware would like to thank Shanon Olsson for reporting this issue to
  us through JPCERT.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the identifier CVE-2014-8370 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is 
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  Workstation    11.x       any       not affected
  Workstation    10.x       any       10.0.5

  Player         7.x        any       not affected
  Player         6.x        any       6.0.5

  Fusion         7.x        any       not affected
  Fusion         6.x        any       6.0.5

  ESXi           5.5        ESXi      ESXi550-201403102-SG
  ESXi           5.1        ESXi      ESXi510-201404101-SG 
  ESXi           5.0        ESXi      ESXi500-201405101-SG

b. VMware Workstation, Player, and Fusion Denial of Service vulnerability

  VMware Workstation, Player, and Fusion contain an input validation 
  issue in the Host Guest File System (HGFS). This issue may allow
  for a Denial of Service of the Guest Operating system.

  VMware would like to thank Peter Kamensky from Digital Security for 
  reporting this issue to us.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the identifier CVE-2015-1043 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is 
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  Workstation    11.x       any       not affected
  Workstation    10.x       any       10.0.5

  Player         7.x        any       not affected
  Player         6.x        any       6.0.5

  Fusion         7.x        any       7.0.1
  Fusion         6.x        any       6.0.5

c. VMware ESXi, Workstation, and Player Denial of Service vulnerability

  VMware ESXi, Workstation, and Player contain an input
  validation issue in VMware Authorization process (vmware-authd). 
  This issue may allow for a Denial of Service of the host. On 
  VMware ESXi and on Workstation running on Linux the Denial of
  Service would be partial.

  VMware would like to thank Dmitry Yudin @ret5et for reporting
  this issue to us through HP's Zero Day Initiative.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the identifier CVE-2015-1044 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is 
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  Workstation    11.x       any       not affected
  Workstation    10.x       any       10.0.5

  Player         7.x        any       not affected
  Player         6.x        any       6.0.5

  Fusion         7.x        any       not affected
  Fusion         6.x        any       not affected

  ESXi           5.5        ESXi      ESXi550-201501101-SG
  ESXi           5.1        ESXi      ESXi510-201410101-SG
  ESXi           5.0        ESXi      not affected

d. 

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the names CVE-2014-3513, CVE-2014-3567, 
  CVE-2014-3566 ("POODLE") and CVE-2014-3568 to these issues.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  vCenter Server 5.5        any       Update 2d*
  vCenter Server 5.1        any       patch pending
  vCenter Server 5.0        any       patch pending

  ESXi           5.5        ESXi      ESXi550-201501101-SG       
  ESXi           5.1        ESXi      patch pending
  ESXi           5.0        ESXi      patch pending

  * The VMware vCenter 5.5 SSO component will be 
    updated in a later release

e. Update to ESXi libxml2 package

  The libxml2 library is updated to version libxml2-2.7.6-17
  to resolve a security issue.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the name CVE-2014-3660 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  ESXi           5.5        ESXi      ESXi550-201501101-SG     
  ESXi           5.1        ESXi      patch pending
  ESXi           5.0        ESXi      patch pending
  1. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

VMware Workstation 10.x

https://www.vmware.com/go/downloadworkstation

VMware Player 6.x

https://www.vmware.com/go/downloadplayer

VMware Fusion 7.x and 6.x

https://www.vmware.com/go/downloadplayer

vCenter Server

Downloads and Documentation: https://www.vmware.com/go/download-vsphere

ESXi 5.5 Update 2d

File: update-from-esxi5.5-5.5_update01.zip md5sum: 5773844efc7d8e43135de46801d6ea25 sha1sum: 6518355d260e81b562c66c5016781db9f077161f http://kb.vmware.com/kb/2065832 update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG

ESXi 5.5

File: ESXi550-201501001.zip md5sum: b0f2edd9ad17d0bae5a11782aaef9304 sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1 http://kb.vmware.com/kb/2099265 ESXi550-201501001.zip contains ESXi550-201501101-SG

ESXi 5.1

File: ESXi510-201404001.zip md5sum: 9dc3c9538de4451244a2b62d247e52c4 sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66 http://kb.vmware.com/kb/2070666 ESXi510-201404001 contains ESXi510-201404101-SG

ESXi 5.0

File: ESXi500-201405001.zip md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5 http://kb.vmware.com/kb/2075521 ESXi500-201405001 contains ESXi500-201405101-SG

  1. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660

  1. Change log

2015-01-27 VMSA-2015-0001 Initial security advisory in conjunction with the release of VMware Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d and, ESXi 5.5 Patches released on 2015-01-27.

  1. Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

Consolidated list of VMware Security Advisories http://kb.vmware.com/kb/2078735

VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html

Twitter https://twitter.com/VMwareSRC

Copyright 2015 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.0 (Build 8741) Charset: utf-8

wj8DBQFUx/+UDEcm8Vbi9kMRAmzrAKDG7u8ZTSlfQzU3eFphjebNgDkW2ACfZ9JE c75UD0ctlJx5607JuLfnb6Y= =IxpT -----END PGP SIGNATURE----- . CVE-ID CVE-2015-0248 CVE-2015-0251

Xcode 7.0 may be obtained from: https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

  • Select Xcode in the menu bar
  • Select About Xcode
  • The version after applying this update will be "7.0". Corrected: 2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1) 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10) 2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE) 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3) 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13) 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20) 2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE) 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17) CVE Name: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. Problem Description

A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. [CVE-2014-3513].

When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. [CVE-2014-3567].

The SSL protocol 3.0, as supported in OpenSSL and other products, supports CBC mode encryption where it could not adequately check the integrity of padding, because of the use of non-deterministic CBC padding. This protocol weakness makes it possible for an attacker to obtain clear text data through a padding-oracle attack.

Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE [CVE-2014-3566].

OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. [CVE-2014-3568].

III. Impact

A remote attacker can cause Denial of Service with OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. [CVE-2014-3513]

By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. [CVE-2014-3567].

An active man-in-the-middle attacker can force a protocol downgrade to SSLv3 and exploit the weakness of SSLv3 to obtain clear text data from the connection. [CVE-2014-3566] [CVE-2014-3568]

IV. Workaround

No workaround is available. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.0]

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc

gpg --verify openssl-10.0.patch.asc

[FreeBSD 9.3]

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc

gpg --verify openssl-9.3.patch.asc

[FreeBSD 8.4, 9.1 and 9.2]

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc

gpg --verify openssl-8.4.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r273151 releng/8.4/ r273416 stable/9/ r273151 releng/9.1/ r273415 releng/9.2/ r273415 releng/9.3/ r273415 stable/10/ r273149 releng/10.0/ r273415 releng/10.1/ r273399

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201410-1151",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zb"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "bladecenter advanced management module 3.66n",
        "scope": "ne",
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter advanced management module 3.66k",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "global console manager",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.26.1.23978"
      },
      {
        "model": "global console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.4.2.15036"
      },
      {
        "model": "global console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.20.20.23447"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "local console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.39.0"
      },
      {
        "model": "local console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.27.00"
      },
      {
        "model": "local console manager",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.40.00"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "rational software architect realtime edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "bladecenter advanced management module 25r5778",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "q",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "16200"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1948"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58200"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "switch series r1809p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5820"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "msr4000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "mcp r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6600"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "msr3000 r0106p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sle client tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "850/8700"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "r5203p11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v2"
      },
      {
        "model": "f5000-s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "msr1000 r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "msr9xx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58300"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.0"
      },
      {
        "model": "wb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "n",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aspera",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "m210",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "vsr1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "r15xx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19100"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.2"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "119000"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "switch series r5319p10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3610"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "msr1000 russian version r2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "f5000-c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.0.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.23"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.4"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "a6600",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "r1828p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12500"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "r2122",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7900"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.1"
      },
      {
        "model": "u200s and cs f5123p30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "office connect ps1810",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aura communication manager ssp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ex series network switches for ibm products pre 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "f1000-a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.0.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "hsr6602 r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "m.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "a6600 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79000"
      },
      {
        "model": "aspera proxy",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.3"
      },
      {
        "model": "si switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51200"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "f1000-s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v2-480"
      },
      {
        "model": "aspera mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "msr93x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "h.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "r1104",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1620"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "u200s and cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.20"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "aspera drive",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "russian version r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6602"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.4"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "f1000-e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2.0"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "12500(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v7)0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48000"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "vcx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "57000"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5.0"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3.1"
      },
      {
        "model": "msr50-g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5"
      },
      {
        "model": "r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.1"
      },
      {
        "model": "esxi esxi550-20150110",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "ei switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5500"
      },
      {
        "model": "kb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "msr30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.8.0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129000"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "msr1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "msr30 russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "i.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "m.08",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.1"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "a6600 r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "9500e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-493"
      },
      {
        "model": "msr20 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "switch series r1118p11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5830"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.8"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tivoli workload scheduler for z/os connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.6"
      },
      {
        "model": "secblade iii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational software architect realtime edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "sle client tools for x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4"
      },
      {
        "model": "msr30 r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for z/os connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "msr50-g2 r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "msr1000 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "vb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56001"
      },
      {
        "model": "ka",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "office connect pk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "yb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "f5000 f3210p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.5.03.00"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.41"
      },
      {
        "model": "aspera ondemand for google cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.21"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "aura utility services sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "hsr6602 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "aspera console",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.5.3"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "mcp russian version r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6600"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51200"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.2"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "msr50 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "hsr6800 r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.20"
      },
      {
        "model": "msr3000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aspera faspex",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.9"
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.40"
      },
      {
        "model": "msr2000 r0106p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "va",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.32"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aspera ondemand for softlayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.4"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125000"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "switch series r1809p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5800"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "aspera ondemand for azure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5700"
      },
      {
        "model": "aspera shares",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.9"
      },
      {
        "model": "hi switch series r5501p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5500"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "qradar risk manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "secblade iii r3820p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.46.4.2.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.1"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "aspera client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "hsr6800 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.4"
      },
      {
        "model": "aspera outlook plugin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v5)0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.0"
      },
      {
        "model": "r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6602"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.5"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.0"
      },
      {
        "model": "u200a and m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56003"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "msr20-1x r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "r1105",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1920"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "r11xx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19100"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.2"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "tivoli workload scheduler for z/os connector fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58000"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.3"
      },
      {
        "model": "si switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5500"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1.2"
      },
      {
        "model": "aspera connect server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "z/tpf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "r2110p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v2-48"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3.2"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "ps110",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.33"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "9500e r1828p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.0"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "f5000-s r3811p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.1.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "a6600 russian version r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v7)0"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "qradar vulnerability manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "msr30-16 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "hsr6602",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.1.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "msr30-16 russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "msr20-1x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ra",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "f5000-c r3811p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "si switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "rf manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.9.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.6.0"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "tivoli workload scheduler for z/os connector fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "hsr6800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ei switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5120"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "h.07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-495"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.1"
      },
      {
        "model": "msr50 g2 russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "sle client tools for s390x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2.2"
      },
      {
        "model": "office connect pm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "36100"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "msr30-16",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ya",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "switch series r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5900"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "bladecenter t advanced management module 32r0835",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.26.2.1.2"
      },
      {
        "model": "hi switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "msr30-1x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.0"
      },
      {
        "model": "msr30-1x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.80"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "switch series r2110p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v2"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "12500(comware r7328p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v7)"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.0.1"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "w",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "msr30 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "r15xx r1513p95",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1910"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.1.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.7.0"
      },
      {
        "model": "msr4000 r0106p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "msr50 russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v20"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "msr30-1x r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v20"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "pb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.56.5.1.0"
      },
      {
        "model": "msr50 r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "switch series r6708p10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7500"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.10"
      },
      {
        "model": "g switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4800"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "f1000-e r3181p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "msr9xx r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mcp russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66000"
      },
      {
        "model": "4510g switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "r11xx r1107",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1910"
      },
      {
        "model": "wx5002/5004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "msr30-16 r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "msr30-1x russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "aspera point to point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "msr50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.7"
      },
      {
        "model": "xcode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "switch series r2111p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11900"
      },
      {
        "model": "f1000-a r3734p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "hsr6602 russian version r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "aspera orchestrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.10"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8300"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "hsr6800 russian version r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.0"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51300"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59200"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "y",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "4210g switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.34"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aspera proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "4210g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "m220",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56002"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "f5000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aspera ondemand for amazon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.36.3.1.0"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "msr20-1x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aspera cargo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59000"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.5"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "msr2000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "mcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66000"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125000"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75000"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19200"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "si switch series r1513p95",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5120"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.1"
      },
      {
        "model": "f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "qradar risk manager mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "switch series r1005p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12900"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.0"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "office connect p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "aspera orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "r2507p34",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "f1000-s r3734p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "msr50 g2 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "manager for sle sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "111.7"
      },
      {
        "model": "studio onsite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "msr20-1x russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "secblade ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66020"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66020"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "60000"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "office connect pl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "msr20 russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "secblade fw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "u200a and m f5123p30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "switch series (comware r1208p10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v5)"
      },
      {
        "model": "4510g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vsr1000 r0204p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "switch series r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5920"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "ei switch series r3108p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5130"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "70585"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3568"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zb",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3568"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Akamai Technologies",
    "sources": [
      {
        "db": "BID",
        "id": "70585"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-3568",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-3568",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3568",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3568",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3568"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3568"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c. OpenSSL is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz:  Upgraded. \n  (* Security fix *)\npatches/packages/openssl-1.0.1j-i486-1_slack14.1.txz:  Upgraded. \n  For more information, see:\n    https://www.openssl.org/news/secadv_20141015.txt\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zc-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zc-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zc-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1j-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1j-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1j-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1j-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1j-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1j-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1j-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n44d336a121b39296f0e6bbeeb283dd2b  openssl-0.9.8zc-i486-1_slack13.0.txz\n8342cfb351e59ecf5ea6d8cba66f0040  openssl-solibs-0.9.8zc-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n671f12535bdc10ab24388b713351aca2  openssl-0.9.8zc-x86_64-1_slack13.0.txz\n21e380284cdfab2fd15fffe2e0aed526  openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n64cb819f1e07522bd5d7ceedd0a9ab50  openssl-0.9.8zc-i486-1_slack13.1.txz\n5fe4e385b2251cfd7e8ae5963ec6cef1  openssl-solibs-0.9.8zc-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n94feb6699d6f2cc7750a6b2e17ccaaa2  openssl-0.9.8zc-x86_64-1_slack13.1.txz\n2c17e4286509c29074ab0168367b851e  openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n4483d91c776c7e23c59246c4e0aa24aa  openssl-0.9.8zc-i486-1_slack13.37.txz\nfedd58eb19bc13c9dd88d947827a7370  openssl-solibs-0.9.8zc-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n5d48ac1e9339efc35e304c7d48b2e762  openssl-0.9.8zc-x86_64-1_slack13.37.txz\n6f5e2b576259477c13f12cbed9be8804  openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n2b678160283bc696565dc8bd8b28c0eb  openssl-1.0.1j-i486-1_slack14.0.txz\nf7762615c990713e9e86d4da962f1022  openssl-solibs-1.0.1j-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n41010ca37d49b74e7d7dc3f1c6ddc57e  openssl-1.0.1j-x86_64-1_slack14.0.txz\n40dc6f3de217279d6140c1efcc0d45c8  openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n024ecea55e22e47f9fbb4b81a7b72a51  openssl-1.0.1j-i486-1_slack14.1.txz\n0a575668bb41ec4c2160800611f7f627  openssl-solibs-1.0.1j-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nd07fe289f7998a584c2b0d9810a8b9aa  openssl-1.0.1j-x86_64-1_slack14.1.txz\n1ffc5d0c02b0c60cefa5cf9189bfc71d  openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n53c9f51a79460bbfc5dec5720317cd53  a/openssl-solibs-1.0.1j-i486-1.txz\ncc059aa63494f3b005a886c70bc3f5d6  n/openssl-1.0.1j-i486-1.txz\n\nSlackware x86_64 -current packages:\n500709555e652adcd84b4e02dfab4eeb  a/openssl-solibs-1.0.1j-x86_64-1.txz\nc483ca9c450fa90a901ac013276ccc53  n/openssl-1.0.1j-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1j-i486-1_slack14.1.txz openssl-solibs-1.0.1j-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001\n\nOS X 10.10.2 and Security Update 2015-001 are now available and\naddress the following:\n\nAFP Server\nAvailable for:  OS X Mavericks v10.9.5\nImpact:  A remote attacker may be able to determine all the network\naddresses of the system\nDescription:  The AFP file server supported a command which returned\nall the network addresses of the system. This issue was addressed by\nremoving the addresses from the result. \nCVE-ID\nCVE-2014-4426 : Craig Young of Tripwire VERT\n\nbash\nAvailable for:  OS X Yosemite v10.10 and v10.10.1\nImpact:  Multiple vulnerabilities in bash, including one that may\nallow local attackers to execute arbitrary code\nDescription:  Multiple vulnerabilities existed in bash. These issues\nwere addressed by updating bash to patch level 57. \nCVE-ID\nCVE-2014-6277\nCVE-2014-7186\nCVE-2014-7187\n\nBluetooth\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An integer signedness error existed in\nIOBluetoothFamily which allowed manipulation of kernel memory. This\nissue was addressed through improved bounds checking. This issue does\nnot affect OS X Yosemite systems. \nCVE-ID\nCVE-2014-4497\n\nBluetooth\nAvailable for:  OS X Yosemite v10.10 and v10.10.1\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An error existed in the Bluetooth driver that allowed a\nmalicious application to control the size of a write to kernel\nmemory. The issue was addressed through additional input validation. \nCVE-ID\nCVE-2014-8836 : Ian Beer of Google Project Zero\n\nBluetooth\nAvailable for:  OS X Yosemite v10.10 and v10.10.1\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple security issues existed in the Bluetooth\ndriver, allowing a malicious application to execute arbitrary code\nwith system privilege. The issues were addressed through additional\ninput validation. \nCVE-ID\nCVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nCFNetwork Cache\nAvailable for:  OS X Yosemite v10.10 and v10.10.1\nImpact:  Website cache may not be fully cleared after leaving private\nbrowsing\nDescription:  A privacy issue existed where browsing data could\nremain in the cache after leaving private browsing. This issue was\naddressed through a change in caching behavior. \nCVE-ID\nCVE-2014-4460\n\nCoreGraphics\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An integer overflow existed in the handling of PDF\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the\niSIGHT Partners GVP Program\n\nCPU Software\nAvailable for:  OS X Yosemite v10.10 and v10.10.1,\nfor: MacBook Pro Retina, MacBook Air (Mid 2013 and later),\niMac (Late 2013 and later), Mac Pro (Late 2013)\nImpact:  A malicious Thunderbolt device may be able to affect\nfirmware flashing\nDescription:  Thunderbolt devices could modify the host firmware if\nconnected during an EFI update. This issue was addressed by not\nloading option ROMs during updates. \nCVE-ID\nCVE-2014-4498 : Trammell Hudson of Two Sigma Investments\n\nCommerceKit Framework\nAvailable for:  OS X Yosemite v10.10 and v10.10.1\nImpact:  An attacker with access to a system may be able to recover\nApple ID credentials\nDescription:  An issue existed in the handling of App Store logs. The\nApp Store process could log Apple ID credentials in the log when\nadditional logging was enabled. This issue was addressed by\ndisallowing logging of credentials. \nCVE-ID\nCVE-2014-4499 : Sten Petersen\n\nCoreGraphics\nAvailable for:  OS X Yosemite v10.10 and v10.10.1\nImpact:  Some third-party applications with non-secure text entry and\nmouse events may log those events\nDescription:  Due to the combination of an uninitialized variable and\nan application\u0027s custom allocator, non-secure text entry and mouse\nevents may have been logged. This issue was addressed by ensuring\nthat logging is off by default. This issue did not affect systems\nprior to OS X Yosemite. \nCVE-ID\nCVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard\n\nCoreGraphics\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact:  Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\nPDF files. The issue was addressed through improved bounds checking. \nThis issue does not affect OS X Yosemite systems. \nCVE-ID\nCVE-2014-8816 : Mike Myers, of Digital Operatives LLC\n\nCoreSymbolication\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple type confusion issues existed in\ncoresymbolicationd\u0027s handling of XPC messages. These issues were\naddressed through improved type checking. \nCVE-ID\nCVE-2014-8817 : Ian Beer of Google Project Zero\n\nFontParser\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  Processing a maliciously crafted .dfont file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\n.dfont files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4484 : Gaurav Baruah working with HP\u0027s Zero Day Initiative\n\nFontParser\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in the handling of font\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4483 : Apple\n\nFoundation\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  Viewing a maliciously crafted XML file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in the XML parser. This issue\nwas addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4485 : Apple\n\nIntel Graphics Driver\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  Multiple vulnerabilities in Intel graphics driver\nDescription:  Multiple vulnerabilities existed in the Intel graphics\ndriver, the most serious of which may have led to arbitrary code\nexecution with system privileges. This update addresses the issues\nthrough additional bounds checks. \nCVE-ID\nCVE-2014-8819 : Ian Beer of Google Project Zero\nCVE-2014-8820 : Ian Beer of Google Project Zero\nCVE-2014-8821 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A null pointer dereference existed in\nIOAcceleratorFamily\u0027s handling of certain IOService userclient types. \nThis issue was addressed through improved validation of\nIOAcceleratorFamily contexts. \nCVE-ID\nCVE-2014-4486 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A buffer overflow existed in IOHIDFamily. This issue\nwas addressed with improved bounds checking. \nCVE-ID\nCVE-2014-4487 : TaiG Jailbreak Team\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A validation issue existed in IOHIDFamily\u0027s handling of\nresource queue metadata. This issue was addressed through improved\nvalidation of metadata. \nCVE-ID\nCVE-2014-4488 : Apple\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A null pointer dereference existed in IOHIDFamily\u0027s\nhandling of event queues. This issue was addressed through improved\nvalidation of IOHIDFamily event queue initialization. \nCVE-ID\nCVE-2014-4489 : @beist\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  Executing a malicious application may result in arbitrary\ncode execution within the kernel\nDescription:  A bounds checking issue existed in a user client vended\nby the IOHIDFamily driver which allowed a malicious application to\noverwrite arbitrary portions of the kernel address space. The issue\nis addressed by removing the vulnerable user client method. \nCVE-ID\nCVE-2014-8822 : Vitaliy Toropov working with HP\u0027s Zero Day Initiative\n\nIOKit\nAvailable for:  OS X Yosemite v10.10 and v10.10.1\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An integer overflow existed in the handling of IOKit\nfunctions. This issue was addressed through improved validation of\nIOKit API arguments. \nCVE-ID\nCVE-2014-4389 : Ian Beer of Google Project Zero\n\nIOUSBFamily\nAvailable for:  OS X Yosemite v10.10 and v10.10.1\nImpact:  A privileged application may be able to read arbitrary data\nfrom kernel memory\nDescription:  A memory access issue existed in the handling of IOUSB\ncontroller user client functions. This issue was addressed through\nimproved argument validation. \nCVE-ID\nCVE-2014-8823 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Specifying a custom cache mode allowed writing to\nkernel read-only shared memory segments. This issue was addressed by\nnot granting write permissions as a side-effect of some custom cache\nmodes. \nCVE-ID\nCVE-2014-4495 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A validation issue existed in the handling of certain\nmetadata fields of IODataQueue objects. This issue was addressed\nthrough improved validation of metadata. \nCVE-ID\nCVE-2014-8824 : @PanguTeam\n\nKernel\nAvailable for:  OS X Yosemite v10.10 and v10.10.1\nImpact:  A local attacker can spoof directory service responses to\nthe kernel, elevate privileges, or gain kernel execution\nDescription:  Issues existed in identitysvc validation of the\ndirectory service resolving process, flag handling, and error\nhandling. This issue was addressed through improved validation. \nCVE-ID\nCVE-2014-8825 : Alex Radocea of CrowdStrike\n\nKernel\nAvailable for:  OS X Yosemite v10.10 and v10.10.1\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  Multiple uninitialized memory issues existed in the\nnetwork statistics interface, which led to the disclosure of kernel\nmemory content. This issue was addressed through additional memory\ninitialization. \nCVE-ID\nCVE-2014-4371 : Fermin J. Serna of the Google Security Team\nCVE-2014-4419 : Fermin J. Serna of the Google Security Team\nCVE-2014-4420 : Fermin J. Serna of the Google Security Team\nCVE-2014-4421 : Fermin J. Serna of the Google Security Team\n\nKernel\nAvailable for:  OS X Mavericks v10.9.5\nImpact:  A person with a privileged network position may cause a\ndenial of service\nDescription:  A race condition issue existed in the handling of IPv6\npackets. This issue was addressed through improved lock state\nchecking. \nCVE-ID\nCVE-2011-2391\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  Maliciously crafted or compromised applications may be able\nto determine addresses in the kernel\nDescription:  An information disclosure issue existed in the handling\nof APIs related to kernel extensions. Responses containing an\nOSBundleMachOHeaders key may have included kernel addresses, which\nmay aid in bypassing address space layout randomization protection. \nThis issue was addressed by unsliding the addresses before returning\nthem. \nCVE-ID\nCVE-2014-4491 : @PanguTeam, Stefan Esser\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A validation issue existed in the handling of certain\nmetadata fields of IOSharedDataQueue objects. This issue was\naddressed through relocation of the metadata. \nCVE-ID\nCVE-2014-4461 : @PanguTeam\n\nLaunchServices\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  A malicious JAR file may bypass Gatekeeper checks\nDescription:  An issue existed in the handling of application\nlaunches which allowed certain malicious JAR files to bypass\nGatekeeper checks. This issue was addressed through improved handling\nof file type metadata. \nCVE-ID\nCVE-2014-8826 : Hernan Ochoa of Amplia Security\n\nlibnetcore\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  A malicious, sandboxed app can compromise the networkd\ndaemon\nDescription:  Multiple type confusion issues existed in networkd\u0027s\nhandling of interprocess communication. By sending networkd a\nmaliciously formatted message, it may have been possible to execute\narbitrary code as the networkd process. The issue is addressed\nthrough additional type checking. \nCVE-ID\nCVE-2014-4492 : Ian Beer of Google Project Zero\n\nLoginWindow\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  A Mac may not lock immediately upon wake\nDescription:  An issue existed in the rendering of the lock screen. \nThis issue was address through improved screen rendering while\nlocked. \nCVE-ID\nCVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed\ntesters\n\nlukemftp\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  Using the command line ftp tool to fetch files from a\nmalicious http server may lead to arbitrary code execution\nDescription:  A command injection issue existed in the handling of\nHTTP redirects. This issue was addressed through improved validation\nof special characters. \nCVE-ID\nCVE-2014-8517\n\nOpenSSL\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  Multiple vulnerabilities in OpenSSL 0.9.8za, including one\nthat may allow an attacker to downgrade connections to use weaker\ncipher-suites in applications using the library\nDescription:  Multiple vulnerabilities existed in OpenSSL 0.9.8za. \nThese issues were addressed by updating OpenSSL to version 0.9.8zc. \nCVE-ID\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nSandbox\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact:  A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription:  A design issue existed in the caching of sandbox\nprofiles which allowed sandboxed applications to gain write access to\nthe cache. This issue was addressed by restricting write access to\npaths containing a \"com.apple.sandbox\" segment. This issue does\nnot affect OS X Yosemite v10.10 or later. \nCVE-ID\nCVE-2014-8828 : Apple\n\nSceneKit\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact:  A malicious application could execute arbitrary code leading\nto compromise of user information\nDescription:  Multiple out of bounds write issues existed in\nSceneKit. These issues were addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-8829 : Jose Duart of the Google Security Team\n\nSceneKit\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  Viewing a maliciously crafted Collada file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A heap buffer overflow existed in SceneKit\u0027s handling\nof Collada files. Viewing a maliciously crafted Collada file may have\nled to an unexpected application termination or arbitrary code\nexecution. This issue was addressed through improved validation of\naccessor elements. \nCVE-ID\nCVE-2014-8830 : Jose Duart of Google Security Team\n\nSecurity\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  A downloaded application signed with a revoked Developer ID\ncertificate may pass Gatekeeper checks\nDescription:  An issue existed with how cached application\ncertificate information was evaluated. This issue was addressed with\ncache logic improvements. \nCVE-ID\nCVE-2014-8838 : Apple\n\nsecurity_taskgate\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  An app may access keychain items belonging to other apps\nDescription:  An access control issue existed in the Keychain. \nApplications signed with self-signed or Developer ID certificates\ncould access keychain items whose access control lists were based on\nkeychain groups. This issue was addressed by validating the signing\nidentity when granting access to keychain groups. \nCVE-ID\nCVE-2014-8831 : Apple\n\nSpotlight\nAvailable for:  OS X Yosemite v10.10 and v10.10.1\nImpact:  The sender of an email could determine the IP address of the\nrecipient\nDescription:  Spotlight did not check the status of Mail\u0027s \"Load\nremote content in messages\" setting. This issue was addressed by\nimproving configuration checking. \nCVE-ID\nCVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of\nLastFriday.no\n\nSpotlight\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  Spotlight may save unexpected information to an external\nhard drive\nDescription:  An issue existed in Spotlight where memory contents may\nhave been written to external hard drives when indexing. This issue\nwas addressed with better memory management. \nCVE-ID\nCVE-2014-8832 : F-Secure\n\nSpotlightIndex\nAvailable for:  OS X Yosemite v10.10 and v10.10.1\nImpact:  Spotlight may display results for files not belonging to the\nuser\nDescription:  A deserialization issue existed in Spotlight\u0027s handling\nof permission caches. A user performing a Spotlight query may have\nbeen shown search results referencing files for which they don\u0027t have\nsufficient privileges to read. This issue was addressed with improved\nbounds checking. \nCVE-ID\nCVE-2014-8833 : David J Peacock, Independent Technology Consultant\n\nsysmond\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact:  A malicious application may be able to execute arbitrary\ncode with root privileges\nDescription:  A type confusion vulnerability existed in sysmond that\nallowed a local application to escalate privileges. The issue was\naddressed with improved type checking. \nCVE-ID\nCVE-2014-8835 : Ian Beer of Google Project Zero\n\nUserAccountUpdater\nAvailable for:  OS X Yosemite v10.10 and v10.10.1\nImpact:  Printing-related preference files may contain sensitive\ninformation about PDF documents\nDescription:  OS X Yosemite v10.10 addressed an issue in the handling\nof password-protected PDF files created from the Print dialog where\npasswords may have been included in printing preference files. This\nupdate removes such extraneous information that may have been present\nin printing preference files. \nCVE-ID\nCVE-2014-8834 : Apple\n\nNote: OS X Yosemite 10.10.2 includes the security content of Safari\n8.0.3. For further details see https://support.apple.com/kb/HT204243\n\n\nOS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\n\niQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F\nN9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET\nD1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG\nLqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX\nFcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6\n8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/\nqmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW\ngzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V\n0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA\n0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns\nsAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq\nnggZl3Sa+QhfaHSUqSJI\n=uAqk\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201412-39\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 26, 2014\n     Bugs: #494816, #519264, #525468\n       ID: 201412-39\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\ncould result in Denial of Service or Man-in-the-Middle attacks. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.1j              *\u003e= 0.9.8z_p2\n                                                            \u003e= 1.0.1j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1j\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p2\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying these packages. \n\nReferences\n==========\n\n[  1 ] CVE-2013-6449\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449\n[  2 ] CVE-2013-6450\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450\n[  3 ] CVE-2014-3505\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505\n[  4 ] CVE-2014-3506\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506\n[  5 ] CVE-2014-3507\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507\n[  6 ] CVE-2014-3509\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509\n[  7 ] CVE-2014-3510\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510\n[  8 ] CVE-2014-3511\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511\n[  9 ] CVE-2014-3512\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512\n[ 10 ] CVE-2014-3513\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513\n[ 11 ] CVE-2014-3567\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567\n[ 12 ] CVE-2014-3568\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568\n[ 13 ] CVE-2014-5139\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-39.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nRelease Date: 2015-03-16\nLast Updated: 2015-05-20\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Insight\nControl running OpenSSL. These vulnerabilities include the SSLv3\nvulnerability known as \"Padding Oracle on Downgraded Legacy Encryption\" or\n\"POODLE\", which could be exploited remotely to allow disclosure of\ninformation. \n\nReferences:\n\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\nCVE-2014-5139\nSSRT101920\nSSRT101921\nSSRT101922\nSSRT101894\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control impacted software components and versions\n\nHP Insight Control 7.2, 7.3 and 7.4\n\n HP Insight Control server migration v7.2.0, v7.2.1, v7.2.2, v7.3.0, v7.3.1,\nv7.3.2 v7.3.3 and v 7.4.0\n\nHP Systems Insight Manager (SIM) v7.2.0, v7.2.1, v7.2.2, v7.3.0, v7.3.1,\nv7.4.0, and 7.4.0a for Linux and Windows bundled with the following software:\n\nHP System Management Homepage (SMH) v7.2, v7.2.1, v7.2.2, v7.3.0, v7.3.1,\nv7.3.2, v7.3.3, v7.4.0, and 7.4.0a for Linux and Windows\nHP Version Control Agent (VCA) v7.2.0, v7.2.2, v7.3.0, v7.3.1, v7.3.2 and\nv7.3.3 for Windows\nHP Version Control Agent (VCA) v7.2.0, v7.2.2(A), v7.3.0, v7.3.2 and v7.3.3\nfor Linux\nHP Version Control Repository Manager (VCRM) v7.2.0, v7.2.2, v7.3.0, v7.3.1,\nv7.3.2, v7.3.3, v7.3.4, v7.4.0, and 7.4.0a for Windows\nHP Version Control Repository Manager (VCRM) v7.2.0, v7.3.4, v7.4.0 and\nv7.4.0a for Linux\n\nHP System Management Homepage (SMH) v7.2, v7.2.1, v7.2.2, v7.3.0, v7.3.1,\nv7.3.2, v7.3.3, v7.4.0, and 7.4.0a for Linux and Windows\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3508    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-3509    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-3511    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2014-3513    (AV:N/AC:M/Au:N/C:N/I:N/A:C)       7.1\nCVE-2014-3566    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-3567    (AV:N/AC:M/Au:N/C:N/I:N/A:C)       7.1\nCVE-2014-3568    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2014-5139    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has released the following software updates to resolve these\nvulnerabilities in HP Insight Control 7.2. The HP Insight Control 7.2.1\nUpdate kit applicable to HP Insight Control 7.2.x installations is available\nat the following location:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=HPICE\n\nNOTE: Please read the readme.txt file before proceeding with the\ninstallation. \n\nHP has addressed these vulnerabilities for the impacted software components\nbundled with HP Insight Control in the following HP Security Bulletins:\n\nHP Insight Control software components\n HP Security Bulletin\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03261\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c04571454\n\nHP System Management Homepage (SMH)\n HPSBMU03260\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c04571379\n\nHP Version Control Agent (VCA)\n HPSBMU03262\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c04571956\n\nVersion Control Repository Manager (VCRM)\n HPSBMU03259\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c04570627\n\nHISTORY\nVersion:1 (rev.1) - 16 March 2015 Initial release\nVersion:2 (rev.2) - 14 April 2015 Incorrect version in Resolution\nVersion:3 (rev.3) - 20 May 2015 Updated impacted versions\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID: VMSA-2015-0001\nSynopsis:    VMware vCenter Server, ESXi, Workstation, Player, and Fusion\n             updates address security issues\nIssue date:  2015-01-27\nUpdated on:  2015-01-27 (Initial Advisory)\nCVE number:  CVE-2014-8370, CVE-2015-1043, CVE-2015-1044\n\n             --- OPENSSL---\n             CVE-2014-3513, CVE-2014-3567,CVE-2014-3566, CVE-2014-3568\n\n             --- libxml2 ---\n             CVE-2014-3660\n- ------------------------------------------------------------------------\n\n1. Summary\n\n   VMware vCenter Server, ESXi, Workstation, Player and Fusion address\n   several security issues. \n \n2. Relevant Releases\n\n   VMware Workstation 10.x prior to version 10.0.5\n  \n   VMware Player 6.x prior to version 6.0.5\n\n   VMware Fusion 7.x prior to version 7.0.1\n   VMware Fusion 6.x prior to version 6.0.5\n\n   vCenter Server 5.5 prior to Update 2d\n\n   ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG\n   ESXi 5.1 without patch ESXi510-201404101-SG\n   ESXi 5.0 without patch ESXi500-201405101-SG\n\n3. Problem Description \n\n   a. VMware ESXi, Workstation, Player, and Fusion host privilege\n      escalation vulnerability\n\n      VMware ESXi, Workstation, Player and Fusion contain an arbitrary \n      file write issue. Exploitation this issue may allow for privilege\n      escalation on the host. \n\n      The vulnerability does not allow for privilege escalation from \n      the guest Operating System to the host or vice-versa. This means\n      that host memory can not be manipulated from the Guest Operating\n      System. \n\n      Mitigation\n      \n      For ESXi to be affected, permissions must have been added to ESXi\n      (or a vCenter Server managing it) for a virtual machine \n      administrator role or greater. \n\n      VMware would like to thank Shanon Olsson for reporting this issue to\n      us through JPCERT. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifier CVE-2014-8370 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      Workstation    11.x       any       not affected\n      Workstation    10.x       any       10.0.5\n\n      Player         7.x        any       not affected\n      Player         6.x        any       6.0.5\n\n      Fusion         7.x        any       not affected\n      Fusion         6.x        any       6.0.5\n\n      ESXi           5.5        ESXi      ESXi550-201403102-SG\n      ESXi           5.1        ESXi      ESXi510-201404101-SG \n      ESXi           5.0        ESXi      ESXi500-201405101-SG\n\n   b. VMware Workstation, Player, and Fusion Denial of Service \n      vulnerability\n\n      VMware Workstation, Player, and Fusion contain an input validation \n      issue in the Host Guest File System (HGFS). This issue may allow\n      for a Denial of Service of the Guest Operating system. \n\n      VMware would like to thank Peter Kamensky from Digital Security for \n      reporting this issue to us. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifier CVE-2015-1043 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      Workstation    11.x       any       not affected\n      Workstation    10.x       any       10.0.5\n\n      Player         7.x        any       not affected\n      Player         6.x        any       6.0.5\n\n      Fusion         7.x        any       7.0.1\n      Fusion         6.x        any       6.0.5\n\n   c. VMware ESXi, Workstation, and Player Denial of Service \n      vulnerability\n\n      VMware ESXi, Workstation, and Player contain an input\n      validation issue in VMware Authorization process (vmware-authd). \n      This issue may allow for a Denial of Service of the host. On \n      VMware ESXi and on Workstation running on Linux the Denial of\n      Service would be partial. \n\n      VMware would like to thank Dmitry Yudin @ret5et for reporting\n      this issue to us through HP\u0027s Zero Day Initiative. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifier CVE-2015-1044 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      Workstation    11.x       any       not affected\n      Workstation    10.x       any       10.0.5\n\n      Player         7.x        any       not affected\n      Player         6.x        any       6.0.5\n\n      Fusion         7.x        any       not affected\n      Fusion         6.x        any       not affected\n\n      ESXi           5.5        ESXi      ESXi550-201501101-SG\n      ESXi           5.1        ESXi      ESXi510-201410101-SG\n      ESXi           5.0        ESXi      not affected\n\n   d. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the names CVE-2014-3513, CVE-2014-3567, \n      CVE-2014-3566 (\"POODLE\") and CVE-2014-3568 to these issues. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is\n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      vCenter Server 5.5        any       Update 2d*\n      vCenter Server 5.1        any       patch pending\n      vCenter Server 5.0        any       patch pending\n\n      ESXi           5.5        ESXi      ESXi550-201501101-SG       \n      ESXi           5.1        ESXi      patch pending\n      ESXi           5.0        ESXi      patch pending\n\n      * The VMware vCenter 5.5 SSO component will be \n        updated in a later release\n  \n   e. Update to ESXi libxml2 package\n\n      The libxml2 library is updated to version libxml2-2.7.6-17\n      to resolve a security issue. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the name CVE-2014-3660 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is\n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      ESXi           5.5        ESXi      ESXi550-201501101-SG     \n      ESXi           5.1        ESXi      patch pending\n      ESXi           5.0        ESXi      patch pending\n     \n4. Solution\n\n   Please review the patch/release notes for your product and \n   version and verify the checksum of your downloaded file. \n\n   VMware Workstation 10.x\n   -------------------------------- \n   https://www.vmware.com/go/downloadworkstation \n\n   VMware Player 6.x\n   --------------------------------     \n   https://www.vmware.com/go/downloadplayer \n\n   VMware Fusion 7.x and 6.x\n   --------------------------------     \n   https://www.vmware.com/go/downloadplayer \n\n   vCenter Server\n   ----------------------------\n   Downloads and Documentation: \n   https://www.vmware.com/go/download-vsphere \n\n   ESXi 5.5 Update 2d\n   ----------------------------\n   File: update-from-esxi5.5-5.5_update01.zip\n   md5sum: 5773844efc7d8e43135de46801d6ea25\n   sha1sum: 6518355d260e81b562c66c5016781db9f077161f\n   http://kb.vmware.com/kb/2065832\n   update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG\n\n   ESXi 5.5\n   ----------------------------\n   File: ESXi550-201501001.zip\n   md5sum: b0f2edd9ad17d0bae5a11782aaef9304\n   sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1\n   http://kb.vmware.com/kb/2099265\n   ESXi550-201501001.zip contains ESXi550-201501101-SG\n\n   ESXi 5.1\n   ----------------------------\n   File: ESXi510-201404001.zip\n   md5sum: 9dc3c9538de4451244a2b62d247e52c4\n   sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66\n   http://kb.vmware.com/kb/2070666\n   ESXi510-201404001 contains ESXi510-201404101-SG\n\n   ESXi 5.0\n   ----------------------------\n   File: ESXi500-201405001.zip\n   md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d\n   sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5\n   http://kb.vmware.com/kb/2075521\n   ESXi500-201405001 contains  ESXi500-201405101-SG\n   \n5. References\n\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 \n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 \n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n   2015-01-27 VMSA-2015-0001\n   Initial security advisory in conjunction with the release of VMware\n   Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d\n   and, ESXi 5.5 Patches released on 2015-01-27. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\n   E-mail list for product security notifications and announcements:\n   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n   This Security Advisory is posted to the following lists:\n\n    security-announce at lists.vmware.com\n    bugtraq at securityfocus.com\n    fulldisclosure at seclists.org\n\n   E-mail: security at vmware.com\n   PGP key at: http://kb.vmware.com/kb/1055\n\n   VMware Security Advisories\n   http://www.vmware.com/security/advisories\n\n   Consolidated list of VMware Security Advisories\n   http://kb.vmware.com/kb/2078735\n\n   VMware Security Response Policy\n   https://www.vmware.com/support/policies/security_response.html\n\n   VMware Lifecycle Support Phases\n   https://www.vmware.com/support/policies/lifecycle.html\n \n   Twitter\n   https://twitter.com/VMwareSRC\n\n   Copyright 2015 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: Encryption Desktop 10.3.0 (Build 8741)\nCharset: utf-8\n\nwj8DBQFUx/+UDEcm8Vbi9kMRAmzrAKDG7u8ZTSlfQzU3eFphjebNgDkW2ACfZ9JE\nc75UD0ctlJx5607JuLfnb6Y=\n=IxpT\n-----END PGP SIGNATURE-----\n. \nCVE-ID\nCVE-2015-0248\nCVE-2015-0251\n\n\nXcode 7.0 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"7.0\". \nCorrected:      2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE)\n                2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3)\n                2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1)\n                2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1)\n                2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1)\n                2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)\n                2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE)\n                2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)\n                2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)\n                2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)\n                2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE)\n                2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17)\nCVE Name:       CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII.  Problem Description\n\nA flaw in the DTLS SRTP extension parsing code allows an attacker, who\nsends a carefully crafted handshake message, to cause OpenSSL to fail\nto free up to 64k of memory causing a memory leak.  [CVE-2014-3513]. \n\nWhen an OpenSSL SSL/TLS/DTLS server receives a session ticket the\nintegrity of that ticket is first verified. In the event of a session\nticket integrity check failing, OpenSSL will fail to free memory\ncausing a memory leak.  [CVE-2014-3567]. \n\nThe SSL protocol 3.0, as supported in OpenSSL and other products, supports\nCBC mode encryption where it could not adequately check the integrity of\npadding, because of the use of non-deterministic CBC padding.  This\nprotocol weakness makes it possible for an attacker to obtain clear text\ndata through a padding-oracle attack. \n\nSome client applications (such as browsers) will reconnect using a\ndowngraded protocol to work around interoperability bugs in older\nservers. This could be exploited by an active man-in-the-middle to\ndowngrade connections to SSL 3.0 even if both sides of the connection\nsupport higher protocols. SSL 3.0 contains a number of weaknesses\nincluding POODLE [CVE-2014-3566]. \n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol downgrade. [CVE-2014-3568]. \n\nIII. Impact\n\nA remote attacker can cause Denial of Service with OpenSSL 1.0.1\nserver implementations for both SSL/TLS and DTLS regardless of\nwhether SRTP is used or configured. [CVE-2014-3513]\n\nBy sending a large number of invalid session tickets an attacker\ncould exploit this issue in a Denial Of Service attack. \n[CVE-2014-3567]. \n\nAn active man-in-the-middle attacker can force a protocol downgrade\nto SSLv3 and exploit the weakness of SSLv3 to obtain clear text data\nfrom the connection. [CVE-2014-3566] [CVE-2014-3568]\n\nIV.  Workaround\n\nNo workaround is available.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 9.3]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 8.4, 9.1 and 9.2]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc\n# gpg --verify openssl-8.4.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r273151\nreleng/8.4/                                                       r273416\nstable/9/                                                         r273151\nreleng/9.1/                                                       r273415\nreleng/9.2/                                                       r273415\nreleng/9.3/                                                       r273415\nstable/10/                                                        r273149\nreleng/10.0/                                                      r273415\nreleng/10.1/                                                      r273399\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3568"
      },
      {
        "db": "BID",
        "id": "70585"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3568"
      },
      {
        "db": "PACKETSTORM",
        "id": "128704"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "130132"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "db": "PACKETSTORM",
        "id": "128808"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3568",
        "trust": 2.3
      },
      {
        "db": "BID",
        "id": "70585",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1031053",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "62124",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61207",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61819",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61058",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61959",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59627",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61130",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "62070",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "62030",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61073",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10091",
        "trust": 1.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3568",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128704",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132467",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130132",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129721",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132085",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130144",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132081",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133617",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128808",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3568"
      },
      {
        "db": "BID",
        "id": "70585"
      },
      {
        "db": "PACKETSTORM",
        "id": "128704"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "130132"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "db": "PACKETSTORM",
        "id": "128808"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3568"
      }
    ]
  },
  "id": "VAR-201410-1151",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.395238084
  },
  "last_update_date": "2024-06-17T11:32:57.198000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Red Hat: CVE-2014-3568",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3568"
      },
      {
        "title": "Apple: Xcode 7.0",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=768a45894d5a25fbf47fbec8f017a52b"
      },
      {
        "title": "Debian Security Advisories: DSA-3053-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=89bdef3607a7448566a930eca0e94cb3"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-427",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-427"
      },
      {
        "title": "Symantec Security Advisories: SA87 : OpenSSL Security Advisory 15-Oct-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=374cff59719675d8235f907c21b99bfc"
      },
      {
        "title": "VMware Security Advisories: VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=6e6083adbf6a5be47af800d437e987a5"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.2 and Security Update 2015-001",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=64cbe709a7be49c91d8a8b0f43621640"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2014/10/15/openssl_ddos_vulns/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3568"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3568"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "https://www.openssl.org/news/secadv_20141015.txt"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.2,
        "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59627"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61058"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61073"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61130"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61207"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61819"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61959"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62030"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62070"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62124"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/ht204244"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2014/dsa-3053"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/70585"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031053"
      },
      {
        "trust": 1.1,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97037"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10091"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht205217"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=26a59d9b46574e457870197dffa802871b4c8fc7"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691210"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/feb/151"
      },
      {
        "trust": 0.3,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:23.openssl.asc"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04492722"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04616259"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04533567 "
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04533567 "
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686792"
      },
      {
        "trust": 0.3,
        "url": "https://support.asperasoft.com/entries/103000206-security-advisory-cve-2014-3513-cve-2014-3566-poodle-cve-2014-3567-cve-2014-3568"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097074"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21884030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959134"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21688284"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697995"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697165"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21689482"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097375"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098265"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021548"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097587"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701452"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098105"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693662"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689347"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097867"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098586"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097807"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689743"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020593"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689332"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691140"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688762"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/fulldisclosure/2015/jan/108"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101009000"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699200"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700489"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687863"
      },
      {
        "trust": 0.3,
        "url": "www-01.ibm.com/support/docview.wss?uid=ssg1s1005003"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.3,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3568"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.2,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/310.html"
      },
      {
        "trust": 0.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/apple-osx-openssl-cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/hpux-cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37192"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04486577-1"
      },
      {
        "trust": 0.1,
        "url": "https://technet.microsoft.com/library/security/3009008"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4426"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4485"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4484"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4421"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4491"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204243"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2391"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4487"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4481"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4419"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4420"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4488"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4489"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1595"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4498"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4497"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4460"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4389"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4461"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4486"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4495"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6277"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4371"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6450"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6449"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6450"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5139"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3507"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6449"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/vmwaresrc"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1044"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1044"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2078735"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2070666"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1043"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8370"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2075521"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2065832"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/downloadplayer"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3660"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1043"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/lifecycle.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/downloadworkstation"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3660"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2099265"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8370"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/download-vsphere"
      },
      {
        "trust": 0.1,
        "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5910"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://developer.apple.com/xcode/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6394"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5909"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-8.4.patch"
      },
      {
        "trust": 0.1,
        "url": "http://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-9.3.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-10.0.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-14:23.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-9.3.patch"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-10.0.patch"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3568\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-8.4.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567\u003e"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3568"
      },
      {
        "db": "BID",
        "id": "70585"
      },
      {
        "db": "PACKETSTORM",
        "id": "128704"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "130132"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "db": "PACKETSTORM",
        "id": "128808"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3568"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3568"
      },
      {
        "db": "BID",
        "id": "70585"
      },
      {
        "db": "PACKETSTORM",
        "id": "128704"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "130132"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "db": "PACKETSTORM",
        "id": "128808"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3568"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-10-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3568"
      },
      {
        "date": "2014-10-15T00:00:00",
        "db": "BID",
        "id": "70585"
      },
      {
        "date": "2014-10-17T00:03:05",
        "db": "PACKETSTORM",
        "id": "128704"
      },
      {
        "date": "2015-06-29T15:35:42",
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "date": "2015-01-28T00:36:53",
        "db": "PACKETSTORM",
        "id": "130132"
      },
      {
        "date": "2014-12-26T15:46:37",
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "date": "2015-05-29T23:37:43",
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "date": "2015-01-28T18:22:00",
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "date": "2015-05-29T23:37:11",
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "date": "2015-09-19T15:31:48",
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "date": "2014-10-22T19:54:29",
        "db": "PACKETSTORM",
        "id": "128808"
      },
      {
        "date": "2014-10-19T01:55:13.980000",
        "db": "NVD",
        "id": "CVE-2014-3568"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3568"
      },
      {
        "date": "2016-09-09T15:00:00",
        "db": "BID",
        "id": "70585"
      },
      {
        "date": "2023-11-07T02:20:13.390000",
        "db": "NVD",
        "id": "CVE-2014-3568"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "70585"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL \u0027no-ssl3\u0027 Build Option Security Bypass Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "70585"
      }
    ],
    "trust": 0.3
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "70585"
      }
    ],
    "trust": 0.3
  }
}

var-201606-0478
Vulnerability from variot

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. Supplementary information : CWE Vulnerability type by CWE-190: Integer Overflow or Wraparound ( Integer overflow or wraparound ) Has been identified. OpenSSL is prone to an integer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. OpenSSL 1.0.2h and prior versions are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 7 Advisory ID: RHSA-2017:0194-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2017:0194 Issue date: 2017-01-25 CVE Names: CVE-2016-2108 CVE-2016-2177 CVE-2016-2178 CVE-2016-4459 CVE-2016-6808 CVE-2016-8612 =====================================================================

  1. Summary:

An update is now available for JBoss Core Services on RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64

  1. Description:

This release adds the new Apache HTTP Server 2.4.23 packages that are part of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. (CVE-2016-2108)

  • It was found that the length checks prior to writing to the target buffer for creating a virtual host mapping rule did not take account of the length of the virtual host name, creating the potential for a buffer overflow. (CVE-2016-2178)

  • Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)

  • It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. (CVE-2016-4459)

  • An error was found in protocol parsing logic of mod_cluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process. (CVE-2016-8612)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108. The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.

  1. Package List:

Red Hat JBoss Core Services on RHEL 7 Server:

Source: jbcs-httpd24-httpd-2.4.23-102.jbcs.el7.src.rpm jbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.src.rpm jbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_jk-1.2.41-14.redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.src.rpm jbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.src.rpm

noarch: jbcs-httpd24-httpd-manual-2.4.23-102.jbcs.el7.noarch.rpm

ppc64: jbcs-httpd24-httpd-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-debuginfo-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-devel-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-selinux-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-src-zip-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-tools-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-zip-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_auth_kerb-debuginfo-5.4-35.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_bmx-debuginfo-0.9.6-14.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_bmx-src-zip-0.9.6-14.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.5-13.Final_redhat_1.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_jk-ap24-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_jk-manual-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_ldap-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_proxy_html-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_rt-debuginfo-2.4.1-16.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_rt-src-zip-2.4.1-16.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.1-18.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_security-src-zip-2.9.1-18.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_session-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_ssl-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.ppc64.rpm jbcs-httpd24-nghttp2-debuginfo-1.12.0-9.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-12.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-devel-1.0.2h-12.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-libs-1.0.2h-12.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-perl-1.0.2h-12.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-static-1.0.2h-12.jbcs.el7.ppc64.rpm

x86_64: jbcs-httpd24-httpd-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-src-zip-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-zip-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_auth_kerb-debuginfo-5.4-35.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_bmx-debuginfo-0.9.6-14.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_bmx-src-zip-0.9.6-14.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.5-13.Final_redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_rt-debuginfo-2.4.1-16.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_rt-src-zip-2.4.1-16.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.1-18.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-src-zip-2.9.1-18.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.12.0-9.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-12.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-12.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-12.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-12.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-12.jbcs.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-4459 https://access.redhat.com/security/cve/CVE-2016-6808 https://access.redhat.com/security/cve/CVE-2016-8612 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFYiQWBXlSAg2UNWIIRArWdAJwO4BE3aBxonVdBzdTUsNa+5ZKLmwCfSRUf 2AmaztKx6GqFZTJkumoOcS8= =0wxz -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. For further information, see the knowledge base article linked to in the References section. The JBoss server process must be restarted for the update to take effect. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016

openssl regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

USN-3087-1 introduced a regression in OpenSSL.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.

We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2179) Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio() function. (CVE-2016-2180) It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. This update moves DES from the HIGH cipher list to MEDIUM. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6302) Shi Lei discovered that OpenSSL incorrectly handled memory in the MDC2_Update() function. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38

After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03763en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03763en_us Version: 1

HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-08-01 Last Updated: 2017-08-01

Potential Security Impact: Remote: Denial of Service (DoS)

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified in Comware 7, IMC, VCX products using OpenSSL.

  • Comware v7 (CW7) Products See resolution section for impacted versions
  • HP Intelligent Management Center (iMC) See resolution section for impacted versions
  • VCX Products 9.8.19

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2016-2177
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has provided the following software updates to resolve the vulnerability in Comware 7, IMC PLAT, and VCX.

Note: The following products are impacted by this issue

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7377P02

    • HPE Branded Products Impacted
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU

  • 10500 (Comware 7) - Version: R7184

    • HPE Branded Products Impacted
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit

  • 5900/5920 (Comware 7) - Version: R2432

    • HPE Branded Products Impacted
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant

  • MSR1000 (Comware 7) - Version: R0306P80

    • HPE Branded Products Impacted
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router

  • MSR2000 (Comware 7) - Version: R0306P80

    • HPE Branded Products Impacted
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router

  • MSR3000 (Comware 7) - Version: R0306P80

    • HPE Branded Products Impacted
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router

  • MSR4000 (Comware 7) - Version: R0306P80

    • HPE Branded Products Impacted
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit

  • VSR (Comware 7) - Version: E0324

    • HPE Branded Products Impacted
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router

  • 7900 (Comware 7) - Version: R2152

    • HPE Branded Products Impacted
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit

  • 5130EI (Comware 7) - Version: R3115P05

    • HPE Branded Products Impacted
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch

  • 6125XLG - Version: R2432

    • HPE Branded Products Impacted
    • 711307-B21 HP 6125XLG Blade Switch
    • 737230-B21 HP 6125XLG Blade Switch with TAA

  • 6127XLG - Version: R2432

    • HPE Branded Products Impacted
    • 787635-B21 HP 6127XLG Blade Switch Opt Kit
    • 787635-B22 HP 6127XLG Blade Switch with TAA

  • Moonshot - Version: R2432

    • HPE Branded Products Impacted
    • 786617-B21 - HP Moonshot-45Gc Switch Module
    • 704654-B21 - HP Moonshot-45XGc Switch Module
    • 786619-B21 - HP Moonshot-180XGc Switch Module

  • 5700 (Comware 7) - Version: R2432

    • HPE Branded Products Impacted
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch

  • 5930 (Comware 7) - Version: R2432

    • HPE Branded Products Impacted
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch

  • 1950 (Comware 7) - Version: R3115P06

    • HPE Branded Products Impacted
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch

  • 7500 (Comware 7) - Version: R7184

    • HPE Branded Products Impacted
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit

  • 5510HI (Comware 7) - Version: R1121P01

    • HPE Branded Products Impacted
    • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
    • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
    • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
    • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
    • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch

  • 5130HI (Comware 7) - Version: R1121P02

    • HPE Branded Products Impacted
    • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
    • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
    • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
    • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch

  • 5940 (Comware 7) - Version: R2509P02

    • HPE Branded Products Impacted
    • JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
    • JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
    • JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
    • JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
    • JH396A HPE FlexFabric 5940 32QSFP+ Switch
    • JH397A HPE FlexFabric 5940 2-slot Switch
    • JH398A HPE FlexFabric 5940 4-slot Switch

  • 5950 (Comware 7) - Version: R6123

    • HPE Branded Products Impacted
    • JH321A HPE FlexFabric 5950 32QSFP28 Switch
    • JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch
    • JH404A HPE FlexFabric 5950 4-slot Switch

  • 12900E (Comware 7) - Version: R2609

    • HPE Branded Products Impacted
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis

  • iNode PC 7.2 (E0410) - Version: 7.2 E0410

    • HPE Branded Products Impacted
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU

  • iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409

    • HPE Branded Products Impacted
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU

  • VCX - Version: 9.8.19

    • HPE Branded Products Impacted
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 1 August 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. (CVE-2016-6808)

  • A memory leak flaw was fixed in expat. Solution:

The References section of this erratum contains a download link (you must log in to download the update). JIRA issues fixed (https://issues.jboss.org/):

JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

  1. (CVE-2016-2177)

It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. OpenSSL Security Advisory [22 Sep 2016] ========================================

OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

Severity: High

A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.

Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.

OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

SSL_peek() hang on empty record (CVE-2016-6305)

Severity: Moderate

OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.

SWEET32 Mitigation (CVE-2016-2183)

Severity: Low

SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.

OOB write in MDC2_Update() (CVE-2016-6303)

Severity: Low

An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.

The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Malformed SHA512 ticket DoS (CVE-2016-6302)

Severity: Low

If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.

The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB write in BN_bn2dec() (CVE-2016-2182)

Severity: Low

The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB read in TS_OBJ_print_bio() (CVE-2016-2180)

Severity: Low

The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Pointer arithmetic undefined behaviour (CVE-2016-2177)

Severity: Low

Avoid some undefined pointer arithmetic

A common idiom in the codebase is to check limits in the following manner: "p + len > limit"

Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS message).

The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.

For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

Constant time flag not preserved in DSA signing (CVE-2016-2178)

Severity: Low

Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.

DTLS buffered message DoS (CVE-2016-2179)

Severity: Low

In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.

DTLS replay protection DoS (CVE-2016-2181)

Severity: Low

A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.

Certificate message OOB reads (CVE-2016-6306)

Severity: Low

In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.

The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.

OpenSSL 1.1.0 is not affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)

Severity: Low

A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect DTLS users.

OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)

Severity: Low

This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.

A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect TLS users.

OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0478",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1r"
      },
      {
        "model": "icewall sso",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1t"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "icewall mcrp",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "certd"
      },
      {
        "model": "icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw"
      },
      {
        "model": "icewall sso agent option",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "(linux edition )"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "sg3600 all series"
      },
      {
        "model": "ix1000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard v8.2 to  v9.4"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v8.5"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "cosminexus application server standard",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "cosminexus application server version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer light version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer professional version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer standard version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base version 6"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- security enhancement"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "-r"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "express"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "standard-r"
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "01"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional for plug-in"
      },
      {
        "model": "ucosminexus developer light",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- messaging"
      },
      {
        "model": "stealthwatch udp director",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud web security",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "webex centers t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13150-13"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center enterprise live data server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "nexus series blade switches 4.1 e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "stealthwatch management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment 5.1.fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.2"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.5"
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router 1.2.1rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "nexus intercloud for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.14"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "nexus series switches standalone nx-os mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3.1"
      },
      {
        "model": "nexus series switches standalone nx-os mode 7.0 i5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.1.2"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "api connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.0"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.26"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.11"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.1.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.9"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.8"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "telepresence sx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "16.10"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0.1"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8200"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.9"
      },
      {
        "model": "unified communications manager im \u0026 presence service (formerly c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.5"
      },
      {
        "model": "bigfix platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.1.3"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0.7"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.11"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "partner support service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus intercloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.9"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.1.3"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "email gateway 7.6.2h968406",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.8"
      },
      {
        "model": "webex meetings client on-premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified wireless ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6(1)"
      },
      {
        "model": "services provisioning platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "nac appliance clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.405"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "services provisioning platform sfp1.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "small business spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "configuration professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.8"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.5"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "jabber for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.4"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.9"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3.8"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "stealthwatch identity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.2"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2(1)"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.1"
      },
      {
        "model": "unified workforce optimization quality management solution 11.5 su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "universal small cell iuh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.2"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "jabber client framework components",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings client on-premises t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dcm series d9900 digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.19"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.3.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "bigfix platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.4"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "bigfix remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "prime network services controller 1.01u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9.15.9.8"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.10"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103204.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.10"
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.1"
      },
      {
        "model": "telepresence system ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.1.0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.5(3)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series blade switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-376.1"
      },
      {
        "model": "jabber for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence profile series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1.0.0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.10"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.28"
      },
      {
        "model": "edge digital media player 1.6rb5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.12"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "telepresence isdn gateway mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "wireless lan controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.3"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.33"
      },
      {
        "model": "telepresence mx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.23"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0.1"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.401"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.8"
      },
      {
        "model": "bigfix remote control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.7"
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "tandberg codian isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway 7.6.405h1165239",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.9"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9.0"
      },
      {
        "model": "digital media manager 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "storediq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "integrated management module for bladecenter yuoo",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.2"
      },
      {
        "model": "ironport email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-37"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.7"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "broadband access center telco and wireless",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.3"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.19"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "webex meetings server multimedia platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified ip conference phone 10.3.1sr4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.5"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "series stackable managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.0.2"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.3.2"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.11"
      },
      {
        "model": "prime optical",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.0.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "series stackable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "16.04"
      },
      {
        "model": "ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "aironet series access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27000"
      },
      {
        "model": "onepk all-in-one virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13006.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11006.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "telepresence sx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nac appliance clean access server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.0.1"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime optical for service providers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart care",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.11"
      },
      {
        "model": "edge digital media player 1.2rb1.0.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "340"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "network performance analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.19"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.1"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82.8"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.7"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.7"
      },
      {
        "model": "telepresence integrator c series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "agent desktop",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "content security management appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.140"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.8"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.14"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "jabber client framework components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4"
      },
      {
        "model": "telepresence system tx9000",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.403"
      },
      {
        "model": "unified sip proxy software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.4.7895"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "mobility services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openssh for gpfs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "telepresence server and mse",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087104.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.6"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "ucs series and series fabric interconnects",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "620063000"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.3.0"
      },
      {
        "model": "netflow generation appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(1)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.6"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.3-6513"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.28"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.9"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.29"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "spa51x ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.8.15.7.15"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.2.0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "prime infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.23"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103200"
      },
      {
        "model": "small business series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.24"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "content security appliance update servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "videoscape anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.7.2"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.6"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.9"
      },
      {
        "model": "universal small cell iuh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "solaris sru11.6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.2"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.4"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-326.1"
      },
      {
        "model": "unity express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.8"
      },
      {
        "model": "small business series managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10006.1"
      },
      {
        "model": "telepresence isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "series smart plus switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2200"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.4.1102"
      },
      {
        "model": "access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.3.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "telepresence system series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30006.1"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.4"
      },
      {
        "model": "one portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.13"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.12"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "unified attendant console standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.5"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.9"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.32"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.9"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "mds series multilayer switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-3.0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.1.1"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.1"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tealeaf customer experience on cloud network capture add-on",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "16.1.01"
      },
      {
        "model": "smart net total care local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.12"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.8.9"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "integrated management module for system yuoo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "prime performance manager sp1611",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "unified ip phone 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.23"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.10"
      },
      {
        "model": "telepresence server and mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087100"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.19"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270015.5(3)"
      },
      {
        "model": "bigfix platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-32"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.30"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.4"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.11"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.3.0.1098"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "digital media manager 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified workforce optimization quality management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.13"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "cloud object storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.5"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "ios xr software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.4"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.4"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7.0"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47100"
      },
      {
        "model": "oss support tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.15.17.3.14"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.2.0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime infrastructure plug and play standalone gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.2"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.6"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.19"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.3"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "jabber",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "connected analytics for collaboration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4.1"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.8"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5(1.89)"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.003(002)"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.31"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8204.4"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.3"
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.13"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.400"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "prime network",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "431"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.26"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "network analysis module 6.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system ex series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mxe series media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1100"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "ip series phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.9"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.3"
      },
      {
        "model": "emergency responder",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.27"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.17"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.18"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2.0.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.406-3402.103"
      },
      {
        "model": "unified meetingplace 8.6mr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.9"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "spa525g 5-line ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "unified ip conference phone for third-party call control 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.6"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway 7.6.405h1157986",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.23"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "physical access gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "webex meetings client hosted t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.15"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1.30"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.4.1.5.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.402"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.3.0"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "91319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003304"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2177"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2177"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "140717"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2016-2177",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-2177",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-2177",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2177",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-2177",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003304"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2177"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. Supplementary information : CWE Vulnerability type by CWE-190: Integer Overflow or Wraparound ( Integer overflow or wraparound ) Has been identified. OpenSSL is prone to an integer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAn attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. \nOpenSSL 1.0.2h and prior versions are vulnerable. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 7\nAdvisory ID:       RHSA-2017:0194-01\nProduct:           Red Hat JBoss Core Services\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2017:0194\nIssue date:        2017-01-25\nCVE Names:         CVE-2016-2108 CVE-2016-2177 CVE-2016-2178 \n                   CVE-2016-4459 CVE-2016-6808 CVE-2016-8612 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for JBoss Core Services on RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nThis release adds the new Apache HTTP Server 2.4.23 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.6 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. \n(CVE-2016-2108)\n\n* It was found that the length checks prior to writing to the target buffer\nfor creating a virtual host mapping rule did not take account of the length\nof the virtual host name, creating the potential for a buffer overflow. \n(CVE-2016-2178)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. (CVE-2016-4459)\n\n* An error was found in protocol parsing logic of mod_cluster load balancer\nApache HTTP Server modules. An attacker could use this flaw to cause a\nSegmentation Fault in the serving httpd process. (CVE-2016-8612)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108. The CVE-2016-4459 issue was discovered by Robert Bost (Red\nHat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and\nDavid Benjamin (Google) as the original reporters of CVE-2016-2108. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. After installing the updated\npackages, the httpd daemon will be restarted automatically. \n\n5. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-httpd-2.4.23-102.jbcs.el7.src.rpm\njbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.src.rpm\njbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.src.rpm\njbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.src.rpm\njbcs-httpd24-mod_jk-1.2.41-14.redhat_1.jbcs.el7.src.rpm\njbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.src.rpm\njbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.src.rpm\njbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.src.rpm\njbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.23-102.jbcs.el7.noarch.rpm\n\nppc64:\njbcs-httpd24-httpd-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-devel-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-selinux-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-src-zip-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-tools-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-zip-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_auth_kerb-debuginfo-5.4-35.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_bmx-debuginfo-0.9.6-14.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_bmx-src-zip-0.9.6-14.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_cluster-native-debuginfo-1.3.5-13.Final_redhat_1.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_jk-manual-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_ldap-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_proxy_html-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_rt-debuginfo-2.4.1-16.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_rt-src-zip-2.4.1-16.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.1-18.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-src-zip-2.9.1-18.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_session-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_ssl-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.ppc64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.12.0-9.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-12.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-12.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-12.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-12.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-static-1.0.2h-12.jbcs.el7.ppc64.rpm\n\nx86_64:\njbcs-httpd24-httpd-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-src-zip-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-zip-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_auth_kerb-debuginfo-5.4-35.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_bmx-debuginfo-0.9.6-14.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_bmx-src-zip-0.9.6-14.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-debuginfo-1.3.5-13.Final_redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-manual-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_rt-debuginfo-2.4.1-16.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_rt-src-zip-2.4.1-16.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.1-18.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-src-zip-2.9.1-18.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_session-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.12.0-9.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-12.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-12.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-12.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-12.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.0.2h-12.jbcs.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-4459\nhttps://access.redhat.com/security/cve/CVE-2016-6808\nhttps://access.redhat.com/security/cve/CVE-2016-8612\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYiQWBXlSAg2UNWIIRArWdAJwO4BE3aBxonVdBzdTUsNa+5ZKLmwCfSRUf\n2AmaztKx6GqFZTJkumoOcS8=\n=0wxz\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server. For\nfurther information, see the knowledge base article linked to in the\nReferences section. The JBoss server process must be restarted for the update\nto take effect. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nUSN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. This\n issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n  Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2179)\n  Shi Lei discovered that OpenSSL incorrectly handled memory in the\n TS_OBJ_print_bio() function. (CVE-2016-2180)\n  It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay\n feature. (CVE-2016-2181)\n  Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n  Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. This update moves DES from the HIGH cipher list to MEDIUM. \n (CVE-2016-2183)\n  Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. \n (CVE-2016-6302)\n  Shi Lei discovered that OpenSSL incorrectly handled memory in the\n MDC2_Update() function. (CVE-2016-6303)\n  Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03763en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03763en_us\nVersion: 1\n\nHPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote\nDenial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-08-01\nLast Updated: 2017-08-01\n\nPotential Security Impact: Remote: Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified in Comware 7, IMC, VCX\nproducts using OpenSSL. \n\n  - Comware v7 (CW7) Products See resolution section for impacted versions\n  - HP Intelligent Management Center (iMC) See resolution section for\nimpacted versions\n  - VCX Products 9.8.19\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2016-2177\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following software updates to resolve the vulnerability\nin Comware 7, IMC PLAT, and VCX.  \n\n**Note:** The following products are impacted by this issue\n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7377P02**\n    * HPE Branded Products Impacted\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n   \n     \n  + **10500 (Comware 7) - Version: R7184**\n    * HPE Branded Products Impacted\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n   \n     \n  + **5900/5920 (Comware 7) - Version: R2432**\n    * HPE Branded Products Impacted\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n   \n     \n  + **MSR1000 (Comware 7) - Version: R0306P80**\n    * HPE Branded Products Impacted\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n   \n     \n  + **MSR2000 (Comware 7) - Version: R0306P80**\n    * HPE Branded Products Impacted\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n   \n     \n  + **MSR3000 (Comware 7) - Version: R0306P80**\n    * HPE Branded Products Impacted\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n   \n     \n  + **MSR4000 (Comware 7) - Version: R0306P80**\n    * HPE Branded Products Impacted\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n   \n     \n  + **VSR (Comware 7) - Version: E0324**\n    * HPE Branded Products Impacted\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n   \n     \n  + **7900 (Comware 7) - Version: R2152**\n    * HPE Branded Products Impacted\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n   \n     \n  + **5130EI (Comware 7) - Version: R3115P05**\n    * HPE Branded Products Impacted\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n   \n     \n  + **6125XLG - Version: R2432**\n    * HPE Branded Products Impacted\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n   \n     \n  + **6127XLG - Version: R2432**\n    * HPE Branded Products Impacted\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n   \n     \n  + **Moonshot - Version: R2432**\n    * HPE Branded Products Impacted\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n   \n     \n  + **5700 (Comware 7) - Version: R2432**\n    * HPE Branded Products Impacted\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n   \n     \n  + **5930 (Comware 7) - Version: R2432**\n    * HPE Branded Products Impacted\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n   \n     \n  + **1950 (Comware 7) - Version: R3115P06**\n    * HPE Branded Products Impacted\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n   \n     \n  + **7500 (Comware 7) - Version: R7184**\n    * HPE Branded Products Impacted\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n   \n     \n  + **5510HI (Comware 7) - Version: R1121P01**\n    * HPE Branded Products Impacted\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n   \n     \n  + **5130HI (Comware 7) - Version: R1121P02**\n    * HPE Branded Products Impacted\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n   \n     \n  + **5940 (Comware 7) - Version: R2509P02**\n    * HPE Branded Products Impacted\n      - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch\n      - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch\n      - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch\n      - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch\n      - JH396A HPE FlexFabric 5940 32QSFP+ Switch\n      - JH397A HPE FlexFabric 5940 2-slot Switch\n      - JH398A HPE FlexFabric 5940 4-slot Switch\n   \n     \n  + **5950 (Comware 7) - Version: R6123**\n    * HPE Branded Products Impacted\n      - JH321A HPE FlexFabric 5950 32QSFP28 Switch\n      - JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch\n      - JH404A HPE FlexFabric 5950 4-slot Switch\n   \n     \n  + **12900E (Comware 7) - Version: R2609**\n    * HPE Branded Products Impacted\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n   \n     \n  + **iNode PC 7.2 (E0410) - Version: 7.2 E0410**\n    * HPE Branded Products Impacted\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n   \n     \n  + **iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409**\n    * HPE Branded Products Impacted\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n   \n     \n  + **VCX - Version: 9.8.19**\n    * HPE Branded Products Impacted\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n      \n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 1 August 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. (CVE-2016-2177)\n\nIt was discovered that OpenSSL did not properly handle Montgomery\nmultiplication, resulting in incorrect results leading to transient\nfailures. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2.  OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003304"
      },
      {
        "db": "BID",
        "id": "91319"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2177"
      },
      {
        "db": "PACKETSTORM",
        "id": "140717"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "143628"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "140850"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2177",
        "trust": 3.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-144-01",
        "trust": 1.9
      },
      {
        "db": "MCAFEE",
        "id": "SB10165",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "91319",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1036088",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/06/08/9",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10215",
        "trust": 1.1
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2018-144-01",
        "trust": 1.1
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2018-137-01",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-20",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-21",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-16",
        "trust": 1.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.1
      },
      {
        "db": "PULSESECURE",
        "id": "SA40312",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU98667810",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003304",
        "trust": 0.8
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2177",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140717",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143176",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143181",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138826",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143628",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140182",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140850",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169633",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2177"
      },
      {
        "db": "BID",
        "id": "91319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003304"
      },
      {
        "db": "PACKETSTORM",
        "id": "140717"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "143628"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "140850"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2177"
      }
    ]
  },
  "id": "VAR-201606-0478",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.4102494200000001
  },
  "last_update_date": "2024-07-22T21:45:06.283000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160927-openssl",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "title": "hitachi-sec-2017-103",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-103/index.html"
      },
      {
        "title": "HPSBGN03658",
        "trust": 0.8,
        "url": "https://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05302448"
      },
      {
        "title": "1995039",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "title": "SB10165",
        "trust": 0.8,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10165"
      },
      {
        "title": "NV17-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "Avoid some undefined pointer arithmetic",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Oracle Linux Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "title": "Bug 1341705",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341705"
      },
      {
        "title": "SA40312",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "title": "SA132",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaapsv"
      },
      {
        "title": "TNS-2016-16",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "title": "HS16-023",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs16-023/index.html"
      },
      {
        "title": "hitachi-sec-2017-103",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2017-103/index.html"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171659 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171658 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 7",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170194 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 6",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170193 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2016-2177",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2177"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-2177"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3181-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-755",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16"
      },
      {
        "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20"
      },
      {
        "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "CVE Scanning of Alpine base images using Multi Stage builds in Docker 17.05\nSummary",
        "trust": 0.1,
        "url": "https://github.com/tomwillfixit/alpine-cvecheck "
      },
      {
        "title": "hackerone-publicy-disclosed",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      },
      {
        "title": "OpenSSL-CVE-lib",
        "trust": 0.1,
        "url": "https://github.com/chnzzh/openssl-cve-lib "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003304"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-190",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003304"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2177"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.4,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10165"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2017:1658"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2017:0194"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2017-1659.html"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.2,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-144-01"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-3181-1"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-3087-2"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-3087-1"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341705"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/91319"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036088"
      },
      {
        "trust": 1.1,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "trust": 1.1,
        "url": "http://www.splunk.com/view/sp-caaapsv"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/201612-16"
      },
      {
        "trust": 1.1,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03763en_us"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-21"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-20"
      },
      {
        "trust": 1.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2017:0193"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.schneider-electric.com/en/download/document/sevd-2018-144-01/"
      },
      {
        "trust": 1.1,
        "url": "https://www.schneider-electric.com/en/download/document/sevd-2018-137-01/"
      },
      {
        "trust": 1.1,
        "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
      },
      {
        "trust": 1.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/csp/article/k23873366"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2016/dsa-3673"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en\u0026docid=emr_na-hpesbhf03856en_us"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2016/06/08/9"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2017/jul/31"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05302448"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/540957/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=a004e72b95835136d3f1ea90517f706c24c03da7"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2177"
      },
      {
        "trust": 0.8,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-18-144-01"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98667810/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2177"
      },
      {
        "trust": 0.8,
        "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.3,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995935"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991896"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099492"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994870"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993601"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21994534"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994861"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995038"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22001805"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8610"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-6808"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-8612"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-6304"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/2688611"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/solutions/222023"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-8610"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/190.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2017:1659"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3181-1/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6808"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1626883"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03763en_us"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5420"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5419"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7141"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.6"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu9.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.22"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.39"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7056"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://sweet32.info)"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2177"
      },
      {
        "db": "BID",
        "id": "91319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003304"
      },
      {
        "db": "PACKETSTORM",
        "id": "140717"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "143628"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "140850"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2177"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2177"
      },
      {
        "db": "BID",
        "id": "91319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003304"
      },
      {
        "db": "PACKETSTORM",
        "id": "140717"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "143628"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "140850"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2177"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-06-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2177"
      },
      {
        "date": "2016-05-05T00:00:00",
        "db": "BID",
        "id": "91319"
      },
      {
        "date": "2016-06-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-003304"
      },
      {
        "date": "2017-01-25T21:53:32",
        "db": "PACKETSTORM",
        "id": "140717"
      },
      {
        "date": "2017-06-28T22:12:00",
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "date": "2017-06-28T22:37:00",
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "date": "2016-09-23T19:19:00",
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "date": "2017-08-03T04:28:16",
        "db": "PACKETSTORM",
        "id": "143628"
      },
      {
        "date": "2016-12-16T16:34:49",
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "date": "2017-02-01T00:36:45",
        "db": "PACKETSTORM",
        "id": "140850"
      },
      {
        "date": "2016-09-22T12:12:12",
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "date": "2016-06-20T01:59:02.087000",
        "db": "NVD",
        "id": "CVE-2016-2177"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2177"
      },
      {
        "date": "2018-02-05T14:00:00",
        "db": "BID",
        "id": "91319"
      },
      {
        "date": "2019-07-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-003304"
      },
      {
        "date": "2023-11-07T02:31:01.273000",
        "db": "NVD",
        "id": "CVE-2016-2177"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "91319"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003304"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "91319"
      }
    ],
    "trust": 0.3
  }
}

var-202012-1527
Vulnerability from variot

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). OpenSSL Project Than, OpenSSL Security Advisory [08 December 2020] Has been published. Severity - high (Severity: High)EDIPARTYNAME NULL pointer reference - CVE-2020-1971OpenSSL of GENERAL_NAME_cmp() the function is X.509 This function compares data such as the host name included in the certificate. GENERAL_NAME_cmp() Both arguments to be compared in the function are EDIPartyName If it was of type GENERAL_NAME_cmp() in a function NULL pointer reference (CWE-476) may occur and crash the server or client application calling the function.Crafted X.509 Denial of service by performing certificate verification processing (DoS) You may be attacked. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A denial of service security issue exists in OpenSSL prior to 1.1.1i. This could prevent installations to flavors detected as baremetal, which might have the required capacity to complete the installation. This is usually caused by OpenStack administrators not setting the appropriate metadata on their bare metal flavors. Validations are now skipped on flavors detected as baremetal, to prevent incorrect failures from being reported. (BZ#1889416)

  • Previously, there was a broken link on the OperatorHub install page of the web console, which was intended to reference the cluster monitoring documentation. Bugs fixed (https://bugzilla.redhat.com/):

1885442 - Console doesn't load in iOS Safari when using self-signed certificates 1885946 - console-master-e2e-gcp-console test periodically fail due to no Alerts found 1887551 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console 1888165 - [release 4.6] IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected 1888650 - Fix CVE-2015-7501 affecting agent-maven-3.5 1888717 - Cypress: Fix 'link-name' accesibility violation 1888721 - ovn-masters stuck in crashloop after scale test 1890993 - Selected Capacity is showing wrong size 1890994 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off 1891427 - CLI does not save login credentials as expected when using the same username in multiple clusters 1891454 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName 1891499 - Other machine config pools do not show during update 1891891 - Wrong detail head on network policy detail page. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.4):

Source: openssl-1.0.2k-9.el7_4.src.rpm

x86_64: openssl-1.0.2k-9.el7_4.x86_64.rpm openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-devel-1.0.2k-9.el7_4.i686.rpm openssl-devel-1.0.2k-9.el7_4.x86_64.rpm openssl-libs-1.0.2k-9.el7_4.i686.rpm openssl-libs-1.0.2k-9.el7_4.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.4):

Source: openssl-1.0.2k-9.el7_4.src.rpm

ppc64le: openssl-1.0.2k-9.el7_4.ppc64le.rpm openssl-debuginfo-1.0.2k-9.el7_4.ppc64le.rpm openssl-devel-1.0.2k-9.el7_4.ppc64le.rpm openssl-libs-1.0.2k-9.el7_4.ppc64le.rpm

x86_64: openssl-1.0.2k-9.el7_4.x86_64.rpm openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-devel-1.0.2k-9.el7_4.i686.rpm openssl-devel-1.0.2k-9.el7_4.x86_64.rpm openssl-libs-1.0.2k-9.el7_4.i686.rpm openssl-libs-1.0.2k-9.el7_4.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.4):

Source: openssl-1.0.2k-9.el7_4.src.rpm

x86_64: openssl-1.0.2k-9.el7_4.x86_64.rpm openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-devel-1.0.2k-9.el7_4.i686.rpm openssl-devel-1.0.2k-9.el7_4.x86_64.rpm openssl-libs-1.0.2k-9.el7_4.i686.rpm openssl-libs-1.0.2k-9.el7_4.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.4):

x86_64: openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-perl-1.0.2k-9.el7_4.x86_64.rpm openssl-static-1.0.2k-9.el7_4.i686.rpm openssl-static-1.0.2k-9.el7_4.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.4):

ppc64le: openssl-debuginfo-1.0.2k-9.el7_4.ppc64le.rpm openssl-perl-1.0.2k-9.el7_4.ppc64le.rpm openssl-static-1.0.2k-9.el7_4.ppc64le.rpm

x86_64: openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-perl-1.0.2k-9.el7_4.x86_64.rpm openssl-static-1.0.2k-9.el7_4.i686.rpm openssl-static-1.0.2k-9.el7_4.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update Advisory ID: RHSA-2020:5633-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5633 Issue date: 2021-02-24 CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 CVE-2021-2007 CVE-2021-3121 =====================================================================

  1. Summary:

Red Hat OpenShift Container Platform release 4.7.0 is now available.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2020:5634

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64

The image digest is sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-s390x

The image digest is sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le

The image digest is sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6

All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor.

Security Fix(es):

  • crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846)

  • golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)

  • gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

  • nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)

  • kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563)

  • containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)

  • heketi: gluster-block volume password details available in logs (CVE-2020-10763)

  • golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)

  • jwt-go: access restriction bypass vulnerability (CVE-2020-26160)

  • golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)

  • golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For OpenShift Container Platform 4.7, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1620608 - Restoring deployment config with history leads to weird state 1752220 - [OVN] Network Policy fails to work when project label gets overwritten 1756096 - Local storage operator should implement must-gather spec 1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs 1768255 - installer reports 100% complete but failing components 1770017 - Init containers restart when the exited container is removed from node. 1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating 1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset 1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale 1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating create commands 1784298 - "Displaying with reduced resolution due to large dataset." would show under some conditions 1785399 - Under condition of heavy pod creation, creation fails with 'error reserving pod name ...: name is reserved" 1797766 - Resource Requirements" specDescriptor fields - CPU and Memory injects empty string YAML editor 1801089 - [OVN] Installation failed and monitoring pod not created due to some network error. 1805025 - [OSP] Machine status doesn't become "Failed" when creating a machine with invalid image 1805639 - Machine status should be "Failed" when creating a machine with invalid machine configuration 1806000 - CRI-O failing with: error reserving ctr name 1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be 1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be 1810438 - Installation logs are not gathered from OCP nodes 1812085 - kubernetes-networking-namespace-pods dashboard doesn't exist 1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation 1813012 - EtcdDiscoveryDomain no longer needed 1813949 - openshift-install doesn't use env variables for OS_* for some of API endpoints 1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use 1819053 - loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: OpenAPI spec does not exist 1819457 - Package Server is in 'Cannot update' status despite properly working 1820141 - [RFE] deploy qemu-quest-agent on the nodes 1822744 - OCS Installation CI test flaking 1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario 1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool 1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file 1829723 - User workload monitoring alerts fire out of the box 1832968 - oc adm catalog mirror does not mirror the index image itself 1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN 1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters 1834995 - olmFull suite always fails once th suite is run on the same cluster 1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz 1837953 - Replacing masters doesn't work for ovn-kubernetes 4.4 1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks 1838751 - [oVirt][Tracker] Re-enable skipped network tests 1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups 1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed 1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP 1841119 - Get rid of config patches and pass flags directly to kcm 1841175 - When an Install Plan gets deleted, OLM does not create a new one 1841381 - Issue with memoryMB validation 1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option 1844727 - Etcd container leaves grep and lsof zombie processes 1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs 1847074 - Filter bar layout issues at some screen widths on search page 1848358 - CRDs with preserveUnknownFields:true don't reflect in status that they are non-structural 1849543 - [4.5]kubeletconfig's description will show multiple lines for finalizers when upgrade from 4.4.8->4.5 1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service 1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard 1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing 1851693 - The oc apply should return errors instead of hanging there when failing to create the CRD 1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service 1853115 - the restriction of --cloud option should be shown in help text. 1853116 - --to option does not work with --credentials-requests flag. 1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854567 - "Installed Operators" list showing "duplicated" entries during installation 1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present 1855351 - Inconsistent Installer reactions to Ctrl-C during user input process 1855408 - OVN cluster unstable after running minimal scale test 1856351 - Build page should show metrics for when the build ran, not the last 30 minutes 1856354 - New APIServices missing from OpenAPI definitions 1857446 - ARO/Azure: excessive pod memory allocation causes node lockup 1857877 - Operator upgrades can delete existing CSV before completion 1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed 1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created 1860136 - default ingress does not propagate annotations to route object on update 1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as "Failed" 1860518 - unable to stop a crio pod 1861383 - Route with haproxy.router.openshift.io/timeout: 365d kills the ingress controller 1862430 - LSO: PV creation lock should not be acquired in a loop 1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group. 1862608 - Virtual media does not work on hosts using BIOS, only UEFI 1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network 1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff 1865839 - rpm-ostree fails with "System transaction in progress" when moving to kernel-rt 1866043 - Configurable table column headers can be illegible 1866087 - Examining agones helm chart resources results in "Oh no!" 1866261 - Need to indicate the intentional behavior for Ansible in the create api help info 1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement 1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity 1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there’s no indication on which labels offer tooltip/help 1866340 - [RHOCS Usability Study][Dashboard] It was not clear why “No persistent storage alerts” was prominently displayed 1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations 1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le & s390x 1866482 - Few errors are seen when oc adm must-gather is run 1866605 - No metadata.generation set for build and buildconfig objects 1866873 - MCDDrainError "Drain failed on , updates may be blocked" missing rendered node name 1866901 - Deployment strategy for BMO allows multiple pods to run at the same time 1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure. 1867165 - Cannot assign static address to baremetal install bootstrap vm 1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig 1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS 1867477 - HPA monitoring cpu utilization fails for deployments which have init containers 1867518 - [oc] oc should not print so many goroutines when ANY command fails 1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster 1867965 - OpenShift Console Deployment Edit overwrites deployment yaml 1868004 - opm index add appears to produce image with wrong registry server binary 1868065 - oc -o jsonpath prints possible warning / bug "Unable to decode server response into a Table" 1868104 - Baremetal actuator should not delete Machine objects 1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead 1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters 1868527 - OpenShift Storage using VMWare vSAN receives error "Failed to add disk 'scsi0:2'" when mounted pod is created on separate node 1868645 - After a disaster recovery pods a stuck in "NodeAffinity" state and not running 1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation 1868765 - [vsphere][ci] could not reserve an IP address: no available addresses 1868770 - catalogSource named "redhat-operators" deleted in a disconnected cluster 1868976 - Prometheus error opening query log file on EBS backed PVC 1869293 - The configmap name looks confusing in aide-ds pod logs 1869606 - crio's failing to delete a network namespace 1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes 1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance] 1870373 - Ingress Operator reports available when DNS fails to provision 1870467 - D/DC Part of Helm / Operator Backed should not have HPA 1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json 1870800 - [4.6] Managed Column not appearing on Pods Details page 1871170 - e2e tests are needed to validate the functionality of the etcdctl container 1872001 - EtcdDiscoveryDomain no longer needed 1872095 - content are expanded to the whole line when only one column in table on Resource Details page 1872124 - Could not choose device type as "disk" or "part" when create localvolumeset from web console 1872128 - Can't run container with hostPort on ipv6 cluster 1872166 - 'Silences' link redirects to unexpected 'Alerts' view after creating a silence in the Developer perspective 1872251 - [aws-ebs-csi-driver] Verify job in CI doesn't check for vendor dir sanity 1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them 1872821 - [DOC] Typo in Ansible Operator Tutorial 1872907 - Fail to create CR from generated Helm Base Operator 1872923 - Click "Cancel" button on the "initialization-resource" creation form page should send users to the "Operator details" page instead of "Install Operator" page (previous page) 1873007 - [downstream] failed to read config when running the operator-sdk in the home path 1873030 - Subscriptions without any candidate operators should cause resolution to fail 1873043 - Bump to latest available 1.19.x k8s 1873114 - Nodes goes into NotReady state (VMware) 1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem 1873305 - Failed to power on /inspect node when using Redfish protocol 1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information 1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: “?” button/icon in Developer Console ->Navigation 1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working 1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters 1874057 - Pod stuck in CreateContainerError - error msg="container_linux.go:348: starting container process caused \"chdir to cwd (\\"/mount-point\\") set in config.json failed: permission denied\"" 1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver 1874192 - [RFE] "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider 1874240 - [vsphere] unable to deprovision - Runtime error list attached objects 1874248 - Include validation for vcenter host in the install-config 1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6 1874583 - apiserver tries and fails to log an event when shutting down 1874584 - add retry for etcd errors in kube-apiserver 1874638 - Missing logging for nbctl daemon 1874736 - [downstream] no version info for the helm-operator 1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution 1874968 - Accessibility: The project selection drop down is a keyboard trap 1875247 - Dependency resolution error "found more than one head for channel" is unhelpful for users 1875516 - disabled scheduling is easy to miss in node page of OCP console 1875598 - machine status is Running for a master node which has been terminated from the console 1875806 - When creating a service of type "LoadBalancer" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes. 1876166 - need to be able to disable kube-apiserver connectivity checks 1876469 - Invalid doc link on yaml template schema description 1876701 - podCount specDescriptor change doesn't take effect on operand details page 1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt 1876935 - AWS volume snapshot is not deleted after the cluster is destroyed 1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted 1877105 - add redfish to enabled_bios_interfaces 1877116 - e2e aws calico tests fail with rpc error: code = ResourceExhausted 1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown 1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only 'rootDevices' 1877681 - Manually created PV can not be used 1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53 1877740 - RHCOS unable to get ip address during first boot 1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5 1877919 - panic in multus-admission-controller 1877924 - Cannot set BIOS config using Redfish with Dell iDracs 1878022 - Met imagestreamimport error when import the whole image repository 1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default "Filesystem Name" instead of providing a textbox, & the name should be validated 1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status 1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM 1878766 - CPU consumption on nodes is higher than the CPU count of the node. 1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus. 1878823 - "oc adm release mirror" generating incomplete imageContentSources when using "--to" and "--to-release-image" 1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode 1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used 1878953 - RBAC error shows when normal user access pvc upload page 1878956 - oc api-resources does not include API version 1878972 - oc adm release mirror removes the architecture information 1879013 - [RFE]Improve CD-ROM interface selection 1879056 - UI should allow to change or unset the evictionStrategy 1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled 1879094 - RHCOS dhcp kernel parameters not working as expected 1879099 - Extra reboot during 4.5 -> 4.6 upgrade 1879244 - Error adding container to network "ipvlan-host-local": "master" field is required 1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder 1879282 - Update OLM references to point to the OLM's new doc site 1879283 - panic after nil pointer dereference in pkg/daemon/update.go 1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests 1879419 - [RFE]Improve boot source description for 'Container' and ‘URL’ 1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted. 1879565 - IPv6 installation fails on node-valid-hostname 1879777 - Overlapping, divergent openshift-machine-api namespace manifests 1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with 'Basic', skipping basic authentication in Log message in thanos-querier pod the oauth-proxy 1879930 - Annotations shouldn't be removed during object reconciliation 1879976 - No other channel visible from console 1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc. 1880148 - dns daemonset rolls out slowly in large clusters 1880161 - Actuator Update calls should have fixed retry time 1880259 - additional network + OVN network installation failed 1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as "Failed" 1880410 - Convert Pipeline Visualization node to SVG 1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn 1880443 - broken machine pool management on OpenStack 1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s. 1880473 - IBM Cloudpak operators installation stuck "UpgradePending" with InstallPlan status updates failing due to size limitation 1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables) 1880785 - CredentialsRequest missing description in oc explain 1880787 - No description for Provisioning CRD for oc explain 1880902 - need dnsPlocy set in crd ingresscontrollers 1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster 1881027 - Cluster installation fails at with error : the container name \"assisted-installer\" is already in use 1881046 - [OSP] openstack-cinder-csi-driver-operator doesn't contain required manifests and assets 1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node 1881268 - Image uploading failed but wizard claim the source is available 1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration 1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup 1881881 - unable to specify target port manually resulting in application not reachable 1881898 - misalignment of sub-title in quick start headers 1882022 - [vsphere][ipi] directory path is incomplete, terraform can't find the cluster 1882057 - Not able to select access modes for snapshot and clone 1882140 - No description for spec.kubeletConfig 1882176 - Master recovery instructions don't handle IP change well 1882191 - Installation fails against external resources which lack DNS Subject Alternative Name 1882209 - [ BateMetal IPI ] local coredns resolution not working 1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from "Too large resource version" 1882268 - [e2e][automation]Add Integration Test for Snapshots 1882361 - Retrieve and expose the latest report for the cluster 1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use 1882556 - git:// protocol in origin tests is not currently proxied 1882569 - CNO: Replacing masters doesn't work for ovn-kubernetes 4.4 1882608 - Spot instance not getting created on AzureGovCloud 1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance 1882649 - IPI installer labels all images it uploads into glance as qcow2 1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic 1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page 1882660 - Operators in a namespace should be installed together when approve one 1882667 - [ovn] br-ex Link not found when scale up RHEL worker 1882723 - [vsphere]Suggested mimimum value for providerspec not working 1882730 - z systems not reporting correct core count in recording rule 1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully 1882781 - nameserver= option to dracut creates extra NM connection profile 1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined 1882844 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1883388 - Bare Metal Hosts Details page doesn't show Mainitenance and Power On/Off status 1883422 - operator-sdk cleanup fail after installing operator with "run bundle" without installmode and og with ownnamespace 1883425 - Gather top installplans and their count 1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2 1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel] 1883538 - must gather report "cannot file manila/aws ebs/ovirt csi related namespaces and objects" error 1883560 - operator-registry image needs clean up in /tmp 1883563 - Creating duplicate namespace from create namespace modal breaks the UI 1883614 - [OCP 4.6] [UI] UI should not describe power cycle as "graceful" 1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate 1883660 - e2e-metal-ipi CI job consistently failing on 4.4 1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests 1883766 - [e2e][automation] Adjust tests for UI changes 1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations 1883773 - opm alpha bundle build fails on win10 home 1883790 - revert "force cert rotation every couple days for development" in 4.7 1883803 - node pull secret feature is not working as expected 1883836 - Jenkins imagestream ubi8 and nodejs12 update 1883847 - The UI does not show checkbox for enable encryption at rest for OCS 1883853 - go list -m all does not work 1883905 - race condition in opm index add --overwrite-latest 1883946 - Understand why trident CSI pods are getting deleted by OCP 1884035 - Pods are illegally transitioning back to pending 1884041 - e2e should provide error info when minimum number of pods aren't ready in kube-system namespace 1884131 - oauth-proxy repository should run tests 1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied 1884221 - IO becomes unhealthy due to a file change 1884258 - Node network alerts should work on ratio rather than absolute values 1884270 - Git clone does not support SCP-style ssh locations 1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout 1884435 - vsphere - loopback is randomly not being added to resolver 1884565 - oauth-proxy crashes on invalid usage 1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy 1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users 1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment 1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu. 1884632 - Adding BYOK disk encryption through DES 1884654 - Utilization of a VMI is not populated 1884655 - KeyError on self._existing_vifs[port_id] 1884664 - Operator install page shows "installing..." instead of going to install status page 1884672 - Failed to inspect hardware. Reason: unable to start inspection: 'idrac' 1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure 1884724 - Quick Start: Serverless quickstart doesn't match Operator install steps 1884739 - Node process segfaulted 1884824 - Update baremetal-operator libraries to k8s 1.19 1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping 1885138 - Wrong detection of pending state in VM details 1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2 1885165 - NoRunningOvnMaster alert falsely triggered 1885170 - Nil pointer when verifying images 1885173 - [e2e][automation] Add test for next run configuration feature 1885179 - oc image append fails on push (uploading a new layer) 1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig 1885218 - [e2e][automation] Add virtctl to gating script 1885223 - Sync with upstream (fix panicking cluster-capacity binary) 1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2 1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2 1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2 1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2 1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2 1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2 1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI 1885315 - unit tests fail on slow disks 1885319 - Remove redundant use of group and kind of DataVolumeTemplate 1885343 - Console doesn't load in iOS Safari when using self-signed certificates 1885344 - 4.7 upgrade - dummy bug for 1880591 1885358 - add p&f configuration to protect openshift traffic 1885365 - MCO does not respect the install section of systemd files when enabling 1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating 1885398 - CSV with only Webhook conversion can't be installed 1885403 - Some OLM events hide the underlying errors 1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case 1885425 - opm index add cannot batch add multiple bundles that use skips 1885543 - node tuning operator builds and installs an unsigned RPM 1885644 - Panic output due to timeouts in openshift-apiserver 1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU < 30 || totalMemory < 72 GiB for initial deployment 1885702 - Cypress: Fix 'aria-hidden-focus' accesibility violations 1885706 - Cypress: Fix 'link-name' accesibility violation 1885761 - DNS fails to resolve in some pods 1885856 - Missing registry v1 protocol usage metric on telemetry 1885864 - Stalld service crashed under the worker node 1885930 - [release 4.7] Collect ServiceAccount statistics 1885940 - kuryr/demo image ping not working 1886007 - upgrade test with service type load balancer will never work 1886022 - Move range allocations to CRD's 1886028 - [BM][IPI] Failed to delete node after scale down 1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas 1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd 1886154 - System roles are not present while trying to create new role binding through web console 1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5->4.6 causes broadcast storm 1886168 - Remove Terminal Option for Windows Nodes 1886200 - greenwave / CVP is failing on bundle validations, cannot stage push 1886229 - Multipath support for RHCOS sysroot 1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage 1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status 1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL 1886397 - Move object-enum to console-shared 1886423 - New Affinities don't contain ID until saving 1886435 - Azure UPI uses deprecated command 'group deployment' 1886449 - p&f: add configuration to protect oauth server traffic 1886452 - layout options doesn't gets selected style on click i.e grey background 1886462 - IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected 1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest 1886524 - Change default terminal command for Windows Pods 1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution 1886600 - panic: assignment to entry in nil map 1886620 - Application behind service load balancer with PDB is not disrupted 1886627 - Kube-apiserver pods restarting/reinitializing periodically 1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider 1886636 - Panic in machine-config-operator 1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer. 1886751 - Gather MachineConfigPools 1886766 - PVC dropdown has 'Persistent Volume' Label 1886834 - ovn-cert is mandatory in both master and node daemonsets 1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState 1886861 - ordered-values.yaml not honored if values.schema.json provided 1886871 - Neutron ports created for hostNetworking pods 1886890 - Overwrite jenkins-agent-base imagestream 1886900 - Cluster-version operator fills logs with "Manifest: ..." spew 1886922 - [sig-network] pods should successfully create sandboxes by getting pod 1886973 - Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console 1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO 1887010 - Imagepruner met error "Job has reached the specified backoff limit" which causes image registry degraded 1887026 - FC volume attach fails with “no fc disk found” error on OCP 4.6 PowerVM cluster 1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6 1887046 - Event for LSO need update to avoid confusion 1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image 1887375 - User should be able to specify volumeMode when creating pvc from web-console 1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console 1887392 - openshift-apiserver: delegated authn/z should have ttl > metrics/healthz/readyz/openapi interval 1887428 - oauth-apiserver service should be monitored by prometheus 1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting "degraded: False" 1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data 1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes 1887465 - Deleted project is still referenced 1887472 - unable to edit application group for KSVC via gestures (shift+Drag) 1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface 1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster 1887525 - Failures to set master HardwareDetails cannot easily be debugged 1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable 1887585 - ovn-masters stuck in crashloop after scale test 1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. 1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator 1887740 - cannot install descheduler operator after uninstalling it 1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events 1887750 - oc explain localvolumediscovery returns empty description 1887751 - oc explain localvolumediscoveryresult returns empty description 1887778 - Add ContainerRuntimeConfig gatherer 1887783 - PVC upload cannot continue after approve the certificate 1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard 1887799 - User workload monitoring prometheus-config-reloader OOM 1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky 1887863 - Installer panics on invalid flavor 1887864 - Clean up dependencies to avoid invalid scan flagging 1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison 1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig 1888015 - workaround kubelet graceful termination of static pods bug 1888028 - prevent extra cycle in aggregated apiservers 1888036 - Operator details shows old CRD versions 1888041 - non-terminating pods are going from running to pending 1888072 - Setting Supermicro node to PXE boot via Redfish doesn't take affect 1888073 - Operator controller continuously busy looping 1888118 - Memory requests not specified for image registry operator 1888150 - Install Operand Form on OperatorHub is displaying unformatted text 1888172 - PR 209 didn't update the sample archive, but machineset and pdbs are now namespaced 1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build 1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5 1888311 - p&f: make SAR traffic from oauth and openshift apiserver exempt 1888363 - namespaces crash in dev 1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created 1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected 1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC 1888494 - imagepruner pod is error when image registry storage is not configured 1888565 - [OSP] machine-config-daemon-firstboot.service failed with "error reading osImageURL from rpm-ostree" 1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error 1888601 - The poddisruptionbudgets is using the operator service account, instead of gather 1888657 - oc doesn't know its name 1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable 1888671 - Document the Cloud Provider's ignore-volume-az setting 1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image 1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName() 1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set 1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster 1888866 - AggregatedAPIDown permanently firing after removing APIService 1888870 - JS error when using autocomplete in YAML editor 1888874 - hover message are not shown for some properties 1888900 - align plugins versions 1888985 - Cypress: Fix 'Ensures buttons have discernible text' accesibility violation 1889213 - The error message of uploading failure is not clear enough 1889267 - Increase the time out for creating template and upload image in the terraform 1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages) 1889374 - Kiali feature won't work on fresh 4.6 cluster 1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode 1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade 1889515 - Accessibility - The symbols e.g checkmark in the Node > overview page has no text description, label, or other accessible information 1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance 1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown 1889577 - Resources are not shown on project workloads page 1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment 1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages 1889692 - Selected Capacity is showing wrong size 1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15 1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off 1889710 - Prometheus metrics on disk take more space compared to OCP 4.5 1889721 - opm index add semver-skippatch mode does not respect prerelease versions 1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn't see the Disk tab 1889767 - [vsphere] Remove certificate from upi-installer image 1889779 - error when destroying a vSphere installation that failed early 1889787 - OCP is flooding the oVirt engine with auth errors 1889838 - race in Operator update after fix from bz1888073 1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1 1889863 - Router prints incorrect log message for namespace label selector 1889891 - Backport timecache LRU fix 1889912 - Drains can cause high CPU usage 1889921 - Reported Degraded=False Available=False pair does not make sense 1889928 - [e2e][automation] Add more tests for golden os 1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName 1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings 1890074 - MCO extension kernel-headers is invalid 1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest 1890130 - multitenant mode consistently fails CI 1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e 1890145 - The mismatched of font size for Status Ready and Health Check secondary text 1890180 - FieldDependency x-descriptor doesn't support non-sibling fields 1890182 - DaemonSet with existing owner garbage collected 1890228 - AWS: destroy stuck on route53 hosted zone not found 1890235 - e2e: update Protractor's checkErrors logging 1890250 - workers may fail to join the cluster during an update from 4.5 1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member 1890270 - External IP doesn't work if the IP address is not assigned to a node 1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability 1890456 - [vsphere] mapi_instance_create_failed doesn't work on vsphere 1890467 - unable to edit an application without a service 1890472 - [Kuryr] Bulk port creation exception not completely formatted 1890494 - Error assigning Egress IP on GCP 1890530 - cluster-policy-controller doesn't gracefully terminate 1890630 - [Kuryr] Available port count not correctly calculated for alerts 1890671 - [SA] verify-image-signature using service account does not work 1890677 - 'oc image info' claims 'does not exist' for application/vnd.oci.image.manifest.v1+json manifest 1890808 - New etcd alerts need to be added to the monitoring stack 1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn't sync the "overall" sha it syncs only the sub arch sha. 1890984 - Rename operator-webhook-config to sriov-operator-webhook-config 1890995 - wew-app should provide more insight into why image deployment failed 1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call 1891047 - Helm chart fails to install using developer console because of TLS certificate error 1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler 1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI 1891108 - p&f: Increase the concurrency share of workload-low priority level 1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine) 1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown 1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn't meet requirements of chart) 1891362 - Wrong metrics count for openshift_build_result_total 1891368 - fync should be fsync for etcdHighFsyncDurations alert's annotations.message 1891374 - fync should be fsync for etcdHighFsyncDurations critical alert's annotations.message 1891376 - Extra text in Cluster Utilization charts 1891419 - Wrong detail head on network policy detail page. 1891459 - Snapshot tests should report stderr of failed commands 1891498 - Other machine config pools do not show during update 1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage 1891551 - Clusterautoscaler doesn't scale up as expected 1891552 - Handle missing labels as empty. 1891555 - The windows oc.exe binary does not have version metadata 1891559 - kuryr-cni cannot start new thread 1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11 1891625 - [Release 4.7] Mutable LoadBalancer Scope 1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml 1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails 1891740 - OperatorStatusChanged is noisy 1891758 - the authentication operator may spam DeploymentUpdated event endlessly 1891759 - Dockerfile builds cannot change /etc/pki/ca-trust 1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1 1891825 - Error message not very informative in case of mode mismatch 1891898 - The ClusterServiceVersion can define Webhooks that cannot be created. 1891951 - UI should show warning while creating pools with compression on 1891952 - [Release 4.7] Apps Domain Enhancement 1891993 - 4.5 to 4.6 upgrade doesn't remove deployments created by marketplace 1891995 - OperatorHub displaying old content 1891999 - Storage efficiency card showing wrong compression ratio 1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.28' not found (required by ./opm) 1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. 1892198 - TypeError in 'Performance Profile' tab displayed for 'Performance Addon Operator' 1892288 - assisted install workflow creates excessive control-plane disruption 1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config 1892358 - [e2e][automation] update feature gate for kubevirt-gating job 1892376 - Deleted netnamespace could not be re-created 1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky 1892393 - TestListPackages is flaky 1892448 - MCDPivotError alert/metric missing 1892457 - NTO-shipped stalld needs to use FIFO for boosting. 1892467 - linuxptp-daemon crash 1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env 1892653 - User is unable to create KafkaSource with v1beta 1892724 - VFS added to the list of devices of the nodeptpdevice CRD 1892799 - Mounting additionalTrustBundle in the operator 1893117 - Maintenance mode on vSphere blocks installation. 1893351 - TLS secrets are not able to edit on console. 1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots 1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky "worker" assumption when guessing about ingress availability 1893546 - Deploy using virtual media fails on node cleaning step 1893601 - overview filesystem utilization of OCP is showing the wrong values 1893645 - oc describe route SIGSEGV 1893648 - Ironic image building process is not compatible with UEFI secure boot 1893724 - OperatorHub generates incorrect RBAC 1893739 - Force deletion doesn't work for snapshots if snapshotclass is already deleted 1893776 - No useful metrics for image pull time available, making debugging issues there impossible 1893798 - Lots of error messages starting with "get namespace to enqueue Alertmanager instances failed" in the logs of prometheus-operator 1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD 1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS 1893926 - Some "Dynamic PV (block volmode)" pattern storage e2e tests are wrongly skipped 1893944 - Wrong product name for Multicloud Object Gateway 1893953 - (release-4.7) Gather default StatefulSet configs 1893956 - Installation always fails at "failed to initialize the cluster: Cluster operator image-registry is still updating" 1893963 - [Testday] Workloads-> Virtualization is not loading for Firefox browser 1893972 - Should skip e2e test cases as early as possible 1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without 'https://' 1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective 1894025 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set 1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used. 1894065 - tag new packages to enable TLS support 1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0 1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries 1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM 1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted 1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI) 1894216 - Improve OpenShift Web Console availability 1894275 - Fix CRO owners file to reflect node owner 1894278 - "database is locked" error when adding bundle to index image 1894330 - upgrade channels needs to be updated for 4.7 1894342 - oauth-apiserver logs many "[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient" 1894374 - Dont prevent the user from uploading a file with incorrect extension 1894432 - [oVirt] sometimes installer timeout on tmp_import_vm 1894477 - bash syntax error in nodeip-configuration.service 1894503 - add automated test for Polarion CNV-5045 1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform 1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets 1894645 - Cinder volume provisioning crashes on nil cloud provider 1894677 - image-pruner job is panicking: klog stack 1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0 1894860 - 'backend' CI job passing despite failing tests 1894910 - Update the node to use the real-time kernel fails 1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package 1895065 - Schema / Samples / Snippets Tabs are all selected at the same time 1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI 1895141 - panic in service-ca injector 1895147 - Remove memory limits on openshift-dns 1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation 1895268 - The bundleAPIs should NOT be empty 1895309 - [OCP v47] The RHEL node scaleup fails due to "No package matching 'cri-o-1.19.*' found available" on OCP 4.7 cluster 1895329 - The infra index filled with warnings "WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release" 1895360 - Machine Config Daemon removes a file although its defined in the dropin 1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1 1895372 - Web console going blank after selecting any operator to install from OperatorHub 1895385 - Revert KUBELET_LOG_LEVEL back to level 3 1895423 - unable to edit an application with a custom builder image 1895430 - unable to edit custom template application 1895509 - Backup taken on one master cannot be restored on other masters 1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image 1895838 - oc explain description contains '/' 1895908 - "virtio" option is not available when modifying a CD-ROM to disk type 1895909 - e2e-metal-ipi-ovn-dualstack is failing 1895919 - NTO fails to load kernel modules 1895959 - configuring webhook token authentication should prevent cluster upgrades 1895979 - Unable to get coreos-installer with --copy-network to work 1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV 1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded) 1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed 1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest 1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded 1896244 - Found a panic in storage e2e test 1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general 1896302 - [e2e][automation] Fix 4.6 test failures 1896365 - [Migration]The SDN migration cannot revert under some conditions 1896384 - [ovirt IPI]: local coredns resolution not working 1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6 1896529 - Incorrect instructions in the Serverless operator and application quick starts 1896645 - documentationBaseURL needs to be updated for 4.7 1896697 - [Descheduler] policy.yaml param in cluster configmap is empty 1896704 - Machine API components should honour cluster wide proxy settings 1896732 - "Attach to Virtual Machine OS" button should not be visible on old clusters 1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator 1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails 1896918 - start creating new-style Secrets for AWS 1896923 - DNS pod /metrics exposed on anonymous http port 1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters 1897003 - VNC console cannot be connected after visit it in new window 1897008 - Cypress: reenable check for 'aria-hidden-focus' rule & checkA11y test for modals 1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO 1897039 - router pod keeps printing log: template "msg"="router reloaded" "output"="[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option 'http-use-htx' is deprecated and ignored 1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV. 1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces 1897138 - oVirt provider uses depricated cluster-api project 1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly 1897252 - Firing alerts are not showing up in console UI after cluster is up for some time 1897354 - Operator installation showing success, but Provided APIs are missing 1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with "connection refused" 1897412 - [sriov]disableDrain did not be updated in CRD of manifest 1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page 1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to 'localhost' 1897520 - After restarting nodes the image-registry co is in degraded true state. 1897584 - Add casc plugins 1897603 - Cinder volume attachment detection failure in Kubelet 1897604 - Machine API deployment fails: Kube-Controller-Manager can't reach API: "Unauthorized" 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests 1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition 1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannotCreate OCS Cluster Service1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing 1897897 - ptp lose sync openshift 4.6 1898036 - no network after reboot (IPI) 1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically 1898097 - mDNS floods the baremetal network 1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem 1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied 1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster 1898174 - [OVN] EgressIP does not guard against node IP assignment 1898194 - GCP: can't install on custom machine types 1898238 - Installer validations allow same floating IP for API and Ingress 1898268 - [OVN]:make checkbroken on 4.6 1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default 1898320 - Incorrect Apostrophe Translation of "it's" in Scheduling Disabled Popover 1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display. 1898407 - [Deployment timing regression] Deployment takes longer with 4.7 1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service 1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine 1898500 - Failure to upgrade operator when a Service is included in a Bundle 1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic 1898532 - Display names defined in specDescriptors not respected 1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted 1898613 - Whereabouts should exclude IPv6 ranges 1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase 1898679 - Operand creation form - Required "type: object" properties (Accordion component) are missing red asterisk 1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability 1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator 1898839 - Wrong YAML in operator metadata 1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job 1898873 - Remove TechPreview Badge from Monitoring 1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way 1899111 - [RFE] Update jenkins-maven-agen to maven36 1899128 - VMI details screen -> show the warning that it is preferable to have a VM only if the VM actually does not exist 1899175 - bump the RHCOS boot images for 4.7 1899198 - Use new packages for ipa ramdisks 1899200 - In Installed Operators page I cannot search for an Operator by it's name 1899220 - Support AWS IMDSv2 1899350 - configure-ovs.sh doesn't configure bonding options 1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error "An error occurred Not Found" 1899459 - Failed to start monitoring pods once the operator removed from override list of CVO 1899515 - Passthrough credentials are not immediately re-distributed on update 1899575 - update discovery burst to reflect lots of CRDs on openshift clusters 1899582 - update discovery burst to reflect lots of CRDs on openshift clusters 1899588 - Operator objects are re-created after all other associated resources have been deleted 1899600 - Increased etcd fsync latency as of OCP 4.6 1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup 1899627 - Project dashboard Active status using small icon 1899725 - Pods table does not wrap well with quick start sidebar open 1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD) 1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality 1899835 - catalog-operator repeatedly crashes with "runtime error: index out of range [0] with length 0" 1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap 1899853 - additionalSecurityGroupIDs not working for master nodes 1899922 - NP changes sometimes influence new pods. 1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet 1900008 - Fix internationalized sentence fragments in ImageSearch.tsx 1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx 1900020 - Remove &apos; from internationalized keys 1900022 - Search Page - Top labels field is not applied to selected Pipeline resources 1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently 1900126 - Creating a VM results in suggestion to create a default storage class when one already exists 1900138 - [OCP on RHV] Remove insecure mode from the installer 1900196 - stalld is not restarted after crash 1900239 - Skip "subPath should be able to unmount" NFS test 1900322 - metal3 pod's toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists 1900377 - [e2e][automation] create new css selector for active users 1900496 - (release-4.7) Collect spec config for clusteroperator resources 1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks 1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue 1900759 - include qemu-guest-agent by default 1900790 - Track all resource counts via telemetry 1900835 - Multus errors when cachefile is not found 1900935 -oc adm release mirrorpanic panic: runtime error 1900989 - accessing the route cannot wake up the idled resources 1901040 - When scaling down the status of the node is stuck on deleting 1901057 - authentication operator health check failed when installing a cluster behind proxy 1901107 - pod donut shows incorrect information 1901111 - Installer dependencies are broken 1901200 - linuxptp-daemon crash when enable debug log level 1901301 - CBO should handle platform=BM without provisioning CR 1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly 1901363 - High Podready Latency due to timed out waiting for annotations 1901373 - redundant bracket on snapshot restore button 1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with "timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true" 1901395 - "Edit virtual machine template" action link should be removed 1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting 1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP 1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema 1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod "before all" hook for "creates the resource instance" 1901604 - CNO blocks editing Kuryr options 1901675 - [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled 1901909 - The device plugin pods / cni pod are restarted every 5 minutes 1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service 1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error 1902059 - Wire a real signer for service accout issuer 1902091 -cluster-image-registry-operatorpod leaves connections open when fails connecting S3 storage 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902157 - The DaemonSet machine-api-termination-handler couldn't allocate Pod 1902253 - MHC status doesnt set RemediationsAllowed = 0 1902299 - Failed to mirror operator catalog - error: destination registry required 1902545 - Cinder csi driver node pod should add nodeSelector for Linux 1902546 - Cinder csi driver node pod doesn't run on master node 1902547 - Cinder csi driver controller pod doesn't run on master node 1902552 - Cinder csi driver does not use the downstream images 1902595 - Project workloads list view doesn't show alert icon and hover message 1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent 1902601 - Cinder csi driver pods run as BestEffort qosClass 1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group 1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails 1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked 1902824 - failed to generate semver informed package manifest: unable to determine default channel 1902894 - hybrid-overlay-node crashing trying to get node object during initialization 1902969 - Cannot load vmi detail page 1902981 - It should default to current namespace when create vm from template 1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI 1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry 1903034 - OLM continuously printing debug logs 1903062 - [Cinder csi driver] Deployment mounted volume have no write access 1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready 1903107 - Enable vsphere-problem-detector e2e tests 1903164 - OpenShift YAML editor jumps to top every few seconds 1903165 - Improve Canary Status Condition handling for e2e tests 1903172 - Column Management: Fix sticky footer on scroll 1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled 1903188 - [Descheduler] cluster log reports failed to validate server configuration" err="unsupported log format: 1903192 - Role name missing on create role binding form 1903196 - Popover positioning is misaligned for Overview Dashboard status items 1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends. 1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components 1903248 - Backport Upstream Static Pod UID patch 1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests] 1903290 - Kubelet repeatedly log the same log line from exited containers 1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption. 1903382 - Panic when task-graph is canceled with a TaskNode with no tasks 1903400 - Migrate a VM which is not running goes to pending state 1903402 - Nic/Disk on VMI overview should link to VMI's nic/disk page 1903414 - NodePort is not working when configuring an egress IP address 1903424 - mapi_machine_phase_transition_seconds_sum doesn't work 1903464 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum" 1903639 - Hostsubnet gatherer produces wrong output 1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service 1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started 1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image 1903717 - Handle different Pod selectors for metal3 Deployment 1903733 - Scale up followed by scale down can delete all running workers 1903917 - Failed to load "Developer Catalog" page 1903999 - Httplog response code is always zero 1904026 - The quota controllers should resync on new resources and make progress 1904064 - Automated cleaning is disabled by default 1904124 - DHCP to static lease script doesn't work correctly if starting with infinite leases 1904125 - Boostrap VM .ign image gets added into 'default' pool instead of <cluster-name>-<id>-bootstrap 1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails 1904133 - KubeletConfig flooded with failure conditions 1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart 1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi ! 1904244 - MissingKey errors for two plugins using i18next.t 1904262 - clusterresourceoverride-operator has version: 1.0.0 every build 1904296 - VPA-operator has version: 1.0.0 every build 1904297 - The index image generated by "opm index prune" leaves unrelated images 1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards 1904385 - [oVirt] registry cannot mount volume on 4.6.4 -> 4.6.6 upgrade 1904497 - vsphere-problem-detector: Run on vSphere cloud only 1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set 1904502 - vsphere-problem-detector: allow longer timeouts for some operations 1904503 - vsphere-problem-detector: emit alerts 1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody) 1904578 - metric scraping for vsphere problem detector is not configured 1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -> 4.6.6 upgrade 1904663 - IPI pointer customization MachineConfig always generated 1904679 - [Feature:ImageInfo] Image info should display information about images 1904683 -[sig-builds][Feature:Builds] s2i build with a root user imagetests use docker.io image 1904684 - [sig-cli] oc debug ensure it works with image streams 1904713 - Helm charts with kubeVersion restriction are filtered incorrectly 1904776 - Snapshot modal alert is not pluralized 1904824 - Set vSphere hostname from guestinfo before NM starts 1904941 - Insights status is always showing a loading icon 1904973 - KeyError: 'nodeName' on NP deletion 1904985 - Prometheus and thanos sidecar targets are down 1904993 - Many ampersand special characters are found in strings 1905066 - QE - Monitoring test cases - smoke test suite automation 1905074 - QE -Gherkin linter to maintain standards 1905100 - Too many haproxy processes in default-router pod causing high load average 1905104 - Snapshot modal disk items missing keys 1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm 1905119 - Race in AWS EBS determining whether custom CA bundle is used 1905128 - [e2e][automation] e2e tests succeed without actually execute 1905133 - operator conditions special-resource-operator 1905141 - vsphere-problem-detector: report metrics through telemetry 1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures 1905194 - Detecting broken connections to the Kube API takes up to 15 minutes 1905221 - CVO transitions from "Initializing" to "Updating" despite not attempting many manifests 1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP 1905253 - Inaccurate text at bottom of Events page 1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory 1905299 - OLM fails to update operator 1905307 - Provisioning CR is missing from must-gather 1905319 - cluster-samples-operator containers are not requesting required memory resource 1905320 - csi-snapshot-webhook is not requesting required memory resource 1905323 - dns-operator is not requesting required memory resource 1905324 - ingress-operator is not requesting required memory resource 1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory 1905328 - Changing the bound token service account issuer invalids previously issued bound tokens 1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory 1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory 1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails 1905347 - QE - Design Gherkin Scenarios 1905348 - QE - Design Gherkin Scenarios 1905362 - [sriov] Error message 'Fail to update DaemonSet' always shown in sriov operator pod 1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted 1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input 1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation 1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1 1905404 - The example of "Remove the entrypoint on the mysql:latest image" foroc image appenddoes not work 1905416 - Hyperlink not working from Operator Description 1905430 - usbguard extension fails to install because of missing correct protobuf dependency version 1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads 1905502 - Test flake - unable to get https transport for ephemeral-registry 1905542 - [GSS] The "External" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6. 1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs 1905610 - Fix typo in export script 1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster 1905640 - Subscription manual approval test is flaky 1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry 1905696 - ClusterMoreUpdatesModal component did not get internationalized 1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes 1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project 1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster 1905792 - [OVN]Cannot create egressfirewalll with dnsName 1905889 - Should create SA for each namespace that the operator scoped 1905920 - Quickstart exit and restart 1905941 - Page goes to error after create catalogsource 1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711 1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters 1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected 1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it 1906118 - OCS feature detection constantly polls storageclusters and storageclasses 1906120 - 'Create Role Binding' form not setting user or group value when created from a user or group resource 1906121 - [oc] After new-project creation, the kubeconfig file does not set the project 1906134 - OLM should not create OperatorConditions for copied CSVs 1906143 - CBO supports log levels 1906186 - i18n: Translators are not able to translatethiswithout context for alert manager config 1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots 1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize. 1906276 -oc image appendcan't work with multi-arch image with --filter-by-os='.*' 1906318 - use proper term for Authorized SSH Keys 1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional 1906356 - Unify Clone PVC boot source flow with URL/Container boot source 1906397 - IPA has incorrect kernel command line arguments 1906441 - HorizontalNav and NavBar have invalid keys 1906448 - Deploy using virtualmedia with provisioning network disabled fails - 'Failed to connect to the agent' in ironic-conductor log 1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project 1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them 1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures 1906511 - Root reprovisioning tests flaking often in CI 1906517 - Validation is not robust enough and may prevent to generate install-confing. 1906518 - Update snapshot API CRDs to v1 1906519 - Update LSO CRDs to use v1 1906570 - Number of disruptions caused by reboots on a cluster cannot be measured 1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope 1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs 1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs 1906679 - quick start panel styles are not loaded 1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber 1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form 1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created 1906689 - user can pin to nav configmaps and secrets multiple times 1906691 - Add doc which describes disabling helm chart repository 1906713 - Quick starts not accesible for a developer user 1906718 - helm chart "provided by Redhat" is misspelled 1906732 - Machine API proxy support should be tested 1906745 - Update Helm endpoints to use Helm 3.4.x 1906760 - performance issues with topology constantly re-rendering 1906766 - localizedAutoscaled&Autoscalingpod texts overlap with the pod ring 1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section 1906769 - topology fails to load with non-kubeadmin user 1906770 - shortcuts on mobiles view occupies a lot of space 1906798 - Dev catalog customization doesn't update console-config ConfigMap 1906806 - Allow installing extra packages in ironic container images 1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer 1906835 - Topology view shows add page before then showing full project workloads 1906840 - ClusterOperator should not have status "Updating" if operator version is the same as the release version 1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy 1906860 - Bump kube dependencies to v1.20 for Net Edge components 1906864 - Quick Starts Tour: Need to adjust vertical spacing 1906866 - Translations of Sample-Utils 1906871 - White screen when sort by name in monitoring alerts page 1906872 - Pipeline Tech Preview Badge Alignment 1906875 - Provide an option to force backup even when API is not available. 1906877 - Placeholder' value in search filter do not match column heading in Vulnerabilities 1906879 - Add missing i18n keys 1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install 1906896 - No Alerts causes odd empty Table (Need no content message) 1906898 - Missing User RoleBindings in the Project Access Web UI 1906899 - Quick Start - Highlight Bounding Box Issue 1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1 1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers 1906935 - Delete resources when Provisioning CR is deleted 1906968 - Must-gather should support collecting kubernetes-nmstate resources 1906986 - Ensure failed pod adds are retried even if the pod object doesn't change 1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt 1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change 1907211 - beta promotion of p&f switched storage version to v1beta1, making downgrades impossible. 1907269 - Tooltips data are different when checking stack or not checking stack for the same time 1907280 - Install tour of OCS not available. 1907282 - Topology page breaks with white screen 1907286 - The default mhc machine-api-termination-handler couldn't watch spot instance 1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent 1907293 - Increase timeouts in e2e tests 1907295 - Gherkin script for improve management for helm 1907299 - Advanced Subscription Badge for KMS and Arbiter not present 1907303 - Align VM template list items by baseline 1907304 - Use PF styles for selected template card in VM Wizard 1907305 - Drop 'ISO' from CDROM boot source message 1907307 - Support and provider labels should be passed on between templates and sources 1907310 - Pin action should be renamed to favorite 1907312 - VM Template source popover is missing info about added date 1907313 - ClusterOperator objects cannot be overriden with cvo-overrides 1907328 - iproute-tc package is missing in ovn-kube image 1907329 - CLUSTER_PROFILE env. variable is not used by the CVO 1907333 - Node stuck in degraded state, mcp reports "Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached" 1907373 - Rebase to kube 1.20.0 1907375 - Bump to latest available 1.20.x k8s - workloads team 1907378 - Gather netnamespaces networking info 1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity 1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn't match the CSV one 1907390 - prometheus-adapter: panic after k8s 1.20 bump 1907399 - build log icon link on topology nodes cause app to reload 1907407 - Buildah version not accessible 1907421 - [4.6.1]oc-image-mirror command failed on "error: unable to copy layer" 1907453 - Dev Perspective -> running vm details -> resources -> no data 1907454 - Install PodConnectivityCheck CRD with CNO 1907459 - "The Boot source is also maintained by Red Hat." is always shown for all boot sources 1907475 - Unable to estimate the error rate of ingress across the connected fleet 1907480 -Active alertssection throwing forbidden error for users. 1907518 - Kamelets/Eventsource should be shown to user if they have create access 1907543 - Korean timestamps are shown when users' language preferences are set to German-en-en-US 1907610 - Update kubernetes deps to 1.20 1907612 - Update kubernetes deps to 1.20 1907621 - openshift/installer: bump cluster-api-provider-kubevirt version 1907628 - Installer does not set primary subnet consistently 1907632 - Operator Registry should update its kubernetes dependencies to 1.20 1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters 1907644 - fix up handling of non-critical annotations on daemonsets/deployments 1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?) 1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication 1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail 1907767 - [e2e][automation]update test suite for kubevirt plugin 1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don't allow master and worker nodes to boot 1907792 - Theoverridesof the OperatorCondition cannot block the operator upgrade 1907793 - Surface support info in VM template details 1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage 1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set 1907863 - Quickstarts status not updating when starting the tour 1907872 - dual stack with an ipv6 network fails on bootstrap phase 1907874 - QE - Design Gherkin Scenarios for epic ODC-5057 1907875 - No response when try to expand pvc with an invalid size 1907876 - Refactoring record package to make gatherer configurable 1907877 - QE - Automation- pipelines builder scripts 1907883 - Fix Pipleine creation without namespace issue 1907888 - Fix pipeline list page loader 1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form 1907892 - Unable to edit application deployed using "From Devfile" option 1907893 - navSortUtils.spec.ts unit test failure 1907896 - When a workload is added, Topology does not place the new items well 1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template 1907924 - Enable madvdontneed in OpenShift Images 1907929 - Enable madvdontneed in OpenShift System Components Part 2 1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot 1907947 - The kubeconfig saved in tenantcluster shouldn't include anything that is not related to the current context 1907948 - OCM-O bump to k8s 1.20 1907952 - bump to k8s 1.20 1907972 - Update OCM link to open Insights tab 1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI 1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916 1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni 1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk 1908035 - dynamic-demo-plugin build does not generate dist directory 1908135 - quick search modal is not centered over topology 1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled 1908159 - [AWS C2S] MCO fails to sync cloud config 1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384) 1908180 - Add source for template is stucking in preparing pvc 1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens 1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN 1908277 - QE - Automation- pipelines actions scripts 1908280 - Documentation describingignore-volume-azis incorrect 1908296 - Fix pipeline builder form yaml switcher validation issue 1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI 1908323 - Create button missing for PLR in the search page 1908342 - The new pv_collector_total_pv_count is not reported via telemetry 1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name 1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots 1908349 - Volume snapshot tests are failing after 1.20 rebase 1908353 - QE - Automation- pipelines runs scripts 1908361 - bump to k8s 1.20 1908367 - QE - Automation- pipelines triggers scripts 1908370 - QE - Automation- pipelines secrets scripts 1908375 - QE - Automation- pipelines workspaces scripts 1908381 - Go Dependency Fixes for Devfile Lib 1908389 - Loadbalancer Sync failing on Azure 1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived 1908407 - Backport Upstream 95269 to fix potential crash in kubelet 1908410 - Exclude Yarn from VSCode search 1908425 - Create Role Binding form subject type and name are undefined when All Project is selected 1908431 - When the marketplace-operator pod get's restarted, the custom catalogsources are gone, as well as the pods 1908434 - Remove &apos from metal3-plugin internationalized strings 1908437 - Operator backed with no icon has no badge associated with the CSV tag 1908459 - bump to k8s 1.20 1908461 - Add bugzilla component to OWNERS file 1908462 - RHCOS 4.6 ostree removed dhclient 1908466 - CAPO AZ Screening/Validating 1908467 - Zoom in and zoom out in topology package should be sentence case 1908468 - [Azure][4.7] Installer can't properly parse instance type with non integer memory size 1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster 1908471 - OLM should bump k8s dependencies to 1.20 1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests 1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM 1908545 - VM clone dialog does not open 1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard 1908562 - Pod readiness is not being observed in real world cases 1908565 - [4.6] Cannot filter the platform/arch of the index image 1908573 - Align the style of flavor 1908583 - bootstrap does not run on additional networks if configured for master in install-config 1908596 - Race condition on operator installation 1908598 - Persistent Dashboard shows events for all provisioners 1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state 1908648 - Skip TestKernelType test on OKD, adjust TestExtensions 1908650 - The title of customize wizard is inconsistent 1908654 - cluster-api-provider: volumes and disks names shouldn't change by machine-api-operator 1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s] 1908687 - Option to save user settings separate when using local bridge (affects console developers only) 1908697 - Showkubectl diff command in the oc diff help page 1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom 1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds 1908717 - "missing unit character in duration" error in some network dashboards 1908746 - [Safari] Drop Shadow doesn't works as expected on hover on workload 1908747 - stale S3 CredentialsRequest in CCO manifest 1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase 1908830 - RHCOS 4.6 - Missing Initiatorname 1908868 - Update empty state message for EventSources and Channels tab 1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1908888 - Dualstack does not work with multiple gateways 1908889 - Bump CNO to k8s 1.20 1908891 - TestDNSForwarding DNS operator e2e test is failing frequently 1908914 - CNO: upgrade nodes before masters 1908918 - Pipeline builder yaml view sidebar is not responsive 1908960 - QE - Design Gherkin Scenarios 1908971 - Gherkin Script for pipeline debt 4.7 1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated 1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console 1908998 - [cinder-csi-driver] doesn't detect the credentials change 1909004 - "No datapoints found" for RHEL node's filesystem graph 1909005 - i18n: workloads list view heading is not translated 1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects 1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type 1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware 1909067 - Web terminal should keep latest output when connection closes 1909070 - PLR and TR Logs component is not streaming as fast as tkn 1909092 - Error Message should not confuse user on Channel form 1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page 1909108 - Machine API components should use 1.20 dependencies 1909116 - Catalog Sort Items dropdown is not aligned on Firefox 1909198 - Move Sink action option is not working 1909207 - Accessibility Issue on monitoring page 1909236 - Remove pinned icon overlap on resource name 1909249 - Intermittent packet drop from pod to pod 1909276 - Accessibility Issue on create project modal 1909289 - oc debug of an init container no longer works 1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2 1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle 1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it 1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O 1909464 - Build operator-registry with golang-1.15 1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found 1909521 - Add kubevirt cluster type for e2e-test workflow 1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created 1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node 1909610 - Fix available capacity when no storage class selected 1909678 - scale up / down buttons available on pod details side panel 1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART 1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined 1909739 - Arbiter request data changes 1909744 - cluster-api-provider-openstack: Bump gophercloud 1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline 1909791 - Update standalone kube-proxy config for EndpointSlice 1909792 - Empty states for some details page subcomponents are not i18ned 1909815 - Perspective switcher is only half-i18ned 1909821 - OCS 4.7 LSO installation blocked because of Error "Invalid value: "integer": spec.flexibleScaling in body 1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn't installed in CI 1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing 1909911 - [OVN]EgressFirewall caused a segfault 1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument 1909958 - Support Quick Start Highlights Properly 1909978 - ignore-volume-az = yes not working on standard storageClass 1909981 - Improve statement in template select step 1909992 - Fail to pull the bundle image when using the private index image 1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev 1910036 - QE - Design Gherkin Scenarios ODC-4504 1910049 - UPI: ansible-galaxy is not supported 1910127 - [UPI on oVirt]: Improve UPI Documentation 1910140 - fix the api dashboard with changes in upstream kube 1.20 1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment's containers with the OPERATOR_CONDITION_NAME Environment Variable 1910165 - DHCP to static lease script doesn't handle multiple addresses 1910305 - [Descheduler] - The minKubeVersion should be 1.20.0 1910409 - Notification drawer is not localized for i18n 1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials 1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation 1910501 - Installed Operators->Operand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page 1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work 1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready 1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability 1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded 1910739 - Redfish-virtualmedia (idrac) deploy fails on "The Virtual Media image server is already connected" 1910753 - Support Directory Path to Devfile 1910805 - Missing translation for Pipeline status and breadcrumb text 1910829 - Cannot delete a PVC if the dv's phase is WaitForFirstConsumer 1910840 - Show Nonexistent command info in theoc rollback -hhelp page 1910859 - breadcrumbs doesn't use last namespace 1910866 - Unify templates string 1910870 - Unify template dropdown action 1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6 1911129 - Monitoring charts renders nothing when switching from a Deployment to "All workloads" 1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard 1911212 - [MSTR-998] API Performance Dashboard "Period" drop-down has a choice "$__auto_interval_period" which can bring "1:154: parse error: missing unit character in duration" 1911213 - Wrong and misleading warning for VMs that were created manually (not from template) 1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created 1911269 - waiting for the build message present when build exists 1911280 - Builder images are not detected for Dotnet, Httpd, NGINX 1911307 - Pod Scale-up requires extra privileges in OpenShift web-console 1911381 - "Select Persistent Volume Claim project" shows in customize wizard when select a source available template 1911382 - "source volumeMode (Block) and target volumeMode (Filesystem) do not match" shows in VM Error 1911387 - Hit error - "Cannot read property 'value' of undefined" while creating VM from template 1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation 1911418 - [v2v] The target storage class name is not displayed if default storage class is used 1911434 - git ops empty state page displays icon with watermark 1911443 - SSH Cretifiaction field should be validated 1911465 - IOPS display wrong unit 1911474 - Devfile Application Group Does Not Delete Cleanly (errors) 1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController 1911574 - Expose volume mode on Upload Data form 1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined 1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel 1911656 - using 'operator-sdk run bundle' to install operator successfully, but the command output said 'Failed to run bundle'' 1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state 1911782 - Descheduler should not evict pod used local storage by the PVC 1911796 - uploading flow being displayed before submitting the form 1912066 - The ansible type operator's manager container is not stable when managing the CR 1912077 - helm operator's default rbac forbidden 1912115 - [automation] Analyze job keep failing because of 'JavaScript heap out of memory' 1912237 - Rebase CSI sidecars for 4.7 1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page 1912409 - Fix flow schema deployment 1912434 - Update guided tour modal title 1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken 1912523 - Standalone pod status not updating in topology graph 1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion 1912558 - TaskRun list and detail screen doesn't show Pending status 1912563 - p&f: carry 97206: clean up executing request on panic 1912565 - OLM macOS local build broken by moby/term dependency 1912567 - [OCP on RHV] Node becomes to 'NotReady' status when shutdown vm from RHV UI only on the second deletion 1912577 - 4.1/4.2->4.3->...-> 4.7 upgrade is stuck during 4.6->4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff 1912590 - publicImageRepository not being populated 1912640 - Go operator's controller pods is forbidden 1912701 - Handle dual-stack configuration for NIC IP 1912703 - multiple queries can't be plotted in the same graph under some conditons 1912730 - Operator backed: In-context should support visual connector if SBO is not installed 1912828 - Align High Performance VMs with High Performance in RHV-UI 1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates 1912852 - VM from wizard - available VM templates - "storage" field is "0 B" 1912888 - recycler template should be moved to KCM operator 1912907 - Helm chart repository index can contain unresolvable relative URL's 1912916 - Set external traffic policy to cluster for IBM platform 1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller 1912938 - Update confirmation modal for quick starts 1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment 1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment 1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver 1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912977 - rebase upstream static-provisioner 1913006 - Remove etcd v2 specific alerts with etcd_http* metrics 1913011 - [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip 1913037 - update static-provisioner base image 1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state 1913085 - Regression OLM uses scoped client for CRD installation 1913096 - backport: cadvisor machine metrics are missing in k8s 1.19 1913132 - The installation of Openshift Virtualization reports success early before it 's succeeded eventually 1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root 1913196 - Guided Tour doesn't handle resizing of browser 1913209 - Support modal should be shown for community supported templates 1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort 1913249 - update info alert this template is not aditable 1913285 - VM list empty state should link to virtualization quick starts 1913289 - Rebase AWS EBS CSI driver for 4.7 1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled 1913297 - Remove restriction of taints for arbiter node 1913306 - unnecessary scroll bar is present on quick starts panel 1913325 - 1.20 rebase for openshift-apiserver 1913331 - Import from git: Fails to detect Java builder 1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used 1913343 - (release-4.7) Added changelog file for insights-operator 1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator 1913371 - Missing i18n key "Administrator" in namespace "console-app" and language "en." 1913386 - users can see metrics of namespaces for which they don't have rights when monitoring own services with prometheus user workloads 1913420 - Time duration setting of resources is not being displayed 1913536 - 4.6.9 -> 4.7 upgrade hangs. RHEL 7.9 worker stuck on "error enabling unit: Failed to execute operation: File exists\\n\" 1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase 1913560 - Normal user cannot load template on the new wizard 1913563 - "Virtual Machine" is not on the same line in create button when logged with normal user 1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table 1913568 - Normal user cannot create template 1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker 1913585 - Topology descriptive text fixes 1913608 - Table data contains data value None after change time range in graph and change back 1913651 - Improved Red Hat image and crashlooping OpenShift pod collection 1913660 - Change location and text of Pipeline edit flow alert 1913685 - OS field not disabled when creating a VM from a template 1913716 - Include additional use of existing libraries 1913725 - Refactor Insights Operator Plugin states 1913736 - Regression: fails to deploy computes when using root volumes 1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes 1913751 - add third-party network plugin test suite to openshift-tests 1913783 - QE-To fix the merging pr issue, commenting the afterEach() block 1913807 - Template support badge should not be shown for community supported templates 1913821 - Need definitive steps about uninstalling descheduler operator 1913851 - Cluster Tasks are not sorted in pipeline builder 1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists 1913951 - Update the Devfile Sample Repo to an Official Repo Host 1913960 - Cluster Autoscaler should use 1.20 dependencies 1913969 - Field dependency descriptor can sometimes cause an exception 1914060 - Disk created from 'Import via Registry' cannot be used as boot disk 1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy 1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks) 1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances 1914125 - Still using /dev/vde as default device path when create localvolume 1914183 - Empty NAD page is missing link to quickstarts 1914196 - target port infrom dockerfileflow does nothing 1914204 - Creating VM from dev perspective may fail with template not found error 1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets 1914212 - [e2e][automation] Add test to validate bootable disk souce 1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes 1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows 1914287 - Bring back selfLink 1914301 - User VM Template source should show the same provider as template itself 1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs 1914309 - /terminal page when WTO not installed shows nonsensical error 1914334 - order of getting started samples is arbitrary 1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x 1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI 1914405 - Quick search modal should be opened when coming back from a selection 1914407 - Its not clear that node-ca is running as non-root 1914427 - Count of pods on the dashboard is incorrect 1914439 - Typo in SRIOV port create command example 1914451 - cluster-storage-operator pod running as root 1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true 1914642 - Customize Wizard Storage tab does not pass validation 1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling 1914793 - device names should not be translated 1914894 - Warn about using non-groupified api version 1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug 1914932 - Put correct resource name in relatedObjects 1914938 - PVC disk is not shown on customization wizard general tab 1914941 - VM Template rootdisk is not deleted after fetching default disk bus 1914975 - Collect logs from openshift-sdn namespace 1915003 - No estimate of average node readiness during lifetime of a cluster 1915027 - fix MCS blocking iptables rules 1915041 - s3:ListMultipartUploadParts is relied on implicitly 1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons 1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours 1915085 - Pods created and rapidly terminated get stuck 1915114 - [aws-c2s] worker machines are not create during install 1915133 - Missing default pinned nav items in dev perspective 1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource 1915187 - Remove the "Tech preview" tag in web-console for volumesnapshot 1915188 - Remove HostSubnet anonymization 1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment 1915217 - OKD payloads expect to be signed with production keys 1915220 - Remove dropdown workaround for user settings 1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure 1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod 1915277 - [e2e][automation]fix cdi upload form test 1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout 1915304 - Updating scheduling component builder & base images to be consistent with ART 1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node 1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection 1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod 1915357 - Dev Catalog doesn't load anything if virtualization operator is installed 1915379 - New template wizard should require provider and make support input a dropdown type 1915408 - Failure in operator-registry kind e2e test 1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation 1915460 - Cluster name size might affect installations 1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance 1915540 - Silent 4.7 RHCOS install failure on ppc64le 1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI) 1915582 - p&f: carry upstream pr 97860 1915594 - [e2e][automation] Improve test for disk validation 1915617 - Bump bootimage for various fixes 1915624 - "Please fill in the following field: Template provider" blocks customize wizard 1915627 - Translate Guided Tour text. 1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error 1915647 - Intermittent White screen when the connector dragged to revision 1915649 - "Template support" pop up is not a warning; checkbox text should be rephrased 1915654 - [e2e][automation] Add a verification for Afinity modal should hint "Matching node found" 1915661 - Can't run the 'oc adm prune' command in a pod 1915672 - Kuryr doesn't work with selfLink disabled. 1915674 - Golden image PVC creation - storage size should be taken from the template 1915685 - Message for not supported template is not clear enough 1915760 - Need to increase timeout to wait rhel worker get ready 1915793 - quick starts panel syncs incorrectly across browser windows 1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster 1915818 - vsphere-problem-detector: use "_totals" in metrics 1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol 1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version 1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0 1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics 1915885 - Kuryr doesn't support workers running on multiple subnets 1915898 - TaskRun log output shows "undefined" in streaming 1915907 - test/cmd/builds.sh uses docker.io 1915912 - sig-storage-csi-snapshotter image not available 1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART 1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard 1915939 - Resizing the browser window removes Web Terminal Icon 1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance] 1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7 1915962 - ROKS: manifest with machine health check fails to apply in 4.7 1915972 - Global configuration breadcrumbs do not work as expected 1915981 - Install ethtool and conntrack in container for debugging 1915995 - "Edit RoleBinding Subject" action under RoleBinding list page kebab actions causes unhandled exception 1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups 1916021 - OLM enters infinite loop if Pending CSV replaces itself 1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry 1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert's annotations 1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk 1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration 1916145 - Explicitly set minimum versions of python libraries 1916164 - Update csi-driver-nfs builder & base images to be consistent with ART 1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7 1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third 1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2 1916379 - error metrics from vsphere-problem-detector should be gauge 1916382 - Can't create ext4 filesystems with Ignition 1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving 'verified: false' even for verified updates 1916401 - Deleting an ingress controller with a bad DNS Record hangs 1916417 - [Kuryr] Must-gather does not have all Custom Resources information 1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image 1916454 - teach CCO about upgradeability from 4.6 to 4.7 1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation 1916502 - Boot disk mirroring fails with mdadm error 1916524 - Two rootdisk shows on storage step 1916580 - Default yaml is broken for VM and VM template 1916621 - oc adm node-logs examples are wrong 1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret. 1916692 - Possibly fails to destroy LB and thus cluster 1916711 - Update Kube dependencies in MCO to 1.20.0 1916747 - remove links to quick starts if virtualization operator isn't updated to 2.6 1916764 - editing a workload with no application applied, will auto fill the app 1916834 - Pipeline Metrics - Text Updates 1916843 - collect logs from openshift-sdn-controller pod 1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed 1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually 1916888 - OCS wizard Donor chart does not get updated whenDevice Typeis edited 1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error "Forbidden: cannot specify lbFloatingIP and apiFloatingIP together" 1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace 1917101 - [UPI on oVirt] - 'RHCOS image' topic isn't located in the right place in UPI document 1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to '"ProxyConfigController" controller failed to sync "key"' error 1917117 - Common templates - disks screen: invalid disk name 1917124 - Custom template - clone existing PVC - the name of the target VM's data volume is hard-coded; only one VM can be created 1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator 1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. 1917148 - [oVirt] Consume 23-10 ovirt sdk 1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened 1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console 1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory 1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7 1917327 - annotations.message maybe wrong for NTOPodsNotReady alert 1917367 - Refactor periodic.go 1917371 - Add docs on how to use the built-in profiler 1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console 1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui 1917484 - [BM][IPI] Failed to scale down machineset 1917522 - Deprecate --filter-by-os in oc adm catalog mirror 1917537 - controllers continuously busy reconciling operator 1917551 - use min_over_time for vsphere prometheus alerts 1917585 - OLM Operator install page missing i18n 1917587 - Manila CSI operator becomes degraded if user doesn't have permissions to list share types 1917605 - Deleting an exgw causes pods to no longer route to other exgws 1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API 1917656 - Add to Project/application for eventSources from topology shows 404 1917658 - Show TP badge for sources powered by camel connectors in create flow 1917660 - Editing parallelism of job get error info 1917678 - Could not provision pv when no symlink and target found on rhel worker 1917679 - Hide double CTA in admin pipelineruns tab 1917683 -NodeTextFileCollectorScrapeErroralert in OCP 4.6 cluster. 1917759 - Console operator panics after setting plugin that does not exists to the console-operator config 1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0 1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0 1917799 - Gather s list of names and versions of installed OLM operators 1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error 1917814 - Show Broker create option in eventing under admin perspective 1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types 1917872 - [oVirt] rebase on latest SDK 2021-01-12 1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image 1917938 - upgrade version of dnsmasq package 1917942 - Canary controller causes panic in ingress-operator 1918019 - Undesired scrollbars in markdown area of QuickStart 1918068 - Flaky olm integration tests 1918085 - reversed name of job and namespace in cvo log 1918112 - Flavor is not editable if a customize VM is created from cli 1918129 - Update IO sample archive with missing resources & remove IP anonymization from clusteroperator resources 1918132 - i18n: Volume Snapshot Contents menu is not translated 1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2 1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn't be installed on OSP 1918153 - When&character is set as an environment variable in a build config it is getting converted as\u00261918185 - Capitalization on PLR details page 1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections 1918318 - Kamelet connector's are not shown in eventing section under Admin perspective 1918351 - Gather SAP configuration (SCC & ClusterRoleBinding) 1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews 1918395 - [ovirt] increase livenessProbe period 1918415 - MCD nil pointer on dropins 1918438 - [ja_JP, zh_CN] Serverless i18n misses 1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig 1918471 - CustomNoUpgrade Feature gates are not working correctly 1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk 1918622 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART 1918623 - Updating ose-jenkins-agent-nodejs-12 builder & base images to be consistent with ART 1918625 - Updating ose-jenkins-agent-nodejs-10 builder & base images to be consistent with ART 1918635 - Updating openshift-jenkins-2 builder & base images to be consistent with ART #1197 1918639 - Event listener with triggerRef crashes the console 1918648 - Subscription page doesn't show InstallPlan correctly 1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack 1918748 - helmchartrepo is not http(s)_proxy-aware 1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI 1918803 - Need dedicated details page w/ global config breadcrumbs for 'KnativeServing' plugin 1918826 - Insights popover icons are not horizontally aligned 1918879 - need better debug for bad pull secrets 1918958 - The default NMstate instance from the operator is incorrect 1919097 - Close bracket ")" missing at the end of the sentence in the UI 1919231 - quick search modal cut off on smaller screens 1919259 - Make "Add x" singular in Pipeline Builder 1919260 - VM Template list actions should not wrap 1919271 - NM prepender script doesn't support systemd-resolved 1919341 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART 1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry 1919379 - dotnet logo out of date 1919387 - Console login fails with no error when it can't write to localStorage 1919396 - A11y Violation: svg-img-alt on Pod Status ring 1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren't verified 1919750 - Search InstallPlans got Minified React error 1919778 - Upgrade is stuck in insights operator Degraded with "Source clusterconfig could not be retrieved" until insights operator pod is manually deleted 1919823 - OCP 4.7 Internationalization Chinese tranlate issue 1919851 - Visualization does not render when Pipeline & Task share same name 1919862 - The tip information foroc new-project --skip-config-writeis wrong 1919876 - VM created via customize wizard cannot inherit template's PVC attributes 1919877 - Click on KSVC breaks with white screen 1919879 - The toolbox container name is changed from 'toolbox-root' to 'toolbox-' in a chroot environment 1919945 - user entered name value overridden by default value when selecting a git repository 1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference 1919970 - NTO does not update when the tuned profile is updated. 1919999 - Bump Cluster Resource Operator Golang Versions 1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration 1920200 - user-settings network error results in infinite loop of requests 1920205 - operator-registry e2e tests not working properly 1920214 - Bump golang to 1.15 in cluster-resource-override-admission 1920248 - re-running the pipelinerun with pipelinespec crashes the UI 1920320 - VM template field is "Not available" if it's created from common template 1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode isDisk Mode1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs 1920390 - Monitoring > Metrics graph shifts to the left when clicking the "Stacked" option and when toggling data series lines on / off 1920426 - Egress Router CNI OWNERS file should have ovn-k team members 1920427 - Need to updateoc loginhelp page since we don't support prompt interactively for the username 1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time 1920438 - openshift-tuned panics on turning debugging on/off. 1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn 1920481 - kuryr-cni pods using unreasonable amount of CPU 1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof 1920524 - Topology graph crashes adding Open Data Hub operator 1920526 - catalog operator causing CPU spikes and bad etcd performance 1920551 - Boot Order is not editable for Templates in "openshift" namespace 1920555 - bump cluster-resource-override-admission api dependencies 1920571 - fcp multipath will not recover failed paths automatically 1920619 - Remove default scheduler profile value 1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present 1920674 - MissingKey errors in bindings namespace 1920684 - Text in language preferences modal is misleading 1920695 - CI is broken because of bad image registry reference in the Makefile 1920756 - update generic-admission-server library to get the system:masters authorization optimization 1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for "network-check-target" failed when "defaultNodeSelector" is set 1920771 - i18n: Delete persistent volume claim drop down is not translated 1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI 1920912 - Unable to power off BMH from console 1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by "2" 1920984 - [e2e][automation] some menu items names are out dated 1921013 - Gather PersistentVolume definition (if any) used in image registry config 1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior) 1921087 - 'start next quick start' link doesn't work and is unintuitive 1921088 - test-cmd is failing on volumes.sh pretty consistently 1921248 - Clarify the kubelet configuration cr description 1921253 - Text filter default placeholder text not internationalized 1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window 1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo 1921277 - Fix Warning and Info log statements to handle arguments 1921281 - oc get -o yaml --export returns "error: unknown flag: --export" 1921458 - [SDK] Gracefully handle therun bundle-upgradeif the lower version operator doesn't exist 1921556 - [OCS with Vault]: OCS pods didn't comeup after deploying with Vault details from UI 1921572 - For external source (i.e GitHub Source) form view as well shows yaml 1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass 1921610 - Pipeline metrics font size inconsistency 1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1921655 - [OSP] Incorrect error handling during cloudinfo generation 1921713 - [e2e][automation] fix failing VM migration tests 1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view 1921774 - delete application modal errors when a resource cannot be found 1921806 - Explore page APIResourceLinks aren't i18ned 1921823 - CheckBoxControls not internationalized 1921836 - AccessTableRows don't internationalize "User" or "Group" 1921857 - Test flake when hitting router in e2e tests due to one router not being up to date 1921880 - Dynamic plugins are not initialized on console load in production mode 1921911 - Installer PR #4589 is causing leak of IAM role policy bindings 1921921 - "Global Configuration" breadcrumb does not use sentence case 1921949 - Console bug - source code URL broken for gitlab self-hosted repositories 1921954 - Subscription-related constraints in ResolutionFailed events are misleading 1922015 - buttons in modal header are invisible on Safari 1922021 - Nodes terminal page 'Expand' 'Collapse' button not translated 1922050 - [e2e][automation] Improve vm clone tests 1922066 - Cannot create VM from custom template which has extra disk 1922098 - Namespace selection dialog is not closed after select a namespace 1922099 - Updated Readme documentation for QE code review and setup 1922146 - Egress Router CNI doesn't have logging support. 1922267 - Collect specific ADFS error 1922292 - Bump RHCOS boot images for 4.7 1922454 - CRI-O doesn't enable pprof by default 1922473 - reconcile LSO images for 4.8 1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace 1922782 - Source registry missing docker:// in yaml 1922907 - Interop UI Tests - step implementation for updating feature files 1922911 - Page crash when click the "Stacked" checkbox after clicking the data series toggle buttons 1922991 - "verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build" test fails on OKD 1923003 - WebConsole Insights widget showing "Issues pending" when the cluster doesn't report anything 1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources 1923102 - [vsphere-problem-detector-operator] pod's version is not correct 1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot 1923674 - k8s 1.20 vendor dependencies 1923721 - PipelineRun running status icon is not rotating 1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios 1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator 1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator 1923874 - Unable to specify values with % in kubeletconfig 1923888 - Fixes error metadata gathering 1923892 - Update arch.md after refactor. 1923894 - "installed" operator status in operatorhub page does not reflect the real status of operator 1923895 - Changelog generation. 1923911 - [e2e][automation] Improve tests for vm details page and list filter 1923945 - PVC Name and Namespace resets when user changes os/flavor/workload 1923951 - EventSources showsundefined` in project 1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins 1924046 - Localhost: Refreshing on a Project removes it from nav item urls 1924078 - Topology quick search View all results footer should be sticky. 1924081 - NTO should ship the latest Tuned daemon release 2.15 1924084 - backend tests incorrectly hard-code artifacts dir 1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build 1924135 - Under sufficient load, CRI-O may segfault 1924143 - Code Editor Decorator url is broken for Bitbucket repos 1924188 - Language selector dropdown doesn't always pre-select the language 1924365 - Add extra disk for VM which use boot source PXE 1924383 - Degraded network operator during upgrade to 4.7.z 1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box. 1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on 1924583 - Deprectaed templates are listed in the Templates screen 1924870 - pick upstream pr#96901: plumb context with request deadline 1924955 - Images from Private external registry not working in deploy Image 1924961 - k8sutil.TrimDNS1123Label creates invalid values 1924985 - Build egress-router-cni for both RHEL 7 and 8 1925020 - Console demo plugin deployment image shoult not point to dockerhub 1925024 - Remove extra validations on kafka source form view net section 1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running 1925072 - NTO needs to ship the current latest stalld v1.7.0 1925163 - Missing info about dev catalog in boot source template column 1925200 - Monitoring Alert icon is missing on the workload in Topology view 1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1 1925319 - bash syntax error in configure-ovs.sh script 1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data 1925516 - Pipeline Metrics Tooltips are overlapping data 1925562 - Add new ArgoCD link from GitOps application environments page 1925596 - Gitops details page image and commit id text overflows past card boundary 1926556 - 'excessive etcd leader changes' test case failing in serial job because prometheus data is wiped by machine set test 1926588 - The tarball of operator-sdk is not ready for ocp4.7 1927456 - 4.7 still points to 4.6 catalog images 1927500 - API server exits non-zero on 2 SIGTERM signals 1929278 - Monitoring workloads using too high a priorityclass 1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api 1929920 - Cluster monitoring documentation link is broken - 404 not found

  1. References:

https://access.redhat.com/security/cve/CVE-2018-10103 https://access.redhat.com/security/cve/CVE-2018-10105 https://access.redhat.com/security/cve/CVE-2018-14461 https://access.redhat.com/security/cve/CVE-2018-14462 https://access.redhat.com/security/cve/CVE-2018-14463 https://access.redhat.com/security/cve/CVE-2018-14464 https://access.redhat.com/security/cve/CVE-2018-14465 https://access.redhat.com/security/cve/CVE-2018-14466 https://access.redhat.com/security/cve/CVE-2018-14467 https://access.redhat.com/security/cve/CVE-2018-14468 https://access.redhat.com/security/cve/CVE-2018-14469 https://access.redhat.com/security/cve/CVE-2018-14470 https://access.redhat.com/security/cve/CVE-2018-14553 https://access.redhat.com/security/cve/CVE-2018-14879 https://access.redhat.com/security/cve/CVE-2018-14880 https://access.redhat.com/security/cve/CVE-2018-14881 https://access.redhat.com/security/cve/CVE-2018-14882 https://access.redhat.com/security/cve/CVE-2018-16227 https://access.redhat.com/security/cve/CVE-2018-16228 https://access.redhat.com/security/cve/CVE-2018-16229 https://access.redhat.com/security/cve/CVE-2018-16230 https://access.redhat.com/security/cve/CVE-2018-16300 https://access.redhat.com/security/cve/CVE-2018-16451 https://access.redhat.com/security/cve/CVE-2018-16452 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-3884 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-6977 https://access.redhat.com/security/cve/CVE-2019-6978 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9455 https://access.redhat.com/security/cve/CVE-2019-9458 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-12614 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15166 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-15917 https://access.redhat.com/security/cve/CVE-2019-15925 https://access.redhat.com/security/cve/CVE-2019-16167 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16231 https://access.redhat.com/security/cve/CVE-2019-16233 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17450 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-18808 https://access.redhat.com/security/cve/CVE-2019-18809 https://access.redhat.com/security/cve/CVE-2019-19046 https://access.redhat.com/security/cve/CVE-2019-19056 https://access.redhat.com/security/cve/CVE-2019-19062 https://access.redhat.com/security/cve/CVE-2019-19063 https://access.redhat.com/security/cve/CVE-2019-19068 https://access.redhat.com/security/cve/CVE-2019-19072 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19319 https://access.redhat.com/security/cve/CVE-2019-19332 https://access.redhat.com/security/cve/CVE-2019-19447 https://access.redhat.com/security/cve/CVE-2019-19524 https://access.redhat.com/security/cve/CVE-2019-19533 https://access.redhat.com/security/cve/CVE-2019-19537 https://access.redhat.com/security/cve/CVE-2019-19543 https://access.redhat.com/security/cve/CVE-2019-19602 https://access.redhat.com/security/cve/CVE-2019-19767 https://access.redhat.com/security/cve/CVE-2019-19770 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20054 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20386 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20636 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20812 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-0305 https://access.redhat.com/security/cve/CVE-2020-0444 https://access.redhat.com/security/cve/CVE-2020-1716 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2922 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3898 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-7774 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-8563 https://access.redhat.com/security/cve/CVE-2020-8566 https://access.redhat.com/security/cve/CVE-2020-8619 https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/cve/CVE-2020-8624 https://access.redhat.com/security/cve/CVE-2020-8647 https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2020-8649 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-10732 https://access.redhat.com/security/cve/CVE-2020-10749 https://access.redhat.com/security/cve/CVE-2020-10751 https://access.redhat.com/security/cve/CVE-2020-10763 https://access.redhat.com/security/cve/CVE-2020-10773 https://access.redhat.com/security/cve/CVE-2020-10774 https://access.redhat.com/security/cve/CVE-2020-10942 https://access.redhat.com/security/cve/CVE-2020-11565 https://access.redhat.com/security/cve/CVE-2020-11668 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-12465 https://access.redhat.com/security/cve/CVE-2020-12655 https://access.redhat.com/security/cve/CVE-2020-12659 https://access.redhat.com/security/cve/CVE-2020-12770 https://access.redhat.com/security/cve/CVE-2020-12826 https://access.redhat.com/security/cve/CVE-2020-13249 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14019 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14381 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15157 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15862 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2020-16166 https://access.redhat.com/security/cve/CVE-2020-24490 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25641 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/cve/CVE-2020-25661 https://access.redhat.com/security/cve/CVE-2020-25662 https://access.redhat.com/security/cve/CVE-2020-25681 https://access.redhat.com/security/cve/CVE-2020-25682 https://access.redhat.com/security/cve/CVE-2020-25683 https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2020-25687 https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/cve/CVE-2020-26160 https://access.redhat.com/security/cve/CVE-2020-27813 https://access.redhat.com/security/cve/CVE-2020-27846 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2020-29652 https://access.redhat.com/security/cve/CVE-2021-2007 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T lmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H EmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8 4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4 mWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL ISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy Ae5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk 4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM uR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG krzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv RjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6 McvuEaxco7U= =sw8i -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:

For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html

  1. Bugs fixed (https://bugzilla.redhat.com/):

1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing

  1. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

This release adds the new Apache HTTP Server 2.4.37 Service Pack 6 packages that are part of the JBoss Core Services offering. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Solution:

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

The References section of this erratum contains a download link for the update. You must be logged in to download the update. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values

  1. ========================================================================== Ubuntu Security Notice USN-4662-1 December 08, 2020

openssl, openssl1.0 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.10
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary:

OpenSSL could be made to crash if it processed specially crafted input.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10: libssl1.1 1.1.1f-1ubuntu4.1

Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.1

Ubuntu 18.04 LTS: libssl1.0.0 1.0.2n-1ubuntu5.5 libssl1.1 1.1.1-1ubuntu2.1~18.04.7

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.18

After a standard system update you need to reboot your computer to make all the necessary changes. 7) - aarch64, ppc64le, s390x

This issue was reported to OpenSSL on 9th November 2020 by David Benjamin (Google). Initial analysis was performed by David Benjamin with additional analysis by Matt Caswell (OpenSSL). The fix was developed by Matt Caswell.

Note

OpenSSL 1.0.2 is out of support and no longer receiving public updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20201208.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202012-1527",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.57"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "12.12.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "model": "mysql server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.15"
      },
      {
        "model": "mysql server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.22"
      },
      {
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "enterprise session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.3"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.0.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2x"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "12.13.0"
      },
      {
        "model": "e-series santricity os controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "11.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "sinec infrastructure network services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.1.1"
      },
      {
        "model": "communications unified session manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "scz8.2.5"
      },
      {
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.3"
      },
      {
        "model": "log correlation engine",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "6.0.9"
      },
      {
        "model": "ef600a",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "communications subscriber-aware load balancer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.3"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "hci storage node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.5.0.0.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "12.20.1"
      },
      {
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.3"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "manageability software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "oncommand insight",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "14.0.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3.0.0"
      },
      {
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "20.3.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.4.0.0"
      },
      {
        "model": "enterprise session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.2"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "15.0.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.23.1"
      },
      {
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.3.4"
      },
      {
        "model": "communications diameter intelligence hub",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.0"
      },
      {
        "model": "nessus network monitor",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.13.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.2.5.3"
      },
      {
        "model": "jd edwards world security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "a9.4"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.12.0"
      },
      {
        "model": "communications subscriber-aware load balancer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.2"
      },
      {
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.4"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "14.14.0"
      },
      {
        "model": "communications subscriber-aware load balancer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.4"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.56"
      },
      {
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.2"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.4.0.0"
      },
      {
        "model": "communications diameter intelligence hub",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "14.15.4"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "14.15.0"
      },
      {
        "model": "snapcenter",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.4"
      },
      {
        "model": "e-series santricity os controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "11.60.3"
      },
      {
        "model": "active iq unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.58"
      },
      {
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1i"
      },
      {
        "model": "communications cloud native core network function cloud native environment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.10.0"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "santricity smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "enterprise communications broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "pcz3.3"
      },
      {
        "model": "plug-in for symantec netbackup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.13.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "communications diameter intelligence hub",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.3"
      },
      {
        "model": "mysql server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.32"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "enterprise communications broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "pcz3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "12.0.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "15.5.0"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.22"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.9.0.0.0"
      },
      {
        "model": "essbase",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.2"
      },
      {
        "model": "aff a250",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.2"
      },
      {
        "model": "hci compute node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "enterprise session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.4"
      },
      {
        "model": "communications diameter intelligence hub",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.0"
      },
      {
        "model": "enterprise manager for storage management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.4.0.0"
      },
      {
        "model": "enterprise communications broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "pcz3.1"
      },
      {
        "model": "hitachi ops center analyzer viewpoint",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "note that,  1.1.0 is no longer supported   has not been evaluated for this vulnerability."
      },
      {
        "model": "jp1/base",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/automatic job management system 3",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009865"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1971"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.2x",
                "versionStartIncluding": "1.0.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.1i",
                "versionStartIncluding": "1.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.22",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.5.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_session_manager:scz8.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:cz8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:cz8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:cz8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:cz8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:cz8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:cz8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.22",
                "versionStartIncluding": "8.0.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.7.32",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.0",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2.3",
                "versionStartIncluding": "8.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.60.3",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:ef600a_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:ef600a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.13.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.14.0",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.12.0",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.12.0",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.5.0",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.15.4",
                "versionStartIncluding": "14.15.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.20.1",
                "versionStartIncluding": "12.13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.23.1",
                "versionStartIncluding": "10.13.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1971"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "160654"
      },
      {
        "db": "PACKETSTORM",
        "id": "160644"
      },
      {
        "db": "PACKETSTORM",
        "id": "161546"
      },
      {
        "db": "PACKETSTORM",
        "id": "161727"
      },
      {
        "db": "PACKETSTORM",
        "id": "161382"
      },
      {
        "db": "PACKETSTORM",
        "id": "162142"
      },
      {
        "db": "PACKETSTORM",
        "id": "160651"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-1971",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2020-1971",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-173115",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2020-1971",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-1971",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-173115",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-1971",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-173115"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1971"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009865"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1971"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL\u0027s s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL\u0027s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). OpenSSL Project Than, OpenSSL Security Advisory [08 December 2020] Has been published. Severity - high (Severity: High)EDIPARTYNAME NULL pointer reference - CVE-2020-1971OpenSSL of GENERAL_NAME_cmp() the function is X.509 This function compares data such as the host name included in the certificate. GENERAL_NAME_cmp() Both arguments to be compared in the function are EDIPartyName If it was of type GENERAL_NAME_cmp() in a function NULL pointer reference (CWE-476) may occur and crash the server or client application calling the function.Crafted X.509 Denial of service by performing certificate verification processing (DoS) You may be attacked. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A denial of service security issue exists in OpenSSL prior to 1.1.1i. This could\nprevent installations to flavors detected as `baremetal`, which might have\nthe required capacity to complete the installation. This is usually caused\nby OpenStack administrators not setting the appropriate metadata on their\nbare metal flavors. Validations are now skipped on flavors detected as\n`baremetal`, to prevent incorrect failures from being reported. \n(BZ#1889416)\n\n* Previously, there was a broken link on the OperatorHub install page of\nthe web console, which was intended to reference the cluster monitoring\ndocumentation. Bugs fixed (https://bugzilla.redhat.com/):\n\n1885442 - Console doesn\u0027t load in iOS Safari when using self-signed certificates\n1885946 - console-master-e2e-gcp-console test periodically fail due to no Alerts found\n1887551 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console\n1888165 - [release 4.6] IO doesn\u0027t recognize namespaces - 2 resources with the same name in 2 namespaces -\u003e only 1 gets collected\n1888650 - Fix CVE-2015-7501 affecting agent-maven-3.5\n1888717 - Cypress:  Fix \u0027link-name\u0027 accesibility violation\n1888721 - ovn-masters stuck in crashloop after scale test\n1890993 - Selected Capacity is showing wrong size\n1890994 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off\n1891427 - CLI does not save login credentials as expected when using the same username in multiple clusters\n1891454 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName\n1891499 - Other machine config pools do not show during update\n1891891 - Wrong detail head on network policy detail page. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.4) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4):\n\nSource:\nopenssl-1.0.2k-9.el7_4.src.rpm\n\nx86_64:\nopenssl-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.i686.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-devel-1.0.2k-9.el7_4.i686.rpm\nopenssl-devel-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-libs-1.0.2k-9.el7_4.i686.rpm\nopenssl-libs-1.0.2k-9.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.4):\n\nSource:\nopenssl-1.0.2k-9.el7_4.src.rpm\n\nppc64le:\nopenssl-1.0.2k-9.el7_4.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.ppc64le.rpm\nopenssl-devel-1.0.2k-9.el7_4.ppc64le.rpm\nopenssl-libs-1.0.2k-9.el7_4.ppc64le.rpm\n\nx86_64:\nopenssl-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.i686.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-devel-1.0.2k-9.el7_4.i686.rpm\nopenssl-devel-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-libs-1.0.2k-9.el7_4.i686.rpm\nopenssl-libs-1.0.2k-9.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.4):\n\nSource:\nopenssl-1.0.2k-9.el7_4.src.rpm\n\nx86_64:\nopenssl-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.i686.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-devel-1.0.2k-9.el7_4.i686.rpm\nopenssl-devel-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-libs-1.0.2k-9.el7_4.i686.rpm\nopenssl-libs-1.0.2k-9.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-9.el7_4.i686.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-perl-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-static-1.0.2k-9.el7_4.i686.rpm\nopenssl-static-1.0.2k-9.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.4):\n\nppc64le:\nopenssl-debuginfo-1.0.2k-9.el7_4.ppc64le.rpm\nopenssl-perl-1.0.2k-9.el7_4.ppc64le.rpm\nopenssl-static-1.0.2k-9.el7_4.ppc64le.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-9.el7_4.i686.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-perl-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-static-1.0.2k-9.el7_4.i686.rpm\nopenssl-static-1.0.2k-9.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2020:5633-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:5633\nIssue date:        2021-02-24\nCVE Names:         CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 \n                   CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 \n                   CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 \n                   CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 \n                   CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 \n                   CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 \n                   CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 \n                   CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 \n                   CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 \n                   CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 \n                   CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 \n                   CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 \n                   CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 \n                   CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 \n                   CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 \n                   CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 \n                   CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 \n                   CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 \n                   CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 \n                   CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 \n                   CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 \n                   CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 \n                   CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 \n                   CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 \n                   CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 \n                   CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 \n                   CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 \n                   CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 \n                   CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 \n                   CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 \n                   CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 \n                   CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 \n                   CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 \n                   CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 \n                   CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 \n                   CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 \n                   CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 \n                   CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 \n                   CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 \n                   CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 \n                   CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 \n                   CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 \n                   CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 \n                   CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 \n                   CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 \n                   CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 \n                   CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 \n                   CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 \n                   CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 \n                   CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 \n                   CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 \n                   CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 \n                   CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 \n                   CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 \n                   CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 \n                   CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 \n                   CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 \n                   CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 \n                   CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 \n                   CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 \n                   CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 \n                   CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 \n                   CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 \n                   CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 \n                   CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 \n                   CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 \n                   CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 \n                   CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 \n                   CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 \n                   CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 \n                   CVE-2021-2007 CVE-2021-3121 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.7.0 is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2020:5634\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-x86_64\n\nThe image digest is\nsha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-s390x\n\nThe image digest is\nsha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le\n\nThe image digest is\nsha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. \n\nSecurity Fix(es):\n\n* crewjam/saml: authentication bypass in saml authentication\n(CVE-2020-27846)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil\npointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\n* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)\n\n* kubernetes: Secret leaks in kube-controller-manager when using vSphere\nProvider (CVE-2020-8563)\n\n* containernetworking/plugins: IPv6 router advertisements allow for MitM\nattacks on IPv4 clusters (CVE-2020-10749)\n\n* heketi: gluster-block volume password details available in logs\n(CVE-2020-10763)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of\nservice (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers\n(CVE-2020-28362)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.7, see the following documentation,\nwhich\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1620608 - Restoring deployment config with history leads to weird state\n1752220 - [OVN] Network Policy fails to work when project label gets overwritten\n1756096 - Local storage operator should implement must-gather spec\n1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs\n1768255 - installer reports 100% complete but failing components\n1770017 - Init containers restart when the exited container is removed from node. \n1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating\n1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset\n1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale\n1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating `create` commands\n1784298 - \"Displaying with reduced resolution due to large dataset.\" would show under some conditions\n1785399 - Under condition of heavy pod creation, creation fails with \u0027error reserving pod name ...: name is reserved\"\n1797766 - Resource Requirements\" specDescriptor fields - CPU and Memory injects empty string YAML editor\n1801089 - [OVN] Installation failed and monitoring pod not created due to some network error. \n1805025 - [OSP] Machine status doesn\u0027t become \"Failed\" when creating a machine with invalid image\n1805639 - Machine status should be \"Failed\" when creating a machine with invalid machine configuration\n1806000 - CRI-O failing with: error reserving ctr name\n1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be\n1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be\n1810438 - Installation logs are not gathered from OCP nodes\n1812085 - kubernetes-networking-namespace-pods dashboard doesn\u0027t exist\n1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation\n1813012 - EtcdDiscoveryDomain no longer needed\n1813949 - openshift-install doesn\u0027t use env variables for OS_* for some of API endpoints\n1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use\n1819053 - loading OpenAPI spec for \"v1beta1.metrics.k8s.io\" failed with: OpenAPI spec does not exist\n1819457 - Package Server is in \u0027Cannot update\u0027 status despite properly working\n1820141 - [RFE] deploy qemu-quest-agent on the nodes\n1822744 - OCS Installation CI test flaking\n1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario\n1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool\n1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file\n1829723 - User workload monitoring alerts fire out of the box\n1832968 - oc adm catalog mirror does not mirror the index image itself\n1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN\n1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters\n1834995 - olmFull suite always fails once th suite is run on the same cluster\n1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz\n1837953 - Replacing masters doesn\u0027t work for ovn-kubernetes 4.4\n1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks\n1838751 - [oVirt][Tracker] Re-enable skipped network tests\n1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups\n1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed\n1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP\n1841119 - Get rid of config patches and pass flags directly to kcm\n1841175 - When an Install Plan gets deleted, OLM does not create a new one\n1841381 - Issue with memoryMB validation\n1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option\n1844727 - Etcd container leaves grep and lsof zombie processes\n1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs\n1847074 - Filter bar layout issues at some screen widths on search page\n1848358 - CRDs with preserveUnknownFields:true don\u0027t reflect in status that they are non-structural\n1849543 - [4.5]kubeletconfig\u0027s description will show multiple lines for finalizers when upgrade from 4.4.8-\u003e4.5\n1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service\n1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard\n1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing\n1851693 - The `oc apply` should return errors instead of hanging there when failing to create the CRD\n1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service\n1853115 - the restriction of --cloud option should be shown in help text. \n1853116 - `--to` option does not work with `--credentials-requests` flag. \n1853352 - [v2v][UI] Storage Class fields Should  Not be empty  in VM  disks view\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1854567 - \"Installed Operators\" list showing \"duplicated\" entries during installation\n1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present\n1855351 - Inconsistent Installer reactions to Ctrl-C during user input process\n1855408 - OVN cluster unstable after running minimal scale test\n1856351 - Build page should show metrics for when the build ran, not the last 30 minutes\n1856354 - New APIServices missing from OpenAPI definitions\n1857446 - ARO/Azure: excessive pod memory allocation causes node lockup\n1857877 - Operator upgrades can delete existing CSV before completion\n1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed\n1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created\n1860136 - default ingress does not propagate annotations to route object on update\n1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as \"Failed\"\n1860518 - unable to stop a crio pod\n1861383 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller\n1862430 - LSO: PV creation lock should not be acquired in a loop\n1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group. \n1862608 - Virtual media does not work on hosts using BIOS, only UEFI\n1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network\n1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff\n1865839 - rpm-ostree fails with \"System transaction in progress\" when moving to kernel-rt\n1866043 - Configurable table column headers can be illegible\n1866087 - Examining agones helm chart resources results in \"Oh no!\"\n1866261 - Need to indicate the intentional behavior for Ansible in the `create api` help info\n1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement\n1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity\n1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there\u2019s no indication on which labels offer tooltip/help\n1866340 - [RHOCS Usability Study][Dashboard] It was not clear why \u201cNo persistent storage alerts\u201d was prominently displayed\n1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations\n1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le \u0026 s390x\n1866482 - Few errors are seen when oc adm must-gather is run\n1866605 - No metadata.generation set for build and buildconfig objects\n1866873 - MCDDrainError \"Drain failed on  , updates may be blocked\" missing rendered node name\n1866901 - Deployment strategy for BMO allows multiple pods to run at the same time\n1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure. \n1867165 - Cannot assign static address to baremetal install bootstrap vm\n1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig\n1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS\n1867477 - HPA monitoring cpu utilization fails for deployments which have init containers\n1867518 - [oc] oc should not print so many goroutines when ANY command fails\n1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on  250 node cluster\n1867965 - OpenShift Console Deployment Edit overwrites deployment yaml\n1868004 - opm index add appears to produce image with wrong registry server binary\n1868065 - oc -o jsonpath prints possible warning / bug \"Unable to decode server response into a Table\"\n1868104 - Baremetal actuator should not delete Machine objects\n1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead\n1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters\n1868527 - OpenShift Storage using VMWare vSAN receives error \"Failed to add disk \u0027scsi0:2\u0027\" when mounted pod is created on separate node\n1868645 - After a disaster recovery pods a stuck in \"NodeAffinity\" state and not running\n1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation\n1868765 - [vsphere][ci] could not reserve an IP address: no available addresses\n1868770 - catalogSource named \"redhat-operators\" deleted in a disconnected cluster\n1868976 - Prometheus error opening query log file on EBS backed PVC\n1869293 - The configmap name looks confusing in aide-ds pod logs\n1869606 - crio\u0027s failing to delete a network namespace\n1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes\n1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run  [Conformance]\n1870373 - Ingress Operator reports available when DNS fails to provision\n1870467 - D/DC Part of Helm / Operator Backed should not have HPA\n1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json\n1870800 - [4.6] Managed Column not appearing on Pods Details page\n1871170 - e2e tests are needed to validate the functionality of the etcdctl container\n1872001 - EtcdDiscoveryDomain no longer needed\n1872095 - content are expanded to the whole line when only one column in table on Resource Details page\n1872124 - Could not choose device type as \"disk\" or \"part\" when create localvolumeset from web console\n1872128 - Can\u0027t run container with hostPort on ipv6 cluster\n1872166 - \u0027Silences\u0027 link redirects to unexpected \u0027Alerts\u0027 view after creating a silence in the Developer perspective\n1872251 - [aws-ebs-csi-driver] Verify job in CI doesn\u0027t check for vendor dir sanity\n1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them\n1872821 - [DOC] Typo in Ansible Operator Tutorial\n1872907 - Fail to create CR from generated Helm Base Operator\n1872923 - Click \"Cancel\" button on the \"initialization-resource\" creation form page should send users to the \"Operator details\" page instead of \"Install Operator\" page (previous page)\n1873007 - [downstream] failed to read config when running the operator-sdk in the home path\n1873030 - Subscriptions without any candidate operators should cause resolution to fail\n1873043 - Bump to latest available 1.19.x k8s\n1873114 - Nodes goes into NotReady state (VMware)\n1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem\n1873305 - Failed to power on /inspect node when using Redfish protocol\n1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information\n1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: \u201c?\u201d button/icon in Developer Console -\u003eNavigation\n1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working\n1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name \u003e 63 characters\n1874057 - Pod stuck in CreateContainerError - error msg=\"container_linux.go:348: starting container process caused \\\"chdir to cwd (\\\\\\\"/mount-point\\\\\\\") set in config.json failed: permission denied\\\"\"\n1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver\n1874192 - [RFE] \"Create Backing Store\" page doesn\u0027t allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider\n1874240 - [vsphere] unable to deprovision - Runtime error list attached objects\n1874248 - Include validation for vcenter host in the install-config\n1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6\n1874583 - apiserver tries and fails to log an event when shutting down\n1874584 - add retry for etcd errors in kube-apiserver\n1874638 - Missing logging for nbctl daemon\n1874736 - [downstream] no version info for the helm-operator\n1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution\n1874968 - Accessibility: The project selection drop down is a keyboard trap\n1875247 - Dependency resolution error \"found more than one head for channel\" is unhelpful for users\n1875516 - disabled scheduling is easy to miss in node page of OCP console\n1875598 - machine status is Running for a master node which has been terminated from the console\n1875806 - When creating a service of type \"LoadBalancer\" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes. \n1876166 - need to be able to disable kube-apiserver connectivity checks\n1876469 - Invalid doc link on yaml template schema description\n1876701 - podCount specDescriptor change doesn\u0027t take effect on operand details page\n1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt\n1876935 - AWS volume snapshot is not deleted after the cluster is destroyed\n1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted\n1877105 - add redfish to enabled_bios_interfaces\n1877116 - e2e aws calico tests fail with `rpc error: code = ResourceExhausted`\n1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown\n1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only \u0027rootDevices\u0027\n1877681 - Manually created PV can not be used\n1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53\n1877740 - RHCOS unable to get ip address during first boot\n1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5\n1877919 - panic in multus-admission-controller\n1877924 - Cannot set BIOS config using Redfish with Dell iDracs\n1878022 - Met imagestreamimport error when import the whole image repository\n1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default \"Filesystem Name\" instead of providing a textbox, \u0026 the name should be validated\n1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status\n1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM\n1878766 - CPU consumption on nodes is higher than the CPU count of the node. \n1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus. \n1878823 - \"oc adm release mirror\" generating incomplete imageContentSources when using \"--to\" and \"--to-release-image\"\n1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode\n1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used\n1878953 - RBAC error shows when normal user access pvc upload page\n1878956 - `oc api-resources` does not include API version\n1878972 - oc adm release mirror removes the architecture information\n1879013 - [RFE]Improve CD-ROM interface selection\n1879056 - UI should allow to change or unset the evictionStrategy\n1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled\n1879094 - RHCOS dhcp kernel parameters not working as expected\n1879099 - Extra reboot during 4.5 -\u003e 4.6 upgrade\n1879244 - Error adding container to network \"ipvlan-host-local\": \"master\" field is required\n1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder\n1879282 - Update OLM references to point to the OLM\u0027s new doc site\n1879283 - panic after nil pointer dereference in pkg/daemon/update.go\n1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests\n1879419 - [RFE]Improve boot source description for \u0027Container\u0027 and \u2018URL\u2019\n1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted. \n1879565 - IPv6 installation fails on node-valid-hostname\n1879777 - Overlapping, divergent openshift-machine-api namespace manifests\n1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with \u0027Basic\u0027, skipping basic authentication in Log message in thanos-querier pod the oauth-proxy\n1879930 - Annotations shouldn\u0027t be removed during object reconciliation\n1879976 - No other channel visible from console\n1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc. \n1880148 - dns daemonset rolls out slowly in large clusters\n1880161 - Actuator Update calls should have fixed retry time\n1880259 - additional network + OVN network installation failed\n1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as \"Failed\"\n1880410 - Convert Pipeline Visualization node to SVG\n1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn\n1880443 - broken machine pool management on OpenStack\n1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s. \n1880473 - IBM Cloudpak operators installation stuck \"UpgradePending\" with InstallPlan status updates failing due to size limitation\n1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables)\n1880785 - CredentialsRequest missing description in `oc explain`\n1880787 - No description for Provisioning CRD for `oc explain`\n1880902 - need dnsPlocy set in crd ingresscontrollers\n1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster\n1881027 - Cluster installation fails at with error :  the container name \\\"assisted-installer\\\" is already in use\n1881046 - [OSP] openstack-cinder-csi-driver-operator doesn\u0027t contain required manifests and assets\n1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node\n1881268 - Image uploading failed but wizard claim the source is available\n1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration\n1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup\n1881881 - unable to specify target port manually resulting in application not reachable\n1881898 - misalignment of sub-title in quick start headers\n1882022 - [vsphere][ipi] directory path is incomplete, terraform can\u0027t find the cluster\n1882057 - Not able to select access modes for snapshot and clone\n1882140 - No description for spec.kubeletConfig\n1882176 - Master recovery instructions don\u0027t handle IP change well\n1882191 - Installation fails against external resources which lack DNS Subject Alternative Name\n1882209 - [ BateMetal IPI ] local coredns resolution not working\n1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from \"Too large resource version\"\n1882268 - [e2e][automation]Add Integration Test for Snapshots\n1882361 - Retrieve and expose the latest report for the cluster\n1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use\n1882556 - git:// protocol in origin tests is not currently proxied\n1882569 - CNO: Replacing masters doesn\u0027t work for ovn-kubernetes 4.4\n1882608 - Spot instance not getting created on AzureGovCloud\n1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance\n1882649 - IPI installer labels all images it uploads into glance as qcow2\n1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic\n1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page\n1882660 - Operators in a namespace should be installed together when approve one\n1882667 - [ovn] br-ex Link not found when scale up RHEL worker\n1882723 - [vsphere]Suggested mimimum value for providerspec not working\n1882730 - z systems not reporting correct core count in recording rule\n1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully\n1882781 - nameserver= option to dracut creates extra NM connection profile\n1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined\n1882844 - [IPI on vsphere] Executing \u0027openshift-installer destroy cluster\u0027 leaves installer tag categories in vsphere\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1883388 - Bare Metal Hosts Details page doesn\u0027t show Mainitenance and Power On/Off status\n1883422 - operator-sdk cleanup fail after installing operator with \"run bundle\" without installmode and og with ownnamespace\n1883425 - Gather top installplans and their count\n1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2\n1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]\n1883538 - must gather report \"cannot file manila/aws ebs/ovirt csi related namespaces and objects\" error\n1883560 - operator-registry image needs clean up in /tmp\n1883563 - Creating duplicate namespace from create namespace modal breaks the UI\n1883614 - [OCP 4.6] [UI] UI should not describe power cycle as \"graceful\"\n1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate\n1883660 - e2e-metal-ipi CI job consistently failing on 4.4\n1883765 - [user workload monitoring] improve latency of Thanos sidecar  when streaming read requests\n1883766 - [e2e][automation] Adjust tests for UI changes\n1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations\n1883773 - opm alpha bundle build fails on win10 home\n1883790 - revert \"force cert rotation every couple days for development\" in 4.7\n1883803 - node pull secret feature is not working as expected\n1883836 - Jenkins imagestream ubi8 and nodejs12 update\n1883847 - The UI does not show checkbox for enable encryption at rest for OCS\n1883853 - go list -m all does not work\n1883905 - race condition in opm index add --overwrite-latest\n1883946 - Understand why trident CSI pods are getting deleted by OCP\n1884035 - Pods are illegally transitioning back to pending\n1884041 - e2e should provide error info when minimum number of pods aren\u0027t ready in kube-system namespace\n1884131 - oauth-proxy repository should run tests\n1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied\n1884221 - IO becomes unhealthy due to a file change\n1884258 - Node network alerts should work on ratio rather than absolute values\n1884270 - Git clone does not support SCP-style ssh locations\n1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout\n1884435 - vsphere - loopback is randomly not being added to resolver\n1884565 - oauth-proxy crashes on invalid usage\n1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy\n1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users\n1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment\n1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu. \n1884632 - Adding BYOK disk encryption through DES\n1884654 - Utilization of a VMI is not populated\n1884655 - KeyError on self._existing_vifs[port_id]\n1884664 - Operator install page shows \"installing...\" instead of going to install status page\n1884672 - Failed to inspect hardware. Reason: unable to start inspection: \u0027idrac\u0027\n1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure\n1884724 - Quick Start: Serverless quickstart doesn\u0027t match Operator install steps\n1884739 - Node process segfaulted\n1884824 - Update baremetal-operator libraries to k8s 1.19\n1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping\n1885138 - Wrong detection of pending state in VM details\n1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2\n1885165 - NoRunningOvnMaster alert falsely triggered\n1885170 - Nil pointer when verifying images\n1885173 - [e2e][automation] Add test for next run configuration feature\n1885179 - oc image append fails on push (uploading a new layer)\n1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig\n1885218 - [e2e][automation] Add virtctl to gating script\n1885223 - Sync with upstream (fix panicking cluster-capacity binary)\n1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI\n1885315 - unit tests fail on slow disks\n1885319 - Remove redundant use of group and kind of DataVolumeTemplate\n1885343 - Console doesn\u0027t load in iOS Safari when using self-signed certificates\n1885344 - 4.7 upgrade - dummy bug for 1880591\n1885358 - add p\u0026f configuration to protect openshift traffic\n1885365 - MCO does not respect the install section of systemd files when enabling\n1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating\n1885398 - CSV with only Webhook conversion can\u0027t be installed\n1885403 - Some OLM events hide the underlying errors\n1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case\n1885425 - opm index add cannot batch add multiple bundles that use skips\n1885543 - node tuning operator builds and installs an unsigned RPM\n1885644 - Panic output due to timeouts in openshift-apiserver\n1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU \u003c 30 || totalMemory \u003c 72 GiB for initial deployment\n1885702 - Cypress:  Fix \u0027aria-hidden-focus\u0027 accesibility violations\n1885706 - Cypress:  Fix \u0027link-name\u0027 accesibility violation\n1885761 - DNS fails to resolve in some pods\n1885856 - Missing registry v1 protocol usage metric on telemetry\n1885864 - Stalld service crashed under the worker node\n1885930 - [release 4.7] Collect ServiceAccount statistics\n1885940 - kuryr/demo image ping not working\n1886007 - upgrade test with service type load balancer will never work\n1886022 - Move range allocations to CRD\u0027s\n1886028 - [BM][IPI] Failed to delete node after scale down\n1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas\n1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd\n1886154 - System roles are not present while trying to create new role binding through web console\n1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5-\u003e4.6 causes broadcast storm\n1886168 - Remove Terminal Option for Windows Nodes\n1886200 - greenwave / CVP is failing on bundle validations, cannot stage push\n1886229 - Multipath support for RHCOS sysroot\n1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage\n1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status\n1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL\n1886397 - Move object-enum to console-shared\n1886423 - New Affinities don\u0027t contain ID until saving\n1886435 - Azure UPI uses deprecated command \u0027group deployment\u0027\n1886449 - p\u0026f: add configuration to protect oauth server traffic\n1886452 - layout options doesn\u0027t gets selected style on click i.e grey background\n1886462 - IO doesn\u0027t recognize namespaces - 2 resources with the same name in 2 namespaces -\u003e only 1 gets collected\n1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest\n1886524 - Change default terminal command for Windows Pods\n1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution\n1886600 - panic: assignment to entry in nil map\n1886620 - Application behind service load balancer with PDB is not disrupted\n1886627 - Kube-apiserver pods restarting/reinitializing periodically\n1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider\n1886636 - Panic in machine-config-operator\n1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer. \n1886751 - Gather MachineConfigPools\n1886766 - PVC dropdown has \u0027Persistent Volume\u0027 Label\n1886834 - ovn-cert is mandatory in both master and node daemonsets\n1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState\n1886861 - ordered-values.yaml not honored if values.schema.json provided\n1886871 - Neutron ports created for hostNetworking pods\n1886890 - Overwrite jenkins-agent-base imagestream\n1886900 - Cluster-version operator fills logs with \"Manifest: ...\" spew\n1886922 - [sig-network] pods should successfully create sandboxes by getting pod\n1886973 - Local storage operator doesn\u0027t include correctly populate LocalVolumeDiscoveryResult in console\n1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO\n1887010 - Imagepruner met error \"Job has reached the specified backoff limit\" which causes image registry degraded\n1887026 - FC volume attach fails with \u201cno fc disk found\u201d error on OCP 4.6 PowerVM cluster\n1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6\n1887046 - Event for LSO need update to avoid confusion\n1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image\n1887375 - User should be able to specify volumeMode when creating pvc from web-console\n1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console\n1887392 - openshift-apiserver: delegated authn/z should have ttl \u003e metrics/healthz/readyz/openapi interval\n1887428 - oauth-apiserver service should be monitored by prometheus\n1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting \"degraded: False\"\n1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data\n1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes\n1887465 - Deleted project is still referenced\n1887472 - unable to edit application group for KSVC via gestures (shift+Drag)\n1887488 - OCP 4.6:  Topology Manager OpenShift E2E test fails:  gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface\n1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster\n1887525 - Failures to set master HardwareDetails cannot easily be debugged\n1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable\n1887585 - ovn-masters stuck in crashloop after scale test\n1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. \n1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator\n1887740 - cannot install descheduler operator after uninstalling it\n1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events\n1887750 - `oc explain localvolumediscovery` returns empty description\n1887751 - `oc explain localvolumediscoveryresult` returns empty description\n1887778 - Add ContainerRuntimeConfig gatherer\n1887783 - PVC upload cannot continue after approve the certificate\n1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard\n1887799 - User workload monitoring prometheus-config-reloader OOM\n1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky\n1887863 - Installer panics on invalid flavor\n1887864 - Clean up dependencies to avoid invalid scan flagging\n1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison\n1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig\n1888015 - workaround kubelet graceful termination of static pods bug\n1888028 - prevent extra cycle in aggregated apiservers\n1888036 - Operator details shows old CRD versions\n1888041 - non-terminating pods are going from running to pending\n1888072 - Setting Supermicro node to PXE boot via Redfish doesn\u0027t take affect\n1888073 - Operator controller continuously busy looping\n1888118 - Memory requests not specified for image registry operator\n1888150 - Install Operand Form on OperatorHub is displaying unformatted text\n1888172 - PR 209 didn\u0027t update the sample archive, but machineset and pdbs are now namespaced\n1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build\n1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5\n1888311 - p\u0026f: make SAR traffic from oauth and openshift apiserver exempt\n1888363 - namespaces crash in dev\n1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created\n1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected\n1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC\n1888494 - imagepruner pod is error when image registry storage is not configured\n1888565 - [OSP] machine-config-daemon-firstboot.service failed with \"error reading osImageURL from rpm-ostree\"\n1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error\n1888601 - The poddisruptionbudgets is using the operator service account, instead of gather\n1888657 - oc doesn\u0027t know its name\n1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable\n1888671 - Document the Cloud Provider\u0027s ignore-volume-az setting\n1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image\n1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s\", cr.GetName()\n1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set\n1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster\n1888866 - AggregatedAPIDown permanently firing after removing APIService\n1888870 - JS error when using autocomplete in YAML editor\n1888874 - hover message are not shown for some properties\n1888900 - align plugins versions\n1888985 - Cypress:  Fix \u0027Ensures buttons have discernible text\u0027 accesibility violation\n1889213 - The error message of uploading failure is not clear enough\n1889267 - Increase the time out for creating template and upload image in the terraform\n1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages)\n1889374 - Kiali feature won\u0027t work on fresh 4.6 cluster\n1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode\n1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade\n1889515 - Accessibility - The symbols e.g checkmark in the Node \u003e overview page has no text description, label, or other accessible information\n1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance\n1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown\n1889577 - Resources are not shown on project workloads page\n1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment\n1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages\n1889692 - Selected Capacity is showing wrong size\n1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15\n1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off\n1889710 - Prometheus metrics on disk take more space compared to OCP 4.5\n1889721 - opm index add semver-skippatch mode does not respect prerelease versions\n1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn\u0027t see the Disk tab\n1889767 - [vsphere] Remove certificate from upi-installer image\n1889779 - error when destroying a vSphere installation that failed early\n1889787 - OCP is flooding the oVirt engine with auth errors\n1889838 - race in Operator update after fix from bz1888073\n1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1\n1889863 - Router prints incorrect log message for namespace label selector\n1889891 - Backport timecache LRU fix\n1889912 - Drains can cause high CPU usage\n1889921 - Reported Degraded=False Available=False pair does not make sense\n1889928 - [e2e][automation] Add more tests for golden os\n1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName\n1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings\n1890074 - MCO extension kernel-headers is invalid\n1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest\n1890130 - multitenant mode consistently fails CI\n1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e\n1890145 - The mismatched of font size for Status Ready and Health Check secondary text\n1890180 - FieldDependency x-descriptor doesn\u0027t support non-sibling fields\n1890182 - DaemonSet with existing owner garbage collected\n1890228 - AWS: destroy stuck on route53 hosted zone not found\n1890235 - e2e: update Protractor\u0027s checkErrors logging\n1890250 - workers may fail to join the cluster during an update from 4.5\n1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member\n1890270 - External IP doesn\u0027t work if the IP address is not assigned to a node\n1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability\n1890456 - [vsphere] mapi_instance_create_failed doesn\u0027t work on vsphere\n1890467 - unable to edit an application without a service\n1890472 - [Kuryr] Bulk port creation exception not completely formatted\n1890494 - Error assigning Egress IP on GCP\n1890530 - cluster-policy-controller doesn\u0027t gracefully terminate\n1890630 - [Kuryr] Available port count not correctly calculated for alerts\n1890671 - [SA] verify-image-signature using service account does not work\n1890677 - \u0027oc image info\u0027 claims \u0027does not exist\u0027 for application/vnd.oci.image.manifest.v1+json manifest\n1890808 - New etcd alerts need to be added to the monitoring stack\n1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn\u0027t sync the \"overall\" sha it syncs only the sub arch sha. \n1890984 - Rename operator-webhook-config to sriov-operator-webhook-config\n1890995 - wew-app should provide more insight into why image deployment failed\n1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call\n1891047 - Helm chart fails to install using developer console because of TLS certificate error\n1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn\u0027t report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler\n1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI\n1891108 - p\u0026f: Increase the concurrency share of workload-low priority level\n1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine)\n1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown\n1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn\u0027t meet requirements of chart)\n1891362 - Wrong metrics count for openshift_build_result_total\n1891368 - fync should be fsync for etcdHighFsyncDurations alert\u0027s annotations.message\n1891374 - fync should be fsync for etcdHighFsyncDurations critical alert\u0027s annotations.message\n1891376 - Extra text in Cluster Utilization charts\n1891419 - Wrong detail head on network policy detail page. \n1891459 - Snapshot tests should report stderr of failed commands\n1891498 - Other machine config pools do not show during update\n1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage\n1891551 - Clusterautoscaler doesn\u0027t scale up as expected\n1891552 - Handle missing labels as empty. \n1891555 - The windows oc.exe binary does not have version metadata\n1891559 - kuryr-cni cannot start new thread\n1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11\n1891625 - [Release 4.7] Mutable LoadBalancer Scope\n1891702 - installer get pending when additionalTrustBundle is added into  install-config.yaml\n1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails\n1891740 - OperatorStatusChanged is noisy\n1891758 - the authentication operator may spam DeploymentUpdated event endlessly\n1891759 - Dockerfile builds cannot change /etc/pki/ca-trust\n1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1\n1891825 - Error message not very informative in case of mode mismatch\n1891898 - The ClusterServiceVersion can define Webhooks that cannot be created. \n1891951 - UI should show warning while creating pools with compression on\n1891952 - [Release 4.7] Apps Domain Enhancement\n1891993 - 4.5 to 4.6 upgrade doesn\u0027t remove deployments created by marketplace\n1891995 - OperatorHub displaying old content\n1891999 - Storage efficiency card showing wrong compression ratio\n1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28\u0027 not found (required by ./opm)\n1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. \n1892198 - TypeError in \u0027Performance Profile\u0027 tab displayed for \u0027Performance Addon Operator\u0027\n1892288 - assisted install workflow creates excessive control-plane disruption\n1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config\n1892358 - [e2e][automation] update feature gate for kubevirt-gating job\n1892376 - Deleted netnamespace could not be re-created\n1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky\n1892393 - TestListPackages is flaky\n1892448 - MCDPivotError alert/metric missing\n1892457 - NTO-shipped stalld needs to use FIFO for boosting. \n1892467 - linuxptp-daemon crash\n1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env\n1892653 - User is unable to create KafkaSource with v1beta\n1892724 - VFS added to the list of devices of the nodeptpdevice CRD\n1892799 - Mounting additionalTrustBundle in the operator\n1893117 - Maintenance mode on vSphere blocks installation. \n1893351 - TLS secrets are not able to edit on console. \n1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots\n1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky \"worker\" assumption when guessing about ingress availability\n1893546 - Deploy using virtual media fails on node cleaning step\n1893601 - overview filesystem utilization of OCP is showing the wrong values\n1893645 - oc describe route SIGSEGV\n1893648 - Ironic image building process is not compatible with UEFI secure boot\n1893724 - OperatorHub generates incorrect RBAC\n1893739 - Force deletion doesn\u0027t work for snapshots if snapshotclass is already deleted\n1893776 - No useful metrics for image pull time available, making debugging issues there impossible\n1893798 - Lots of error messages starting with \"get namespace to enqueue Alertmanager instances failed\" in the logs of prometheus-operator\n1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD\n1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS\n1893926 - Some \"Dynamic PV (block volmode)\" pattern storage e2e tests are wrongly skipped\n1893944 - Wrong product name for Multicloud Object Gateway\n1893953 - (release-4.7) Gather default StatefulSet configs\n1893956 - Installation always fails at \"failed to initialize the cluster: Cluster operator image-registry is still updating\"\n1893963 - [Testday] Workloads-\u003e Virtualization is not loading for Firefox browser\n1893972 - Should skip e2e test cases as early as possible\n1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without \u0027https://\u0027\n1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective\n1894025 - OCP 4.5 to 4.6 upgrade for \"aws-ebs-csi-driver-operator\" fails when \"defaultNodeSelector\" is set\n1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used. \n1894065 - tag new packages to enable TLS support\n1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0\n1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries\n1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM\n1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted\n1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI)\n1894216 - Improve OpenShift Web Console availability\n1894275 - Fix CRO owners file to reflect node owner\n1894278 - \"database is locked\" error when adding bundle to index image\n1894330 - upgrade channels needs to be updated for 4.7\n1894342 - oauth-apiserver logs many \"[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient\"\n1894374 - Dont prevent the user from uploading a file with incorrect extension\n1894432 - [oVirt] sometimes installer timeout on tmp_import_vm\n1894477 - bash syntax error in nodeip-configuration.service\n1894503 - add automated test for Polarion CNV-5045\n1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform\n1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets\n1894645 - Cinder volume provisioning crashes on nil cloud provider\n1894677 - image-pruner job is panicking: klog stack\n1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0\n1894860 - \u0027backend\u0027 CI job passing despite failing tests\n1894910 - Update the node to use the real-time kernel fails\n1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package\n1895065 - Schema / Samples / Snippets Tabs are all selected at the same time\n1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI\n1895141 - panic in service-ca injector\n1895147 - Remove memory limits on openshift-dns\n1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation\n1895268 - The bundleAPIs should NOT be empty\n1895309 - [OCP v47] The RHEL node scaleup fails due to \"No package matching \u0027cri-o-1.19.*\u0027 found available\" on OCP 4.7 cluster\n1895329 - The infra index filled with warnings \"WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release\"\n1895360 - Machine Config Daemon removes a file although its defined in the dropin\n1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1\n1895372 - Web console going blank after selecting any operator to install from OperatorHub\n1895385 - Revert KUBELET_LOG_LEVEL back to level 3\n1895423 - unable to edit an application with a custom builder image\n1895430 - unable to edit custom template application\n1895509 - Backup taken on one master cannot be restored on other masters\n1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image\n1895838 - oc explain description contains \u0027/\u0027\n1895908 - \"virtio\" option is not available when modifying a CD-ROM to disk type\n1895909 - e2e-metal-ipi-ovn-dualstack is failing\n1895919 - NTO fails to load kernel modules\n1895959 - configuring webhook token authentication should prevent cluster upgrades\n1895979 - Unable to get coreos-installer with --copy-network to work\n1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV\n1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded)\n1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed\n1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest\n1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded\n1896244 - Found a panic in storage e2e test\n1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general\n1896302 - [e2e][automation] Fix 4.6 test failures\n1896365 - [Migration]The SDN migration cannot revert under some conditions\n1896384 - [ovirt IPI]: local coredns resolution not working\n1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6\n1896529 - Incorrect instructions in the Serverless operator and application quick starts\n1896645 - documentationBaseURL needs to be updated for 4.7\n1896697 - [Descheduler] policy.yaml param in cluster configmap is empty\n1896704 - Machine API components should honour cluster wide proxy settings\n1896732 - \"Attach to Virtual Machine OS\" button should not be visible on old clusters\n1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection  is incompatible with SR-IOV operator\n1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails\n1896918 - start creating new-style Secrets for AWS\n1896923 - DNS pod /metrics exposed on anonymous http port\n1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters\n1897003 - VNC console cannot be connected after visit it in new window\n1897008 - Cypress: reenable check for \u0027aria-hidden-focus\u0027 rule \u0026 checkA11y test for modals\n1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO\n1897039 - router pod keeps printing log: template \"msg\"=\"router reloaded\"  \"output\"=\"[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option \u0027http-use-htx\u0027 is deprecated and ignored\n1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV. \n1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces\n1897138 - oVirt provider uses depricated cluster-api project\n1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly\n1897252 - Firing alerts are not showing up in console UI after cluster is up for some time\n1897354 - Operator installation showing success, but Provided APIs are missing\n1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with \"connection refused\"\n1897412 - [sriov]disableDrain did not be updated in CRD of manifest\n1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page\n1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to \u0027localhost\u0027\n1897520 - After restarting nodes the image-registry co is in degraded true state. \n1897584 - Add casc plugins\n1897603 - Cinder volume attachment detection failure in Kubelet\n1897604 - Machine API deployment fails: Kube-Controller-Manager can\u0027t reach API: \"Unauthorized\"\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests\n1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition\n1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service`\n1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing\n1897897 - ptp lose sync openshift 4.6\n1898036 - no network after reboot (IPI)\n1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically\n1898097 - mDNS floods the baremetal network\n1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem\n1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied\n1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster\n1898174 - [OVN] EgressIP does not guard against node IP assignment\n1898194 - GCP: can\u0027t install on custom machine types\n1898238 - Installer validations allow same floating IP for API and Ingress\n1898268 - [OVN]: `make check` broken on 4.6\n1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default\n1898320 - Incorrect Apostrophe  Translation of  \"it\u0027s\" in Scheduling Disabled Popover\n1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display. \n1898407 - [Deployment timing regression] Deployment takes longer with 4.7\n1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service\n1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine\n1898500 - Failure to upgrade operator when a Service is included in a Bundle\n1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic\n1898532 - Display names defined in specDescriptors not respected\n1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted\n1898613 - Whereabouts should exclude IPv6 ranges\n1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase\n1898679 - Operand creation form - Required \"type: object\" properties (Accordion component) are missing red asterisk\n1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability\n1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator\n1898839 - Wrong YAML in operator metadata\n1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job\n1898873 - Remove TechPreview Badge from Monitoring\n1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way\n1899111 - [RFE] Update jenkins-maven-agen to maven36\n1899128 - VMI details screen -\u003e show the warning that it is preferable to have a VM only if the VM actually does not exist\n1899175 - bump the RHCOS boot images for 4.7\n1899198 - Use new packages for ipa ramdisks\n1899200 - In Installed Operators page I cannot search for an Operator by it\u0027s name\n1899220 - Support AWS IMDSv2\n1899350 - configure-ovs.sh doesn\u0027t configure bonding options\n1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error \"An error occurred Not Found\"\n1899459 - Failed to start monitoring pods once the operator removed from override list of CVO\n1899515 - Passthrough credentials are not immediately re-distributed on update\n1899575 - update discovery burst to reflect lots of CRDs on openshift clusters\n1899582 - update discovery burst to reflect lots of CRDs on openshift clusters\n1899588 - Operator objects are re-created after all other associated resources have been deleted\n1899600 - Increased etcd fsync latency as of OCP 4.6\n1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup\n1899627 - Project dashboard Active status using small icon\n1899725 - Pods table does not wrap well with quick start sidebar open\n1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)\n1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality\n1899835 - catalog-operator repeatedly crashes with \"runtime error: index out of range [0] with length 0\"\n1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap\n1899853 - additionalSecurityGroupIDs not working for master nodes\n1899922 - NP changes sometimes influence new pods. \n1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet\n1900008 - Fix internationalized sentence fragments in ImageSearch.tsx\n1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx\n1900020 - Remove \u0026apos; from internationalized keys\n1900022 - Search Page - Top labels field is not applied to selected Pipeline resources\n1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently\n1900126 - Creating a VM results in suggestion to create a default storage class when one already exists\n1900138 - [OCP on RHV] Remove insecure mode from the installer\n1900196 - stalld is not restarted after crash\n1900239 - Skip \"subPath should be able to unmount\" NFS test\n1900322 - metal3 pod\u0027s toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists\n1900377 - [e2e][automation] create new css selector for active users\n1900496 - (release-4.7) Collect spec config for clusteroperator resources\n1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks\n1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue\n1900759 - include qemu-guest-agent by default\n1900790 - Track all resource counts via telemetry\n1900835 - Multus errors when cachefile is not found\n1900935 - `oc adm release mirror` panic panic: runtime error\n1900989 - accessing the route cannot wake up the idled resources\n1901040 - When scaling down the status of the node is stuck on deleting\n1901057 - authentication operator health check failed when installing a cluster behind proxy\n1901107 - pod donut shows incorrect information\n1901111 - Installer dependencies are broken\n1901200 - linuxptp-daemon crash when enable debug log level\n1901301 - CBO should handle platform=BM without provisioning CR\n1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly\n1901363 - High Podready Latency due to timed out waiting for annotations\n1901373 - redundant bracket on snapshot restore button\n1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with \"timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true\"\n1901395 - \"Edit virtual machine template\" action link should be removed\n1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting\n1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP\n1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema\n1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod \"before all\" hook for \"creates the resource instance\"\n1901604 - CNO blocks editing Kuryr options\n1901675 - [sig-network] multicast when using one of the plugins \u0027redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy\u0027 should allow multicast traffic in namespaces where it is enabled\n1901909 - The device plugin pods / cni pod are restarted every 5 minutes\n1901982 - [sig-builds][Feature:Builds] build can reference a cluster service  with a build being created from new-build should be able to run a build that references a cluster service\n1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error\n1902059 - Wire a real signer for service accout issuer\n1902091 - `cluster-image-registry-operator` pod leaves connections open when fails connecting S3 storage\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1902157 - The DaemonSet machine-api-termination-handler couldn\u0027t allocate Pod\n1902253 - MHC status doesnt set RemediationsAllowed = 0\n1902299 - Failed to mirror operator catalog - error: destination registry required\n1902545 - Cinder csi driver node pod should add nodeSelector for Linux\n1902546 - Cinder csi driver node pod doesn\u0027t run on master node\n1902547 - Cinder csi driver controller pod doesn\u0027t run on master node\n1902552 - Cinder csi driver does not use the downstream images\n1902595 - Project workloads list view doesn\u0027t show alert icon and hover message\n1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent\n1902601 - Cinder csi driver pods run as BestEffort qosClass\n1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group\n1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails\n1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked\n1902824 - failed to generate semver informed package manifest: unable to determine default channel\n1902894 - hybrid-overlay-node crashing trying to get node object during initialization\n1902969 - Cannot load vmi detail page\n1902981 - It should default to current namespace when create vm from template\n1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file  via s3:// URI\n1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry\n1903034 - OLM continuously printing debug logs\n1903062 - [Cinder csi driver] Deployment mounted volume have no write access\n1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready\n1903107 - Enable vsphere-problem-detector e2e tests\n1903164 - OpenShift YAML editor jumps to top every few seconds\n1903165 - Improve Canary Status Condition handling for e2e tests\n1903172 - Column Management: Fix sticky footer on scroll\n1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled\n1903188 - [Descheduler] cluster log reports failed to validate server configuration\" err=\"unsupported log format:\n1903192 - Role name missing on create role binding form\n1903196 - Popover positioning is misaligned for Overview Dashboard status items\n1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends. \n1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components\n1903248 - Backport Upstream Static Pod UID patch\n1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests]\n1903290 - Kubelet repeatedly log the same log line from exited containers\n1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption. \n1903382 - Panic when task-graph is canceled with a TaskNode with no tasks\n1903400 - Migrate a VM which is not running goes to pending state\n1903402 - Nic/Disk on VMI overview should link to VMI\u0027s nic/disk page\n1903414 - NodePort is not working when configuring an egress IP address\n1903424 - mapi_machine_phase_transition_seconds_sum doesn\u0027t work\n1903464 - \"Evaluating rule failed\" for \"record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum\" and \"record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum\"\n1903639 - Hostsubnet gatherer produces wrong output\n1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service\n1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started\n1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image\n1903717 - Handle different Pod selectors for metal3 Deployment\n1903733 - Scale up followed by scale down can delete all running workers\n1903917 - Failed to load \"Developer Catalog\" page\n1903999 - Httplog response code is always zero\n1904026 - The quota controllers should resync on new resources and make progress\n1904064 - Automated cleaning is disabled by default\n1904124 - DHCP to static lease script doesn\u0027t work correctly if starting with infinite leases\n1904125 - Boostrap VM .ign image gets added into \u0027default\u0027 pool instead of \u003ccluster-name\u003e-\u003cid\u003e-bootstrap\n1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails\n1904133 - KubeletConfig flooded with failure conditions\n1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart\n1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi !\n1904244 - MissingKey errors for two plugins using i18next.t\n1904262 - clusterresourceoverride-operator has version: 1.0.0 every build\n1904296 - VPA-operator has version: 1.0.0 every build\n1904297 - The index image generated by \"opm index prune\" leaves unrelated images\n1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards\n1904385 - [oVirt] registry cannot mount volume on 4.6.4 -\u003e 4.6.6 upgrade\n1904497 - vsphere-problem-detector: Run on vSphere cloud only\n1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set\n1904502 - vsphere-problem-detector: allow longer timeouts for some operations\n1904503 - vsphere-problem-detector: emit alerts\n1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody)\n1904578 - metric scraping for vsphere problem detector is not configured\n1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -\u003e 4.6.6 upgrade\n1904663 - IPI pointer customization MachineConfig always generated\n1904679 - [Feature:ImageInfo] Image info should display information about images\n1904683 - `[sig-builds][Feature:Builds] s2i build with a root user image` tests use docker.io image\n1904684 - [sig-cli] oc debug ensure it works with image streams\n1904713 - Helm charts with kubeVersion restriction are filtered incorrectly\n1904776 - Snapshot modal alert is not pluralized\n1904824 - Set vSphere hostname from guestinfo before NM starts\n1904941 - Insights status is always showing a loading icon\n1904973 - KeyError: \u0027nodeName\u0027 on NP deletion\n1904985 - Prometheus and thanos sidecar targets are down\n1904993 - Many ampersand special characters are found in strings\n1905066 - QE - Monitoring test cases - smoke test suite automation\n1905074 - QE -Gherkin linter to maintain standards\n1905100 - Too many haproxy processes in default-router pod causing high load average\n1905104 - Snapshot modal disk items missing keys\n1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm\n1905119 - Race in AWS EBS determining whether custom CA bundle is used\n1905128 - [e2e][automation] e2e tests succeed without actually execute\n1905133 - operator conditions special-resource-operator\n1905141 - vsphere-problem-detector: report metrics through telemetry\n1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures\n1905194 - Detecting broken connections to the Kube API takes up to 15 minutes\n1905221 - CVO transitions from \"Initializing\" to \"Updating\" despite not attempting many manifests\n1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP\n1905253 - Inaccurate text at bottom of Events page\n1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory\n1905299 - OLM fails to update operator\n1905307 - Provisioning CR is missing from must-gather\n1905319 - cluster-samples-operator containers are not requesting required memory resource\n1905320 - csi-snapshot-webhook is not requesting required memory resource\n1905323 - dns-operator is not requesting required memory resource\n1905324 - ingress-operator is not requesting required memory resource\n1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory\n1905328 - Changing the bound token service account issuer invalids previously issued bound tokens\n1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory\n1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory\n1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails\n1905347 - QE - Design Gherkin Scenarios\n1905348 - QE - Design Gherkin Scenarios\n1905362 - [sriov] Error message \u0027Fail to update DaemonSet\u0027 always shown in sriov operator pod\n1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted\n1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input\n1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation\n1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1\n1905404 - The example of \"Remove the entrypoint on the mysql:latest image\" for `oc image append` does not work\n1905416 - Hyperlink not working from Operator Description\n1905430 - usbguard extension fails to install because of missing correct protobuf dependency version\n1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads\n1905502 - Test flake - unable to get https transport for ephemeral-registry\n1905542 - [GSS] The \"External\" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6. \n1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs\n1905610 - Fix typo in export script\n1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster\n1905640 - Subscription manual approval test is flaky\n1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry\n1905696 - ClusterMoreUpdatesModal component did not get internationalized\n1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes\n1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project\n1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster\n1905792 - [OVN]Cannot create egressfirewalll with dnsName\n1905889 - Should create SA for each namespace that the operator scoped\n1905920 - Quickstart exit and restart\n1905941 - Page goes to error after create catalogsource\n1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711\n1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters\n1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected\n1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it\n1906118 - OCS feature detection constantly polls storageclusters and storageclasses\n1906120 - \u0027Create Role Binding\u0027 form not setting user or group value when created from a user or group resource\n1906121 - [oc] After new-project creation, the kubeconfig file does not set the project\n1906134 - OLM should not create OperatorConditions for copied CSVs\n1906143 - CBO supports log levels\n1906186 - i18n: Translators are not able to translate `this` without context for alert manager config\n1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots\n1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize. \n1906276 - `oc image append` can\u0027t work with multi-arch image with  --filter-by-os=\u0027.*\u0027\n1906318 - use proper term for Authorized SSH Keys\n1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional\n1906356 - Unify Clone PVC boot source flow with URL/Container boot source\n1906397 - IPA has incorrect kernel command line arguments\n1906441 - HorizontalNav and NavBar have invalid keys\n1906448 - Deploy using virtualmedia with provisioning network disabled fails - \u0027Failed to connect to the agent\u0027 in ironic-conductor log\n1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project\n1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node\u0027s memory and killing them\n1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures\n1906511 - Root reprovisioning tests flaking often in CI\n1906517 - Validation is not robust enough and may prevent to generate install-confing. \n1906518 - Update snapshot API CRDs to v1\n1906519 - Update LSO CRDs to use v1\n1906570 - Number of disruptions caused by reboots on a cluster cannot be measured\n1906588 - [ci][sig-builds] nodes is forbidden: User \"e2e-test-jenkins-pipeline-xfghs-user\" cannot list resource \"nodes\" in API group \"\" at the cluster scope\n1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs\n1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs\n1906679 - quick start panel styles are not loaded\n1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber\n1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form\n1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created\n1906689 - user can pin to nav configmaps and secrets multiple times\n1906691 - Add doc which describes disabling helm chart repository\n1906713 - Quick starts not accesible for a developer user\n1906718 - helm chart \"provided by Redhat\" is misspelled\n1906732 - Machine API proxy support should be tested\n1906745 - Update Helm endpoints to use Helm 3.4.x\n1906760 - performance issues with topology constantly re-rendering\n1906766 - localized `Autoscaled` \u0026 `Autoscaling` pod texts overlap with the pod ring\n1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section\n1906769 - topology fails to load with non-kubeadmin user\n1906770 - shortcuts on mobiles view occupies a lot of space\n1906798 - Dev catalog customization doesn\u0027t update console-config ConfigMap\n1906806 - Allow installing extra packages in ironic container images\n1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer\n1906835 - Topology view shows add page before then showing full project workloads\n1906840 - ClusterOperator should not have status \"Updating\" if operator version is the same as the release version\n1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy\n1906860 - Bump kube dependencies to v1.20 for Net Edge components\n1906864 - Quick Starts Tour: Need to adjust vertical spacing\n1906866 - Translations of Sample-Utils\n1906871 - White screen when sort by name in monitoring alerts page\n1906872 - Pipeline Tech Preview Badge Alignment\n1906875 - Provide an option to force backup even when API is not available. \n1906877 - Placeholder\u0027 value in search filter do not match column heading in Vulnerabilities\n1906879 - Add missing i18n keys\n1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install\n1906896 - No Alerts causes odd empty Table (Need no content message)\n1906898 - Missing User RoleBindings in the Project Access Web UI\n1906899 - Quick Start - Highlight Bounding Box Issue\n1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1\n1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers\n1906935 - Delete resources when Provisioning CR is deleted\n1906968 - Must-gather should support collecting kubernetes-nmstate resources\n1906986 - Ensure failed pod adds are retried even if the pod object doesn\u0027t change\n1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt\n1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change\n1907211 - beta promotion of p\u0026f switched storage version to v1beta1, making downgrades impossible. \n1907269 - Tooltips data are different when checking stack or not checking stack for the same time\n1907280 - Install tour of OCS not available. \n1907282 - Topology page breaks with white screen\n1907286 - The default mhc machine-api-termination-handler couldn\u0027t watch spot instance\n1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent\n1907293 - Increase timeouts in e2e tests\n1907295 - Gherkin script for improve management for helm\n1907299 - Advanced Subscription Badge for KMS and Arbiter not present\n1907303 - Align VM template list items by baseline\n1907304 - Use PF styles for selected template card in VM Wizard\n1907305 - Drop \u0027ISO\u0027 from CDROM boot source message\n1907307 - Support and provider labels should be passed on between templates and sources\n1907310 - Pin action should be renamed to favorite\n1907312 - VM Template source popover is missing info about added date\n1907313 - ClusterOperator objects cannot be overriden with cvo-overrides\n1907328 - iproute-tc package is missing in ovn-kube image\n1907329 - CLUSTER_PROFILE env. variable is not used by the CVO\n1907333 - Node stuck in degraded state, mcp reports \"Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached\"\n1907373 - Rebase to kube 1.20.0\n1907375 - Bump to latest available 1.20.x k8s - workloads team\n1907378 - Gather netnamespaces networking info\n1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity\n1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn\u0027t match the CSV one\n1907390 - prometheus-adapter: panic after k8s 1.20 bump\n1907399 - build log icon link on topology nodes cause app to reload\n1907407 - Buildah version not accessible\n1907421 - [4.6.1]oc-image-mirror command failed on \"error: unable to copy layer\"\n1907453 - Dev Perspective -\u003e running vm details -\u003e resources -\u003e no data\n1907454 - Install PodConnectivityCheck CRD with CNO\n1907459 - \"The Boot source is also maintained by Red Hat.\" is always shown for all boot sources\n1907475 - Unable to estimate the error rate of ingress across the connected fleet\n1907480 - `Active alerts` section throwing forbidden error for users. \n1907518 - Kamelets/Eventsource should be shown to user if they have create access\n1907543 - Korean timestamps are shown when users\u0027 language preferences are set to German-en-en-US\n1907610 - Update kubernetes deps to 1.20\n1907612 - Update kubernetes deps to 1.20\n1907621 - openshift/installer: bump cluster-api-provider-kubevirt version\n1907628 - Installer does not set primary subnet consistently\n1907632 - Operator Registry should update its kubernetes dependencies to 1.20\n1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters\n1907644 - fix up handling of non-critical annotations on daemonsets/deployments\n1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?)\n1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication\n1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail\n1907767 - [e2e][automation]update test suite for kubevirt plugin\n1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don\u0027t allow master and worker nodes to boot\n1907792 - The `overrides` of the OperatorCondition cannot block the operator upgrade\n1907793 - Surface support info in VM template details\n1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage\n1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set\n1907863 - Quickstarts status not updating when starting the tour\n1907872 - dual stack with an ipv6 network fails on bootstrap phase\n1907874 - QE - Design Gherkin Scenarios for epic ODC-5057\n1907875 - No response when try to expand pvc with an invalid size\n1907876 - Refactoring record package to make gatherer configurable\n1907877 - QE - Automation- pipelines builder scripts\n1907883 - Fix Pipleine creation without namespace issue\n1907888 - Fix pipeline list page loader\n1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form\n1907892 - Unable to edit application deployed using \"From Devfile\" option\n1907893 - navSortUtils.spec.ts unit test failure\n1907896 - When a workload is added, Topology does not place the new items well\n1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template\n1907924 - Enable madvdontneed in OpenShift Images\n1907929 - Enable madvdontneed in OpenShift System Components Part 2\n1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot\n1907947 - The kubeconfig saved in tenantcluster shouldn\u0027t include anything that is not related to the current context\n1907948 - OCM-O bump to k8s 1.20\n1907952 - bump to k8s 1.20\n1907972 - Update OCM link to open Insights tab\n1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI\n1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916\n1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni\n1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk\n1908035 - dynamic-demo-plugin build does not generate dist directory\n1908135 - quick search modal is not centered over topology\n1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled\n1908159 - [AWS C2S] MCO fails to sync cloud config\n1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384)\n1908180 - Add source for template is stucking in preparing pvc\n1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens\n1908231 - [Migration] The pods ovnkube-node are in  CrashLoopBackOff after SDN to OVN\n1908277 - QE - Automation- pipelines actions scripts\n1908280 - Documentation describing `ignore-volume-az` is incorrect\n1908296 - Fix pipeline builder form yaml switcher validation issue\n1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI\n1908323 - Create button missing for PLR in the search page\n1908342 - The new pv_collector_total_pv_count is not reported via telemetry\n1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name\n1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots\n1908349 - Volume snapshot tests are failing after 1.20 rebase\n1908353 - QE - Automation- pipelines runs scripts\n1908361 - bump to k8s 1.20\n1908367 - QE - Automation- pipelines triggers scripts\n1908370 - QE - Automation- pipelines secrets scripts\n1908375 - QE - Automation- pipelines workspaces scripts\n1908381 - Go Dependency Fixes for Devfile Lib\n1908389 - Loadbalancer Sync failing on Azure\n1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived\n1908407 - Backport Upstream 95269 to fix potential crash in kubelet\n1908410 - Exclude Yarn from VSCode search\n1908425 - Create Role Binding form subject type and name are undefined when All Project is selected\n1908431 - When the marketplace-operator pod get\u0027s restarted, the custom catalogsources are gone, as well as the pods\n1908434 - Remove \u0026apos from metal3-plugin internationalized strings\n1908437 - Operator backed with no icon has no badge associated with the CSV tag\n1908459 - bump to k8s 1.20\n1908461 - Add bugzilla component to OWNERS file\n1908462 - RHCOS 4.6 ostree removed dhclient\n1908466 - CAPO AZ Screening/Validating\n1908467 - Zoom in and zoom out in topology package should be sentence case\n1908468 - [Azure][4.7] Installer can\u0027t properly parse instance type with non integer memory size\n1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster\n1908471 - OLM should bump k8s dependencies to 1.20\n1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests\n1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM\n1908545 - VM clone dialog does not open\n1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard\n1908562 - Pod readiness is not being observed in real world cases\n1908565 - [4.6] Cannot filter the platform/arch of the index image\n1908573 - Align the style of flavor\n1908583 - bootstrap does not run on additional networks if configured for master in install-config\n1908596 - Race condition on operator installation\n1908598 - Persistent Dashboard shows events for all provisioners\n1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state\n1908648 - Skip TestKernelType test on OKD, adjust TestExtensions\n1908650 - The title of customize wizard is inconsistent\n1908654 - cluster-api-provider: volumes and disks names shouldn\u0027t change by machine-api-operator\n1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s]\n1908687 - Option to save user settings separate when using local bridge (affects console developers only)\n1908697 - Show `kubectl diff ` command in the oc diff help page\n1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom\n1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds\n1908717 - \"missing unit character in duration\" error in some network dashboards\n1908746 - [Safari] Drop Shadow doesn\u0027t works as expected on hover on workload\n1908747 - stale S3 CredentialsRequest in CCO manifest\n1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase\n1908830 - RHCOS 4.6 - Missing Initiatorname\n1908868 - Update empty state message for EventSources and Channels tab\n1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes\n1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference\n1908888 - Dualstack does not work with multiple gateways\n1908889 - Bump CNO to k8s 1.20\n1908891 - TestDNSForwarding DNS operator e2e test is failing frequently\n1908914 - CNO: upgrade nodes before masters\n1908918 - Pipeline builder yaml view sidebar is not responsive\n1908960 - QE - Design Gherkin Scenarios\n1908971 - Gherkin Script for pipeline debt 4.7\n1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated\n1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console\n1908998 - [cinder-csi-driver] doesn\u0027t detect the credentials change\n1909004 - \"No datapoints found\" for RHEL node\u0027s filesystem graph\n1909005 - i18n: workloads list view heading is not translated\n1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects\n1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type\n1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware\n1909067 - Web terminal should keep latest output when connection closes\n1909070 - PLR and TR Logs component is not streaming as fast as tkn\n1909092 - Error Message should not confuse user on Channel form\n1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page\n1909108 - Machine API components should use 1.20 dependencies\n1909116 - Catalog Sort Items dropdown is not aligned on Firefox\n1909198 - Move Sink action option is not working\n1909207 - Accessibility Issue on monitoring page\n1909236 - Remove pinned icon overlap on resource name\n1909249 - Intermittent packet drop from pod to pod\n1909276 - Accessibility Issue on create project modal\n1909289 - oc debug of an init container no longer works\n1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2\n1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle\n1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it\n1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O\n1909464 - Build operator-registry with golang-1.15\n1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found\n1909521 - Add kubevirt cluster type for e2e-test workflow\n1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created\n1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node\n1909610 - Fix available capacity when no storage class selected\n1909678 - scale up / down buttons available on pod details side panel\n1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder \u0026 base images to be consistent with ART\n1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined\n1909739 - Arbiter request data changes\n1909744 - cluster-api-provider-openstack: Bump gophercloud\n1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline\n1909791 - Update standalone kube-proxy config for EndpointSlice\n1909792 - Empty states for some details page subcomponents are not i18ned\n1909815 - Perspective switcher is only half-i18ned\n1909821 - OCS 4.7 LSO installation blocked because of Error \"Invalid value: \"integer\": spec.flexibleScaling in body\n1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn\u0027t installed in CI\n1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing\n1909911 - [OVN]EgressFirewall caused a segfault\n1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument\n1909958 - Support Quick Start Highlights Properly\n1909978 - ignore-volume-az = yes not working on standard storageClass\n1909981 - Improve statement in template select step\n1909992 - Fail to pull the bundle image when using the private index image\n1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev\n1910036 - QE - Design Gherkin Scenarios ODC-4504\n1910049 - UPI: ansible-galaxy is not supported\n1910127 - [UPI on oVirt]:  Improve UPI Documentation\n1910140 - fix the api dashboard with changes in upstream kube 1.20\n1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment\u0027s containers with the OPERATOR_CONDITION_NAME Environment Variable\n1910165 - DHCP to static lease script doesn\u0027t handle multiple addresses\n1910305 - [Descheduler] - The minKubeVersion should be 1.20.0\n1910409 - Notification drawer is not localized for i18n\n1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials\n1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation\n1910501 - Installed Operators-\u003eOperand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page\n1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work\n1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready\n1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability\n1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded\n1910739 - Redfish-virtualmedia (idrac) deploy fails on \"The Virtual Media image server is already connected\"\n1910753 - Support Directory Path to Devfile\n1910805 - Missing translation for Pipeline status and breadcrumb text\n1910829 - Cannot delete a PVC if the dv\u0027s phase is WaitForFirstConsumer\n1910840 - Show Nonexistent  command info in the `oc rollback -h` help page\n1910859 - breadcrumbs doesn\u0027t use last namespace\n1910866 - Unify templates string\n1910870 - Unify template dropdown action\n1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6\n1911129 - Monitoring charts renders nothing when switching from a Deployment to \"All workloads\"\n1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard\n1911212 - [MSTR-998] API Performance Dashboard \"Period\" drop-down has a choice \"$__auto_interval_period\" which can bring \"1:154: parse error: missing unit character in duration\"\n1911213 - Wrong and misleading warning for VMs that were created manually (not from template)\n1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created\n1911269 - waiting for the build message present when build exists\n1911280 - Builder images are not detected for Dotnet, Httpd, NGINX\n1911307 - Pod Scale-up requires extra privileges in OpenShift web-console\n1911381 - \"Select Persistent Volume Claim project\" shows in customize wizard when select a source available template\n1911382 - \"source volumeMode (Block) and target volumeMode (Filesystem) do not match\" shows in VM Error\n1911387 - Hit error - \"Cannot read property \u0027value\u0027 of undefined\" while creating VM from template\n1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation\n1911418 - [v2v] The target storage class name is not displayed if default storage class is used\n1911434 - git ops empty state page displays icon with watermark\n1911443 - SSH Cretifiaction field should be validated\n1911465 - IOPS display wrong unit\n1911474 - Devfile Application Group Does Not Delete Cleanly (errors)\n1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController\n1911574 - Expose volume mode  on Upload Data form\n1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined\n1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel\n1911656 - using \u0027operator-sdk run bundle\u0027 to install operator successfully, but the command output said \u0027Failed to run bundle\u0027\u0027\n1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state\n1911782 - Descheduler should not evict pod used local storage by the PVC\n1911796 - uploading flow being displayed before submitting the form\n1912066 - The ansible type operator\u0027s manager container is not stable when managing the CR\n1912077 - helm operator\u0027s default rbac forbidden\n1912115 - [automation] Analyze job keep failing because of \u0027JavaScript heap out of memory\u0027\n1912237 - Rebase CSI sidecars for 4.7\n1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page\n1912409 - Fix flow schema deployment\n1912434 - Update guided tour modal title\n1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken\n1912523 - Standalone pod status not updating in topology graph\n1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion\n1912558 - TaskRun list and detail screen doesn\u0027t show Pending status\n1912563 - p\u0026f: carry 97206: clean up executing request on panic\n1912565 - OLM macOS local build broken by moby/term dependency\n1912567 - [OCP on RHV] Node becomes to \u0027NotReady\u0027 status when shutdown vm from RHV UI only on the second deletion\n1912577 - 4.1/4.2-\u003e4.3-\u003e...-\u003e 4.7 upgrade is stuck during 4.6-\u003e4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff\n1912590 - publicImageRepository not being populated\n1912640 - Go operator\u0027s controller pods is forbidden\n1912701 - Handle dual-stack configuration for NIC IP\n1912703 - multiple queries can\u0027t be plotted in the same graph under some conditons\n1912730 - Operator backed: In-context should support visual connector if SBO is not installed\n1912828 - Align High Performance VMs with High Performance in RHV-UI\n1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates\n1912852 - VM from wizard - available VM templates - \"storage\" field is \"0 B\"\n1912888 - recycler template should be moved to KCM operator\n1912907 - Helm chart repository index can contain unresolvable relative URL\u0027s\n1912916 - Set external traffic policy to cluster for IBM platform\n1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller\n1912938 - Update confirmation modal for quick starts\n1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment\n1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment\n1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver\n1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912977 - rebase upstream static-provisioner\n1913006 - Remove etcd v2 specific alerts with etcd_http* metrics\n1913011 - [OVN] Pod\u0027s external traffic not use egressrouter macvlan ip as a source ip\n1913037 - update static-provisioner base image\n1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state\n1913085 - Regression OLM uses scoped client for CRD installation\n1913096 - backport: cadvisor machine metrics are missing in k8s 1.19\n1913132 - The installation of Openshift Virtualization reports success early before it \u0027s succeeded eventually\n1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root\n1913196 - Guided Tour doesn\u0027t handle resizing of browser\n1913209 - Support modal should be shown for community supported templates\n1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort\n1913249 - update info alert this template is not aditable\n1913285 - VM list empty state should link to virtualization quick starts\n1913289 - Rebase AWS EBS CSI driver for 4.7\n1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled\n1913297 - Remove restriction of taints for arbiter node\n1913306 - unnecessary scroll bar is present on quick starts panel\n1913325 - 1.20 rebase for openshift-apiserver\n1913331 - Import from git: Fails to detect Java builder\n1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used\n1913343 - (release-4.7) Added changelog file for insights-operator\n1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator\n1913371 - Missing i18n key \"Administrator\" in namespace \"console-app\" and language \"en.\"\n1913386 - users can see metrics of namespaces for which they don\u0027t have rights when monitoring own services with prometheus user workloads\n1913420 - Time duration setting of resources is not being displayed\n1913536 - 4.6.9 -\u003e 4.7 upgrade hangs.  RHEL 7.9 worker stuck on \"error enabling unit: Failed to execute operation: File exists\\\\n\\\"\n1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase\n1913560 - Normal user cannot load template on the new wizard\n1913563 - \"Virtual Machine\" is not on the same line in create button when logged with normal user\n1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table\n1913568 - Normal user cannot create template\n1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker\n1913585 - Topology descriptive text fixes\n1913608 - Table data contains data value None after change time range in graph and change back\n1913651 - Improved Red Hat image and crashlooping OpenShift pod collection\n1913660 - Change location and text of Pipeline edit flow alert\n1913685 - OS field not disabled when creating a VM from a template\n1913716 - Include additional use of existing libraries\n1913725 - Refactor Insights Operator Plugin states\n1913736 - Regression: fails to deploy computes when using root volumes\n1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes\n1913751 - add third-party network plugin test suite to openshift-tests\n1913783 - QE-To fix the merging pr issue, commenting the afterEach() block\n1913807 - Template support badge should not be shown for community supported templates\n1913821 - Need definitive steps about uninstalling descheduler operator\n1913851 - Cluster Tasks are not sorted in pipeline builder\n1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists\n1913951 - Update the Devfile Sample Repo to an Official Repo Host\n1913960 - Cluster Autoscaler should use 1.20 dependencies\n1913969 - Field dependency descriptor can sometimes cause an exception\n1914060 - Disk created from \u0027Import via Registry\u0027 cannot be used as boot disk\n1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy\n1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)\n1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances\n1914125 - Still using /dev/vde as default device path when create localvolume\n1914183 - Empty NAD page is missing link to quickstarts\n1914196 - target port in `from dockerfile` flow does nothing\n1914204 - Creating VM from dev perspective may fail with template not found error\n1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets\n1914212 - [e2e][automation] Add test to validate bootable disk souce\n1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes\n1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows\n1914287 - Bring back selfLink\n1914301 - User VM Template source should show the same provider as template itself\n1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs\n1914309 - /terminal page when WTO not installed shows nonsensical error\n1914334 - order of getting started samples is arbitrary\n1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel]  timeout on s390x\n1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI\n1914405 - Quick search modal should be opened when coming back from a selection\n1914407 - Its not clear that node-ca is running as non-root\n1914427 - Count of pods on the dashboard is incorrect\n1914439 - Typo in SRIOV port create command example\n1914451 - cluster-storage-operator pod running as root\n1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true\n1914642 - Customize Wizard Storage tab does not pass validation\n1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling\n1914793 - device names should not be translated\n1914894 - Warn about using non-groupified api version\n1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug\n1914932 - Put correct resource name in relatedObjects\n1914938 - PVC disk is not shown on customization wizard general tab\n1914941 - VM Template rootdisk is not deleted after fetching default disk bus\n1914975 - Collect logs from openshift-sdn namespace\n1915003 - No estimate of average node readiness during lifetime of a cluster\n1915027 - fix MCS blocking iptables rules\n1915041 - s3:ListMultipartUploadParts is relied on implicitly\n1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons\n1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours\n1915085 - Pods created and rapidly terminated get stuck\n1915114 - [aws-c2s] worker machines are not create during install\n1915133 - Missing default pinned nav items in dev perspective\n1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource\n1915187 - Remove the \"Tech preview\" tag in web-console for volumesnapshot\n1915188 - Remove HostSubnet anonymization\n1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment\n1915217 - OKD payloads expect to be signed with production keys\n1915220 - Remove dropdown workaround for user settings\n1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure\n1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod\n1915277 - [e2e][automation]fix cdi upload form test\n1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout\n1915304 - Updating scheduling component builder \u0026 base images to be consistent with ART\n1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node\n1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection\n1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod\n1915357 - Dev Catalog doesn\u0027t load anything if virtualization operator is installed\n1915379 - New template wizard should require provider and make support input a dropdown type\n1915408 - Failure in operator-registry kind e2e test\n1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation\n1915460 - Cluster name size might affect installations\n1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance\n1915540 - Silent 4.7 RHCOS install failure on ppc64le\n1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI)\n1915582 - p\u0026f: carry upstream pr 97860\n1915594 - [e2e][automation] Improve test for disk validation\n1915617 - Bump bootimage for various fixes\n1915624 - \"Please fill in the following field: Template provider\" blocks customize wizard\n1915627 - Translate Guided Tour text. \n1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error\n1915647 - Intermittent White screen when the connector dragged to revision\n1915649 - \"Template support\" pop up is not a warning; checkbox text should be rephrased\n1915654 - [e2e][automation] Add a verification for Afinity modal should hint \"Matching node found\"\n1915661 - Can\u0027t run the \u0027oc adm prune\u0027 command in a pod\n1915672 - Kuryr doesn\u0027t work with selfLink disabled. \n1915674 - Golden image PVC creation - storage size should be taken from the template\n1915685 - Message for not supported template is not clear enough\n1915760 - Need to increase timeout to wait rhel worker get ready\n1915793 - quick starts panel syncs incorrectly across browser windows\n1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster\n1915818 - vsphere-problem-detector: use \"_totals\" in metrics\n1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol\n1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version\n1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0\n1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics\n1915885 - Kuryr doesn\u0027t support workers running on multiple subnets\n1915898 - TaskRun log output shows \"undefined\" in streaming\n1915907 - test/cmd/builds.sh uses docker.io\n1915912 - sig-storage-csi-snapshotter image not available\n1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder \u0026 base images to be consistent with ART\n1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard\n1915939 - Resizing the browser window removes Web Terminal Icon\n1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance]\n1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7\n1915962 - ROKS: manifest with machine health check fails to apply in 4.7\n1915972 - Global configuration breadcrumbs do not work as expected\n1915981 - Install ethtool and conntrack in container for debugging\n1915995 - \"Edit RoleBinding Subject\" action under RoleBinding list page kebab actions causes unhandled exception\n1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups\n1916021 - OLM enters infinite loop if Pending CSV replaces itself\n1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry\n1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert\u0027s annotations\n1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk\n1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration\n1916145 - Explicitly set minimum versions of python libraries\n1916164 - Update csi-driver-nfs builder \u0026 base images to be consistent with ART\n1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7\n1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third\n1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2\n1916379 - error metrics from vsphere-problem-detector should be gauge\n1916382 - Can\u0027t create ext4 filesystems with Ignition\n1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving \u0027verified: false\u0027 even for verified updates\n1916401 - Deleting an ingress controller with a bad DNS Record hangs\n1916417 - [Kuryr] Must-gather does not have all Custom Resources information\n1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image\n1916454 - teach CCO about upgradeability from 4.6 to 4.7\n1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation\n1916502 - Boot disk mirroring fails with mdadm error\n1916524 - Two rootdisk shows on storage step\n1916580 - Default yaml is broken for VM and VM template\n1916621 - oc adm node-logs examples are wrong\n1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret. \n1916692 - Possibly fails to destroy LB and thus cluster\n1916711 - Update Kube dependencies in MCO to 1.20.0\n1916747 - remove links to quick starts if virtualization operator isn\u0027t updated to 2.6\n1916764 - editing a workload with no application applied, will auto fill the app\n1916834 - Pipeline Metrics - Text Updates\n1916843 - collect logs from openshift-sdn-controller pod\n1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed\n1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually\n1916888 - OCS wizard Donor chart does not get updated when `Device Type` is edited\n1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error \"Forbidden: cannot specify lbFloatingIP and apiFloatingIP together\"\n1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace\n1917101 - [UPI on oVirt] - \u0027RHCOS image\u0027 topic isn\u0027t located in the right place in UPI document\n1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to \u0027\"ProxyConfigController\" controller failed to sync \"key\"\u0027 error\n1917117 - Common templates - disks screen: invalid disk name\n1917124 - Custom template - clone existing PVC - the name of the target VM\u0027s data volume is hard-coded; only one VM can be created\n1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator\n1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. \n1917148 - [oVirt] Consume 23-10 ovirt sdk\n1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened\n1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console\n1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory\n1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7\n1917327 - annotations.message maybe wrong for NTOPodsNotReady alert\n1917367 - Refactor periodic.go\n1917371 - Add docs on how to use the built-in profiler\n1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console\n1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui\n1917484 - [BM][IPI] Failed to scale down machineset\n1917522 - Deprecate --filter-by-os in oc adm catalog mirror\n1917537 - controllers continuously busy reconciling operator\n1917551 - use min_over_time for vsphere prometheus alerts\n1917585 - OLM Operator install page missing i18n\n1917587 - Manila CSI operator becomes degraded if user doesn\u0027t have permissions to list share types\n1917605 - Deleting an exgw causes pods to no longer route to other exgws\n1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API\n1917656 - Add to Project/application for eventSources from topology shows 404\n1917658 - Show TP badge for sources powered by camel connectors in create flow\n1917660 - Editing parallelism of job get error info\n1917678 - Could not provision pv when no symlink and target found on rhel worker\n1917679 - Hide double CTA in admin pipelineruns tab\n1917683 - `NodeTextFileCollectorScrapeError` alert in OCP 4.6 cluster. \n1917759 - Console operator panics after setting plugin that does not exists to the console-operator config\n1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0\n1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0\n1917799 - Gather s list of names and versions of installed OLM operators\n1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error\n1917814 - Show Broker create option in eventing under admin perspective\n1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types\n1917872 - [oVirt] rebase on latest SDK 2021-01-12\n1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image\n1917938 - upgrade version of dnsmasq package\n1917942 - Canary controller causes panic in ingress-operator\n1918019 - Undesired scrollbars in markdown area of QuickStart\n1918068 - Flaky olm integration tests\n1918085 - reversed name of job and namespace in cvo log\n1918112 - Flavor is not editable if a customize VM is created from cli\n1918129 - Update IO sample archive with missing resources \u0026 remove IP anonymization from clusteroperator resources\n1918132 - i18n: Volume Snapshot Contents menu is not translated\n1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2\n1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn\u0027t be installed on OSP\n1918153 - When `\u0026` character is set as an environment variable in a build config it is getting converted as `\\u0026`\n1918185 - Capitalization on PLR details page\n1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections\n1918318 - Kamelet connector\u0027s are not shown in eventing section under Admin perspective\n1918351 - Gather SAP configuration (SCC \u0026 ClusterRoleBinding)\n1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews\n1918395 - [ovirt] increase livenessProbe period\n1918415 - MCD nil pointer on dropins\n1918438 - [ja_JP, zh_CN] Serverless i18n misses\n1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig\n1918471 - CustomNoUpgrade Feature gates are not working correctly\n1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk\n1918622 - Updating ose-jenkins-agent-maven builder \u0026 base images to be consistent with ART\n1918623 - Updating ose-jenkins-agent-nodejs-12 builder \u0026 base images to be consistent with ART\n1918625 - Updating ose-jenkins-agent-nodejs-10 builder \u0026 base images to be consistent with ART\n1918635 - Updating openshift-jenkins-2 builder \u0026 base images to be consistent with ART #1197\n1918639 - Event listener with triggerRef crashes the console\n1918648 - Subscription page doesn\u0027t show InstallPlan correctly\n1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack\n1918748 - helmchartrepo is not http(s)_proxy-aware\n1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI\n1918803 - Need dedicated details page w/ global config breadcrumbs for \u0027KnativeServing\u0027 plugin\n1918826 - Insights popover icons are not horizontally aligned\n1918879 - need better debug for bad pull secrets\n1918958 - The default NMstate instance from the operator is incorrect\n1919097 - Close bracket \")\" missing at the end of the sentence in the UI\n1919231 - quick search modal cut off on smaller screens\n1919259 - Make \"Add x\" singular in Pipeline Builder\n1919260 - VM Template list actions should not wrap\n1919271 - NM prepender script doesn\u0027t support systemd-resolved\n1919341 - Updating ose-jenkins-agent-maven builder \u0026 base images to be consistent with ART\n1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry\n1919379 - dotnet logo out of date\n1919387 - Console login fails with no error when it can\u0027t write to localStorage\n1919396 - A11y Violation: svg-img-alt on Pod Status ring\n1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren\u0027t verified\n1919750 - Search InstallPlans got Minified React error\n1919778 - Upgrade is stuck in insights operator Degraded with \"Source clusterconfig could not be retrieved\" until insights operator pod is manually deleted\n1919823 - OCP 4.7 Internationalization Chinese tranlate issue\n1919851 - Visualization does not render when Pipeline \u0026 Task share same name\n1919862 - The tip information for `oc new-project  --skip-config-write` is wrong\n1919876 - VM created via customize wizard cannot inherit template\u0027s PVC attributes\n1919877 - Click on KSVC breaks with white screen\n1919879 - The toolbox container name is changed from \u0027toolbox-root\u0027  to \u0027toolbox-\u0027 in a chroot environment\n1919945 - user entered name value overridden by default value when selecting a git repository\n1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference\n1919970 - NTO does not update when the tuned profile is updated. \n1919999 - Bump Cluster Resource Operator Golang Versions\n1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration\n1920200 - user-settings network error results in infinite loop of requests\n1920205 - operator-registry e2e tests not working properly\n1920214 - Bump golang to 1.15 in cluster-resource-override-admission\n1920248 - re-running the pipelinerun with pipelinespec crashes the UI\n1920320 - VM template field is \"Not available\" if it\u0027s created from common template\n1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode is `Disk Mode`\n1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs\n1920390 - Monitoring \u003e Metrics graph shifts to the left when clicking the \"Stacked\" option and when toggling data series lines on / off\n1920426 - Egress Router CNI OWNERS file should have ovn-k team members\n1920427 - Need to update `oc login` help page since we don\u0027t support prompt interactively for the username\n1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time\n1920438 - openshift-tuned panics on turning debugging on/off. \n1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn\n1920481 - kuryr-cni pods using unreasonable amount of CPU\n1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof\n1920524 - Topology graph crashes adding Open Data Hub operator\n1920526 - catalog operator causing CPU spikes and bad etcd performance\n1920551 - Boot Order is not editable for Templates in \"openshift\" namespace\n1920555 - bump cluster-resource-override-admission api dependencies\n1920571 - fcp multipath will not recover failed paths automatically\n1920619 - Remove default scheduler profile value\n1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present\n1920674 - MissingKey errors in bindings namespace\n1920684 - Text in language preferences modal is misleading\n1920695 - CI is broken because of bad image registry reference in the Makefile\n1920756 - update generic-admission-server library to get the system:masters authorization optimization\n1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for \"network-check-target\" failed when \"defaultNodeSelector\" is set\n1920771 - i18n: Delete persistent volume claim drop down is not translated\n1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI\n1920912 - Unable to power off BMH from console\n1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by \"2\"\n1920984 - [e2e][automation] some menu items names are out dated\n1921013 - Gather PersistentVolume definition (if any) used in image registry config\n1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior)\n1921087 - \u0027start next quick start\u0027 link doesn\u0027t work and is unintuitive\n1921088 - test-cmd is failing on volumes.sh pretty consistently\n1921248 - Clarify the kubelet configuration cr description\n1921253 - Text filter default placeholder text not internationalized\n1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window\n1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo\n1921277 - Fix Warning and Info log statements to handle arguments\n1921281 - oc get -o yaml --export returns \"error: unknown flag: --export\"\n1921458 - [SDK] Gracefully handle the `run bundle-upgrade` if the lower version operator doesn\u0027t exist\n1921556 - [OCS with Vault]: OCS pods didn\u0027t comeup after deploying with Vault details from UI\n1921572 - For external source (i.e GitHub Source) form view as well shows yaml\n1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass\n1921610 - Pipeline metrics font size inconsistency\n1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1921655 - [OSP] Incorrect error handling during cloudinfo generation\n1921713 - [e2e][automation]  fix failing VM migration tests\n1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view\n1921774 - delete application modal errors when a resource cannot be found\n1921806 - Explore page APIResourceLinks aren\u0027t i18ned\n1921823 - CheckBoxControls not internationalized\n1921836 - AccessTableRows don\u0027t internationalize \"User\" or \"Group\"\n1921857 - Test flake when hitting router in e2e tests due to one router not being up to date\n1921880 - Dynamic plugins are not initialized on console load in production mode\n1921911 - Installer PR #4589 is causing leak of IAM role policy bindings\n1921921 - \"Global Configuration\" breadcrumb does not use sentence case\n1921949 - Console bug - source code URL broken for gitlab self-hosted repositories\n1921954 - Subscription-related constraints in ResolutionFailed events are misleading\n1922015 - buttons in modal header are invisible on Safari\n1922021 - Nodes terminal page \u0027Expand\u0027 \u0027Collapse\u0027 button not translated\n1922050 - [e2e][automation] Improve vm clone tests\n1922066 - Cannot create VM from custom template which has extra disk\n1922098 - Namespace selection dialog is not closed after select a namespace\n1922099 - Updated Readme documentation for QE code review and setup\n1922146 - Egress Router CNI doesn\u0027t have logging support. \n1922267 - Collect specific ADFS error\n1922292 - Bump RHCOS boot images for 4.7\n1922454 - CRI-O doesn\u0027t enable pprof by default\n1922473 - reconcile LSO images for 4.8\n1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace\n1922782 - Source registry missing docker:// in yaml\n1922907 - Interop UI Tests - step implementation for updating feature files\n1922911 - Page crash when click the \"Stacked\" checkbox after clicking the data series toggle buttons\n1922991 - \"verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build\" test fails on OKD\n1923003 - WebConsole Insights widget showing \"Issues pending\" when the cluster doesn\u0027t report anything\n1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources\n1923102 - [vsphere-problem-detector-operator] pod\u0027s version is not correct\n1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot\n1923674 - k8s 1.20 vendor dependencies\n1923721 - PipelineRun running status icon is not rotating\n1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios\n1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator\n1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator\n1923874 - Unable to specify values with % in kubeletconfig\n1923888 - Fixes error metadata gathering\n1923892 - Update arch.md after refactor. \n1923894 - \"installed\" operator status in operatorhub page does not reflect the real status of operator\n1923895 - Changelog generation. \n1923911 - [e2e][automation] Improve tests for vm details page and list filter\n1923945 - PVC Name and Namespace resets when user changes os/flavor/workload\n1923951 - EventSources shows `undefined` in project\n1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins\n1924046 - Localhost: Refreshing on a Project removes it from nav item urls\n1924078 - Topology quick search View all results footer should be sticky. \n1924081 - NTO should ship the latest Tuned daemon release 2.15\n1924084 - backend tests incorrectly hard-code artifacts dir\n1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents  do not have unexpected content using a simple Docker Strategy Build\n1924135 - Under sufficient load, CRI-O may segfault\n1924143 - Code Editor Decorator url is broken for Bitbucket repos\n1924188 - Language selector dropdown doesn\u0027t always pre-select the language\n1924365 - Add extra disk for VM which use boot source PXE\n1924383 - Degraded network operator during upgrade to 4.7.z\n1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box. \n1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can\u0027t set finalizers on\n1924583 - Deprectaed templates are listed in the Templates screen\n1924870 - pick upstream pr#96901: plumb context with request deadline\n1924955 - Images from Private external registry not working in deploy Image\n1924961 - k8sutil.TrimDNS1123Label creates invalid values\n1924985 - Build egress-router-cni for both RHEL 7 and 8\n1925020 - Console demo plugin deployment image shoult not point to dockerhub\n1925024 - Remove extra validations on kafka source form view net section\n1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running\n1925072 - NTO needs to ship the current latest stalld v1.7.0\n1925163 - Missing info about dev catalog in boot source template column\n1925200 - Monitoring Alert icon is missing on the workload in Topology view\n1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1\n1925319 - bash syntax error in configure-ovs.sh script\n1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data\n1925516 - Pipeline Metrics Tooltips are overlapping data\n1925562 - Add new ArgoCD link from GitOps application environments page\n1925596 - Gitops details page image and commit id text overflows past card boundary\n1926556 - \u0027excessive etcd leader changes\u0027 test case failing in serial job because prometheus data is wiped by machine set test\n1926588 - The tarball of operator-sdk is not ready for ocp4.7\n1927456 - 4.7 still points to 4.6 catalog images\n1927500 - API server exits non-zero on 2 SIGTERM signals\n1929278 - Monitoring workloads using too high a priorityclass\n1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api\n1929920 - Cluster monitoring documentation link is broken - 404 not found\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-10103\nhttps://access.redhat.com/security/cve/CVE-2018-10105\nhttps://access.redhat.com/security/cve/CVE-2018-14461\nhttps://access.redhat.com/security/cve/CVE-2018-14462\nhttps://access.redhat.com/security/cve/CVE-2018-14463\nhttps://access.redhat.com/security/cve/CVE-2018-14464\nhttps://access.redhat.com/security/cve/CVE-2018-14465\nhttps://access.redhat.com/security/cve/CVE-2018-14466\nhttps://access.redhat.com/security/cve/CVE-2018-14467\nhttps://access.redhat.com/security/cve/CVE-2018-14468\nhttps://access.redhat.com/security/cve/CVE-2018-14469\nhttps://access.redhat.com/security/cve/CVE-2018-14470\nhttps://access.redhat.com/security/cve/CVE-2018-14553\nhttps://access.redhat.com/security/cve/CVE-2018-14879\nhttps://access.redhat.com/security/cve/CVE-2018-14880\nhttps://access.redhat.com/security/cve/CVE-2018-14881\nhttps://access.redhat.com/security/cve/CVE-2018-14882\nhttps://access.redhat.com/security/cve/CVE-2018-16227\nhttps://access.redhat.com/security/cve/CVE-2018-16228\nhttps://access.redhat.com/security/cve/CVE-2018-16229\nhttps://access.redhat.com/security/cve/CVE-2018-16230\nhttps://access.redhat.com/security/cve/CVE-2018-16300\nhttps://access.redhat.com/security/cve/CVE-2018-16451\nhttps://access.redhat.com/security/cve/CVE-2018-16452\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2019-3884\nhttps://access.redhat.com/security/cve/CVE-2019-5018\nhttps://access.redhat.com/security/cve/CVE-2019-6977\nhttps://access.redhat.com/security/cve/CVE-2019-6978\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-9455\nhttps://access.redhat.com/security/cve/CVE-2019-9458\nhttps://access.redhat.com/security/cve/CVE-2019-11068\nhttps://access.redhat.com/security/cve/CVE-2019-12614\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13225\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15165\nhttps://access.redhat.com/security/cve/CVE-2019-15166\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-15917\nhttps://access.redhat.com/security/cve/CVE-2019-15925\nhttps://access.redhat.com/security/cve/CVE-2019-16167\nhttps://access.redhat.com/security/cve/CVE-2019-16168\nhttps://access.redhat.com/security/cve/CVE-2019-16231\nhttps://access.redhat.com/security/cve/CVE-2019-16233\nhttps://access.redhat.com/security/cve/CVE-2019-16935\nhttps://access.redhat.com/security/cve/CVE-2019-17450\nhttps://access.redhat.com/security/cve/CVE-2019-17546\nhttps://access.redhat.com/security/cve/CVE-2019-18197\nhttps://access.redhat.com/security/cve/CVE-2019-18808\nhttps://access.redhat.com/security/cve/CVE-2019-18809\nhttps://access.redhat.com/security/cve/CVE-2019-19046\nhttps://access.redhat.com/security/cve/CVE-2019-19056\nhttps://access.redhat.com/security/cve/CVE-2019-19062\nhttps://access.redhat.com/security/cve/CVE-2019-19063\nhttps://access.redhat.com/security/cve/CVE-2019-19068\nhttps://access.redhat.com/security/cve/CVE-2019-19072\nhttps://access.redhat.com/security/cve/CVE-2019-19221\nhttps://access.redhat.com/security/cve/CVE-2019-19319\nhttps://access.redhat.com/security/cve/CVE-2019-19332\nhttps://access.redhat.com/security/cve/CVE-2019-19447\nhttps://access.redhat.com/security/cve/CVE-2019-19524\nhttps://access.redhat.com/security/cve/CVE-2019-19533\nhttps://access.redhat.com/security/cve/CVE-2019-19537\nhttps://access.redhat.com/security/cve/CVE-2019-19543\nhttps://access.redhat.com/security/cve/CVE-2019-19602\nhttps://access.redhat.com/security/cve/CVE-2019-19767\nhttps://access.redhat.com/security/cve/CVE-2019-19770\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-19956\nhttps://access.redhat.com/security/cve/CVE-2019-20054\nhttps://access.redhat.com/security/cve/CVE-2019-20218\nhttps://access.redhat.com/security/cve/CVE-2019-20386\nhttps://access.redhat.com/security/cve/CVE-2019-20387\nhttps://access.redhat.com/security/cve/CVE-2019-20388\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20636\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-20812\nhttps://access.redhat.com/security/cve/CVE-2019-20907\nhttps://access.redhat.com/security/cve/CVE-2019-20916\nhttps://access.redhat.com/security/cve/CVE-2020-0305\nhttps://access.redhat.com/security/cve/CVE-2020-0444\nhttps://access.redhat.com/security/cve/CVE-2020-1716\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-1751\nhttps://access.redhat.com/security/cve/CVE-2020-1752\nhttps://access.redhat.com/security/cve/CVE-2020-1971\nhttps://access.redhat.com/security/cve/CVE-2020-2574\nhttps://access.redhat.com/security/cve/CVE-2020-2752\nhttps://access.redhat.com/security/cve/CVE-2020-2922\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3898\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-6405\nhttps://access.redhat.com/security/cve/CVE-2020-7595\nhttps://access.redhat.com/security/cve/CVE-2020-7774\nhttps://access.redhat.com/security/cve/CVE-2020-8177\nhttps://access.redhat.com/security/cve/CVE-2020-8492\nhttps://access.redhat.com/security/cve/CVE-2020-8563\nhttps://access.redhat.com/security/cve/CVE-2020-8566\nhttps://access.redhat.com/security/cve/CVE-2020-8619\nhttps://access.redhat.com/security/cve/CVE-2020-8622\nhttps://access.redhat.com/security/cve/CVE-2020-8623\nhttps://access.redhat.com/security/cve/CVE-2020-8624\nhttps://access.redhat.com/security/cve/CVE-2020-8647\nhttps://access.redhat.com/security/cve/CVE-2020-8648\nhttps://access.redhat.com/security/cve/CVE-2020-8649\nhttps://access.redhat.com/security/cve/CVE-2020-9327\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-10029\nhttps://access.redhat.com/security/cve/CVE-2020-10732\nhttps://access.redhat.com/security/cve/CVE-2020-10749\nhttps://access.redhat.com/security/cve/CVE-2020-10751\nhttps://access.redhat.com/security/cve/CVE-2020-10763\nhttps://access.redhat.com/security/cve/CVE-2020-10773\nhttps://access.redhat.com/security/cve/CVE-2020-10774\nhttps://access.redhat.com/security/cve/CVE-2020-10942\nhttps://access.redhat.com/security/cve/CVE-2020-11565\nhttps://access.redhat.com/security/cve/CVE-2020-11668\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-12465\nhttps://access.redhat.com/security/cve/CVE-2020-12655\nhttps://access.redhat.com/security/cve/CVE-2020-12659\nhttps://access.redhat.com/security/cve/CVE-2020-12770\nhttps://access.redhat.com/security/cve/CVE-2020-12826\nhttps://access.redhat.com/security/cve/CVE-2020-13249\nhttps://access.redhat.com/security/cve/CVE-2020-13630\nhttps://access.redhat.com/security/cve/CVE-2020-13631\nhttps://access.redhat.com/security/cve/CVE-2020-13632\nhttps://access.redhat.com/security/cve/CVE-2020-14019\nhttps://access.redhat.com/security/cve/CVE-2020-14040\nhttps://access.redhat.com/security/cve/CVE-2020-14381\nhttps://access.redhat.com/security/cve/CVE-2020-14382\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-14422\nhttps://access.redhat.com/security/cve/CVE-2020-15157\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-15862\nhttps://access.redhat.com/security/cve/CVE-2020-15999\nhttps://access.redhat.com/security/cve/CVE-2020-16166\nhttps://access.redhat.com/security/cve/CVE-2020-24490\nhttps://access.redhat.com/security/cve/CVE-2020-24659\nhttps://access.redhat.com/security/cve/CVE-2020-25211\nhttps://access.redhat.com/security/cve/CVE-2020-25641\nhttps://access.redhat.com/security/cve/CVE-2020-25658\nhttps://access.redhat.com/security/cve/CVE-2020-25661\nhttps://access.redhat.com/security/cve/CVE-2020-25662\nhttps://access.redhat.com/security/cve/CVE-2020-25681\nhttps://access.redhat.com/security/cve/CVE-2020-25682\nhttps://access.redhat.com/security/cve/CVE-2020-25683\nhttps://access.redhat.com/security/cve/CVE-2020-25684\nhttps://access.redhat.com/security/cve/CVE-2020-25685\nhttps://access.redhat.com/security/cve/CVE-2020-25686\nhttps://access.redhat.com/security/cve/CVE-2020-25687\nhttps://access.redhat.com/security/cve/CVE-2020-25694\nhttps://access.redhat.com/security/cve/CVE-2020-25696\nhttps://access.redhat.com/security/cve/CVE-2020-26160\nhttps://access.redhat.com/security/cve/CVE-2020-27813\nhttps://access.redhat.com/security/cve/CVE-2020-27846\nhttps://access.redhat.com/security/cve/CVE-2020-28362\nhttps://access.redhat.com/security/cve/CVE-2020-29652\nhttps://access.redhat.com/security/cve/CVE-2021-2007\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T\nlmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H\nEmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8\n4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4\nmWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL\nISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy\nAe5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk\n4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM\nuR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG\nkrzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv\nRjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6\nMcvuEaxco7U=\n=sw8i\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection\n1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape\n\n5. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 6 packages\nthat are part of the JBoss Core Services offering. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module\n1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values\n1916813 - CVE-2021-20191 ansible: multiple modules expose secured values\n1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option\n1939349 - CVE-2021-3447 ansible: multiple modules expose secured values\n\n5. ==========================================================================\nUbuntu Security Notice USN-4662-1\nDecember 08, 2020\n\nopenssl, openssl1.0 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nOpenSSL could be made to crash if it processed specially crafted input. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n  libssl1.1                       1.1.1f-1ubuntu4.1\n\nUbuntu 20.04 LTS:\n  libssl1.1                       1.1.1f-1ubuntu2.1\n\nUbuntu 18.04 LTS:\n  libssl1.0.0                     1.0.2n-1ubuntu5.5\n  libssl1.1                       1.1.1-1ubuntu2.1~18.04.7\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.18\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. 7) - aarch64, ppc64le, s390x\n\n3. \n\nThis issue was reported to OpenSSL on 9th November 2020 by David Benjamin\n(Google). Initial analysis was performed by David Benjamin with additional\nanalysis by Matt Caswell (OpenSSL). The fix was developed by Matt Caswell. \n\nNote\n====\n\nOpenSSL 1.0.2 is out of support and no longer receiving public updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20201208.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1971"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009865"
      },
      {
        "db": "VULHUB",
        "id": "VHN-173115"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1971"
      },
      {
        "db": "PACKETSTORM",
        "id": "160654"
      },
      {
        "db": "PACKETSTORM",
        "id": "160644"
      },
      {
        "db": "PACKETSTORM",
        "id": "161546"
      },
      {
        "db": "PACKETSTORM",
        "id": "161727"
      },
      {
        "db": "PACKETSTORM",
        "id": "161382"
      },
      {
        "db": "PACKETSTORM",
        "id": "162142"
      },
      {
        "db": "PACKETSTORM",
        "id": "160414"
      },
      {
        "db": "PACKETSTORM",
        "id": "160651"
      },
      {
        "db": "PACKETSTORM",
        "id": "169642"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-1971",
        "trust": 3.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-10",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-09",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2020-11",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-389290",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/09/14/2",
        "trust": 1.1
      },
      {
        "db": "PULSESECURE",
        "id": "SA44676",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU91053554",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91198149",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU90348129",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-046-02",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-336-06",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009865",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "160644",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161382",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161727",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "160654",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "160651",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162142",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "160414",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "160605",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161003",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161388",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161525",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160916",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160499",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161379",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162130",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160636",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161004",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161387",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160638",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160569",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160704",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161916",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161389",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160523",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161390",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160961",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160561",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160639",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161011",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160882",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-173115",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1971",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161546",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169642",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-173115"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1971"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009865"
      },
      {
        "db": "PACKETSTORM",
        "id": "160654"
      },
      {
        "db": "PACKETSTORM",
        "id": "160644"
      },
      {
        "db": "PACKETSTORM",
        "id": "161546"
      },
      {
        "db": "PACKETSTORM",
        "id": "161727"
      },
      {
        "db": "PACKETSTORM",
        "id": "161382"
      },
      {
        "db": "PACKETSTORM",
        "id": "162142"
      },
      {
        "db": "PACKETSTORM",
        "id": "160414"
      },
      {
        "db": "PACKETSTORM",
        "id": "160651"
      },
      {
        "db": "PACKETSTORM",
        "id": "169642"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1971"
      }
    ]
  },
  "id": "VAR-202012-1527",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-173115"
      }
    ],
    "trust": 0.44999999999999996
  },
  "last_update_date": "2024-07-23T19:19:40.435000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "hitachi-sec-2023-126",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/f960d81215ebf3f65e03d4d5d857fb9b666d6920"
      },
      {
        "title": "Red Hat: Low: Red Hat JBoss Web Server 3.1 Service Pack 11 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210491 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205422 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210056 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205640 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205639 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205642 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205588 - security advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat JBoss Web Server 3.1 Service Pack 11 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210489 - security advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210488 - security advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210486 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205637 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205476 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205566 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205641 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205623 - security advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-4807-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=3bd12ad190825227a63dd6fa019b384e"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1456",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1456"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.4.1 Security Update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210494 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.4.1 Security Update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210495 - security advisory"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202012-24] openssl: denial of service",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202012-24"
      },
      {
        "title": "IBM: Security Bulletin: Vulnerability in Fabric OS used by IBM b-type SAN directors and switches.",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d1909a4b2d683c22ce1b861676950187"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2020-1573",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1573"
      },
      {
        "title": "IBM: Security Bulletin: z/TPF is affected by an OpenSSL vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=96f04546c2e8544a0cc0bdb9c9cff51b"
      },
      {
        "title": "IBM: Security Bulletin:  Vulnerability in OpenSSL affects IBM Integrated Analytics System",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=280f45996e27a28446f71e76b35820ac"
      },
      {
        "title": "IBM: Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to a denial of service vulnerability (CVE-2020-1971)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ceec38a4be2281800c7fde6f0ec38787"
      },
      {
        "title": "Red Hat: Important: Red Hat Ceph Storage 4.2 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210083 - security advisory"
      },
      {
        "title": "IBM: Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data \u00e2\u20ac\u201c OpenSSL",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c6da717c9ae4244c7a1befa91a3a66b0"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2020-1971 log"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Virtualization 2.5.3 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210187 - security advisory"
      },
      {
        "title": "IBM: Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2020-1971, CVE-2021-23840, CVE-2021-23841)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a027ad7ae5a4bc5a118b5baf7f42aa8c"
      },
      {
        "title": "Red Hat: Important: OpenShift Container Platform 4.6.9 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205614 - security advisory"
      },
      {
        "title": "IBM: Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js vulnerabilities (CVE-2020-1971,  CVE-2020-8265, and CVE-2020-8287)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8cc5ff875578b52e2a6a6ad258f01034"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.6.12 extras and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210039 - security advisory"
      },
      {
        "title": "IBM: Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to multiple denial of service and HTTP request smuggling vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=eddc867c302ff9f5218add2962e3491b"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210607 - security advisory"
      },
      {
        "title": "Hitachi Security Advisories: Vulnerability in JP1/Automatic Job Management System 3",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-116"
      },
      {
        "title": "Tenable Security Advisories: [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2020-11"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.6.12 bug fix and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210037 - security advisory"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus Agent 8.2.2 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2020-13"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus 8.13.1 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2020-12"
      },
      {
        "title": "Red Hat: Moderate: Release of OpenShift Serverless 1.12.0",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210146 - security advisory"
      },
      {
        "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-119"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-09"
      },
      {
        "title": "Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-10"
      },
      {
        "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2023-126"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Quay v3.3.3 bug fix and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210050 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210190 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210436 - security advisory"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
      },
      {
        "title": "CVE-2020-1971",
        "trust": 0.1,
        "url": "https://github.com/mbhudson/cve-2020-1971 "
      },
      {
        "title": "tools",
        "trust": 0.1,
        "url": "https://github.com/scott-leung/tools "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-1971"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009865"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.1
      },
      {
        "problemtype": "NULL Pointer dereference (CWE-476) [IPA evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-173115"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009865"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1971"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
      },
      {
        "trust": 1.2,
        "url": "https://www.openssl.org/news/secadv/20201208.txt"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44676"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20201218-0005/"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2020-11"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2021-09"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2021-10"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2020/dsa-4807"
      },
      {
        "trust": 1.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-20:33.openssl.asc"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/202012-13"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3ccommits.pulsar.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dgsi34y5lq5ryxn4m2i5zqt65lfvdouu/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pwpssznzobju2yr6z4tghxkyw3yp5qg7/"
      },
      {
        "trust": 1.0,
        "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu91053554"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu90348129/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91198149/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2020/at200048.html"
      },
      {
        "trust": 0.8,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-336-06"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-02"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-1971"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-8177"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-20907"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-20388"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-7595"
      },
      {
        "trust": 0.3,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-19956"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-15903"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-20843"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-16166"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-15862"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14422"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-15999"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-17546"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-12749"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-12401"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-20228"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-17006"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11719"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-17023"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-6829"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-14866"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-12403"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11756"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-12243"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-12400"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-20191"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11727"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-20180"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-20178"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-17498"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-12402"
      },
      {
        "trust": 0.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e"
      },
      {
        "trust": 0.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pwpssznzobju2yr6z4tghxkyw3yp5qg7/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dgsi34y5lq5ryxn4m2i5zqt65lfvdouu/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3ccommits.pulsar.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5614"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5615"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15862"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16166"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5641"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19770"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11668"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25662"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16300"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14466"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-10105"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25684"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13050"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24490"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-2007"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9925"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15166"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19072"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9802"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8649"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26160"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12655"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16230"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9458"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9895"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8625"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13225"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13249"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27846"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19068"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15165"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20636"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15925"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14382"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8812"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18808"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3899"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18809"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8819"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10103"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14467"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14469"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16229"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8720"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9893"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19221"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14553"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3902"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14465"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14882"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20054"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8623"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16227"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12826"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18197"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1751"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3900"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25683"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25211"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14461"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19602"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14881"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9805"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14464"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8820"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9807"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8769"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8813"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25661"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9850"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14463"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10749"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25641"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6977"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8811"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8647"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16228"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16168"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9803"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15917"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9862"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24659"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10774"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14469"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7774"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9327"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10105"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14880"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3885"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17450"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15503"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16935"
      },
      {
        "trust": 0.1,
        "url": "https://\u0027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14461"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20916"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0305"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5018"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12659"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1716"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10018"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20812"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5633"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14468"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15157"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6978"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25658"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0444"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8764"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14466"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8844"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16233"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14882"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1730"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16452"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3864"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16227"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25694"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14464"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19906"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14553"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2752"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16230"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20386"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20387"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14391"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14468"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14467"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14462"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3862"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14880"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25682"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14881"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2574"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3901"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10751"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16300"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3884"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10763"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8823"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14462"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1752"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16229"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10942"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8622"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3895"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19062"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8492"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11793"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20454"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19046"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12465"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25696"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9894"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25685"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8816"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16231"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9843"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-6405"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16451"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3897"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-10103"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16228"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9806"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19056"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19524"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14463"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8814"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14889"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8648"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12770"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8743"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3121"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19533"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9915"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25686"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8815"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19537"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2922"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13632"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25687"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16167"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10029"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16451"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8783"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9455"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20807"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11565"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13630"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19332"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12614"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14040"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14019"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14470"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25681"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19063"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14470"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27813"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14465"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11068"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19319"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8563"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10732"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13631"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16452"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8846"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3868"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3894"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8782"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3898"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5634"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10878"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20253"
      },
      {
        "trust": 0.1,
        "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11023"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0778"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12723"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5766"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20372"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35678"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0488"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.openssl\u0026downloadtype=securitypatches\u0026version=1.1.1c"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1079"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8625"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-12652"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3156"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3447"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5313"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5188"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15999"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5094"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14973"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-5313"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4662-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.7"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.18"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5642"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/support/contracts.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-173115"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009865"
      },
      {
        "db": "PACKETSTORM",
        "id": "160654"
      },
      {
        "db": "PACKETSTORM",
        "id": "160644"
      },
      {
        "db": "PACKETSTORM",
        "id": "161546"
      },
      {
        "db": "PACKETSTORM",
        "id": "161727"
      },
      {
        "db": "PACKETSTORM",
        "id": "161382"
      },
      {
        "db": "PACKETSTORM",
        "id": "162142"
      },
      {
        "db": "PACKETSTORM",
        "id": "160414"
      },
      {
        "db": "PACKETSTORM",
        "id": "160651"
      },
      {
        "db": "PACKETSTORM",
        "id": "169642"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1971"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-173115"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1971"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009865"
      },
      {
        "db": "PACKETSTORM",
        "id": "160654"
      },
      {
        "db": "PACKETSTORM",
        "id": "160644"
      },
      {
        "db": "PACKETSTORM",
        "id": "161546"
      },
      {
        "db": "PACKETSTORM",
        "id": "161727"
      },
      {
        "db": "PACKETSTORM",
        "id": "161382"
      },
      {
        "db": "PACKETSTORM",
        "id": "162142"
      },
      {
        "db": "PACKETSTORM",
        "id": "160414"
      },
      {
        "db": "PACKETSTORM",
        "id": "160651"
      },
      {
        "db": "PACKETSTORM",
        "id": "169642"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1971"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-12-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-173115"
      },
      {
        "date": "2020-12-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-1971"
      },
      {
        "date": "2020-12-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-009865"
      },
      {
        "date": "2020-12-21T20:24:33",
        "db": "PACKETSTORM",
        "id": "160654"
      },
      {
        "date": "2020-12-21T17:38:24",
        "db": "PACKETSTORM",
        "id": "160644"
      },
      {
        "date": "2021-02-25T15:29:25",
        "db": "PACKETSTORM",
        "id": "161546"
      },
      {
        "date": "2021-03-09T16:25:11",
        "db": "PACKETSTORM",
        "id": "161727"
      },
      {
        "date": "2021-02-11T15:19:41",
        "db": "PACKETSTORM",
        "id": "161382"
      },
      {
        "date": "2021-04-09T15:06:13",
        "db": "PACKETSTORM",
        "id": "162142"
      },
      {
        "date": "2020-12-09T16:09:14",
        "db": "PACKETSTORM",
        "id": "160414"
      },
      {
        "date": "2020-12-21T20:17:29",
        "db": "PACKETSTORM",
        "id": "160651"
      },
      {
        "date": "2020-12-08T12:12:12",
        "db": "PACKETSTORM",
        "id": "169642"
      },
      {
        "date": "2020-12-08T16:15:11.730000",
        "db": "NVD",
        "id": "CVE-2020-1971"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-173115"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-1971"
      },
      {
        "date": "2024-02-19T06:01:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-009865"
      },
      {
        "date": "2024-06-21T19:15:16.170000",
        "db": "NVD",
        "id": "CVE-2020-1971"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "160414"
      }
    ],
    "trust": 0.1
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL\u00a0 In \u00a0NULL\u00a0 Pointer reference vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009865"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "overflow, memory leak",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "161546"
      }
    ],
    "trust": 0.1
  }
}

var-201404-0592
Vulnerability from variot

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. OpenSSL of heartbeat An information disclosure vulnerability exists in the implementation of the extension. TLS And DTLS In communication OpenSSL The memory contents of the process executing this code may be leaked to the communication partner.An important information such as a private key may be obtained by a remote third party. LibYAML is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly sanitize user-supplied input. Successful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions. Versions prior to LibYAML 0.1.6 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04267749

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04267749 Version: 3

HPSBMU03024 rev.3 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-04-30 Last Updated: 2014-06-06

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP System Management Homepage (SMH) running on Linux and Windows and HP Systems Insight Manager (SIM), components of HP Insight Control server deployment.

Insight Control server deployment packages HP System Management Homepage (SMH) and HP Systems Insight Manager (SIM) and can deploy them through the below list of items. This bulletin will give you the information needed to update your HP Insight Control server deployment solution.

Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64

References: CVE-2014-0160 (SSRT101538)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided update v7.3.1 to HP Insight Control server deployment to resolve this vulnerability. HP has provided manual update steps if version upgrading is not possible.

Upgrade to HP Insight Control server deployment v7.3.1 (available at http://www.hp.com/go/insightupdates ) to remove the heartbleed vulnerability from Insight Control server deployment and its components.

Note: It is important to check your current running version of HP Insight Control server deployment, in order to follow the correct steps listed below.

If HP Insight Control server deployment cannot be upgraded to v7.3.1, then users of v7.1.2, v7.2.0, and v7.2.1 should take the following steps to remove this vulnerability. For HP Insight Control server deployment v7.2.2 users must upgrade to v7.3.1 to remove the vulnerability.

To address the vulnerability in an initial installation of HP Insight Control server deployment v7.1.2, v7.2.0, and v7.2.1, only follow steps 1 through Step 3 of the following procedure, before initiating an operating system deployment.

To address the vulnerability in a previous installation of HP Insight Control server deployment v7.1.2, v7.2.0, and v7.2.1 follow all steps in the following procedure.

Delete the smhamd64-.exe/smhx86-.exe" from Component Copy Location listed in the following table, row 1,2,3,4. Delete the affected hpsmh-7.*.rpm" from Component Copy Location listed in the following table, row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location suggested in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location

1 http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52 smhx86-cp023242.exe \express\hpfeatures\hpagents-ws\components\Win2003

2 http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37 smhamd64-cp023243.exe \express\hpfeatures\hpagents-ws\components\Win2003

3 http://www.hp.com/swpublishing/MTX-37075daeead2433cb41b59ae76 smhamd64-cp023341.exe \express\hpfeatures\hpagents-ws\components\Win2008

4 http://www.hp.com/swpublishing/MTX-27e03b2f9cd24e77adc9dba94a smhx86-cp023340.exe \express\hpfeatures\hpagents-ws\components\Win2008

5 http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components \express\hpfeatures\hpagents-sles10-x64\components \express\hpfeatures\hpagents-rhel5-x64\components \express\hpfeatures\hpagents-rhel6-x64\components

Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 on targets running Windows. Refer to the System Management Homepage security bulletin HPSBMU02998 for steps to take after SMH is updated to a version that is not impacted by Heartbleed, such as changing SMH passwords, and revoking SMH certificates if imported into HP Systems Insight Manager (two-way trust feature).

If you have HP Systems Insight Manager versions v7.3 or v7.3.1 installed, refer to security bulletin HPSBMU03022

Related security bulletins:

For System Management Homepage please see Security bulletin HPSBMU02998 https ://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04 239372

For Systems Insight Manager please see Security bulletin HPSBMU03022 https:// h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04263 236

HISTORY Version:1 (rev.1) - 30 April 2014 Initial release Version:2 (rev.2) - 2 May 2014 Updated Resolution Table Row 3 and 4 link and name information Version:3 (rev.3) - 6 April 2014 Added option to upgrade to v7.3.1

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlOR3lEACgkQ4B86/C0qfVlZrgCdE3wSSfWQe3QkqfQiVW2yNdIt sYEAoIciZoT8/ObR6QkE8OXUt0aiwCtA =NR0f -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3

AirPort Base Station Firmware Update 7.7.3 is now available and addresses the following:

Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged network position may obtain memory contents Description: An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets. An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue. CVE-ID CVE-2014-0160 : Riku, Antti, and Matti of Codenomicon and Neel Mehta of Google Security

Installation note for Firmware version 7.7.3

Firmware version 7.7.3 is installed on AirPort Extreme or AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS.

Use AirPort Utility 6.3.1 or later on OS X, or AirPort Utility 1.3.1 or later on iOS to upgrade to Firmware version 7.7.3.

AirPort Utility for Mac is a free download from http://www.apple.com/support/downloads/ and AirPort Utility for iOS is a free download from the App Store. This bulletin will be revised when the software updates are released.

Until the software updates are available, HP recommends restricting administrative access to the MSA on a secure and isolated private management network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2015:062 http://www.mandriva.com/en/support/security/

Package : openssl Date : March 27, 2015 Affected: Business Server 2.0

Problem Description:

Multiple vulnerabilities has been discovered and corrected in openssl:

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298).

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (CVE-2014-0198).

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221).

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470).

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message (CVE-2014-3513).

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).

Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure (CVE-2014-3567).

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c (CVE-2014-3571).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).

Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection (CVE-2015-0206).

Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209).

The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature (CVE-2015-0286).

The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287).

The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (CVE-2015-0288).

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293).

The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt

Updated Packages:

Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201404-07

                                        http://security.gentoo.org/

Severity: Normal Title: OpenSSL: Information Disclosure Date: April 08, 2014 Bugs: #505278, #507074 ID: 201404-07

Synopsis

Multiple Information Disclosure vulnerabilities in OpenSSL allow remote attackers to obtain sensitive information via various vectors.

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. * The Montgomery ladder implementation of OpenSSL improperly handles swap operations (CVE-2014-0076).

Impact

A remote attacker could exploit these issues to disclose information, including private keys or other sensitive information, or perform side-channel attacks to obtain ECDSA nonces.

Workaround

Disabling the tls-heartbeat USE flag (enabled by default) provides a workaround for the CVE-2014-0160 issue.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1g"

Note: All services using OpenSSL to provide TLS connections have to be restarted for the update to take effect. Utilities like app-admin/lib_users can aid in identifying programs using OpenSSL.

As private keys may have been compromised using the Heartbleed attack, it is recommended to regenerate them.

References

[ 1 ] CVE-2014-0076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0076 [ 2 ] CVE-2014-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160 [ 3 ] Heartbleed bug website http://heartbleed.com/

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201404-07.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz: Upgraded. This update fixes two security issues: A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley agl@chromium.org and Bodo Moeller bmoeller@acm.org for preparing the fix. Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 ( Security fix ) patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1g-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1g-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1g-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1g-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1g-i486-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1g-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1g-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 packages: 5467a62ebfbe9a9bfff64dcc4cfcdf7d openssl-1.0.1g-i486-1_slack14.0.txz bdadd9920f2ce6fe4a0a7bd0d96f99df openssl-solibs-1.0.1g-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 11ede2992e2b5d15bd3ffc5807571350 openssl-1.0.1g-x86_64-1_slack14.0.txz 858ea6409aab45a67a880458ce48f923 openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 8638083d9768ffcc4b7c597806ca634c openssl-1.0.1g-i486-1_slack14.1.txz 4d9dfe9db9e1f286ead72fc60971807b openssl-solibs-1.0.1g-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: d85f8f451f71dd606f3adb59e582322a openssl-1.0.1g-x86_64-1_slack14.1.txz 43ff4bbfe26f99e7a3b9145146d191a0 openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz

Slackware -current packages: 265a66855320207d4a7567ac5ae9a747 a/openssl-solibs-1.0.1g-i486-1.txz bf07a4b17f1c78a4081e2cfb711b8748 n/openssl-1.0.1g-i486-1.txz

Slackware x86_64 -current packages: 27e5135d764bd87bdb784b288e416b22 a/openssl-solibs-1.0.1g-x86_64-1.txz 5ef747eed99ac34102b34d8d0eaed3a8 n/openssl-1.0.1g-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1g-i486-1_slack14.1.txz openssl-solibs-1.0.1g-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. There are no workarounds that mitigate these vulnerabilities. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software.

References: CVE-2014-0160 (SSRT101499)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Each bulletin will include a patch and/or mitigation guideline.

Note: OpenSSL is an external product embedded in HP products.

Bulletin Applicability:

This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide.

To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html .

Software updates are available from HP Software Support Online at http://support.openview.hp.com/downloads.jsp

HISTORY Version:1 (rev.1) - 11 April 2014 Initial release Version:2 (rev.2) - 13 April 2014 Added HP UCMDB Configuration Manager as impacted, updated HP UCMDB Browser impacted versions Version:3 (rev.3) - 17 April 2014 Added HP Software Autonomy WorkSite Server as impacted

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0592",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mivoice",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "1.4.0.102"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "13.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "micollab",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "6.0"
      },
      {
        "model": "gluster storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mivoice",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "1.3.2.2"
      },
      {
        "model": "symantec messaging gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "10.6.1"
      },
      {
        "model": "mivoice",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "1.2.0.11"
      },
      {
        "model": "micollab",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "7.2"
      },
      {
        "model": "cp 1543-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "v100",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intellian",
        "version": "1.20"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "19"
      },
      {
        "model": "s9922l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ricon",
        "version": "16.10.3\\(3794\\)"
      },
      {
        "model": "micollab",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "7.3.0.104"
      },
      {
        "model": "v100",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intellian",
        "version": "1.21"
      },
      {
        "model": "micollab",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "7.3"
      },
      {
        "model": "micollab",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "7.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "12.3"
      },
      {
        "model": "elan-8.2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.3.3"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "mivoice",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "1.1.3.3"
      },
      {
        "model": "symantec messaging gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "10.6.0"
      },
      {
        "model": "splunk",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "6.0.3"
      },
      {
        "model": "wincc open architecture",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.12"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "micollab",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "application processing engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "20"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "mivoice",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "1.1.2.5"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "simatic s7-1500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "v100",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intellian",
        "version": "1.24"
      },
      {
        "model": "simatic s7-1500t",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.10"
      },
      {
        "model": "splunk",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "6.0.0"
      },
      {
        "model": "v60",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intellian",
        "version": "1.15"
      },
      {
        "model": "storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "filezilla",
        "version": "0.9.44"
      },
      {
        "model": "v60",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intellian",
        "version": "1.25"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1 from  1.0.1f"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4 for x86"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4 for x86_64"
      },
      {
        "model": "office",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cybozu",
        "version": "10.1.0"
      },
      {
        "model": "mailwise",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cybozu",
        "version": "5.1.4"
      },
      {
        "model": "hp tippingpoint",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "ngfw  1.0.1"
      },
      {
        "model": "hp tippingpoint",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "ngfw  1.0.2"
      },
      {
        "model": "hp tippingpoint",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "ngfw  1.0.3"
      },
      {
        "model": "hp tippingpoint",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "ngfw  1.1.0_4127"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.3"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.2"
      },
      {
        "model": "libyaml",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pyyaml",
        "version": "0.1.6"
      },
      {
        "model": "puppet enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.2.2"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "chef",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "opscode",
        "version": "1.4.9"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.8.0"
      },
      {
        "model": "chef",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opscode",
        "version": "1.4.8"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "13.10"
      },
      {
        "model": "puppet enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.8.6"
      },
      {
        "model": "patterson psych",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "aaron",
        "version": "2.0.5"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "common for rhel server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "libyaml",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pyyaml",
        "version": "0.1.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.2"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "libyaml",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pyyaml",
        "version": "0.1.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.10"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.0"
      },
      {
        "model": "patterson psych",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aaron",
        "version": "2.0.4"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.0.2"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.0.1"
      },
      {
        "model": "chef",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "opscode",
        "version": "11.1.3"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1.2"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.5.1"
      },
      {
        "model": "libyaml",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pyyaml",
        "version": "0.1.2"
      },
      {
        "model": "libyaml",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pyyaml",
        "version": "0.0.1"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.0.3"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1.1"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.8.4"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "chef",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opscode",
        "version": "11.1.2"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7"
      },
      {
        "model": "openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "libyaml",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pyyaml",
        "version": "0.1.4"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.8.3"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.1"
      },
      {
        "model": "chef",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "opscode",
        "version": "11.0.12"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "software collections for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "160"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.0.1"
      },
      {
        "model": "libyaml",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pyyaml",
        "version": "0.1.5"
      },
      {
        "model": "chef",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opscode",
        "version": "11.0.11"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "0"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.8.2"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "66478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001920"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.1g",
                "versionStartIncluding": "1.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.44",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:elan-8.2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.3.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intellian:v100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intellian:v60:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricon:s9922l_firmware:16.10.3\\(3794\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricon:s9922l:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "126993"
      },
      {
        "db": "PACKETSTORM",
        "id": "126785"
      },
      {
        "db": "PACKETSTORM",
        "id": "126161"
      },
      {
        "db": "PACKETSTORM",
        "id": "126458"
      },
      {
        "db": "PACKETSTORM",
        "id": "126203"
      },
      {
        "db": "PACKETSTORM",
        "id": "126450"
      },
      {
        "db": "PACKETSTORM",
        "id": "126236"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2014-0160",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2014-001920",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-0160",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-0160",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2014-001920",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-0160",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001920"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. OpenSSL of heartbeat An information disclosure vulnerability exists in the implementation of the extension. TLS And DTLS In communication OpenSSL The memory contents of the process executing this code may be leaked to the communication partner.An important information such as a private key may be obtained by a remote third party. LibYAML is prone to a remote heap-based buffer-overflow vulnerability because  it fails to properly sanitize user-supplied input. \nSuccessful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions. \nVersions prior to LibYAML 0.1.6 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04267749\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04267749\nVersion: 3\n\nHPSBMU03024 rev.3 - HP Insight Control Server Deployment on Linux and Windows\nrunning OpenSSL with System Management Homepage and Systems Insight Manager,\nRemote Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-04-30\nLast Updated: 2014-06-06\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP System\nManagement Homepage (SMH) running on Linux and Windows and HP Systems Insight\nManager (SIM), components of HP Insight Control server deployment. \n\nInsight Control server deployment packages HP System Management Homepage\n(SMH) and HP Systems Insight Manager (SIM) and can deploy them through the\nbelow list of items. This bulletin will give you the information needed to\nupdate your HP Insight Control server deployment solution. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\n\nReferences: CVE-2014-0160 (SSRT101538)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-0160    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided update v7.3.1 to HP Insight Control server deployment to\nresolve this vulnerability. HP has provided manual update steps if version\nupgrading is not possible. \n\nUpgrade to HP Insight Control server deployment v7.3.1 (available at\nhttp://www.hp.com/go/insightupdates ) to remove the heartbleed vulnerability\nfrom Insight Control server deployment and its components. \n\nNote: It is important to check your current running version of HP Insight\nControl server deployment, in order to follow the correct steps listed below. \n\nIf HP Insight Control server deployment cannot be upgraded to v7.3.1, then\nusers of v7.1.2, v7.2.0, and v7.2.1 should take the following steps to remove\nthis vulnerability. For HP Insight Control server deployment v7.2.2 users\nmust upgrade to v7.3.1 to remove the vulnerability. \n\nTo address the vulnerability in an initial installation of HP Insight Control\nserver deployment v7.1.2, v7.2.0, and v7.2.1, only follow steps 1 through\nStep 3 of the following procedure, before initiating an operating system\ndeployment. \n\nTo address the vulnerability in a previous installation of HP Insight Control\nserver deployment v7.1.2, v7.2.0, and v7.2.1 follow all steps in the\nfollowing procedure. \n\nDelete the smhamd64-*.exe/smhx86-*.exe\" from Component Copy Location listed\nin the following table, row 1,2,3,4. \nDelete the affected hpsmh-7.*.rpm\" from Component Copy Location listed in the\nfollowing table, row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nsuggested in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52\n smhx86-cp023242.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\n2\n http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37\n smhamd64-cp023243.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\n3\n http://www.hp.com/swpublishing/MTX-37075daeead2433cb41b59ae76\n smhamd64-cp023341.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-27e03b2f9cd24e77adc9dba94a\n smhx86-cp023340.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\nInitiate Install HP Management Agents for SLES 11 x64 on targets running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on targets running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL\n6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL\n5 x64. \nInitiate Install HP Management Agents for Windows x86/x64 on targets running\nWindows. \nRefer to the System Management Homepage security bulletin HPSBMU02998 for\nsteps to take after SMH is updated to a version that is not impacted by\nHeartbleed, such as changing SMH passwords, and revoking SMH certificates if\nimported into HP Systems Insight Manager (two-way trust feature). \n\nIf you have HP Systems Insight Manager versions v7.3 or v7.3.1 installed,\nrefer to security bulletin HPSBMU03022\n\nRelated security bulletins:\n\nFor System Management Homepage please see Security bulletin HPSBMU02998 https\n://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04\n239372\n\nFor Systems Insight Manager please see Security bulletin HPSBMU03022 https://\nh20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04263\n236\n\nHISTORY\nVersion:1 (rev.1) - 30 April 2014 Initial release\nVersion:2 (rev.2) - 2 May 2014 Updated Resolution Table Row 3 and 4 link and\nname information\nVersion:3 (rev.3) - 6 April 2014 Added option to upgrade to v7.3.1\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlOR3lEACgkQ4B86/C0qfVlZrgCdE3wSSfWQe3QkqfQiVW2yNdIt\nsYEAoIciZoT8/ObR6QkE8OXUt0aiwCtA\n=NR0f\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3\n\nAirPort Base Station Firmware Update 7.7.3 is now available and\naddresses the following:\n\nAvailable for:\nAirPort Extreme and AirPort Time Capsule base stations with 802.11ac\nImpact:  An attacker in a privileged network position may obtain\nmemory contents\nDescription:  An out-of-bounds read issue existed in the OpenSSL\nlibrary when handling TLS heartbeat extension packets. An attacker in\na privileged network position could obtain information from process\nmemory. This issue was addressed through additional bounds checking. \nOnly AirPort Extreme and AirPort Time Capsule base stations with\n802.11ac are affected, and only if they have Back to My Mac or Send\nDiagnostics enabled. Other AirPort base stations are not impacted by\nthis issue. \nCVE-ID\nCVE-2014-0160 : Riku, Antti, and Matti of Codenomicon and Neel Mehta\nof Google Security\n\n\nInstallation note for Firmware version 7.7.3\n\nFirmware version 7.7.3 is installed on AirPort Extreme or AirPort\nTime Capsule base stations with 802.11ac using AirPort Utility for\nMac or iOS. \n\nUse AirPort Utility 6.3.1 or later on OS X, or AirPort Utility 1.3.1\nor later on iOS to upgrade to Firmware version 7.7.3. \n\nAirPort Utility for Mac is a free download from\nhttp://www.apple.com/support/downloads/ and AirPort Utility for iOS\nis a free download from the App Store. This bulletin will be revised when the\nsoftware updates are released. \n\nUntil the software updates are available, HP recommends restricting\nadministrative access to the MSA on a secure and isolated private management\nnetwork. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2015:062\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : openssl\n Date    : March 27, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in openssl:\n \n Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows\n remote attackers to inject data across sessions or cause a denial of\n service (use-after-free and parsing error) via an SSL connection in\n a multithreaded environment (CVE-2010-5298). \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g,\n when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a\n buffer pointer during certain recursive calls, which allows remote\n attackers to cause a denial of service (NULL pointer dereference\n and application crash) via vectors that trigger an alert condition\n (CVE-2014-0198). \n \n The dtls1_get_message_fragment function in d1_both.c in OpenSSL before\n 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote\n attackers to cause a denial of service (recursion and client crash)\n via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221). \n \n The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL\n before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when\n an anonymous ECDH cipher suite is used, allows remote attackers to\n cause a denial of service (NULL pointer dereference and client crash)\n by triggering a NULL certificate value (CVE-2014-3470). \n \n Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1\n before 1.0.1j allows remote attackers to cause a denial of service\n (memory consumption) via a crafted handshake message (CVE-2014-3513). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL\n before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows\n remote attackers to cause a denial of service (memory consumption)\n via a crafted session ticket that triggers an integrity-check failure\n (CVE-2014-3567). \n \n The ssl23_get_client_hello function in s23_srvr.c in OpenSSL\n 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to\n use unsupported protocols, which allows remote attackers to cause a\n denial of service (NULL pointer dereference and daemon crash) via\n an unexpected handshake, as demonstrated by an SSLv3 handshake to\n a no-ssl3 application with certain error handling. NOTE: this issue\n became relevant after the CVE-2014-3568 fix (CVE-2014-3569). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n allows remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a crafted DTLS message that\n is processed with a different read operation for the handshake header\n than for the handshake body, related to the dtls1_get_record function\n in d1_pkt.c and the ssl3_read_n function in s3_pkt.c (CVE-2014-3571). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL\n 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers\n to cause a denial of service (memory consumption) by sending many\n duplicate records for the next epoch, leading to failure of replay\n detection (CVE-2015-0206). \n \n Use-after-free vulnerability in the d2i_ECPrivateKey function in\n crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r,\n 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote\n attackers to cause a denial of service (memory corruption and\n application crash) or possibly have unspecified other impact via a\n malformed Elliptic Curve (EC) private-key file that is improperly\n handled during import (CVE-2015-0209). \n \n The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before\n 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before\n 1.0.2a does not properly perform boolean-type comparisons, which allows\n remote attackers to cause a denial of service (invalid read operation\n and application crash) via a crafted X.509 certificate to an endpoint\n that uses the certificate-verification feature (CVE-2015-0286). \n \n The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a does not reinitialize CHOICE and ADB data structures,\n which might allow attackers to cause a denial of service (invalid\n write operation and memory corruption) by leveraging an application\n that relies on ASN.1 structure reuse (CVE-2015-0287). \n \n The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a might allow attackers to cause a denial of service\n (NULL pointer dereference and application crash) via an invalid\n certificate key (CVE-2015-0288). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote\n attackers to cause a denial of service (s2_lib.c assertion failure and\n daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599  mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f  mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b  mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a  mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784  mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1  mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201404-07\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Information Disclosure\n     Date: April 08, 2014\n     Bugs: #505278, #507074\n       ID: 201404-07\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple Information Disclosure vulnerabilities in OpenSSL allow remote\nattackers to obtain sensitive information via various vectors. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n* The Montgomery ladder implementation of OpenSSL improperly handles\n  swap operations (CVE-2014-0076). \n\nImpact\n======\n\nA remote attacker could exploit these issues to disclose information,\nincluding private keys or other sensitive information, or perform\nside-channel attacks to obtain ECDSA nonces. \n\nWorkaround\n==========\n\nDisabling the tls-heartbeat USE flag (enabled by default) provides a\nworkaround for the CVE-2014-0160 issue. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1g\"\n\nNote: All services using OpenSSL to provide TLS connections have to be\nrestarted for the update to take effect. Utilities like\napp-admin/lib_users can aid in identifying programs using OpenSSL. \n\nAs private keys may have been compromised using the Heartbleed attack,\nit is recommended to regenerate them. \n\nReferences\n==========\n\n[ 1 ] CVE-2014-0076\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0076\n[ 2 ] CVE-2014-0160\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160\n[ 3 ] Heartbleed bug website\n      http://heartbleed.com/\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201404-07.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1g-i486-1_slack14.1.txz:  Upgraded. \n  This update fixes two security issues:\n  A missing bounds check in the handling of the TLS heartbeat extension\n  can be used to reveal up to 64k of memory to a connected client or server. \n  Thanks for Neel Mehta of Google Security for discovering this bug and to\n  Adam Langley \u003cagl@chromium.org\u003e and Bodo Moeller \u003cbmoeller@acm.org\u003e for\n  preparing the fix. \n  Fix for the attack described in the paper \"Recovering OpenSSL\n  ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack\"\n  by Yuval Yarom and Naomi Benger. Details can be obtained from:\n  http://eprint.iacr.org/2014/140\n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1g-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1g-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1g-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1g-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1g-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1g-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1g-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\n5467a62ebfbe9a9bfff64dcc4cfcdf7d  openssl-1.0.1g-i486-1_slack14.0.txz\nbdadd9920f2ce6fe4a0a7bd0d96f99df  openssl-solibs-1.0.1g-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n11ede2992e2b5d15bd3ffc5807571350  openssl-1.0.1g-x86_64-1_slack14.0.txz\n858ea6409aab45a67a880458ce48f923  openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8638083d9768ffcc4b7c597806ca634c  openssl-1.0.1g-i486-1_slack14.1.txz\n4d9dfe9db9e1f286ead72fc60971807b  openssl-solibs-1.0.1g-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nd85f8f451f71dd606f3adb59e582322a  openssl-1.0.1g-x86_64-1_slack14.1.txz\n43ff4bbfe26f99e7a3b9145146d191a0  openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n265a66855320207d4a7567ac5ae9a747  a/openssl-solibs-1.0.1g-i486-1.txz\nbf07a4b17f1c78a4081e2cfb711b8748  n/openssl-1.0.1g-i486-1.txz\n\nSlackware x86_64 -current packages:\n27e5135d764bd87bdb784b288e416b22  a/openssl-solibs-1.0.1g-x86_64-1.txz\n5ef747eed99ac34102b34d8d0eaed3a8  n/openssl-1.0.1g-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1g-i486-1_slack14.1.txz openssl-solibs-1.0.1g-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \nThere are no workarounds that mitigate these vulnerabilities. \nOpenSSL is a 3rd party product that is embedded with some of HP Software\nproducts. This bulletin objective is to notify HP Software customers about\nproducts affected by the Heartbleed vulnerability. This weakness\npotentially allows disclosure of information protected, under normal\nconditions, by the SSL/TLS protocol. The impacted products appear in the list\nbelow are vulnerable due to embedding OpenSSL standard release software. \n\nReferences: CVE-2014-0160 (SSRT101499)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Each bulletin will include a patch and/or mitigation\nguideline. \n\nNote: OpenSSL is an external product embedded in HP products. \n\nBulletin Applicability:\n\nThis bulletin applies to each OpenSSL component that is embedded within the\nHP products listed in the security bulletin. The bulletin does not apply to\nany other 3rd party application (e.g. operating system, web server, or\napplication server) that may be required to be installed by the customer\naccording instructions in the product install guide. \n\nTo learn more about HP Software Incident Response, please visit http://www8.h\np.com/us/en/software-solutions/enterprise-software-security-center/response-c\nenter.html . \n\nSoftware updates are available from HP Software Support Online at\nhttp://support.openview.hp.com/downloads.jsp\n\nHISTORY\nVersion:1 (rev.1) - 11 April 2014 Initial release\nVersion:2 (rev.2) - 13 April 2014 Added HP UCMDB Configuration Manager as\nimpacted, updated HP UCMDB Browser impacted versions\nVersion:3 (rev.3) - 17 April 2014 Added HP Software Autonomy WorkSite Server\nas impacted",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001920"
      },
      {
        "db": "BID",
        "id": "66478"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0160"
      },
      {
        "db": "PACKETSTORM",
        "id": "126993"
      },
      {
        "db": "PACKETSTORM",
        "id": "126785"
      },
      {
        "db": "PACKETSTORM",
        "id": "126161"
      },
      {
        "db": "PACKETSTORM",
        "id": "126285"
      },
      {
        "db": "PACKETSTORM",
        "id": "126458"
      },
      {
        "db": "PACKETSTORM",
        "id": "126203"
      },
      {
        "db": "PACKETSTORM",
        "id": "126450"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "126056"
      },
      {
        "db": "PACKETSTORM",
        "id": "126086"
      },
      {
        "db": "PACKETSTORM",
        "id": "126420"
      },
      {
        "db": "PACKETSTORM",
        "id": "126236"
      }
    ],
    "trust": 3.06
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=32745",
        "trust": 0.4,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0160",
        "trust": 3.4
      },
      {
        "db": "USCERT",
        "id": "TA14-098A",
        "trust": 1.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#720951",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "57721",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59243",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57836",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57968",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59347",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57966",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57483",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57347",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59139",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030079",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030074",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030081",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030080",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030026",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030077",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030082",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030078",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "66690",
        "trust": 1.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "32745",
        "trust": 1.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "32764",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-635659",
        "trust": 1.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-135-02",
        "trust": 0.9
      },
      {
        "db": "JVN",
        "id": "JVNVU94401838",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "TA15-119A",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-15-344-01",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-128-01",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-114-01",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-126-01",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-135-04",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-135-05",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-105-02A",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-105-03A",
        "trust": 0.8
      },
      {
        "db": "ICS CERT ALERT",
        "id": "ICS-ALERT-14-099-01E",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001920",
        "trust": 0.8
      },
      {
        "db": "OCERT",
        "id": "OCERT-2014-003",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "66478",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0160",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126993",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126785",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126161",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126285",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126458",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126203",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126450",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131044",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126056",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126086",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126420",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126236",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0160"
      },
      {
        "db": "BID",
        "id": "66478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001920"
      },
      {
        "db": "PACKETSTORM",
        "id": "126993"
      },
      {
        "db": "PACKETSTORM",
        "id": "126785"
      },
      {
        "db": "PACKETSTORM",
        "id": "126161"
      },
      {
        "db": "PACKETSTORM",
        "id": "126285"
      },
      {
        "db": "PACKETSTORM",
        "id": "126458"
      },
      {
        "db": "PACKETSTORM",
        "id": "126203"
      },
      {
        "db": "PACKETSTORM",
        "id": "126450"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "126056"
      },
      {
        "db": "PACKETSTORM",
        "id": "126086"
      },
      {
        "db": "PACKETSTORM",
        "id": "126420"
      },
      {
        "db": "PACKETSTORM",
        "id": "126236"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "id": "VAR-201404-0592",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.6038711649999999
  },
  "last_update_date": "2024-07-23T21:20:07.305000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apache Tomcat - Apache Tomcat APR/native Connector vulnerabilities",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security-native.html"
      },
      {
        "title": "Security/Heartbleed - Tomcat Wiki",
        "trust": 0.8,
        "url": "http://wiki.apache.org/tomcat/security/heartbleed"
      },
      {
        "title": "\u30df\u30e9\u30af\u30eb\u30fb\u30ea\u30ca\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e \u306e\u544a\u77e5\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=3566\u0026stype=\u0026sproduct=\u0026published=1"
      },
      {
        "title": "BlackBerry response to OpenSSL \u201cHeartbleed\u201d vulnerability",
        "trust": 0.8,
        "url": "http://www.blackberry.com/btsc/kb35882"
      },
      {
        "title": "Enterprise Chef 1.4.9 Release",
        "trust": 0.8,
        "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
      },
      {
        "title": "Chef Server Heartbleed (CVE-2014-0160) Releases",
        "trust": 0.8,
        "url": "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/"
      },
      {
        "title": "Chef Server 11.0.12 Release",
        "trust": 0.8,
        "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
      },
      {
        "title": "Enterprise Chef 11.1.3 Release",
        "trust": 0.8,
        "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
      },
      {
        "title": "cisco-sa-20140409-heartbleed",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-heartbleed"
      },
      {
        "title": "Release Notes",
        "trust": 0.8,
        "url": "http://cogentdatahub.com/releasenotes.html"
      },
      {
        "title": "FSC-2014-1: Notice on OpenSSL \u0027Heartbleed\u0027 Vulnerability",
        "trust": 0.8,
        "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-1"
      },
      {
        "title": "SOL15159: OpenSSL vulnerability CVE-2014-0160",
        "trust": 0.8,
        "url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217"
      },
      {
        "title": "Version history",
        "trust": 0.8,
        "url": "https://filezilla-project.org/versions.php?type=server"
      },
      {
        "title": "OpenSSL multiple vulnerabilities",
        "trust": 0.8,
        "url": "http://www.freebsd.org/security/advisories/freebsd-sa-14:06.openssl.asc"
      },
      {
        "title": "HPSBHF03136  SSRT101726",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04475466"
      },
      {
        "title": "HPSBMU03022 SSRT101527",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04263236"
      },
      {
        "title": "HPSBMU03024 SSRT101538",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04267749"
      },
      {
        "title": "HPSBST03000  SSRT101513",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04260637"
      },
      {
        "title": "HPSBMU03033 SSRT101550",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04272892"
      },
      {
        "title": "HPSBHF03293  SSRT101846",
        "trust": 0.8,
        "url": "http://h20566.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04595951\u0026lang=en\u0026cc=us"
      },
      {
        "title": "HPSBMU02995 SSRT101499",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04236102"
      },
      {
        "title": "HPSBMU03009 SSRT101520",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04249113"
      },
      {
        "title": "OpenSSL Heartbleed (CVE-2014-0160) ",
        "trust": 0.8,
        "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/openssl_heartbleed_cve_2014_0160?lang=en_us"
      },
      {
        "title": "1670161",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670161"
      },
      {
        "title": "00001841",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
      },
      {
        "title": "00001843",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
      },
      {
        "title": "1672507",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672507"
      },
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94401838/522154/index.html"
      },
      {
        "title": "Kerio Control Release History",
        "trust": 0.8,
        "url": "http://www.kerio.com/support/kerio-control/release-history"
      },
      {
        "title": "AV14-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/av14-001.html"
      },
      {
        "title": "Add heartbeat extension bounds check.",
        "trust": 0.8,
        "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3"
      },
      {
        "title": "OpenSSL Security Advisory [07 Apr 2014] - TLS heartbeat read overrun (CVE-2014-0160)",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20140407.txt"
      },
      {
        "title": "OpenSSL Security Bug - Heartbleed / CVE-2014-0160",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html"
      },
      {
        "title": "Oracle Security Alert for CVE-2014-0160",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2014",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "title": "Bug 1084875",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084875"
      },
      {
        "title": "RHSA-2014:0377",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0377.html"
      },
      {
        "title": "RHSA-2014:0378",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0378.html"
      },
      {
        "title": "RHSA-2014:0376",
        "trust": 0.8,
        "url": " http://rhn.redhat.com/errata/rhsa-2014-0376.html"
      },
      {
        "title": "RHSA-2014:0396",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0396.html"
      },
      {
        "title": "Multiple vulnerabilities in OpenSSL",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl5"
      },
      {
        "title": "Vulnerabilities resolved in TRITON APX Version 8.0",
        "trust": 0.8,
        "url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
      },
      {
        "title": "Splunk 6.0.3 addresses two vulnerabilities - April 10, 2014",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaamb3"
      },
      {
        "title": "\u65e5\u672c\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u682a\u5f0f\u4f1a\u793e \u306e\u544a\u77e5\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "http://blogs.technet.com/b/jpsecurity/archive/2014/04/11/microsoft-services-unaffected-by-openssl-quot-heartbleed-quot-vulnerability.aspx"
      },
      {
        "title": "UIS-2014-1",
        "trust": 0.8,
        "url": "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=1"
      },
      {
        "title": "UIS-2014-3",
        "trust": 0.8,
        "url": "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=3"
      },
      {
        "title": "VMSA-2014-0012",
        "trust": 0.8,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "title": "OpenSSL\u306e\u8106\u5f31\u6027\u306b\u4f34\u3046\u5f0a\u793e\u88fd\u54c1\u3078\u306e\u5f71\u97ff\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "https://cs.cybozu.co.jp/2014/001064.html"
      },
      {
        "title": "\u682a\u5f0f\u4f1a\u793e\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u30a4\u30cb\u30b7\u30a2\u30c6\u30a3\u30d6 \u306e\u544a\u77e5\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "http://www.seil.jp/support/security/140409.html"
      },
      {
        "title": "cisco-sa-20140409-heartbleed",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1122/1122496_erp-heartbleed-j.html"
      },
      {
        "title": "\u30a2\u30e9\u30fc\u30c8/\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea: OpenSSL Heartbleed \u306e\u8106\u5f31\u6027(CVE-2014-0160)\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://esupport.trendmicro.com/solution/ja-jp/1103090.aspx"
      },
      {
        "title": "HIRT-PUB14005\uff1a\u65e5\u7acb\u88fd\u54c1\u306b\u304a\u3051\u308b OpenSSL \u60c5\u5831\u6f0f\u3048\u3044\u3092\u8a31\u3057\u3066\u3057\u307e\u3046\u8106\u5f31\u6027(CVE-2014-0160) \u3078\u306e\u5bfe\u5fdc\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/hirt/publications/hirt-pub14005/index.html"
      },
      {
        "title": "Systemwalker Desktop Patrol: OpenSSL \u306e heartbeat \u62e1\u5f35\u306b\u60c5\u5831\u6f0f\u3048\u3044\u306e\u8106\u5f31\u6027(CVE-2014-0160) (2014\u5e745\u67088\u65e5)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/systemwalker_dtp201401.html"
      },
      {
        "title": "TA14-098A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta14-098a.html"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2017/01/23/heartbleed_2017/"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/04/24/apple_posts_updates_for_heartbleed_flaw_in_airport/"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/04/11/hackers_hammering_heartbleed/"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/04/09/heartbleed_vuln_analysis/"
      },
      {
        "title": "Debian CVElist Bug Report Logs: CVE-2014-0160 heartbeat read overrun (heartbleed)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e4799ab8fe4804274ba2db4d65cd867b"
      },
      {
        "title": "Debian Security Advisories: DSA-2896-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=264ec318be06a69e28012f62b2dc5bb7"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2165-1"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2014-0160 "
      },
      {
        "title": "exploits",
        "trust": 0.1,
        "url": "https://github.com/vs4vijay/exploits "
      },
      {
        "title": "VULNIX",
        "trust": 0.1,
        "url": "https://github.com/el-palomo/vulnix "
      },
      {
        "title": "openssl-heartbleed-fix",
        "trust": 0.1,
        "url": "https://github.com/sammyfung/openssl-heartbleed-fix "
      },
      {
        "title": "cve-2014-0160",
        "trust": 0.1,
        "url": "https://github.com/cved-sources/cve-2014-0160 "
      },
      {
        "title": "heartbleed_check",
        "trust": 0.1,
        "url": "https://github.com/ehoffmann-cp/heartbleed_check "
      },
      {
        "title": "heartbleed",
        "trust": 0.1,
        "url": "https://github.com/okrutnik420/heartbleed "
      },
      {
        "title": "heartbleed-test.crx",
        "trust": 0.1,
        "url": "https://github.com/iwaffles/heartbleed-test.crx "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/maheshmaske111/te "
      },
      {
        "title": "AradSocket",
        "trust": 0.1,
        "url": "https://github.com/araditc/aradsocket "
      },
      {
        "title": "sslscan",
        "trust": 0.1,
        "url": "https://github.com/kaisenlinux/sslscan "
      },
      {
        "title": "Springboard_Capstone_Project",
        "trust": 0.1,
        "url": "https://github.com/jonahwinninghoff/springboard_capstone_project "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/mre-fog/heartbleeder "
      },
      {
        "title": "buffer_overflow_exploit",
        "trust": 0.1,
        "url": "https://github.com/olivamadrigal/buffer_overflow_exploit "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/ashrafulislamcs/ubuntu-server-hardening "
      },
      {
        "title": "insecure_project",
        "trust": 0.1,
        "url": "https://github.com/turtlesec-no/insecure_project "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/maheshmaske111/ssl "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/h4r335hr/heartbleed "
      },
      {
        "title": "nmap-scripts",
        "trust": 0.1,
        "url": "https://github.com/takeshixx/nmap-scripts "
      },
      {
        "title": "knockbleed",
        "trust": 0.1,
        "url": "https://github.com/siddolo/knockbleed "
      },
      {
        "title": "heartbleed-masstest",
        "trust": 0.1,
        "url": "https://github.com/musalbas/heartbleed-masstest "
      },
      {
        "title": "HeartBleedDotNet",
        "trust": 0.1,
        "url": "https://github.com/shawinnes/heartbleeddotnet "
      },
      {
        "title": "heartbleed_test_openvpn",
        "trust": 0.1,
        "url": "https://github.com/weisslj/heartbleed_test_openvpn "
      },
      {
        "title": "paraffin",
        "trust": 0.1,
        "url": "https://github.com/vmeurisse/paraffin "
      },
      {
        "title": "sslscan",
        "trust": 0.1,
        "url": "https://github.com/rbsec/sslscan "
      },
      {
        "title": "Heartbleed_Dockerfile_with_Nginx",
        "trust": 0.1,
        "url": "https://github.com/froyo75/heartbleed_dockerfile_with_nginx "
      },
      {
        "title": "heartbleed-bug",
        "trust": 0.1,
        "url": "https://github.com/cldme/heartbleed-bug "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/h4ck3rt3ch/awesome-web-hacking "
      },
      {
        "title": "Web-Hacking",
        "trust": 0.1,
        "url": "https://github.com/adm0i/web-hacking "
      },
      {
        "title": "cybersecurity-ethical-hacking",
        "trust": 0.1,
        "url": "https://github.com/paulveillard/cybersecurity-ethical-hacking "
      },
      {
        "title": "Lastest-Web-Hacking-Tools-vol-I",
        "trust": 0.1,
        "url": "https://github.com/saratogamarine/lastest-web-hacking-tools-vol-i "
      },
      {
        "title": "HTBValentineWriteup",
        "trust": 0.1,
        "url": "https://github.com/zimmel15/htbvalentinewriteup "
      },
      {
        "title": "heartbleed-poc",
        "trust": 0.1,
        "url": "https://github.com/sensepost/heartbleed-poc "
      },
      {
        "title": "CVE-2014-0160",
        "trust": 0.1,
        "url": "https://github.com/0x90/cve-2014-0160 "
      },
      {
        "title": "Certified-Ethical-Hacker-Exam-CEH-v10",
        "trust": 0.1,
        "url": "https://github.com/tung0801/certified-ethical-hacker-exam-ceh-v10 "
      },
      {
        "title": "cs558heartbleed",
        "trust": 0.1,
        "url": "https://github.com/gkaptch1/cs558heartbleed "
      },
      {
        "title": "HeartBleed",
        "trust": 0.1,
        "url": "https://github.com/archaic-magnon/heartbleed "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/undacmic/heartbleed-proof-of-concept "
      },
      {
        "title": "openvpn-jookk",
        "trust": 0.1,
        "url": "https://github.com/jeypi04/openvpn-jookk "
      },
      {
        "title": "Heartbleed",
        "trust": 0.1,
        "url": "https://github.com/saiprasad16/heartbleed "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/kickfootcode/loveyouall "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imesecan/leakreducer-artifacts "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/tvernet/kali-tools-liste-et-description "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/k4u5h41/heartbleed "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/ronaldogdm/heartbleed "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/rochacbruno/my-awesome-stars "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/asadhasan73/temp_comp_sec "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/aakaashzz/heartbleed "
      },
      {
        "title": "tls-channel",
        "trust": 0.1,
        "url": "https://github.com/marianobarrios/tls-channel "
      },
      {
        "title": "fuzzx_cpp_demo",
        "trust": 0.1,
        "url": "https://github.com/guardstrikelab/fuzzx_cpp_demo "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/ppamo/recon_net_tools "
      },
      {
        "title": "heatbleeding",
        "trust": 0.1,
        "url": "https://github.com/idkqh7/heatbleeding "
      },
      {
        "title": "HeartBleed-Vulnerability-Checker",
        "trust": 0.1,
        "url": "https://github.com/waqasjamal/heartbleed-vulnerability-checker "
      },
      {
        "title": "heartbleed",
        "trust": 0.1,
        "url": "https://github.com/iscinc/heartbleed "
      },
      {
        "title": "heartbleed-dtls",
        "trust": 0.1,
        "url": "https://github.com/hreese/heartbleed-dtls "
      },
      {
        "title": "heartbleedchecker",
        "trust": 0.1,
        "url": "https://github.com/roganartu/heartbleedchecker "
      },
      {
        "title": "nmap-heartbleed",
        "trust": 0.1,
        "url": "https://github.com/azet/nmap-heartbleed "
      },
      {
        "title": "sslscan",
        "trust": 0.1,
        "url": "https://github.com/delishen/sslscan "
      },
      {
        "title": "web-hacking",
        "trust": 0.1,
        "url": "https://github.com/hr-beast/web-hacking "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/miss-brain/web-application-security "
      },
      {
        "title": "web-hacking",
        "trust": 0.1,
        "url": "https://github.com/hemanthraju02/web-hacking "
      },
      {
        "title": "awesome-web-hacking",
        "trust": 0.1,
        "url": "https://github.com/qwertskihack/awesome-web-hacking "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/himera25/web-hacking-list "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/dorota-fiit/bp-heartbleed-defense-game "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/maheshmaske111/sslscan "
      },
      {
        "title": "Heart-bleed",
        "trust": 0.1,
        "url": "https://github.com/anonymouse327311/heart-bleed "
      },
      {
        "title": "goScan",
        "trust": 0.1,
        "url": "https://github.com/stackviolator/goscan "
      },
      {
        "title": "sec-tool-list",
        "trust": 0.1,
        "url": "https://github.com/alphaseclab/sec-tool-list "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/utensil/awesome-stars-test "
      },
      {
        "title": "insecure-cplusplus-dojo",
        "trust": 0.1,
        "url": "https://github.com/patricia-gallardo/insecure-cplusplus-dojo "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/jubalh/awesome-package-maintainer "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/elnatty/tryhackme_labs "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/hzuiw33/openssl "
      },
      {
        "title": "makeItBleed",
        "trust": 0.1,
        "url": "https://github.com/mcampa/makeitbleed "
      },
      {
        "title": "CVE-2014-0160-Chrome-Plugin",
        "trust": 0.1,
        "url": "https://github.com/xyl2k/cve-2014-0160-chrome-plugin "
      },
      {
        "title": "heartbleedfixer.com",
        "trust": 0.1,
        "url": "https://github.com/reenhanced/heartbleedfixer.com "
      },
      {
        "title": "CVE-2014-0160-Scanner",
        "trust": 0.1,
        "url": "https://github.com/obayesshelton/cve-2014-0160-scanner "
      },
      {
        "title": "openmagic",
        "trust": 0.1,
        "url": "https://github.com/isgroup-srl/openmagic "
      },
      {
        "title": "heartbleeder",
        "trust": 0.1,
        "url": "https://github.com/titanous/heartbleeder "
      },
      {
        "title": "cardiac-arrest",
        "trust": 0.1,
        "url": "https://github.com/ah8r/cardiac-arrest "
      },
      {
        "title": "heartbleed_openvpn_poc",
        "trust": 0.1,
        "url": "https://github.com/tam7t/heartbleed_openvpn_poc "
      },
      {
        "title": "docker-wheezy-with-heartbleed",
        "trust": 0.1,
        "url": "https://github.com/simonswine/docker-wheezy-with-heartbleed "
      },
      {
        "title": "docker-testssl",
        "trust": 0.1,
        "url": "https://github.com/mbentley/docker-testssl "
      },
      {
        "title": "heartbleedscanner",
        "trust": 0.1,
        "url": "https://github.com/hybridus/heartbleedscanner "
      },
      {
        "title": "HeartLeak",
        "trust": 0.1,
        "url": "https://github.com/offensivepython/heartleak "
      },
      {
        "title": "HBL",
        "trust": 0.1,
        "url": "https://github.com/ssc-oscar/hbl "
      },
      {
        "title": "awesome-stars",
        "trust": 0.1,
        "url": "https://github.com/utensil/awesome-stars "
      },
      {
        "title": "SecurityTesting_web-hacking",
        "trust": 0.1,
        "url": "https://github.com/mostakimur/securitytesting_web-hacking "
      },
      {
        "title": "awesome-web-hacking",
        "trust": 0.1,
        "url": "https://github.com/winterwolf32/awesome-web-hacking "
      },
      {
        "title": "awesome-web-hacking-1",
        "trust": 0.1,
        "url": "https://github.com/winterwolf32/awesome-web-hacking-1 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/mehedi-babu/ethical_hacking_cyber "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/drakyanerlanggarizkiwardhana/awesome-web-hacking "
      },
      {
        "title": "awesome-web-hacking",
        "trust": 0.1,
        "url": "https://github.com/thanshurc/awesome-web-hacking "
      },
      {
        "title": "hack",
        "trust": 0.1,
        "url": "https://github.com/nvnpsplt/hack "
      },
      {
        "title": "awesome-web-hacking",
        "trust": 0.1,
        "url": "https://github.com/noname1007/awesome-web-hacking "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imranthethirdeye/awesome-web-hacking "
      },
      {
        "title": "web-hacking",
        "trust": 0.1,
        "url": "https://github.com/ondrik8/web-hacking "
      },
      {
        "title": "CheckSSL-ciphersuite",
        "trust": 0.1,
        "url": "https://github.com/kal1gh0st/checkssl-ciphersuite "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/undacmic/heartbleed-demo "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/mre-fog/ssl-heartbleed.nse "
      },
      {
        "title": "welivesecurity",
        "trust": 0.1,
        "url": "https://www.welivesecurity.com/2015/08/03/worlds-biggest-bug-bounty-payouts/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001920"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001920"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://heartbleed.com/"
      },
      {
        "trust": 1.9,
        "url": "http://www.us-cert.gov/ncas/alerts/ta14-098a"
      },
      {
        "trust": 1.9,
        "url": "https://code.google.com/p/mod-spdy/issues/detail?id=85"
      },
      {
        "trust": 1.9,
        "url": "http://www.kb.cert.org/vuls/id/720951"
      },
      {
        "trust": 1.9,
        "url": "https://www.cert.fi/en/reports/2014/vulnerability788210.html"
      },
      {
        "trust": 1.9,
        "url": "http://advisories.mageia.org/mgasa-2014-0165.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
      },
      {
        "trust": 1.4,
        "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
      },
      {
        "trust": 1.4,
        "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
      },
      {
        "trust": 1.4,
        "url": "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/"
      },
      {
        "trust": 1.2,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-heartbleed"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084875"
      },
      {
        "trust": 1.1,
        "url": "http://www.openssl.org/news/secadv_20140407.txt"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030078"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/apr/109"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/apr/190"
      },
      {
        "trust": 1.1,
        "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-april/000184.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0376.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0396.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030082"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57347"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139722163017074\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030077"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670161"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2014/dsa-2896"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0377.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030080"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131221.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030074"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/apr/90"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030081"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0378.html"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/apr/91"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57483"
      },
      {
        "trust": 1.1,
        "url": "http://www.splunk.com/view/sp-caaamb3"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131291.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030079"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57721"
      },
      {
        "trust": 1.1,
        "url": "http://www.blackberry.com/btsc/kb35882"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030026"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/66690"
      },
      {
        "trust": 1.1,
        "url": "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/"
      },
      {
        "trust": 1.1,
        "url": "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57966"
      },
      {
        "trust": 1.1,
        "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-1"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/apr/173"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57968"
      },
      {
        "trust": 1.1,
        "url": "http://www.exploit-db.com/exploits/32745"
      },
      {
        "trust": 1.1,
        "url": "http://www.exploit-db.com/exploits/32764"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57836"
      },
      {
        "trust": 1.1,
        "url": "https://gist.github.com/chapmajs/10473815"
      },
      {
        "trust": 1.1,
        "url": "http://cogentdatahub.com/releasenotes.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139905458328378\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139869891830365\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139889113431619\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=1"
      },
      {
        "trust": 1.1,
        "url": "http://www.kerio.com/support/kerio-control/release-history"
      },
      {
        "trust": 1.1,
        "url": "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=3"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay\u0026spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04260637-4%257cdoclocale%253den_us%257ccalledby%253dsearch_result\u0026javax.portlet.begcachetok=com.vignette.cachetoken\u0026javax.portlet.endcachetok=com.vignette.cachetoken"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
      },
      {
        "trust": 1.1,
        "url": "https://filezilla-project.org/versions.php?type=server"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=141287864628122\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/dec/23"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139817727317190\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139757726426985\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139758572430452\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139905653828999\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139842151128341\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139905405728262\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139833395230364\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139824993005633\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139843768401936\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139905202427693\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139774054614965\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139889295732144\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139835815211508\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140724451518351\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139808058921905\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139836085512508\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139869720529462\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139905868529690\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139765756720506\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140015787404650\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139824923705461\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139757919027752\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139774703817488\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139905243827825\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140075368411126\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139905295427946\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139835844111589\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139757819327350\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139817685517037\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139905351928096\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139817782017443\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160512_00"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004661"
      },
      {
        "trust": 1.1,
        "url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf"
      },
      {
        "trust": 1.1,
        "url": "http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59347"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59243"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59139"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.1,
        "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-119-01"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html"
      },
      {
        "trust": 1.1,
        "url": "http://support.citrix.com/article/ctx140605"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2165-1"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
      },
      {
        "trust": 1.1,
        "url": "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd"
      },
      {
        "trust": 1.1,
        "url": "http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=96db9023b881d7cd9f379b0c154650d6c108e9a3"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
      },
      {
        "trust": 0.9,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-135-02"
      },
      {
        "trust": 0.8,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-135-04"
      },
      {
        "trust": 0.8,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-135-05"
      },
      {
        "trust": 0.8,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-105-03a"
      },
      {
        "trust": 0.8,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-105-02a"
      },
      {
        "trust": 0.8,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-114-01"
      },
      {
        "trust": 0.8,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-126-01"
      },
      {
        "trust": 0.8,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-128-01"
      },
      {
        "trust": 0.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-344-01"
      },
      {
        "trust": 0.8,
        "url": "https://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01e"
      },
      {
        "trust": 0.8,
        "url": "http://www.ipa.go.jp/security/ciadr/vul/20140408-openssl.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2014/at140013.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/ta/jvnta99041988/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94401838/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0160"
      },
      {
        "trust": 0.8,
        "url": "https://www.us-cert.gov/ncas/alerts/ta15-119a"
      },
      {
        "trust": 0.8,
        "url": "http://www.cente.jp/article/release/483.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.aratana.jp/security/detail.php?id=8"
      },
      {
        "trust": 0.8,
        "url": "https://tools.ietf.org/html/rfc6520"
      },
      {
        "trust": 0.8,
        "url": "http://www.npa.go.jp/cyberpolice/detect/pdf/20140410.pdf"
      },
      {
        "trust": 0.7,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.7,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.7,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.4,
        "url": "http://support.openview.hp.com/downloads.jsp"
      },
      {
        "trust": 0.3,
        "url": "http://www.ocert.org/advisories/ocert-2014-003.html"
      },
      {
        "trust": 0.3,
        "url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048"
      },
      {
        "trust": 0.3,
        "url": "https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/"
      },
      {
        "trust": 0.3,
        "url": "http://pyyaml.org/wiki/libyaml"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0353.html"
      },
      {
        "trust": 0.3,
        "url": "http://puppetlabs.com/security/cve/cve-2014-2525"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0354.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0355.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
      },
      {
        "trust": 0.2,
        "url": "http://www8.hp.com/us/en/software-so"
      },
      {
        "trust": 0.2,
        "url": "http://www8.h"
      },
      {
        "trust": 0.2,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "http://seclists.org/fulldisclosure/2019/jan/42"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/./dsa-2896"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2165-1/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-d1488fd987894bc4ab3fe0ef52"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/insightupdates"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-4575754bbb614b58bf0ae1ac37"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-37075daeead2433cb41b59ae76"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-27e03b2f9cd24e77adc9dba94a"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-bfd3c0fb11184796b9428ced37"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/diagsrv_00064"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/diagprb_00112"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/diagprb_00114"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/diagsrv_00065"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/diagprb_00109"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/diagcol_00059"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/diagcol_00061"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/diagprb_00111"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/diagcol_00060"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/diagprb_00110"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/diagsrv_00066"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/diagcol_00062"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/diagsrv_00062"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/diagprb_00113"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/diagsrv_00063"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/km00843525"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201404-07.xml"
      },
      {
        "trust": 0.1,
        "url": "http://eprint.iacr.org/2014/140"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140430-mxp"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/p"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0160"
      },
      {
        "db": "BID",
        "id": "66478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001920"
      },
      {
        "db": "PACKETSTORM",
        "id": "126993"
      },
      {
        "db": "PACKETSTORM",
        "id": "126785"
      },
      {
        "db": "PACKETSTORM",
        "id": "126161"
      },
      {
        "db": "PACKETSTORM",
        "id": "126285"
      },
      {
        "db": "PACKETSTORM",
        "id": "126458"
      },
      {
        "db": "PACKETSTORM",
        "id": "126203"
      },
      {
        "db": "PACKETSTORM",
        "id": "126450"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "126056"
      },
      {
        "db": "PACKETSTORM",
        "id": "126086"
      },
      {
        "db": "PACKETSTORM",
        "id": "126420"
      },
      {
        "db": "PACKETSTORM",
        "id": "126236"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0160"
      },
      {
        "db": "BID",
        "id": "66478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001920"
      },
      {
        "db": "PACKETSTORM",
        "id": "126993"
      },
      {
        "db": "PACKETSTORM",
        "id": "126785"
      },
      {
        "db": "PACKETSTORM",
        "id": "126161"
      },
      {
        "db": "PACKETSTORM",
        "id": "126285"
      },
      {
        "db": "PACKETSTORM",
        "id": "126458"
      },
      {
        "db": "PACKETSTORM",
        "id": "126203"
      },
      {
        "db": "PACKETSTORM",
        "id": "126450"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "126056"
      },
      {
        "db": "PACKETSTORM",
        "id": "126086"
      },
      {
        "db": "PACKETSTORM",
        "id": "126420"
      },
      {
        "db": "PACKETSTORM",
        "id": "126236"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-04-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0160"
      },
      {
        "date": "2014-03-26T00:00:00",
        "db": "BID",
        "id": "66478"
      },
      {
        "date": "2014-04-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001920"
      },
      {
        "date": "2014-06-09T20:24:25",
        "db": "PACKETSTORM",
        "id": "126993"
      },
      {
        "date": "2014-05-23T13:14:00",
        "db": "PACKETSTORM",
        "id": "126785"
      },
      {
        "date": "2014-04-15T23:00:43",
        "db": "PACKETSTORM",
        "id": "126161"
      },
      {
        "date": "2014-04-23T21:26:11",
        "db": "PACKETSTORM",
        "id": "126285"
      },
      {
        "date": "2014-05-03T02:17:11",
        "db": "PACKETSTORM",
        "id": "126458"
      },
      {
        "date": "2014-04-17T22:03:30",
        "db": "PACKETSTORM",
        "id": "126203"
      },
      {
        "date": "2014-05-02T23:02:22",
        "db": "PACKETSTORM",
        "id": "126450"
      },
      {
        "date": "2015-03-27T20:42:44",
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "date": "2014-04-08T21:22:19",
        "db": "PACKETSTORM",
        "id": "126056"
      },
      {
        "date": "2014-04-09T22:48:55",
        "db": "PACKETSTORM",
        "id": "126086"
      },
      {
        "date": "2014-05-01T02:18:26",
        "db": "PACKETSTORM",
        "id": "126420"
      },
      {
        "date": "2014-04-21T19:51:58",
        "db": "PACKETSTORM",
        "id": "126236"
      },
      {
        "date": "2014-04-07T22:55:03.893000",
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0160"
      },
      {
        "date": "2017-05-02T04:07:00",
        "db": "BID",
        "id": "66478"
      },
      {
        "date": "2015-12-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001920"
      },
      {
        "date": "2024-07-02T16:52:39.560000",
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "66478"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  heartbeat Information disclosure vulnerability in expansion",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001920"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "66478"
      }
    ],
    "trust": 0.3
  }
}

var-200609-1261
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  2. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00967144 Version: 1

HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-04-12 Last Updated: 2007-04-12

Potential Security Impact: Remote unauthenticated arbitrary code execution or Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified on the Secure Sockets Layer (SSL) and BIND running on the HP Tru64 UNIX Operating System that may allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS).

References: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) VU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

BACKGROUND

RESOLUTION

HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

PRODUCT SPECIFIC INFORMATION

The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.

HISTORY Version:1 (rev.1) - 12 April 2007 Initial release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1261",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.2.6-p1"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.3.2-p1"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar410v2"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar450s"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar550s"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar570s"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar740"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10cu2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0.8"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux personal",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "ridoc document router",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ricoh",
        "version": "pro v2"
      },
      {
        "model": "ridoc document router",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ricoh",
        "version": "v3"
      },
      {
        "model": "ridoc document router",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ricoh",
        "version": "v4"
      },
      {
        "model": "ridoc document server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ricoh",
        "version": "ep v1"
      },
      {
        "model": "ridoc document server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ricoh",
        "version": "ep v2"
      },
      {
        "model": "ridoc document server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ricoh",
        "version": "v1 type h"
      },
      {
        "model": "ridoc document server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ricoh",
        "version": "v2 type h"
      },
      {
        "model": "ridoc document server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ricoh",
        "version": "v3"
      },
      {
        "model": "ridoc document server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ricoh",
        "version": "v3 ad"
      },
      {
        "model": "ridoc document system",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ricoh",
        "version": "image log options  v1"
      },
      {
        "model": "ridoc io operationserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ricoh",
        "version": "pro"
      },
      {
        "model": "ridoc io operationserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ricoh",
        "version": "device operation management utility"
      },
      {
        "model": "ridoc print linkage",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "ridoc web navigator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ricoh",
        "version": "v2"
      },
      {
        "model": "ridoc web navigator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ricoh",
        "version": "v3"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "fitelnet-f series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "furukawa electric",
        "version": "fitelnet-f3000"
      },
      {
        "model": "fitelnet-f series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "furukawa electric",
        "version": "fitelnet-f40"
      },
      {
        "model": "fitelnet-f series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "furukawa electric",
        "version": "fitelnet-f80/f100/f120/f1000"
      },
      {
        "model": "mucho series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "furukawa electric",
        "version": "mucho-ev/pk"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "igateway vpn/ssl-vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intoto",
        "version": "0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "intrusion detection system 4.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.48"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.47"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.22"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i standard edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i personal edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i enterprise edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle8i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "oracle8i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4.0"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.5"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.4.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.0.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.2.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.1.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "identity management 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.0.1"
      },
      {
        "model": "9i application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0.2.2"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3"
      },
      {
        "model": "e-business suite 11i cu2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.9"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.8"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.7"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "developer suite 6i",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.2"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.1"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.0"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.2.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle for openview for linux ltu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1.1"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.7"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000593"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2940",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-2940",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2940",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#221788",
            "trust": 0.8,
            "value": "4.20"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-533",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000593"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00967144\nVersion: 1\n\nHPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-04-12\nLast Updated: 2007-04-12\n\nPotential Security Impact: Remote unauthenticated arbitrary code execution or Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified on the Secure Sockets Layer (SSL) and BIND running on the HP Tru64 UNIX Operating System that may allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS). \n\nReferences: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) \nVU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND) \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. \n\nHISTORY \nVersion:1 (rev.1) - 12 April 2007 Initial release \n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000593"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      }
    ],
    "trust": 4.5
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940",
        "trust": 3.2
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "20247",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26893",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29261",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#423396",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "TA07-017A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000593",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56053",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000593"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "id": "VAR-200609-1261",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-07-04T20:24:05.364000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Critical Patch Update - January 2007",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "title": "RSA \u516c\u958b\u9375\u306b\u3088\u308b\u8106\u5f31\u6027\uff08Parasitic Public Key\uff09\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://www.furukawa.co.jp/fitelnet/topic/x509b_attacks.html"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "BIND 9: OpenSSL Vulnerabilities",
        "trust": 0.8,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "openssl096b (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=460"
      },
      {
        "title": "openssl (V2.x)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1003"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102759",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "Critical Patch Update - January 2007",
        "trust": 0.8,
        "url": "http://otn.oracle.co.jp/security/070119_77/top.html"
      },
      {
        "title": "X.509\u8a3c\u660e\u66f8\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20071108.html"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      },
      {
        "title": "NISCC-729618",
        "trust": 0.8,
        "url": "http://www.ricoh.co.jp/ridoc_ds/rds/download/ridoc_dos.pdf"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000593"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000593"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 1.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20247"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26893"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29261"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-2"
      },
      {
        "trust": 1.0,
        "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-1633"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10311"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/niscc/niscc-729618/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta07-017a/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta07-017a"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2940"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf?lang=en"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta07-017a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/423396"
      },
      {
        "trust": 0.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/index.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/221788"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/457193"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/464470"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458657"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458036"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458006"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458037"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458005"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458041"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458038"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458475"
      },
      {
        "trust": 0.3,
        "url": "http://docs.info.apple.com/article.html?artnum=307177"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "http://h30097.www3.hp.com/cma/patches.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000593"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000593"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20247"
      },
      {
        "date": "2007-01-16T00:00:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000593"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2007-04-19T00:58:08",
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-05-09T19:53:00",
        "db": "BID",
        "id": "20247"
      },
      {
        "date": "2008-05-20T23:05:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000593"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "date": "2018-10-18T16:44:22.137000",
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.6
  }
}

var-200609-0998
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: PGP 8.1

iQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I otH/juFiPayhwdxQwX1pZwdm =e4BA -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0998",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "igateway vpn/ssl-vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intoto",
        "version": "0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "intrusion detection system 4.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2940",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2940",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-533",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nReferences: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I\notH/juFiPayhwdxQwX1pZwdm\n=e4BA\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.6
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "20247",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26893",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29261",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "id": "VAR-200609-0998",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-05-25T20:18:12.504000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 1.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26893"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29261"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20247"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-2"
      },
      {
        "trust": 1.0,
        "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-1633"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10311"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20247"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-05-09T19:53:00",
        "db": "BID",
        "id": "20247"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "date": "2018-10-18T16:44:22.137000",
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.6
  }
}

var-200609-0995
Vulnerability from variot

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . ----------------------------------------------------------------------

Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/

TITLE: OpenOffice.org 3 Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA38568

VERIFY ADVISORY: http://secunia.com/advisories/38568/

DESCRIPTION: Some vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system.

1) The included libxml2 library fails to properly verify signatures.

This is related to: SA21709

2) An error in the included libxmlsec library can be exploited to potentially forge a valid signature.

For more information: SA35854

3) An error in the included MSVC Runtime package can be exploited to bypass certain security features.

For more information see vulnerability #2 in: SA35967

4) An error in the processing XPM files can be exploited to potentially execute arbitrary code.

5) An error in the processing GIF files can be exploited to potentially execute arbitrary code.

6) An error in the processing of Word documents can be exploited to potentially execute arbitrary code.

SOLUTION: Update to version 3.2.

PROVIDED AND/OR DISCOVERED BY: The vendor credits: 4) Sebastian Apelt of siberas 5) Frank Rei\xdfner and Sebastian Apelt of siberas 6) Nicolas Joly of Vupen

ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2006-4339.html http://www.openoffice.org/security/cves/CVE-2009-0217.html http://www.openoffice.org/security/cves/CVE-2009-2493.html http://www.openoffice.org/security/cves/CVE-2009-2949.html http://www.openoffice.org/security/cves/CVE-2009-2950.html http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html

OTHER REFERENCES: SA21709: http://secunia.com/advisories/21709/

SA35854: http://secunia.com/advisories/35854/

SA35967: http://secunia.com/advisories/35967/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00794048 Version: 1

HPSBUX02165 SSRT061266 rev.1 - HP-UX VirtualVault Remote Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2006-10-31 Last Updated: 2006-10-31

Potential Security Impact: Remote Unauthorized access

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access.

References: CVE-2006-4339

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.04 running Virtualvault 4.7 or Virtualvault 4.6 or Virtualvault 4.5 or HP WebProxy.

BACKGROUND

The OpenSSL community has released OpenSSL 0.9.7.k version superseding the OpenSSL 0.9.7i release that was identified in the CVE report.

Note: To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.

AFFECTED VERSIONS

HP-UX B.11.04 Virtualvault A.04.70

VaultWS.WS-CORE VaultTS.VV-IWS VaultTS.VV-CORE-CMN VaultTGP.TGP-CORE action: install PHSS_35463, PHSS_35460, PHSS_35481 or subsequent

HP-UX B.11.04 Virtualvault A.04.70 (Apache 2.X)

VaultWS.WS-CORE action: install PHSS_35436 or subsequent

HP-UX B.11.04 Virtualvault A.04.60

VaultWS.WS-CORE VaultTS.VV-IWS VaultTS.VV-CORE-CMN VaultTGP.TGP-CORE action: install PHSS_35462, PHSS_35459, PHSS_35480 or subsequent

HP-UX B.11.04 Virtualvault A.04.50

VaultWS.WS-CORE VaultTS.VV-IWS VaultTS.VV-IWS-JK VaultTS.VV-CORE-CMN action: install PHSS_35461, PHSS_35458 or subsequent

HP-UX B.11.04 HP Webproxy A.02.10 (Apache 2.x)

HP_Webproxy.HPWEB-PX-CORE action: install PHSS_35437 or subsequent

HP-UX B.11.04 HP Webproxy A.02.10 (Apache 1.x)

HP_Webproxy.HPWEB-PX-CORE action: install PHSS_35111 or subsequent

HP-UX B.11.04 HP Webproxy A.02.00

HP_Webproxy.HPWEB-PX-CORE action: install PHSS_35110 or subsequent

END AFFECTED VERSIONS

RESOLUTION

HP is making the following patches available to resolve this issue. The patches are available for download from http://itrc.hp.com

For B.11.04 HP has made the following patches available: PHSS_35463 Virtualvault 4.7 OWS (Apache 1.x) update PHSS_35460 Virtualvault 4.7 IWS update PHSS_35481 Virtualvault 4.7 TGP update PHSS_35436 Virtualvault 4.7 OWS (Apache 2.x) update PHSS_35462 Virtualvault 4.6 OWS update PHSS_35459 Virtualvault 4.6 IWS update PHSS_35480 Virtualvault 4.6 TGP update PHSS_35461 Virtualvault 4.5 OWS update PHSS_35458 Virtualvault 4.5 IWS update PHSS_35437 Webproxy server 2.1 (Apache 2.x) update PHSS_35111 Webproxy server 2.1 (Apache 1.x) update PHSS_35110 Webproxy server 2.0 update

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

MANUAL ACTIONS: No

HISTORY Version: 1 (rev.1) 31 October 2006 Initial release

Third Party Security Patches: Third Party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com. It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA& langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC

On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW, MA = HP Management Agents, MI = Misc. 3rd party SW, MP = HP MPE/iX, NS = HP NonStop Servers, OV = HP OpenVMS, PI = HP Printing & Imaging, ST = HP Storage SW, TL = HP Trusted Linux, TU = HP Tru64 UNIX, UX = HP-UX, VV = HP Virtual Vault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

(c)Copyright 2006 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0995",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": "jre 011",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 011",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 010",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 010",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 013",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 014",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": "sdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 15",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 015",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jdk 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jdk 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "jre 1.4.2 12",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "sdk 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre .0 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "sdk 07",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk b 005",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "sdk 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk .0 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk .0 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk .0 4",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk 008",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2"
      },
      {
        "model": "sdk 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre .0 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 015",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "sdk 012",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 014",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 009",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": "jre 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jdk 003",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk .0 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "sdk 13",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre .0 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jdk 006",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk 05",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk .0 03",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sybase",
        "version": "3.1"
      },
      {
        "model": "jdk 06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre b 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jdk 002",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 008",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 004",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 009",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "jdk 004",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "sdk 013",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk b 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "jre 012",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 009",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.5"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.1"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.9"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "java system web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.10"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.5"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "5.2.2"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ffi global fix lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "java web proxy server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.6"
      },
      {
        "model": "2-stable-20061018",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "jre b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "4,0 beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "jre .0 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "software opera web browser 1win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "jdk 09",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "7.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "6.2.3"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.51"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "sdk 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "java web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "thunderbird",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.5"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "jdk 1.5.0.0 06",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "one application server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "java system web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "sdk 04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.6"
      },
      {
        "model": "thunderbird",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.7"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "java system web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "solonde etl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.6"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "jsse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.2"
      },
      {
        "model": "one web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.54"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "one web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.51"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "one web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.1"
      },
      {
        "model": "java system web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "www-client/opera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gentoo",
        "version": "9.0.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.3"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.10"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.12"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.4"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "sdk 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.02"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-release-p32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.1.1"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5.1"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "jre 01a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "reflection ftp client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "12.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "ffi global fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.1"
      },
      {
        "model": "jsse 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "java system web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "java system application server 2004q2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "java web proxy server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "jre 009",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.52"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "jre b 005",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "jsse 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "jre 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "international cryptographic infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.7.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.54"
      },
      {
        "model": "software opera web browser beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "83"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.53"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.21"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "java system web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "data auditing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.5.3"
      },
      {
        "model": "openoffice",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.2"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "-release-p42",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "java system application server 2004q2 r1standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "seamonkey",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.5"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.0"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "data direct odbc/ole-db drivers for ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "java system web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "communications security tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "global fix lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.3"
      },
      {
        "model": "software opera web browser win32 beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.01"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.7"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.22"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.4"
      },
      {
        "model": "virtualvault a.04.50",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "jdk 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "integrated management",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "jre 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "one web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.2.1"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.1"
      },
      {
        "model": "jdk 1.5.0.0 04",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "java system web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.5"
      },
      {
        "model": "tomboy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "one application server platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "x0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "ecda",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.6"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.2"
      },
      {
        "model": "software opera web browser j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "solaris 8 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.1"
      },
      {
        "model": "one web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.50"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.06"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "ecda",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "sdk 05a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "java web proxy server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "software opera web browser beta build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.2012981"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "9"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.2"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "sdk 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.53"
      },
      {
        "model": "reflection sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.1"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "current pre20010701",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "jdk b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "-release-p38",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.13"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "corp banking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "java system application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "tomboy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.9"
      },
      {
        "model": "one web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.10"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.5"
      },
      {
        "model": "java system application server 2004q2 r1enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "jdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "seamonkey",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.3"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.1"
      },
      {
        "model": "-release-p17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "9.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0.4"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser .6win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "data integration suite di",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.0"
      },
      {
        "model": "linux enterprise sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.14"
      },
      {
        "model": "java web proxy server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "java system application server platform edition q1 ur1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "data auditing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.5.2"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.1"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.4"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.2"
      },
      {
        "model": "stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "java system web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "sdk 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "4.10-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "java enterprise system 2005q1",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "reflection sftp client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "solaris 8 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "java system application server platform edition q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "iq extended enterpirse edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.7"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "jdk 13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "java system application server standard 2004q2 r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "sdk 07a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "interactive response",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.1"
      },
      {
        "model": "software opera web browser mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.1"
      },
      {
        "model": "java system application server enterprise edition 2005q1rhel2.1/rhel3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "international cryptographic infostructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.6.1"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.8"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "software opera web browser b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "project openssl k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "java system application server standard 2004q2 r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "9.01"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "java system application server 2004q2 r2 enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java system web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "current august",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "232006"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "jre 05a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "sdk 007",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "one web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.2"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.3"
      },
      {
        "model": "jdk 15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "cvlan",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "jre 099",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "java system application server 2004q2 r3 enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java enterprise system 2003q4",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "java system application server 2004q2 r3 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "jre beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.10"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "java system application server 2004q2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20090"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "3.1 rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "e-biz impact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.5"
      },
      {
        "model": "ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "11.5"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.02"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "java system application server enterprise 2004q2 r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "-release-p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "8.0"
      },
      {
        "model": "one web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "jre 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "jre 13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "10.5"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "jdk 12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "mach desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "jdk 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "advanced linux environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "secure global desktop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.0.2"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.4"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "one web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "7.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "java system application server standard platform q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.52"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3)4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "webproxy a.02.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.2"
      },
      {
        "model": "java system application server enterprise 2004q2 r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "java system web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "java system web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "one web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "project openssl c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bpi for healthcare",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2"
      },
      {
        "model": "jdk 099",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 006",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "10.2.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.13"
      },
      {
        "model": "webproxy a.02.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "virtualvault a.04.70",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "11.0"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "e-biz impact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.4.5"
      },
      {
        "model": "java system application server enterprise edition q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "jdk 1.5.0.0 03",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.3-1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "jdk 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "ffi uofx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.50"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.0"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "java web proxy server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "reflection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0.5"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "seamonkey",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.6"
      },
      {
        "model": "ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5.2"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.4"
      },
      {
        "model": "jsse 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "one web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "e1.0-solid",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.2"
      },
      {
        "model": "-release/alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "ffi bptw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "java web proxy server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "java system application server 2004q2 r2 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.2"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "virtualvault a.04.60",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.3"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "10.0"
      },
      {
        "model": "java enterprise system 2005q4",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "hat fedora core5",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "one web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "sdk 01a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "solaris 9 x86 update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0.x"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "network security services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.11.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "jre 004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.23"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "8.1"
      },
      {
        "model": "legion of the bouncy castle java cryptography api",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "the",
        "version": "1.37"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "-stablepre2002-03-07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.0"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.2"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1"
      },
      {
        "model": "thunderbird",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.8"
      },
      {
        "model": "ffi cons banking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "java enterprise system 2004q2",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "securefx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "van dyke",
        "version": "4.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "java system web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.5"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "software opera web browser 3win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "java web proxy server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.0"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "jre 09",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "software opera web browser 2win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.01"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.8"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.7"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "bpi for healthcare",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2.1"
      },
      {
        "model": "java web proxy server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "sdk .0 05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.20"
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "java system web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.14"
      },
      {
        "model": "sdk .0 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.12"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3"
      },
      {
        "model": "jre .0 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.3.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "mfolio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.2.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.11"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "jdk 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "software opera web browser win32 beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.02"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.6"
      },
      {
        "model": "firefox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.8"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.11"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "jsse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "current pre20010805",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "java web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.0"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "legion of the bouncy castle java cryptography api",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "the",
        "version": "1.38"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "java system web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "java web proxy server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "solaris update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "95"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "solonde etl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "vshell",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "van dyke",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "interactive response",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.3"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Daniel Bleichenbacher reported this issue to the vendor.",
    "sources": [
      {
        "db": "BID",
        "id": "19849"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-4339",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4339",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. \nAll versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\n\n\nSecunia integrated with Microsoft WSUS \nhttp://secunia.com/blog/71/\n\n\n\n----------------------------------------------------------------------\n\nTITLE:\nOpenOffice.org 3 Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA38568\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38568/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in OpenOffice.org, which can\nbe exploited by malicious people to bypass certain security\nrestrictions, conduct spoofing attacks, or compromise a user\u0027s\nsystem. \n\n1) The included libxml2 library fails to properly verify signatures. \n\nThis is related to:\nSA21709\n\n2) An error in the included libxmlsec library can be exploited to\npotentially forge a valid signature. \n\nFor more information:\nSA35854\n\n3) An error in the included MSVC Runtime package can be exploited to\nbypass certain security features. \n\nFor more information see vulnerability #2 in:\nSA35967\n\n4) An error in the processing XPM files can be exploited to\npotentially execute arbitrary code. \n\n5) An error in the processing GIF files can be exploited to\npotentially execute arbitrary code. \n\n6) An error in the processing of Word documents can be exploited to\npotentially execute arbitrary code. \n\nSOLUTION:\nUpdate to version 3.2. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n4) Sebastian Apelt of siberas\n5) Frank Rei\\xdfner and Sebastian Apelt of siberas\n6) Nicolas Joly of Vupen\n\nORIGINAL ADVISORY:\nhttp://www.openoffice.org/security/cves/CVE-2006-4339.html\nhttp://www.openoffice.org/security/cves/CVE-2009-0217.html\nhttp://www.openoffice.org/security/cves/CVE-2009-2493.html\nhttp://www.openoffice.org/security/cves/CVE-2009-2949.html\nhttp://www.openoffice.org/security/cves/CVE-2009-2950.html\nhttp://www.openoffice.org/security/cves/CVE-2009-3301-3302.html\n\nOTHER REFERENCES:\nSA21709:\nhttp://secunia.com/advisories/21709/\n\nSA35854:\nhttp://secunia.com/advisories/35854/\n\nSA35967:\nhttp://secunia.com/advisories/35967/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00794048\nVersion: 1\n\nHPSBUX02165 SSRT061266 rev.1 - HP-UX VirtualVault Remote Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2006-10-31\nLast Updated: 2006-10-31\n\n\nPotential Security Impact: Remote Unauthorized access\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. \n\nReferences: CVE-2006-4339\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.04 running Virtualvault 4.7 or Virtualvault 4.6 or Virtualvault 4.5 or HP WebProxy. \n\nBACKGROUND\n\nThe OpenSSL community has released OpenSSL 0.9.7.k version superseding the OpenSSL 0.9.7i release that was identified in the CVE report. \n\nNote: To determine if a system has an affected version, search the output of \"swlist -a revision -l fileset\" for an affected fileset. Then determine if the recommended patch or update is installed. \n\nAFFECTED VERSIONS \n\nHP-UX B.11.04 Virtualvault A.04.70 \n=========================== \nVaultWS.WS-CORE \nVaultTS.VV-IWS \nVaultTS.VV-CORE-CMN \nVaultTGP.TGP-CORE \naction: install PHSS_35463, PHSS_35460, PHSS_35481 or subsequent \n\nHP-UX B.11.04 Virtualvault A.04.70 (Apache 2.X) \n==================================== \nVaultWS.WS-CORE \naction: install PHSS_35436 or subsequent \n\nHP-UX B.11.04 Virtualvault A.04.60 \n=========================== \nVaultWS.WS-CORE \nVaultTS.VV-IWS \nVaultTS.VV-CORE-CMN \nVaultTGP.TGP-CORE \naction: install PHSS_35462, PHSS_35459, PHSS_35480 or subsequent \n\nHP-UX B.11.04 Virtualvault A.04.50 \n=========================== \nVaultWS.WS-CORE \nVaultTS.VV-IWS \nVaultTS.VV-IWS-JK \nVaultTS.VV-CORE-CMN \naction: install PHSS_35461, PHSS_35458 or subsequent \n\nHP-UX B.11.04 HP Webproxy A.02.10 (Apache 2.x) \n============================ \nHP_Webproxy.HPWEB-PX-CORE \naction: install PHSS_35437 or subsequent \n\nHP-UX B.11.04 HP Webproxy A.02.10 (Apache 1.x) \n============================ \nHP_Webproxy.HPWEB-PX-CORE \naction: install PHSS_35111 or subsequent \n\nHP-UX B.11.04 HP Webproxy A.02.00 \n============================ \nHP_Webproxy.HPWEB-PX-CORE \naction: install PHSS_35110 or subsequent \n\nEND AFFECTED VERSIONS \n\n\n\nRESOLUTION\n\nHP is making the following patches available to resolve this issue. \nThe patches are available for download from http://itrc.hp.com \n\nFor B.11.04 HP has made the following patches available: \nPHSS_35463 Virtualvault 4.7 OWS (Apache 1.x) update \nPHSS_35460 Virtualvault 4.7 IWS update \nPHSS_35481 Virtualvault 4.7 TGP update \nPHSS_35436 Virtualvault 4.7 OWS (Apache 2.x) update \nPHSS_35462 Virtualvault 4.6 OWS update \nPHSS_35459 Virtualvault 4.6 IWS update \nPHSS_35480 Virtualvault 4.6 TGP update \nPHSS_35461 Virtualvault 4.5 OWS update \nPHSS_35458 Virtualvault 4.5 IWS update \nPHSS_35437 Webproxy server 2.1 (Apache 2.x) update \nPHSS_35111 Webproxy server 2.1 (Apache 1.x) update \nPHSS_35110 Webproxy server 2.0 update \n\nPRODUCT SPECIFIC INFORMATION \nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA \n\nMANUAL ACTIONS: No \n\nHISTORY Version: 1 (rev.1) 31 October 2006 Initial release \n\nThird Party Security Patches: Third Party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services\nsupport channel. \n\nReport: To report a potential security vulnerability with any HP\nsupported product, send Email to: security-alert@hp.com.  It is\nstrongly recommended that security related information being\ncommunicated to HP be encrypted using PGP, especially exploit\ninformation.  To get the security-alert PGP key, please send an\ne-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP\nSecurity Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026\nlangcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\n\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and\n    continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and\n    save. \n\nTo update an existing subscription:\nhttp://h30046.www3.hp.com/subSignIn.php\nLog in on the web page:\n  Subscriber\u0027s choice for Business: sign-in. \nOn the web page:\n  Subscriber\u0027s Choice: your profile summary\n    - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit:\nhttp://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters of the\nBulletin number in the title:\n\n    GN = HP General SW,\n    MA = HP Management Agents,\n    MI = Misc. 3rd party SW,\n    MP = HP MPE/iX,\n    NS = HP NonStop Servers,\n    OV = HP OpenVMS,\n    PI = HP Printing \u0026 Imaging,\n    ST = HP Storage SW,\n    TL = HP Trusted Linux,\n    TU = HP Tru64 UNIX,\n    UX = HP-UX,\n    VV = HP Virtual Vault\n\n\nSystem management and security procedures must be reviewed\nfrequently to maintain system integrity. HP is continually\nreviewing and enhancing the security features of software products\nto provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to\nbring to the attention of users of the affected HP products the\nimportant security information contained in this Bulletin. HP\nrecommends that all users determine the applicability of this\ninformation to their individual situations and take appropriate\naction. HP does not warrant that this information is necessarily\naccurate or complete for all user situations and, consequently, HP\nwill not be responsible for any damages resulting from user\u0027s use\nor disregard of the information provided in this Bulletin. To the\nextent permitted by law, HP disclaims all warranties, either\nexpress or implied, including the warranties of merchantability\nand fitness for a particular purpose, title and non-infringement.\"\n\n\n(c)Copyright 2006 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or\neditorial errors or omissions contained herein. The information\nprovided is provided \"as is\" without warranty of any kind. To the\nextent permitted by law, neither HP nor its affiliates,\nsubcontractors or suppliers will be liable for incidental, special\nor consequential damages including downtime cost; lost profits;\ndamages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. \nThe information in this document is subject to change without\nnotice. Hewlett-Packard Company and the names of Hewlett-Packard\nproducts referenced herein are trademarks of Hewlett-Packard\nCompany in the United States and other countries. Other product\nand company names mentioned herein may be trademarks of their\nrespective owners",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "86249"
      },
      {
        "db": "PACKETSTORM",
        "id": "51624"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 1.8
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339",
        "trust": 1.6
      },
      {
        "db": "BID",
        "id": "19849",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "38568",
        "trust": 1.2
      },
      {
        "db": "SECUNIA",
        "id": "25399",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22936",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23841",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21785",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22325",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21870",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22044",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22934",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22689",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22036",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22509",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21927",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22939",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "28115",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22446",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22733",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22938",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21852",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22932",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21873",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22711",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22066",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "60799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "38567",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22937",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "41818",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21930",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21776",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22523",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25649",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21982",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21767",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21906",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22232",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22513",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21846",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22949",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21823",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22161",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22940",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26893",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22226",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21778",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23455",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22948",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21812",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22585",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22545",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24099",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-4224",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4366",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3793",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4586",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4216",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-5146",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3899",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4205",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3730",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4206",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1945",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4744",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0366",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0254",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3453",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4207",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3748",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3566",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1815",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2163",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1016791",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000079",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "28549",
        "trust": 1.0
      },
      {
        "db": "JVN",
        "id": "JVN51615542",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "86249",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51624",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "86249"
      },
      {
        "db": "PACKETSTORM",
        "id": "51624"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "id": "VAR-200609-0995",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.32525984999999996
  },
  "last_update_date": "2024-03-07T21:38:05.856000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 1.4,
        "url": "http://www.openoffice.org/security/cves/cve-2006-4339.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.3,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=3117"
      },
      {
        "trust": 1.3,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-188.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://support.attachmate.com/techdocs/2137.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.openssl.org/news/secadv_20060905.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.bluecoat.com/support/knowledge/openssl_rsa_signature_forgery.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/845620"
      },
      {
        "trust": 1.3,
        "url": "http://docs.info.apple.com/article.html?artnum=307177"
      },
      {
        "trust": 1.3,
        "url": "https://secure-support.novell.com/kanisaplatform/publishing/41/3143224_f.sal_public.html"
      },
      {
        "trust": 1.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1"
      },
      {
        "trust": 1.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "trust": 1.3,
        "url": "http://www.sybase.com/detail?id=1047991"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://dev2dev.bea.com/pub/advisory/238"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c01070495"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://jvn.jp/en/jp/jvn51615542/index.html"
      },
      {
        "trust": 1.0,
        "url": "http://jvndb.jvn.jp/ja/contents/2012/jvndb-2012-000079.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2007/dec/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21709"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21767"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21776"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21778"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21785"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21812"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21823"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21846"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21852"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21870"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21873"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21906"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21927"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21982"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22036"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22044"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22066"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22161"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22226"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22232"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22325"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22446"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22509"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22513"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22523"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22545"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22585"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22689"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22711"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22733"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22932"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22934"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22936"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22937"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22938"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22939"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22940"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22948"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22949"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23455"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23841"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24099"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25399"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25649"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26893"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/28115"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/38567"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/38568"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/41818"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/60799"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:19.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200609-05.xml"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200609-18.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016791"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.566955"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.605306"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2127.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2128.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/40ak-2006-04-fr-1.1_ssl360_openssl_rsa.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1174"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:161"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:207"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_61_opera.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openbsd.org/errata.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.com/security/advisories/openpkg-sa-2006.018.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.029-bind.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.opera.com/support/search/supsearch.dml?index=845"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/28549"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0661.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0062.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0072.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0073.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/445231/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/445822/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/450327/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/19849"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-339-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.us.debian.org/security/2006/dsa-1173"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3453"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3566"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3730"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3748"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3793"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3899"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4205"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4206"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4207"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4216"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4366"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4586"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4744"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/5146"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0254"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1815"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1945"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2163"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/4224"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2010/0366"
      },
      {
        "trust": 1.0,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00771742"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28755"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-1633"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-616"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11656"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-196.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-224.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-246.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.cdc.informatik.tu-darmstadt.de/securebrowser/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
      },
      {
        "trust": 0.3,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2006-023.txt.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-451.php"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0735.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0661.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0675.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0676.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0677.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0733.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0734.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/44ak-2006-04-en-1.1_ssl360_openssl_rsa.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www1.vandyke.com/support/advisory/2007/01/845620.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.slackware.com/security/list.php?l=slackware-security\u0026y=2006"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "/archive/1/446038"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2007-091.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-250.htm"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?admit=-1335382922+1174502331230+28353475\u0026docid=c00774579"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-january/051708.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2007-0062.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2007-0072.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/594904"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.openoffice.org/security/cves/cve-2009-2493.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.openoffice.org/security/cves/cve-2009-0217.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/38568/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/35854/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/blog/71/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openoffice.org/security/cves/cve-2009-3301-3302.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.openoffice.org/security/cves/cve-2009-2950.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openoffice.org/security/cves/cve-2009-2949.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/35967/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://itrc.hp.com"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "86249"
      },
      {
        "db": "PACKETSTORM",
        "id": "51624"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "86249"
      },
      {
        "db": "PACKETSTORM",
        "id": "51624"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-05T00:00:00",
        "db": "BID",
        "id": "19849"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2010-02-12T15:35:11",
        "db": "PACKETSTORM",
        "id": "86249"
      },
      {
        "date": "2006-11-03T02:10:30",
        "db": "PACKETSTORM",
        "id": "51624"
      },
      {
        "date": "2006-09-05T17:04:00",
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2015-03-19T08:19:00",
        "db": "BID",
        "id": "19849"
      },
      {
        "date": "2018-10-17T21:35:10.617000",
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "19849"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "19849"
      }
    ],
    "trust": 0.3
  }
}

var-201506-0497
Vulnerability from variot

The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. OpenSSL is prone to a denial-of-service vulnerability. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS).

HP IceWall SSO Dfw v10.0 and Certd v10.0, which are running on RHEL, could be using either the OS bundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still using the OpenSSL bundled with HP IceWall, please apply the latest OS vendor security patches for OpenSSL and switch to the OpenSSL library bundled with the OS.

Documents are available at the following location with instructions to switch to the OS bundled OpenSSL library:

http://www.hp.com/jp/icewall_patchaccess

Note: The HP IceWall product is only available in Japan.

Release Date: 2015-08-05 Last Updated: 2015-08-05

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled.

This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information.

References:

CVE-2015-4000: DHE man-in-the-middle protection (Logjam).

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1793 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided an updated version of OpenSSL to resolve this vulnerability.

A new B.11.31 depot for OpenSSL_A.01.00.01p is available here:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I

MANUAL ACTIONS: Yes - Update

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.31

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.01.00.01p or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 5 August 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:1115-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1115.html Issue date: 2015-06-15 CVE Names: CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176)

A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. (CVE-2015-3216)

An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)

A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791)

A flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792)

A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)

Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Böck as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Käsper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792.

All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression 1228603 - CVE-2015-1789 OpenSSL: out-of-bounds read in X509_cmp_time 1228604 - CVE-2015-1790 OpenSSL: PKCS7 crash with missing EnvelopedContent 1228607 - CVE-2015-1792 OpenSSL: CMS verify infinite loop with unknown hash function 1228608 - CVE-2015-1791 OpenSSL: Race condition handling NewSessionTicket 1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-30.el6_6.11.src.rpm

i386: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-perl-1.0.1e-30.el6_6.11.i686.rpm openssl-static-1.0.1e-30.el6_6.11.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-30.el6_6.11.src.rpm

x86_64: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-30.el6_6.11.src.rpm

i386: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm

ppc64: openssl-1.0.1e-30.el6_6.11.ppc.rpm openssl-1.0.1e-30.el6_6.11.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.11.ppc.rpm openssl-devel-1.0.1e-30.el6_6.11.ppc64.rpm

s390x: openssl-1.0.1e-30.el6_6.11.s390.rpm openssl-1.0.1e-30.el6_6.11.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.s390x.rpm openssl-devel-1.0.1e-30.el6_6.11.s390.rpm openssl-devel-1.0.1e-30.el6_6.11.s390x.rpm

x86_64: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-perl-1.0.1e-30.el6_6.11.i686.rpm openssl-static-1.0.1e-30.el6_6.11.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-30.el6_6.11.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.11.ppc64.rpm openssl-static-1.0.1e-30.el6_6.11.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-30.el6_6.11.s390x.rpm openssl-perl-1.0.1e-30.el6_6.11.s390x.rpm openssl-static-1.0.1e-30.el6_6.11.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-30.el6_6.11.src.rpm

i386: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-perl-1.0.1e-30.el6_6.11.i686.rpm openssl-static-1.0.1e-30.el6_6.11.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-42.el7_1.8.src.rpm

x86_64: openssl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.8.i686.rpm openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.8.i686.rpm openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-static-1.0.1e-42.el7_1.8.i686.rpm openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-42.el7_1.8.src.rpm

x86_64: openssl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.8.i686.rpm openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.8.i686.rpm openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-static-1.0.1e-42.el7_1.8.i686.rpm openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-42.el7_1.8.src.rpm

ppc64: openssl-1.0.1e-42.el7_1.8.ppc64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.ppc.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.ppc64.rpm openssl-devel-1.0.1e-42.el7_1.8.ppc.rpm openssl-devel-1.0.1e-42.el7_1.8.ppc64.rpm openssl-libs-1.0.1e-42.el7_1.8.ppc.rpm openssl-libs-1.0.1e-42.el7_1.8.ppc64.rpm

s390x: openssl-1.0.1e-42.el7_1.8.s390x.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.s390.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.s390x.rpm openssl-devel-1.0.1e-42.el7_1.8.s390.rpm openssl-devel-1.0.1e-42.el7_1.8.s390x.rpm openssl-libs-1.0.1e-42.el7_1.8.s390.rpm openssl-libs-1.0.1e-42.el7_1.8.s390x.rpm

x86_64: openssl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.8.i686.rpm openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.8.i686.rpm openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-42.ael7b_1.8.src.rpm

ppc64le: openssl-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-debuginfo-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-devel-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-libs-1.0.1e-42.ael7b_1.8.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-42.el7_1.8.ppc.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.ppc64.rpm openssl-perl-1.0.1e-42.el7_1.8.ppc64.rpm openssl-static-1.0.1e-42.el7_1.8.ppc.rpm openssl-static-1.0.1e-42.el7_1.8.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-42.el7_1.8.s390.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.s390x.rpm openssl-perl-1.0.1e-42.el7_1.8.s390x.rpm openssl-static-1.0.1e-42.el7_1.8.s390.rpm openssl-static-1.0.1e-42.el7_1.8.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-static-1.0.1e-42.el7_1.8.i686.rpm openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le: openssl-debuginfo-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-perl-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-static-1.0.1e-42.ael7b_1.8.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-42.el7_1.8.src.rpm

x86_64: openssl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.8.i686.rpm openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.8.i686.rpm openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-static-1.0.1e-42.el7_1.8.i686.rpm openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8176 https://access.redhat.com/security/cve/CVE-2015-1789 https://access.redhat.com/security/cve/CVE-2015-1790 https://access.redhat.com/security/cve/CVE-2015-1791 https://access.redhat.com/security/cve/CVE-2015-1792 https://access.redhat.com/security/cve/CVE-2015-3216 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150611.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFVf0NNXlSAg2UNWIIRArL4AJ9e7lbD/4Nks5midR5o3E4Bs5lQWQCgnrvk ZyXizCcFL9oAQexObjxp/Mo= =PXiY -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. OpenSSL Security Advisory [11 Jun 2015] =======================================

DHE man-in-the-middle protection (Logjam)

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000).

OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.

Malformed ECParameters causes infinite loop (CVE-2015-1788)

Severity: Moderate

When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field.

This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled.

This issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent 1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The fix was developed by Andy Polyakov of the OpenSSL development team.

Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)

Severity: Moderate

X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string.

An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki (Google), and independently on 11th April 2015 by Hanno Böck. The fix was developed by Emilia Käsper of the OpenSSL development team.

PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)

Severity: Moderate

The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.

Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 18th April 2015 by Michal Zalewski (Google). The fix was developed by Emilia Käsper of the OpenSSL development team.

This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. The fix was developed by Matt Caswell of the OpenSSL development team. It existed in previous OpenSSL versions and was fixed in June 2014.

If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption.

This issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

This issue was originally reported on March 28th 2014 in https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google). A fix was developed by zhu qun-ying.

The fix for this issue can be identified by commits bcc31166 (1.0.1), b79e6e3a (1.0.0) and 4b258e73 (0.9.8).

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150611.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0497",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zf"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.9,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.0.0"
      },
      {
        "model": "junos 12.1x44-d33",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "hp-ux b.11.22",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "insight orchestration",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 14.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "open source siem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "one-x client enablement services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "rational automation framework ifix4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "junos 13.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cms r16.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "ascenlink",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.2.3"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "rational automation framework ifix5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "hp-ux b.11.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13-34"
      },
      {
        "model": "junos 12.1x44-d51",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.15"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.9"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "junos 13.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "imc products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.16-37"
      },
      {
        "model": "junos 12.1x44-d50",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server eus 6.6.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "junos 14.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "linux enterprise server sp2 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "communications security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "qradar incident forensics mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4-23"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.25-57"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-43"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.0.52"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.10.38"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "filenet system monitor interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.0.3"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.00"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 12.3x48-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.33"
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "sametime unified telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "enterprise content management system monitor fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.02"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "screenos 6.3.0r21",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.10"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "aura communication manager ssp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.11-28"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 15.1r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.8"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.03"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "junos 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational policy tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "junos 14.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.7"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "enterprise content management system monitor interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "one-x client enablement services sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "screenos 6.3.0r19",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "cloud manager fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.32"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "security proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "aura conferencing sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.15-36"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.6"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "junos 12.1x44-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x44-d30.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "junos 15.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos d20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "exalogic infrastructure eecs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.6.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.213"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.14"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.8"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "model": "hp-ux b.11.11.16.09",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.12.3"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "screenos 6.3.0r22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.413"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.34"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.12"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.16"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2919"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "hp-ux b.11.11.13.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "junos 14.1r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.16"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "aura utility services sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "hp-ux b.11.23.1.007",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "cloud manager if fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.252"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "forticlient windows/mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.29-9"
      },
      {
        "model": "screenos 6.3.0r12",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security identity governance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "cloud manager if fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.144"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "ds8870 r7.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.2.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.411"
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.12.4"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.18"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.12"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.0.4.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "junos 13.2x51-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 14.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "fortivoice enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.6"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "hp-ux b.11.11.02.008",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.11"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.16"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.0"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "junos 12.1x46-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "netinsight",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.14"
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "project openssl 0.9.8zg",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 14.2r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "junos 13.2x51-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "powerkvm build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.157"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "junos 13.2x51-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "16.1"
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "qradar siem mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.0.1"
      },
      {
        "model": "vcx products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "aura application server sip core pb3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "junos 12.1x47-d45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "qradar siem mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "hp-ux b.11.11.17.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "screenos 6.3.0r13",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.18-49"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.01"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.1.5"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.2"
      },
      {
        "model": "linux enterprise server sp4 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "secure backup",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.13-41"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.9"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "project openssl 0.9.8zf",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "hp-ux b.11.23.07.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "qradar incident forensics mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "aura conferencing sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.10"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9-34"
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.15"
      },
      {
        "model": "aura application server sip core pb5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.02"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 12.1x46-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.3"
      },
      {
        "model": "junos 12.3r11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "linux enterprise server sp1 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "screenos 6.3.0r20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "junos 13.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.3"
      },
      {
        "model": "infosphere guardium for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 15.1x49-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "aura conferencing sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "aura application server sip core sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-42"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.41"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.2"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "junos 14.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "workload deployer if9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.10"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.13"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "junos 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.12"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1876"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "16.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.6"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.0"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "fsso build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "235"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "hp-ux b.11.11.14.15",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "junos 12.1x44-d35.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "sametime unified telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "junos 12.3x48-d30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.5"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.01"
      },
      {
        "model": "unified security management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "rational automation framework ifix1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.15"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos 13.2x51-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "hp-ux b.11.11.15.13",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura conferencing sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.05"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.12"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "junos 15.1x49-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura messaging sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.3"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.3r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.214"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.19"
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75157"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zf",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2015-1790",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-1790",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1790",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201506-246",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-1790",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1790"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. OpenSSL is prone to a denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. The vulnerabilities could be exploited remotely\nresulting in Denial of Service (DoS). \n\n  HP IceWall SSO Dfw v10.0 and Certd v10.0, which are running on RHEL, could\nbe using either the OS bundled OpenSSL library or the OpenSSL bundled with HP\nIceWall. If still using the OpenSSL bundled with HP IceWall, please apply the\nlatest OS vendor security patches for OpenSSL and switch to the OpenSSL\nlibrary bundled with the OS. \n\n  Documents are available at the following location with instructions to\nswitch to the OS bundled OpenSSL library:\n\n    http://www.hp.com/jp/icewall_patchaccess\n\n  Note: The HP IceWall product is only available in Japan. \n\nRelease Date: 2015-08-05\nLast Updated: 2015-08-05\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running\nOpenSSL with SSL/TLS enabled. \n\nThis is the TLS vulnerability using US export-grade 512-bit keys in\nDiffie-Hellman key exchange known as Logjam which could be exploited remotely\nresulting in disclosure of information. \n\nReferences:\n\nCVE-2015-4000: DHE man-in-the-middle protection (Logjam). \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2015-4000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2015-1788    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1793    (AV:N/AC:L/Au:N/C:P/I:P/A:N)       6.4\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided an updated version of OpenSSL to resolve this vulnerability. \n\nA new B.11.31 depot for OpenSSL_A.01.00.01p is available here:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nMANUAL ACTIONS: Yes - Update\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.01.00.01p or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 5 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2015:1115-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1115.html\nIssue date:        2015-06-15\nCVE Names:         CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 \n                   CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nAn invalid free flaw was found in the way OpenSSL handled certain DTLS\nhandshake messages. A malicious DTLS client or server could cause a DTLS\nserver or client using OpenSSL to crash or, potentially, execute arbitrary\ncode. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Red Hat\nEnterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes()\nfunction. This issue could possibly cause a multi-threaded application\nusing OpenSSL to perform an out-of-bounds read and crash. (CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of\nOpenSSL. A specially crafted X.509 certificate or a Certificate Revocation\nList (CRL) could possibly cause a TLS/SSL server or client using OpenSSL\nto crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL. This\nissue could possibly cause a multi-threaded TLS/SSL client using OpenSSL\nto double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message Syntax\n(CMS) messages. A CMS message with an unknown hash function identifier\ncould cause an application using OpenSSL to enter an infinite loop. \n(CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain\nPKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to crash. \n(CVE-2015-1790)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and\nCVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan\nFratric as the original reporters of CVE-2014-8176, Robert Swiecki and\nHanno B\u00f6ck as the original reporters of CVE-2015-1789, Michal Zalewski as\nthe original reporter of CVE-2015-1790, Emilia K\u00e4sper as the original\nreport of  CVE-2015-1791 and Johannes Bauer as the original reporter of\nCVE-2015-1792. \n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression\n1228603 - CVE-2015-1789 OpenSSL: out-of-bounds read in X509_cmp_time\n1228604 - CVE-2015-1790 OpenSSL: PKCS7 crash with missing EnvelopedContent\n1228607 - CVE-2015-1792 OpenSSL: CMS verify infinite loop with unknown hash function\n1228608 - CVE-2015-1791 OpenSSL: Race condition handling NewSessionTicket\n1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.11.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.11.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.11.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.11.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.11.ppc.rpm\nopenssl-1.0.1e-30.el6_6.11.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.11.s390.rpm\nopenssl-1.0.1e-30.el6_6.11.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.11.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.11.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.11.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.11.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-42.el7_1.8.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-static-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-42.el7_1.8.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-static-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-42.el7_1.8.src.rpm\n\nppc64:\nopenssl-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-42.ael7b_1.8.src.rpm\n\nppc64le:\nopenssl-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-devel-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-libs-1.0.1e-42.ael7b_1.8.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-static-1.0.1e-42.el7_1.8.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-static-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-static-1.0.1e-42.el7_1.8.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-static-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nopenssl-debuginfo-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-perl-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-static-1.0.1e-42.ael7b_1.8.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-42.el7_1.8.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-static-1.0.1e-42.el7_1.8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8176\nhttps://access.redhat.com/security/cve/CVE-2015-1789\nhttps://access.redhat.com/security/cve/CVE-2015-1790\nhttps://access.redhat.com/security/cve/CVE-2015-1791\nhttps://access.redhat.com/security/cve/CVE-2015-1792\nhttps://access.redhat.com/security/cve/CVE-2015-3216\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150611.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVf0NNXlSAg2UNWIIRArL4AJ9e7lbD/4Nks5midR5o3E4Bs5lQWQCgnrvk\nZyXizCcFL9oAQexObjxp/Mo=\n=PXiY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. OpenSSL Security Advisory [11 Jun 2015]\n=======================================\n\nDHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA vulnerability in the TLS protocol allows a man-in-the-middle\nattacker to downgrade vulnerable TLS connections using ephemeral\nDiffie-Hellman key exchange to 512-bit export-grade cryptography. This\nvulnerability is known as Logjam (CVE-2015-4000). \n\nOpenSSL has added protection for TLS clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. This limit will be increased\nto 1024 bits in a future release. \n\nMalformed ECParameters causes infinite loop (CVE-2015-1788)\n===========================================================\n\nSeverity: Moderate\n\nWhen processing an ECParameters structure OpenSSL enters an infinite loop if\nthe curve specified is over a specially malformed binary polynomial field. \n\nThis can be used to perform denial of service against any\nsystem which processes public keys, certificate requests or\ncertificates.  This includes TLS clients and TLS servers with\nclient authentication enabled. \n\nThis issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent\n1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s\nOpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The\nfix was developed by Andy Polyakov of the OpenSSL development team. \n\nExploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n===============================================================\n\nSeverity: Moderate\n\nX509_cmp_time does not properly check the length of the ASN1_TIME\nstring and can read a few bytes out of bounds. In addition,\nX509_cmp_time accepts an arbitrary number of fractional seconds in the\ntime string. \n\nAn attacker can use this to craft malformed certificates and CRLs of\nvarious sizes and potentially cause a segmentation fault, resulting in\na DoS on applications that verify certificates or CRLs. TLS clients\nthat verify CRLs are affected. TLS clients and servers with client\nauthentication enabled may be affected if they use custom verification\ncallbacks. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki\n(Google), and independently on 11th April 2015 by Hanno B\u00f6ck. The fix\nwas developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n=========================================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\nwith missing content and trigger a NULL pointer dereference on parsing. \n\nApplications that decrypt PKCS#7 data or otherwise parse PKCS#7\nstructures from untrusted sources are affected. OpenSSL clients and\nservers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 18th April 2015 by  Michal\nZalewski (Google). The fix was developed by Emilia K\u00e4sper of the\nOpenSSL development team. \n\nThis can be used to perform denial of service against any system which\nverifies signedData messages using the CMS code. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The\nfix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. The\nfix was developed by Matt Caswell of the OpenSSL development team. It\nexisted in previous OpenSSL versions and was fixed in June 2014. \n\nIf a DTLS peer receives application data between the ChangeCipherSpec\nand Finished messages, buffering of such data may cause an invalid\nfree, resulting in a segmentation fault or potentially, memory\ncorruption. \n\nThis issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThis issue was originally reported on March 28th 2014 in\nhttps://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen\nKariyanahalli, and subsequently by Ivan Fratric and Felix Groebert\n(Google). A fix was developed by zhu qun-ying. \n\nThe fix for this issue can be identified by commits bcc31166 (1.0.1),\nb79e6e3a (1.0.0) and 4b258e73 (0.9.8). \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150611.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1790"
      },
      {
        "db": "BID",
        "id": "75157"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1790"
      },
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1790",
        "trust": 2.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10694",
        "trust": 2.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10733",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "75157",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1032564",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10122",
        "trust": 1.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1790",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132637",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132973",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132313",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136989",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137201",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169629",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1790"
      },
      {
        "db": "BID",
        "id": "75157"
      },
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "id": "VAR-201506-0497",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2242063475
  },
  "last_update_date": "2024-06-17T11:09:37.934000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl-1.0.0s",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56611"
      },
      {
        "title": "openssl-0.9.8zg",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56610"
      },
      {
        "title": "openssl-1.0.2b",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56613"
      },
      {
        "title": "openssl-1.0.1n",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56612"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/07/06/hpe_rushes_out_patch_for_more_than_a_year_of_openssl_vulns/"
      },
      {
        "title": "Red Hat: CVE-2015-1790",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1790"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2639-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-550",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-550"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150611\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-07"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150612-openssl"
      },
      {
        "title": "Symantec Security Advisories: SA98 : OpenSSL Security Advisory 11-June-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a7350b0751124b5a44ba8dbd2df71f9f"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1790"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "trust": 2.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1115.html"
      },
      {
        "trust": 2.0,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/openssl/openssl/commit/59302b600e8d5b77ef144e447bb046fd7ab72686"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131044"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=143654156615516\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/75157"
      },
      {
        "trust": 1.7,
        "url": "https://openssl.org/news/secadv/20150611.txt"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733"
      },
      {
        "trust": 1.7,
        "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa98"
      },
      {
        "trust": 1.7,
        "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05353965"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/201506-02"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.7,
        "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160647.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160436.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.ubuntu.com/usn/usn-2639-1"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032564"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2015/dsa-3287"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1197.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022444"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965845"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/13"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04739301"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05353965"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/135"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022527"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1022647"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1022724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005313"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962520"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963232"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963954"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965415"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966252"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022655"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101012435"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101013879"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-014/"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101012547"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/5438/security-advisory-alienvault-v5-0-4-addresses-31-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005375"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962039"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020862"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962686"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961800"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961633"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963096"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960713"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964033"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965401"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960157"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962493"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?rs=0\u0026uid=swg21963438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959518"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961569"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963270"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964113"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005314"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964686"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966484"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966847"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966873"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967384"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968046"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968871"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970020"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970103"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970667"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971238"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963603"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966381"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.3,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.3,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-1790"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.2,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2639-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=44733"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/jp/icewall_patchaccess"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1793"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/swpublishing/mtx-b59b11be53744759a650eadeb4"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/sim"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightcontrol"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightmanagement"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2019"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2018"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2021"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://rt.openssl.org/ticket/display.html?id=3286"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1790"
      },
      {
        "db": "BID",
        "id": "75157"
      },
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1790"
      },
      {
        "db": "BID",
        "id": "75157"
      },
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1790"
      },
      {
        "date": "2015-06-11T00:00:00",
        "db": "BID",
        "id": "75157"
      },
      {
        "date": "2015-07-10T15:43:15",
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "date": "2015-08-06T10:10:00",
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "date": "2015-06-15T23:37:59",
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "date": "2016-05-13T16:14:13",
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "date": "2016-06-02T19:12:12",
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "date": "2016-05-26T09:22:00",
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "date": "2015-06-11T12:12:12",
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "date": "2015-06-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      },
      {
        "date": "2015-06-12T19:59:03.413000",
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1790"
      },
      {
        "date": "2017-05-23T16:28:00",
        "db": "BID",
        "id": "75157"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      },
      {
        "date": "2022-12-13T12:15:15.290000",
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL \u2018 PKCS7_dataDecode \u0027function denial of service vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      }
    ],
    "trust": 0.6
  }
}

var-200502-0025
Vulnerability from variot

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL include der_chop The script contains a flaw that creates a temporary file in an inappropriate way for security reasons, so there is a vulnerability that is subject to symbolic link attacks.der_chop An arbitrary file may be created or overwritten with the privileges of the user executing the script. OpenSSL is affected by an insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. OpenSSL is an open source SSL suite.

Want to work within IT-Security?

Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.

Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/

TITLE: gzip Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA21996

VERIFY ADVISORY: http://secunia.com/advisories/21996/

CRITICAL: Moderately critical

IMPACT: DoS, System access

WHERE:

From remote

SOFTWARE: gzip 1.x http://secunia.com/product/4220/

DESCRIPTION: Tavis Ormandy has reported some vulnerabilities in gzip, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

1) A boundary error within the "make_table()" function in unlzh.c can be used to modify certain stack data. tricking a user or automated system into unpacking a specially crafted archive file. tricking a user or automated system into unpacking a specially crafted "pack" archive file.

3) A buffer overflow within the "make_table()" function of gzip's LZH support can be exploited to cause a DoS and potentially to compromise a vulnerable system by e.g. tricking a user or automated system into unpacking an archive containing a specially crafted decoding table.

4) A NULL pointer dereference within the "huft_build()" function and an infinite loop within the LZH handling can be exploited to cause a DoS by e.g. tricking a user or automated system into unpacking a specially crafted archive file.

The vulnerabilities have been reported in version 1.3.5. Other versions may also be affected.

SOLUTION: Do not unpack untrusted archive files.

PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy, Google Security Team

ORIGINAL ADVISORY: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676

OTHER REFERENCES: US-CERT VU#554780: http://www.kb.cert.org/vuls/id/554780

US-CERT VU#381508: http://www.kb.cert.org/vuls/id/381508

US-CERT VU#773548: http://www.kb.cert.org/vuls/id/773548

US-CERT VU#933712: http://www.kb.cert.org/vuls/id/933712

US-CERT VU#596848 http://www.kb.cert.org/vuls/id/596848

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

               National Cyber Alert System

        Technical Cyber Security Alert TA06-333A

Apple Releases Security Update to Address Multiple Vulnerabilities

Original release date: November 29, 2006 Last revised: -- Source: US-CERT

Systems Affected

 * Apple Mac OS X version 10.3.x and 10.4.x
 * Apple Mac OS X Server version 10.3.x and 10.4.x
 * Apple Safari web browser

These vulnerabilities affect both Intel-based and PowerPC-based Apple systems.

Overview

Apple has released Security Update 2006-007 to correct multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser. Vulnerabilities in OpenSSL, gzip, and other products are also addressed.

I. Description

Apple Security Update 2006-007 addresses a number of vulnerabilities affecting Mac OS X, OS X Server, Safari web browser, and other products. Further details are available in the related vulnerability notes.

This security update also addresses previously known vulnerabilities in PHP, Perl, OpenSSL, and gzip, which are shipped with Mac OS X. The OpenSSL vulnerabilities are documented in multiple vulnerability notes. Information is also available through the OpenSSL vulnerabilities page. Information about the vulnerabilities in gzip is available in a series of vulnerability notes.

II. Impact

The impacts of these vulnerabilities vary. For specific details, see the appropriate vulnerability notes. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service.

III. Solution

Install updates

Install Apple Security Update 2006-007. This and other updates are available via Apple Update or via Apple Downloads.

IV. References

 * Vulnerability Notes for Apple Security Update 2006-007 -
   <http://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-007>

 * Vulnerability Notes for OpenSSL Security Advisory [28th September
   2006] -

http://www.kb.cert.org/vuls/byid?searchview&query=openssl_secadv_20060928

 * Vulnerability Note VU#845620 -
   <http://www.kb.cert.org/vuls/id/845620>

 * Vulnerability Note VU#933712 -
   <http://www.kb.cert.org/vuls/id/933712>

 * Vulnerability Note VU#381508 -
   <http://www.kb.cert.org/vuls/id/381508>

 * Vulnerability Note VU#554780 -
   <http://www.kb.cert.org/vuls/id/554780>

 * Vulnerability Note VU#596848 -
   <http://www.kb.cert.org/vuls/id/596848>

 * Vulnerability Note VU#773548 -
   <http://www.kb.cert.org/vuls/id/773548>

 * About the security content of Security Update 2006-007 -
   <http://docs.info.apple.com/article.html?artnum=304829>

 * Mac OS X: Updating your software -
   <http://docs.info.apple.com/article.html?artnum=106704>

 * Apple Downloads - <http://www.apple.com/support/downloads/>

 * OpenSSL: OpenSSL vulnerabilities -
   <http://www.openssl.org/news/vulnerabilities.html>

 * Securing Your Web Browser -
   <http://www.us-cert.gov/reading_room/securing_browser/#Safari>

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA06-333A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-333A Feedback VU#191336" in the subject.

Produced 2006 by US-CERT, a government organization.

Terms of use:

http://www.us-cert.gov/legal.html

Revision History

November 29, 2006: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRW33NuxOF3G+ig+rAQJtiggApJKRh7x+z8vp0xb26sE16RUOD3epcrk6 lJZ4rXnqVqoFacAt0Ucb8T43/Uc4N85UMa695YbFspYZum3hcGZo+WnNPolGUeRz iN/4bfKgzekfpbHxf6T3YvQYp+PVMRfHPUcxfaZDYXhu2813N4SSQpM59KRL5BD7 xr+5VvB09biVKlzpEdgtk2EHcqc+sMF5+o3cCgDJCnJNL+NG4J6d/hsyNP15ekTf 8m0W4rJonUe2gR2Bp7F1Y47KgRr3BT1aH2gxUSim9qEJpPdP/CkmGoFp+BfrFP9q A580LOrqFK8HIly1fbPKb26p2theUUESnQqM9Ob8xolkCDLy6h7ssg== =f7N+ -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200502-0025",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": "mandrake linux corporate server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "mandrakesoft",
        "version": "2.1"
      },
      {
        "model": "mandrake linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "mandrakesoft",
        "version": "10.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "gentoo",
        "version": "*"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "mandrake multi network firewall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mandrakesoft",
        "version": "8.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "mandrake linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mandrakesoft",
        "version": "9.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "mandrake linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mandrakesoft",
        "version": "10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "advanced linux environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "fedora core3",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "10.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "10.1"
      },
      {
        "model": "linux mandrake amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "10.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "10.0"
      },
      {
        "model": "linux mandrake amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.2"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.2"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.1"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "modular messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "modular messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "mn100",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "integrated management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.1"
      },
      {
        "model": "integrated management",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "cvlan",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#773548"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The individual or individuals responsible for the discovery of this issue is currently unknown; Trustix security engineers are credited with these discoveries.",
    "sources": [
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2004-0975",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2004-0975",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-9405",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2004-0975",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#773548",
            "trust": 0.8,
            "value": "1.57"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200502-020",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-9405",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#773548"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL include der_chop The script contains a flaw that creates a temporary file in an inappropriate way for security reasons, so there is a vulnerability that is subject to symbolic link attacks.der_chop An arbitrary file may be created or overwritten with the privileges of the user executing the script. OpenSSL is affected by an insecure temporary file creation vulnerability.  This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. \nAn attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.  Reportedly this issue is unlikely to facilitate privilege escalation. OpenSSL is an open source SSL suite. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\ngzip Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA21996\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21996/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\ngzip 1.x\nhttp://secunia.com/product/4220/\n\nDESCRIPTION:\nTavis Ormandy has reported some vulnerabilities in gzip, which can be\nexploited by malicious people to cause a DoS (Denial of Service) and\npotentially compromise a vulnerable system. \n\n1) A boundary error within the \"make_table()\" function in unlzh.c can\nbe used to modify certain stack data. tricking\na user or automated system into unpacking a specially crafted archive\nfile. tricking a user  or\nautomated system into unpacking a specially crafted \"pack\" archive\nfile. \n\n3) A buffer overflow within the \"make_table()\" function of gzip\u0027s LZH\nsupport can be exploited to cause a DoS and potentially to compromise\na vulnerable system by e.g. tricking a user or automated system into\nunpacking an archive containing a specially crafted decoding table. \n\n4) A NULL pointer dereference within the \"huft_build()\" function and\nan infinite loop within the LZH handling can be exploited to cause a\nDoS by e.g. tricking a user or automated system into unpacking a\nspecially crafted archive file. \n\nThe vulnerabilities have been reported in version 1.3.5. Other\nversions may also be affected. \n\nSOLUTION:\nDo not unpack untrusted archive files. \n\nPROVIDED AND/OR DISCOVERED BY:\nTavis Ormandy, Google Security Team\n\nORIGINAL ADVISORY:\nhttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676\n\nOTHER REFERENCES:\nUS-CERT VU#554780:\nhttp://www.kb.cert.org/vuls/id/554780\n\nUS-CERT VU#381508:\nhttp://www.kb.cert.org/vuls/id/381508\n\nUS-CERT VU#773548:\nhttp://www.kb.cert.org/vuls/id/773548\n\nUS-CERT VU#933712:\nhttp://www.kb.cert.org/vuls/id/933712\n\nUS-CERT VU#596848\nhttp://www.kb.cert.org/vuls/id/596848\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n                   National Cyber Alert System\n\n            Technical Cyber Security Alert TA06-333A\n\n\nApple Releases Security Update to Address Multiple Vulnerabilities\n\n   Original release date: November 29, 2006\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Apple Mac OS X version 10.3.x and 10.4.x\n     * Apple Mac OS X Server version 10.3.x and 10.4.x\n     * Apple Safari web browser\n\n   These vulnerabilities affect both Intel-based and PowerPC-based Apple\n   systems. \n\n\nOverview\n\n   Apple has released Security Update 2006-007 to correct multiple\n   vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web\n   browser. Vulnerabilities in OpenSSL, gzip, and other products are also\n   addressed. \n\n\nI. Description\n\n   Apple Security Update 2006-007 addresses a number of vulnerabilities\n   affecting Mac OS X, OS X Server, Safari web browser, and other\n   products. Further details are available in the related vulnerability\n   notes. \n\n   This security update also addresses previously known vulnerabilities\n   in PHP, Perl, OpenSSL, and gzip, which are shipped with Mac OS X. The\n   OpenSSL vulnerabilities are documented in multiple vulnerability\n   notes. Information is also available through the OpenSSL\n   vulnerabilities page. Information about the vulnerabilities in gzip is\n   available in a series of vulnerability notes. \n\n\nII. Impact\n\n   The impacts of these vulnerabilities vary. For specific details, see\n   the appropriate vulnerability notes. Potential consequences include\n   remote execution of arbitrary code or commands, bypass of security\n   restrictions, and denial of service. \n\n\nIII. Solution\n\nInstall updates\n\n   Install Apple Security Update 2006-007. This and other updates are\n   available via Apple Update or via Apple Downloads. \n\n\nIV. References\n\n     * Vulnerability Notes for Apple Security Update 2006-007 -\n       \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=apple-2006-007\u003e\n\n     * Vulnerability Notes for OpenSSL Security Advisory [28th September\n       2006] -\n\u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=openssl_secadv_20060928\u003e\n\n     * Vulnerability Note VU#845620 -\n       \u003chttp://www.kb.cert.org/vuls/id/845620\u003e\n\n     * Vulnerability Note VU#933712 -\n       \u003chttp://www.kb.cert.org/vuls/id/933712\u003e\n\n     * Vulnerability Note VU#381508 -\n       \u003chttp://www.kb.cert.org/vuls/id/381508\u003e\n\n     * Vulnerability Note VU#554780 -\n       \u003chttp://www.kb.cert.org/vuls/id/554780\u003e\n\n     * Vulnerability Note VU#596848 -\n       \u003chttp://www.kb.cert.org/vuls/id/596848\u003e\n\n     * Vulnerability Note VU#773548 -\n       \u003chttp://www.kb.cert.org/vuls/id/773548\u003e\n\n     * About the security content of Security Update 2006-007 -\n       \u003chttp://docs.info.apple.com/article.html?artnum=304829\u003e\n\n     * Mac OS X: Updating your software -\n       \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n\n     * Apple Downloads - \u003chttp://www.apple.com/support/downloads/\u003e\n\n     * OpenSSL: OpenSSL vulnerabilities -\n       \u003chttp://www.openssl.org/news/vulnerabilities.html\u003e\n\n     * Securing Your Web Browser -\n       \u003chttp://www.us-cert.gov/reading_room/securing_browser/#Safari\u003e\n\n _________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA06-333A.html\u003e\n _________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-333A Feedback VU#191336\" in the\n subject. \n _________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n   \u003chttp://www.us-cert.gov/legal.html\u003e\n\n _________________________________________________________________\n\n   Revision History\n\n   November 29, 2006: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRW33NuxOF3G+ig+rAQJtiggApJKRh7x+z8vp0xb26sE16RUOD3epcrk6\nlJZ4rXnqVqoFacAt0Ucb8T43/Uc4N85UMa695YbFspYZum3hcGZo+WnNPolGUeRz\niN/4bfKgzekfpbHxf6T3YvQYp+PVMRfHPUcxfaZDYXhu2813N4SSQpM59KRL5BD7\nxr+5VvB09biVKlzpEdgtk2EHcqc+sMF5+o3cCgDJCnJNL+NG4J6d/hsyNP15ekTf\n8m0W4rJonUe2gR2Bp7F1Y47KgRr3BT1aH2gxUSim9qEJpPdP/CkmGoFp+BfrFP9q\nA580LOrqFK8HIly1fbPKb26p2theUUESnQqM9Ob8xolkCDLy6h7ssg==\n=f7N+\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0975"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#773548"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      },
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9405"
      },
      {
        "db": "PACKETSTORM",
        "id": "50178"
      },
      {
        "db": "PACKETSTORM",
        "id": "52708"
      }
    ],
    "trust": 5.04
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "11293",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0975",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "12973",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 1.6
      },
      {
        "db": "XF",
        "id": "17583",
        "trust": 1.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#773548",
        "trust": 1.0
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.9
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2007.0014",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374",
        "trust": 0.8
      },
      {
        "db": "GENTOO",
        "id": "GLSA-200411-15",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:164",
        "trust": 0.6
      },
      {
        "db": "DEBIAN",
        "id": "DSA-603",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2005:476",
        "trust": 0.6
      },
      {
        "db": "TRUSTIX",
        "id": "2004-0050",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#554780",
        "trust": 0.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#933712",
        "trust": 0.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#596848",
        "trust": 0.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#381508",
        "trust": 0.2
      },
      {
        "db": "SECUNIA",
        "id": "21996",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-9405",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50178",
        "trust": 0.1
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "52708",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#773548"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9405"
      },
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      },
      {
        "db": "PACKETSTORM",
        "id": "50178"
      },
      {
        "db": "PACKETSTORM",
        "id": "52708"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "id": "VAR-200502-0025",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-9405"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T22:14:37.244000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/data/openssl.html"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.openssl.org/"
      },
      {
        "title": "RHSA-2005:476",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2005-476.html"
      },
      {
        "title": "TLSA-2005-14",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2005/tlsa-2005-14.txt"
      },
      {
        "title": "RHSA-2005:476",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2005-476j.html"
      },
      {
        "title": "TLSA-2005-14",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2005/tlsa-2005-14j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/11293"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 1.7,
        "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2004/dsa-603"
      },
      {
        "trust": 1.7,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2005-476.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/12973"
      },
      {
        "trust": 1.7,
        "url": "http://www.trustix.org/errata/2004/0050"
      },
      {
        "trust": 1.6,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/17583"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10621"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a164"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.gzip.org/"
      },
      {
        "trust": 0.8,
        "url": "http://www.auscert.org.au/7179"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0975"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0975"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/12973/"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:164"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2005-170.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2005-476.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/554780"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/381508"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/quality_assurance_analyst/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4220/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/773548"
      },
      {
        "trust": 0.1,
        "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/933712"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/596848"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/21996/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/web_application_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/845620\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/773548\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/933712\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/596848\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/news/vulnerabilities.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=304829\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/#safari\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=apple-2006-007\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/381508\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=openssl_secadv_20060928\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/554780\u003e"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#773548"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9405"
      },
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      },
      {
        "db": "PACKETSTORM",
        "id": "50178"
      },
      {
        "db": "PACKETSTORM",
        "id": "52708"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#773548"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9405"
      },
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      },
      {
        "db": "PACKETSTORM",
        "id": "50178"
      },
      {
        "db": "PACKETSTORM",
        "id": "52708"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#773548"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2005-02-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-9405"
      },
      {
        "date": "2004-09-30T00:00:00",
        "db": "BID",
        "id": "11293"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      },
      {
        "date": "2006-09-21T23:56:25",
        "db": "PACKETSTORM",
        "id": "50178"
      },
      {
        "date": "2006-12-06T02:47:36",
        "db": "PACKETSTORM",
        "id": "52708"
      },
      {
        "date": "2005-02-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      },
      {
        "date": "2005-02-09T05:00:00",
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#773548"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2017-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-9405"
      },
      {
        "date": "2009-07-12T07:06:00",
        "db": "BID",
        "id": "11293"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      },
      {
        "date": "2005-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      },
      {
        "date": "2017-10-11T01:29:39.230000",
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL DER_CHOP Insecure Temporary File Creation Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      }
    ],
    "trust": 0.9
  }
}

var-201403-0514
Vulnerability from variot

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. OpenSSL is prone to an information-disclosure weakness. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-14:06.openssl Security Advisory The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib Module: openssl Announced: 2014-04-08 Affects: All supported versions of FreeBSD. Corrected: 2014-04-08 18:27:39 UTC (stable/10, 10.0-STABLE) 2014-04-08 18:27:46 UTC (releng/10.0, 10.0-RELEASE-p1) 2014-04-08 23:16:19 UTC (stable/9, 9.2-STABLE) 2014-04-08 23:16:05 UTC (releng/9.2, 9.2-RELEASE-p4) 2014-04-08 23:16:05 UTC (releng/9.1, 9.1-RELEASE-p11) 2014-04-08 23:16:19 UTC (stable/8, 8.4-STABLE) 2014-04-08 23:16:05 UTC (releng/8.4, 8.4-RELEASE-p8) 2014-04-08 23:16:05 UTC (releng/8.3, 8.3-RELEASE-p15) CVE Name: CVE-2014-0076, CVE-2014-0160

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

  1. Revision History

v1.0 2014-04-08 Initial release. v1.1 2014-04-08 Added patch applying step in Solutions section.

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

The Heartbeat Extension provides a new protocol for TLS/DTLS allowing the usage of keep-alive functionality without performing a renegotiation and a basis for path MTU (PMTU) discovery for DTLS.

Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital Signature Algorithm (DSA) which uses Elliptic Curve Cryptography. OpenSSL uses the Montgomery Ladder Approach to compute scalar multiplication in a fixed amount of time, which does not leak any information through timing or power.

II. Problem Description

The code used to handle the Heartbeat Extension does not do sufficient boundary checks on record length, which allows reading beyond the actual payload. [CVE-2014-0160]. Affects FreeBSD 10.0 only.

A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information. [CVE-2014-0076]

III. Impact

An attacker who can send a specifically crafted packet to TLS server or client with an established connection can reveal up to 64k of memory of the remote system. Such memory might contain sensitive information, including key material, protected content, etc. which could be directly useful, or might be leveraged to obtain elevated privileges. [CVE-2014-0160]

A local attacker might be able to snoop a signing process and might recover the signing key from it. [CVE-2014-0076]

IV. Workaround

No workaround is available, but systems that do not use OpenSSL to implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols implementation and do not use the ECDSA implementation from OpenSSL are not vulnerable.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 8.x and FreeBSD 9.x]

fetch http://security.FreeBSD.org/patches/SA-14:06/openssl.patch

fetch http://security.FreeBSD.org/patches/SA-14:06/openssl.patch.asc

gpg --verify openssl.patch.asc

[FreeBSD 10.0]

fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch

fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch.asc

gpg --verify openssl-10.patch.asc

b) Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

3) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

IMPORTANT: the update procedure above does not update OpenSSL from the Ports Collection or from a package, known as security/openssl, which has to be updated separately via ports or package.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r264285 releng/8.3/ r264284 releng/8.4/ r264284 stable/9/ r264285 releng/9.1/ r264284 releng/9.2/ r264284 stable/10/ r264266 releng/10.0/ r264267

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD)

iQIcBAEBCgAGBQJTRJySAAoJEO1n7NZdz2rnzPcQALd6So7vDRBaYiaGwQjc55oI QwTnNzkkgxVTGwi8lDV6h8bIW3Ga8AhMGoZCVOeKbDABBDghVYe6Na5e/wsHbPPu tXmDRhoi2aV0sVCTFfpoCNJ8l2lb+5vnmEC6Oi3PMQDbRC+Ptg15o0W/2hXw0eKO yu4BhS4dl6lX7IvlR1n4sr0rfa8vwxe5OpUUd6Bzw0SUBmV+BTzq1C70FuOZ/hnD ThaZS8Ox3fcWuPylhPbhxnWqg0oVNkBpiRYpIBadrpl9EiRRzbTfF+uFvauR9tBN 1mK8lLwd7DK6x8iCSnDd2ZlN1rNn8EPsGohT4vP+szz2E2YP1x8ugihEBdYax+Dh Z4TWkm3/wJwEf00G32E1hZ8F+UavE8AmnGVk6gxiRpnv2sdNJYRlWd9O8u251qMq uzcmBX6Jr14dQCwlqof8pYKYV7VCE/Cu4JHThOCL042CLwUmXyJVMFzm6WPQlNjC dlPbSG+PXjninPjcYBoMR+863X35Guv0pJBNG/ofEh+Jy5MveaMRQX/mA+wy29zm qg74lM07adXkJujPAuA5dYjZivpW1NPOHeIjaYjaI6KDw2q3BlkGa2C3PeYDQxn4 Iqujqpem5nyQY4BO2XC8gVtuym0jDSA98bgFXumNDkmzlUUuOFOWD8YScLopOzOu EpUXgezogk1Rd3EVsaJ+ =UBO0 -----END PGP SIGNATURE----- . OpenSSL Security Advisory [05 Jun 2014] ========================================

SSL/TLS MITM vulnerability (CVE-2014-0224)

An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.

The attack can only be performed between a vulnerable client and server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC.

The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi.

DTLS recursion flaw (CVE-2014-0221)

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.

Only applications using OpenSSL as a DTLS client are affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This issue was reported to OpenSSL on 9th May 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

DTLS invalid fragment vulnerability (CVE-2014-0195)

A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server.

Only applications using OpenSSL as a DTLS client or server affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Thanks to Jüri Aedla for reporting this issue. This issue was reported to OpenSSL on 23rd April 2014 via HP ZDI.

The fix was developed by Stephen Henson of the OpenSSL core team.

SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)

A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public. The fix was developed by Matt Caswell of the OpenSSL development team.

SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)

A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public.

Anonymous ECDH denial of service (CVE-2014-3470)

OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.

OpenSSL 0.9.8 users should upgrade to 0.9.8za OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.

Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this issue. This issue was reported to OpenSSL on 28th May 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

Other issues

OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g.

References

URL for this Security Advisory: http://www.openssl.org/news/secadv_20140605.txt

Note: the online version of the advisory may be updated with additional details over time. The following Common Vulnerabilities and Exposures project ids identify them:

CVE-2010-5298

A read buffer can be freed even when it still contains data that is

used later on, leading to a use-after-free.

CVE-2014-0076

ECDSA nonces can be recovered through the Yarom/Benger FLUSH+RELOAD

cache side-channel attack.

A third issue, with no CVE id, is the missing detection of the "critical" flag for the TSA extended key usage under certain cases.

Additionally, this update checks for more services that might need to be restarted after upgrades of libssl, corrects the detection of apache2 and postgresql, and adds support for the 'libraries/restart-without-asking' debconf configuration. This allows services to be restarted on upgrade without prompting.

The oldstable distribution (squeeze) is not affected by CVE-2010-5298 and it might be updated at a later time to address the remaining vulnerabilities.

For the testing distribution (jessie), these problems will be fixed soon. The updates are available from the following location using ftp:

ftp://srt03046:Secure12@ftp.usa.hp.com

User name: srt03046 Password: Secure12 ( NOTE: Case sensitive)

HP-UX Release HP-UX OpenSSL version

B.11.11 (11i v1) A.00.09.08za.001_HP-UX_B.11.11_32+64.depot

B.11.23 (11i v2) A.00.09.08za.002_HP-UX_B.11.23_IA-PA.depot

B.11.31 (11i v3) A.00.09.08za.003_HP-UX_B.11.31_IA-PA.depot

MANUAL ACTIONS: Yes - Update

Install OpenSSL A.00.09.08za or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (CVE-2014-0195).

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).

Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209).

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).

The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt

Updated Packages:

Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security.

HP Systems Insight Manager v7.3 Hotfix kit HP Systems Insight Manager v7.2 Hotfix kit (The HP Systems Insight Manager v7.2 Hotfix kit is currently unavailable, but will be released at a later date.

http://h18013.www1.hp.com/products/servers/management/hpsim/download.html

NOTE: No reboot of the system is required after applying the HP SIM Hotfix kit. HP System Management Homepage versions 7.3.2 and earlier for Linux and Windows. HP System Management Homepage v7.2.4.1 is available for Windows 2003 only.

HP System Management Homepage v7.2.4.1 for Windows x86: http://www.hp.com/swpublishing/MTX-d775367b0a28449ca05660778b ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98702

HP System Management Homepage v7.2.4.1 for Windows x64: http://www.hp.com/swpublishing/MTX-3a7aa5e233904ebe847a5e1555 ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98704

HP System Management Homepage v7.3.3.1 for Windows x86: http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05 ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98696

HP System Management Homepage v7.3.3.1 for Windows x64: http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98698

HP System Management Homepage v7.3.3.1 for Linux x86: http://www.hp.com/swpublishing/MTX-511c3e0b2f6f4f6bbc796fc619 ftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1980463820/v98694

HP System Management Homepage v7.3.3.1 for Linux x64: http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93 ftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1507410135/v98693

NOTE: HP System Management Homepage v7.3.3.1 for Linux x86 still contains OpenSSL v1.0.0d. As long as all other products which SMH V7.3.3.1 for Linux x86 communicates with have been upgraded to the latest versions, it will not be vulnerable to the exploits described in CVE-2014-0224.

Release Date: 2014-07-23 Last Updated: 2014-07-23

Potential Security Impact: Remote denial of service (DoS), code execution, unauthorized access, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Insight Control server migration running on Linux and Windows which could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information.

References:

CVE-2010-5298 Remote Denial of Service CVE-2014-0076 Unauthorized Disclosure of Information CVE-2014-0195 Remote Unauthorized Access CVE-2014-0198 Remote Denial of Service CVE-2014-0221 Remote Denial of Service (DoS) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101647

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server migration v7.2.2, v7.3, v7.3.1, and v7.3.2

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following updates to v7.3.2 of HP Insight Control server migration to resolve these vulnerabilities by upgrading to version 7.3.3. Please note that version 7.3.3 of HP Insight Control server migration is included on the HP Insight Management 7.3 Update 2 DVD.

HP has provided the installation binaries for download from the following web site by using the Receive for free option:

http://h18013.www1.hp.com/products/servers/management/fpdownload.html

Customers using HP Insight Control server migration v7.2.2 must first upgrade from v7.2.2 to v7.3 by using the HP Insight Management v7.3 DVD, and then upgrade to v7.3.3 by using the HP Insight Management v7.3 Update 2 DVD.

Customers running HP Insight Control server migration v7.3, v7.3.1, or v7.3.2, can use the HP Insight Control server migration v7.3 Update 2 DVD to complete the upgrade.

For more information on the upgrade process, please refer to the HP Insight Management Installation and Upgrade Guide and Release notes, which are available at the following location:

http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind ex.aspx?cat=insightmanagement

NOTE: The upgrade paths described above update the entire HP Insight Control software stack. To upgrade HP Insight Control server migration only, complete the following steps:

Copy "hpsmp.exe" to the local machine from the HP Insight Management v7.3.0 Update 2 DVD ISO. Create batch file with the following commands: @echo off hpsmp.exe /verysilent /SVCPATCH=Install_Through_Patch Copy the batch file to the folder where "hpsmp.exe" normally resides on the target system. Double click on the batch file. The HP Insight Control server migration installation starts in a command prompt. The command prompt closes when the installation finishes. After the installation completes it creates a log file (ICmigr.log) and an output file (ICmigroutput.xml) on the target system. Do not close or click on the command prompt while the process is completing. Do not run the command prompt in the background.

HISTORY Version:1 (rev.1) - 23 July 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004

OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address the following:

apache_mod_php Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Multiple vulnerabilities in PHP 5.4.24 Description: Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30 CVE-ID CVE-2013-7345 CVE-2014-0185 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3981 CVE-2014-4049

Bluetooth Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of a Bluetooth API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4390 : Ian Beer of Google Project Zero

CoreGraphics Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or an information disclosure Description: An out of bounds memory read existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program

CoreGraphics Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program

Foundation Available for: OS X Mavericks 10.9 to 10.9.4 Impact: An application using NSXMLParser may be misused to disclose information Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins. CVE-ID CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)

Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Compiling untrusted GLSL shaders may lead to an unexpected application termination or arbitrary code execution Description: A user-space buffer overflow existed in the shader compiler. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4393 : Apple

Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking. CVE-ID CVE-2014-4394 : Ian Beer of Google Project Zero CVE-2014-4395 : Ian Beer of Google Project Zero CVE-2014-4396 : Ian Beer of Google Project Zero CVE-2014-4397 : Ian Beer of Google Project Zero CVE-2014-4398 : Ian Beer of Google Project Zero CVE-2014-4399 : Ian Beer of Google Project Zero CVE-2014-4400 : Ian Beer of Google Project Zero CVE-2014-4401 : Ian Beer of Google Project Zero CVE-2014-4416 : Ian Beer of Google Project Zero

IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2014-4376 : Ian Beer of Google Project Zero

IOAcceleratorFamily Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds read issue existed in the handling of an IOAcceleratorFamily function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4402 : Ian Beer of Google Project Zero

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of an IOHIDFamily function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4379 : Ian Beer of Google Project Zero

IOKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-4388 : @PanguTeam

IOKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4389 : Ian Beer of Google Project Zero

Kernel Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A local user can infer kernel addresses and bypass kernel address space layout randomization Description: In some cases, the CPU Global Descriptor Table was allocated at a predictable address. This issue was addressed through always allocating the Global Descriptor Table at random addresses. CVE-ID CVE-2014-4403 : Ian Beer of Google Project Zero

Libnotify Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An out-of-bounds write issue existed in Libnotify. This issue was addressed through improved bounds checking CVE-ID CVE-2014-4381 : Ian Beer of Google Project Zero

OpenSSL Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one that may lead to arbitrary code execution Description: Multiple vulnerabilities existed in OpenSSL 0.9.8y. This update was addressed by updating OpenSSL to version 0.9.8za. CVE-ID CVE-2014-0076 CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470

QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom Gallagher & Paul Bates working with HP's Zero Day Initiative

QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of MIDI files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4350 : s3tm3m working with HP's Zero Day Initiative

QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of the 'mvhd' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4979 : Andrea Micalizzi aka rgod working with HP's Zero Day Initiative

ruby Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A remote attacker may be able to cause arbitrary code execution Description: A heap buffer overflow existed in LibYAML's handling of percent-encoded characters in a URI. This issue was addressed through improved bounds checking. This update addresses the issues by updating LibYAML to version 0.1.6 CVE-ID CVE-2014-2525

Note: OS X Mavericks 10.9.5 includes the security content of Safari 7.0.6: http://support.apple.com/kb/HT6367

OS X Mavericks v10.9.5 and Security Update 2014-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUGkP0AAoJEBcWfLTuOo7tygQP/1vHYXtWy6492Tjj6ycymWa+ Ct0eCCBU/AUi5ODNDeV9ddWkuFeXKbgQSHoPU19IPcIBAKnYUupVJSJ/cEHfSthh CiROjJw8Bt8comn04BgggHieLveN1xQCXQDcO29kBIpQr394XKS0lNXP//Z0oG5V sCnEDPz/0R92mwT5XkKD9WC7G/WjybS5V7BjEbdzDOn4qdTVje05xI5pof+fkeQ1 hFHo7uTCDkSzLH2YxrQHifNVyItz8AgnNHwH7zc6XmNtiNFkiFP/KU6BYyr8WiTQ Jb3pyLB/Xvmbd0kuETnDNvV0oJc88G38a++xZPnuM7zQrW/TQkkKQpiqKtYAiJuw ZhUoky620/7HULegcYtsTyuDFyEN6whdSmHLFCJzk2oZXZ7MPA8ywCFB8Y79rohW 5MTe/zVUSxxYBgVXpkmhPwXYSTINeUJGJA1RQtXhC2Hh6O2jeqJP2H0hTmgsCBRA 3X/2CGoyAAgoKTJwgXk07tBbJWf+wQwAvUN9L1Yph+uOvvUzqFt8LNEGw9jVPsZl QHcSEW/Ef/HK/OLwVZiPqse6lRJAdRZl5//vm4408jnXfJCy6KnvxcsO4Z1yTyoP kCXdWlSLBiidcRRWBfoQBSC3gANcx9a56ItWieEvJrdNOiyhb+gqEk7XraOlb/gf k4w2RKNm0Fv+kdNoFAnd =gpVc -----END PGP SIGNATURE-----

. These vulnerabilities include:

  • The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information.

  • HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5

  • HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2010-5298
  4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
  4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)

CVE-2014-0076
  4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)

CVE-2014-0195
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2014-0198
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2014-0221
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2014-0224
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2014-3470
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2014-3566
  3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
  4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE-2016-0705
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE recommends applying the following software updates to resolve the vulnerabilities in the impacted versions of HPE StoreVirtual products running HPE LeftHand OS.

LeftHand OS v11.5 - Patches 45019-00 and 45020 LeftHand OS v12.0 - Patches 50016-00 and 50017-00 LeftHand OS v12.5 - Patch 55016-00 LeftHand OS v12.6 - Patch 56002-00

Notes:

These patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision to OpenSSL v1.0.1e 48. These patches migrate Certificate Authority Hashing Algorithm from a weak hashing algorithm SHA1 to the stronger hashing algorithm SHA256

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201403-0514",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "flex system chassis management module",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "ibm",
        "version": "1.50.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8u"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8t"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8y"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8w"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "bladecenter -t 3.66b",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter advanced management module 3.66c",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter -h 3.66b",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter -e 3.66b",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter advanced management module 3.66b",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter -s 3.66c",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter -ht 3.66c",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter -ht 3.66b",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter -h 3.66c",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter -t 3.66c",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter -e 3.66c",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter -s 3.66b",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter t advanced management module 3.66b",
        "scope": null,
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flex system chassis management module",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.50.0"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "junos 12.1x44-d33",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v210.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571471.43"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.3"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x571431.43"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "vpn client v100r001c02spc702",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "junos 12.1x44-d50",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.10"
      },
      {
        "model": "manageone v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "tivoli workload scheduler distributed ga level",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2.0"
      },
      {
        "model": "junos r8-s2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "sa6500 ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "sa700 ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "agile controller v100r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 12.3r4.6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mds switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart update manager for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3.5"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "usg5000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tivoli endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "asg2000 v100r001c10sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.20"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "vsm v200r002c00spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.4"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.19"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.14"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "s5900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "documentum content server p05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "junos r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.2"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.17"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "junos 12.1r8-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "automation stratix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "590015.6.3"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56001"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series fabric extenders",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "flex system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.9"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "documentum content server p02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "junos r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "8.3-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "dynamic system analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "desktop collaboration experience dx650",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "automation stratix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "59000"
      },
      {
        "model": "advanced settings utility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "telepresence ip gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "worklight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7700"
      },
      {
        "model": "junos 12.2r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "sa2000 ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.1"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.6"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "toolscenter suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.51"
      },
      {
        "model": "ddos secure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.14.1-1"
      },
      {
        "model": "websphere application server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.33"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "vsm v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 12.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "powervu d9190 comditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "junos 12.3r4-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "softco v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2700\u0026s3700 v100r006c05+v100r06h",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s6800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "telepresence mcu series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asg2000 v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "idp 5.1r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "nac manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smc2.0 v100r002c01b017sp17",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "junos os 12.1x46-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.2r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "usg2000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.4"
      },
      {
        "model": "system x3500m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73801.42"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "junos 13.2x51-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.6"
      },
      {
        "model": "ecns600 v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u19** v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 12.1x44-d20.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.1"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.5"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.20"
      },
      {
        "model": "oceanstor s5600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system dx360m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73231.42"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "junose",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.16"
      },
      {
        "model": "unified communications series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "junos 12.1r7-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.6.0"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "security information and event management hf11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3.2"
      },
      {
        "model": "junos 12.1r5-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.12"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "svn2200 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "usg9500 v300r001c01spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "system x3200m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73271.42"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.3"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.5"
      },
      {
        "model": "junos 12.2x50-d70",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "junos 12.1x46-d20.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "8.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.03"
      },
      {
        "model": "junos 13.2x50-d15.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ecns610 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos r6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "sa2500 ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "junos r11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "oceanstor s5600t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "espace iad v300r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "oceanstor s5800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "oceanstor s5800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56002"
      },
      {
        "model": "junos d15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.3"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "icewall sso dfw r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.00"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "junos 13.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9900"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77000"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "elog v100r003c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "8.4-release-p8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.0"
      },
      {
        "model": "ata series analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "junos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.24"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "junos 13.2x51-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.1.1"
      },
      {
        "model": "security zsecure visual",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "s7700\u0026s9700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.6"
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.3r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      },
      {
        "model": "oceanstor s2200t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "icewall sso dfw r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "policy center v100r003c00spc305",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v19.7"
      },
      {
        "model": "solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.20.5.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "system x3200m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73281.42"
      },
      {
        "model": "ios software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "junos r4-s2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.13"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "video surveillance series ip camera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "junos d15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45"
      },
      {
        "model": "spa510 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "idp 4.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.5"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "usg9500 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 13.1x49-d55",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "prime performance manager for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x571451.43"
      },
      {
        "model": "junos d20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45"
      },
      {
        "model": "s7700\u0026s9700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.2r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.10"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "s3900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "unified communications widgets click to call",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "softco v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence t series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.1"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "netcool/system service monitor fp1 p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0-"
      },
      {
        "model": "junos 12.2r1.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v310.1"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-3"
      },
      {
        "model": "jabber for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4"
      },
      {
        "model": "9.2-release-p4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "junos r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.4"
      },
      {
        "model": "manageone v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "s7700\u0026s9700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s6900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ucs b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos r7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.29"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.15"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "junos os 11.4r12-s1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "junos 12.3r2-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos 12.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "documentum content server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77109.7"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "quantum policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.07"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "system x3630m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73771.42"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.38"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "system dx360m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73211.42"
      },
      {
        "model": "telepresence mxp series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos os 12.1x47-d10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "os/400 v1r5m0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.41"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "junos os 12.2r9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02spc800",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.19"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.25"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "cc v200r001c31",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 13.2r2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "toolscenter suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.50"
      },
      {
        "model": "s12700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "oceanstor s5500t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.0"
      },
      {
        "model": "software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "security information and event management hf3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1.4"
      },
      {
        "model": "documentum content server sp2 p13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "icewall sso dfw r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.3"
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "documentum content server sp2 p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "flex system enterprise chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8721"
      },
      {
        "model": "junos 12.1r1.9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ecns600 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.2.1"
      },
      {
        "model": "jabber voice for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos os 12.1x46-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "8.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.35"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos os 12.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.2.0.9"
      },
      {
        "model": "puredata system for operational analytics a1791",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos 13.2r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "dsm v100r002c05spc615",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "system x3400m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "78361.42"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.3r3.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "icewall sso certd r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "junos 13.2x50-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.5"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junose",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2.1"
      },
      {
        "model": "ace application control engine module ace20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c09",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "agent desktop for cisco unified contact center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "junos 12.1r5.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "junos r8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "hyperdp v200r001c91spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "unified attendant console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "s3900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "ace application control engine module ace10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v110.1"
      },
      {
        "model": "junos r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "manageone v100r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463011.5"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "esight-ewl v300r001c10spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos r6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "sa6000 ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "ave2000 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "usg9300 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "anyoffice v200r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "13.10"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.0.0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.19"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "junos 13.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2143"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "usg9500 usg9500 v300r001c20",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u2990 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "oceanstor s6800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "manageone v100r001c02 spc901",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2"
      },
      {
        "model": "tivoli monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.23"
      },
      {
        "model": "junos 12.1x45-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.1"
      },
      {
        "model": "oceanstor s2600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "560010.1"
      },
      {
        "model": "isoc v200r001c02spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "ons series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154000"
      },
      {
        "model": "flashsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8400"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webapp secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "9.1-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "call management system r17.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "junos 13.2x51-d15.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "policy center v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "junos 12.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "colorqube ps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "88704.76.0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.212"
      },
      {
        "model": "jabber video for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ctpos 6.6r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x52-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.2"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "webex connect client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos -d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos space 13.1r1.6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.2x50-d20.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system dx360m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73251.42"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.13"
      },
      {
        "model": "softco v200r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos 13.2r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.1"
      },
      {
        "model": "junos d10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.021"
      },
      {
        "model": "junos r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "junos 12.3r4-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "nip2000\u00265000 v100r002c10hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "agile controller v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos os 13.3r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.2"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.1"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smc2.0 v100r002c01b017sp16",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.32"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r8.7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "physical access gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "session border controller enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89410"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "isoc v200r001c01spc101",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos os 12.1x44-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.5"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.10"
      },
      {
        "model": "documentum content server p06",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "junos 12.1r8-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junose",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.0.3"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6"
      },
      {
        "model": "prime network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.029"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "junos 12.3r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "isoc v200r001c00spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "small business isa500 series integrated security appliances",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.28"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "9.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "junos 12.1x44-d51",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "idp 4.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "usg9500 usg9500 v300r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "system integrated management module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2"
      },
      {
        "model": "junos 13.1x49-d49",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "uma v200r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "isoc v200r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "eupp v100r001c10spc002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "junos 13.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "oceanstor s5500t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.27"
      },
      {
        "model": "junos d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "tivoli monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.30"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "documentum content server p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "wag310g wireless-g adsl2+ gateway with voip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.4"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified wireless ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "29200"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "ida pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hex ray",
        "version": "6.5"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.2"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "tivoli monitoring fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.229"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.02007"
      },
      {
        "model": "junos 12.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "smart call home",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "junos r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "system x3250m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "42511.42"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "ecns610 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 12.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "documentum content server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.31"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "colorqube ps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "85704.76.0"
      },
      {
        "model": "junos 13.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "oceanstor s6800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56009.7"
      },
      {
        "model": "junos d40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "manageone v100r002c10 spc320",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "svn2200 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 13.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.2"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.3"
      },
      {
        "model": "junos 13.1r4-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "eupp v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2"
      },
      {
        "model": "junos 12.1x48-d62",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "uma-db v2r1coospc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security information and event management hf6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2.2"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.19"
      },
      {
        "model": "telepresence exchange system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 13.1r4-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "usg9300 usg9300 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7600-"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4"
      },
      {
        "model": "espace u2990 v200r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "9.1-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "svn5500 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.2"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.0"
      },
      {
        "model": "tivoli netcool/system service monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "jabber voice for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "idp 4.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.31"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.40"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "junose",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "isoc v200r001c02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1"
      },
      {
        "model": "tivoli monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.22"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.5"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.12"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.16"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.22"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "junos os 13.2r5-s1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "junose",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1.2"
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 13.1r.3-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "junos 13.2x52-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "idp series 5.1r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "logcenter v200r003c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.4"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system enterprise chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7893"
      },
      {
        "model": "s7700\u0026s9700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oceanstor s2600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "junos 12.1x44-d55",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x45-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "websphere application server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.3"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.10"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.10"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.11"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.03"
      },
      {
        "model": "security information and event management ga",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4.0"
      },
      {
        "model": "junos 11.4r12-s1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.41"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.2"
      },
      {
        "model": "tsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-1"
      },
      {
        "model": "usg9500 v300r001c20sph102",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "asa cx context-aware security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified im and presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "elog v100r003c01spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "s5900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s6900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "junos 12.1r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fusionsphere v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tsm v100r002c07spc219",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "system dx360m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "63911.42"
      },
      {
        "model": "junos r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "espace iad v300r002c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "documentum content server sp1 p28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "junos 12.3r6.6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "junos 13.1x50-d15.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.1x50-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "junos r7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "76000"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "hyperdp v200r001c09spc501",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13100"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x45-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "usg2000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "10.0-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.7"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "os/400 v1r4m0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "systems director editions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "8.4-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "junos 13.2x51-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "svn5500 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tivoli monitoring fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.235"
      },
      {
        "model": "junos 13.2x51-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli monitoring fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.302"
      },
      {
        "model": "agent desktop for cisco unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oceanstor s5500t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "espace iad v300r001c07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "junos 13.2r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "documentum content server sp2 p16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.17"
      },
      {
        "model": "junos 13.2x51-d25.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "system x3550m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79441.42"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "junos os 13.1r4-s3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ip video phone e20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "mate products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.19"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.13"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "junos r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.9"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7.0"
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "56000"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "junos r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.2"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u19** v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "uma v200r001c00spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "junos pulse for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oceanstor s6800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "flashsystem 9843-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "junos 13.1r3-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.1"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "junos 12.3r7-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "espace usm v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "idp series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "junos 12.1x48-d41",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "nexus switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "31640"
      },
      {
        "model": "fusionsphere v100r003c10spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "junos 12.1x46-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smc2.0 v100r002c01b025sp07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2700\u0026s3700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "espace cc v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "isoc v200r001c01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "esight-ewl v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c91",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.1"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.23"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "oic v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "icewall sso dfw certd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "junos d15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.4"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ctpos 6.6r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.1"
      },
      {
        "model": "junos 12.1x44-d30.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.2x50-d40.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "jabber im for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos d20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "small cell factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.07"
      },
      {
        "model": "flex system enterprise chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8724"
      },
      {
        "model": "junos r8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "model": "rational clearcase",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "espace vtm v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "spa525 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.5.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.18"
      },
      {
        "model": "8.3-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "junos 12.1r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.1"
      },
      {
        "model": "espace u2980 v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.2-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.177"
      },
      {
        "model": "s12700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "toolscenter suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.41"
      },
      {
        "model": "oceanstor s2200t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x571431.43"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "8.3-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.11"
      },
      {
        "model": "s2900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v39.7"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "open source security information management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.10"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "usg5000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.9"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "tivoli remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.1"
      },
      {
        "model": "junos r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.34"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "junos 12.1x45-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "junos 13.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s5900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight v2r3c10spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3"
      },
      {
        "model": "junos r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.4"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "s3900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyoffice emm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "2.6.0601.0090"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 13.2x51-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.0"
      },
      {
        "model": "system x3400m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73781.42"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x44-d45",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "usg9500 usg9500 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.21"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oic v100r001c00spc402",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.0"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "s7700\u0026s9700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.4"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "vtm v100r001c30",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "oceanstor s5500t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "espace u2980 v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.26"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.1"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "junos r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.2"
      },
      {
        "model": "system x3250m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "42521.42"
      },
      {
        "model": "tivoli netcool/system service monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "8.4-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence ip vcr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.37"
      },
      {
        "model": "documentum content server sp1 p26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "junos 12.1x45-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "eupp v100r001c01spc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "junos 13.2r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ecns600 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.0"
      },
      {
        "model": "oceanstor s2600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v29.7"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3"
      },
      {
        "model": "rational clearcase",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "sa4000 ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.2"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "10.0-release-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "junos 12.2r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ave2000 v100r001c00sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.19"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.2"
      },
      {
        "model": "system x3620m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73761.42"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "documentum content server sp2 p15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.19"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.13"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "system x3400m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "78371.42"
      },
      {
        "model": "junos 12.2r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "websphere application server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.6"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.5"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vpn client v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 13.2x51-d27.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "metro ethernet series access devices",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12000"
      },
      {
        "model": "flex system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1.9"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.4"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "prime infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ace application control engine appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x44-d24",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ios xr software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "junos r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "nip2000\u00265000 v100r002c10spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "eupp v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "junos 13.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.3"
      },
      {
        "model": "junos d15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45-"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "9.2-releng",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "junos 12.2x50-d50.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "oceanstor s5800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.33"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69000"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.18"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "junos 12.2r8-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "oceanstor s5600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "system x3400m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73791.42"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "junos 12.1x44-d35.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.1-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security module for cisco network registar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.0"
      },
      {
        "model": "9.1-release-p11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "junos 12.3x48-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "s6900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "dsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "css series content services switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "115000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "oceanstor s5800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.10"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.32"
      },
      {
        "model": "junos 13.2x51-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "8.3-release-p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "s7700\u0026s9700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "toolscenter suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.010"
      },
      {
        "model": "espace usm v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "66363"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0076"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.0l",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0076"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127607"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "db": "PACKETSTORM",
        "id": "127608"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127086"
      },
      {
        "db": "PACKETSTORM",
        "id": "127265"
      },
      {
        "db": "PACKETSTORM",
        "id": "128001"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2014-0076",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2014-0076",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "LOW",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-0076",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-0076",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0076"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0076"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. OpenSSL is prone to an information-disclosure weakness. \nAttackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-14:06.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          OpenSSL multiple vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2014-04-08\nAffects:        All supported versions of FreeBSD. \nCorrected:      2014-04-08 18:27:39 UTC (stable/10, 10.0-STABLE)\n                2014-04-08 18:27:46 UTC (releng/10.0, 10.0-RELEASE-p1)\n                2014-04-08 23:16:19 UTC (stable/9, 9.2-STABLE)\n                2014-04-08 23:16:05 UTC (releng/9.2, 9.2-RELEASE-p4)\n                2014-04-08 23:16:05 UTC (releng/9.1, 9.1-RELEASE-p11)\n                2014-04-08 23:16:19 UTC (stable/8, 8.4-STABLE)\n                2014-04-08 23:16:05 UTC (releng/8.4, 8.4-RELEASE-p8)\n                2014-04-08 23:16:05 UTC (releng/8.3, 8.3-RELEASE-p15)\nCVE Name:       CVE-2014-0076, CVE-2014-0160\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\n0.   Revision History\n\nv1.0  2014-04-08 Initial release. \nv1.1  2014-04-08 Added patch applying step in Solutions section. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nThe Heartbeat Extension provides a new protocol for TLS/DTLS allowing the\nusage of keep-alive functionality without performing a renegotiation and a\nbasis for path MTU (PMTU) discovery for DTLS. \n\nElliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the\nDigital Signature Algorithm (DSA) which uses Elliptic Curve Cryptography. \nOpenSSL uses the Montgomery Ladder Approach to compute scalar multiplication\nin a fixed amount of time, which does not leak any information through timing\nor power. \n\nII.  Problem Description\n\nThe code used to handle the Heartbeat Extension does not do sufficient boundary\nchecks on record length, which allows reading beyond the actual payload. \n[CVE-2014-0160].  Affects FreeBSD 10.0 only. \n\nA flaw in the implementation of Montgomery Ladder Approach would create a\nside-channel that leaks sensitive timing information. [CVE-2014-0076]\n\nIII. Impact\n\nAn attacker who can send a specifically crafted packet to TLS server or client\nwith an established connection can reveal up to 64k of memory of the remote\nsystem.  Such memory might contain sensitive information, including key\nmaterial, protected content, etc. which could be directly useful, or might\nbe leveraged to obtain elevated privileges.  [CVE-2014-0160]\n\nA local attacker might be able to snoop a signing process and might recover\nthe signing key from it.  [CVE-2014-0076]\n\nIV.  Workaround\n\nNo workaround is available, but systems that do not use OpenSSL to implement\nthe Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)\nprotocols implementation and do not use the ECDSA implementation from OpenSSL\nare not vulnerable. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.x and FreeBSD 9.x]\n# fetch http://security.FreeBSD.org/patches/SA-14:06/openssl.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:06/openssl.patch.asc\n# gpg --verify openssl.patch.asc\n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch.asc\n# gpg --verify openssl-10.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nRecompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nIMPORTANT: the update procedure above does not update OpenSSL from the\nPorts Collection or from a package, known as security/openssl, which\nhas to be updated separately via ports or package. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r264285\nreleng/8.3/                                                       r264284\nreleng/8.4/                                                       r264284\nstable/9/                                                         r264285\nreleng/9.1/                                                       r264284\nreleng/9.2/                                                       r264284\nstable/10/                                                        r264266\nreleng/10.0/                                                      r264267\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\u003e\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\u003e\n\n\u003cURL:http://www.openssl.org/news/secadv_20140407.txt\u003e\n\u003cURL:http://eprint.iacr.org/2014/140.pdf\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:06.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.22 (FreeBSD)\n\niQIcBAEBCgAGBQJTRJySAAoJEO1n7NZdz2rnzPcQALd6So7vDRBaYiaGwQjc55oI\nQwTnNzkkgxVTGwi8lDV6h8bIW3Ga8AhMGoZCVOeKbDABBDghVYe6Na5e/wsHbPPu\ntXmDRhoi2aV0sVCTFfpoCNJ8l2lb+5vnmEC6Oi3PMQDbRC+Ptg15o0W/2hXw0eKO\nyu4BhS4dl6lX7IvlR1n4sr0rfa8vwxe5OpUUd6Bzw0SUBmV+BTzq1C70FuOZ/hnD\nThaZS8Ox3fcWuPylhPbhxnWqg0oVNkBpiRYpIBadrpl9EiRRzbTfF+uFvauR9tBN\n1mK8lLwd7DK6x8iCSnDd2ZlN1rNn8EPsGohT4vP+szz2E2YP1x8ugihEBdYax+Dh\nZ4TWkm3/wJwEf00G32E1hZ8F+UavE8AmnGVk6gxiRpnv2sdNJYRlWd9O8u251qMq\nuzcmBX6Jr14dQCwlqof8pYKYV7VCE/Cu4JHThOCL042CLwUmXyJVMFzm6WPQlNjC\ndlPbSG+PXjninPjcYBoMR+863X35Guv0pJBNG/ofEh+Jy5MveaMRQX/mA+wy29zm\nqg74lM07adXkJujPAuA5dYjZivpW1NPOHeIjaYjaI6KDw2q3BlkGa2C3PeYDQxn4\nIqujqpem5nyQY4BO2XC8gVtuym0jDSA98bgFXumNDkmzlUUuOFOWD8YScLopOzOu\nEpUXgezogk1Rd3EVsaJ+\n=UBO0\n-----END PGP SIGNATURE-----\n. OpenSSL Security Advisory [05 Jun 2014]\n========================================\n\nSSL/TLS MITM vulnerability (CVE-2014-0224)\n===========================================\n\nAn attacker using a carefully crafted handshake can force the use of weak\nkeying material in OpenSSL SSL/TLS clients and servers. This can be exploited\nby a Man-in-the-middle (MITM) attack where the attacker can decrypt and \nmodify traffic from the attacked client and server. \n\nThe attack can only be performed between a vulnerable client *and*\nserver. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers\nare only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users\nof OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. \n\nOpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. \nOpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. \nOpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h. \n\nThanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and\nresearching this issue.  This issue was reported to OpenSSL on 1st May\n2014 via JPCERT/CC. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team partly based\non an original patch from KIKUCHI Masashi. \n\nDTLS recursion flaw (CVE-2014-0221)\n====================================\n\nBy sending an invalid DTLS handshake to an OpenSSL DTLS client the code\ncan be made to recurse eventually crashing in a DoS attack. \n\nOnly applications using OpenSSL as a DTLS client are affected. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.  This\nissue was reported to OpenSSL on 9th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nDTLS invalid fragment vulnerability (CVE-2014-0195)\n====================================================\n\nA buffer overrun attack can be triggered by sending invalid DTLS fragments\nto an OpenSSL DTLS client or server. This is potentially exploitable to\nrun arbitrary code on a vulnerable client or server. \n\nOnly applications using OpenSSL as a DTLS client or server affected. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to J\u00fcri Aedla for reporting this issue.  This issue was\nreported to OpenSSL on 23rd April 2014 via HP ZDI. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nSSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)\n=================================================================\n\nA flaw in the do_ssl3_write function can allow remote attackers to\ncause a denial of service via a NULL pointer dereference.  This flaw\nonly affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is\nenabled, which is not the default and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public.  The fix was developed by\nMatt Caswell of the OpenSSL development team. \n\nSSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)\n===============================================================================\n \nA race condition in the ssl3_read_bytes function can allow remote\nattackers to inject data across sessions or cause a denial of service. \nThis flaw only affects multithreaded applications using OpenSSL 1.0.0\nand 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the\ndefault and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public.  \n\nAnonymous ECDH denial of service (CVE-2014-3470)\n================================================\n\nOpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a\ndenial of service attack. \n\nOpenSSL 0.9.8 users should upgrade to 0.9.8za\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThanks to Felix Gr\u00f6bert and Ivan Fratri\u0107 at Google for discovering this\nissue.  This issue was reported to OpenSSL on 28th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOther issues\n============\n\nOpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for\nCVE-2014-0076: Fix for the attack described in the paper \"Recovering\nOpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack\"\nReported by Yuval Yarom and Naomi Benger.  This issue was previously\nfixed in OpenSSL 1.0.1g. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20140605.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. The following\nCommon Vulnerabilities and Exposures project ids identify them:\n\nCVE-2010-5298\n\n    A read buffer can be freed even when it still contains data that is\nused later on, leading to a use-after-free. \n\nCVE-2014-0076\n\n    ECDSA nonces can be recovered through the Yarom/Benger FLUSH+RELOAD\ncache side-channel attack. \n\nA third issue, with no CVE id, is the missing detection of the\n\"critical\" flag for the TSA extended key usage under certain cases. \n\n\nAdditionally, this update checks for more services that might need to\nbe restarted after upgrades of libssl, corrects the detection of\napache2 and postgresql, and adds support for the\n\u0027libraries/restart-without-asking\u0027 debconf configuration. This allows\nservices to be restarted on upgrade without prompting. \n\n\nThe oldstable distribution (squeeze) is not affected by CVE-2010-5298\nand it might be updated at a later time to address the remaining\nvulnerabilities. \n\nFor the testing distribution (jessie), these problems will be fixed\nsoon. The\nupdates are available from the following location using ftp:\n\nftp://srt03046:Secure12@ftp.usa.hp.com\n\nUser name: srt03046\nPassword: Secure12 ( NOTE: Case sensitive)\n\nHP-UX Release\n HP-UX OpenSSL version\n\nB.11.11 (11i v1)\n A.00.09.08za.001_HP-UX_B.11.11_32+64.depot\n\nB.11.23 (11i v2)\n A.00.09.08za.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n A.00.09.08za.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08za or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n The dtls1_reassemble_fragment function in d1_both.c in OpenSSL\n before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does\n not properly validate fragment lengths in DTLS ClientHello messages,\n which allows remote attackers to execute arbitrary code or cause a\n denial of service (buffer overflow and application crash) via a long\n non-initial fragment (CVE-2014-0195). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n Use-after-free vulnerability in the d2i_ECPrivateKey function in\n crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r,\n 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote\n attackers to cause a denial of service (memory corruption and\n application crash) or possibly have unspecified other impact via a\n malformed Elliptic Curve (EC) private-key file that is improperly\n handled during import (CVE-2015-0209). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599  mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f  mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b  mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a  mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784  mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1  mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \n\nHP Systems Insight Manager v7.3 Hotfix kit\nHP Systems Insight Manager v7.2 Hotfix kit (The HP Systems Insight Manager\nv7.2 Hotfix kit is currently unavailable, but will be released at a later\ndate. \n\nhttp://h18013.www1.hp.com/products/servers/management/hpsim/download.html\n\nNOTE: No reboot of the system is required after applying the HP SIM Hotfix\nkit. \nHP System Management Homepage versions 7.3.2 and earlier for Linux and\nWindows. HP System Management Homepage v7.2.4.1 is available for\nWindows 2003 only. \n\nHP System Management Homepage v7.2.4.1 for Windows x86:\nhttp://www.hp.com/swpublishing/MTX-d775367b0a28449ca05660778b\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98702\n\nHP System Management Homepage v7.2.4.1 for Windows x64:\nhttp://www.hp.com/swpublishing/MTX-3a7aa5e233904ebe847a5e1555\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98704\n\nHP System Management Homepage v7.3.3.1 for Windows x86:\nhttp://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98696\n\nHP System Management Homepage v7.3.3.1 for Windows x64:\nhttp://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98698\n\nHP System Management Homepage v7.3.3.1 for Linux x86:\nhttp://www.hp.com/swpublishing/MTX-511c3e0b2f6f4f6bbc796fc619\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1980463820/v98694\n\nHP System Management Homepage v7.3.3.1 for Linux x64:\nhttp://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1507410135/v98693\n\nNOTE: HP System Management Homepage v7.3.3.1 for Linux x86 still contains\nOpenSSL v1.0.0d. As long as all other products which SMH V7.3.3.1 for Linux\nx86 communicates with have been upgraded to the latest versions, it will not\nbe vulnerable to the exploits described in CVE-2014-0224. \n\nRelease Date: 2014-07-23\nLast Updated: 2014-07-23\n\nPotential Security Impact: Remote denial of service (DoS), code execution,\nunauthorized access, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Insight\nControl server migration running on Linux and Windows which could be\nexploited remotely resulting in denial of service (DoS), code execution,\nunauthorized access, or disclosure of information. \n\nReferences:\n\nCVE-2010-5298 Remote Denial of Service\nCVE-2014-0076 Unauthorized Disclosure of Information\nCVE-2014-0195 Remote Unauthorized Access\nCVE-2014-0198 Remote Denial of Service\nCVE-2014-0221 Remote Denial of Service (DoS)\nCVE-2014-0224 Remote Unauthorized Access or Disclosure of Information\nCVE-2014-3470 Remote Code Execution or Unauthorized Access\nSSRT101647\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server migration v7.2.2, v7.3, v7.3.1, and v7.3.2\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5298    (AV:N/AC:H/Au:N/C:N/I:P/A:P)       4.0\nCVE-2014-0076    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-0195    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-0198    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0221    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0224    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-3470    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to v7.3.2 of HP Insight Control server\nmigration to resolve these vulnerabilities by upgrading to version 7.3.3. \nPlease note that version 7.3.3 of HP Insight Control server migration is\nincluded on the HP Insight Management 7.3 Update 2 DVD. \n\nHP has provided the installation binaries for download from the following web\nsite by using the Receive for free option:\n\nhttp://h18013.www1.hp.com/products/servers/management/fpdownload.html\n\nCustomers using HP Insight Control server migration v7.2.2 must first upgrade\nfrom v7.2.2 to v7.3 by using the HP Insight Management v7.3 DVD, and then\nupgrade to v7.3.3 by using the HP Insight Management v7.3 Update 2 DVD. \n\nCustomers running HP Insight Control server migration v7.3, v7.3.1, or\nv7.3.2, can use the HP Insight Control server migration v7.3 Update 2 DVD to\ncomplete the upgrade. \n\nFor more information on the upgrade process, please refer to the HP Insight\nManagement Installation and Upgrade Guide and Release notes, which are\navailable at the following location:\n\nhttp://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind\nex.aspx?cat=insightmanagement\n\nNOTE: The upgrade paths described above update the entire HP Insight Control\nsoftware stack. To upgrade HP Insight Control server migration only, complete\nthe following steps:\n\nCopy \"hpsmp.exe\" to the local machine from the HP Insight Management v7.3.0\nUpdate 2 DVD ISO. Create batch file with the following commands:\n@echo off\nhpsmp.exe /verysilent /SVCPATCH=Install_Through_Patch\nCopy the batch file to the folder where \"hpsmp.exe\" normally resides on the\ntarget system. \nDouble click on the batch file. \nThe HP Insight Control server migration installation starts in a command\nprompt. \nThe command prompt closes when the installation finishes. \nAfter the installation completes it creates a log file (ICmigr.log) and an\noutput file (ICmigroutput.xml) on the target system. \nDo not close or click on the command prompt while the process is completing. \nDo not run the command prompt in the background. \n\nHISTORY\nVersion:1 (rev.1) - 23 July 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update\n2014-004\n\nOS X Mavericks 10.9.5 and Security Update 2014-004 are now available\nand address the following:\n\napache_mod_php\nAvailable for:  OS X Mavericks 10.9 to 10.9.4\nImpact:  Multiple vulnerabilities in PHP 5.4.24\nDescription:  Multiple vulnerabilities existed in PHP 5.4.24, the\nmost serious of which may have led to arbitrary code execution. This\nupdate addresses the issues by updating PHP to version 5.4.30\nCVE-ID\nCVE-2013-7345\nCVE-2014-0185\nCVE-2014-0207\nCVE-2014-0237\nCVE-2014-0238\nCVE-2014-1943\nCVE-2014-2270\nCVE-2014-3478\nCVE-2014-3479\nCVE-2014-3480\nCVE-2014-3487\nCVE-2014-3515\nCVE-2014-3981\nCVE-2014-4049\n\nBluetooth\nAvailable for:  OS X Mavericks 10.9 to 10.9.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A validation issue existed in the handling of a\nBluetooth API call. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4390 : Ian Beer of Google Project Zero\n\nCoreGraphics\nAvailable for:  OS X Mavericks 10.9 to 10.9.4\nImpact:  Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or an information disclosure\nDescription:  An out of bounds memory read existed in the handling of\nPDF files. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with\nthe iSIGHT Partners GVP Program\n\nCoreGraphics\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact:  Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An integer overflow existed in the handling of PDF\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with\nthe iSIGHT Partners GVP Program\n\nFoundation\nAvailable for:  OS X Mavericks 10.9 to 10.9.4\nImpact:  An application using NSXMLParser may be misused to disclose\ninformation\nDescription:  An XML External Entity issue existed in NSXMLParser\u0027s\nhandling of XML. This issue was addressed by not loading external\nentities across origins. \nCVE-ID\nCVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)\n\nIntel Graphics Driver\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact:  Compiling untrusted GLSL shaders may lead to an unexpected\napplication termination or arbitrary code execution\nDescription:  A user-space buffer overflow existed in the shader\ncompiler. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4393 : Apple\n\nIntel Graphics Driver\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple validation issues existed in some integrated\ngraphics driver routines. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4394 : Ian Beer of Google Project Zero\nCVE-2014-4395 : Ian Beer of Google Project Zero\nCVE-2014-4396 : Ian Beer of Google Project Zero\nCVE-2014-4397 : Ian Beer of Google Project Zero\nCVE-2014-4398 : Ian Beer of Google Project Zero\nCVE-2014-4399 : Ian Beer of Google Project Zero\nCVE-2014-4400 : Ian Beer of Google Project Zero\nCVE-2014-4401 : Ian Beer of Google Project Zero\nCVE-2014-4416 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A null pointer dereference existed in the handling of\nIOKit API arguments. This issue was addressed through improved\nvalidation of IOKit API arguments. \nCVE-ID\nCVE-2014-4376 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for:  OS X Mavericks 10.9 to 10.9.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An out-of-bounds read issue existed in the handling of\nan IOAcceleratorFamily function. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4402 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact:  A local user can read kernel pointers, which can be used to\nbypass kernel address space layout randomization\nDescription:  An out-of-bounds read issue existed in the handling of\nan IOHIDFamily function. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-4379 : Ian Beer of Google Project Zero\n\nIOKit\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A validation issue existed in the handling of certain\nmetadata fields of IODataQueue objects. This issue was addressed\nthrough improved validation of metadata. \nCVE-ID\nCVE-2014-4388 : @PanguTeam\n\nIOKit\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An integer overflow existed in the handling of IOKit\nfunctions. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4389 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  OS X Mavericks 10.9 to 10.9.4\nImpact:  A local user can infer kernel addresses and bypass kernel\naddress space layout randomization\nDescription:  In some cases, the CPU Global Descriptor Table was\nallocated at a predictable address. This issue was addressed through\nalways allocating the Global Descriptor Table at random addresses. \nCVE-ID\nCVE-2014-4403 : Ian Beer of Google Project Zero\n\nLibnotify\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with root privileges\nDescription:  An out-of-bounds write issue existed in Libnotify. This\nissue was addressed through improved bounds checking\nCVE-ID\nCVE-2014-4381 : Ian Beer of Google Project Zero\n\nOpenSSL\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact:  Multiple vulnerabilities in OpenSSL 0.9.8y, including one\nthat may lead to arbitrary code execution\nDescription:  Multiple vulnerabilities existed in OpenSSL 0.9.8y. \nThis update was addressed by updating OpenSSL to version 0.9.8za. \nCVE-ID\nCVE-2014-0076\nCVE-2014-0195\nCVE-2014-0221\nCVE-2014-0224\nCVE-2014-3470\n\nQT Media Foundation\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact:  Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\nRLE encoded movie files. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom\nGallagher \u0026 Paul Bates working with HP\u0027s Zero Day Initiative\n\nQT Media Foundation\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact:  Playing a maliciously crafted MIDI file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in the handling of MIDI\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4350 : s3tm3m working with HP\u0027s Zero Day Initiative\n\nQT Media Foundation\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact:  Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\nthe \u0027mvhd\u0027 atoms. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4979 : Andrea Micalizzi aka rgod working with HP\u0027s Zero Day\nInitiative\n\nruby\nAvailable for:  OS X Mavericks 10.9 to 10.9.4\nImpact:  A remote attacker may be able to cause arbitrary code\nexecution\nDescription:  A heap buffer overflow existed in LibYAML\u0027s handling of\npercent-encoded characters in a URI. This issue was addressed through\nimproved bounds checking. This update addresses the issues by\nupdating LibYAML to version 0.1.6\nCVE-ID\nCVE-2014-2525\n\n\nNote: OS X Mavericks 10.9.5 includes the security content of\nSafari 7.0.6: http://support.apple.com/kb/HT6367\n\nOS X Mavericks v10.9.5 and Security Update 2014-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJUGkP0AAoJEBcWfLTuOo7tygQP/1vHYXtWy6492Tjj6ycymWa+\nCt0eCCBU/AUi5ODNDeV9ddWkuFeXKbgQSHoPU19IPcIBAKnYUupVJSJ/cEHfSthh\nCiROjJw8Bt8comn04BgggHieLveN1xQCXQDcO29kBIpQr394XKS0lNXP//Z0oG5V\nsCnEDPz/0R92mwT5XkKD9WC7G/WjybS5V7BjEbdzDOn4qdTVje05xI5pof+fkeQ1\nhFHo7uTCDkSzLH2YxrQHifNVyItz8AgnNHwH7zc6XmNtiNFkiFP/KU6BYyr8WiTQ\nJb3pyLB/Xvmbd0kuETnDNvV0oJc88G38a++xZPnuM7zQrW/TQkkKQpiqKtYAiJuw\nZhUoky620/7HULegcYtsTyuDFyEN6whdSmHLFCJzk2oZXZ7MPA8ywCFB8Y79rohW\n5MTe/zVUSxxYBgVXpkmhPwXYSTINeUJGJA1RQtXhC2Hh6O2jeqJP2H0hTmgsCBRA\n3X/2CGoyAAgoKTJwgXk07tBbJWf+wQwAvUN9L1Yph+uOvvUzqFt8LNEGw9jVPsZl\nQHcSEW/Ef/HK/OLwVZiPqse6lRJAdRZl5//vm4408jnXfJCy6KnvxcsO4Z1yTyoP\nkCXdWlSLBiidcRRWBfoQBSC3gANcx9a56ItWieEvJrdNOiyhb+gqEk7XraOlb/gf\nk4w2RKNm0Fv+kdNoFAnd\n=gpVc\n-----END PGP SIGNATURE-----\n\n. These vulnerabilities include: \n\n* The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"POODLE\", which could be exploited remotely\nresulting in disclosure of information. \n\n  - HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2010-5298\n      4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\n      4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)\n\n    CVE-2014-0076\n      4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n      1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)\n\n    CVE-2014-0195\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-0198\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2014-0221\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2014-0224\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-3470\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2014-3566\n      3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\n      4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n    CVE-2016-0705\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE recommends applying the following software updates to resolve the\nvulnerabilities in the impacted versions of HPE StoreVirtual products running\nHPE LeftHand OS. \n\nLeftHand OS v11.5 - Patches 45019-00 and 45020 \nLeftHand OS v12.0 - Patches 50016-00 and 50017-00 \nLeftHand OS v12.5 - Patch 55016-00 \nLeftHand OS v12.6 - Patch 56002-00 \n\n**Notes:**\n\nThese patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision\nto OpenSSL v1.0.1e 48. \nThese patches migrate Certificate Authority Hashing Algorithm from a weak\nhashing algorithm SHA1 to the stronger hashing algorithm SHA256",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0076"
      },
      {
        "db": "BID",
        "id": "66363"
      },
      {
        "db": "PACKETSTORM",
        "id": "126087"
      },
      {
        "db": "PACKETSTORM",
        "id": "126097"
      },
      {
        "db": "PACKETSTORM",
        "id": "128001"
      },
      {
        "db": "PACKETSTORM",
        "id": "127265"
      },
      {
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "db": "PACKETSTORM",
        "id": "126228"
      },
      {
        "db": "PACKETSTORM",
        "id": "127086"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0076"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "127608"
      },
      {
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127607"
      },
      {
        "db": "PACKETSTORM",
        "id": "128315"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0076",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "66363",
        "trust": 1.4
      },
      {
        "db": "JUNIPER",
        "id": "JSA10629",
        "trust": 1.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10075",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "59300",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59450",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59364",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59040",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59490",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59495",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59374",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59175",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59454",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59445",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59264",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58492",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59721",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59655",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60571",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58727",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58939",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59162",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59514",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59413",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59438",
        "trust": 1.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-094-04",
        "trust": 0.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10071",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0076",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128315",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127607",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127362",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127213",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127266",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127608",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131044",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140720",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127086",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126228",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126961",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127265",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128001",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126097",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126087",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0076"
      },
      {
        "db": "BID",
        "id": "66363"
      },
      {
        "db": "PACKETSTORM",
        "id": "128315"
      },
      {
        "db": "PACKETSTORM",
        "id": "127607"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "db": "PACKETSTORM",
        "id": "127608"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127086"
      },
      {
        "db": "PACKETSTORM",
        "id": "126228"
      },
      {
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "db": "PACKETSTORM",
        "id": "127265"
      },
      {
        "db": "PACKETSTORM",
        "id": "128001"
      },
      {
        "db": "PACKETSTORM",
        "id": "126097"
      },
      {
        "db": "PACKETSTORM",
        "id": "126087"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0076"
      }
    ]
  },
  "id": "VAR-201403-0514",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.408460395
  },
  "last_update_date": "2024-07-23T20:28:55.089000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Debian Security Advisories: DSA-2908-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=438bf64e25a46a5ac11098b5720d1bb6"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2165-1"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0076",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1fc1fc75c3cab4aa04eb437a09a1da4f"
      },
      {
        "title": "Red Hat: CVE-2014-0076",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0076"
      },
      {
        "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/uvhw/uvhw.bitcoin.js "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/hrbrmstr/internetdb "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/second-nsa-crypto-tool-found-in-rsa-bsafe/105143/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0076"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0076"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "http://www.openssl.org/news/secadv_20140605.txt"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
      },
      {
        "trust": 1.4,
        "url": "http://eprint.iacr.org/2014/140"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
      },
      {
        "trust": 1.4,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501"
      },
      {
        "trust": 1.2,
        "url": "http://advisories.mageia.org/mgasa-2014-0165.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/66363"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.novell.com/show_bug.cgi?id=869945"
      },
      {
        "trust": 1.1,
        "url": "https://bugs.gentoo.org/show_bug.cgi?id=505278"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59438"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59450"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59721"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59655"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59162"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58939"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:067"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676424"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59490"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58727"
      },
      {
        "trust": 1.1,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59514"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59495"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59413"
      },
      {
        "trust": 1.1,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59300"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60571"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht6443"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59454"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59445"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59374"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59364"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59264"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59175"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59040"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58492"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2165-1"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html"
      },
      {
        "trust": 1.1,
        "url": "http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=2198be3483259de374f91e57d247d0fc667aef29"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
      },
      {
        "trust": 0.8,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.8,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.8,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946"
      },
      {
        "trust": 0.3,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0076_cryptographic_issues"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list\u0026showdraft=false"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095202"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095218"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas3bf6e25d1260a4de686257cc100631528"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas3824bd213d0f7c3d086257cc10063152c"
      },
      {
        "trust": 0.3,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl5"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181245"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_aix_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160?lang=en_us"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095187"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670738"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095124"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004581"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004611"
      },
      {
        "trust": 0.3,
        "url": "http://www.freebsd.org/security/advisories/freebsd-sa-14:06.openssl.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020681"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04343424"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04337774"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04336637"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037189"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037307"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671096"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676673"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671128"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671127"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670640"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21670640"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671100"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671098"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670316"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037451"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10071"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/33a01-5228bdf5d027e/cert_security_mini-_bulletin_xrx15ao_for_cq8570-cq8870_v1-0.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15295.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020021"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670401"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037380"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037382"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037384"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670905"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037379"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037381"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037383"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037393"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21670165"
      },
      {
        "trust": 0.3,
        "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004582"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095143"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095144"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676840"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020038"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671197"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682023"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670301"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670302"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670576"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682026"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682024"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21669859"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004616"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095841"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095217"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673715"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670339"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095203"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688949"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678668"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676424"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676092"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695392"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21681249"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671133"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004608"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020694"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670560"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670858"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673696"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095066"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004615"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669664"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100179859"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100179858"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-511c3e0b2f6f4f6bbc796fc619"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-bd9a1cf60e344c549c4888db93"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-3395d737d98f42149125b9bb05"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-3a7aa5e233904ebe847a5e1555"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-d775367b0a28449ca05660778b"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-e8076c2a35804685ad65b2b1ba"
      },
      {
        "trust": 0.2,
        "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/310.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/uvhw/uvhw.bitcoin.js"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/second-nsa-crypto-tool-found-in-rsa-bsafe/105143/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33767"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2165-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4378"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4379"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0185"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1943"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4376"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7345"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4377"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4350"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4381"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2525"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480"
      },
      {
        "trust": 0.1,
        "url": "http://www.vsecurity.com/)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2270"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3515"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht6367"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1391"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4049"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4374"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3981"
      },
      {
        "trust": 0.1,
        "url": "http://h18013.www1.hp.com/products/servers/management/fpdownload.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-2c54f23c6dbc4d598e86fdef95"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-4480df0f6d544779b0143f5c3b"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-8208c3987b1b4a5093f3e8fcc3"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-c0d32bac154a4d93839d8cd1f2"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-8aefeaf490284a7691eca97d13"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:06/openssl.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:06/openssl-10.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://eprint.iacr.org/2014/140.pdf\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-14:06.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/news/secadv_20140407.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:06/openssl-10.patch"
      },
      {
        "trust": 0.1,
        "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:06/openssl.patch"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0076"
      },
      {
        "db": "BID",
        "id": "66363"
      },
      {
        "db": "PACKETSTORM",
        "id": "128315"
      },
      {
        "db": "PACKETSTORM",
        "id": "127607"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "db": "PACKETSTORM",
        "id": "127608"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127086"
      },
      {
        "db": "PACKETSTORM",
        "id": "126228"
      },
      {
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "db": "PACKETSTORM",
        "id": "127265"
      },
      {
        "db": "PACKETSTORM",
        "id": "128001"
      },
      {
        "db": "PACKETSTORM",
        "id": "126097"
      },
      {
        "db": "PACKETSTORM",
        "id": "126087"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0076"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0076"
      },
      {
        "db": "BID",
        "id": "66363"
      },
      {
        "db": "PACKETSTORM",
        "id": "128315"
      },
      {
        "db": "PACKETSTORM",
        "id": "127607"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "db": "PACKETSTORM",
        "id": "127608"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127086"
      },
      {
        "db": "PACKETSTORM",
        "id": "126228"
      },
      {
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "db": "PACKETSTORM",
        "id": "127265"
      },
      {
        "db": "PACKETSTORM",
        "id": "128001"
      },
      {
        "db": "PACKETSTORM",
        "id": "126097"
      },
      {
        "db": "PACKETSTORM",
        "id": "126087"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0076"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-03-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0076"
      },
      {
        "date": "2014-02-24T00:00:00",
        "db": "BID",
        "id": "66363"
      },
      {
        "date": "2014-09-19T15:26:13",
        "db": "PACKETSTORM",
        "id": "128315"
      },
      {
        "date": "2014-07-24T23:47:46",
        "db": "PACKETSTORM",
        "id": "127607"
      },
      {
        "date": "2014-07-06T18:53:39",
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "date": "2014-06-25T21:32:38",
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "date": "2014-06-27T18:43:56",
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "date": "2014-07-24T23:48:05",
        "db": "PACKETSTORM",
        "id": "127608"
      },
      {
        "date": "2015-03-27T20:42:44",
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "date": "2017-01-25T21:54:44",
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "date": "2014-06-13T13:31:32",
        "db": "PACKETSTORM",
        "id": "127086"
      },
      {
        "date": "2014-04-21T19:46:40",
        "db": "PACKETSTORM",
        "id": "126228"
      },
      {
        "date": "2014-06-05T21:13:52",
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "date": "2014-06-27T18:43:23",
        "db": "PACKETSTORM",
        "id": "127265"
      },
      {
        "date": "2014-08-26T11:11:00",
        "db": "PACKETSTORM",
        "id": "128001"
      },
      {
        "date": "2014-04-09T23:30:40",
        "db": "PACKETSTORM",
        "id": "126097"
      },
      {
        "date": "2014-04-09T22:49:02",
        "db": "PACKETSTORM",
        "id": "126087"
      },
      {
        "date": "2014-03-25T13:25:21.977000",
        "db": "NVD",
        "id": "CVE-2014-0076"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0076"
      },
      {
        "date": "2017-05-23T16:25:00",
        "db": "BID",
        "id": "66363"
      },
      {
        "date": "2023-02-13T00:31:07.977000",
        "db": "NVD",
        "id": "CVE-2014-0076"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "66363"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL CVE-2014-0076 Information Disclosure Weakness",
    "sources": [
      {
        "db": "BID",
        "id": "66363"
      }
    ],
    "trust": 0.3
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "66363"
      }
    ],
    "trust": 0.3
  }
}

var-200110-0175
Vulnerability from variot

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. OpenSSL library vulnerabilities:

ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

(CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
allows remote attackers to cause a denial of service (infinite
loop and memory consumption) via malformed ASN.1 structures that
trigger an improperly handled error condition.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

(CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
SSH protocol, allows remote attackers to cause a denial of service
(CPU consumption) via an SSH packet that contains duplicate blocks,
which is not properly handled by the CRC compensation attack
detector.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)

files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  2. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . ASN.1 Denial of Service Attack (1/2)

 During the parsing of certain invalid ASN.1 structures an error
 condition is mishandled. ASN.1 Denial of Service Attack (2/2)

 Certain types of public key can take disproportionate amounts of
 time to process. SSL_get_shared_ciphers() Buffer Overflow

 A buffer overflow was discovered in the SSL_get_shared_ciphers()
 utility function. An attacker could send a list of ciphers to an
 application that uses this function and overrun a buffer. SSLv2 Client Crash

 A flaw in the SSLv2 client code was discovered.

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02824490 Version: 1

HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-05-05 Last Updated: 2011-05-05

Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications.

References: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html

CSWS_PHP V2.2 http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html

HISTORY Version:1 (rev.1) - 5 May 2011 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0175",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "5.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "6.06"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "5.10"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar410v2"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar450s"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar550s"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar570s"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar740"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10cu2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0.8"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux personal",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "fitelnet-f series",
        "scope": null,
        "trust": 0.8,
        "vendor": "furukawa electric",
        "version": null
      },
      {
        "model": "mucho series",
        "scope": null,
        "trust": 0.8,
        "vendor": "furukawa electric",
        "version": null
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.10"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.9"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "x8610.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.50.3.45"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "ciscosecure acs appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1111"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "mds 9216i",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.10.2.65"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "ciscosecure acs for windows and unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.48"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.47"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.22"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i standard edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i personal edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i enterprise edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle8i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "oracle8i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4.0"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.5"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.4.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.0.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.2.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.1.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "identity management 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.0.1"
      },
      {
        "model": "9i application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0.2.2"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3"
      },
      {
        "model": "e-business suite 11i cu2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.9"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.8"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.7"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "developer suite 6i",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.2"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.1"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.0"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.2.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle for openview for linux ltu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1.1"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.7"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-4343",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-4343",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4343",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#221788",
            "trust": 0.8,
            "value": "4.20"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-534",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. ASN.1 Denial of Service Attack (1/2)\n\n     During the parsing of certain invalid ASN.1 structures an error\n     condition is mishandled. ASN.1 Denial of Service Attack (2/2)\n\n     Certain types of public key can take disproportionate amounts of\n     time to process. SSL_get_shared_ciphers() Buffer Overflow\n\n     A buffer overflow was discovered in the SSL_get_shared_ciphers()\n     utility function. An attacker could send a list of ciphers to an\n     application that uses this function and overrun a buffer. SSLv2 Client Crash\n \n     A flaw in the SSLv2 client code was discovered. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02824490\nVersion: 1\n\nHPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-05-05\nLast Updated: 2011-05-05\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. \n\nReferences: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \n http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html\n\nCSWS_PHP V2.2\n http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html\n\nHISTORY\nVersion:1 (rev.1) - 5 May 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n    -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n    -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      }
    ],
    "trust": 5.76
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343",
        "trust": 3.8
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 3.7
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 2.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25420",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1973",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4443",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29263",
        "trust": 1.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4773",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "id": "VAR-200110-0175",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.32525984999999996
  },
  "last_update_date": "2024-06-10T20:51:29.701000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Oracle Critical Patch Update - January 2007",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "openssl (V2.x)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1003"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102711",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "Oracle Critical Patch Update - January 2007",
        "trust": 0.8,
        "url": "http://otn.oracle.co.jp/security/070119_77/top.html"
      },
      {
        "title": "X.509\u8a3c\u660e\u66f8\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20071108.html"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      },
      {
        "title": "729618/NISCC/PARASITIC-KEYS",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/niscc729618.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-DesignError",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.7,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/386964"
      },
      {
        "trust": 1.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 1.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25420"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29263"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4443"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1973"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10207"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4356"
      },
      {
        "trust": 1.0,
        "url": "https://www.exploit-db.com/exploits/4773"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr044501.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/niscc/niscc-729618/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4343"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf?lang=en"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/index.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/221788"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/457193"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/464470"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458657"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458036"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458006"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458037"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458005"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458041"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458038"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458475"
      },
      {
        "trust": 0.3,
        "url": "http://docs.info.apple.com/article.html?artnum=307177"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.2,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20246"
      },
      {
        "date": "2007-01-16T00:00:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2011-05-10T00:45:11",
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T09:25:00",
        "db": "BID",
        "id": "20246"
      },
      {
        "date": "2008-05-20T23:05:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "date": "2018-10-17T21:36:13.210000",
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "design error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      }
    ],
    "trust": 0.6
  }
}

var-202102-1490
Vulnerability from variot

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x). OpenSSL There is a security level vulnerability in.Information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Important: Red Hat Advanced Cluster Management for Kubernetes version 2.3 Advisory ID: RHSA-2021:3016-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2021:3016 Issue date: 2021-08-05 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2018-20843 CVE-2018-1000858 CVE-2019-2708 CVE-2019-9169 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 CVE-2019-19906 CVE-2019-20454 CVE-2019-20934 CVE-2019-25013 CVE-2020-1730 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-11668 CVE-2020-13434 CVE-2020-15358 CVE-2020-27618 CVE-2020-28196 CVE-2020-28469 CVE-2020-28500 CVE-2020-28851 CVE-2020-28852 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2021-3326 CVE-2021-3377 CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-3560 CVE-2021-20271 CVE-2021-20305 CVE-2021-21272 CVE-2021-21309 CVE-2021-21321 CVE-2021-21322 CVE-2021-23337 CVE-2021-23343 CVE-2021-23346 CVE-2021-23362 CVE-2021-23364 CVE-2021-23368 CVE-2021-23369 CVE-2021-23382 CVE-2021-23383 CVE-2021-23839 CVE-2021-23840 CVE-2021-23841 CVE-2021-25217 CVE-2021-27219 CVE-2021-27292 CVE-2021-27358 CVE-2021-28092 CVE-2021-28918 CVE-2021-29418 CVE-2021-29477 CVE-2021-29478 CVE-2021-29482 CVE-2021-32399 CVE-2021-33033 CVE-2021-33034 CVE-2021-33502 CVE-2021-33623 CVE-2021-33909 CVE-2021-33910 =====================================================================

  1. Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.3.0 General Availability release images, which fix several bugs and security issues.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.

  1. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images

Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/

Security:

  • fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321)

  • fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322)

  • nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)

  • redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)

  • redis: Integer overflow via COPY command for large intsets (CVE-2021-29478)

  • nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)

  • nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)

  • golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing

  • -u- extension (CVE-2020-28851)

  • golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)

  • nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)

  • oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)

  • redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)

  • nodejs-lodash: command injection via template (CVE-2021-23337)

  • nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362)

  • browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)

  • nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)

  • nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)

  • nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)

  • nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)

  • openssl: integer overflow in CipherUpdate (CVE-2021-23840)

  • openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)

  • nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)

  • grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358)

  • nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)

  • nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)

  • ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)

  • normalize-url: ReDoS for data URLs (CVE-2021-33502)

  • nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)

  • nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)

  • html-parse-stringify: Regular Expression DoS (CVE-2021-23346)

  • openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)

For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.

Bugs:

  • RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444)

  • cluster became offline after apiserver health check (BZ# 1942589)

  • Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html-single/install/index#installing

  1. Bugs fixed (https://bugzilla.redhat.com/):

1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters

  1. References:

https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2018-1000858 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20934 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-11668 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-28469 https://access.redhat.com/security/cve/CVE-2020-28500 https://access.redhat.com/security/cve/CVE-2020-28851 https://access.redhat.com/security/cve/CVE-2020-28852 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3377 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2021-3560 https://access.redhat.com/security/cve/CVE-2021-20271 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-21272 https://access.redhat.com/security/cve/CVE-2021-21309 https://access.redhat.com/security/cve/CVE-2021-21321 https://access.redhat.com/security/cve/CVE-2021-21322 https://access.redhat.com/security/cve/CVE-2021-23337 https://access.redhat.com/security/cve/CVE-2021-23343 https://access.redhat.com/security/cve/CVE-2021-23346 https://access.redhat.com/security/cve/CVE-2021-23362 https://access.redhat.com/security/cve/CVE-2021-23364 https://access.redhat.com/security/cve/CVE-2021-23368 https://access.redhat.com/security/cve/CVE-2021-23369 https://access.redhat.com/security/cve/CVE-2021-23382 https://access.redhat.com/security/cve/CVE-2021-23383 https://access.redhat.com/security/cve/CVE-2021-23839 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-25217 https://access.redhat.com/security/cve/CVE-2021-27219 https://access.redhat.com/security/cve/CVE-2021-27292 https://access.redhat.com/security/cve/CVE-2021-27358 https://access.redhat.com/security/cve/CVE-2021-28092 https://access.redhat.com/security/cve/CVE-2021-28918 https://access.redhat.com/security/cve/CVE-2021-29418 https://access.redhat.com/security/cve/CVE-2021-29477 https://access.redhat.com/security/cve/CVE-2021-29478 https://access.redhat.com/security/cve/CVE-2021-29482 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/cve/CVE-2021-33033 https://access.redhat.com/security/cve/CVE-2021-33034 https://access.redhat.com/security/cve/CVE-2021-33502 https://access.redhat.com/security/cve/CVE-2021-33623 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/cve/CVE-2021-33910 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYQyKDNzjgjWX9erEAQhAWQ//fU2h/y+76CVkExXChhgJ779lC9Ec1f+X 6yw1b2WCHcztbTwyRtZw90dvIA1rNIDBrd83jIwfzsXzxEfGcCTriOmotHKX44+4 w6uPpmPSOBTsXB/yV/kvbPWpUKkahITC2uvjaInzO2zMmUQ2ntNGpvPu7BbFLmL1 oHMVIZaJ+zrPifwPhGqlp3rAkYe6uGobdvwtrOMXw8L5VnJor+35xLjos5k30IlC 4lftpWm9cD4oozdb5hw4A0i8fyAvue4hzpmgPfUJ6bngux8wycYhPGiRJR1HX03T MSXsWNBtqXNcB7r/GGqen73rr/eyyqsqfJ7+l8Uu7ph5cjk04foZcMqg+rz/1xne gVPkWcUJT8j7BH2sO8qiMdfYNl3+xNqPI9MtPEI8K/eiwynwETZqsKnEGIyhcTcX xe08Io2jV3jlnpQO/SBcvpKyzcqhDOuNBH2ozhn7Ka68WIMk2OuWempQcyDlWizO 1UbgoiMVb0hlP0APVpJKNtpfFCjBzFC24gWSAOPTep3vzA418Sn/moCJupM+3PPA QIzkGAt9f7sffI0JEg0JPEy0/aTmfsPm7XeR6DG+xF7o1nfy1SOcf+tcnPD0K+z8 8fS0uUMB/wO2s5yQ1TctsYzL9S5HRwMtnq7qKwWq9ItYzdQB4pcmyK1WgJAHVAtf Omk9Hj44tdI= =X9lR -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . OpenSSL Security Advisory [16 February 2021] ============================================

Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841)

Severity: Moderate

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack.

This issue was reported to OpenSSL on 15th December 2020 by Tavis Ormandy from Google. The fix was developed by Matt Caswell.

Incorrect SSLv2 rollback protection (CVE-2021-23839)

Severity: Low

OpenSSL 1.0.2 supports SSLv2.

This issue was reported to OpenSSL on 21st January 2021 by D. Katz and Joel Luellwitz from Trustwave. The fix was developed by Matt Caswell.

Integer overflow in CipherUpdate (CVE-2021-23840)

Severity: Low

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.

This issue was reported to OpenSSL on 13th December 2020 by Paul Kehrer. The fix was developed by Matt Caswell.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20210216.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202102-1490",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.4.0.0"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2x"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2s"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.5.0.0.0"
      },
      {
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "20.3.1.2"
      },
      {
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.3.5"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.9.0.0.0"
      },
      {
        "model": "sinec ins",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.0.0.2"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "zfs storage appliance kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.8"
      },
      {
        "model": "enterprise manager for storage management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.4.0.0"
      },
      {
        "model": "jd edwards world security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "a9.4"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "sinec ins",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "model": "oracle graalvm",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30aa\u30e9\u30af\u30eb",
        "version": null
      },
      {
        "model": "oracle enterprise manager ops center",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30aa\u30e9\u30af\u30eb",
        "version": null
      },
      {
        "model": "openssl",
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003872"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23839"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.2x",
                "versionStartIncluding": "1.0.2s",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:community:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:community:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-23839"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens reported these vulnerabilities to CISA.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1230"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-23839",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-23839",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.7,
            "baseSeverity": "Low",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-23839",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-23839",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-1230",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-23839",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-23839"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003872"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23839"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1230"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x). OpenSSL There is a security level vulnerability in.Information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat Advanced Cluster Management for Kubernetes version 2.3\nAdvisory ID:       RHSA-2021:3016-01\nProduct:           Red Hat ACM\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:3016\nIssue date:        2021-08-05\nCVE Names:         CVE-2016-10228 CVE-2017-14502 CVE-2018-20843 \n                   CVE-2018-1000858 CVE-2019-2708 CVE-2019-9169 \n                   CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 \n                   CVE-2019-15903 CVE-2019-19906 CVE-2019-20454 \n                   CVE-2019-20934 CVE-2019-25013 CVE-2020-1730 \n                   CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 \n                   CVE-2020-8286 CVE-2020-8927 CVE-2020-11668 \n                   CVE-2020-13434 CVE-2020-15358 CVE-2020-27618 \n                   CVE-2020-28196 CVE-2020-28469 CVE-2020-28500 \n                   CVE-2020-28851 CVE-2020-28852 CVE-2020-29361 \n                   CVE-2020-29362 CVE-2020-29363 CVE-2021-3326 \n                   CVE-2021-3377 CVE-2021-3449 CVE-2021-3450 \n                   CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 \n                   CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 \n                   CVE-2021-3560 CVE-2021-20271 CVE-2021-20305 \n                   CVE-2021-21272 CVE-2021-21309 CVE-2021-21321 \n                   CVE-2021-21322 CVE-2021-23337 CVE-2021-23343 \n                   CVE-2021-23346 CVE-2021-23362 CVE-2021-23364 \n                   CVE-2021-23368 CVE-2021-23369 CVE-2021-23382 \n                   CVE-2021-23383 CVE-2021-23839 CVE-2021-23840 \n                   CVE-2021-23841 CVE-2021-25217 CVE-2021-27219 \n                   CVE-2021-27292 CVE-2021-27358 CVE-2021-28092 \n                   CVE-2021-28918 CVE-2021-29418 CVE-2021-29477 \n                   CVE-2021-29478 CVE-2021-29482 CVE-2021-32399 \n                   CVE-2021-33033 CVE-2021-33034 CVE-2021-33502 \n                   CVE-2021-33623 CVE-2021-33909 CVE-2021-33910 \n=====================================================================\n\n1. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.0 General\nAvailability release images, which fix several bugs and security issues. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.0 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs and security issues. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html/release_notes/\n\nSecurity:\n\n* fastify-reply-from: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21321)\n\n* fastify-http-proxy: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21322)\n\n* nodejs-netmask: improper input validation of octal input data\n(CVE-2021-28918)\n\n* redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)\n\n* redis: Integer overflow via COPY command for large intsets\n(CVE-2021-29478)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n(CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing\n- -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing\nbcp47 tag (CVE-2020-28852)\n\n* nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)\n\n* oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)\n\n* redis: integer overflow when configurable limit for maximum supported\nbulk input size is too big on 32-bit platforms (CVE-2021-21309)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* nodejs-hosted-git-info: Regular Expression denial of service via\nshortcutMatch in fromUrl() (CVE-2021-23362)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with strict:true option (CVE-2021-23369)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with compat:true option (CVE-2021-23383)\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n(CVE-2021-23841)\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n(CVE-2021-27292)\n\n* grafana: snapshot feature allow an unauthenticated remote attacker to\ntrigger a DoS via a remote API call (CVE-2021-27358)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-netmask: incorrectly parses an IP address that has octal integer\nwith invalid character (CVE-2021-29418)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n(CVE-2021-29482)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\n* html-parse-stringify: Regular Expression DoS (CVE-2021-23346)\n\n* openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\nBugs:\n\n* RFE Make the source code for the endpoint-metrics-operator public (BZ#\n1913444)\n\n* cluster became offline after apiserver health check (BZ# 1942589)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html-single/install/index#installing\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension\n1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag\n1913444 - RFE Make the source code for the endpoint-metrics-operator public\n1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull\n1927520 - RHACM 2.3.0 images\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application\n1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call\n1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS\n1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service\n1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service\n1942589 - cluster became offline after apiserver health check\n1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()\n1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command\n1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets\n1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs\n1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method\n1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions\n1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id\n1983131 - Defragmenting an etcd member doesn\u0027t reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2017-14502\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2018-1000858\nhttps://access.redhat.com/security/cve/CVE-2019-2708\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20934\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-8231\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-11668\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-28196\nhttps://access.redhat.com/security/cve/CVE-2020-28469\nhttps://access.redhat.com/security/cve/CVE-2020-28500\nhttps://access.redhat.com/security/cve/CVE-2020-28851\nhttps://access.redhat.com/security/cve/CVE-2020-28852\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-3377\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/cve/CVE-2021-3516\nhttps://access.redhat.com/security/cve/CVE-2021-3517\nhttps://access.redhat.com/security/cve/CVE-2021-3518\nhttps://access.redhat.com/security/cve/CVE-2021-3520\nhttps://access.redhat.com/security/cve/CVE-2021-3537\nhttps://access.redhat.com/security/cve/CVE-2021-3541\nhttps://access.redhat.com/security/cve/CVE-2021-3560\nhttps://access.redhat.com/security/cve/CVE-2021-20271\nhttps://access.redhat.com/security/cve/CVE-2021-20305\nhttps://access.redhat.com/security/cve/CVE-2021-21272\nhttps://access.redhat.com/security/cve/CVE-2021-21309\nhttps://access.redhat.com/security/cve/CVE-2021-21321\nhttps://access.redhat.com/security/cve/CVE-2021-21322\nhttps://access.redhat.com/security/cve/CVE-2021-23337\nhttps://access.redhat.com/security/cve/CVE-2021-23343\nhttps://access.redhat.com/security/cve/CVE-2021-23346\nhttps://access.redhat.com/security/cve/CVE-2021-23362\nhttps://access.redhat.com/security/cve/CVE-2021-23364\nhttps://access.redhat.com/security/cve/CVE-2021-23368\nhttps://access.redhat.com/security/cve/CVE-2021-23369\nhttps://access.redhat.com/security/cve/CVE-2021-23382\nhttps://access.redhat.com/security/cve/CVE-2021-23383\nhttps://access.redhat.com/security/cve/CVE-2021-23839\nhttps://access.redhat.com/security/cve/CVE-2021-23840\nhttps://access.redhat.com/security/cve/CVE-2021-23841\nhttps://access.redhat.com/security/cve/CVE-2021-25217\nhttps://access.redhat.com/security/cve/CVE-2021-27219\nhttps://access.redhat.com/security/cve/CVE-2021-27292\nhttps://access.redhat.com/security/cve/CVE-2021-27358\nhttps://access.redhat.com/security/cve/CVE-2021-28092\nhttps://access.redhat.com/security/cve/CVE-2021-28918\nhttps://access.redhat.com/security/cve/CVE-2021-29418\nhttps://access.redhat.com/security/cve/CVE-2021-29477\nhttps://access.redhat.com/security/cve/CVE-2021-29478\nhttps://access.redhat.com/security/cve/CVE-2021-29482\nhttps://access.redhat.com/security/cve/CVE-2021-32399\nhttps://access.redhat.com/security/cve/CVE-2021-33033\nhttps://access.redhat.com/security/cve/CVE-2021-33034\nhttps://access.redhat.com/security/cve/CVE-2021-33502\nhttps://access.redhat.com/security/cve/CVE-2021-33623\nhttps://access.redhat.com/security/cve/CVE-2021-33909\nhttps://access.redhat.com/security/cve/CVE-2021-33910\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYQyKDNzjgjWX9erEAQhAWQ//fU2h/y+76CVkExXChhgJ779lC9Ec1f+X\n6yw1b2WCHcztbTwyRtZw90dvIA1rNIDBrd83jIwfzsXzxEfGcCTriOmotHKX44+4\nw6uPpmPSOBTsXB/yV/kvbPWpUKkahITC2uvjaInzO2zMmUQ2ntNGpvPu7BbFLmL1\noHMVIZaJ+zrPifwPhGqlp3rAkYe6uGobdvwtrOMXw8L5VnJor+35xLjos5k30IlC\n4lftpWm9cD4oozdb5hw4A0i8fyAvue4hzpmgPfUJ6bngux8wycYhPGiRJR1HX03T\nMSXsWNBtqXNcB7r/GGqen73rr/eyyqsqfJ7+l8Uu7ph5cjk04foZcMqg+rz/1xne\ngVPkWcUJT8j7BH2sO8qiMdfYNl3+xNqPI9MtPEI8K/eiwynwETZqsKnEGIyhcTcX\nxe08Io2jV3jlnpQO/SBcvpKyzcqhDOuNBH2ozhn7Ka68WIMk2OuWempQcyDlWizO\n1UbgoiMVb0hlP0APVpJKNtpfFCjBzFC24gWSAOPTep3vzA418Sn/moCJupM+3PPA\nQIzkGAt9f7sffI0JEg0JPEy0/aTmfsPm7XeR6DG+xF7o1nfy1SOcf+tcnPD0K+z8\n8fS0uUMB/wO2s5yQ1TctsYzL9S5HRwMtnq7qKwWq9ItYzdQB4pcmyK1WgJAHVAtf\nOmk9Hj44tdI=\n=X9lR\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. OpenSSL Security Advisory [16 February 2021]\n============================================\n\nNull pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841)\n====================================================================\n\nSeverity: Moderate\n\nThe OpenSSL public API function X509_issuer_and_serial_hash() attempts to\ncreate a unique hash value based on the issuer and serial number data contained\nwithin an X509 certificate. However it fails to correctly handle any errors\nthat may occur while parsing the issuer field (which might occur if the issuer\nfield is maliciously constructed). This may subsequently result in a NULL\npointer deref and a crash leading to a potential denial of service attack. \n\nThis issue was reported to OpenSSL on 15th December 2020 by Tavis Ormandy from\nGoogle. The fix was developed by Matt Caswell. \n\nIncorrect SSLv2 rollback protection (CVE-2021-23839)\n====================================================\n\nSeverity: Low\n\nOpenSSL 1.0.2 supports SSLv2. \n\nThis issue was reported to OpenSSL on 21st January 2021 by D. Katz and Joel\nLuellwitz from Trustwave. The fix was developed by Matt Caswell. \n\nInteger overflow in CipherUpdate (CVE-2021-23840)\n=================================================\n\nSeverity: Low\n\nCalls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow\nthe output length argument in some cases where the input length is close to the\nmaximum permissable length for an integer on the platform. In such cases the\nreturn value from the function call will be 1 (indicating success), but the\noutput length value will be negative. This could cause applications to behave\nincorrectly or crash. \n\nThis issue was reported to OpenSSL on 13th December 2020 by Paul Kehrer. The fix\nwas developed by Matt Caswell. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20210216.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-23839"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003872"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23839"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "169676"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-23839",
        "trust": 3.5
      },
      {
        "db": "SIEMENS",
        "id": "SSA-637483",
        "trust": 1.7
      },
      {
        "db": "PULSESECURE",
        "id": "SA44846",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-258-05",
        "trust": 1.5
      },
      {
        "db": "JVN",
        "id": "JVNVU99475301",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94508446",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003872",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0636",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2259.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4616",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1502",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2657",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041501",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022071618",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021092209",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1230",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23839",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163747",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169676",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-23839"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003872"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "169676"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23839"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1230"
      }
    ]
  },
  "id": "VAR-202102-1490",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.20766129
  },
  "last_update_date": "2023-12-18T11:21:40.055000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0April\u00a02021 Mitsubishi Electric Mitsubishi Electric Corporation",
        "trust": 0.8,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30919ab80a478f2d81f2e9acdcca3fa4740cd547"
      },
      {
        "title": "OpenSSL Fixes for encryption problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142768"
      },
      {
        "title": "IBM: Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2021-23839, CVE-2021-23840, and CVE-2021-23841)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3d5f5025c65711c2d9489cd9fe502978"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-23839 log"
      },
      {
        "title": "IBM: Security Bulletin: IBM MQ for HP NonStop Server is affected by OpenSSL vulnerabilities  CVE-2021-23839, CVE-2021-23840 and CVE-2021-23841",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9ff59b7038a3eb3a3ff198d62d8029d1"
      },
      {
        "title": "IBM: Security Bulletin:  Multiple OpenSSL Vulnerabilities Affect  IBM Connect:Direct for HP NonStop",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=10390d4e672c305fd00ed46b83871274"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2021-1608",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1608"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2021-23839 "
      },
      {
        "title": "CVE-2021-23839",
        "trust": 0.1,
        "url": "https://github.com/pwncast/cve-2021-23839 "
      },
      {
        "title": "tekton-image-scan-trivy",
        "trust": 0.1,
        "url": "https://github.com/vinamra28/tekton-image-scan-trivy "
      },
      {
        "title": "TASSL-1.1.1k",
        "trust": 0.1,
        "url": "https://github.com/jntass/tassl-1.1.1k "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/scholarnishu/trivy-by-aquasecurity "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/isgo-golgo13/gokit-gorillakit-enginesvc "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/fredrkl/trivy-demo "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-23839"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003872"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1230"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-327",
        "trust": 1.0
      },
      {
        "problemtype": "Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003872"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23839"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://www.openssl.org/news/secadv/20210216.txt"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44846"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23839"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=30919ab80a478f2d81f2e9acdcca3fa4740cd547"
      },
      {
        "trust": 0.9,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu94508446/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99475301/"
      },
      {
        "trust": 0.7,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-aix-cve-2021-23839-cve-2021-23840-and-cve-2021-23841-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30919ab80a478f2d81f2e9acdcca3fa4740cd547"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-v2-103-000-051-and-modules/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-openssl-vulnerabilities-affect-ibm-connectdirect-for-hp-nonstop/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1502"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2657"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonstop-server-is-affected-by-multiple-openssl-vulnerabilities-cve-2021-23839-cve-2021-23840-and-cve-2021-23841/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerabilities-cve-2021-23839-cve-2021-23840-and-cve-2021-23841/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0636"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041501"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectexpress-for-unix-is-affected-by-multiple-vulnerabilities-in-openssl-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-engineering-lifecycle-management-and-ibm-engineering-products/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021092209"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022071618"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-for-node-js-in-ibm-cloud-5/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4616"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-rational-clearcase-cve-2020-1971-cve-2021-23839-cve-2021-23840-cve-2021-23841-cve-2021-23839-cve-2021-23840-cve-2021-23841/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-aix-cve-2021-23839-cve-2021-23840-and-cve-2021-23841/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/openssl-1-0-2-read-write-access-via-sslv2-rollback-protection-bypass-34596"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2021-23839-cve-2021-23840-cve/"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-258-05"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-cve-2021-23839-cve-2021-23840/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-cve-2021-23839-cve-2021-23840-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2021-23839-cve-2021-23840-cve-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2259.2"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-fixed-in-openssl-as-shipped-with-ibm-security-verify-products/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/327.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2021-23839"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/pwncast/cve-2021-23839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20454"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28469"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28500"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20305"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15358"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29418"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13050"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33034"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28092"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3520"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20843"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13434"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3537"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8231"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33909"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27219"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29482"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3518"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23337"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-32399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27358"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23369"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3516"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21321"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23368"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-14502"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8285"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11668"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9169"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23364"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21309"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33502"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23841"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29361"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28918"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3517"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28851"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3560"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33033"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1000858"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14889"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1730"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3541"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13627"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25217"
      },
      {
        "trust": 0.1,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3016"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3377"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20271"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3326"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3450"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-2708"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21272"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29477"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27292"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23346"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29478"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8927"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11668"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19906"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29363"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33623"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21322"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-10228"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23382"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8284"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33910"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27618"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/support/contracts.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-23839"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003872"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "169676"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23839"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1230"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-23839"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003872"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "169676"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23839"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1230"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-23839"
      },
      {
        "date": "2021-11-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003872"
      },
      {
        "date": "2021-08-06T14:02:37",
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "date": "2021-02-16T12:12:12",
        "db": "PACKETSTORM",
        "id": "169676"
      },
      {
        "date": "2021-02-16T17:15:13.190000",
        "db": "NVD",
        "id": "CVE-2021-23839"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-02-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-1230"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-23839"
      },
      {
        "date": "2022-09-20T06:06:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003872"
      },
      {
        "date": "2023-11-07T03:30:54.957000",
        "db": "NVD",
        "id": "CVE-2021-23839"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2022-09-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-1230"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1230"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL\u00a0 Cryptographic strength vulnerabilities in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003872"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-201609-0031
Vulnerability from variot

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. OpenSSL is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause a denial-of-service condition. Versions prior to OpenSSL 1.1.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-2178)

  • It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181)

  • An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. (CVE-2016-2182)

  • A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)

This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.

  • An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. (CVE-2016-6302)

  • Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)

  • An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm

ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm

s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm

ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm

s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm

s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/

CVE-2016-2178

Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.

CVE-2016-2179 / CVE-2016-2181

Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4.

For the unstable distribution (sid), these problems will be fixed soon. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016

openssl regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

USN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.

We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38

After a standard system update you need to reboot your computer to make all the necessary changes. OpenSSL Security Advisory [22 Sep 2016] ========================================

OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

Severity: High

A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.

Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.

OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

SSL_peek() hang on empty record (CVE-2016-6305)

Severity: Moderate

OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.

SWEET32 Mitigation (CVE-2016-2183)

Severity: Low

SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.

OOB write in MDC2_Update() (CVE-2016-6303)

Severity: Low

An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.

The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Malformed SHA512 ticket DoS (CVE-2016-6302)

Severity: Low

If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.

The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB write in BN_bn2dec() (CVE-2016-2182)

Severity: Low

The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB read in TS_OBJ_print_bio() (CVE-2016-2180)

Severity: Low

The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Pointer arithmetic undefined behaviour (CVE-2016-2177)

Severity: Low

Avoid some undefined pointer arithmetic

A common idiom in the codebase is to check limits in the following manner: "p + len > limit"

Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS message).

The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.

For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

Constant time flag not preserved in DSA signing (CVE-2016-2178)

Severity: Low

Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.

DTLS buffered message DoS (CVE-2016-2179)

Severity: Low

In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.

DTLS replay protection DoS (CVE-2016-2181)

Severity: Low

A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.

Certificate message OOB reads (CVE-2016-6306)

Severity: Low

In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.

The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.

OpenSSL 1.1.0 is not affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)

Severity: Low

A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect DTLS users.

OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)

Severity: Low

This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.

A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect TLS users.

OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0031",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1t"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "(linux edition )"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "sg3600 all series"
      },
      {
        "model": "ix1000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard v8.2 to  v9.4"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v8.5"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "stealthwatch udp director",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud web security",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex centers t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13150-13"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center enterprise live data server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "nexus series blade switches 4.1 e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "project openssl 1.0.2i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "stealthwatch management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment 5.1.fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.2"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.5"
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router 1.2.1rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "nexus intercloud for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.14"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches standalone nx-os mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3.1"
      },
      {
        "model": "nexus series switches standalone nx-os mode 7.0 i5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.26"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.11"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.1.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.9"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.8"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "telepresence sx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0.1"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8200"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.9"
      },
      {
        "model": "unified communications manager im \u0026 presence service (formerly c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.5"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "9"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "10.1"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "10.2"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "10"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.1.3"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0.7"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.11"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "partner support service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus intercloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.9"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime collaboration assurance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "email gateway 7.6.2h968406",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "webex meetings client on-premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified wireless ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6(1)"
      },
      {
        "model": "services provisioning platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "nac appliance clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.405"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "services provisioning platform sfp1.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "small business spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.8"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.5"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "jabber for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.4"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "12"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.9"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3.8"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "stealthwatch identity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.2"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2(1)"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.1"
      },
      {
        "model": "unified workforce optimization quality management solution 11.5 su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "universal small cell iuh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.2"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "11.1"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "infinity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "13"
      },
      {
        "model": "jabber client framework components",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings client on-premises t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dcm series d9900 digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.19"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.4"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "prime network services controller 1.01u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9.15.9.8"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.10"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103204.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.10"
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.1"
      },
      {
        "model": "telepresence system ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.5(3)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series blade switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-376.1"
      },
      {
        "model": "jabber for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence profile series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1.0.0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.10"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.28"
      },
      {
        "model": "edge digital media player 1.6rb5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.12"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "telepresence isdn gateway mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "wireless lan controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.3"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.33"
      },
      {
        "model": "telepresence mx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.23"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.401"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.8"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.7"
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "tandberg codian isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway 7.6.405h1165239",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.9"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9.0"
      },
      {
        "model": "digital media manager 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.2"
      },
      {
        "model": "project openssl 1.0.1t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-37"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.7"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "broadband access center telco and wireless",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.3"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.19"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "webex meetings server multimedia platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified ip conference phone 10.3.1sr4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.5"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "series stackable managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.11"
      },
      {
        "model": "prime optical",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "series stackable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "aironet series access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27000"
      },
      {
        "model": "onepk all-in-one virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "11"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13006.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11006.1"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "telepresence sx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl 1.0.1u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nac appliance clean access server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.0.1"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime optical for service providers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart care",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.11"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "edge digital media player 1.2rb1.0.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "340"
      },
      {
        "model": "network performance analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.19"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82.8"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.7"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.7"
      },
      {
        "model": "telepresence integrator c series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "agent desktop",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "content security management appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.140"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.8"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.14"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "jabber client framework components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "telepresence system tx9000",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.403"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "unified sip proxy software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.4.7895"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "mobility services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "telepresence server and mse",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087104.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.6"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "ucs series and series fabric interconnects",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "620063000"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.3.0"
      },
      {
        "model": "netflow generation appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(1)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.6"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.2"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.3-6513"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.28"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.9"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.29"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "spa51x ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.8.15.7.15"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "prime infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "9.1"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.23"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103200"
      },
      {
        "model": "small business series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.24"
      },
      {
        "model": "content security appliance update servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "videoscape anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.7.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.6"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.9"
      },
      {
        "model": "universal small cell iuh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.2"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.4"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-326.1"
      },
      {
        "model": "unity express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.8"
      },
      {
        "model": "small business series managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10006.1"
      },
      {
        "model": "telepresence isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "series smart plus switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2200"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.4.1102"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0x"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "telepresence system series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30006.1"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.4"
      },
      {
        "model": "one portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.13"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.12"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "unified attendant console standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.5"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.32"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.9"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "7"
      },
      {
        "model": "mds series multilayer switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-3.0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "4"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart net total care local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.8.9"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "prime performance manager sp1611",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "unified ip phone 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.23"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.10"
      },
      {
        "model": "telepresence server and mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087100"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "12.2"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.19"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270015.5(3)"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-32"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.30"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.4"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.3.0.1098"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "digital media manager 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified workforce optimization quality management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.13"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "cloud object storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.5"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "ios xr software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.4"
      },
      {
        "model": "project openssl",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.1"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.4"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7.0"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47100"
      },
      {
        "model": "oss support tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.15.17.3.14"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.2.0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.2"
      },
      {
        "model": "prime infrastructure plug and play standalone gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.6"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.19"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.3"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8.1"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "12.1"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "connected analytics for collaboration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.3"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "5"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.8"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5(1.89)"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.003(002)"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.31"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8204.4"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.13"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.400"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "prime network",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "431"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.26"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "network analysis module 6.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system ex series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mxe series media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "ip series phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.9"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.3"
      },
      {
        "model": "emergency responder",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.27"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.17"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.18"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2.0.0"
      },
      {
        "model": "unified meetingplace 8.6mr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.406-3402.103"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.9"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "spa525g 5-line ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "unified ip conference phone for third-party call control 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway 7.6.405h1157986",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.23"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "webex meetings client hosted t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.15"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "6"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1.30"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.402"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "92987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004778"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2179"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-103"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2179"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-103"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-2179",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-2179",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-2179",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2179",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201609-103",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-2179",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2179"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004778"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2179"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-103"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. OpenSSL is prone to multiple denial-of-service vulnerabilities. \nAn attacker can exploit these issues to cause a denial-of-service condition. \nVersions prior to OpenSSL 1.1.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2016:1940-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1940.html\nIssue date:        2016-09-27\nCVE Names:         CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 \n                   CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 \n                   CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. \n(CVE-2016-2178)\n\n* It was discovered that the Datagram TLS (DTLS) implementation could fail\nto release memory in certain cases. A malicious DTLS client could cause a\nDTLS server using OpenSSL to consume an excessive amount of memory and,\npossibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw\nto make a DTLS server using OpenSSL to reject further packets sent from a\nDTLS client over an established DTLS connection. (CVE-2016-2181)\n\n* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()\nfunction. (CVE-2016-2182)\n\n* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL\nprotocol. A man-in-the-middle attacker could use this flaw to recover some\nplaintext data by capturing large amounts of encrypted traffic between\nTLS/SSL server and client if the communication used a DES/3DES based\nciphersuite. (CVE-2016-2183)\n\nThis update mitigates the CVE-2016-2183 issue by lowering priority of DES\ncipher suites so they are not preferred over cipher suites using AES. For\ncompatibility reasons, DES cipher suites remain enabled by default and\nincluded in the set of cipher suites identified by the HIGH cipher string. \nFuture updates may move them to MEDIUM or not enable them by default. \n\n* An integer underflow flaw leading to a buffer over-read was found in the\nway OpenSSL parsed TLS session tickets. (CVE-2016-6302)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* An out of bounds read flaw was found in the way OpenSSL formatted Public\nKey Infrastructure Time-Stamp Protocol data for printing. An attacker could\npossibly cause an application using OpenSSL to crash if it printed time\nstamp data from the attacker. A remote attacker could\npossibly use these flaws to crash a TLS/SSL server or client using OpenSSL. \n(CVE-2016-6306)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2179\nhttps://access.redhat.com/security/cve/CVE-2016-2180\nhttps://access.redhat.com/security/cve/CVE-2016-2181\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.openssl.org/news/secadv/20160922.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI\nxpTW7ApBLmKhVjs49DGYouI=\n=4VgY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Additional information can be found at\n    https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/    \n\nCVE-2016-2178\n\n    Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n    leak in the DSA code. \n\nCVE-2016-2179 / CVE-2016-2181\n\n    Quan Luo and the OCAP audit team discovered denial of service\n    vulnerabilities in DTLS. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4. \n\nFor the unstable distribution (sid), these problems will be fixed soon. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. This\n issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n  Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2181)\n  Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n  Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. \n (CVE-2016-2183)\n  Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)\n  Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2.  OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2179"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004778"
      },
      {
        "db": "BID",
        "id": "92987"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2179"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2179",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "92987",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1036689",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-21",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-20",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-16",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "PULSESECURE",
        "id": "SA40312",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU98667810",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004778",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-103",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2179",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138870",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138817",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138820",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138826",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169633",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2179"
      },
      {
        "db": "BID",
        "id": "92987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004778"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2179"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-103"
      }
    ]
  },
  "id": "VAR-201609-0031",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.41024942
  },
  "last_update_date": "2023-12-25T20:37:50.294000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160927-openssl",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "title": "1995039",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "title": "NV17-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "Fix DTLS buffered message DoS attack",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Oracle Linux Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "title": "SA40312",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "title": "SA132",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaapsv"
      },
      {
        "title": "TNS-2016-16",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=63926"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-2179"
      },
      {
        "title": "Red Hat: CVE-2016-2179",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2179"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-755",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16"
      },
      {
        "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20"
      },
      {
        "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "CVE Scanning of Alpine base images using Multi Stage builds in Docker 17.05\nSummary",
        "trust": 0.1,
        "url": "https://github.com/tomwillfixit/alpine-cvecheck "
      },
      {
        "title": "OpenSSL-CVE-lib",
        "trust": 0.1,
        "url": "https://github.com/chnzzh/openssl-cve-lib "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2179"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004778"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-103"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004778"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2179"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/92987"
      },
      {
        "trust": 1.7,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "trust": 1.7,
        "url": "http://www.splunk.com/view/sp-caaapsv"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1036689"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-21"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-20"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d"
      },
      {
        "trust": 0.9,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "trust": 0.9,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2179"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98667810/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2179"
      },
      {
        "trust": 0.8,
        "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1"
      },
      {
        "trust": 0.6,
        "url": "https://www.openssl.org/news/vulnerabilities.html#y2017"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2016-10-07.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995886"
      },
      {
        "trust": 0.2,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "trust": 0.2,
        "url": "http://www.ubuntu.com/usn/usn-3087-1"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=48598"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3087-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2181"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2179"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2182"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6302"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1626883"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-3087-2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://sweet32.info)"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2179"
      },
      {
        "db": "BID",
        "id": "92987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004778"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2179"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-103"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2179"
      },
      {
        "db": "BID",
        "id": "92987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004778"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2179"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-103"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2179"
      },
      {
        "date": "2016-06-30T00:00:00",
        "db": "BID",
        "id": "92987"
      },
      {
        "date": "2016-09-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004778"
      },
      {
        "date": "2016-09-27T19:32:00",
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "date": "2016-09-22T22:22:00",
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "date": "2016-09-22T22:25:00",
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "date": "2016-09-23T19:19:00",
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "date": "2016-09-22T12:12:12",
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "date": "2016-09-16T05:59:00.143000",
        "db": "NVD",
        "id": "CVE-2016-2179"
      },
      {
        "date": "2016-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-103"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2179"
      },
      {
        "date": "2018-01-18T12:00:00",
        "db": "BID",
        "id": "92987"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004778"
      },
      {
        "date": "2023-11-07T02:31:01.590000",
        "db": "NVD",
        "id": "CVE-2016-2179"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-103"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-103"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  DTLS Service disruption in implementations  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004778"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-103"
      }
    ],
    "trust": 0.6
  }
}

var-201602-0272
Vulnerability from variot

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. OpenSSL may generate unsafe primes for use in the Diffie-Hellman protocol, which may lead to disclosure of enough information for an attacker to recover the private encryption key. OpenSSL is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. Cisco Unified Computing System Central Software is prone to an arbitrary command-execution vulnerability. An attacker can exploit this issue to execute system commands on the underlying operating system. This issue being tracked by Cisco Bug ID CSCut46961. Description:

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05390893

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05390893 Version: 1

HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using OpenSSL, Remote Unauthorized Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-02-14 Last Updated: 2017-02-14

Potential Security Impact: Remote: Unauthorized Disclosure of Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed in HPE Network Products including Comware v7 and VCX. The vulnerabilities could be remotely exploited resulting in disclosure of information.

References:

  • CVE-2015-3197 - OpenSSL, Remote unauthorized disclosure of information
  • CVE-2016-0701 - OpenSSL, Remote unauthorized disclosure of information

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • VCX Products all prior versions - impacted by CVE-2015-3197 only. Please refer to the RESOLUTION below for a list of updated products.
  • Comware 7 (CW7) Products all prior versions - impacted by CVE-2015-3197 and CVE-2016-0701. Please refer to the RESOLUTION below for a list of updated products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2015-3197
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE-2016-0701
  3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software updates to resolve the vulnerability in the Comware v7 and VCX products.

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7377P01
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • 10500 (Comware 7) - Version: R7183
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • 12900 (Comware 7) - Version: R1150
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • 5900 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • MSR1000 (Comware 7) - Version: R0306P30
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • MSR2000 (Comware 7) - Version: R0306P30
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • MSR3000 (Comware 7) - Version: R0306P30
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG409A HP MSR3012 AC Router
    • JG409B HPE MSR3012 AC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • MSR4000 (Comware 7) - Version: R0306P30
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • MSR95X - Version: R0306P30
    • HP Network Products
    • JH296A HPE MSR954 1GbE SFP 2GbE-WAN 4GbE-LAN CWv7 Router
    • JH297A HPE MSR954-W 1GbE SFP (WW) 2GbE-WAN 4GbE-LAN Wireless 802.11n CWv7 Router
    • JH298A HPE MSR954-W 1GbE SFP LTE (AM) 2GbE-WAN 4GbE-LAN Wireless 802.11n CWv7 Router
    • JH299A HPE MSR954-W 1GbE SFP LTE (WW) 2GbE-WAN 4GbE-LAN Wireless 802.11n CWv7 Router
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • VSR (Comware 7) - Version: E0322P01
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • 7900 (Comware 7) - Version: R2150
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • 5130EI (Comware 7) - Version: R3113P02
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • 6125XLG - Version: R2432P01
    • HP Network Products
    • 711307-B21 HP 6125XLG Blade Switch
    • 737230-B21 HP 6125XLG Blade Switch with TAA
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • 6127XLG - Version: R2432P01
    • HP Network Products
    • 787635-B21 HP 6127XLG Blade Switch Opt Kit
    • 787635-B22 HP 6127XLG Blade Switch with TAA
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • Moonshot - Version: R2432P01
    • HP Network Products
    • 786617-B21 - HP Moonshot-45Gc Switch Module
    • 704654-B21 - HP Moonshot-45XGc Switch Module
    • 786619-B21 - HP Moonshot-180XGc Switch Module
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • 5700 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • 5930 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • 1950 (Comware 7) - Version: R3113P02
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • 7500 (Comware 7) - Version: R7183
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • 5130HI - Version: R1120P07
    • HP Network Products
    • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
    • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
    • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
    • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • 5510HI - Version: R1120P07
    • HP Network Products
    • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
    • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
    • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
    • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
    • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
    • CVEs
    • CVE-2015-3197
    • CVE-2016-0701
  • VCX - Version: 9.8.19
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0
    • CVEs
    • CVE-2015-3197

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 14 February 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1r-i486-1_slack14.1.txz: Upgraded. This update fixes the following security issue: SSLv2 doesn't block disabled ciphers (CVE-2015-3197). +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1r-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1r-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1r-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1r-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1r-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1r-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1r-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1r-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2f-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2f-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2f-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2f-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 packages: 0d6e8d3b27326c84b9996ed189868eba openssl-1.0.1r-i486-1_slack14.0.txz e3cb0b75e9df4be9d8fd1cfcd2fbd306 openssl-solibs-1.0.1r-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 7b52f4a43b42703a6840945d55f503ee openssl-1.0.1r-x86_64-1_slack14.0.txz eee92cb549bacae21e63bee22b9bb8d4 openssl-solibs-1.0.1r-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 5be72ab551b2064aa34c83b42a07ff85 openssl-1.0.1r-i486-1_slack14.1.txz b28e00a7124822258cfd137ab5ce0572 openssl-solibs-1.0.1r-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 8e0273b1e99e8caa48fcab2547f051e9 openssl-1.0.1r-x86_64-1_slack14.1.txz 60f3994c35679455cab7a984493d1fdb openssl-solibs-1.0.1r-x86_64-1_slack14.1.txz

Slackware -current packages: 509771b1f7d58a682feb2099fdf3eb5d a/openssl-solibs-1.0.2f-i586-1.txz d72c0188f4223d1dc2d6080f8d99d92e n/openssl-1.0.2f-i586-1.txz

Slackware x86_64 -current packages: 0c6653d3c37271f9f1a58a8c0e1f7b40 a/openssl-solibs-1.0.2f-x86_64-1.txz e4ebd1204644ea58e1779187fe071428 n/openssl-1.0.2f-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1r-i486-1_slack14.1.txz openssl-solibs-1.0.1r-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. 5.9 server) - i386, ia64, x86_64

  1. Gentoo Linux Security Advisory GLSA 201601-05
                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: January 29, 2016 Bugs: #572854 ID: 201601-05

Synopsis

Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to disclose sensitive information and complete weak handshakes.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2f >= 1.0.2f

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the upstream advisory and CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2f"

References

[ 1 ] CVE-2015-3197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3197 [ 2 ] CVE-2016-0701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0701 [ 3 ] OpenSSL Security Advisory [28th Jan 2016] http://openssl.org/news/secadv/20160128.txt

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201601-05

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl098e security update Advisory ID: RHSA-2016:0372-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0372.html Issue date: 2016-03-09 CVE Names: CVE-2015-0293 CVE-2015-3197 CVE-2016-0703 CVE-2016-0704 CVE-2016-0800 =====================================================================

  1. Summary:

Updated openssl098e packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800)

Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section.

It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703)

It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle.

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197)

Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia Käsper (OpenSSL development team) as the original reporters of CVE-2015-0293. For the update to take effect, all services linked to the openssl098e library must be restarted, or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers 1301846 - CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers 1310593 - CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) 1310811 - CVE-2016-0703 openssl: Divide-and-conquer session key recovery in SSLv2 1310814 - CVE-2016-0704 openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl098e-0.9.8e-20.el6_7.1.src.rpm

i386: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm

x86_64: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl098e-0.9.8e-20.el6_7.1.src.rpm

x86_64: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl098e-0.9.8e-20.el6_7.1.src.rpm

i386: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm

ppc64: openssl098e-0.9.8e-20.el6_7.1.ppc.rpm openssl098e-0.9.8e-20.el6_7.1.ppc64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.ppc.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.ppc64.rpm

s390x: openssl098e-0.9.8e-20.el6_7.1.s390.rpm openssl098e-0.9.8e-20.el6_7.1.s390x.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.s390.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.s390x.rpm

x86_64: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl098e-0.9.8e-20.el6_7.1.src.rpm

i386: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm

x86_64: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl098e-0.9.8e-29.el7_2.3.src.rpm

x86_64: openssl098e-0.9.8e-29.el7_2.3.i686.rpm openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl098e-0.9.8e-29.el7_2.3.src.rpm

x86_64: openssl098e-0.9.8e-29.el7_2.3.i686.rpm openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl098e-0.9.8e-29.el7_2.3.src.rpm

ppc64: openssl098e-0.9.8e-29.el7_2.3.ppc.rpm openssl098e-0.9.8e-29.el7_2.3.ppc64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.ppc.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.ppc64.rpm

s390x: openssl098e-0.9.8e-29.el7_2.3.s390.rpm openssl098e-0.9.8e-29.el7_2.3.s390x.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.s390.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.s390x.rpm

x86_64: openssl098e-0.9.8e-29.el7_2.3.i686.rpm openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl098e-0.9.8e-29.el7_2.3.src.rpm

x86_64: openssl098e-0.9.8e-29.el7_2.3.i686.rpm openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2015-0293 https://access.redhat.com/security/cve/CVE-2015-3197 https://access.redhat.com/security/cve/CVE-2016-0703 https://access.redhat.com/security/cve/CVE-2016-0704 https://access.redhat.com/security/cve/CVE-2016-0800 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2176731 https://drownattack.com/ https://openssl.org/news/secadv/20160128.txt https://openssl.org/news/secadv/20160301.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFW36N0XlSAg2UNWIIRAqYBAJ98/98OOTx9c6LlkPHMl7SfneXccQCfX2LY BQ+47lH1uQT1a3RxlYkETOk= =TqD1 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. OpenSSL Security Advisory [28th Jan 2016] =========================================

NOTE: SUPPORT FOR VERSION 1.0.1 WILL BE ENDING ON 31ST DECEMBER 2016. NO SECURITY FIXES WILL BE PROVIDED AFTER THAT DATE. UNTIL THAT TIME SECURITY FIXES ONLY ARE BEING APPLIED.

DH small subgroups (CVE-2016-0701)

Severity: High

Historically OpenSSL usually only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same private DH exponent. For example this could be used to discover a TLS server's private DH exponent if it's reusing the private DH exponent or it's using a static DH ciphersuite.

OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in TLS. It is not on by default. If the option is not set then the server reuses the same private DH exponent for the life of the server process and would be vulnerable to this attack. It is believed that many popular applications do set this option and would therefore not be at risk.

OpenSSL before 1.0.2f will reuse the key if: - SSL_CTX_set_tmp_dh()/SSL_set_tmp_dh() is used and SSL_OP_SINGLE_DH_USE is not set. - SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() is used, and both the parameters and the key are set and SSL_OP_SINGLE_DH_USE is not used. This is an undocumted feature and parameter files don't contain the key. - Static DH ciphersuites are used. The key is part of the certificate and so it will always reuse it. This is only supported in 1.0.2.

It will not reuse the key for DHE ciphers suites if: - SSL_OP_SINGLE_DH_USE is set - SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() is used and the callback does not provide the key, only the parameters. The callback is almost always used like this.

Non-safe primes are generated by OpenSSL when using: - genpkey with the dh_rfc5114 option. This will write an X9.42 style file including the prime-order subgroup size "q". This is supported since the 1.0.2 version. Older versions can't read files generated in this way. - dhparam with the -dsaparam option. This has always been documented as requiring the single use.

The fix for this issue adds an additional check where a "q" parameter is available (as is the case in X9.42 based parameters). This detects the only known attack, and is the only possible defense for static DH ciphersuites. This could have some performance impact.

Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by default and cannot be disabled. This could have some performance impact.

This issue affects OpenSSL version 1.0.2.

OpenSSL 1.0.2 users should upgrade to 1.0.2f

OpenSSL 1.0.1 is not affected by this CVE because it does not support X9.42 based parameters. It is possible to generate parameters using non "safe" primes, but this option has always been documented as requiring single use and is not the default or believed to be common. However, as a precaution, the SSL_OP_SINGLE_DH_USE change has also been backported to 1.0.1r.

This issue was reported to OpenSSL on 12 January 2016 by Antonio Sanso (Adobe). The fix was developed by Matt Caswell of the OpenSSL development team (incorporating some work originally written by Stephen Henson of the OpenSSL core team).

SSLv2 doesn't block disabled ciphers (CVE-2015-3197)

Severity: Low

A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2f OpenSSL 1.0.1 users should upgrade to 1.0.1r

This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram and Sebastian Schinzel. The fix was developed by Nimrod Aviram with further development by Viktor Dukhovni of the OpenSSL development team.

An update on DHE man-in-the-middle protection (Logjam)

A previously published vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000). OpenSSL added Logjam mitigation for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits in releases 1.0.2b and 1.0.1n.

This limit has been increased to 1024 bits in this release, to offer stronger cryptographic assurance for all TLS connections using ephemeral Diffie-Hellman key exchange.

OpenSSL 1.0.2 users should upgrade to 1.0.2f OpenSSL 1.0.1 users should upgrade to 1.0.1r

The fix was developed by Kurt Roeckx of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20160128.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0272",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "1.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "tuxedo",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "12.1.1.0"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "oracle",
        "version": "8.11.16.3.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "unified computing system central software 1.2",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "5.0.0.2.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "5.0.2.0.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "sun network 10ge switch 72p",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "1.2"
      },
      {
        "model": "switch es1-24",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "1.3"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "5.0.1.0.0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "5.0.0.1.0"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "4.4.1.5.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions  (linux)"
      },
      {
        "model": "ucosminexus developer standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1r"
      },
      {
        "model": "cosminexus developer version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "enterprise edition 11.1.1.9.0"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base version 6"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "cosminexus developer standard version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer professional version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0 manager component"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional for plug-in"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- messaging"
      },
      {
        "model": "cosminexus application server version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "ucosminexus developer light",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "cosminexus developer light version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "st ard-r"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "enterprise edition 12.1.1.0.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "communications applications",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle enterprise session border controller ecz7.3m1p4 and earlier"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "40g 10g 72/64 ethernet switch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "2.0.0"
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.29 and earlier"
      },
      {
        "model": "cosminexus application server standard",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "enterprise edition 11.1.1.7.0"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.7.11 and earlier"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "express"
      },
      {
        "model": "sun blade 6000 ethernet switched nem 24p 10ge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.2"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "oracle explorer 8.11.16.3.8"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- security enhancement"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator agent ver3.3 to  ver4.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "01"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "websam mcoperations",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.6.2 to  ver4.2"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator manager ver3.2.2 to  ver4.1"
      },
      {
        "model": "websam systemmanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver5.5.2 to  ver6.2.1"
      },
      {
        "model": "ucosminexus application server standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "enterprise edition 12.2.1.1.0"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2"
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "396510.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "382510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "386510.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "380110.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "396510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "380510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "382510.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "386510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "371510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "380110.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "371510.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "380110.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "393510.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "382510.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "393510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "380510.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "396510.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "380510.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "371510.11.1"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "0"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "386510.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "393510.1.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.2-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.9"
      },
      {
        "model": "enterprise virtualization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.10"
      },
      {
        "model": "business process manager standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "cognos insight fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.216"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.6"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.131"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "10.1-release-p26",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "cognos insight fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.26"
      },
      {
        "model": "10.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "watson explorer foundational components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.6"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "business process manager express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "9.3-release-p22",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p28",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "opensuse evergreen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.5"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014091001"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.157"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "10.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "10.2-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p27",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014090800"
      },
      {
        "model": "10.2-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack interix fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2.17"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1"
      },
      {
        "model": "cognos tm1 interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "business process manager express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p36",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "powerkvm sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "videoscape control suite foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.11"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "9.3-release-p35",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.2-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.19"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.0.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "unified computing system b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "watson explorer foundational components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0.0.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.20"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "9.3-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "10.1-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.13"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "netezza diagnostics tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.2"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "9.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "business process manager standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.7"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.3"
      },
      {
        "model": "cognos tm1 fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.26"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.10"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "9.3-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.10"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.12"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "infosphere data explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "agent desktop",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.9"
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "9.3-release-p21",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p24",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "10.1-release-p19",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cisco directors and switches with nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.4"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "10.1-release-p29",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "nx-os nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.9"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.165.6"
      },
      {
        "model": "mobility services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "netezza diagnostics tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "16.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "10.2-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "business process manager express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.7"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5"
      },
      {
        "model": "mq light client module for node.js 1.0.2014091000-red",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.18"
      },
      {
        "model": "9.3-release-p33",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.8"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.2"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.2"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.21"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "ethernet switch 40g 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "642.0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "10.1-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "ethernet switch 40g 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "722.0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.4"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cisco directors and switches with nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "10.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.0"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "linux enterprise server sp4 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3x000"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "nx-os nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "solaris sru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.36.5"
      },
      {
        "model": "oss support tools oracle explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "unified attendant console standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.0.2"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security identity governance and intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "9.3-release-p31",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.4"
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cisco directors and switches with nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87107010"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.13"
      },
      {
        "model": "tivoli netcool reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "10.2-release-p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "infosphere data explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2-4"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.165.4"
      },
      {
        "model": "10.2-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "9.3-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.4"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.2"
      },
      {
        "model": "telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13100"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.2"
      },
      {
        "model": "watson explorer foundational components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0.0.0"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.165.1"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88000"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "pureapplication system if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.18"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "sun blade ethernet switched nem 24p 10ge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "60001.2"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "cognos tm1 interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.2"
      },
      {
        "model": "10.1-release-p23",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "business process manager standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "9.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.165.5"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.3-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014090801"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "powerkvm sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "watson explorer foundational components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "powerkvm build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.165.7"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "9.3-release-p34",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "emergency responder",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "flex system chassis management module 2pet",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.2"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "9.3-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cognos insight fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.126"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.2"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.158"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified computing system central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.2"
      },
      {
        "model": "unified computing system central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "unified computing system central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257823"
      },
      {
        "db": "BID",
        "id": "82237"
      },
      {
        "db": "BID",
        "id": "74491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:tuxedo:12.1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:oss_support_tools:8.11.16.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:5.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nimrod Aviram and Sebastian Schinzel",
    "sources": [
      {
        "db": "BID",
        "id": "82237"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-3197",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-3197",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2015-3197",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3197",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201602-026",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3197",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3197"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. OpenSSL may generate unsafe primes for use in the Diffie-Hellman protocol, which may lead to disclosure of enough information for an attacker to recover the private encryption key. OpenSSL is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. Cisco Unified Computing System Central Software is prone to an arbitrary command-execution vulnerability. \nAn attacker can exploit this issue to execute system commands on the underlying operating system. \nThis issue being tracked by Cisco Bug ID CSCut46961. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05390893\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05390893\nVersion: 1\n\nHPESBHF03703 rev.1 -  HPE Network Products including Comware v7 and VCX using\nOpenSSL, Remote Unauthorized Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-02-14\nLast Updated: 2017-02-14\n\nPotential Security Impact: Remote: Unauthorized Disclosure of Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed in HPE\nNetwork Products including Comware v7 and VCX. The vulnerabilities could be\nremotely exploited resulting in disclosure of information. \n\nReferences:\n\n  - CVE-2015-3197 - OpenSSL, Remote unauthorized disclosure of information\n  - CVE-2016-0701 - OpenSSL, Remote unauthorized disclosure of information\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - VCX Products all prior versions - impacted by CVE-2015-3197 only. Please\nrefer to the RESOLUTION below for a list of updated products. \n  - Comware 7 (CW7) Products all prior versions - impacted by CVE-2015-3197\nand CVE-2016-0701. Please refer to the RESOLUTION below for a list of updated\nproducts. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2015-3197\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n      4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n    CVE-2016-0701\n      3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\n      2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates to resolve the vulnerability in\nthe Comware v7 and VCX products. \n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7377P01**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **10500 (Comware 7) - Version: R7183**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **12900 (Comware 7) - Version: R1150**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **5900 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **MSR1000 (Comware 7) - Version: R0306P30**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **MSR2000 (Comware 7) - Version: R0306P30**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **MSR3000 (Comware 7) - Version: R0306P30**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG409A HP MSR3012 AC Router\n      - JG409B HPE MSR3012 AC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **MSR4000 (Comware 7) - Version: R0306P30**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **MSR95X - Version: R0306P30**\n    * HP Network Products\n      - JH296A HPE MSR954 1GbE SFP 2GbE-WAN 4GbE-LAN CWv7 Router\n      - JH297A HPE MSR954-W 1GbE SFP (WW) 2GbE-WAN 4GbE-LAN Wireless 802.11n\nCWv7 Router\n      - JH298A HPE MSR954-W 1GbE SFP LTE (AM) 2GbE-WAN 4GbE-LAN Wireless\n802.11n CWv7 Router\n      - JH299A HPE MSR954-W 1GbE SFP LTE (WW) 2GbE-WAN 4GbE-LAN Wireless\n802.11n CWv7 Router\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **VSR (Comware 7) - Version: E0322P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **7900 (Comware 7) - Version: R2150**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **5130EI (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **6125XLG - Version: R2432P01**\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **6127XLG - Version: R2432P01**\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **Moonshot - Version: R2432P01**\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **5700 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **5930 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **1950 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **7500 (Comware 7) - Version: R7183**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **5130HI - Version: R1120P07**\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **5510HI - Version: R1120P07**\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **VCX - Version: 9.8.19**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n    * CVEs\n      - CVE-2015-3197\n \n **Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 14 February 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1r-i486-1_slack14.1.txz:  Upgraded. \n  This update fixes the following security issue:\n  SSLv2 doesn\u0027t block disabled ciphers (CVE-2015-3197). \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1r-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1r-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1r-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1r-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1r-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1r-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1r-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1r-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2f-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2f-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2f-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2f-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\n0d6e8d3b27326c84b9996ed189868eba  openssl-1.0.1r-i486-1_slack14.0.txz\ne3cb0b75e9df4be9d8fd1cfcd2fbd306  openssl-solibs-1.0.1r-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n7b52f4a43b42703a6840945d55f503ee  openssl-1.0.1r-x86_64-1_slack14.0.txz\neee92cb549bacae21e63bee22b9bb8d4  openssl-solibs-1.0.1r-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n5be72ab551b2064aa34c83b42a07ff85  openssl-1.0.1r-i486-1_slack14.1.txz\nb28e00a7124822258cfd137ab5ce0572  openssl-solibs-1.0.1r-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n8e0273b1e99e8caa48fcab2547f051e9  openssl-1.0.1r-x86_64-1_slack14.1.txz\n60f3994c35679455cab7a984493d1fdb  openssl-solibs-1.0.1r-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n509771b1f7d58a682feb2099fdf3eb5d  a/openssl-solibs-1.0.2f-i586-1.txz\nd72c0188f4223d1dc2d6080f8d99d92e  n/openssl-1.0.2f-i586-1.txz\n\nSlackware x86_64 -current packages:\n0c6653d3c37271f9f1a58a8c0e1f7b40  a/openssl-solibs-1.0.2f-x86_64-1.txz\ne4ebd1204644ea58e1779187fe071428  n/openssl-1.0.2f-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1r-i486-1_slack14.1.txz openssl-solibs-1.0.1r-i486-1_slack14.1.txz \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. 5.9 server) - i386, ia64, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201601-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: January 29, 2016\n     Bugs: #572854\n       ID: 201601-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, allowing remote\nattackers to disclose sensitive information and complete weak\nhandshakes. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2f                  \u003e= 1.0.2f\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe upstream advisory and CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2f\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-3197\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3197\n[ 2 ] CVE-2016-0701\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0701\n[ 3 ] OpenSSL Security Advisory [28th Jan 2016]\n      http://openssl.org/news/secadv/20160128.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201601-05\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl098e security update\nAdvisory ID:       RHSA-2016:0372-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0372.html\nIssue date:        2016-03-09\nCVE Names:         CVE-2015-0293 CVE-2015-3197 CVE-2016-0703 \n                   CVE-2016-0704 CVE-2016-0800 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl098e packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nA padding oracle flaw was found in the Secure Sockets Layer version 2.0\n(SSLv2) protocol. An attacker can potentially use this flaw to decrypt\nRSA-encrypted cipher text from a connection using a newer SSL/TLS protocol\nversion, allowing them to decrypt such connections. This cross-protocol\nattack is publicly referred to as DROWN. (CVE-2016-0800)\n\nNote: This issue was addressed by disabling the SSLv2 protocol by default\nwhen using the \u0027SSLv23\u0027 connection methods, and removing support for weak\nSSLv2 cipher suites. For more information, refer to the knowledge base\narticle linked to in the References section. \n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2\nconnection handshakes that indicated non-zero clear key length for\nnon-export cipher suites. An attacker could use this flaw to decrypt\nrecorded SSLv2 sessions with the server by using it as a decryption \noracle.(CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL did\nnot properly implement the Bleichenbacher protection for export cipher\nsuites. An attacker could use a SSLv2 server using OpenSSL as a\nBleichenbacher oracle. \n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. This could result in weak\nSSLv2 ciphers being used for SSLv2 connections, making them vulnerable to\nman-in-the-middle attacks. (CVE-2015-3197)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. \nUpstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original\nreporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of\nMichigan) and J. Alex Halderman (University of Michigan) as the original\nreporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and\nEmilia K\u00e4sper (OpenSSL development team) as the original reporters of\nCVE-2015-0293. For the update\nto take effect, all services linked to the openssl098e library must be\nrestarted, or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers\n1301846 - CVE-2015-3197 OpenSSL: SSLv2 doesn\u0027t block disabled ciphers\n1310593 - CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)\n1310811 - CVE-2016-0703 openssl: Divide-and-conquer session key recovery in SSLv2\n1310814 - CVE-2016-0704 openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl098e-0.9.8e-20.el6_7.1.src.rpm\n\ni386:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\n\nx86_64:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-0.9.8e-20.el6_7.1.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl098e-0.9.8e-20.el6_7.1.src.rpm\n\nx86_64:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-0.9.8e-20.el6_7.1.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl098e-0.9.8e-20.el6_7.1.src.rpm\n\ni386:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\n\nppc64:\nopenssl098e-0.9.8e-20.el6_7.1.ppc.rpm\nopenssl098e-0.9.8e-20.el6_7.1.ppc64.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.ppc.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl098e-0.9.8e-20.el6_7.1.s390.rpm\nopenssl098e-0.9.8e-20.el6_7.1.s390x.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.s390.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-0.9.8e-20.el6_7.1.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl098e-0.9.8e-20.el6_7.1.src.rpm\n\ni386:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\n\nx86_64:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-0.9.8e-20.el6_7.1.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_2.3.src.rpm\n\nx86_64:\nopenssl098e-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-0.9.8e-29.el7_2.3.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_2.3.src.rpm\n\nx86_64:\nopenssl098e-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-0.9.8e-29.el7_2.3.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_2.3.src.rpm\n\nppc64:\nopenssl098e-0.9.8e-29.el7_2.3.ppc.rpm\nopenssl098e-0.9.8e-29.el7_2.3.ppc64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.ppc.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.ppc64.rpm\n\ns390x:\nopenssl098e-0.9.8e-29.el7_2.3.s390.rpm\nopenssl098e-0.9.8e-29.el7_2.3.s390x.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.s390.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.s390x.rpm\n\nx86_64:\nopenssl098e-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-0.9.8e-29.el7_2.3.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_2.3.src.rpm\n\nx86_64:\nopenssl098e-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-0.9.8e-29.el7_2.3.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0293\nhttps://access.redhat.com/security/cve/CVE-2015-3197\nhttps://access.redhat.com/security/cve/CVE-2016-0703\nhttps://access.redhat.com/security/cve/CVE-2016-0704\nhttps://access.redhat.com/security/cve/CVE-2016-0800\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/2176731\nhttps://drownattack.com/\nhttps://openssl.org/news/secadv/20160128.txt\nhttps://openssl.org/news/secadv/20160301.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW36N0XlSAg2UNWIIRAqYBAJ98/98OOTx9c6LlkPHMl7SfneXccQCfX2LY\nBQ+47lH1uQT1a3RxlYkETOk=\n=TqD1\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. OpenSSL Security Advisory [28th Jan 2016]\n=========================================\n\nNOTE: SUPPORT FOR VERSION 1.0.1 WILL BE ENDING ON 31ST DECEMBER 2016. NO\nSECURITY FIXES WILL BE PROVIDED AFTER THAT DATE. UNTIL THAT TIME SECURITY FIXES\nONLY ARE BEING APPLIED. \n\nDH small subgroups (CVE-2016-0701)\n==================================\n\nSeverity: High\n\nHistorically OpenSSL usually only ever generated DH parameters based on \"safe\"\nprimes. More recently (in version 1.0.2) support was provided for generating\nX9.42 style parameter files such as those required for RFC 5114 support. The\nprimes used in such files may not be \"safe\". Where an application is using DH\nconfigured with parameters based on primes that are not \"safe\" then an attacker\ncould use this fact to find a peer\u0027s private DH exponent. This attack requires\nthat the attacker complete multiple handshakes in which the peer uses the same\nprivate DH exponent. For example this could be used to discover a TLS server\u0027s\nprivate DH exponent if it\u0027s reusing the private DH exponent or it\u0027s using a\nstatic DH ciphersuite. \n\nOpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in TLS. \nIt is not on by default. If the option is not set then the server reuses the\nsame private DH exponent for the life of the server process and would be\nvulnerable to this attack. It is believed that many popular applications do set\nthis option and would therefore not be at risk. \n\nOpenSSL before 1.0.2f will reuse the key if:\n- SSL_CTX_set_tmp_dh()/SSL_set_tmp_dh() is used and SSL_OP_SINGLE_DH_USE is not\n  set. \n- SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() is used, and both the\n  parameters and the key are set and SSL_OP_SINGLE_DH_USE is not used. This is\n  an undocumted feature and parameter files don\u0027t contain the key. \n- Static DH ciphersuites are used. The key is part of the certificate and\n  so it will always reuse it. This is only supported in 1.0.2. \n\nIt will not reuse the key for DHE ciphers suites if:\n- SSL_OP_SINGLE_DH_USE is set\n- SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() is used and the\n  callback does not provide the key, only the parameters. The callback is\n  almost always used like this. \n\nNon-safe primes are generated by OpenSSL when using:\n- genpkey with the dh_rfc5114 option. This will write an X9.42 style file\n  including the prime-order subgroup size \"q\". This is supported since the 1.0.2\n  version. Older versions can\u0027t read files generated in this way. \n- dhparam with the -dsaparam option. This has always been documented as\n  requiring the single use. \n\nThe fix for this issue adds an additional check where a \"q\" parameter is\navailable (as is the case in X9.42 based parameters). This detects the\nonly known attack, and is the only possible defense for static DH ciphersuites. \nThis could have some performance impact. \n\nAdditionally the SSL_OP_SINGLE_DH_USE option has been switched on by default\nand cannot be disabled. This could have some performance impact. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2f\n\nOpenSSL 1.0.1 is not affected by this CVE because it does not support X9.42\nbased parameters. It is possible to generate parameters using non \"safe\" primes,\nbut this option has always been documented as requiring single use and is not\nthe default or believed to be common. However, as a precaution, the\nSSL_OP_SINGLE_DH_USE change has also been backported to 1.0.1r. \n\nThis issue was reported to OpenSSL on 12 January 2016 by Antonio Sanso (Adobe). \nThe fix was developed by Matt Caswell of the OpenSSL development team\n(incorporating some work originally written by Stephen Henson of the OpenSSL\ncore team). \n\nSSLv2 doesn\u0027t block disabled ciphers (CVE-2015-3197)\n====================================================\n\nSeverity: Low\n\nA malicious client can negotiate SSLv2 ciphers that have been disabled on the\nserver and complete SSLv2 handshakes even if all SSLv2 ciphers have been\ndisabled, provided that the SSLv2 protocol was not also disabled via\nSSL_OP_NO_SSLv2. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2f\nOpenSSL 1.0.1 users should upgrade to 1.0.1r\n\nThis issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram and\nSebastian Schinzel. The fix was developed by Nimrod Aviram with further\ndevelopment by Viktor Dukhovni of the OpenSSL development team. \n\n\nAn update on DHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA previously published vulnerability in the TLS protocol allows a\nman-in-the-middle attacker to downgrade vulnerable TLS connections\nusing ephemeral Diffie-Hellman key exchange to 512-bit export-grade\ncryptography. This vulnerability is known as Logjam\n(CVE-2015-4000). OpenSSL added Logjam mitigation for TLS clients by\nrejecting handshakes with DH parameters shorter than 768 bits in\nreleases 1.0.2b and 1.0.1n. \n\nThis limit has been increased to 1024 bits in this release, to offer\nstronger cryptographic assurance for all TLS connections using\nephemeral Diffie-Hellman key exchange. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2f\nOpenSSL 1.0.1 users should upgrade to 1.0.1r\n\nThe fix was developed by Kurt Roeckx of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are\nadvised to upgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions\nare no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160128.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3197"
      },
      {
        "db": "CERT/CC",
        "id": "VU#257823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "db": "BID",
        "id": "82237"
      },
      {
        "db": "BID",
        "id": "74491"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3197"
      },
      {
        "db": "PACKETSTORM",
        "id": "136213"
      },
      {
        "db": "PACKETSTORM",
        "id": "141101"
      },
      {
        "db": "PACKETSTORM",
        "id": "135596"
      },
      {
        "db": "PACKETSTORM",
        "id": "136032"
      },
      {
        "db": "PACKETSTORM",
        "id": "135515"
      },
      {
        "db": "PACKETSTORM",
        "id": "136034"
      },
      {
        "db": "PACKETSTORM",
        "id": "136132"
      },
      {
        "db": "PACKETSTORM",
        "id": "169661"
      }
    ],
    "trust": 3.69
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3197",
        "trust": 3.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#257823",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "82237",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1034849",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU95668716",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#583776",
        "trust": 0.3
      },
      {
        "db": "MCAFEE",
        "id": "SB10203",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "74491",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3197",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136213",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141101",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "135596",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136032",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "135515",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136034",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136132",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169661",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257823"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3197"
      },
      {
        "db": "BID",
        "id": "82237"
      },
      {
        "db": "BID",
        "id": "74491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "db": "PACKETSTORM",
        "id": "136213"
      },
      {
        "db": "PACKETSTORM",
        "id": "141101"
      },
      {
        "db": "PACKETSTORM",
        "id": "135596"
      },
      {
        "db": "PACKETSTORM",
        "id": "136032"
      },
      {
        "db": "PACKETSTORM",
        "id": "135515"
      },
      {
        "db": "PACKETSTORM",
        "id": "136034"
      },
      {
        "db": "PACKETSTORM",
        "id": "136132"
      },
      {
        "db": "PACKETSTORM",
        "id": "169661"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "id": "VAR-201602-0272",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.535906682
  },
  "last_update_date": "2024-07-23T21:05:01.067000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HS16-015",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs16-015/index.html"
      },
      {
        "title": "NV16-007",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv16-007.html"
      },
      {
        "title": "LibreSSL 2.3.2 Release Notes",
        "trust": 0.8,
        "url": "http://ftp.openbsd.org/pub/openbsd/libressl/libressl-2.3.2-relnotes.txt"
      },
      {
        "title": "LibreSSL 2.2.6 Release Notes",
        "trust": 0.8,
        "url": "http://ftp.openbsd.org/pub/openbsd/libressl/libressl-2.2.6-relnotes.txt"
      },
      {
        "title": "Better SSLv2 cipher-suite enforcement",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=d81a1600588b726c2bdccda7efad3cc7a87d6245"
      },
      {
        "title": "SSLv2 doesn\u0027t block disabled ciphers (CVE-2015-3197)",
        "trust": 0.8,
        "url": "https://mta.openssl.org/pipermail/openssl-announce/2016-january/000061.html"
      },
      {
        "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "title": "Oracle Linux Bulletin - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "title": "April 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
      },
      {
        "title": "October 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "TLSA-2016-6",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-6j.html"
      },
      {
        "title": "HS16-015",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs16-015/index.html"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=60033"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/01/29/openssl_patch_quashes_rare_https_nasty_shores_up_crypto_chops/"
      },
      {
        "title": "Red Hat: CVE-2015-3197",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3197"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160129-openssl"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-682",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-682"
      },
      {
        "title": "Symantec Security Advisories: SA111 : OpenSSL Vulnerabilities 28-Jan-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=83d562565218abbdbef42ef8962d127b"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-661",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-661"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3197 "
      },
      {
        "title": "changelog",
        "trust": 0.1,
        "url": "https://github.com/halon/changelog "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      },
      {
        "title": "satellite-host-cve",
        "trust": 0.1,
        "url": "https://github.com/redhatsatellite/satellite-host-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3197"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.8
      },
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "https://www.kb.cert.org/vuls/id/257823"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.openssl.org/news/secadv/20160128.txt"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201601-05"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/82237"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:11.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03724en_us"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390893"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1034849"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/176373.html"
      },
      {
        "trust": 1.4,
        "url": "https://mta.openssl.org/pipermail/openssl-announce/2016-january/000061.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.openssl.org/news/vulnerabilities.html#y2016"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=d81a1600588b726c2bdccda7efad3cc7a87d6245"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3197"
      },
      {
        "trust": 0.8,
        "url": "http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html"
      },
      {
        "trust": 0.8,
        "url": "http://tools.ietf.org/html/rfc5114"
      },
      {
        "trust": 0.8,
        "url": "http://webstore.ansi.org/recorddetail.aspx?sku=ansi+x9.42-2003+%28r2013%29"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95668716/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3197"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3197"
      },
      {
        "trust": 0.6,
        "url": "https://gtacknowledge.extremenetworks.com/articles/vulnerability_notice/vn-2016-002-openssl/?q=cve-2015-3197\u0026l=en_us\u0026fs=search\u0026pn=1"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=d81a1600588b726c2bdccda7efad3cc7a87d6245"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2015-3197"
      },
      {
        "trust": 0.5,
        "url": "https://openssl.org/news/secadv/20160128.txt"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-0293"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-0800"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0800"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160129-openssl"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10203"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory17.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023433"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023836"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023987"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099307"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021143"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021265"
      },
      {
        "trust": 0.3,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-16:11.openssl.asc"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0303.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0379.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005820"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009610"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976345"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976356"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977014"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977018"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977144"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21978361"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978941"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979086"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979209"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980207"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980965"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980969"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982099"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982336"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982697"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984601"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985213"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985698"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21987174"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987175"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/583776"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979476"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38591"
      },
      {
        "trust": 0.3,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150506-ucsc"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0701"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/2176731"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0704"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-0704"
      },
      {
        "trust": 0.3,
        "url": "https://openssl.org/news/secadv/20160301.txt"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-0703"
      },
      {
        "trust": 0.3,
        "url": "https://drownattack.com/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0703"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/310.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3197"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/halon/changelog"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-0445.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=webserver\u0026version=2.1.0"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05390893"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-0304.html"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3197"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0701"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-0306.html"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-0372.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257823"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3197"
      },
      {
        "db": "BID",
        "id": "82237"
      },
      {
        "db": "BID",
        "id": "74491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "db": "PACKETSTORM",
        "id": "136213"
      },
      {
        "db": "PACKETSTORM",
        "id": "141101"
      },
      {
        "db": "PACKETSTORM",
        "id": "135596"
      },
      {
        "db": "PACKETSTORM",
        "id": "136032"
      },
      {
        "db": "PACKETSTORM",
        "id": "135515"
      },
      {
        "db": "PACKETSTORM",
        "id": "136034"
      },
      {
        "db": "PACKETSTORM",
        "id": "136132"
      },
      {
        "db": "PACKETSTORM",
        "id": "169661"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#257823"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3197"
      },
      {
        "db": "BID",
        "id": "82237"
      },
      {
        "db": "BID",
        "id": "74491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "db": "PACKETSTORM",
        "id": "136213"
      },
      {
        "db": "PACKETSTORM",
        "id": "141101"
      },
      {
        "db": "PACKETSTORM",
        "id": "135596"
      },
      {
        "db": "PACKETSTORM",
        "id": "136032"
      },
      {
        "db": "PACKETSTORM",
        "id": "135515"
      },
      {
        "db": "PACKETSTORM",
        "id": "136034"
      },
      {
        "db": "PACKETSTORM",
        "id": "136132"
      },
      {
        "db": "PACKETSTORM",
        "id": "169661"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-01-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#257823"
      },
      {
        "date": "2016-02-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3197"
      },
      {
        "date": "2016-01-28T00:00:00",
        "db": "BID",
        "id": "82237"
      },
      {
        "date": "2015-05-06T00:00:00",
        "db": "BID",
        "id": "74491"
      },
      {
        "date": "2016-03-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "date": "2016-03-14T23:44:31",
        "db": "PACKETSTORM",
        "id": "136213"
      },
      {
        "date": "2017-02-15T14:19:58",
        "db": "PACKETSTORM",
        "id": "141101"
      },
      {
        "date": "2016-02-04T21:45:07",
        "db": "PACKETSTORM",
        "id": "135596"
      },
      {
        "date": "2016-03-02T15:44:44",
        "db": "PACKETSTORM",
        "id": "136032"
      },
      {
        "date": "2016-01-29T23:23:00",
        "db": "PACKETSTORM",
        "id": "135515"
      },
      {
        "date": "2016-03-02T18:33:33",
        "db": "PACKETSTORM",
        "id": "136034"
      },
      {
        "date": "2016-03-09T15:25:36",
        "db": "PACKETSTORM",
        "id": "136132"
      },
      {
        "date": "2016-01-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169661"
      },
      {
        "date": "2016-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      },
      {
        "date": "2016-02-15T02:59:01.980000",
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-01-29T00:00:00",
        "db": "CERT/CC",
        "id": "VU#257823"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3197"
      },
      {
        "date": "2017-12-19T22:01:00",
        "db": "BID",
        "id": "82237"
      },
      {
        "date": "2016-07-21T02:00:00",
        "db": "BID",
        "id": "74491"
      },
      {
        "date": "2016-11-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      },
      {
        "date": "2023-11-07T02:25:31.933000",
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "135515"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL re-uses unsafe prime numbers in Diffie-Hellman protocol",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257823"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      }
    ],
    "trust": 0.6
  }
}

var-202206-1428
Vulnerability from variot

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068). Description:

Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.

For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.

This advisory contains bug fixes and enhancements to the Submariner container images. Description:

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.2/html-single/release_notes/index

All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes. Bugs fixed (https://bugzilla.redhat.com/):

2031228 - CVE-2021-43813 grafana: directory traversal vulnerability 2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources 2115198 - build ceph containers for RHCS 5.2 release

  1. Summary:

OpenShift API for Data Protection (OADP) 1.1.0 is now available. Description:

OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Bugs fixed (https://bugzilla.redhat.com/):

2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

  1. JIRA issues fixed (https://issues.jboss.org/):

OADP-145 - Restic Restore stuck on InProgress status when app is deployed with DeploymentConfig OADP-154 - Ensure support for backing up resources based on different label selectors OADP-194 - Remove the registry dependency from OADP OADP-199 - Enable support for restore of existing resources OADP-224 - Restore silently ignore resources if they exist - restore log not updated OADP-225 - Restore doesn't update velero.io/backup-name when a resource is updated OADP-234 - Implementation of incremental restore OADP-324 - Add label to Expired backups failing garbage collection OADP-382 - 1.1: Update downstream OLM channels to support different x and y-stream releases OADP-422 - [GCP] An attempt of snapshoting volumes on CSI storageclass using Velero-native snapshots fails because it's unable to find the zone OADP-423 - CSI Backup is not blocked and does not wait for snapshot to complete OADP-478 - volumesnapshotcontent cannot be deleted; SnapshotDeleteError Failed to delete snapshot OADP-528 - The volumesnapshotcontent is not removed for the synced backup OADP-533 - OADP Backup via Ceph CSI snapshot hangs indefinitely on OpenShift v4.10 OADP-538 - typo on noDefaultBackupLocation error on DPA CR OADP-552 - Validate OADP with 4.11 and Pod Security Admissions OADP-558 - Empty Failed Backup CRs can't be removed OADP-585 - OADP 1.0.3: CSI functionality is broken on OCP 4.11 due to missing v1beta1 API version OADP-586 - registry deployment still exists on 1.1 build, and the registry pod gets recreated endlessly OADP-592 - OADP must-gather add support for insecure tls OADP-597 - BSL validation logs OADP-598 - Data mover performance on backup blocks backup process OADP-599 - [Data Mover] Datamover Restic secret cannot be configured per bsl OADP-600 - Operator should validate volsync installation and raise warning if data mover is enabled OADP-602 - Support GCP for openshift-velero-plugin registry OADP-605 - [OCP 4.11] CSI restore fails with admission webhook \"volumesnapshotclasses.snapshot.storage.k8s.io\" denied OADP-607 - DataMover: VSB is stuck on SnapshotBackupDone OADP-610 - Data mover fails if a stale volumesnapshot exists in application namespace OADP-613 - DataMover: upstream documentation refers wrong CRs OADP-637 - Restic backup fails with CA certificate OADP-643 - [Data Mover] VSB and VSR names are not unique OADP-644 - VolumeSnapshotBackup and VolumeSnapshotRestore timeouts should be configurable OADP-648 - Remove default limits for velero and restic pods OADP-652 - Data mover VolSync pod errors with Noobaa OADP-655 - DataMover: volsync-dst-vsr pod completes although not all items where restored in the namespace OADP-660 - Data mover restic secret does not support Azure OADP-698 - DataMover: volume-snapshot-mover pod points to upstream image OADP-715 - Restic restore fails: restic-wait container continuously fails with "Not found: /restores//.velero/" OADP-716 - Incremental restore: second restore of a namespace partially fails OADP-736 - Data mover VSB always fails with volsync 0.5

  1. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/

Security fixes:

  • moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)
  • vm2: Sandbox Escape in vm2 (CVE-2022-36067)

Bug fixes:

  • Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters (BZ# 2074547)

  • OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constrain (BZ# 2082254)

  • subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec (BZ# 2083659)

  • Yaml editor for creating vSphere cluster moves to next line after typing (BZ# 2086883)

  • Submariner addon status doesn't track all deployment failures (BZ# 2090311)

  • Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret (BZ# 2091170)

  • After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors (BZ# 2095481)

  • Enforce failed and report the violation after modified memory value in limitrange policy (BZ# 2100036)

  • Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" (BZ# 2101577)

  • Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies (BZ# 2102273)

  • managed cluster is in "unknown" state for 120 mins after OADP restore

  • RHACM 2.5.2 images (BZ# 2104553)

  • Subscription UI does not allow binding to label with empty value (BZ# 2104961)

  • Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ# 2106069)

  • Region information is not available for Azure cloud in managedcluster CR (BZ# 2107134)

  • cluster uninstall log points to incorrect container name (BZ# 2107359)

  • ACM shows wrong path for Argo CD applicationset git generator (BZ# 2107885)

  • Single node checkbox not visible for 4.11 images (BZ# 2109134)

  • Unable to deploy hypershift cluster when enabling validate-cluster-security (BZ# 2109544)

  • Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application (BZ# 20110026)

  • After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating (BZ# 2117728)

  • pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)

  • ArgoCD and AppSet Applications do not deploy to local-cluster (BZ# 2124707)

  • Bugs fixed (https://bugzilla.redhat.com/):

2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters 2082254 - OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constraint 2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec 2086883 - Yaml editor for creating vSphere cluster moves to next line after typing 2090311 - Submariner addon status doesn't track all deployment failures 2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret 2095481 - After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors 2100036 - Enforce failed and report the violation after modified memory value in limitrange policy 2101577 - Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" 2102273 - Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies 2103653 - managed cluster is in "unknown" state for 120 mins after OADP restore 2104553 - RHACM 2.5.2 images 2104961 - Subscription UI does not allow binding to label with empty value 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD 2107134 - Region information is not available for Azure cloud in managedcluster CR 2107359 - cluster uninstall log points to incorrect container name 2107885 - ACM shows wrong path for Argo CD applicationset git generator 2109134 - Single node checkbox not visible for 4.11 images 2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application 2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating 2122292 - pods in CrashLoopBackoff on 3.11 managed cluster 2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2

Bug Fix(es):

  • Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)

  • Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)

  • Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)

  • [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)

  • Fedora version in DataImportCrons is not 'latest' (BZ#2102694)

  • [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407)

  • CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls (BZ#2110562)

  • Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)

  • Unable to start windows VMs on PSI setups (BZ#2115371)

  • [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)

  • Mark Windows 11 as TechPreview (BZ#2129013)

  • 4.11.1 rpms (BZ#2139453)

This advisory contains the following OpenShift Virtualization 4.11.1 images.

RHEL-8-CNV-4.11

virt-cdi-operator-container-v4.11.1-5 virt-cdi-uploadserver-container-v4.11.1-5 virt-cdi-apiserver-container-v4.11.1-5 virt-cdi-importer-container-v4.11.1-5 virt-cdi-controller-container-v4.11.1-5 virt-cdi-cloner-container-v4.11.1-5 virt-cdi-uploadproxy-container-v4.11.1-5 checkup-framework-container-v4.11.1-3 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7 kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7 kubevirt-template-validator-container-v4.11.1-4 virt-handler-container-v4.11.1-5 hostpath-provisioner-operator-container-v4.11.1-4 virt-api-container-v4.11.1-5 vm-network-latency-checkup-container-v4.11.1-3 cluster-network-addons-operator-container-v4.11.1-5 virtio-win-container-v4.11.1-4 virt-launcher-container-v4.11.1-5 ovs-cni-marker-container-v4.11.1-5 hyperconverged-cluster-webhook-container-v4.11.1-7 virt-controller-container-v4.11.1-5 virt-artifacts-server-container-v4.11.1-5 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7 libguestfs-tools-container-v4.11.1-5 hostpath-provisioner-container-v4.11.1-4 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7 kubevirt-tekton-tasks-copy-template-container-v4.11.1-7 cnv-containernetworking-plugins-container-v4.11.1-5 bridge-marker-container-v4.11.1-5 virt-operator-container-v4.11.1-5 hostpath-csi-driver-container-v4.11.1-4 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7 kubemacpool-container-v4.11.1-5 hyperconverged-cluster-operator-container-v4.11.1-7 kubevirt-ssp-operator-container-v4.11.1-4 ovs-cni-plugin-container-v4.11.1-5 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7 kubevirt-tekton-tasks-operator-container-v4.11.1-2 cnv-must-gather-container-v4.11.1-8 kubevirt-console-plugin-container-v4.11.1-9 hco-bundle-registry-container-v4.11.1-49

  1. Bugs fixed (https://bugzilla.redhat.com/):

2033191 - Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression 2070772 - When specifying pciAddress for several SR-IOV NIC they are not correctly propagated to libvirt XML 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2087177 - Restart of VM Pod causes SSH keys to be regenerated within VM 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR 2091856 - ?Edit BootSource? action should have more explicit information when disabled 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2098225 - [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2102694 - Fedora version in DataImportCrons is not 'latest' 2109407 - [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls 2112643 - Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based 2115371 - Unable to start windows VMs on PSI setups 2119613 - GiB changes to B in Template's Edit boot source reference modal 2128554 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass 2128872 - [4.11]Can't restore cloned VM 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2129013 - Mark Windows 11 as TechPreview 2129235 - [RFE] Add "Copy SSH command" to VM action list 2134668 - Cannot edit ssh even vm is stopped 2139453 - 4.11.1 rpms

  1. Bugs fixed (https://bugzilla.redhat.com/):

2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service

  1. JIRA issues fixed (https://issues.jboss.org/):

LOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster LOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch LOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn't support multiple CAs LOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types. LOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value LOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed LOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue LOG-3310 - [release-5.5] Can't choose correct CA ConfigMap Key when creating lokistack in Console LOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat JBoss Web Server 5.7.1 release and security update Advisory ID: RHSA-2022:8917-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2022:8917 Issue date: 2022-12-12 CVE Names: CVE-2022-1292 CVE-2022-2068 ==================================================================== 1. Summary:

An update is now available for Red Hat JBoss Web Server 5.7.1 on Red Hat Enterprise Linux versions 7, 8, and 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat JBoss Web Server 5.7 for RHEL 7 Server - x86_64 Red Hat JBoss Web Server 5.7 for RHEL 8 - x86_64 Red Hat JBoss Web Server 5.7 for RHEL 9 - x86_64

  1. Description:

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.

This release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.

Security Fix(es):

  • openssl: c_rehash script allows command injection (CVE-2022-1292)

  • openssl: the c_rehash script allows command injection (CVE-2022-2068)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Package List:

Red Hat JBoss Web Server 5.7 for RHEL 7 Server:

Source: jws5-tomcat-native-1.2.31-11.redhat_11.el7jws.src.rpm

x86_64: jws5-tomcat-native-1.2.31-11.redhat_11.el7jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-11.redhat_11.el7jws.x86_64.rpm

Red Hat JBoss Web Server 5.7 for RHEL 8:

Source: jws5-tomcat-native-1.2.31-11.redhat_11.el8jws.src.rpm

x86_64: jws5-tomcat-native-1.2.31-11.redhat_11.el8jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-11.redhat_11.el8jws.x86_64.rpm

Red Hat JBoss Web Server 5.7 for RHEL 9:

Source: jws5-tomcat-native-1.2.31-11.redhat_11.el9jws.src.rpm

x86_64: jws5-tomcat-native-1.2.31-11.redhat_11.el9jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-11.redhat_11.el9jws.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBY5dYDtzjgjWX9erEAQihfg/+JKRn1ponld/PXWb0JyTUZp2RsgqRlaoi dFWK8JVr3iIzA8pVUqiy+9fYqvRLvRNv8iyPezTFvlfi70FDLXd58QjxQd2zIcI2 tvwFp3mFYfqT3iEz3PdvhiDpPx9XVeSuXgl8CglshJc4ARkLtdIJzkB6xoWl3fe0 myZzwJChpWzOYvZWZVzPRNzsuAi75pc/y8GwVh+fIlw3iySiskkspGVksXBmoBup XIM0O9ICMJ4jUbNTEZ0AwM6yZX1603sdvW60UarBVjf48vIM8x2ef6h84xEMB/3J eLaUlm5Gm68CQx3Sf+ImCCmYcJ2LmX3KnBMGUhBiQGh2SlEJPKijlrHAhLX7M1YG /yvgd8plwRCAsYTlAJyhcXpBovNtP9io+S4kNy/j/HswvuUcJ+mrJNfZq6AwRnoF cNf2h1+Nl8VlT5YXkbZ0vRW1VbY7L4G1BCiqG2VGdjuOuynXh2URHsdKgs9zHY+5 OMaV16fDbH23t04So+b4hxTsfelUUWEqyKk3qvZESNoFmWPCbaBpzDlawSGEFp5g Ly0SN2cW39creXZ3uYioyMnHKeviSDGX8ik40c7mMYYaGnbgP1mPR8FWu9C3EoWi 0LV3EDSHyFKFxUahjGzKKmjDQtYXPAt9Ci1Vp0OQFhKtAecfmlRZJEZRL4JCgKUd vabHaw7IH20=YAuF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202206-1428",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sannav",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "santricity smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "model": "fas 8300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "aff a400",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h615c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "snapmanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1p"
      },
      {
        "model": "bootstrap os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h610c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "3.0.4"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2zf"
      },
      {
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "3.0.0"
      },
      {
        "model": "aff 8300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "aff 8700",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ontap select deploy administration utility",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ontap antivirus connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1"
      },
      {
        "model": "fas 8700",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "sinec ins",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "model": "h610s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "36"
      },
      {
        "model": "fas a400",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "element software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "model": "h410c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "sinec ins",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-2068"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0.4",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.1p",
                "versionStartIncluding": "1.1.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.2zf",
                "versionStartIncluding": "1.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:ontap_antivirus_connector:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:fas_a400_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:fas_a400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:sannav:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-2068"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168265"
      },
      {
        "db": "PACKETSTORM",
        "id": "168022"
      },
      {
        "db": "PACKETSTORM",
        "id": "168351"
      },
      {
        "db": "PACKETSTORM",
        "id": "168228"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "170083"
      },
      {
        "db": "PACKETSTORM",
        "id": "170162"
      },
      {
        "db": "PACKETSTORM",
        "id": "170197"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2022-2068",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-2068",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-2068",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202206-2112",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-2068",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-2068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2112"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-2068"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068). Description:\n\nSubmariner enables direct networking between pods and services on different\nKubernetes clusters that are either on-premises or in the cloud. \n\nFor more information about Submariner, see the Submariner open source\ncommunity website at: https://submariner.io/. \n\nThis advisory contains bug fixes and enhancements to the Submariner\ncontainer images. Description:\n\nRed Hat Ceph Storage is a scalable, open, software-defined storage platform\nthat combines the most stable version of the Ceph storage system with a\nCeph management platform, deployment utilities, and support services. \n\nSpace precludes documenting all of these changes in this advisory. Users\nare directed to the Red Hat Ceph Storage Release Notes for information on\nthe most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.2/html-single/release_notes/index\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from\nthe Red Hat Ecosystem catalog, which provides numerous enhancements and bug\nfixes. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031228 - CVE-2021-43813 grafana: directory traversal vulnerability\n2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources\n2115198 - build ceph containers for RHCS 5.2 release\n\n5. Summary:\n\nOpenShift API for Data Protection (OADP) 1.1.0 is now available. Description:\n\nOpenShift API for Data Protection (OADP) enables you to back up and restore\napplication resources, persistent volume data, and internal container\nimages to external backup storage. OADP enables both file system-based and\nsnapshot-based backups for persistent volumes. Bugs fixed (https://bugzilla.redhat.com/):\n\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOADP-145 - Restic Restore stuck on InProgress status when app is deployed with DeploymentConfig\nOADP-154 - Ensure support for backing up resources based on different label selectors\nOADP-194 - Remove the registry dependency from OADP\nOADP-199 - Enable support for restore of existing resources\nOADP-224 - Restore silently ignore resources if they exist - restore log not updated\nOADP-225 - Restore doesn\u0027t update velero.io/backup-name when a resource is updated\nOADP-234 - Implementation of incremental restore\nOADP-324 - Add label to Expired backups failing garbage collection\nOADP-382 - 1.1: Update downstream OLM channels to support different x and y-stream releases\nOADP-422 - [GCP] An attempt of snapshoting volumes on CSI storageclass using Velero-native snapshots fails because it\u0027s unable to find the zone\nOADP-423 - CSI Backup is not blocked and does not wait for snapshot to complete\nOADP-478 - volumesnapshotcontent cannot be deleted; SnapshotDeleteError Failed to delete snapshot\nOADP-528 - The volumesnapshotcontent is not removed for the synced backup\nOADP-533 - OADP Backup via Ceph CSI snapshot hangs indefinitely on OpenShift v4.10\nOADP-538 - typo on noDefaultBackupLocation error on DPA CR\nOADP-552 - Validate OADP with 4.11 and Pod Security Admissions\nOADP-558 - Empty Failed Backup CRs can\u0027t be removed\nOADP-585 - OADP 1.0.3: CSI functionality is broken on OCP 4.11 due to missing v1beta1 API version\nOADP-586 - registry deployment still exists on 1.1 build, and the registry pod gets recreated endlessly\nOADP-592 - OADP must-gather add support for insecure tls\nOADP-597 - BSL validation logs\nOADP-598 - Data mover performance on backup blocks backup process\nOADP-599 - [Data Mover] Datamover Restic secret cannot be configured per bsl\nOADP-600 - Operator should validate volsync installation and raise warning if data mover is enabled\nOADP-602 - Support GCP for openshift-velero-plugin registry\nOADP-605 - [OCP 4.11] CSI restore fails with admission webhook \\\"volumesnapshotclasses.snapshot.storage.k8s.io\\\" denied\nOADP-607 - DataMover: VSB is stuck on SnapshotBackupDone\nOADP-610 - Data mover fails if a stale volumesnapshot exists in application namespace\nOADP-613 - DataMover: upstream documentation refers wrong CRs\nOADP-637 - Restic backup fails with CA certificate\nOADP-643 - [Data Mover] VSB and VSR names are not unique\nOADP-644 - VolumeSnapshotBackup and VolumeSnapshotRestore timeouts should be configurable\nOADP-648 - Remove default limits for velero and restic pods\nOADP-652 - Data mover VolSync pod errors with Noobaa\nOADP-655 - DataMover: volsync-dst-vsr pod completes although not all items where restored in the namespace\nOADP-660 - Data mover restic secret does not support Azure\nOADP-698 - DataMover: volume-snapshot-mover pod points to upstream image\nOADP-715 - Restic restore fails: restic-wait container continuously fails with \"Not found: /restores/\u003cpod-volume\u003e/.velero/\u003crestore-UID\u003e\"\nOADP-716 - Incremental restore: second restore of a namespace partially fails\nOADP-736 - Data mover VSB always fails with volsync 0.5\n\n6. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/\n\nSecurity fixes:\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* Submariner Globalnet e2e tests failed on MTU between On-Prem to Public\nclusters (BZ# 2074547)\n\n* OCP 4.11 - Install fails because of: pods\n\"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate\nagainst any security context constrain (BZ# 2082254)\n\n* subctl gather fails to gather libreswan data if CableDriver field is\nmissing/empty in Submariner Spec (BZ# 2083659)\n\n* Yaml editor for creating vSphere cluster moves to next line after typing\n(BZ# 2086883)\n\n* Submariner addon status doesn\u0027t track all deployment failures (BZ#\n2090311)\n\n* Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn\nwithout including s3 secret (BZ# 2091170)\n\n* After switching to ACM 2.5 the managed clusters log \"unable to create\nClusterClaim\" errors (BZ# 2095481)\n\n* Enforce failed and report the violation after modified memory value in\nlimitrange policy (BZ# 2100036)\n\n* Creating an application fails with \"This application has no subscription\nmatch selector (spec.selector.matchExpressions)\" (BZ# 2101577)\n\n* Inconsistent cluster resource statuses between \"All Subscription\"\ntopology and individual topologies (BZ# 2102273)\n\n* managed cluster is in \"unknown\" state for 120 mins after OADP restore\n\n* RHACM 2.5.2 images (BZ# 2104553)\n\n* Subscription UI does not allow binding to label with empty value (BZ#\n2104961)\n\n* Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ#\n2106069)\n\n* Region information is not available for Azure cloud in managedcluster CR\n(BZ# 2107134)\n\n* cluster uninstall log points to incorrect container name (BZ# 2107359)\n\n* ACM shows wrong path for Argo CD applicationset git generator (BZ#\n2107885)\n\n* Single node checkbox not visible for 4.11 images (BZ# 2109134)\n\n* Unable to deploy hypershift cluster when enabling\nvalidate-cluster-security (BZ# 2109544)\n\n* Deletion of Application (including app related resources) from the\nconsole fails to delete PlacementRule for the application (BZ# 20110026)\n\n* After the creation by a policy of job or deployment (in case the object\nis missing)ACM is trying to add new containers instead of updating (BZ#\n2117728)\n\n* pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)\n\n* ArgoCD and AppSet Applications do not deploy to local-cluster (BZ#\n2124707)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters\n2082254 - OCP 4.11 - Install fails because of: pods \"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate against any security context constraint\n2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec\n2086883 - Yaml editor for creating vSphere cluster moves to next line after typing\n2090311 - Submariner addon status doesn\u0027t track all deployment failures\n2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret\n2095481 - After switching to ACM 2.5 the managed clusters log \"unable to create ClusterClaim\" errors\n2100036 - Enforce failed and report the violation after modified memory value in limitrange policy\n2101577 - Creating an application fails with \"This application has no subscription match selector (spec.selector.matchExpressions)\"\n2102273 - Inconsistent cluster resource statuses between \"All Subscription\" topology and individual topologies\n2103653 - managed cluster is in \"unknown\" state for 120 mins after OADP restore\n2104553 - RHACM 2.5.2 images\n2104961 - Subscription UI does not allow binding to label with empty value\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD\n2107134 - Region information is not available for Azure cloud in managedcluster CR\n2107359 - cluster uninstall log points to incorrect container name\n2107885 - ACM shows wrong path for Argo CD applicationset git generator\n2109134 - Single node checkbox not visible for 4.11 images\n2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application\n2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating\n2122292 - pods in CrashLoopBackoff on 3.11 managed cluster\n2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster\n2124794 - CVE-2022-36067 vm2:  Sandbox Escape in vm2\n\n5. \n\nBug Fix(es):\n\n* Cloning a Block DV to VM with Filesystem with not big enough size comes\nto endless loop - using pvc api (BZ#2033191)\n\n* Restart of VM Pod causes SSH keys to be regenerated within VM\n(BZ#2087177)\n\n* Import gzipped raw file causes image to be downloaded and uncompressed to\nTMPDIR (BZ#2089391)\n\n* [4.11] VM Snapshot Restore hangs indefinitely when backed by a\nsnapshotclass (BZ#2098225)\n\n* Fedora version in DataImportCrons is not \u0027latest\u0027 (BZ#2102694)\n\n* [4.11] Cloned VM\u0027s snapshot restore fails if the source VM disk is\ndeleted (BZ#2109407)\n\n* CNV introduces a compliance check fail in \"ocp4-moderate\" profile -\nroutes-protected-by-tls (BZ#2110562)\n\n* Nightly build: v4.11.0-578: index format was changed in 4.11 to\nfile-based instead of sqlite-based (BZ#2112643)\n\n* Unable to start windows VMs on PSI setups (BZ#2115371)\n\n* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity\nrestricted:v1.24 (BZ#2128997)\n\n* Mark Windows 11 as TechPreview (BZ#2129013)\n\n* 4.11.1 rpms (BZ#2139453)\n\nThis advisory contains the following OpenShift Virtualization 4.11.1\nimages. \n\nRHEL-8-CNV-4.11\n\nvirt-cdi-operator-container-v4.11.1-5\nvirt-cdi-uploadserver-container-v4.11.1-5\nvirt-cdi-apiserver-container-v4.11.1-5\nvirt-cdi-importer-container-v4.11.1-5\nvirt-cdi-controller-container-v4.11.1-5\nvirt-cdi-cloner-container-v4.11.1-5\nvirt-cdi-uploadproxy-container-v4.11.1-5\ncheckup-framework-container-v4.11.1-3\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7\nkubevirt-template-validator-container-v4.11.1-4\nvirt-handler-container-v4.11.1-5\nhostpath-provisioner-operator-container-v4.11.1-4\nvirt-api-container-v4.11.1-5\nvm-network-latency-checkup-container-v4.11.1-3\ncluster-network-addons-operator-container-v4.11.1-5\nvirtio-win-container-v4.11.1-4\nvirt-launcher-container-v4.11.1-5\novs-cni-marker-container-v4.11.1-5\nhyperconverged-cluster-webhook-container-v4.11.1-7\nvirt-controller-container-v4.11.1-5\nvirt-artifacts-server-container-v4.11.1-5\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7\nlibguestfs-tools-container-v4.11.1-5\nhostpath-provisioner-container-v4.11.1-4\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.1-7\ncnv-containernetworking-plugins-container-v4.11.1-5\nbridge-marker-container-v4.11.1-5\nvirt-operator-container-v4.11.1-5\nhostpath-csi-driver-container-v4.11.1-4\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7\nkubemacpool-container-v4.11.1-5\nhyperconverged-cluster-operator-container-v4.11.1-7\nkubevirt-ssp-operator-container-v4.11.1-4\novs-cni-plugin-container-v4.11.1-5\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7\nkubevirt-tekton-tasks-operator-container-v4.11.1-2\ncnv-must-gather-container-v4.11.1-8\nkubevirt-console-plugin-container-v4.11.1-9\nhco-bundle-registry-container-v4.11.1-49\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2033191 - Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api\n2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression\n2070772 - When specifying pciAddress for several SR-IOV NIC they are not correctly propagated to libvirt XML\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2087177 - Restart of VM Pod causes SSH keys to be regenerated within VM\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2098225 - [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2102694 - Fedora version in DataImportCrons is not \u0027latest\u0027\n2109407 - [4.11] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2112643 - Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based\n2115371 - Unable to start windows VMs on PSI setups\n2119613 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2128554 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129235 - [RFE] Add \"Copy SSH command\" to VM action list\n2134668 - Cannot edit ssh even vm is stopped\n2139453 - 4.11.1 rpms\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service\n2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY\n2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers\n2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays\n2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster\nLOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch\nLOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn\u0027t support multiple CAs\nLOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types. \nLOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value\nLOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed\nLOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue\nLOG-3310 - [release-5.5] Can\u0027t choose correct CA ConfigMap Key when creating lokistack in Console\nLOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat JBoss Web Server 5.7.1 release and security update\nAdvisory ID:       RHSA-2022:8917-01\nProduct:           Red Hat JBoss Web Server\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:8917\nIssue date:        2022-12-12\nCVE Names:         CVE-2022-1292 CVE-2022-2068\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Web Server 5.7.1 on Red Hat\nEnterprise Linux versions 7, 8, and 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Web Server 5.7 for RHEL 7 Server - x86_64\nRed Hat JBoss Web Server 5.7 for RHEL 8 - x86_64\nRed Hat JBoss Web Server 5.7 for RHEL 9 - x86_64\n\n3. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. \n\nThis release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for\nRed Hat JBoss Web Server 5.7.0. This release includes bug fixes,\nenhancements and component upgrades, which are documented in the Release\nNotes, linked to in the References. \n\nSecurity Fix(es):\n\n* openssl: c_rehash script allows command injection (CVE-2022-1292)\n\n* openssl: the c_rehash script allows command injection (CVE-2022-2068)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat JBoss Web Server 5.7 for RHEL 7 Server:\n\nSource:\njws5-tomcat-native-1.2.31-11.redhat_11.el7jws.src.rpm\n\nx86_64:\njws5-tomcat-native-1.2.31-11.redhat_11.el7jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.31-11.redhat_11.el7jws.x86_64.rpm\n\nRed Hat JBoss Web Server 5.7 for RHEL 8:\n\nSource:\njws5-tomcat-native-1.2.31-11.redhat_11.el8jws.src.rpm\n\nx86_64:\njws5-tomcat-native-1.2.31-11.redhat_11.el8jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.31-11.redhat_11.el8jws.x86_64.rpm\n\nRed Hat JBoss Web Server 5.7 for RHEL 9:\n\nSource:\njws5-tomcat-native-1.2.31-11.redhat_11.el9jws.src.rpm\n\nx86_64:\njws5-tomcat-native-1.2.31-11.redhat_11.el9jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.31-11.redhat_11.el9jws.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY5dYDtzjgjWX9erEAQihfg/+JKRn1ponld/PXWb0JyTUZp2RsgqRlaoi\ndFWK8JVr3iIzA8pVUqiy+9fYqvRLvRNv8iyPezTFvlfi70FDLXd58QjxQd2zIcI2\ntvwFp3mFYfqT3iEz3PdvhiDpPx9XVeSuXgl8CglshJc4ARkLtdIJzkB6xoWl3fe0\nmyZzwJChpWzOYvZWZVzPRNzsuAi75pc/y8GwVh+fIlw3iySiskkspGVksXBmoBup\nXIM0O9ICMJ4jUbNTEZ0AwM6yZX1603sdvW60UarBVjf48vIM8x2ef6h84xEMB/3J\neLaUlm5Gm68CQx3Sf+ImCCmYcJ2LmX3KnBMGUhBiQGh2SlEJPKijlrHAhLX7M1YG\n/yvgd8plwRCAsYTlAJyhcXpBovNtP9io+S4kNy/j/HswvuUcJ+mrJNfZq6AwRnoF\ncNf2h1+Nl8VlT5YXkbZ0vRW1VbY7L4G1BCiqG2VGdjuOuynXh2URHsdKgs9zHY+5\nOMaV16fDbH23t04So+b4hxTsfelUUWEqyKk3qvZESNoFmWPCbaBpzDlawSGEFp5g\nLy0SN2cW39creXZ3uYioyMnHKeviSDGX8ik40c7mMYYaGnbgP1mPR8FWu9C3EoWi\n0LV3EDSHyFKFxUahjGzKKmjDQtYXPAt9Ci1Vp0OQFhKtAecfmlRZJEZRL4JCgKUd\nvabHaw7IH20=YAuF\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-2068"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-2068"
      },
      {
        "db": "PACKETSTORM",
        "id": "168265"
      },
      {
        "db": "PACKETSTORM",
        "id": "168022"
      },
      {
        "db": "PACKETSTORM",
        "id": "168351"
      },
      {
        "db": "PACKETSTORM",
        "id": "168228"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "170083"
      },
      {
        "db": "PACKETSTORM",
        "id": "170162"
      },
      {
        "db": "PACKETSTORM",
        "id": "170197"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-2068",
        "trust": 2.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-332410",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-319-01",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "168022",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "168351",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "168378",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "170197",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "167713",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "168204",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "167948",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "168284",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "168538",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "168112",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "168222",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "168182",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "167564",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "168187",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "168387",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "169443",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1430",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3269",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3109",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5961",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3355",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6290",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4296",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4122",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4568",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4099",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4747",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3145",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4167",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4233",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4669",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6434",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4323",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3034",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3977",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3814",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4525",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4601",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5247",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022070615",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022070209",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022062906",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022070434",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022071151",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022070712",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2112",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-2068",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168265",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168228",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168289",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170083",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170162",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-2068"
      },
      {
        "db": "PACKETSTORM",
        "id": "168265"
      },
      {
        "db": "PACKETSTORM",
        "id": "168022"
      },
      {
        "db": "PACKETSTORM",
        "id": "168351"
      },
      {
        "db": "PACKETSTORM",
        "id": "168228"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "170083"
      },
      {
        "db": "PACKETSTORM",
        "id": "170162"
      },
      {
        "db": "PACKETSTORM",
        "id": "170197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2112"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-2068"
      }
    ]
  },
  "id": "VAR-202206-1428",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.416330645
  },
  "last_update_date": "2024-07-23T19:47:22.503000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "OpenSSL Fixes for operating system command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=197983"
      },
      {
        "title": "Debian Security Advisories: DSA-5169-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6b57464ee127384d3d853e9cc99cf350"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2022-1626",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2022-1626"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openssl: CVE-2022-2097",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=740b837c53d462fc86f3cb0849b86ca0"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2022-2068"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2022-1832",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2022-1832"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2022-1831",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2022-1831"
      },
      {
        "title": "Amazon Linux 2: ALASOPENSSL-SNAPSAFE-2023-001",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alasopenssl-snapsafe-2023-001"
      },
      {
        "title": "Red Hat: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-2068"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.7.1 release and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228917 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.7.1 release and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228913 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225818 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat Satellite Client security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20235982 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: openssl security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226224 - security advisory"
      },
      {
        "title": "Red Hat: Important: Release of containers for OSP 16.2.z director operator tech preview",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226517 - security advisory"
      },
      {
        "title": "Red Hat: Important: Self Node Remediation Operator 0.4.1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226184 - security advisory"
      },
      {
        "title": "Red Hat: Important: Satellite 6.11.5.6 async security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20235980 - security advisory"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-123",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-123"
      },
      {
        "title": "Red Hat: Important: Satellite 6.12.5.2 Async Security Update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20235979 - security advisory"
      },
      {
        "title": "Red Hat: Critical: Multicluster Engine for Kubernetes 2.0.2 security and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226422 - security advisory"
      },
      {
        "title": "Brocade Security Advisories: Access Denied",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=8efbc4133194fcddd0bca99df112b683"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.11.1 bug fix and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226103 - security advisory"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-195",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-195"
      },
      {
        "title": "Red Hat: Important: Node Maintenance Operator 4.11.1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226188 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Openshift Logging Security and Bug Fix update (5.3.11)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226182 - security advisory"
      },
      {
        "title": "Red Hat: Important: Logging Subsystem 5.5.0 - Red Hat OpenShift security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226051 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat OpenShift Service Mesh 2.2.2 Containers security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226283 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Logging Subsystem 5.4.5 Security and Bug Fix Update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226183 - security advisory"
      },
      {
        "title": "Red Hat: Critical: Red Hat Advanced Cluster Management 2.5.2 security fixes and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226507 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: RHOSDT 2.6.0 operator/operand containers Security Update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20227055 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift sandboxed containers 1.3.1 security fix and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20227058 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228840 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: New container image for Red Hat Ceph Storage 5.2 Security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226024 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: RHACS 3.72 enhancement and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226714 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226290 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Gatekeeper Operator v0.2 security and container updates",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226348 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Multicluster Engine for Kubernetes 2.1 security updates and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226345 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228841 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: RHSA: Submariner 0.13 - security and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226346 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226430 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226370 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.12 security updates and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226271 - security advisory"
      },
      {
        "title": "Red Hat: Critical: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226696 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, \u0026 bugfix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226156 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Virtualization 4.11.1 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228750 - security advisory"
      },
      {
        "title": "Red Hat: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226526 - security advisory"
      },
      {
        "title": "Red Hat: Important: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226429 - security advisory"
      },
      {
        "title": "Red Hat: Important: OpenShift Virtualization 4.12.0 Images security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20230408 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Openshift Logging 5.3.14 bug fix release and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228889 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228781 - security advisory"
      },
      {
        "title": "Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225069 - security advisory"
      },
      {
        "title": "Smart Check Scan-Report",
        "trust": 0.1,
        "url": "https://github.com/mawinkler/c1-cs-scan-result "
      },
      {
        "title": "Repository with scripts to verify system against CVE",
        "trust": 0.1,
        "url": "https://github.com/backloop-biz/vulnerability_checker "
      },
      {
        "title": "https://github.com/jntass/TASSL-1.1.1",
        "trust": 0.1,
        "url": "https://github.com/jntass/tassl-1.1.1 "
      },
      {
        "title": "Repository with scripts to verify system against CVE",
        "trust": 0.1,
        "url": "https://github.com/backloop-biz/cve_checks "
      },
      {
        "title": "https://github.com/tianocore-docs/ThirdPartySecurityAdvisories",
        "trust": 0.1,
        "url": "https://github.com/tianocore-docs/thirdpartysecurityadvisories "
      },
      {
        "title": "OpenSSL-CVE-lib",
        "trust": 0.1,
        "url": "https://github.com/chnzzh/openssl-cve-lib "
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2022/06/27/openssl_304_memory_corruption_bug/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-2068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2112"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-2068"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2022/dsa-5169"
      },
      {
        "trust": 1.7,
        "url": "https://www.openssl.org/news/secadv/20220621.txt"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20220707-0008/"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=2c9c35870601b4a44d86ddbf512b38df38285cfa"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=9639817dac8bbbaa64d09efad7464ccc405527c7"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6wzzbkuhqfgskgnxxkicsrpl7amvw5m5/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vcmnwkerpbkoebnl7clttx3zzczlh7xa/"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/cve/cve-2022-1292"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/cve/cve-2022-2068"
      },
      {
        "trust": 0.9,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.9,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-2097"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-1586"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-32206"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-32208"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6wzzbkuhqfgskgnxxkicsrpl7amvw5m5/"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vcmnwkerpbkoebnl7clttx3zzczlh7xa/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4747"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3977"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4669"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170197/red-hat-security-advisory-2022-8917-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3814"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168538/red-hat-security-advisory-2022-6696-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167948/red-hat-security-advisory-2022-5818-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168222/red-hat-security-advisory-2022-6283-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022062906"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168182/red-hat-security-advisory-2022-6184-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6290"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168204/red-hat-security-advisory-2022-6224-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4099"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4296"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4233"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6434"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3145"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022070209"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168378/red-hat-security-advisory-2022-6507-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5247"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5961"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3269"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167713/ubuntu-security-notice-usn-5488-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3109"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-2068/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168112/red-hat-security-advisory-2022-6051-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022071151"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168187/red-hat-security-advisory-2022-6188-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168284/red-hat-security-advisory-2022-6183-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1430"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-319-01"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168351/red-hat-security-advisory-2022-6430-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4167"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167564/ubuntu-security-notice-usn-5488-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3034"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022070615"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168022/red-hat-security-advisory-2022-6024-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4122"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4323"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3355"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022070434"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4525"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169443/red-hat-security-advisory-2022-7058-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022070712"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4568"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168387/red-hat-security-advisory-2022-6517-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4601"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-1785"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-1897"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-1927"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-29154"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-25314"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-30629"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-25313"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-40528"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-30631"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-2526"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-29824"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-24675"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-38561"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-32148"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1962"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30630"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1962"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3634"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-21698"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26691"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3634"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24675"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1271"
      },
      {
        "trust": 0.2,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-28327"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3709"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1304"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26700"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26716"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26710"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-2509"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22629"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26719"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26717"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22662"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27404"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-34903"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22624"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-3515"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-37434"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27406"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35525"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-26709"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22628"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27405"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35527"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30293"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/backloop-biz/vulnerability_checker"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-319-01"
      },
      {
        "trust": 0.1,
        "url": "https://alas.aws.amazon.com/alas-2022-1626.html"
      },
      {
        "trust": 0.1,
        "url": "https://submariner.io/getting-started/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6346"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30635"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29824"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28131"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28131"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30633"
      },
      {
        "trust": 0.1,
        "url": "https://submariner.io/."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30632"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30629"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/submariner#submariner-deploy-console"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43813"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27782"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27776"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0670"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22576"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.2/html-single/release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43813"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/1548993"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27774"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0670"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/2789521"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21673"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21673"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6024"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6430"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26691"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6290"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6507"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32250"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-36067"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1012"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32250"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-31129"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6182"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-0308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-38177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25309"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30698"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30699"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24921"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0256"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25310"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-20107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40674"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24795"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:8750"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-38178"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22844"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28390"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30002"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24448"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27950"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3640"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36558"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0168"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0854"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-20368"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0617"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0562"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2586"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:8781"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25255"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41715"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0168"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30002"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36516"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1016"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28893"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0854"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3640"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21618"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2078"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0891"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0617"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21626"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-39399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-36946"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0562"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42003"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1055"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26373"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2938"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1355"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32189"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0909"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1048"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36516"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0561"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0924"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2880"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23960"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36518"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36558"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0908"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29581"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0561"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1184"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21499"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2639"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21628"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42004"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27664"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-37603"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:8917"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-2068"
      },
      {
        "db": "PACKETSTORM",
        "id": "168265"
      },
      {
        "db": "PACKETSTORM",
        "id": "168022"
      },
      {
        "db": "PACKETSTORM",
        "id": "168351"
      },
      {
        "db": "PACKETSTORM",
        "id": "168228"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "170083"
      },
      {
        "db": "PACKETSTORM",
        "id": "170162"
      },
      {
        "db": "PACKETSTORM",
        "id": "170197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2112"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-2068"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2022-2068"
      },
      {
        "db": "PACKETSTORM",
        "id": "168265"
      },
      {
        "db": "PACKETSTORM",
        "id": "168022"
      },
      {
        "db": "PACKETSTORM",
        "id": "168351"
      },
      {
        "db": "PACKETSTORM",
        "id": "168228"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "170083"
      },
      {
        "db": "PACKETSTORM",
        "id": "170162"
      },
      {
        "db": "PACKETSTORM",
        "id": "170197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2112"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-2068"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-06-21T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-2068"
      },
      {
        "date": "2022-09-07T16:37:33",
        "db": "PACKETSTORM",
        "id": "168265"
      },
      {
        "date": "2022-08-10T15:50:41",
        "db": "PACKETSTORM",
        "id": "168022"
      },
      {
        "date": "2022-09-13T15:41:58",
        "db": "PACKETSTORM",
        "id": "168351"
      },
      {
        "date": "2022-09-01T16:34:06",
        "db": "PACKETSTORM",
        "id": "168228"
      },
      {
        "date": "2022-09-14T15:08:07",
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "date": "2022-09-07T17:09:04",
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "date": "2022-12-02T15:57:08",
        "db": "PACKETSTORM",
        "id": "170083"
      },
      {
        "date": "2022-12-08T16:34:22",
        "db": "PACKETSTORM",
        "id": "170162"
      },
      {
        "date": "2022-12-12T23:02:33",
        "db": "PACKETSTORM",
        "id": "170197"
      },
      {
        "date": "2022-06-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202206-2112"
      },
      {
        "date": "2022-06-21T15:15:09.060000",
        "db": "NVD",
        "id": "CVE-2022-2068"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-2068"
      },
      {
        "date": "2023-03-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202206-2112"
      },
      {
        "date": "2023-11-07T03:46:11.177000",
        "db": "NVD",
        "id": "CVE-2022-2068"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2112"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Operating system command injection vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2112"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2112"
      }
    ],
    "trust": 0.6
  }
}

var-202102-1488
Vulnerability from variot

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). Please keep an eye on CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2021-05-25-2 macOS Big Sur 11.4

macOS Big Sur 11.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212529.

AMD Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30678: Yu Wang of Didi Research America

AMD Available for: macOS Big Sur Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A logic issue was addressed with improved state management. CVE-2021-30676: shrek_wzw

App Store Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: A path handling issue was addressed with improved validation. CVE-2021-30688: Thijs Alkemade of Computest Research Division

AppleScript Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30669: Yair Hoffmann

Audio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day Initiative

Audio Available for: macOS Big Sur Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro

Core Services Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2021-30681: Zhongcheng Li (CK01)

CoreAudio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30686: Mickey Jin of Trend Micro

Crash Reporter Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30727: Cees Elzinga

CVMS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro

Dock Available for: macOS Big Sur Impact: A malicious application may be able to access a user's call history Description: An access issue was addressed with improved access restrictions. CVE-2021-30673: Josh Parnham (@joshparnham)

Graphics Drivers Available for: macOS Big Sur Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30684: Liu Long of Ant Security Light-Year Lab

Graphics Drivers Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative

Heimdal Available for: macOS Big Sur Impact: A local user may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)

Heimdal Available for: macOS Big Sur Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: A memory corruption issue was addressed with improved state management. CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)

Heimdal Available for: macOS Big Sur Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A use after free issue was addressed with improved memory management. CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)

ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360

ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security

ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu Security

ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted ASTC file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30705: Ye Zhang of Baidu Security

Intel Graphics Driver Available for: macOS Big Sur Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read issue was addressed by removing the vulnerable code. CVE-2021-30719: an anonymous researcher working with Trend Micro Zero Day Initiative

Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30728: Liu Long of Ant Security Light-Year Lab CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team

Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30740: Linus Henze (pinauten.de)

Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-30704: an anonymous researcher

Kernel Available for: macOS Big Sur Impact: Processing a maliciously crafted message may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)

Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2021-30736: Ian Beer of Google Project Zero

Kernel Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

Kext Management Available for: macOS Big Sur Impact: A local user may be able to load unsigned kernel extensions Description: A logic issue was addressed with improved state management. CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security

LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2021-30677: Ron Waisberg (@epsilan)

Login Window Available for: macOS Big Sur Impact: A person with physical access to a Mac may be able to bypass Login Window Description: A logic issue was addressed with improved state management. CVE-2021-30702: Jewel Lambert of Original Spin, LLC.

Mail Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to misrepresent application state Description: A logic issue was addressed with improved state management. CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster University of Applied Sciences

Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An information disclosure issue was addressed with improved state management. CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro

Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro

Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro

Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A validation issue was addressed with improved logic. CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro

Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro

Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro

Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro

NSOpenPanel Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)

OpenLDAP Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-36226 CVE-2020-36227 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36221 CVE-2020-36228 CVE-2020-36222 CVE-2020-36230 CVE-2020-36229

PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to overwrite arbitrary files Description: An issue with path validation logic for hardlinks was addressed with improved path sanitization. CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl (@theevilbit) of Offensive Security

Security Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. CVE-2021-30737: xerub

smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to perform denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30716: Aleksandar Nikolic of Cisco Talos

smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved state management. CVE-2021-30717: Aleksandar Nikolic of Cisco Talos

smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A path handling issue was addressed with improved validation. CVE-2021-30721: Aleksandar Nikolic of Cisco Talos

smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information disclosure issue was addressed with improved state management. CVE-2021-30722: Aleksandar Nikolic of Cisco Talos

smbx Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30712: Aleksandar Nikolic of Cisco Talos

Software Update Available for: macOS Big Sur Impact: A person with physical access to a Mac may be able to bypass Login Window during a software update Description: This issue was addressed with improved checks. CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro

SoftwareUpdate Available for: macOS Big Sur Impact: A non-privileged user may be able to modify restricted settings Description: This issue was addressed with improved checks. CVE-2021-30718: SiQian Wei of ByteDance Security

TCC Available for: macOS Big Sur Impact: A malicious application may be able to send unauthorized Apple events to Finder Description: A validation issue was addressed with improved logic. CVE-2021-30671: Ryan Bell (@iRyanBell)

TCC Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. Description: A permissions issue was addressed with improved validation. CVE-2021-30713: an anonymous researcher

WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. CVE-2021-30744: Dan Hite of jsontop

WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-21779: Marcin Towalski of Cisco Talos

WebKit Available for: macOS Big Sur Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2021-30682: an anonymous researcher and 1lastBr3ath

WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2021-30689: an anonymous researcher

WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative

WebKit Available for: macOS Big Sur Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A logic issue was addressed with improved restrictions. CVE-2021-30720: David Schütz (@xdavidhu)

WebRTC Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2021-23841: Tavis Ormandy of Google CVE-2021-30698: Tavis Ormandy of Google

Additional recognition

App Store We would like to acknowledge Thijs Alkemade of Computest Research Division for their assistance.

CoreCapture We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant- financial TianQiong Security Lab for their assistance.

ImageIO We would like to acknowledge Jzhu working with Trend Micro Zero Day Initiative and an anonymous researcher for their assistance.

Mail Drafts We would like to acknowledge Lauritz Holtmann (@lauritz) for their assistance.

WebKit We would like to acknowledge Chris Salls (@salls) of Makai Security for their assistance.

Installation note:

This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6 jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ 8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3 CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98 od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk= =Avma -----END PGP SIGNATURE-----

. Bugs fixed (https://bugzilla.redhat.com/):

1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value

  1. JIRA issues fixed (https://issues.jboss.org/):

LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable

  1. 8) - aarch64, ppc64le, s390x, x86_64

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 1965362 - In renegotiated handshake openssl sends extensions which client didn't advertise in second ClientHello [rhel-8]

  1. 8) - noarch

  2. Description:

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

The following packages have been upgraded to a later upstream version: edk2 (20210527gite1999b264f1f). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2021:3798-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3798 Issue date: 2021-10-12 CVE Names: CVE-2021-23840 CVE-2021-23841 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • openssl: integer overflow in CipherUpdate (CVE-2021-23840)

  • openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.2k-22.el7_9.src.rpm

x86_64: openssl-1.0.2k-22.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-libs-1.0.2k-22.el7_9.i686.rpm openssl-libs-1.0.2k-22.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-devel-1.0.2k-22.el7_9.i686.rpm openssl-devel-1.0.2k-22.el7_9.x86_64.rpm openssl-perl-1.0.2k-22.el7_9.x86_64.rpm openssl-static-1.0.2k-22.el7_9.i686.rpm openssl-static-1.0.2k-22.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.2k-22.el7_9.src.rpm

x86_64: openssl-1.0.2k-22.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-libs-1.0.2k-22.el7_9.i686.rpm openssl-libs-1.0.2k-22.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-devel-1.0.2k-22.el7_9.i686.rpm openssl-devel-1.0.2k-22.el7_9.x86_64.rpm openssl-perl-1.0.2k-22.el7_9.x86_64.rpm openssl-static-1.0.2k-22.el7_9.i686.rpm openssl-static-1.0.2k-22.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.2k-22.el7_9.src.rpm

ppc64: openssl-1.0.2k-22.el7_9.ppc64.rpm openssl-debuginfo-1.0.2k-22.el7_9.ppc.rpm openssl-debuginfo-1.0.2k-22.el7_9.ppc64.rpm openssl-devel-1.0.2k-22.el7_9.ppc.rpm openssl-devel-1.0.2k-22.el7_9.ppc64.rpm openssl-libs-1.0.2k-22.el7_9.ppc.rpm openssl-libs-1.0.2k-22.el7_9.ppc64.rpm

ppc64le: openssl-1.0.2k-22.el7_9.ppc64le.rpm openssl-debuginfo-1.0.2k-22.el7_9.ppc64le.rpm openssl-devel-1.0.2k-22.el7_9.ppc64le.rpm openssl-libs-1.0.2k-22.el7_9.ppc64le.rpm

s390x: openssl-1.0.2k-22.el7_9.s390x.rpm openssl-debuginfo-1.0.2k-22.el7_9.s390.rpm openssl-debuginfo-1.0.2k-22.el7_9.s390x.rpm openssl-devel-1.0.2k-22.el7_9.s390.rpm openssl-devel-1.0.2k-22.el7_9.s390x.rpm openssl-libs-1.0.2k-22.el7_9.s390.rpm openssl-libs-1.0.2k-22.el7_9.s390x.rpm

x86_64: openssl-1.0.2k-22.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-devel-1.0.2k-22.el7_9.i686.rpm openssl-devel-1.0.2k-22.el7_9.x86_64.rpm openssl-libs-1.0.2k-22.el7_9.i686.rpm openssl-libs-1.0.2k-22.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.2k-22.el7_9.ppc.rpm openssl-debuginfo-1.0.2k-22.el7_9.ppc64.rpm openssl-perl-1.0.2k-22.el7_9.ppc64.rpm openssl-static-1.0.2k-22.el7_9.ppc.rpm openssl-static-1.0.2k-22.el7_9.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.2k-22.el7_9.ppc64le.rpm openssl-perl-1.0.2k-22.el7_9.ppc64le.rpm openssl-static-1.0.2k-22.el7_9.ppc64le.rpm

s390x: openssl-debuginfo-1.0.2k-22.el7_9.s390.rpm openssl-debuginfo-1.0.2k-22.el7_9.s390x.rpm openssl-perl-1.0.2k-22.el7_9.s390x.rpm openssl-static-1.0.2k-22.el7_9.s390.rpm openssl-static-1.0.2k-22.el7_9.s390x.rpm

x86_64: openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-perl-1.0.2k-22.el7_9.x86_64.rpm openssl-static-1.0.2k-22.el7_9.i686.rpm openssl-static-1.0.2k-22.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.2k-22.el7_9.src.rpm

x86_64: openssl-1.0.2k-22.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-devel-1.0.2k-22.el7_9.i686.rpm openssl-devel-1.0.2k-22.el7_9.x86_64.rpm openssl-libs-1.0.2k-22.el7_9.i686.rpm openssl-libs-1.0.2k-22.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-perl-1.0.2k-22.el7_9.x86_64.rpm openssl-static-1.0.2k-22.el7_9.i686.rpm openssl-static-1.0.2k-22.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYWWqjtzjgjWX9erEAQj4lg/+IFxqmMQqLSvyz8cKUAPgss/+/wFMpRgh ZZxYBQQ0cBFfWFlROVLaRdeiGcZYkyJCRDqy2Yb8YO1A4PnSOc+htLFYmSmU2kcm QLHinOzGEZo/44vN7Qsl4WhJkJIdlysCwKpkkOCUprMEnhlWMvja2eSSG9JLH16d RqGe4AsJQLKSKLgmhejCOqxb9am+t9zBW0zaZHP4UR52Ju1rG5rLjBJ85Gcrmp2B vp/GVEQ/Asid4MZA2WTx+s6wj5Dt7JOdLWrUbcYAC0I8oPWbAoZJTfPkM7S6Xv+U 68iruVFTh74IkCbQ+SNLoYjiDAVJqtAVRVBha7Fd3/gWR6aJLLaqluLRGvd0mwXY pohCS0ynuMQ9wtYOJ3ezSVcBN+/d9Hs/3s8RWQTzrNG6jtBe57H9/tNkeSVFSVvu PMKXsUoOrIUE2HCflJytDB9wkQmsWxiZoH/xVlrtD0D11egZ4EWjJL6x+xtCTAkT u67CAwsCKxxCeNmz42uBtXSwFXoUapJnsviGzAx247T2pyuXlYMYHlsOy7CtBvIk jEEosCMM72UyXO4XsYTXc0jM3ze6iQTcF9irwhy+X+rTB4IXBubdUEoT0jnKlwfI BQvoPEBlcG+f0VU8BL+FCOosvM0ZqC7KGGOwJLoG1Vqz8rbtmhpcmNAOvzUiHdm3 T4OjSl1NzQQ= =Taj2 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

Red Hat Advanced Cluster Management for Kubernetes 2.1.12 images

Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

Container updates:

  • RHACM 2.1.12 images (BZ# 2007489)

  • Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

2007489 - RHACM 2.1.12 images 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings

  1. Bugs fixed (https://bugzilla.redhat.com/):

1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment

  1. JIRA issues fixed (https://issues.jboss.org/):

LOG-1168 - Disable hostname verification in syslog TLS settings LOG-1235 - Using HTTPS without a secret does not translate into the correct 'scheme' value in Fluentd LOG-1375 - ssl_ca_cert should be optional LOG-1378 - CLO should support sasl_plaintext(Password over http) LOG-1392 - In fluentd config, flush_interval can't be set with flush_mode=immediate LOG-1494 - Syslog output is serializing json incorrectly LOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server LOG-1575 - Rejected by Elasticsearch and unexpected json-parsing LOG-1735 - Regression introducing flush_at_shutdown LOG-1774 - The collector logs should be excluded in fluent.conf LOG-1776 - fluentd total_limit_size sets value beyond available space LOG-1822 - OpenShift Alerting Rules Style-Guide Compliance LOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled LOG-1862 - Unsupported kafka parameters when enabled Kafka SASL LOG-1903 - Fix the Display of ClusterLogging type in OLM LOG-1911 - CLF API changes to Opt-in to multiline error detection LOG-1918 - Alert FluentdNodeDown always firing LOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding

  1. Red Hat OpenShift Container Storage is highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provides a multicloud data management service with an S3 compatible API.

Bug Fix(es):

  • Previously, when the namespace store target was deleted, no alert was sent to the namespace bucket because of an issue in calculating the namespace bucket health. With this update, the issue in calculating the namespace bucket health is fixed and alerts are triggered as expected. (BZ#1993873)

  • Previously, the Multicloud Object Gateway (MCG) components performed slowly and there was a lot of pressure on the MCG components due to non-optimized database queries. With this update the non-optimized database queries are fixed which reduces the compute resources and time taken for queries. Bugs fixed (https://bugzilla.redhat.com/):

1993873 - [4.8.z clone] Alert NooBaaNamespaceBucketErrorState is not triggered when namespacestore's target bucket is deleted 2006958 - CVE-2020-26301 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input

  1. Bugs fixed (https://bugzilla.redhat.com/):

1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option

5

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202102-1488",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.57"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1j"
      },
      {
        "model": "mysql server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.15"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.6"
      },
      {
        "model": "mysql server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.23"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.4.0.0"
      },
      {
        "model": "nessus network monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.13.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "sinec ins",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "model": "snapcenter",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.3.5"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.59"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.58"
      },
      {
        "model": "mysql server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.33"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.1.1"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "tenable.sc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.13.0"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.5.0.0.0"
      },
      {
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.0.0.2"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.6"
      },
      {
        "model": "communications cloud native core policy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.15.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2y"
      },
      {
        "model": "oncommand insight",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "nessus network monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.12.0"
      },
      {
        "model": "nessus network monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.12.1"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.4"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1"
      },
      {
        "model": "nessus network monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.11.0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.23"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.9.0.0.0"
      },
      {
        "model": "nessus network monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.11.1"
      },
      {
        "model": "essbase",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.2"
      },
      {
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "20.3.1.2"
      },
      {
        "model": "tenable.sc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.17.0"
      },
      {
        "model": "zfs storage appliance kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.8"
      },
      {
        "model": "jd edwards world security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "a9.4"
      },
      {
        "model": "sinec ins",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "model": "enterprise manager for storage management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.4.0.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-23841"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.2y",
                "versionStartIncluding": "1.0.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.1j",
                "versionStartIncluding": "1.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.17.0",
                "versionStartIncluding": "5.13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.4",
                "versionStartIncluding": "11.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.1.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.23",
                "versionStartIncluding": "8.0.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.7.33",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.23",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-23841"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "164889"
      },
      {
        "db": "PACKETSTORM",
        "id": "164890"
      },
      {
        "db": "PACKETSTORM",
        "id": "164562"
      },
      {
        "db": "PACKETSTORM",
        "id": "164489"
      },
      {
        "db": "PACKETSTORM",
        "id": "164583"
      },
      {
        "db": "PACKETSTORM",
        "id": "164967"
      },
      {
        "db": "PACKETSTORM",
        "id": "165096"
      },
      {
        "db": "PACKETSTORM",
        "id": "165002"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2021-23841",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-382524",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-23841",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-382524",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382524"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23841"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). Please keep an eye on CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-05-25-2 macOS Big Sur 11.4\n\nmacOS Big Sur 11.4 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212529. \n\nAMD\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30678: Yu Wang of Didi Research America\n\nAMD\nAvailable for: macOS Big Sur\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30676: shrek_wzw\n\nApp Store\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2021-30688: Thijs Alkemade of Computest Research Division\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30669: Yair Hoffmann\n\nAudio\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30707: hjy79425575 working with Trend Micro Zero Day\nInitiative\n\nAudio\nAvailable for: macOS Big Sur\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information\nDescription: This issue was addressed with improved checks. \nCVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro\n\nCore Services\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2021-30681: Zhongcheng Li (CK01)\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30686: Mickey Jin of Trend Micro\n\nCrash Reporter\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30727: Cees Elzinga\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate  their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro\n\nDock\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to access a user\u0027s call\nhistory\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2021-30673: Josh Parnham (@joshparnham)\n\nGraphics Drivers\nAvailable for: macOS Big Sur\nImpact: A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30684: Liu Long of Ant Security Light-Year Lab\n\nGraphics Drivers\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems)\nworking with Trend Micro Zero Day Initiative\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: A local user may be able to leak sensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30697: Gabe Kirkpatrick (@gabe_k)\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: A malicious application may cause a denial of service or\npotentially disclose memory contents\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30710: Gabe Kirkpatrick (@gabe_k)\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: A malicious application could execute arbitrary code leading\nto compromise of user information\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30683: Gabe Kirkpatrick (@gabe_k)\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to disclosure\nof user information\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to disclosure\nof user information\nDescription: This issue was addressed with improved checks. \nCVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of\nBaidu Security\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted ASTC file may disclose\nmemory contents\nDescription: This issue was addressed with improved checks. \nCVE-2021-30705: Ye Zhang of Baidu Security\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: An out-of-bounds read issue was addressed by removing\nthe vulnerable code. \nCVE-2021-30719: an anonymous researcher working with Trend Micro Zero\nDay Initiative\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-30728: Liu Long of Ant Security Light-Year Lab\nCVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30740: Linus Henze (pinauten.de)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30704: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted message may lead to a denial\nof service\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30715: The UK\u0027s National Cyber Security Centre (NCSC)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2021-30736: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nKext Management\nAvailable for: macOS Big Sur\nImpact: A local user may be able to load unsigned kernel extensions\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2021-30677: Ron Waisberg (@epsilan)\n\nLogin Window\nAvailable for: macOS Big Sur\nImpact: A person with physical access to a Mac may be able to bypass\nLogin Window\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30702: Jewel Lambert of Original Spin, LLC. \n\nMail\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged network position may be able to\nmisrepresent application state\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30696: Fabian Ising and Damian Poddebniak of M\u00fcnster\nUniversity of Applied Sciences\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro\nCVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro\nCVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro\nCVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-30693: Mickey Jin (@patch1t) \u0026 Junzhi Lu (@pwn0rz) of Trend\nMicro\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30695: Mickey Jin (@patch1t) \u0026 Junzhi Lu (@pwn0rz) of Trend\nMicro\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30708: Mickey Jin (@patch1t) \u0026 Junzhi Lu (@pwn0rz) of Trend\nMicro\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: This issue was addressed with improved checks. \nCVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro\n\nNSOpenPanel\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2021-30679: Gabe Kirkpatrick (@gabe_k)\n\nOpenLDAP\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-36226\nCVE-2020-36227\nCVE-2020-36223\nCVE-2020-36224\nCVE-2020-36225\nCVE-2020-36221\nCVE-2020-36228\nCVE-2020-36222\nCVE-2020-36230\nCVE-2020-36229\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: An issue with path validation logic for hardlinks was\naddressed with improved path sanitization. \nCVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl\n(@theevilbit) of Offensive Security\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue in the ASN.1 decoder was\naddressed by removing the vulnerable code. \nCVE-2021-30737: xerub\n\nsmbx\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged network position may be able to\nperform denial of service\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30716: Aleksandar Nikolic of Cisco Talos\n\nsmbx\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30717: Aleksandar Nikolic of Cisco Talos\n\nsmbx\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2021-30721: Aleksandar Nikolic of Cisco Talos\n\nsmbx\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2021-30722: Aleksandar Nikolic of Cisco Talos\n\nsmbx\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30712: Aleksandar Nikolic of Cisco Talos\n\nSoftware Update\nAvailable for: macOS Big Sur\nImpact: A person with physical access to a Mac may be able to bypass\nLogin Window during a software update\nDescription: This issue was addressed with improved checks. \nCVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro\n\nSoftwareUpdate\nAvailable for: macOS Big Sur\nImpact: A non-privileged user may be able to modify restricted\nsettings\nDescription: This issue was addressed with improved checks. \nCVE-2021-30718: SiQian Wei of ByteDance Security\n\nTCC\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to send unauthorized\nApple events to Finder\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-30671: Ryan Bell (@iRyanBell)\n\nTCC\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences. Apple is aware of a report that this issue may have been\nactively exploited. \nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2021-30713: an anonymous researcher\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A cross-origin issue with iframe elements was addressed\nwith improved tracking of security origins. \nCVE-2021-30744: Dan Hite of jsontop\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-21779: Marcin Towalski of Cisco Talos\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30682: an anonymous researcher and 1lastBr3ath\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30689: an anonymous researcher\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,\nASU. working with Trend Micro Zero Day Initiative\nCVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)\nworking with Trend Micro Zero Day Initiative\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: A malicious website may be able to access restricted ports on\narbitrary servers\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30720: David Sch\u00fctz (@xdavidhu)\n\nWebRTC\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A null pointer dereference was addressed with improved\ninput validation. \nCVE-2021-23841: Tavis Ormandy of Google\nCVE-2021-30698: Tavis Ormandy of Google\n\nAdditional recognition\n\nApp Store\nWe would like to acknowledge Thijs Alkemade of Computest Research\nDivision for their assistance. \n\nCoreCapture\nWe would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-\nfinancial TianQiong Security Lab for their assistance. \n\nImageIO\nWe would like to acknowledge Jzhu working with Trend Micro Zero Day\nInitiative and an anonymous researcher for their assistance. \n\nMail Drafts\nWe would like to acknowledge Lauritz Holtmann (@_lauritz_) for their\nassistance. \n\nWebKit\nWe would like to acknowledge Chris Salls (@salls) of Makai Security\nfor their assistance. \n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6\njjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q\nvsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ\n8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o\nmuP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3\nCurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM\nhJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv\nesIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB\nmP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ\nrjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa\nWAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98\nod2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk=\n=Avma\n-----END PGP SIGNATURE-----\n\n\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\n\n6. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n1965362 - In renegotiated handshake openssl sends extensions which client didn\u0027t advertise in second ClientHello [rhel-8]\n\n6. 8) - noarch\n\n3. Description:\n\nEDK (Embedded Development Kit) is a project to enable UEFI support for\nVirtual Machines. This package contains a sample 64-bit UEFI firmware for\nQEMU and KVM. \n\nThe following packages have been upgraded to a later upstream version: edk2\n(20210527gite1999b264f1f). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2021:3798-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:3798\nIssue date:        2021-10-12\nCVE Names:         CVE-2021-23840 CVE-2021-23841 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n(CVE-2021-23841)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.2k-22.el7_9.src.rpm\n\nx86_64:\nopenssl-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.i686.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-libs-1.0.2k-22.el7_9.i686.rpm\nopenssl-libs-1.0.2k-22.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-22.el7_9.i686.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-devel-1.0.2k-22.el7_9.i686.rpm\nopenssl-devel-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-perl-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-static-1.0.2k-22.el7_9.i686.rpm\nopenssl-static-1.0.2k-22.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.2k-22.el7_9.src.rpm\n\nx86_64:\nopenssl-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.i686.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-libs-1.0.2k-22.el7_9.i686.rpm\nopenssl-libs-1.0.2k-22.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-22.el7_9.i686.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-devel-1.0.2k-22.el7_9.i686.rpm\nopenssl-devel-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-perl-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-static-1.0.2k-22.el7_9.i686.rpm\nopenssl-static-1.0.2k-22.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.2k-22.el7_9.src.rpm\n\nppc64:\nopenssl-1.0.2k-22.el7_9.ppc64.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.ppc.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.ppc64.rpm\nopenssl-devel-1.0.2k-22.el7_9.ppc.rpm\nopenssl-devel-1.0.2k-22.el7_9.ppc64.rpm\nopenssl-libs-1.0.2k-22.el7_9.ppc.rpm\nopenssl-libs-1.0.2k-22.el7_9.ppc64.rpm\n\nppc64le:\nopenssl-1.0.2k-22.el7_9.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.ppc64le.rpm\nopenssl-devel-1.0.2k-22.el7_9.ppc64le.rpm\nopenssl-libs-1.0.2k-22.el7_9.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-22.el7_9.s390x.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.s390.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.s390x.rpm\nopenssl-devel-1.0.2k-22.el7_9.s390.rpm\nopenssl-devel-1.0.2k-22.el7_9.s390x.rpm\nopenssl-libs-1.0.2k-22.el7_9.s390.rpm\nopenssl-libs-1.0.2k-22.el7_9.s390x.rpm\n\nx86_64:\nopenssl-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.i686.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-devel-1.0.2k-22.el7_9.i686.rpm\nopenssl-devel-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-libs-1.0.2k-22.el7_9.i686.rpm\nopenssl-libs-1.0.2k-22.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.2k-22.el7_9.ppc.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.ppc64.rpm\nopenssl-perl-1.0.2k-22.el7_9.ppc64.rpm\nopenssl-static-1.0.2k-22.el7_9.ppc.rpm\nopenssl-static-1.0.2k-22.el7_9.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-22.el7_9.ppc64le.rpm\nopenssl-perl-1.0.2k-22.el7_9.ppc64le.rpm\nopenssl-static-1.0.2k-22.el7_9.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-22.el7_9.s390.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.s390x.rpm\nopenssl-perl-1.0.2k-22.el7_9.s390x.rpm\nopenssl-static-1.0.2k-22.el7_9.s390.rpm\nopenssl-static-1.0.2k-22.el7_9.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-22.el7_9.i686.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-perl-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-static-1.0.2k-22.el7_9.i686.rpm\nopenssl-static-1.0.2k-22.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.2k-22.el7_9.src.rpm\n\nx86_64:\nopenssl-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.i686.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-devel-1.0.2k-22.el7_9.i686.rpm\nopenssl-devel-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-libs-1.0.2k-22.el7_9.i686.rpm\nopenssl-libs-1.0.2k-22.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-22.el7_9.i686.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-perl-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-static-1.0.2k-22.el7_9.i686.rpm\nopenssl-static-1.0.2k-22.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-23840\nhttps://access.redhat.com/security/cve/CVE-2021-23841\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYWWqjtzjgjWX9erEAQj4lg/+IFxqmMQqLSvyz8cKUAPgss/+/wFMpRgh\nZZxYBQQ0cBFfWFlROVLaRdeiGcZYkyJCRDqy2Yb8YO1A4PnSOc+htLFYmSmU2kcm\nQLHinOzGEZo/44vN7Qsl4WhJkJIdlysCwKpkkOCUprMEnhlWMvja2eSSG9JLH16d\nRqGe4AsJQLKSKLgmhejCOqxb9am+t9zBW0zaZHP4UR52Ju1rG5rLjBJ85Gcrmp2B\nvp/GVEQ/Asid4MZA2WTx+s6wj5Dt7JOdLWrUbcYAC0I8oPWbAoZJTfPkM7S6Xv+U\n68iruVFTh74IkCbQ+SNLoYjiDAVJqtAVRVBha7Fd3/gWR6aJLLaqluLRGvd0mwXY\npohCS0ynuMQ9wtYOJ3ezSVcBN+/d9Hs/3s8RWQTzrNG6jtBe57H9/tNkeSVFSVvu\nPMKXsUoOrIUE2HCflJytDB9wkQmsWxiZoH/xVlrtD0D11egZ4EWjJL6x+xtCTAkT\nu67CAwsCKxxCeNmz42uBtXSwFXoUapJnsviGzAx247T2pyuXlYMYHlsOy7CtBvIk\njEEosCMM72UyXO4XsYTXc0jM3ze6iQTcF9irwhy+X+rTB4IXBubdUEoT0jnKlwfI\nBQvoPEBlcG+f0VU8BL+FCOosvM0ZqC7KGGOwJLoG1Vqz8rbtmhpcmNAOvzUiHdm3\nT4OjSl1NzQQ=\n=Taj2\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.12 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nContainer updates:\n\n* RHACM 2.1.12 images (BZ# 2007489)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2007489 - RHACM 2.1.12 images\n2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets\n2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request\n2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser\n2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure\n2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams\n2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack\n2011020 - CVE-2021-41099 redis: Integer overflow issue with strings\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1168 - Disable hostname verification in syslog TLS settings\nLOG-1235 - Using HTTPS without a secret does not translate into the correct \u0027scheme\u0027 value in Fluentd\nLOG-1375 - ssl_ca_cert should be optional\nLOG-1378 - CLO should support sasl_plaintext(Password over http)\nLOG-1392 - In fluentd config, flush_interval can\u0027t be set with flush_mode=immediate\nLOG-1494 - Syslog output is serializing json incorrectly\nLOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server\nLOG-1575 - Rejected by Elasticsearch and unexpected json-parsing\nLOG-1735 - Regression introducing flush_at_shutdown \nLOG-1774 - The collector logs should  be excluded in fluent.conf\nLOG-1776 - fluentd total_limit_size sets value beyond available space\nLOG-1822 - OpenShift Alerting Rules Style-Guide Compliance\nLOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled\nLOG-1862 - Unsupported kafka parameters when enabled Kafka SASL\nLOG-1903 - Fix the Display of ClusterLogging type in OLM\nLOG-1911 - CLF API changes to Opt-in to multiline error detection\nLOG-1918 - Alert `FluentdNodeDown` always firing \nLOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding\n\n6. \nRed Hat OpenShift Container Storage is highly scalable, production-grade\npersistent storage for stateful applications running in the Red Hat\nOpenShift Container Platform. In addition to persistent storage, Red Hat\nOpenShift Container Storage provides a multicloud data management service\nwith an S3 compatible API. \n\nBug Fix(es):\n\n* Previously, when the namespace store target was deleted, no alert was\nsent to the namespace bucket because of an issue in calculating the\nnamespace bucket health. With this update, the issue in calculating the\nnamespace bucket health is fixed and alerts are triggered as expected. \n(BZ#1993873)\n\n* Previously, the Multicloud Object Gateway (MCG) components performed\nslowly and there was a lot of pressure on the MCG components due to\nnon-optimized database queries. With this update the non-optimized\ndatabase queries are fixed which reduces the compute resources and time\ntaken for queries. Bugs fixed (https://bugzilla.redhat.com/):\n\n1993873 - [4.8.z clone] Alert NooBaaNamespaceBucketErrorState is not triggered when namespacestore\u0027s target bucket is deleted\n2006958 - CVE-2020-26301 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n\n5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-23841"
      },
      {
        "db": "VULHUB",
        "id": "VHN-382524"
      },
      {
        "db": "PACKETSTORM",
        "id": "162826"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "164889"
      },
      {
        "db": "PACKETSTORM",
        "id": "164890"
      },
      {
        "db": "PACKETSTORM",
        "id": "164562"
      },
      {
        "db": "PACKETSTORM",
        "id": "164489"
      },
      {
        "db": "PACKETSTORM",
        "id": "164583"
      },
      {
        "db": "PACKETSTORM",
        "id": "164967"
      },
      {
        "db": "PACKETSTORM",
        "id": "165096"
      },
      {
        "db": "PACKETSTORM",
        "id": "165002"
      }
    ],
    "trust": 1.89
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-382524",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382524"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-23841",
        "trust": 2.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-03",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-09",
        "trust": 1.1
      },
      {
        "db": "PULSESECURE",
        "id": "SA44846",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-637483",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165096",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "164583",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "164889",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165002",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162826",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "164890",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162151",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161525",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165099",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162823",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164928",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162824",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164927",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161459",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165129",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162041",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-382524",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165286",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164562",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164489",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164967",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382524"
      },
      {
        "db": "PACKETSTORM",
        "id": "162826"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "164889"
      },
      {
        "db": "PACKETSTORM",
        "id": "164890"
      },
      {
        "db": "PACKETSTORM",
        "id": "164562"
      },
      {
        "db": "PACKETSTORM",
        "id": "164489"
      },
      {
        "db": "PACKETSTORM",
        "id": "164583"
      },
      {
        "db": "PACKETSTORM",
        "id": "164967"
      },
      {
        "db": "PACKETSTORM",
        "id": "165096"
      },
      {
        "db": "PACKETSTORM",
        "id": "165002"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23841"
      }
    ]
  },
  "id": "VAR-202102-1488",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382524"
      }
    ],
    "trust": 0.30766129
  },
  "last_update_date": "2024-07-23T20:39:26.069000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-190",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382524"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23841"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44846"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht212528"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht212529"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht212534"
      },
      {
        "trust": 1.1,
        "url": "https://www.openssl.org/news/secadv/20210216.txt"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2021-03"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2021-09"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2021/dsa-4855"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2021/may/67"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2021/may/70"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2021/may/68"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/202103-03"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=122a19ab48091c657f7cb1fb3af9fc07bd557bbf"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807"
      },
      {
        "trust": 1.0,
        "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/cve/cve-2021-23841"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/cve/cve-2021-23840"
      },
      {
        "trust": 0.9,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.9,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-3200"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-27645"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-33574"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-13435"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-5827"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-24370"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-13751"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-19603"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-35942"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-17594"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-3572"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-12762"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-36086"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-3778"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-22898"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-16135"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-36084"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-3800"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-36087"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-3445"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-22925"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-20232"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-20266"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-20838"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-22876"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-20231"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-14155"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-36085"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-33560"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-17595"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-28153"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-13750"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-3426"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-18218"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-3580"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-3796"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-20673"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-42574"
      },
      {
        "trust": 0.3,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-25013"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35522"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35524"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14145"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-25014"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-25012"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35521"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-17541"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36331"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-31535"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36330"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36332"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3481"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-25009"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-25010"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35523"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-36222"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-32626"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-32687"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22543"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-37750"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32626"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41099"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32675"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3656"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-22543"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37750"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-22922"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-22924"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-32675"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-4658"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-41099"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3653"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32627"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32687"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37576"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32628"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32672"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36222"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-32627"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-32672"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-22923"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-32628"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-37576"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
      },
      {
        "trust": 0.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf"
      },
      {
        "trust": 0.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36228"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30684"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30671"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30669"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30685"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36225"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30676"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36226"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36229"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36223"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30679"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30673"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30678"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30677"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36230"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30681"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30680"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36227"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30683"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212529."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30668"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43527"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-37136"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44228"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3712"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5128"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-37137"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21409"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:4424"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:4198"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21670"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21670"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25741"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23017"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25648"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21671"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3925"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32690"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21671"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-32690"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23017"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25741"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3798"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3949"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23133"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3573"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26141"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27777"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26147"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14615"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36386"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29650"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24587"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26144"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29155"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33033"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20197"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3487"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0427"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36312"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-31829"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-31440"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26145"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3564"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10001"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35448"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3489"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24503"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28971"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26146"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26139"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3679"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24588"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36158"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24504"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33194"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3348"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24503"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20284"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29646"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14615"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24502"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-0129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3635"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26143"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29368"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20194"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3659"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33200"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29660"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26140"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3600"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24586"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20239"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24502"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3732"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28950"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:4627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-31916"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:4845"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20095"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28493"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-42771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26301"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26301"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28957"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8037"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8037"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28493"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23369"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23369"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:4032"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382524"
      },
      {
        "db": "PACKETSTORM",
        "id": "162826"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "164889"
      },
      {
        "db": "PACKETSTORM",
        "id": "164890"
      },
      {
        "db": "PACKETSTORM",
        "id": "164562"
      },
      {
        "db": "PACKETSTORM",
        "id": "164489"
      },
      {
        "db": "PACKETSTORM",
        "id": "164583"
      },
      {
        "db": "PACKETSTORM",
        "id": "164967"
      },
      {
        "db": "PACKETSTORM",
        "id": "165096"
      },
      {
        "db": "PACKETSTORM",
        "id": "165002"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23841"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-382524"
      },
      {
        "db": "PACKETSTORM",
        "id": "162826"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "164889"
      },
      {
        "db": "PACKETSTORM",
        "id": "164890"
      },
      {
        "db": "PACKETSTORM",
        "id": "164562"
      },
      {
        "db": "PACKETSTORM",
        "id": "164489"
      },
      {
        "db": "PACKETSTORM",
        "id": "164583"
      },
      {
        "db": "PACKETSTORM",
        "id": "164967"
      },
      {
        "db": "PACKETSTORM",
        "id": "165096"
      },
      {
        "db": "PACKETSTORM",
        "id": "165002"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23841"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-382524"
      },
      {
        "date": "2021-05-26T17:50:31",
        "db": "PACKETSTORM",
        "id": "162826"
      },
      {
        "date": "2021-12-15T15:20:33",
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "date": "2021-11-10T17:13:10",
        "db": "PACKETSTORM",
        "id": "164889"
      },
      {
        "date": "2021-11-10T17:13:18",
        "db": "PACKETSTORM",
        "id": "164890"
      },
      {
        "date": "2021-10-20T15:45:47",
        "db": "PACKETSTORM",
        "id": "164562"
      },
      {
        "date": "2021-10-13T14:47:32",
        "db": "PACKETSTORM",
        "id": "164489"
      },
      {
        "date": "2021-10-21T15:31:47",
        "db": "PACKETSTORM",
        "id": "164583"
      },
      {
        "date": "2021-11-15T17:25:56",
        "db": "PACKETSTORM",
        "id": "164967"
      },
      {
        "date": "2021-11-29T18:12:32",
        "db": "PACKETSTORM",
        "id": "165096"
      },
      {
        "date": "2021-11-17T15:25:40",
        "db": "PACKETSTORM",
        "id": "165002"
      },
      {
        "date": "2021-02-16T17:15:13.377000",
        "db": "NVD",
        "id": "CVE-2021-23841"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-382524"
      },
      {
        "date": "2024-06-21T19:15:17.377000",
        "db": "NVD",
        "id": "CVE-2021-23841"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Security Advisory 2021-05-25-2",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162826"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "overflow",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "164889"
      },
      {
        "db": "PACKETSTORM",
        "id": "164890"
      },
      {
        "db": "PACKETSTORM",
        "id": "164562"
      },
      {
        "db": "PACKETSTORM",
        "id": "164489"
      },
      {
        "db": "PACKETSTORM",
        "id": "164583"
      }
    ],
    "trust": 0.5
  }
}

var-200609-1118
Vulnerability from variot

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. BIND uses RSA cryptography as part of its DNSSEC implementation. As a result, to resolve the security issue, these packages need to be upgraded and for both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to be generated using the "-e" option of dnssec-keygen, if the current keys were generated using the default exponent of 3.

You are able to determine if your keys are vulnerable by looking at the algorithm (1 or 5) and the first three characters of the Base64 encoded RSA key. RSAMD5 (1) and RSASHA1 (5) keys that start with "AQM", "AQN", "AQO", or "AQP" are vulnerable.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445

Updated Packages:

Mandriva Linux 2006.0: 1035f92172986ed63ca035de0603a0fd 2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm 4f5949d85f13c68220f4f5f030f63849 2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm f201e05548b673268038e95225451085 2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm 4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 83b6c31bef9e4df229e2fe5cf8c3aa2a 2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm fb03e9a493645041816c206267a052f4 2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm f54babadfba3ec593563724208df1eaa 2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm 4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm

Mandriva Linux 2007.0: 6c282a7b5c3cfec534e2557926005bbf 2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm 03390448f140777d62cdd76e50361526 2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm 7546dc98ff5e8061636a3a75d6b318fb 2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm 8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: c190d522505a16aa97891f525e0034a4 2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm 594cacdac86db81b0c62a7380c6a3a2d 2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm e827e65717615868896e43bcb4856f2d 2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm 8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm

Corporate 3.0: fa096b2fac1840797e382ba61728d47e corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm 0f1e56f1f3a2689443c04b52d8ce5545 corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm 99bf1f4127e97b8941b597aa5e19aa0a corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm 2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm

Corporate 3.0/X86_64: e74bea44aee406d11c87227584790c26 corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm b108edf227b55f3af3ab55b48c23a62a corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm ba548cbba992f479ad40ecf0808f36cb corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm 2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm

Corporate 4.0: 8bfc97510d4f07568d64c9b9872b4bba corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm dda709703f8bf05f1ff59ae6132a81a7 corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm daf59d23abaaaf62c990d2fa1155688c corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 3d1bbe1e7d4f2de6e546996e181a16b0 corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm c1b8467d62623ef5daf35a696ab2389e corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm 83cf57110f107c450aaac5931ee52ecb corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0: abd228e7f0b762ae8c11c8ecd90200c2 mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm dd7b0785e31880a09d10957695c0552d mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm 0a2052e5f263b8b8d94111a581928c57 mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm eff2c78779b4285783ffea14e6e33c31 mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFWlnDmqjQ0CJFipgRAvl+AKCd5q51CkdHf1UnUJ4imb9Fzl5mZQCfaW5Z 6faoicEmIFqGW4QuEVIhCbU= =bI0u -----END PGP SIGNATURE-----

. OpenSSL Security Advisory [5th September 2006]

RSA Signature Forgery (CVE-2006-4339)

Vulnerability

Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Implementations may incorrectly verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature.

Since there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is used in X.509 certificates, all software that uses OpenSSL to verify X.509 certificates is potentially vulnerable, as well as any other use of PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or TLS.

Recommendations

There are multiple ways to avoid this vulnerability. Any one of the following measures is sufficient. Upgrade the OpenSSL server software. 

The vulnerability is resolved in the following versions of OpenSSL:

 - in the 0.9.7 branch, version 0.9.7k (or later);
 - in the 0.9.8 branch, version 0.9.8c (or later).

OpenSSL 0.9.8c and OpenSSL 0.9.7k are available for download via
HTTP and FTP from the following master locations (you can find the
various FTP mirrors under http://www.openssl.org/source/mirror.html):

    o http://www.openssl.org/source/
    o ftp://ftp.openssl.org/source/

The distribution file names are:

    o openssl-0.9.8c.tar.gz
      MD5 checksum: 78454bec556bcb4c45129428a766c886
      SHA1 checksum: d0798e5c7c4509d96224136198fa44f7f90e001d

    o openssl-0.9.7k.tar.gz
      MD5 checksum: be6bba1d67b26eabb48cf1774925416f
      SHA1 checksum: 90056b8f5e518edc9f74f66784fbdcfd9b784dd2

The checksums were calculated using the following commands:

    openssl md5 openssl-0.9*.tar.gz
    openssl sha1 openssl-0.9*.tar.gz
  1. If this version upgrade is not an option at the present time, alternatively the following patch may be applied to the OpenSSL source code to resolve the problem. The patch is compatible with the 0.9.6, 0.9.7, 0.9.8, and 0.9.9 branches of OpenSSL. 
    o http://www.openssl.org/news/patch-CVE-2006-4339.txt

Whether you choose to upgrade to a new version or to apply the patch, make sure to recompile any applications statically linked to OpenSSL libraries.

Acknowledgements

The OpenSSL team thank Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie, of Google Security, who successfully forged various certificates, showing OpenSSL was vulnerable, and provided the patch to fix the problems.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html

URL for this Security Advisory: http://www.openssl.org/news/secadv_20060905.txt

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1118",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "jre 011",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 011",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 010",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 010",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 013",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 014",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": "sdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 15",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 015",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jdk 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jdk 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "jre 1.4.2 12",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "sdk 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre .0 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "sdk 07",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk b 005",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "sdk 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk .0 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk .0 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk .0 4",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk 008",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2"
      },
      {
        "model": "sdk 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre .0 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 015",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "sdk 012",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 014",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 009",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": "jre 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jdk 003",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk .0 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "sdk 13",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre .0 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jdk 006",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk 05",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk .0 03",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sybase",
        "version": "3.1"
      },
      {
        "model": "jdk 06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre b 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jdk 002",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 008",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 004",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 009",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "jdk 004",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "sdk 013",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk b 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "jre 012",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 009",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.5"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.1"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.9"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "java system web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.10"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.5"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "5.2.2"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ffi global fix lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "java web proxy server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.6"
      },
      {
        "model": "2-stable-20061018",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "jre b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "4,0 beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "jre .0 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "software opera web browser 1win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "jdk 09",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "7.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "6.2.3"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.51"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "sdk 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "java web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "thunderbird",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.5"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "jdk 1.5.0.0 06",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "one application server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "java system web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "sdk 04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.6"
      },
      {
        "model": "thunderbird",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.7"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "java system web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "solonde etl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.6"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "jsse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.2"
      },
      {
        "model": "one web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.54"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "one web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.51"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "one web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.1"
      },
      {
        "model": "java system web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "www-client/opera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gentoo",
        "version": "9.0.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.3"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.10"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.12"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.4"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "sdk 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.02"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-release-p32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.1.1"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5.1"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "jre 01a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "reflection ftp client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "12.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "ffi global fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.1"
      },
      {
        "model": "jsse 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "java system web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "java system application server 2004q2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "java web proxy server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "jre 009",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.52"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "jre b 005",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "jsse 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "jre 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "international cryptographic infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.7.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.54"
      },
      {
        "model": "software opera web browser beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "83"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.53"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.21"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "java system web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "data auditing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.5.3"
      },
      {
        "model": "openoffice",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.2"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "-release-p42",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "java system application server 2004q2 r1standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "seamonkey",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.5"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.0"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "data direct odbc/ole-db drivers for ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "java system web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "communications security tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "global fix lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.3"
      },
      {
        "model": "software opera web browser win32 beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.01"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.7"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.22"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.4"
      },
      {
        "model": "virtualvault a.04.50",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "jdk 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "integrated management",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "jre 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "one web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.2.1"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.1"
      },
      {
        "model": "jdk 1.5.0.0 04",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "java system web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.5"
      },
      {
        "model": "tomboy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "one application server platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "x0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "ecda",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.6"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.2"
      },
      {
        "model": "software opera web browser j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "solaris 8 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.1"
      },
      {
        "model": "one web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.50"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.06"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "ecda",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "sdk 05a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "java web proxy server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "software opera web browser beta build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.2012981"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "9"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.2"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "sdk 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.53"
      },
      {
        "model": "reflection sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.1"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "current pre20010701",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "jdk b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "-release-p38",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.13"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "corp banking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "java system application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "tomboy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.9"
      },
      {
        "model": "one web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.10"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.5"
      },
      {
        "model": "java system application server 2004q2 r1enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "jdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "seamonkey",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.3"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.1"
      },
      {
        "model": "-release-p17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "9.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0.4"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser .6win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "data integration suite di",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.0"
      },
      {
        "model": "linux enterprise sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.14"
      },
      {
        "model": "java web proxy server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "java system application server platform edition q1 ur1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "data auditing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.5.2"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.1"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.4"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.2"
      },
      {
        "model": "stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "java system web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "sdk 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "4.10-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "java enterprise system 2005q1",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "reflection sftp client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "solaris 8 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "java system application server platform edition q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "iq extended enterpirse edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.7"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "jdk 13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "java system application server standard 2004q2 r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "sdk 07a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "interactive response",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.1"
      },
      {
        "model": "software opera web browser mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.1"
      },
      {
        "model": "java system application server enterprise edition 2005q1rhel2.1/rhel3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "international cryptographic infostructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.6.1"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.8"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "software opera web browser b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "project openssl k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "java system application server standard 2004q2 r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "9.01"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "java system application server 2004q2 r2 enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java system web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "current august",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "232006"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "jre 05a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "sdk 007",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "one web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.2"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.3"
      },
      {
        "model": "jdk 15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "cvlan",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "jre 099",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "java system application server 2004q2 r3 enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java enterprise system 2003q4",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "java system application server 2004q2 r3 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "jre beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.10"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "java system application server 2004q2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20090"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "3.1 rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "e-biz impact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.5"
      },
      {
        "model": "ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "11.5"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.02"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "java system application server enterprise 2004q2 r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "-release-p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "8.0"
      },
      {
        "model": "one web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "jre 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "jre 13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "10.5"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "jdk 12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "mach desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "jdk 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "advanced linux environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "secure global desktop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.0.2"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.4"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "one web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "7.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "java system application server standard platform q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.52"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3)4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "webproxy a.02.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.2"
      },
      {
        "model": "java system application server enterprise 2004q2 r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "java system web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "java system web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "one web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "project openssl c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bpi for healthcare",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2"
      },
      {
        "model": "jdk 099",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 006",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "10.2.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.13"
      },
      {
        "model": "webproxy a.02.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "virtualvault a.04.70",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "11.0"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "e-biz impact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.4.5"
      },
      {
        "model": "java system application server enterprise edition q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "jdk 1.5.0.0 03",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.3-1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "jdk 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "ffi uofx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.50"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.0"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "java web proxy server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "reflection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0.5"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "seamonkey",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.6"
      },
      {
        "model": "ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5.2"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.4"
      },
      {
        "model": "jsse 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "one web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "e1.0-solid",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.2"
      },
      {
        "model": "-release/alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "ffi bptw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "java web proxy server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "java system application server 2004q2 r2 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.2"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "virtualvault a.04.60",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.3"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "10.0"
      },
      {
        "model": "java enterprise system 2005q4",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "hat fedora core5",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "one web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "sdk 01a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "solaris 9 x86 update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0.x"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "network security services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.11.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "jre 004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.23"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "8.1"
      },
      {
        "model": "legion of the bouncy castle java cryptography api",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "the",
        "version": "1.37"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "-stablepre2002-03-07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.0"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.2"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1"
      },
      {
        "model": "thunderbird",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.8"
      },
      {
        "model": "ffi cons banking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "java enterprise system 2004q2",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "securefx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "van dyke",
        "version": "4.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "java system web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.5"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "software opera web browser 3win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "java web proxy server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.0"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "jre 09",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "software opera web browser 2win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.01"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.8"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.7"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "bpi for healthcare",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2.1"
      },
      {
        "model": "java web proxy server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "sdk .0 05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.20"
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "java system web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.14"
      },
      {
        "model": "sdk .0 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.12"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3"
      },
      {
        "model": "jre .0 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.3.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "mfolio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.2.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.11"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "jdk 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "software opera web browser win32 beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.02"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.6"
      },
      {
        "model": "firefox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.8"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.11"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "jsse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "current pre20010805",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "java web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.0"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "legion of the bouncy castle java cryptography api",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "the",
        "version": "1.38"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "java system web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "java web proxy server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "solaris update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "95"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "solonde etl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "vshell",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "van dyke",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "interactive response",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.3"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Daniel Bleichenbacher reported this issue to the vendor.",
    "sources": [
      {
        "db": "BID",
        "id": "19849"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-4339",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4339",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#594904",
            "trust": 0.8,
            "value": "0.63"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. \nAn attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. \nAll versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available.  BIND uses RSA\n cryptography as part of its DNSSEC implementation.  As a result, to\n resolve the security issue, these packages need to be upgraded and for\n both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to\n be generated using the \"-e\" option of dnssec-keygen, if the current\n keys were generated using the default exponent of 3. \n\n You are able to determine if your keys are vulnerable by looking at the\n algorithm (1 or 5) and the first three characters of the Base64 encoded\n RSA key.  RSAMD5 (1) and RSASHA1 (5) keys that start with \"AQM\", \"AQN\",\n \"AQO\", or \"AQP\" are vulnerable. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 1035f92172986ed63ca035de0603a0fd  2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm\n 4f5949d85f13c68220f4f5f030f63849  2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm\n f201e05548b673268038e95225451085  2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm \n 4f57cbdc960171c439223f5c20952460  2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 83b6c31bef9e4df229e2fe5cf8c3aa2a  2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm\n fb03e9a493645041816c206267a052f4  2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm\n f54babadfba3ec593563724208df1eaa  2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm \n 4f57cbdc960171c439223f5c20952460  2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 6c282a7b5c3cfec534e2557926005bbf  2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm\n 03390448f140777d62cdd76e50361526  2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm\n 7546dc98ff5e8061636a3a75d6b318fb  2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm \n 8be8a7d591971e760d1251bd75f97a6c  2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n c190d522505a16aa97891f525e0034a4  2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm\n 594cacdac86db81b0c62a7380c6a3a2d  2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm\n e827e65717615868896e43bcb4856f2d  2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm \n 8be8a7d591971e760d1251bd75f97a6c  2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n fa096b2fac1840797e382ba61728d47e  corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm\n 0f1e56f1f3a2689443c04b52d8ce5545  corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm\n 99bf1f4127e97b8941b597aa5e19aa0a  corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm \n 2b49bd9c7edf8bd81b297260b54de32d  corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n e74bea44aee406d11c87227584790c26  corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm\n b108edf227b55f3af3ab55b48c23a62a  corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm\n ba548cbba992f479ad40ecf0808f36cb  corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm \n 2b49bd9c7edf8bd81b297260b54de32d  corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm\n\n Corporate 4.0:\n 8bfc97510d4f07568d64c9b9872b4bba  corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm\n dda709703f8bf05f1ff59ae6132a81a7  corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm\n daf59d23abaaaf62c990d2fa1155688c  corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm \n ccfd1d4d79b168ab5f7998e51c305a26  corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 3d1bbe1e7d4f2de6e546996e181a16b0  corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm\n c1b8467d62623ef5daf35a696ab2389e  corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm\n 83cf57110f107c450aaac5931ee52ecb  corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm \n ccfd1d4d79b168ab5f7998e51c305a26  corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n abd228e7f0b762ae8c11c8ecd90200c2  mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm\n dd7b0785e31880a09d10957695c0552d  mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm\n 0a2052e5f263b8b8d94111a581928c57  mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm \n eff2c78779b4285783ffea14e6e33c31  mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFWlnDmqjQ0CJFipgRAvl+AKCd5q51CkdHf1UnUJ4imb9Fzl5mZQCfaW5Z\n6faoicEmIFqGW4QuEVIhCbU=\n=bI0u\n-----END PGP SIGNATURE-----\n\n. OpenSSL Security Advisory [5th September 2006]\n\nRSA Signature Forgery (CVE-2006-4339)\n=====================================\n\nVulnerability\n-------------\n\nDaniel Bleichenbacher recently described an attack on PKCS #1 v1.5\nsignatures. Implementations\nmay incorrectly verify the certificate if they are not checking for\nexcess data in the RSA exponentiation result of the signature. \n\nSince there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is\nused in X.509 certificates, all software that uses OpenSSL to verify\nX.509 certificates is potentially vulnerable, as well as any other use\nof PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or\nTLS. \n\nRecommendations\n---------------\n\nThere are multiple ways to avoid this vulnerability.  Any one of the\nfollowing measures is sufficient.  Upgrade the OpenSSL server software. \n\n    The vulnerability is resolved in the following versions of OpenSSL:\n\n     - in the 0.9.7 branch, version 0.9.7k (or later);\n     - in the 0.9.8 branch, version 0.9.8c (or later). \n\n    OpenSSL 0.9.8c and OpenSSL 0.9.7k are available for download via\n    HTTP and FTP from the following master locations (you can find the\n    various FTP mirrors under http://www.openssl.org/source/mirror.html):\n\n        o http://www.openssl.org/source/\n        o ftp://ftp.openssl.org/source/\n\n    The distribution file names are:\n\n        o openssl-0.9.8c.tar.gz\n          MD5 checksum: 78454bec556bcb4c45129428a766c886\n          SHA1 checksum: d0798e5c7c4509d96224136198fa44f7f90e001d\n\n        o openssl-0.9.7k.tar.gz\n          MD5 checksum: be6bba1d67b26eabb48cf1774925416f\n          SHA1 checksum: 90056b8f5e518edc9f74f66784fbdcfd9b784dd2\n    \n    The checksums were calculated using the following commands:\n\n        openssl md5 openssl-0.9*.tar.gz\n        openssl sha1 openssl-0.9*.tar.gz\n\n2.  If this version upgrade is not an option at the present time,\n    alternatively the following patch may be applied to the OpenSSL\n    source code to resolve the problem.  The patch is compatible with\n    the 0.9.6, 0.9.7, 0.9.8, and 0.9.9 branches of OpenSSL. \n\n        o http://www.openssl.org/news/patch-CVE-2006-4339.txt\n\nWhether you choose to upgrade to a new version or to apply the patch,\nmake sure to recompile any applications statically linked to OpenSSL\nlibraries. \n\n \nAcknowledgements\n----------------\n\nThe OpenSSL team thank Philip Mackenzie, Marius Schilder, Jason Waddle\nand Ben Laurie, of Google Security, who successfully forged various\ncertificates, showing OpenSSL was vulnerable, and provided the patch\nto fix the problems. \n\n\nReferences\n----------\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://www.imc.org/ietf-openpgp/mail-archive/msg14307.html\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20060905.txt\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "52186"
      },
      {
        "db": "PACKETSTORM",
        "id": "49749"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      }
    ],
    "trust": 3.6
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 1.8
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339",
        "trust": 1.6
      },
      {
        "db": "BID",
        "id": "19849",
        "trust": 1.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "25399",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22936",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23841",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21785",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22325",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21870",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22044",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22934",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22689",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22036",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22509",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21927",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22939",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "28115",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22446",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22733",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22938",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21852",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22932",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21873",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22711",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22066",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "60799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "38567",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22937",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "41818",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21930",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "38568",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21776",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22523",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25649",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21982",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21767",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21906",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22232",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22513",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21846",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22949",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21823",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22161",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22940",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26893",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22226",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21778",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23455",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22948",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21812",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22585",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22545",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24099",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-4224",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4366",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3793",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4586",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4216",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-5146",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3899",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4205",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3730",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4206",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1945",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4744",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0366",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0254",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3453",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4207",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3748",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3566",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1815",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2163",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1016791",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000079",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "28549",
        "trust": 1.0
      },
      {
        "db": "JVN",
        "id": "JVN51615542",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1017143",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22646",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "52186",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "49749",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "52186"
      },
      {
        "db": "PACKETSTORM",
        "id": "49749"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "id": "VAR-200609-1118",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.32525984999999996
  },
  "last_update_date": "2024-02-20T00:26:20.655000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.2,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 1.4,
        "url": "http://www.openssl.org/news/secadv_20060905.txt"
      },
      {
        "trust": 1.4,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.3,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=3117"
      },
      {
        "trust": 1.3,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-188.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://support.attachmate.com/techdocs/2137.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.openoffice.org/security/cves/cve-2006-4339.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.bluecoat.com/support/knowledge/openssl_rsa_signature_forgery.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/845620"
      },
      {
        "trust": 1.3,
        "url": "http://docs.info.apple.com/article.html?artnum=307177"
      },
      {
        "trust": 1.3,
        "url": "https://secure-support.novell.com/kanisaplatform/publishing/41/3143224_f.sal_public.html"
      },
      {
        "trust": 1.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1"
      },
      {
        "trust": 1.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "trust": 1.3,
        "url": "http://www.sybase.com/detail?id=1047991"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://dev2dev.bea.com/pub/advisory/238"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c01070495"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://jvn.jp/en/jp/jvn51615542/index.html"
      },
      {
        "trust": 1.0,
        "url": "http://jvndb.jvn.jp/ja/contents/2012/jvndb-2012-000079.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2007/dec/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21709"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21767"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21776"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21778"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21785"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21812"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21823"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21846"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21852"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21870"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21873"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21906"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21927"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21982"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22036"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22044"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22066"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22161"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22226"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22232"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22325"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22446"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22509"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22513"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22523"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22545"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22585"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22689"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22711"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22733"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22932"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22934"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22936"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22937"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22938"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22939"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22940"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22948"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22949"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23455"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23841"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24099"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25399"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25649"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26893"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/28115"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/38567"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/38568"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/41818"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/60799"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:19.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200609-05.xml"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200609-18.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016791"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.566955"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.605306"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2127.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2128.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/40ak-2006-04-fr-1.1_ssl360_openssl_rsa.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1174"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:161"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:207"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_61_opera.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openbsd.org/errata.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.com/security/advisories/openpkg-sa-2006.018.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.029-bind.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.opera.com/support/search/supsearch.dml?index=845"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/28549"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0661.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0062.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0072.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0073.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/445231/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/445822/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/450327/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/19849"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-339-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.us.debian.org/security/2006/dsa-1173"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3453"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3566"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3730"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3748"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3793"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3899"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4205"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4206"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4207"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4216"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4366"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4586"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4744"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/5146"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0254"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1815"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1945"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2163"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/4224"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2010/0366"
      },
      {
        "trust": 1.0,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00771742"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28755"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-1633"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-616"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11656"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.sun.com/software/products/appsrvr/index.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.sun.com/download/products.xml?id=438cfb75"
      },
      {
        "trust": 0.8,
        "url": "http://www.sun.com/download/products.xml?id=43a84f89"
      },
      {
        "trust": 0.8,
        "url": "http://www.mozilla.org/projects/security/pki/nss/"
      },
      {
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102670-1 "
      },
      {
        "trust": 0.8,
        "url": "http://en.wikipedia.org/wiki/ssl"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/4299 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1017143 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22646 "
      },
      {
        "trust": 0.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-196.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-224.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-246.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.cdc.informatik.tu-darmstadt.de/securebrowser/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
      },
      {
        "trust": 0.3,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2006-023.txt.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-451.php"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0735.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0661.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0675.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0676.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0677.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0733.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0734.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/44ak-2006-04-en-1.1_ssl360_openssl_rsa.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www1.vandyke.com/support/advisory/2007/01/845620.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.slackware.com/security/list.php?l=slackware-security\u0026y=2006"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "/archive/1/446038"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2007-091.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-250.htm"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?admit=-1335382922+1174502331230+28353475\u0026docid=c00774579"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-january/051708.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2007-0062.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2007-0072.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/594904"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/news/patch-cve-2006-4339.txt"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/source/mirror.html):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "52186"
      },
      {
        "db": "PACKETSTORM",
        "id": "49749"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "52186"
      },
      {
        "db": "PACKETSTORM",
        "id": "49749"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "date": "2006-09-05T00:00:00",
        "db": "BID",
        "id": "19849"
      },
      {
        "date": "2006-11-16T16:32:32",
        "db": "PACKETSTORM",
        "id": "52186"
      },
      {
        "date": "2006-09-07T08:41:36",
        "db": "PACKETSTORM",
        "id": "49749"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2006-09-05T17:04:00",
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "date": "2015-03-19T08:19:00",
        "db": "BID",
        "id": "19849"
      },
      {
        "date": "2018-10-17T21:35:10.617000",
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "19849"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "19849"
      }
    ],
    "trust": 0.3
  }
}

var-200609-1247
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDKSA-2006:172-1 http://www.mandriva.com/security/

Package : openssl Date : October 2, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0

Problem Description:

Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).

Update:

There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

BACKGROUND

RESOLUTION

HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

PRODUCT SPECIFIC INFORMATION

The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)

files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1247",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.2.6-p1"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.3.2-p1"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-2937",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                       MDKSA-2006:172-1\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : openssl\n Date    : October 2, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n Dr S N Henson of the OpenSSL core team and Open Network Security\n recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      }
    ],
    "trust": 5.67
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 3.7
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200609-1247",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-06-02T21:48:58.560000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "BIND 9: OpenSSL Vulnerabilities",
        "trust": 0.8,
        "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "title": "102759",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.5,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 1.2,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.4,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.4,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.2,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
      },
      {
        "trust": 0.1,
        "url": "http://h30097.www3.hp.com/cma/patches.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2006-10-04T00:47:19",
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2007-04-19T00:58:08",
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  }
}

var-201711-0923
Vulnerability from variot

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. Description:

This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.

This release upgrades OpenSSL to version 1.0.2.n

Security Fix(es):

  • openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)

  • openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)

  • openssl: certificate message OOB reads (CVE-2016-6306)

  • openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)

  • openssl: Truncated packet could crash via OOB read (CVE-2017-3731)

  • openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)

  • openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)

  • openssl: Read/write after SSL object in error state (CVE-2017-3737)

  • openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 and CVE-2016-7055. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1393929 - CVE-2016-7055 openssl: Carry propagating bug in Montgomery multiplication 1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1523504 - CVE-2017-3737 openssl: Read/write after SSL object in error state 1523510 - CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64

  1. JIRA issues fixed (https://issues.jboss.org/):

JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7

  1. ========================================================================== Ubuntu Security Notice USN-3475-1 November 06, 2017

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-3736)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10: libssl1.0.0 1.0.2g-1ubuntu13.2

Ubuntu 17.04: libssl1.0.0 1.0.2g-1ubuntu11.3

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.9

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.23

After a standard system update you need to reboot your computer to make all the necessary changes.

Gentoo Linux Security Advisory GLSA 201712-03

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 14, 2017 Bugs: #629290, #636264, #640172 ID: 201712-03

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition.

Background

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2n >= 1.0.2n

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details.

Impact

A remote attacker could cause a Denial of Service condition, recover a private key in unlikely circumstances, circumvent security restrictions to perform unauthorized actions, or gain access to sensitive information.

Workaround

There are no known workarounds at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2n"

References

[ 1 ] CVE-2017-3735 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3735 [ 2 ] CVE-2017-3736 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3736 [ 3 ] CVE-2017-3737 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3737 [ 4 ] CVE-2017-3738 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3738

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201712-03

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

--IrEhWFjxIJsFtqH1v1HHQsLm3nLmhNeP4--

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: java-1.8.0-ibm security update Advisory ID: RHSA-2018:2575-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2018:2575 Issue date: 2018-08-28 CVE Names: CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-12539 ==================================================================== 1. Summary:

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

  1. Description:

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR5-FP20.

Security Fix(es):

  • IBM JDK: privilege escalation via insufficiently restricted access to Attach API (CVE-2018-12539)

  • openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)

  • openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)

  • IBM JDK: DoS in the java.math component (CVE-2018-1517)

  • IBM JDK: path traversal flaw in the Diagnostic Tooling Framework (CVE-2018-1656)

  • Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940)

  • OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952)

  • Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973)

  • OpenSSL: Double-free in DSA code (CVE-2016-0705)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) 1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) 1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) 1618767 - CVE-2018-12539 IBM JDK: privilege escalation via insufficiently restricted access to Attach API 1618869 - CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework 1618871 - CVE-2018-1517 IBM JDK: DoS in the java.math component

  1. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm

x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm

ppc64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.ppc64.rpm

s390x: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.s390x.rpm

x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm

x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-0705 https://access.redhat.com/security/cve/CVE-2017-3732 https://access.redhat.com/security/cve/CVE-2017-3736 https://access.redhat.com/security/cve/CVE-2018-1517 https://access.redhat.com/security/cve/CVE-2018-1656 https://access.redhat.com/security/cve/CVE-2018-2940 https://access.redhat.com/security/cve/CVE-2018-2952 https://access.redhat.com/security/cve/CVE-2018-2973 https://access.redhat.com/security/cve/CVE-2018-12539 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBW4WgLdzjgjWX9erEAQixyw//d2pemlb2TNR2kW3WlrxY0KBjUBM+PS4i bQ8+SoNsct2XtVFq0oOfwAmYMn++pAY37yvvhUdefe5sAcUldDcJtLIgXbtISSXe V5EdrLvQbv/rSxikOfccFzNI8GwJTgGiLpq8n9exHcSsY5cZevzukgRr6b+yQbnj mcYEC3TB/CnulDac/Pt0VsS9AoFhwuX958/+EQdpMq1yOGqog6eM8U6x2btA4YSi mcVD2hom6GuYMKq0oWDPWPry5hJePvbPM6GZw8pYdRvA1eKjp24M3mkWkkIEFw6U aZCW6YXJuwMMJ4IYbF1Aofm3ab+R1VZXmPvzMHXRhVcRyZLvBzo1fZaw7ISX1ibV FimDRrXLIJDudoS80DMVmbgQTL37U6pGAe6gV2JLtvtEZl02Sxq5PeRfuMME4qeP rT+xyz0zjyIqTpxhAzAQJ28ZCrWDvRycCT5ZLwaPfxZ0+4cY1l58TMfYpdwIKJSC M8HQccrNxQ8S/kSKexIT18mSQcMwOhDza6gV4hSiOQgI/xHW3sic78a7/74JnSBT DgZuicAq73IWdYu67B04UzsZNsySSW6vs3BeYdfN5BnmK40NxrH5d5LMRV4xKmN+ HlkzX1CrDCBl9PtbQF0xpUGluvXCg1u2kzGHj4Dv7JP64bV1wXmLm5kwrPL/QZhv 8IL8kIZinC8=eoiE -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . OpenSSL Security Advisory [07 Dec 2017] ========================================

Read/write after SSL object in error state (CVE-2017-3737)

Severity: Moderate

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer.

In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error.

This issue does not affect OpenSSL 1.1.0.

OpenSSL 1.0.2 users should upgrade to 1.0.2n

This issue was reported to OpenSSL on 10th November 2017 by David Benjamin (Google). The fix was proposed by David Benjamin and implemented by Matt Caswell of the OpenSSL development team.

rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

Severity: Low

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli.

Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193.

Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.

OpenSSL 1.0.2 users should upgrade to 1.0.2n

This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin (Google). The issue was originally found via the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team.

Note

Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20171207.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . OpenSSL Security Advisory [27 Mar 2018] ========================================

Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)

Severity: Moderate

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.

Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)

Severity: Moderate

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0923",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2m"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0g"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "compute systems manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "infrastructure analytics advisor",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/performance management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- web console"
      },
      {
        "model": "jp1/automatic job management system 3",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- web console (windows"
      },
      {
        "model": "automation director",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "( domestic version )"
      },
      {
        "model": "global link manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/automatic job management system 3",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "linux)"
      },
      {
        "model": "jp1/automatic operation",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "device manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/it desktop management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "2 - smart device manager"
      },
      {
        "model": "configuration manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "ucosminexus service platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "tuning manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/operations analytics",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/snmp system observer",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "-r"
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "tiered storage manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "automation director",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "( overseas edition )"
      },
      {
        "model": "replication manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.1.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.2k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.1.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.1.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.1.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.1.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.2l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.1.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.2j"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.2m",
                "versionStartIncluding": "1.0.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.0g",
                "versionStartIncluding": "1.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OSS-Fuzz",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2017-3736",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-3736",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-3736",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-3736",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201711-066",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-3736",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. Description:\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release. \n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es):\n\n*  openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n(CVE-2016-2182)\n\n*  openssl: Insufficient TLS session ticket HMAC length checks\n(CVE-2016-6302)\n\n*  openssl: certificate message OOB reads (CVE-2016-6306)\n\n*  openssl: Carry propagating bug in Montgomery multiplication\n(CVE-2016-7055)\n\n*  openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n*  openssl: BN_mod_exp may produce incorrect results on x86_64\n(CVE-2017-3732)\n\n*  openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n*  openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n*  openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306\nand CVE-2016-7055. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1393929 - CVE-2016-7055 openssl: Carry propagating bug in Montgomery multiplication\n1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read\n1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64\n1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64\n1523504 - CVE-2017-3737 openssl: Read/write after SSL object in error state\n1523510 - CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-373 - Errata for httpd 2.4.29 GA RHEL 7\n\n7. ==========================================================================\nUbuntu Security Notice USN-3475-1\nNovember 06, 2017\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.10\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nIt was discovered that OpenSSL incorrectly parsed the IPAddressFamily\nextension in X.509 certificates, resulting in an erroneous display of the\ncertificate in text format. While unlikely, a remote attacker could possibly use\nthis issue to recover private keys. This issue only applied to Ubuntu 16.04\nLTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-3736)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.10:\n  libssl1.0.0                     1.0.2g-1ubuntu13.2\n\nUbuntu 17.04:\n  libssl1.0.0                     1.0.2g-1ubuntu11.3\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.9\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.23\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201712-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 14, 2017\n     Bugs: #629290, #636264, #640172\n       ID: 201712-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nmay lead to a Denial of Service condition. \n\nBackground\n==========\n\nOpenSSL is a robust, commercial-grade, and full-featured toolkit for\nthe Transport Layer Security (TLS) and Secure Sockets Layer (SSL)\nprotocols. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2n                  \u003e= 1.0.2n\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe referenced CVE identifiers for details. \n\nImpact\n======\n\nA remote attacker could cause a Denial of Service condition, recover a\nprivate key in unlikely circumstances, circumvent security restrictions\nto perform unauthorized actions, or gain access to sensitive\ninformation. \n\nWorkaround\n==========\n\nThere are no known workarounds at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2n\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-3735\n      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3735\n[ 2 ] CVE-2017-3736\n      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3736\n[ 3 ] CVE-2017-3737\n      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3737\n[ 4 ] CVE-2017-3738\n      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3738\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201712-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--IrEhWFjxIJsFtqH1v1HHQsLm3nLmhNeP4--\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: java-1.8.0-ibm security update\nAdvisory ID:       RHSA-2018:2575-01\nProduct:           Red Hat Enterprise Linux Supplementary\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2018:2575\nIssue date:        2018-08-28\nCVE Names:         CVE-2016-0705 CVE-2017-3732 CVE-2017-3736\n                   CVE-2018-1517 CVE-2018-1656 CVE-2018-2940\n                   CVE-2018-2952 CVE-2018-2973 CVE-2018-12539\n====================================================================\n1. Summary:\n\nAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux\n6 Supplementary. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit. \n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP20. \n\nSecurity Fix(es):\n\n* IBM JDK: privilege escalation via insufficiently restricted access to\nAttach API (CVE-2018-12539)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64\n(CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* IBM JDK: DoS in the java.math component (CVE-2018-1517)\n\n* IBM JDK: path traversal flaw in the Diagnostic Tooling Framework\n(CVE-2018-1656)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and\n10.0.2 (Libraries) (CVE-2018-2940)\n\n* OpenJDK: insufficient index validation in PatternSyntaxException\ngetMessage() (Concurrency, 8199547) (CVE-2018-2952)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and\n10.0.2 (JSSE) (CVE-2018-2973)\n\n* OpenSSL: Double-free in DSA code (CVE-2016-0705)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the\noriginal reporter of CVE-2016-0705. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of IBM Java must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code\n1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64\n1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64\n1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)\n1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)\n1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries)\n1618767 - CVE-2018-12539 IBM JDK: privilege escalation via insufficiently restricted access to Attach API\n1618869 - CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework\n1618871 - CVE-2018-1517 IBM JDK: DoS in the java.math component\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm\n\nx86_64:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm\n\nppc64:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.ppc64.rpm\n\ns390x:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.s390x.rpm\n\nx86_64:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm\n\nx86_64:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0705\nhttps://access.redhat.com/security/cve/CVE-2017-3732\nhttps://access.redhat.com/security/cve/CVE-2017-3736\nhttps://access.redhat.com/security/cve/CVE-2018-1517\nhttps://access.redhat.com/security/cve/CVE-2018-1656\nhttps://access.redhat.com/security/cve/CVE-2018-2940\nhttps://access.redhat.com/security/cve/CVE-2018-2952\nhttps://access.redhat.com/security/cve/CVE-2018-2973\nhttps://access.redhat.com/security/cve/CVE-2018-12539\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW4WgLdzjgjWX9erEAQixyw//d2pemlb2TNR2kW3WlrxY0KBjUBM+PS4i\nbQ8+SoNsct2XtVFq0oOfwAmYMn++pAY37yvvhUdefe5sAcUldDcJtLIgXbtISSXe\nV5EdrLvQbv/rSxikOfccFzNI8GwJTgGiLpq8n9exHcSsY5cZevzukgRr6b+yQbnj\nmcYEC3TB/CnulDac/Pt0VsS9AoFhwuX958/+EQdpMq1yOGqog6eM8U6x2btA4YSi\nmcVD2hom6GuYMKq0oWDPWPry5hJePvbPM6GZw8pYdRvA1eKjp24M3mkWkkIEFw6U\naZCW6YXJuwMMJ4IYbF1Aofm3ab+R1VZXmPvzMHXRhVcRyZLvBzo1fZaw7ISX1ibV\nFimDRrXLIJDudoS80DMVmbgQTL37U6pGAe6gV2JLtvtEZl02Sxq5PeRfuMME4qeP\nrT+xyz0zjyIqTpxhAzAQJ28ZCrWDvRycCT5ZLwaPfxZ0+4cY1l58TMfYpdwIKJSC\nM8HQccrNxQ8S/kSKexIT18mSQcMwOhDza6gV4hSiOQgI/xHW3sic78a7/74JnSBT\nDgZuicAq73IWdYu67B04UzsZNsySSW6vs3BeYdfN5BnmK40NxrH5d5LMRV4xKmN+\nHlkzX1CrDCBl9PtbQF0xpUGluvXCg1u2kzGHj4Dv7JP64bV1wXmLm5kwrPL/QZhv\n8IL8kIZinC8=eoiE\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nOpenSSL Security Advisory [07 Dec 2017]\n========================================\n\nRead/write after SSL object in error state (CVE-2017-3737)\n==========================================================\n\nSeverity: Moderate\n\nOpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\"\nmechanism. The intent was that if a fatal error occurred during a handshake then\nOpenSSL would move into the error state and would immediately fail if you\nattempted to continue the handshake. This works as designed for the explicit\nhandshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()),\nhowever due to a bug it does not work correctly if SSL_read() or SSL_write() is\ncalled directly. In that scenario, if the handshake fails then a fatal error\nwill be returned in the initial function call. If SSL_read()/SSL_write() is\nsubsequently called by the application for the same SSL object then it will\nsucceed and the data is passed without being decrypted/encrypted directly from\nthe SSL/TLS record layer. \n\nIn order to exploit this issue an application bug would have to be present that\nresulted in a call to SSL_read()/SSL_write() being issued after having already\nreceived a fatal error. \n\nThis issue does not affect OpenSSL 1.1.0. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2n\n\nThis issue was reported to OpenSSL on 10th November 2017 by David Benjamin\n(Google). The fix was proposed by David Benjamin and implemented by Matt Caswell\nof the OpenSSL development team. \n\nrsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n=========================================================\n\nSeverity: Low\n\nThere is an overflow bug in the AVX2 Montgomery multiplication procedure\nused in exponentiation with 1024-bit moduli. \n\nNote: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732\nand CVE-2015-3193. \n\nDue to the low severity of this issue we are not issuing a new release of\nOpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it\nbecomes available. The fix is also available in commit e502cc86d in the OpenSSL\ngit repository. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2n\n\nThis issue was reported to OpenSSL on 22nd November 2017 by David Benjamin\n(Google). The issue was originally found via the OSS-Fuzz project. The fix was\ndeveloped by Andy Polyakov of the OpenSSL development team. \n\nNote\n====\n\nSupport for version 1.0.1 ended on 31st December 2016. Support for versions\n0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer\nreceiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20171207.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n. \nOpenSSL Security Advisory [27 Mar 2018]\n========================================\n\nConstructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)\n==========================================================================================\n\nSeverity: Moderate\n\nConstructed ASN.1 types with a recursive definition (such as can be found in\nPKCS7) could eventually exceed the stack given malicious input with\nexcessive recursion. This could result in a Denial Of Service attack. There are\nno such structures used within SSL/TLS that come from untrusted sources so this\nis considered safe. \n\nIncorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)\n========================================================\n\nSeverity: Moderate\n\nBecause of an implementation bug the PA-RISC CRYPTO_memcmp function is\neffectively reduced to only comparing the least significant bit of each byte. \nThis allows an attacker to forge messages that would be considered as\nauthenticated in an amount of tries lower than that guaranteed by the security\nclaims of the scheme. The module can only be compiled by the HP-UX assembler, so\nthat only HP-UX PA-RISC targets are affected",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3736"
      },
      {
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "db": "PACKETSTORM",
        "id": "145423"
      },
      {
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "169626"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3736",
        "trust": 3.3
      },
      {
        "db": "TENABLE",
        "id": "TNS-2017-15",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2017-14",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1039727",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "101666",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1089",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4645",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4748",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0258.3",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1613",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1415",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0733",
        "trust": 0.6
      },
      {
        "db": "MCAFEE",
        "id": "SB10211",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3736",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149403",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148524",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "144899",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145423",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149130",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169631",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169655",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169626",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "db": "PACKETSTORM",
        "id": "145423"
      },
      {
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "169626"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "id": "VAR-201711-0923",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22708334
  },
  "last_update_date": "2024-07-23T19:46:29.715000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "hitachi-sec-2018-106",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-106/index.html"
      },
      {
        "title": "hitachi-sec-2018-124",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-124/index.html"
      },
      {
        "title": "hitachi-sec-2019-105",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-105/index.html"
      },
      {
        "title": "NTAP-20171107-0002",
        "trust": 0.8,
        "url": "https://security.netapp.com/advisory/ntap-20171107-0002/"
      },
      {
        "title": "bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20171102.txt"
      },
      {
        "title": "TNS-2017-14",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/tns-2017-14"
      },
      {
        "title": "hitachi-sec-2018-106",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2018-106/index.html"
      },
      {
        "title": "hitachi-sec-2018-124",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2018-124/index.html"
      },
      {
        "title": "hitachi-sec-2019-105",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2019-105/index.html"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76120"
      },
      {
        "title": "Red Hat: Moderate: openssl security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20180998 - security advisory"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3475-1"
      },
      {
        "title": "Debian Security Advisories: DSA-4017-1 openssl1.0 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c59b0b63bafaa6def9e5da50acf68ca8"
      },
      {
        "title": "Red Hat: Important: java-1.8.0-ibm security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182575 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29  RHEL 7 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182185 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182186 - security advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-4018-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ac7ab332aa094dcdde4da9f7cb2a19f1"
      },
      {
        "title": "Red Hat: Important: java-1.8.0-ibm security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182568 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: java-1.8.0-ibm security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182713 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182187 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2017-3736",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-3736"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-3736"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2018-1016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-1016"
      },
      {
        "title": "Symantec Security Advisories: SA157: OpenSSL Vulnerabilities 28-Aug-2017 and 2-Nov-2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=7d613a491eb4632d0bd09811cbeaee1e"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201712-9] openssl-1.0: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201712-9"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201711-14] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201711-14"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201711-15] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201711-15"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1656, CVE-2018-12539)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3d9ab13c871ea2142681c7977b25c5ff"
      },
      {
        "title": "Hitachi Security Advisories: Multiple Vulnerabilities in JP1",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-105"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201712-11] lib32-openssl-1.0: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201712-11"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU \u2013 Jul 2018 \u2013 Includes Oracle Jul 2018 CPU affects DB2 Recovery Expert for Linux, Unix and Windows",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=af4ddb95056d65a4af347aec0f652f0e"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus 6.11.3 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2017-15"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2018-1004",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2018-1004"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Planning",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=62ef85c9034c17315b7d0a712483c5ea"
      },
      {
        "title": "Tenable Security Advisories: [R1] SecurityCenter 5.6.0.1 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2017-14"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligence",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=03b0267d78cd8ac1bbb43afc737474f0"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=63bbfc68418161b36080acd59a541d45"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=38227211accce022b0a3d9b56a974186"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=ae57a14ec914f60b7203332a77613077"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f5bb2b180c7c77e5a02747a1f31830d9"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=72fe5ebf222112c8481815fd7cefc7af"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=525e4e31765e47b9e53b24e880af9d6e"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=dd8c9d5928cc3b1ac8c35b4b24703e38"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c36fc403a4c2c6439b732d2fca738f58"
      },
      {
        "title": "cp4s-car-schema",
        "trust": 0.1,
        "url": "https://github.com/ibm/cp4s-car-schema "
      },
      {
        "title": "core-kit",
        "trust": 0.1,
        "url": "https://github.com/funtoo/core-kit "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/101666"
      },
      {
        "trust": 1.8,
        "url": "https://www.openssl.org/news/secadv/20171102.txt"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201712-03"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:0998"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2185"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2575"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2713"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1039727"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2017/dsa-4018"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2017/dsa-4017"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20171107-0002/"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2017-14"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-17:11.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2017-15"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20180117-0002/"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2018:2187"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2018:2186"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2018:2568"
      },
      {
        "trust": 1.7,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbst03881en_us"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3736"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/cve/cve-2017-3736"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3736"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1s1012049"
      },
      {
        "trust": 0.6,
        "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa157"
      },
      {
        "trust": 0.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
      },
      {
        "trust": 0.6,
        "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinapr2018-4431087.html"
      },
      {
        "trust": 0.6,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10211"
      },
      {
        "trust": 0.6,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509169"
      },
      {
        "trust": 0.6,
        "url": "https://github.com/openssl/openssl/commit/668a709a8d7ea374ee72ad2d43ac72ec60a80eee"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10715641"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10882734"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76710"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4748/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1138588"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics-for-nps/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10882292"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/80494"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/79678"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10734877"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10879093"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/78218"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/74714"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3738"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3732"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3737"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3735"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-2940"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-2952"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-12539"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-2973"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-1656"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-2940"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-1517"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1517"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-2952"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1656"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-2973"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12539"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0701"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3475-1/"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=57518"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-3731"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-3737"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-3738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2182"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7055"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6302"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.9"
      },
      {
        "trust": 0.1,
        "url": "https://www.ubuntu.com/usn/usn-3475-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.23"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu11.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu13.2"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3737"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3735"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20170828.txt,"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20171207.txt"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20180327.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0739"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0733"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "db": "PACKETSTORM",
        "id": "145423"
      },
      {
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "169626"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "db": "PACKETSTORM",
        "id": "145423"
      },
      {
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "169626"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3736"
      },
      {
        "date": "2017-12-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "date": "2018-09-18T02:18:55",
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "date": "2018-07-12T21:48:49",
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "date": "2017-11-06T22:24:00",
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "date": "2017-12-15T14:15:17",
        "db": "PACKETSTORM",
        "id": "145423"
      },
      {
        "date": "2018-08-29T00:28:49",
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "date": "2017-11-02T12:12:12",
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "date": "2017-12-07T12:12:12",
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "date": "2018-03-27T12:12:12",
        "db": "PACKETSTORM",
        "id": "169626"
      },
      {
        "date": "2017-11-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      },
      {
        "date": "2017-11-02T17:29:00.243000",
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3736"
      },
      {
        "date": "2019-08-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      },
      {
        "date": "2019-04-23T19:30:04.427000",
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      }
    ],
    "trust": 0.6
  }
}

var-201605-0078
Vulnerability from variot

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. OpenSSL is prone to remote memory-corruption vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will result in denial-of-service conditions. Following product versions are affected: OpenSSL versions 1.0.2 prior to 1.0.2c OpenSSL versions 1.0.1 prior to 1.0.1o. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03756en_us Version: 1

HPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-06-05 Last Updated: 2017-06-05

Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.

References:

  • CVE-2016-2105 - Remote Denial of Service (DoS)
  • CVE-2016-2106 - Remote Denial of Service (DoS)
  • CVE-2016-2107 - Remote disclosure of sensitive information
  • CVE-2016-2108 - Remote Denial of Service (DoS)
  • CVE-2016-2109 - Remote Denial of Service (DoS)
  • CVE-2016-2176 - Remote Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • HP Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2016-2105
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-2106
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-2107
  3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVE-2016-2108
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-2016-2109
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVE-2016-2176
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
  6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software updates available to resolve the vulnerabilities in the Comware 7, iMC and VCX products running OpenSSL.

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7377P02
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 10500 (Comware 7) - Version: R7184
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5900/5920 (Comware 7) - Version: R2422P02
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR1000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR2000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR3000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR4000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • VSR (Comware 7) - Version: E0324
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 7900 (Comware 7) - Version: R2152
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5130 (Comware 7) - Version: R3115
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 6125XLG - Version: R2422P02
    • HP Network Products
    • 711307-B21 HP 6125XLG Blade Switch
    • 737230-B21 HP 6125XLG Blade Switch with TAA
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 6127XLG - Version: R2422P02
    • HP Network Products
    • 787635-B21 HP 6127XLG Blade Switch Opt Kit
    • 787635-B22 HP 6127XLG Blade Switch with TAA
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • Moonshot - Version: R2432
    • HP Network Products
    • 786617-B21 - HP Moonshot-45Gc Switch Module
    • 704654-B21 - HP Moonshot-45XGc Switch Module
    • 786619-B21 - HP Moonshot-180XGc Switch Module
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5700 (Comware 7) - Version: R2422P02
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5930 (Comware 7) - Version: R2422P02
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 1950 (Comware 7) - Version: R3115
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 7500 (Comware 7) - Version: R7184
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5510HI (Comware 7) - Version: R1120P10
    • HP Network Products
    • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
    • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
    • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
    • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
    • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5130HI (Comware 7) - Version: R1120P10
    • HP Network Products
    • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
    • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
    • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
    • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5940 - Version: R2509
    • HP Network Products
    • JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
    • JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
    • JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
    • JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
    • JH396A HPE FlexFabric 5940 32QSFP+ Switch
    • JH397A HPE FlexFabric 5940 2-slot Switch
    • JH398A HPE FlexFabric 5940 4-slot Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5950 - Version: R6123
    • HP Network Products
    • JH321A HPE FlexFabric 5950 32QSFP28 Switch
    • JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch
    • JH404A HPE FlexFabric 5950 4-slot Switch
  • 12900E (Comware 7) - Version: R2609
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176

iMC Products

  • iNode PC 7.2 (E0410) - Version: 7.2 E0410
    • HP Network Products
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
    • CVEs
    • CVE-2016-2106
    • CVE-2016-2109
    • CVE-2016-2176
  • iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409
    • HP Network Products
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
    • CVEs
    • CVE-2016-2106
    • CVE-2016-2109
    • CVE-2016-2176

VCX Products

  • VCX - Version: 9.8.19
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 2 June 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Gentoo Linux Security Advisory GLSA 201612-16

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2j >= 1.0.2j

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"

References

[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201612-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1t-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1t-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1t-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2h-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2h-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 packages: 033bd9509aeb07712e6bb3adf89c18e4 openssl-1.0.1t-i486-1_slack14.0.txz 9e91d781e33f7af80cbad08b245e84ed openssl-solibs-1.0.1t-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: e5c77ec16e3f2fcb2f1d53d84a6ba951 openssl-1.0.1t-x86_64-1_slack14.0.txz 2de7b6196a905233036d7f38008984bd openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 96dcae05ae2f585c30de852a55eb870f openssl-1.0.1t-i486-1_slack14.1.txz 59618b061e62fd9d73ba17df7626b2e7 openssl-solibs-1.0.1t-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 3d5ebfce099917703d537ab603e58a9b openssl-1.0.1t-x86_64-1_slack14.1.txz bf3a6bbdbe835dd2ce73333822cc9f06 openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz

Slackware -current packages: 4889a10c5f3aa7104167c7d50eedf7ea a/openssl-solibs-1.0.2h-i586-1.txz 8e3439f35c3cb4e11ca64eebb238a52f n/openssl-1.0.2h-i586-1.txz

Slackware x86_64 -current packages: b4a852bb7e86389ec228288ccb7e79bb a/openssl-solibs-1.0.2h-x86_64-1.txz bcf9dc7bb04173f002644e3ce33ab4ab n/openssl-1.0.2h-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1t-i486-1_slack14.1.txz openssl-solibs-1.0.1t-i486-1_slack14.1.txz

Then, reboot the machine or restart any network services that use OpenSSL.

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Description:

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.

This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. The JBoss server process must be restarted for the update to take effect. (CVE-2016-2108)

  • Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3195)

  • A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2016-2106)

  • It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-2109)

  • It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0722-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0722.html Issue date: 2016-05-09 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)

  • Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. (CVE-2016-2105, CVE-2016-2106)

  • It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)

  • Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)

  • A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-51.el7_2.5.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-51.el7_2.5.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-51.el7_2.5.src.rpm

ppc64: openssl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64.rpm

ppc64le: openssl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64le.rpm

s390x: openssl-1.0.1e-51.el7_2.5.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-devel-1.0.1e-51.el7_2.5.s390.rpm openssl-devel-1.0.1e-51.el7_2.5.s390x.rpm openssl-libs-1.0.1e-51.el7_2.5.s390.rpm openssl-libs-1.0.1e-51.el7_2.5.s390x.rpm

x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-static-1.0.1e-51.el7_2.5.ppc.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64le.rpm

s390x: openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-perl-1.0.1e-51.el7_2.5.s390x.rpm openssl-static-1.0.1e-51.el7_2.5.s390.rpm openssl-static-1.0.1e-51.el7_2.5.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-51.el7_2.5.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFXMFlTXlSAg2UNWIIRAhYAAJ0T9Ib2vXUa5te34i6fphHrbe0HlwCfePy5 WjaK8x9OaI0FgbWyfxvwq6o= =jHjh -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. 6.7) - i386, ppc64, s390x, x86_64

A security vulnerability in QEMU was addressed by HPE Helion OpenStack. The vulnerability could be exploited resulting in local unauthorized data access. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004

OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following:

apache_mod_php Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36. CVE-2016-4650

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro

Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro

bsdiff Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher

CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc.

CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo

Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4634 : Stefan Esser of SektionEins

ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex

ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : an anonymous researcher

IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins

IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero

Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team

Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

libc++abi Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4621 : an anonymous researcher

libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-0718 : Gustavo Grieco

LibreSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand, Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck

libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to the compromise of user information Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a denial of service Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

OpenSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. CVE-2016-2105 : Guido Vranken CVE-2016-2106 : Guido Vranken CVE-2016-2107 : Juraj Somorovsky CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter CVE-2016-2176 : Guido Vranken

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted SGI file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab

Safari Login AutoFill Available for: OS X El Capitan v10.11 and later Impact: A user's password may be visible on screen Description: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields. CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD

Sandbox Profiles Available for: OS X El Capitan v10.11 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins

Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900

OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y +cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc 55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5 YozOGPQFmX0OviWCQsX6 =ng+m -----END PGP SIGNATURE----- .

The References section of this erratum contains a download link (you must log in to download the update)

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0078",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.4.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.0.1"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.4.3"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.3"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.0.2"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.1.2"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.3.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "5.1.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "6.0.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "5.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.0.4"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.2"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.4"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "5.0.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.0.3"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.2.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.4.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.2.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "5.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.0"
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions  (linux)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "ucosminexus developer standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7.2)"
      },
      {
        "model": "android",
        "scope": null,
        "trust": 0.8,
        "vendor": "google",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "cosminexus developer version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base version 6"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7.2)"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "7.0"
      },
      {
        "model": "hpe helion openstack",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.1"
      },
      {
        "model": "cosminexus developer standard version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer professional version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional for plug-in"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- messaging"
      },
      {
        "model": "ip38x/3000",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "cosminexus application server version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ip38x/1200",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.4"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "netvisorpro 6.1"
      },
      {
        "model": "ip38x/810",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.3"
      },
      {
        "model": "ip38x/n500",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus developer light",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "cosminexus developer light version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "st ard-r"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "business connect v7.1.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 and later"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7.2)"
      },
      {
        "model": "ip38x/sr100",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "hpe helion openstack",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.1.2"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "hpe helion openstack",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.0"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "6.2"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver6.1 to  v8.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "ip38x/1210",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "cosminexus application server standard",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "express"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- security enhancement"
      },
      {
        "model": "hpe helion openstack",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.1.4"
      },
      {
        "model": "ip38x/3500",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ip38x/fw120",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "01"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "ip38x/5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus application server standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2"
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "paging server",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport encryption appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa51x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mate collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "network health framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.2.1"
      },
      {
        "model": "unified series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "780011.5.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "purview",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "7.0"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(3.10000.9)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6(3)"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.40"
      },
      {
        "model": "emergency responder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.2"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.6.0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "protectier entry edition ts7610 ts7620",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-/2.4"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "xenserver service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.21"
      },
      {
        "model": "nexus series blade switches 0.9.8zf",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "protectier gateway for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "telepresence isdn link",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "telepresence sx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.6"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "helion openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "85100"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.131"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.2"
      },
      {
        "model": "mediasense 9.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "cognos business intelligence interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.119"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "protectier appliance edition ts7650ap1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-3.1"
      },
      {
        "model": "helion openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.8"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "prime collaboration assurance sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.7.4"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "unified ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5.4.3"
      },
      {
        "model": "protectier appliance edition ts7650ap1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-3.4"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13-34"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "16.1"
      },
      {
        "model": "im and presence service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1879.2.5"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs central 1.5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5(2)"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-11.5.2"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "protectier enterprise edition ts7650g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-3.3"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.14.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere application server ~~liberty",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.3-"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "protectier gateway for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "webex recording playback client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90008.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.16-37"
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "opensuse evergreen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "prime infrastructure standalone plug and play gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "identifi wireless",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "10.11"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa50x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.5.1"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.1"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4-23"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.25-57"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.14.0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-43"
      },
      {
        "model": "helion openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "workload deployer if12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus intercloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.5"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.0.0"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "16.1.3"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70000"
      },
      {
        "model": "unified workforce optimization quality management sr3 es5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "qradar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "meetingplace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "protectier entry edition ts7610 ts7620",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-/3.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "xenserver common criteria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.0.2"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0.1.7"
      },
      {
        "model": "webex messenger service ep1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9.9"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "mediasense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8961"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.1"
      },
      {
        "model": "unified wireless ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere application server liberty pr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.0-"
      },
      {
        "model": "spa122 ata with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meeting center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "webex node for mcs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.12.9.8"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2.8"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "cloud manager with openstack interix fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "identifi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "10.01"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.11-28"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "qradar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.31"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1"
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.17"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10"
      },
      {
        "model": "nac appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "7.0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.19"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.0.997"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.3"
      },
      {
        "model": "unified ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "connected analytics for collaboration 1.0.1q",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.20"
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(2)"
      },
      {
        "model": "identifi wireless",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "10.11.1"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "mmp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.0-13"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6.7"
      },
      {
        "model": "prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.3.4.2-4"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.14"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.6.1"
      },
      {
        "model": "protectier enterprise edition ts7650g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-3.2"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.4"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.14.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.7.0"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agent for openflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0.7"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "cognos business intelligence interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.117"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(3)"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.6.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5.0"
      },
      {
        "model": "webex meetings for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "mds series multilayer switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "ios software and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "webex meeting center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.0.5"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.01"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.15-36"
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.10"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client hosted t31r1sp6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.8"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3x000"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "unified sip proxy",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.1"
      },
      {
        "model": "spa50x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "16.1.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sterling connect:direct for hp nonstop ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6.0.1030"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.8"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.6"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "identity services engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.2"
      },
      {
        "model": "rackswitch g8124/g8124-e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.7.0"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "16.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.10000.5)"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.0"
      },
      {
        "model": "telepresence mx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.4"
      },
      {
        "model": "helion openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "qradar siem/qrif/qrm/qvm patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.71"
      },
      {
        "model": "rackswitch g8332",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.23.0"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "telepresence profile series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.41"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v5000-"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.3.5"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.6"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "jabber for android mr",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere application server liberty pr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.6-"
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.00"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "connected grid router-cgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "21.1.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2919"
      },
      {
        "model": "websphere application server liberty pr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.2-"
      },
      {
        "model": "eos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "8.61.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on virtual machine mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "unified ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60008.3"
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.2-9"
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70008.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.2"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.2"
      },
      {
        "model": "protectier gateway for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "spa30x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "helion openstack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "extremexos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "21.1.2"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30-12"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "webex meetings client on premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.3"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.3(1)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4"
      },
      {
        "model": "rackswitch g8124/g8124-e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.17.0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "protectier appliance edition ts7650ap1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-3.3"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.12"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.2"
      },
      {
        "model": "rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.7.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.131)"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.5.5"
      },
      {
        "model": "purview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.3"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1(1)"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "algo audit and compliance if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.32"
      },
      {
        "model": "spa525g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rackswitch g8264t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.17.0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "summit wm3000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "protectier gateway for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "protectier enterprise edition ts7650g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-1.2"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9971"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.29-9"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "protectier gateway for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.1.1"
      },
      {
        "model": "websphere application server liberty pr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.8-"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "webex messenger service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "telepresence server mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.2"
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "protectier appliance edition ts7650ap1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-1.2"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "connected grid router 15.6.2.15t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "telepresence server on multiparty media mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.2"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5:20"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.1.1"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "protectier entry edition ts7610 ts7620",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-/3.4"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "counter fraud management for safer payments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.0"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.14.0"
      },
      {
        "model": "telepresence server on multiparty media mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.2"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.17"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.0"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.1"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "packet tracer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3.1"
      },
      {
        "model": "image construction and composition tool build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.028"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.17.0"
      },
      {
        "model": "unified wireless ip phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1"
      },
      {
        "model": "security access manager for web",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "virtual security gateway vsg2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.0"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "webex meetings client on premises",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-2.7"
      },
      {
        "model": "spa51x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.9.1"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.7"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(3.10000.9)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual fabric 10gb switch module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.16"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "protectier entry edition ts7610 ts7620",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-/3.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.0"
      },
      {
        "model": "telepresence sx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.7"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.7.0"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(2.1)"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1"
      },
      {
        "model": "physical access control gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wide area application services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.5.7"
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "identifi v7r0",
        "scope": null,
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": null
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.10"
      },
      {
        "model": "application and content networking system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.5.41"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.4.1.0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0.9.8"
      },
      {
        "model": "websphere application server liberty pr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.7-"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "edge digital media player 1.6rb4 5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "mds series multilayer switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.8"
      },
      {
        "model": "protectier enterprise edition ts7650g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-2.5"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "partner supporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "1/10gb uplink ethernet switch module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.14.0"
      },
      {
        "model": "protectier appliance edition ts7650ap1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-3.2"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.11"
      },
      {
        "model": "mobility services engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0"
      },
      {
        "model": "edge digital media player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3401.2.0.20"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "spa30x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "42000"
      },
      {
        "model": "security access manager for web",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.0"
      },
      {
        "model": "identifi",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "9.21.12"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.17.0"
      },
      {
        "model": "standalone rack server cimc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.2"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.4.7"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.5"
      },
      {
        "model": "mq appliance m2001",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "84200"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "ironport email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.112"
      },
      {
        "model": "meetingplace",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa525g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.0.5"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.3"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.4.4"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud object store",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.8"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "cognos business intelligence fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.12"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller 1.0.3394m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.1.5"
      },
      {
        "model": "registered envelope service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "telepresence content server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(4)"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.4"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "image construction and composition tool build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.050"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "mq appliance m2000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "asa cx and prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.21"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "rackswitch g8264cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.14.0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1)"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50007.3.1"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(3)"
      },
      {
        "model": "websphere application server liberty pr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.9-"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8945"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.18-49"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1.10000.12)"
      },
      {
        "model": "telepresence ex series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.3"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "mate design",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "eos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "7.91.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.13-41"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.0.2"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network admission control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0(0.400)"
      },
      {
        "model": "protectier enterprise edition ts7650g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-3.1"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "protectier entry edition ts7610 ts7620",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-/2.5"
      },
      {
        "model": "telepresence conductor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified attendant console standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.115"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.1"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mate live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.13"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.6)"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization sr3 es5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "unified communications manager 10.5 su3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "security identity governance and intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "protectier entry edition ts7610 ts7620",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-/3.3"
      },
      {
        "model": "protectier enterprise edition ts7650g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-3.4"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nac server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9-34"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "extremexos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "22.1"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "security proventia network active bypass 0343c3c",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "unified ip phones 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0(0.98000.225)"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "protectier gateway for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.7.3"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "unity connection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "rackswitch g8316",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.17.0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.8"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1.98991.13)"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.0"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.6.4"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "prime optical for sps",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6"
      },
      {
        "model": "protectier enterprise edition ts7650g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-2.4"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "45000"
      },
      {
        "model": "telepresence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.3"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50008.3"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.1"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.3"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-2.7"
      },
      {
        "model": "protectier appliance edition ts7650ap1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-2.4"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1.10000.5)"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "tivoli network manager ip edition fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.94"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "prime license manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "protectier entry edition ts7610 ts7620",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-/1.2"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-42"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3500-"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.8"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v vsg2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "connected grid router cgos 15.6.2.15t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.3"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "21.1"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.2"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "telepresence profile series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.13"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.2"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.21"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3700-"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere application server liberty pr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.1-"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "19.0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9951"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1876"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "local collector appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.12"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.32"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.0"
      },
      {
        "model": "content security appliance updater servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "connected analytics for collaboration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "telepresence ex series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "mac os security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.17"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.4-12"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder 10.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.2"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.113"
      },
      {
        "model": "nexus",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "900012.0"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7(0)"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "xenserver service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.51"
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "protectier appliance edition ts7650ap1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-2.5"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "services analytic platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "unified ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79009.4(2)"
      },
      {
        "model": "netsight appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "7.0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.17"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "websphere application server liberty pr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.5-"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "unified series ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "extremexos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "16.2.1"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "video surveillance media server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9"
      },
      {
        "model": "unified communications manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "agent for openflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.5"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.5"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "protectier gateway for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "policy suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "53000"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.4.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1)"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.10"
      },
      {
        "model": "websphere application server liberty pr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.4-"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "webex meetings server mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.99.2"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "asa cx and cisco prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5.4.3"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.7.2"
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.13900.9)"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(0.98000.88)"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "89752"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002475"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2108"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.1n",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2108"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "139115"
      },
      {
        "db": "PACKETSTORM",
        "id": "136937"
      },
      {
        "db": "PACKETSTORM",
        "id": "139167"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2016-2108",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2016-2108",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-2108",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2108",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-2108",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2108"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002475"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2108"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue. OpenSSL is prone to remote memory-corruption vulnerability. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application  using the vulnerable library. Failed exploit attempts will result in denial-of-service conditions. \nFollowing product versions are affected:\nOpenSSL versions 1.0.2 prior to 1.0.2c\nOpenSSL versions 1.0.1 prior to 1.0.1o. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03756en_us\nVersion: 1\n\nHPESBHF03756 rev.1 -  HPE Network Products including Comware 7, iMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-06-05\nLast Updated: 2017-06-05\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nnetwork products including Comware 7, iMC, and VCX. The vulnerabilities could\nbe remotely exploited resulting in Denial of Service (DoS) or disclosure of\nsensitive information. \n\nReferences:\n\n  - CVE-2016-2105 - Remote Denial of Service (DoS)\n  - CVE-2016-2106 - Remote Denial of Service (DoS)\n  - CVE-2016-2107 - Remote disclosure of sensitive information\n  - CVE-2016-2108 - Remote Denial of Service (DoS)\n  - CVE-2016-2109 - Remote Denial of Service (DoS)\n  - CVE-2016-2176 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n  - Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - HP Intelligent Management Center (iMC) All versions - Please refer to the\nRESOLUTION below for a list of updated products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2016-2105\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-2106\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-2107\n      3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\n      2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n    CVE-2016-2108\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-2109\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n    CVE-2016-2176\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\n      6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerabilities in the Comware 7, iMC and VCX products running OpenSSL. \n\n**COMWARE 7 Products**\n\n  + 12500 (Comware 7) - Version: R7377P02\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 10500 (Comware 7) - Version: R7184\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5900/5920 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR1000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR2000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR3000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR4000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + VSR (Comware 7) - Version: E0324\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 7900 (Comware 7) - Version: R2152\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5130 (Comware 7) - Version: R3115\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 6125XLG - Version: R2422P02\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 6127XLG - Version: R2422P02\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + Moonshot - Version: R2432\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5700 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5930 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 1950 (Comware 7) - Version: R3115\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 7500 (Comware 7) - Version: R7184\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5510HI (Comware 7) - Version: R1120P10\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5130HI (Comware 7) - Version: R1120P10\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5940 - Version: R2509\n    * HP Network Products\n      - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch\n      - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch\n      - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch\n      - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch\n      - JH396A HPE FlexFabric 5940 32QSFP+ Switch\n      - JH397A HPE FlexFabric 5940 2-slot Switch\n      - JH398A HPE FlexFabric 5940 4-slot Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5950 - Version: R6123\n    * HP Network Products\n      - JH321A HPE FlexFabric 5950 32QSFP28 Switch\n      - JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch\n      - JH404A HPE FlexFabric 5950 4-slot Switch\n  + 12900E (Comware 7) - Version: R2609\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n\n**iMC Products**\n\n  + iNode PC 7.2 (E0410) - Version: 7.2 E0410\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n    * CVEs\n      - CVE-2016-2106\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n    * CVEs\n      - CVE-2016-2106\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n\n**VCX Products**\n\n  + VCX - Version: 9.8.19\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 2 June 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 07, 2016\n     Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n           #592082, #594500, #595186\n       ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2j                  \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. Additionally, a time based side-channel\nattack may allow a local attacker to recover a private DSA key. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[  1 ] CVE-2016-2105\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[  2 ] CVE-2016-2106\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[  3 ] CVE-2016-2107\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[  4 ] CVE-2016-2108\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[  5 ] CVE-2016-2109\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[  6 ] CVE-2016-2176\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[  7 ] CVE-2016-2177\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[  8 ] CVE-2016-2178\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[  9 ] CVE-2016-2180\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n       http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1t-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1t-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1t-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1t-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2h-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2h-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\n033bd9509aeb07712e6bb3adf89c18e4  openssl-1.0.1t-i486-1_slack14.0.txz\n9e91d781e33f7af80cbad08b245e84ed  openssl-solibs-1.0.1t-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ne5c77ec16e3f2fcb2f1d53d84a6ba951  openssl-1.0.1t-x86_64-1_slack14.0.txz\n2de7b6196a905233036d7f38008984bd  openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n96dcae05ae2f585c30de852a55eb870f  openssl-1.0.1t-i486-1_slack14.1.txz\n59618b061e62fd9d73ba17df7626b2e7  openssl-solibs-1.0.1t-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n3d5ebfce099917703d537ab603e58a9b  openssl-1.0.1t-x86_64-1_slack14.1.txz\nbf3a6bbdbe835dd2ce73333822cc9f06  openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n4889a10c5f3aa7104167c7d50eedf7ea  a/openssl-solibs-1.0.2h-i586-1.txz\n8e3439f35c3cb4e11ca64eebb238a52f  n/openssl-1.0.2h-i586-1.txz\n\nSlackware x86_64 -current packages:\nb4a852bb7e86389ec228288ccb7e79bb  a/openssl-solibs-1.0.2h-x86_64-1.txz\nbcf9dc7bb04173f002644e3ce33ab4ab  n/openssl-1.0.2h-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1t-i486-1_slack14.1.txz openssl-solibs-1.0.1t-i486-1_slack14.1.txz \n\nThen, reboot the machine or restart any network services that use OpenSSL. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release includes bug fixes and enhancements, as well as a new release\nof OpenSSL that addresses a number of outstanding security flaws. For\nfurther information, see the knowledge base article linked to in the\nReferences section. The JBoss server process must be restarted for the update\nto take effect. \n(CVE-2016-2108)\n\n* Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3195)\n\n* A flaw was found in the way the TLS protocol composes the Diffie-Hellman\nexchange (for both export and non-export grade cipher suites). An attacker\ncould use this flaw to downgrade a DHE connection to use export-grade key\nsizes, which could then be broken by sufficient pre-computation. This can\nlead to a passive man-in-the-middle attack in which the attacker is able to\ndecrypt all traffic. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-2109)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2016:0722-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0722.html\nIssue date:        2016-05-09\nCVE Names:         CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 \n                   CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 \n                   CVE-2016-2842 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. \n(CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in\nthe way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL\nparsed very large amounts of input data. \n(CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application. \n(CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno B\u00f6ck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions\n1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0799\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2107\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-2842\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXMFlTXlSAg2UNWIIRAhYAAJ0T9Ib2vXUa5te34i6fphHrbe0HlwCfePy5\nWjaK8x9OaI0FgbWyfxvwq6o=\n=jHjh\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. 6.7) - i386, ppc64, s390x, x86_64\n\n3. \n\nA security vulnerability in QEMU was addressed by HPE Helion OpenStack. The\nvulnerability could be exploited resulting in local unauthorized data access. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update\n2016-004\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 is now\navailable and addresses the following:\n\napache_mod_php\nAvailable for:  \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple issues existed in PHP versions prior to\n5.5.36. These were addressed by updating PHP to version 5.5.36. \nCVE-2016-4650\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Parsing a maliciously crafted audio file may lead to the\ndisclosure of user information\nDescription:  An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend\nMicro\u0027s Zero Day Initiative\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nbsdiff\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription:  An integer overflow existed in bspatch. This issue was\naddressed through improved bounds checking. \nCVE-2014-9862 : an anonymous researcher\n\nCFNetwork\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to view sensitive user information\nDescription:  A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed through improved\nrestrictions. \nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc. \n\nCoreGraphics\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nCoreGraphics\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to elevate privileges\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nFaceTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription:  User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nGraphics Drivers\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4634 : Stefan Esser of SektionEins\n\nImageIO\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nImageIO\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nIntel Graphics Driver\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4633 : an anonymous researcher\n\nIOHIDFamily\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nIOSurface\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A use-after-free was addressed through improved memory\nmanagement. \nCVE-2016-4625 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibc++abi\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  An application may be able to execute arbitrary code with\nroot privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4621 : an anonymous researcher\n\nlibexpat\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-0718 : Gustavo Grieco\n\nLibreSSL\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple issues existed in LibreSSL before 2.2.7. These\nwere addressed by updating LibreSSL to version 2.2.7. \nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand,\nIan Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription:  An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Multiple vulnerabilities in libxml2\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxslt\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Multiple vulnerabilities in libxslt\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode leading to compromise of user information\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode leading to the compromise of user information\nDescription:  A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a denial of service\nDescription:  A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to gain root privileges\nDescription:  A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. \nCVE-2016-2105 : Guido Vranken\nCVE-2016-2106 : Guido Vranken\nCVE-2016-2107 : Juraj Somorovsky\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\nCVE-2016-2176 : Guido Vranken\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4596 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4597 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4600 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4602 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4598 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted SGI file may lead to\narbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4601 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4599 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nSafari Login AutoFill\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A user\u0027s password may be visible on screen\nDescription:  An issue existed in Safari\u0027s password auto-fill. This\nissue was addressed through improved matching of form fields. \nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\nSandbox Profiles\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local application may be able to access the process list\nDescription:  An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nNote: OS X El Capitan 10.11.6 includes the security content of Safari\n9.1.2. For further details see https://support.apple.com/kb/HT206900\n\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y\n+cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy\npSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV\nxj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u\nwevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN\nZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k\nah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk\nmmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC\nJM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc\n55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs\nxPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5\nYozOGPQFmX0OviWCQsX6\n=ng+m\n-----END PGP SIGNATURE-----\n. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2108"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002475"
      },
      {
        "db": "BID",
        "id": "89752"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2108"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136912"
      },
      {
        "db": "PACKETSTORM",
        "id": "139115"
      },
      {
        "db": "PACKETSTORM",
        "id": "136937"
      },
      {
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "db": "PACKETSTORM",
        "id": "137206"
      },
      {
        "db": "PACKETSTORM",
        "id": "139167"
      },
      {
        "db": "PACKETSTORM",
        "id": "137353"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2108",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "89752",
        "trust": 1.4
      },
      {
        "db": "PACKETSTORM",
        "id": "136912",
        "trust": 1.2
      },
      {
        "db": "PULSESECURE",
        "id": "SA40202",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-18",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1035721",
        "trust": 1.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU93163809",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94844193",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002475",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2108",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "142803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140056",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139115",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136937",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143513",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137206",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139167",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137353",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137958",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139116",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2108"
      },
      {
        "db": "BID",
        "id": "89752"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002475"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136912"
      },
      {
        "db": "PACKETSTORM",
        "id": "139115"
      },
      {
        "db": "PACKETSTORM",
        "id": "136937"
      },
      {
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "db": "PACKETSTORM",
        "id": "137206"
      },
      {
        "db": "PACKETSTORM",
        "id": "139167"
      },
      {
        "db": "PACKETSTORM",
        "id": "137353"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2108"
      }
    ]
  },
  "id": "VAR-201605-0078",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.405729735
  },
  "last_update_date": "2024-06-12T20:06:13.420000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Android Security Bulletin-July 2016",
        "trust": 0.8,
        "url": "http://source.android.com/security/bulletin/2016-07-01.html"
      },
      {
        "title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
      },
      {
        "title": "HT206903",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206903"
      },
      {
        "title": "HT206903",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206903"
      },
      {
        "title": "HPSBGN03620",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05164862"
      },
      {
        "title": "HPSBGN03610",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05149345"
      },
      {
        "title": "SB10160",
        "trust": 0.8,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160"
      },
      {
        "title": "NV16-015",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv16-015.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "Fix encoding bug in i2c_ASN1_INTEGER",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=3661bb4e7934668bd99ca777ea8b30eedfafa871"
      },
      {
        "title": "Fix ASN1_INTEGER handling.",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27"
      },
      {
        "title": "Memory corruption in the ASN.1 encoder (CVE-2016-2108)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20160503.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Oracle Linux Bulletin - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "title": "RHSA-2016:0722",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html"
      },
      {
        "title": "RHSA-2016:0996",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html"
      },
      {
        "title": "SA40202",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "title": "TLSA-2016-14",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-14j.html"
      },
      {
        "title": "\u30b5\u30fc\u30d0\u30fb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u88fd\u54c1\u306b\u304a\u3051\u308bOpenSSL\u306e\u8106\u5f31\u6027(CVE-2016-2108)\u306b\u3088\u308b\u5f71\u97ff\u306b\u3064\u3044\u3066 (hitachi-sec-2016-201)",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/openssl_cve2016-2108.html"
      },
      {
        "title": "HS16-023",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs16-023/index.html"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/05/03/openssl_patches/"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 7",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170194 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 6",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170193 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162073 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2016-2108",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2108"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2959-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3566-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=055972eb84483959232c972f757685e0"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-695",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-695"
      },
      {
        "title": "Citrix Security Bulletins: Citrix XenServer 7.2 Multiple Security Updates",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=b7259bee9307e075caf863b54947ad7b"
      },
      {
        "title": "Citrix Security Bulletins: Citrix XenServer Multiple Security Updates",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=c11f24ab4065121676cfe8313127856c"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "Symantec Security Advisories: SA123 : OpenSSL Vulnerabilities 3-May-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=5d65f6765e60e5fe9e6998a5bde1aadc"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2105, 2106, 2107, 2108, 2109, 2176 -- Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=01fd01e3d154696ffabfde89f4142310"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-13"
      },
      {
        "title": "Android Security Bulletins: Android Security Bulletin\u2014July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=25584b3d319ca9e7cb2fae9ec5dbf5e0"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=83bbd91f8369c8f064e6d68dac68400f"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Android Security Bulletins: Android Security Bulletin\u2014July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=fb0fe6abcf6343f263d1cf5da183946c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-18"
      },
      {
        "title": "Vuls simulator for Deep Security",
        "trust": 0.1,
        "url": "https://github.com/kn0630/vulssimulator_ds "
      },
      {
        "title": "satellite-host-cve\nWhat does code do\nWhat versions does it work on\nPrerequisites\nHow to run your code\nExample Output\nKnown issues",
        "trust": 0.1,
        "url": "https://github.com/redhatsatellite/satellite-host-cve "
      },
      {
        "title": "OpenSSL-CVE-lib",
        "trust": 0.1,
        "url": "https://github.com/chnzzh/openssl-cve-lib "
      },
      {
        "title": "https://github.com/samreleasenotes/SamsungReleaseNotes",
        "trust": 0.1,
        "url": "https://github.com/samreleasenotes/samsungreleasenotes "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/android-security-bulletin-features-two-patch-levels/119056/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2108"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002475"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002475"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2108"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "https://www.openssl.org/news/secadv/20160503.txt"
      },
      {
        "trust": 1.5,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html"
      },
      {
        "trust": 1.4,
        "url": "http://source.android.com/security/bulletin/2016-07-01.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl"
      },
      {
        "trust": 1.4,
        "url": "http://support.citrix.com/article/ctx212736"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201612-16"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2017:0194"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2073.html"
      },
      {
        "trust": 1.1,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05164862"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht206903"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05149345"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/89752"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2016:1137"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184605.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183457.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2959-1"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1035721"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2016/dsa-3566"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183607.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa123"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html"
      },
      {
        "trust": 1.1,
        "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00067\u0026languageid=en-fr"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-18"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05386804"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03726en_us"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03756en_us"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03765en_us"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2017:0193"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=3661bb4e7934668bd99ca777ea8b30eedfafa871"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2108"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94844193/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu93163809/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2108"
      },
      {
        "trust": 0.8,
        "url": "http://www.aratana.jp/security/detail.php?id=16"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176"
      },
      {
        "trust": 0.4,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.4,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331402"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05149345"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05164862"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023779"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024078"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024319"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099464"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989046"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000158"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021361"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021376"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1137.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987903"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988007"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009147"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009281"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983158"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983909"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984323"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984446"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984583"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984609"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984794"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984920"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984977"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985736"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986068"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986152"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986473"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986506"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986563"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986564"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986669"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987671"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987779"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987968"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988055"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988071"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988189"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988976"
      },
      {
        "trust": 0.3,
        "url": "https://gtacknowledge.extremenetworks.com/articles/vulnerability_notice/vn-2016-007-cve-2016-2108-negative-zero"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982814"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007982"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/2688611"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/solutions/222023"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4000"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3110"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3183"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/kn0630/vulssimulator_ds"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2959-1/"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03756en_us"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://eprint.iacr.org/2016/594.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-2055.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03765en_us"
      },
      {
        "trust": 0.1,
        "url": "http://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-a00006123en_"
      },
      {
        "trust": 0.1,
        "url": "https://helion.hpwsportal.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3710"
      },
      {
        "trust": 0.1,
        "url": "http://docs.hpcloud.com/#helion/releasenotes215.html"
      },
      {
        "trust": 0.1,
        "url": "http://docs.hpcloud.com/#helion/installation/upgrade2x_to_215.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4599"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4601"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4597"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4596"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4595"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9862"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4598"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4602"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht206900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2108"
      },
      {
        "db": "BID",
        "id": "89752"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002475"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136912"
      },
      {
        "db": "PACKETSTORM",
        "id": "139115"
      },
      {
        "db": "PACKETSTORM",
        "id": "136937"
      },
      {
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "db": "PACKETSTORM",
        "id": "137206"
      },
      {
        "db": "PACKETSTORM",
        "id": "139167"
      },
      {
        "db": "PACKETSTORM",
        "id": "137353"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2108"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2108"
      },
      {
        "db": "BID",
        "id": "89752"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002475"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136912"
      },
      {
        "db": "PACKETSTORM",
        "id": "139115"
      },
      {
        "db": "PACKETSTORM",
        "id": "136937"
      },
      {
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "db": "PACKETSTORM",
        "id": "137206"
      },
      {
        "db": "PACKETSTORM",
        "id": "139167"
      },
      {
        "db": "PACKETSTORM",
        "id": "137353"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2108"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2108"
      },
      {
        "date": "2016-05-03T00:00:00",
        "db": "BID",
        "id": "89752"
      },
      {
        "date": "2016-05-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002475"
      },
      {
        "date": "2017-06-05T18:18:00",
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "date": "2016-12-07T16:37:31",
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "date": "2016-05-04T14:53:10",
        "db": "PACKETSTORM",
        "id": "136912"
      },
      {
        "date": "2016-10-12T20:28:07",
        "db": "PACKETSTORM",
        "id": "139115"
      },
      {
        "date": "2016-05-09T14:05:44",
        "db": "PACKETSTORM",
        "id": "136937"
      },
      {
        "date": "2017-07-26T17:44:00",
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "date": "2016-05-26T14:44:00",
        "db": "PACKETSTORM",
        "id": "137206"
      },
      {
        "date": "2016-10-18T13:58:46",
        "db": "PACKETSTORM",
        "id": "139167"
      },
      {
        "date": "2016-06-08T13:16:00",
        "db": "PACKETSTORM",
        "id": "137353"
      },
      {
        "date": "2016-07-19T19:45:20",
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "date": "2016-10-12T23:44:55",
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "date": "2016-05-05T01:59:04.230000",
        "db": "NVD",
        "id": "CVE-2016-2108"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2108"
      },
      {
        "date": "2016-10-10T00:14:00",
        "db": "BID",
        "id": "89752"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002475"
      },
      {
        "date": "2023-11-07T02:30:56.157000",
        "db": "NVD",
        "id": "CVE-2016-2108"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "89752"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  ASN.1 Implementation of arbitrary code execution vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002475"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "89752"
      }
    ],
    "trust": 0.3
  }
}

var-200609-1274
Vulnerability from variot

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication. A local attacker could perform a side channel attack to retrieve the RSA private keys. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00967144 Version: 1

HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-04-12 Last Updated: 2007-04-12

Potential Security Impact: Remote unauthenticated arbitrary code execution or Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified on the Secure Sockets Layer (SSL) and BIND running on the HP Tru64 UNIX Operating System that may allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS).

References: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) VU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

BACKGROUND

RESOLUTION

HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

PRODUCT SPECIFIC INFORMATION

The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.

HISTORY Version:1 (rev.1) - 12 April 2007 Initial release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1

iQA/AwUBRiUNQ+AfOvwtKn1ZEQLdQgCdEpF7dyJMCx0S6FBh8zEs/1hrKIcAnjB3 gP3DWRATNULxgPyX4sSP1HEm =/EIA -----END PGP SIGNATURE----- . HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. OpenSSL Security Advisory [28th September 2006]

New OpenSSL releases are now available to correct four security issues.

ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)

Vulnerability

Dr. S. N. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940).

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. N. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

Acknowledgements

The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Acknowledgements

The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20060928.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1274",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-26000"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.10"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.9"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "networks meridian option 61c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "systems management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.168"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "x8610.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux database server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "stonebeat fullcluster for gauntlet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1050"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "networks meridian option 51c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "aironet acs350 c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3502.6"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "6000"
      },
      {
        "model": "networks cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1000"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.5"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "fuji",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "networks meridian option 81c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.4"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "networks self-service mps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5000"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5.2"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "2700"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1740"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1010"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.1"
      },
      {
        "model": "networks communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1000"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0.0x64"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.50.3.45"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-45000"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-46000"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "17500"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5000"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "ciscosecure acs appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1111"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.6"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "networks ip address domain manager",
        "scope": null,
        "trust": 0.3,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "mds 9216i",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.3"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.10.2.65"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "networks meridian option 11c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0.1"
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1700"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "ciscosecure acs for windows and unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "stonebeat fullcluster for isa server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1100"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "networks wlan access point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "7250.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with the discovery of this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "20249"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-3738",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-3738",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nSuccessfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. A flaw has also been reported in the\nBN_from_montgomery() function in crypto/bn/bn_mont.c when performing\nMontgomery multiplication. A local attacker could\nperform a side channel attack to retrieve the RSA private keys. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00967144\nVersion: 1\n\nHPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-04-12\nLast Updated: 2007-04-12\n\nPotential Security Impact: Remote unauthenticated arbitrary code execution or Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified on the Secure Sockets Layer (SSL) and BIND running on the HP Tru64 UNIX Operating System that may allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS). \n\nReferences: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) \nVU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND) \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. \n\nHISTORY \nVersion:1 (rev.1) - 12 April 2007 Initial release \n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRiUNQ+AfOvwtKn1ZEQLdQgCdEpF7dyJMCx0S6FBh8zEs/1hrKIcAnjB3\ngP3DWRATNULxgPyX4sSP1HEm\n=/EIA\n-----END PGP SIGNATURE-----\n. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. OpenSSL Security Advisory [28th September 2006]\n\nNew OpenSSL releases are now available to correct four security\nissues. \n\n\nASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)\n==============================================================\n\nVulnerability\n-------------\n\nDr. S. N. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  This can result in an infinite loop which\nconsumes system memory (CVE-2006-2937).  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. This could be used by an attacker in a denial of\nservice attack (CVE-2006-2940). \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. N. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20060928.txt\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "59899"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      }
    ],
    "trust": 3.87
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 2.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 2.1
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22654",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22633",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30161",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4314",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4443",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29262",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "59899",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "59899"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "id": "VAR-200609-1274",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.346980685
  },
  "last_update_date": "2024-06-14T20:42:43.882000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.7,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/547300"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22633"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22654"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30161"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29262"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20249"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4314"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4443"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026documentoid=498093\u0026renditionid=\u0026poid=8881"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4256"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9370"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/en/support/security_advisories/2909_2006.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "/archive/1/481217"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www116.nortelnetworks.com/pub/repository/clarify/document/2006/44/021420-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.2,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.2,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5135"
      },
      {
        "trust": 0.1,
        "url": "http://enigmail.mozdev.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5135"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3108"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3108"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
      },
      {
        "trust": 0.1,
        "url": "http://h30097.www3.hp.com/cma/patches.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "59899"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "59899"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20249"
      },
      {
        "date": "2007-10-09T00:39:04",
        "db": "PACKETSTORM",
        "id": "59899"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2007-04-19T00:58:08",
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2011-05-09T19:52:00",
        "db": "BID",
        "id": "20249"
      },
      {
        "date": "2018-10-17T21:29:08.090000",
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20249"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "20249"
      }
    ],
    "trust": 0.3
  }
}

var-200609-1054
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it. (CVE-2006-4343)

Updated packages are patched to address these issues.

Update:

There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

BACKGROUND

RESOLUTION

HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

PRODUCT SPECIFIC INFORMATION

The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20060928.txt . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1054",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.2.6-p1"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.3.2-p1"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-2937",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20060928.txt\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      }
    ],
    "trust": 5.67
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 3.7
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200609-1054",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-04-02T14:24:01.638000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "BIND 9: OpenSSL Vulnerabilities",
        "trust": 0.8,
        "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "title": "102759",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.6,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 1.2,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
      },
      {
        "trust": 0.1,
        "url": "http://h30097.www3.hp.com/cma/patches.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2006-10-04T00:47:19",
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2007-04-19T00:58:08",
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  }
}

var-200411-0172
Vulnerability from variot

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. OpenSSL Is SSL/TLS Due to incomplete implementation of do_change_cipher_spec() In the function NULL A vulnerability exists where pointers are not handled properly.OpenSSL An application that uses the service disrupts service operation (DoS) It may be in a state. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications. It is now widely used in various network applications.

Using the Codenomicon TLS test tool, OpenSSL found a NULL pointer allocation in the do_change_cipher_spec () function. Applications that rely on this library will generate a denial of service. For the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. The CVE candidate name for this vulnerability is CAN-2004-0079. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. The second issue is also exploited during the SSL/TLS handshake, but only when Kerberos ciphersuites are in use. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. The CVE candidate name for this vulnerability is CAN-2004-0112. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected. This entry will be retired when individual BID records are created for each issue. *Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. The CVE candidate name for this vulnerability is CAN-2004-0081. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. Oracle has released a Critical Patch Update to address these issues in various supported applications and platforms. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. This BID will be divided and updated into separate BIDs when more information is available. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

  Cisco Security Advisory: Cisco OpenSSL Implementation Vulnerability

Revision 1.0

For Public Release 2004 March 17 at 1300 UTC (GMT)

 ----------------------------------------------------------------------

Contents

 Summary
 Affected Products
 Details
 Impact
 Software Versions and Fixes
 Obtaining Fixed Software
 Workarounds
 Exploitation and Public Announcements
 Status of This Notice: INTERIM
 Distribution
 Revision History
 Cisco Security Procedures

 ----------------------------------------------------------------------

Summary

A new vulnerability in the OpenSSL implementation for SSL has been announced on March 17, 2004.

An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack. There are workarounds available to mitigate the effects of this vulnerability on Cisco products in the workaround section of this advisory. Cisco is providing fixed software, and recommends that customers upgrade to it when it is available.

This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml. 

 * Cisco IOS 12.1(11)E and later in the 12.1E release train. Only crypto
   images (56i and k2) are vulnerable for the Cisco 7100 and 7200 Series
   Routers. 
 * Cisco IOS 12.2SY release train. Only crypto images (k8, k9 and k91)
   are vulnerable for the Cisco Catalyst 6500 Series and Cisco 7600
   Series Routers. 
 * Cisco PIX Firewall
 * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
   Series and Cisco 7600 Series routers
 * Cisco MDS 9000 Series Multilayer Switch
 * Cisco Content Service Switch (CSS) 11000 series
 * Cisco Global Site Selector (GSS) 4480
 * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common
   Management Foundation (CMF) version 2.1
 * Cisco Access Registrar (CAR)

The following products have their SSL implementation based on the OpenSSL code and are not affected by this vulnerability. 

 * Cisco Secure Intrusion Detection System (NetRanger) appliance. This
   includes the IDS-42xx appliances, NM-CIDS and WS-SVS-IDSM2. 
 * Cisco SN 5428 and SN 5428-2 Storage Router
 * Cisco CNS Configuration Engine
 * Cisco Network Analysis Modules (NAM) for the Cisco Catalyst 6000 and
   6500 Series switches and Cisco 7600 Series routers
 * Cisco SIP Proxy Server (SPS)
 * CiscoWorks 1105 Hosting Solution Engine (HSE)
 * CiscoWorks 1105 Wireless LAN Solution Engine (WLSE)
 * Cisco Ethernet Subscriber Solution Engine (ESSE)

The following products, which implement SSL, are not affected by this vulnerability. 

 * Cisco VPN 3000 Series Concentrators

CatOS does not implement SSL and is not vulnerable.

No other Cisco products are currently known to be affected by this vulnerability. This vulnerability is still being actively investigated across Cisco products and status of some products has still not been determined.

Details

Secure Sockets Layer (SSL), is a protocol used to encrypt the data transferred over an TCP session. SSL in Cisco products is mainly used by the HyperText Transfer Protocol Secure (HTTPS) web service for which the default TCP port is 443. The affected products, listed above, are only vulnerable if they have the HTTPS service enabled and the access to the service is not limited to trusted hosts or network management workstations.

To check if the HTTPS service is enabled one can do the following:

1. Check the configuration on the device to verify the status of the
   HTTPS service. 
2. Try to connect to the device using a standard web browser that
   supports SSL using a URL similar to https://ip_address_of_device/. 
3. Try and connect to the default HTTPS port, TCP 443, using Telnet. 
   telnet ip_address_of_device 443. If the session connects the service
   is enabled and accessible. This

crash on many Cisco products would cause the device to reload.

A third vulnerability described in the NISCC advisory is a bug in older versions of OpenSSL, versions before 0.9.6d, that can also lead to a Denial of Service attack. None of the Cisco OpenSSL implementations are known to be affected by this older OpenSSL issue. 

 * Cisco IOS - All 12.1(11)E and later IOS software crypto (56i and k2)
   image releases in the 12.1E release train for the Cisco 7100 and 7200
   Series Routers are affected by this vulnerability. All IOS software
   crypto (k8, k9, and k91) image releases in the 12.2SY release train
   for the Cisco Catalyst 6500 Series and Cisco 7600 Series Routers are
   affected by this vulnerability. The SSH implementation in IOS is not
   dependent on any OpenSSL code. SSH implementations in IOS do not
   handle certificates, yet, and therefore do not use any SSL code for
   SSH. OpenSSL in 12.1E and 12.2SY release trains is only used for
   providing the HTTPS and VPN Device Manager (VDM) services. This
   vulnerability is documented in the Cisco Bug Toolkit (registered
   customers only) as Bug ID CSCee00041. The HTTPS web service, that uses
   the OpenSSL code, on the device is disabled by default. The no ip http
   secure-server command may be used to disable the HTTPS web service on
   the device, if required. The SSH and IPSec services in IOS are not
   vulnerable to this vulnerability. 
 * Cisco PIX Firewall - PIX 6.x releases are affected by this
   vulnerability. PIX 5.x releases do not contain any SSL code and are
   not vulnerable. This vulnerability is documented in the Cisco Bug
   Toolkit (registered customers only) as Bug ID CSCed90672. 
 * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
   Series and Cisco 7600 Series routers - This vulnerability is
   documented in the Cisco Bug Toolkit (registered customers only) as Bug
   ID CSCee02055. 
 * Cisco MDS 9000 Series Multilayer Switches - This vulnerability is
   documented in the Cisco Bug Toolkit (registered customers only) as Bug
   ID CSCed96246. 
 * Cisco Content Service Switch (CSS) 11000 series - WebNS version 6.x
   and 7.x are affected by this vulnerability. This vulnerability is
   documented in the Cisco Bug Toolkit (registered customers only) as Bug
   ID CSCee01234 for SCM and is documented in the Cisco Bug Toolkit
   (registered customers only) as Bug ID CSCee01240 for the SSL module. 
 * Cisco Global Site Selector (GSS) 4480 - This vulnerability is
   documented in the Cisco Bug Toolkit (registered customers only) as Bug
   ID CSCee01057. 
 * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common
   Management Foundation (CMF) version 2.1 - This vulnerability is
   documented in the Cisco Bug Toolkit (registered customers only) as Bug
   ID CSCsa13748. 
 * Cisco Access Registrar (CAR) - This vulnerability is documented in the
   Cisco Bug Toolkit (registered customers only) as Bug ID CSCee01956.

The Internetworking Terms and Cisco Systems Acronyms online guides can be found at http://www.cisco.com/univercd/cc/td/doc/cisintwk/.

Impact

An affected network device running an SSL server based on the OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack.

Software Versions and Fixes

 * Cisco IOS -

   +----------------------------------------+
   |Release|  Fixed Releases  |Availability |
   | Train |                  |             |
   |-------+------------------+-------------|
   |12.2SY |12.2(14)SY4       |March 25     |
   |-------+------------------+-------------|
   |       |12.1(13)E14       |April 8      |
   |12.1E  |12.1.(19)E7       |April 8      |
   |       |12.1(20)E3        |April 26     |
   +----------------------------------------+

 * Cisco PIX Firewall - The vulnerability is fixed in software releases
   6.0(4)102, 6.1(5)102, 6.2(3)107, and 6.3(3)124. These engineering
   builds may be obtained by contacting the Cisco Technical Assistance
   Center (TAC). TAC Contact information is given in the Obtaining Fixed
   Software section below. 
 * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
   Series and Cisco 7600 Series routers - The vulnerability is fixed in
   software release 1.1.3(14) which will be available by Monday, 22 of
   March, 2004. This engineering builds may be obtained by contacting the
   Cisco Technical Assistance Center (TAC). TAC Contact information is
   given in the Obtaining Fixed Software section below. 
 * Cisco MDS 9000 Series Multilayer Switches - No fixed software release
   or software availability date has been determined yet. 
 * Cisco Content Service Switch (CSS) 11000 series -No fixed software
   release or software availability date has been determined yet. 
 * Cisco Global Site Selector (GSS) 4480 - No fixed software release or
   software availability date has been determined yet. 
 * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common
   Management Foundation (CMF) version 2.1 - No fixed software release or
   software availability date has been determined yet. 
 * Cisco Access Registrar (CAR) - The vulnerability is fixed in software
   release 3.5.0.12 which will be available by Friday, 26 of March, 2004.

Obtaining Fixed Software

Cisco is offering free software upgrades to address this vulnerability for all affected customers.

Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, Customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/public/sw-license-agreement.html, or as otherwise set forth at the Cisco Connection Online Software Center at http://www.cisco.com/public/sw-center/sw-usingswc.shtml.

Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/tacpage/sw-center. To access the software download URL, you must be a registered user and you must be logged in.

Customers whose Cisco products are provided or maintained through a prior or existing agreement with third-party support organizations such as Cisco Partners, authorized resellers, or service providers, should contact that support organization for assistance with obtaining the software upgrade(s).

Customers who purchase direct from Cisco but who do not hold a Cisco service contract and customers who purchase through third-party vendors but are unsuccessful at obtaining fixed software through their point of sale should get their upgrades by contacting the Cisco Technical Assistance Center (TAC) using the contact information listed below. In these cases, customers are entitled to obtain a free upgrade to a later version of the same release or as indicated by the applicable corrected software version in the Software Versions and Fixes section (noted above).

Cisco TAC contacts are as follows:

 * +1 800 553 2447 (toll free from within North America)
 * +1 408 526 7209 (toll call from anywhere in the world)
 * e-mail: tac@cisco.com

See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including special localized telephone numbers and instructions and e-mail addresses for use in various languages.

Please have your product serial number available and give the URL of this notice as evidence of your entitlement to a upgrade. Upgrades for non-contract customers must be requested through the TAC.

Please do not contact either "psirt@cisco.com" or "security-alert@cisco.com" for software upgrades.

Workarounds

The Cisco PSIRT recommends that affected users upgrade to a fixed software version of code as soon as it is available. 

 * Restrict access to the HTTPS server on the network device. Allow
   access to the network device only from trusted workstations by using
   access lists / MAC filters that are available on the affected
   platforms. 
 * Disable the SSL server / service on the network device. This
   workaround must be weighed against the need for secure communications
   with the vulnerable device.

Exploitation and Public Announcements

The Cisco PSIRT is not aware of any malicious use of the vulnerability described in this advisory.

This vulnerability was reported to Cisco PSIRT by NISCC.

Status of This Notice: INTERIM

This is an interim advisory. Although Cisco cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Cisco does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Cisco may update this advisory.

A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.

Distribution

This advisory will be posted on Cisco's worldwide website at http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml .

In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key having the fingerprint 8C82 5207 0CA9 ED40 1DD2 EE2A 7B31 A8CF 32B6 B590 and is posted to the following e-mail and Usenet news recipients. 

 * cust-security-announce@cisco.com
 * first-teams@first.org (includes CERT/CC)
 * bugtraq@securityfocus.com
 * vulnwatch@vulnwatch.org
 * cisco@spot.colorado.edu
 * cisco-nsp@puck.nether.net
 * full-disclosure@lists.netsys.com
 * comp.dcom.sys.cisco@newsgate.cisco.com

Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.

Revision History

+------------------------------------------+ |Revision 1.0|2004-March-17|Initial | | | |release. | +------------------------------------------+

Cisco Security Procedures

Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.

This advisory is copyright 2004 by Cisco Systems, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. 

 ----------------------------------------------------------------------

-----BEGIN PGP SIGNATURE----- Comment: PGP Signed by Sharad Ahlawat, Cisco Systems PSIRT

iD8DBQFAWFvZezGozzK2tZARAqIwAKDXDMLAY6eDYyU8y1MhKZUto2SRxwCg+oid 7AhsNlLsNVSLwTRKTHSigu0= =gtba -----END PGP SIGNATURE----- . Any application that makes use of OpenSSL's SSL/TLS library may be affected. Any application that makes use of OpenSSL's SSL/TLS library may be affected.

Recommendations

Upgrade to OpenSSL 0.9.7d or 0.9.6m. Recompile any OpenSSL applications statically linked to OpenSSL libraries.

OpenSSL 0.9.7d and OpenSSL 0.9.6m are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html):

ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.7d.tar.gz
  MD5 checksum: 1b49e90fc8a75c3a507c0a624529aca5

o openssl-0.9.6m.tar.gz [normal]
  MD5 checksum: 1b63bfdca1c37837dddde9f1623498f9
o openssl-engine-0.9.6m.tar.gz [engine]
  MD5 checksum: 4c39d2524bd466180f9077f8efddac8c

The checksums were calculated using the following command:

openssl md5 openssl-0.9*.tar.gz

Credits

Patches for these issues were created by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team. The OpenSSL team would like to thank Codenomicon for supplying the TLS Test Tool which was used to discover these vulnerabilities, and Joe Orton of Red Hat for performing the majority of the testing.

References

http://www.codenomicon.com/testtools/tls/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112

URL for this Security Advisory: http://www.openssl.org/news/secadv_20040317.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200411-0172",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "openbsd",
        "version": "3.4"
      },
      {
        "model": "okena stormwatch",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "1.1.3"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "1.1.2"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.1_\\(3.005\\)"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.1_\\(0.208\\)"
      },
      {
        "model": "gsx server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "2.5.1"
      },
      {
        "model": "gsx server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.9"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.7"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.7.2"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.2.4"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.2.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.9"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.6"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.5"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.4"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.7.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.7.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.6.3"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.6.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.5.18"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.5.17"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.5.2"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "sgi",
        "version": "2.4"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "sgi",
        "version": "2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "openbsd",
        "version": "3.3"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "2.0"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "1.5"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.7"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.6.2"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.5.27"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.5"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.0"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "hp",
        "version": "11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "apache-based web server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "hp",
        "version": "2.0.43.04"
      },
      {
        "model": "apache-based web server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "hp",
        "version": "2.0.43.00"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "6.10"
      },
      {
        "model": "secure content accelerator",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "css secure content accelerator",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "css secure content accelerator",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "sg5",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.4"
      },
      {
        "model": "sg5",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.3"
      },
      {
        "model": "sg5",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "sg208",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.4"
      },
      {
        "model": "sg203",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.31.29"
      },
      {
        "model": "sg203",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.4"
      },
      {
        "model": "sg200",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.31.29"
      },
      {
        "model": "sg200",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.3.1"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.3"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.2.4"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.2.3"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.2.2"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.2.1"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.2"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "4.0"
      },
      {
        "model": "threat response",
        "scope": null,
        "trust": 1.1,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "6.3"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "call manager",
        "scope": null,
        "trust": 1.1,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 1.1,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "neoteris",
        "version": "3.3.1"
      },
      {
        "model": "vpn-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "vsx_ng_with_application_intelligence"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "intuity audix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "*"
      },
      {
        "model": "vpn-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp1"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.0.04"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "7500_r2.0.1"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.10_b4"
      },
      {
        "model": "firewall-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11b\\)e"
      },
      {
        "model": "bsafe ssl-j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "3.0.1"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.3"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "bluecoat",
        "version": "*"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.2za"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(19\\)e1"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.1_0.1.02"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.0.02"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "8.5.12a"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "cacheos ca sa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "bluecoat",
        "version": "4.1.12"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.10_.0.06s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.2.1"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.2sy"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.1"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.0.2"
      },
      {
        "model": "gsx server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "2.0.1_build_2129"
      },
      {
        "model": "sg208",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "*"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(4\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11b\\)e14"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11b\\)e12"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.2\\(14\\)sy1"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.0"
      },
      {
        "model": "gss 4490 global site selector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.3.1"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(3\\)"
      },
      {
        "model": "stonebeat fullcluster",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3\\(3.109\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "stonebeat fullcluster",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.1.02"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(1\\)"
      },
      {
        "model": "bsafe ssl-j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "3.0"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "neoteris",
        "version": "3.1"
      },
      {
        "model": "s8300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.0"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.2.2"
      },
      {
        "model": "firewall-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "*"
      },
      {
        "model": "intuity audix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "s3210"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "500"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(1\\)"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "neoteris",
        "version": "3.2"
      },
      {
        "model": "gss 4480 global site selector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "5x"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(4\\)"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.0.3"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "11.00"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tarantella",
        "version": "3.30"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.3_rc1"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tarantella",
        "version": "3.20"
      },
      {
        "model": "stonebeat fullcluster",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "stonesoft",
        "version": "1_2.0"
      },
      {
        "model": "intuity audix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "s3400"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.2_0.0.03"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "10000_r2.0.1"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(2\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3\\(3.102\\)"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.0.03"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "8.05"
      },
      {
        "model": "gsx server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "2.5.1_build_5336"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(3\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "0.9.7a-2"
      },
      {
        "model": "css11000 content services switch",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "5000_r2.0.1"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(3.100\\)"
      },
      {
        "model": "firewall-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "2.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "0.9.6-15"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.1_0.2.06"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "mds 9000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(3\\)"
      },
      {
        "model": "content services switch 11500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(4.101\\)"
      },
      {
        "model": "vpn-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp0"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.2_rc2"
      },
      {
        "model": "application and content networking software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11\\)e"
      },
      {
        "model": "s8700",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.0"
      },
      {
        "model": "stonebeat fullcluster",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "stonesoft",
        "version": "1_3.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "stonebeat fullcluster",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "0.9.6b-3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "threat response",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "aaa server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tarantella",
        "version": "3.40"
      },
      {
        "model": "wbem",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "a.02.00.00"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.3_rc3"
      },
      {
        "model": "gsx server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "3.0_build_7592"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2.2_.111"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.1"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "100_r2.0.1"
      },
      {
        "model": "access registrar",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "provider-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "4.1"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.0.01"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(1\\)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "crypto accelerator 4000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.0"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(5\\)"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "neoteris",
        "version": "3.3"
      },
      {
        "model": "bsafe ssl-j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "3.1"
      },
      {
        "model": "wbem",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "a.01.05.08"
      },
      {
        "model": "s8300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.1"
      },
      {
        "model": "s8700",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.1"
      },
      {
        "model": "openserver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sco",
        "version": "5.0.6"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(2\\)"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.2_rc1"
      },
      {
        "model": "clientless vpn gateway 4400",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "5.0"
      },
      {
        "model": "intuity audix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "5.1.46"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3\\(2\\)"
      },
      {
        "model": "firewall-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "2000_r2.0.1"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(2\\)"
      },
      {
        "model": "openserver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sco",
        "version": "5.0.7"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3\\(1\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)e9"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.2\\(14\\)sy"
      },
      {
        "model": "wbem",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "a.02.00.01"
      },
      {
        "model": "vpn-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "cacheos ca sa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "bluecoat",
        "version": "4.1.10"
      },
      {
        "model": "firewall-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "neoteris",
        "version": "3.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.3_rc2"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "check point",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0"
      },
      {
        "model": "cobalt raq4",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "crypto accelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "1000 v1.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "provider-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "ng and later versions"
      },
      {
        "model": "vine linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vine linux",
        "version": "2.5"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netbsd",
        "version": "2.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netbsd",
        "version": "1.5.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.2"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netbsd",
        "version": "1.6"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "vine linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vine linux",
        "version": "2.6"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.00"
      },
      {
        "model": "hp wbem services",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "for hp-ux a.02.00.00"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.1"
      },
      {
        "model": "hp-ux aaa server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "a.06.01.02.04 and earlier"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.0"
      },
      {
        "model": "vpn-1/firewall-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "ng and later versions"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "hp wbem services",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "for linux a.02.00.01"
      },
      {
        "model": "primergy sslaccelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "7110"
      },
      {
        "model": "primergy sslaccelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "7115"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "cisco 7600 for )"
      },
      {
        "model": "netshelter series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "check the information provided by the vendor. )"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netbsd",
        "version": "1.5.1"
      },
      {
        "model": "trendmicro interscan viruswall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "3.81"
      },
      {
        "model": "global site selector",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4480    4490"
      },
      {
        "model": "hp-ux apache-based web server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "version"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.5"
      },
      {
        "model": "css secure content accelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "version  1    2"
      },
      {
        "model": "netscreen ive",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "all versions"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netbsd",
        "version": "1.6.1"
      },
      {
        "model": "ipcom series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "check the information provided by the vendor. )"
      },
      {
        "model": "crypto accelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "500"
      },
      {
        "model": "ipcom series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "( for details"
      },
      {
        "model": "crypto accelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "1000 v1.1"
      },
      {
        "model": "netwatcher",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "( sensor device )"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "css 11000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "firewall-1 gx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "v2.0"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "(cisco catalyst 6500 for"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "9"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "hp-ux apache-based web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.0.49.00"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.22"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netbsd",
        "version": "1.6.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netbsd",
        "version": "1.5"
      },
      {
        "model": "hp-ux aaa server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "a.06.01.02.06"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0 (x86-64)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "vpn-1/firewall-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "vsx ng with application intelligence"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "mds 9000 series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "multilayer switch"
      },
      {
        "model": "crypto accelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "4000 v1.0"
      },
      {
        "model": "netscreen idp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "2.0 - 2.1r6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.04"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7c and earlier"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "application and content networking system",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "primergy sslaccelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "7117"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "hp wbem services",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "for hp-ux a.01.05.08 and earlier"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "css 11500 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netbsd",
        "version": "1.5.3"
      },
      {
        "model": "netshelter series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "( for details"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.6,
        "vendor": "none",
        "version": null
      },
      {
        "model": "ios 12.1 e",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "firewall services module",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "gsx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.07592"
      },
      {
        "model": "gsx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.15336"
      },
      {
        "model": "gsx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.12129"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.40"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.30"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.200"
      },
      {
        "model": "clientless vpn gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "44005.0"
      },
      {
        "model": "crypto accelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "40001.0"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat fullcluster for isa server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "stonebeat fullcluster for gauntlet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.24"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.23"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.22"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.1.02"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.1"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.0.04"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.0.03"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.0.02"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.0.01"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2"
      },
      {
        "model": "unixware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "7.1.3"
      },
      {
        "model": "unixware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "7.1.1"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.7"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.6"
      },
      {
        "model": "security bsafe ssl-j sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "3.1"
      },
      {
        "model": "security bsafe ssl-j sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "3.0.1"
      },
      {
        "model": "security bsafe ssl-j sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "3.0"
      },
      {
        "model": "openssl096b-0.9.6b-3.i386.rpm",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openssl096-0.9.6-15.i386.rpm",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openssl-perl-0.9.7a-2.i386.rpm",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openssl-devel-0.9.7a-2.i386.rpm",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openssl-0.9.7a-2.i386.rpm",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "hat fedora core3",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "hat fedora core2",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "hat fedora core1",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "edirectory su1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "edirectory a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.5.12"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "3.3.1"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "3.3"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "3.2"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "3.1"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "3.0"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3.1"
      },
      {
        "model": "litespeed web server rc3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3"
      },
      {
        "model": "litespeed web server rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3"
      },
      {
        "model": "litespeed web server rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.2.2"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.2.1"
      },
      {
        "model": "litespeed web server rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.2"
      },
      {
        "model": "litespeed web server rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.2"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.1.1"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.1"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.0.3"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.0.2"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.0.1"
      },
      {
        "model": "wbem a.02.00.01",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "wbem a.02.00.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "wbem a.01.05.08",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.5"
      },
      {
        "model": "aaa server",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "associates etrust security command center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "secure gateway for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "1.13"
      },
      {
        "model": "secure gateway for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "1.12"
      },
      {
        "model": "secure gateway for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "1.1"
      },
      {
        "model": "webns .0.06s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.20.0.03"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10.2.06"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10.1.02"
      },
      {
        "model": "webns b4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.10"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3(3.109)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3(3.102)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.3"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.2.111"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(3.100)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(3)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.5"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.4"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.3"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(5)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(4)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(3)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(2)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.4"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.3"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(4.101)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(4)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(2)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(1)"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "ios 12.2za",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sy",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sy1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sy",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e9",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e14",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e12",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ec",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1(0.208)"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(3.005)"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11000 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "point software vpn-1 vsx ng with application intelligence",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 next generation fp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 next generation fp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 next generation fp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software providor-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 vsx ng with application intelligence",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 next generation fp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 next generation fp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 next generation fp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 gx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "2.0"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "0"
      },
      {
        "model": "coat systems cacheos ca/sa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.1.12"
      },
      {
        "model": "coat systems cacheos ca/sa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.1.10"
      },
      {
        "model": "vsu r2.0.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7500"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5x0"
      },
      {
        "model": "vsu r2.0.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5000"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5000"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "50"
      },
      {
        "model": "vsu r2.0.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2000"
      },
      {
        "model": "vsu r2.0.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "10000"
      },
      {
        "model": "vsu r2.0.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "100"
      },
      {
        "model": "sg5x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.4"
      },
      {
        "model": "sg5x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.3"
      },
      {
        "model": "sg5x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "sg208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity r5 r5.1.46",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity audix r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "intuity s3400",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity s3210",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "gsx server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.2"
      },
      {
        "model": "stonegate sparc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2.12"
      },
      {
        "model": "stonegate",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2.5x86"
      },
      {
        "model": "stonegate ibm zseries",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2.5"
      },
      {
        "model": "computing sidewinder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.1.10"
      },
      {
        "model": "security bsafe ssl-j sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "4.1"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "litespeed web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3.2"
      },
      {
        "model": "litespeed web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.0.2"
      },
      {
        "model": "secure gateway for solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "1.14"
      },
      {
        "model": "threat response",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0.3"
      },
      {
        "model": "mds",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "mds",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "point software vpn-1 sp6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp5a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp5a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "webstar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "4d",
        "version": "5.3.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "9.0"
      },
      {
        "model": "fedora core2",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "fedora core1",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "oneworld xe/erp8 applications sp22",
        "scope": null,
        "trust": 0.3,
        "vendor": "peoplesoft",
        "version": null
      },
      {
        "model": "enterpriseone applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "peoplesoft",
        "version": "8.93"
      },
      {
        "model": "enterpriseone applications sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "peoplesoft",
        "version": "8.9"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "oracle8i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "oracle8i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4.0"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.0"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.0"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.9"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.8"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.7"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.6"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.5"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.4"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.3"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.2"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.1"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "collaboration suite release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.4.2"
      },
      {
        "model": "collaboration suite release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.4.1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#288574"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2004-0791"
      },
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "14567"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000086"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-124"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0079"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.6.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.5.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.5.18:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0079"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Security Advisory",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-124"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2004-0079",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2004-0079",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-8509",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2004-0079",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#288574",
            "trust": 0.8,
            "value": "27.38"
          },
          {
            "author": "NVD",
            "id": "CVE-2004-0079",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200411-124",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-8509",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#288574"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8509"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000086"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-124"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0079"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. OpenSSL Is SSL/TLS Due to incomplete implementation of do_change_cipher_spec() In the function NULL A vulnerability exists where pointers are not handled properly.OpenSSL An application that uses the service disrupts service operation (DoS) It may be in a state. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications. It is now widely used in various network applications. \n\n\u00a0Using the Codenomicon TLS test tool, OpenSSL found a NULL pointer allocation in the do_change_cipher_spec () function. Applications that rely on this library will generate a denial of service. \nFor the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. The CVE candidate name for this vulnerability is CAN-2004-0079. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. \nThe second issue is also exploited during the SSL/TLS handshake, but only when Kerberos ciphersuites are in use. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. The CVE candidate name for this vulnerability is CAN-2004-0112. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected. \nThis entry will be retired when individual BID records are created for each issue. \n*Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. The CVE candidate name for this vulnerability is CAN-2004-0081. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. \nApache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. \nAppkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. \nBluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. \nCoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. \nCUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. \nDirectory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. \nHItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. \nKerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. \nloginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. \nMail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. \nMySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. \nping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. \nQuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. \nSafari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. \nSecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. \nservermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. \nservermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. \nSquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. \ntraceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. \nWebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. \nWeblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. \nX11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. \nzlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. \nThese vulnerabilities will be separated into individual BIDs upon further analysis of the issues. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. \nOracle has released a Critical Patch Update to address these issues in various supported applications and platforms. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. \nThis BID will be divided and updated into separate BIDs when more information is available. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n      Cisco Security Advisory: Cisco OpenSSL Implementation Vulnerability\n\nRevision 1.0\n\n  For Public Release 2004 March 17 at 1300 UTC (GMT)\n\n     ----------------------------------------------------------------------\n\nContents\n\n     Summary\n     Affected Products\n     Details\n     Impact\n     Software Versions and Fixes\n     Obtaining Fixed Software\n     Workarounds\n     Exploitation and Public Announcements\n     Status of This Notice: INTERIM\n     Distribution\n     Revision History\n     Cisco Security Procedures\n\n     ----------------------------------------------------------------------\n\nSummary\n\n   A new vulnerability in the OpenSSL implementation for SSL\n   has been announced on March 17, 2004. \n\n   An affected network device running an SSL server based on an affected\n   OpenSSL implementation may be vulnerable to a Denial of Service (DoS)\n   attack. There are workarounds available to mitigate the effects of this\n   vulnerability on Cisco products in the workaround section of this\n   advisory. Cisco is providing fixed software, and recommends that customers\n   upgrade to it when it is available. \n\n   This advisory will be posted at\n   http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml. \n\n     * Cisco IOS 12.1(11)E and later in the 12.1E release train. Only crypto\n       images (56i and k2) are vulnerable for the Cisco 7100 and 7200 Series\n       Routers. \n     * Cisco IOS 12.2SY release train. Only crypto images (k8, k9 and k91)\n       are vulnerable for the Cisco Catalyst 6500 Series and Cisco 7600\n       Series Routers. \n     * Cisco PIX Firewall\n     * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500\n       Series and Cisco 7600 Series routers\n     * Cisco MDS 9000 Series Multilayer Switch\n     * Cisco Content Service Switch (CSS) 11000 series\n     * Cisco Global Site Selector (GSS) 4480\n     * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common\n       Management Foundation (CMF) version 2.1\n     * Cisco Access Registrar (CAR)\n\n   The following products have their SSL implementation based on the OpenSSL\n   code and are not affected by this vulnerability. \n\n     * Cisco Secure Intrusion Detection System (NetRanger) appliance. This\n       includes the IDS-42xx appliances, NM-CIDS and WS-SVS-IDSM2. \n     * Cisco SN 5428 and SN 5428-2 Storage Router\n     * Cisco CNS Configuration Engine\n     * Cisco Network Analysis Modules (NAM) for the Cisco Catalyst 6000 and\n       6500 Series switches and Cisco 7600 Series routers\n     * Cisco SIP Proxy Server (SPS)\n     * CiscoWorks 1105 Hosting Solution Engine (HSE)\n     * CiscoWorks 1105 Wireless LAN Solution Engine (WLSE)\n     * Cisco Ethernet Subscriber Solution Engine (ESSE)\n\n   The following products, which implement SSL, are not affected by this\n   vulnerability. \n\n     * Cisco VPN 3000 Series Concentrators\n\n   CatOS does not implement SSL and is not vulnerable. \n\n   No other Cisco products are currently known to be affected by this\n   vulnerability. This vulnerability is still being actively investigated\n   across Cisco products and status of some products has still not been\n   determined. \n\nDetails\n\n   Secure Sockets Layer (SSL), is a protocol used to encrypt the data\n   transferred over an TCP session. SSL in Cisco products is mainly used by\n   the HyperText Transfer Protocol Secure (HTTPS) web service for which the\n   default TCP port is 443. The affected products, listed above, are only\n   vulnerable if they have the HTTPS service enabled and the access to the\n   service is not limited to trusted hosts or network management\n   workstations. \n\n   To check if the HTTPS service is enabled one can do the following:\n\n    1. Check the configuration on the device to verify the status of the\n       HTTPS service. \n    2. Try to connect to the device using a standard web browser that\n       supports SSL using a URL similar to https://ip_address_of_device/. \n    3. Try and connect to the default HTTPS port, TCP 443, using Telnet. \n       telnet ip_address_of_device 443. If the session connects the service\n       is enabled and accessible. This\n   crash on many Cisco products would cause the device to reload. \n\n   A third vulnerability described in the NISCC advisory is a bug in older\n   versions of OpenSSL, versions before 0.9.6d, that can also lead to a\n   Denial of Service attack. None of the Cisco OpenSSL implementations are\n   known to be affected by this older OpenSSL issue. \n\n     * Cisco IOS - All 12.1(11)E and later IOS software crypto (56i and k2)\n       image releases in the 12.1E release train for the Cisco 7100 and 7200\n       Series Routers are affected by this vulnerability. All IOS software\n       crypto (k8, k9, and k91) image releases in the 12.2SY release train\n       for the Cisco Catalyst 6500 Series and Cisco 7600 Series Routers are\n       affected by this vulnerability. The SSH implementation in IOS is not\n       dependent on any OpenSSL code. SSH implementations in IOS do not\n       handle certificates, yet, and therefore do not use any SSL code for\n       SSH. OpenSSL in 12.1E and 12.2SY release trains is only used for\n       providing the HTTPS and VPN Device Manager (VDM) services. This\n       vulnerability is documented in the Cisco Bug Toolkit (registered\n       customers only) as Bug ID CSCee00041. The HTTPS web service, that uses\n       the OpenSSL code, on the device is disabled by default. The no ip http\n       secure-server command may be used to disable the HTTPS web service on\n       the device, if required. The SSH and IPSec services in IOS are not\n       vulnerable to this vulnerability. \n     * Cisco PIX Firewall - PIX 6.x releases are affected by this\n       vulnerability. PIX 5.x releases do not contain any SSL code and are\n       not vulnerable. This vulnerability is documented in the Cisco Bug\n       Toolkit (registered customers only) as Bug ID CSCed90672. \n     * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500\n       Series and Cisco 7600 Series routers - This vulnerability is\n       documented in the Cisco Bug Toolkit (registered customers only) as Bug\n       ID CSCee02055. \n     * Cisco MDS 9000 Series Multilayer Switches - This vulnerability is\n       documented in the Cisco Bug Toolkit (registered customers only) as Bug\n       ID CSCed96246. \n     * Cisco Content Service Switch (CSS) 11000 series - WebNS version 6.x\n       and 7.x are affected by this vulnerability. This vulnerability is\n       documented in the Cisco Bug Toolkit (registered customers only) as Bug\n       ID CSCee01234 for SCM and is documented in the Cisco Bug Toolkit\n       (registered customers only) as Bug ID CSCee01240 for the SSL module. \n     * Cisco Global Site Selector (GSS) 4480 - This vulnerability is\n       documented in the Cisco Bug Toolkit (registered customers only) as Bug\n       ID CSCee01057. \n     * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common\n       Management Foundation (CMF) version 2.1 - This vulnerability is\n       documented in the Cisco Bug Toolkit (registered customers only) as Bug\n       ID CSCsa13748. \n     * Cisco Access Registrar (CAR) - This vulnerability is documented in the\n       Cisco Bug Toolkit (registered customers only) as Bug ID CSCee01956. \n\n   The Internetworking Terms and Cisco Systems Acronyms online guides can be\n   found at http://www.cisco.com/univercd/cc/td/doc/cisintwk/. \n\nImpact\n\n   An affected network device running an SSL server based on the OpenSSL\n   implementation may be vulnerable to a Denial of Service (DoS) attack. \n\nSoftware Versions and Fixes\n\n     * Cisco IOS -\n\n       +----------------------------------------+\n       |Release|  Fixed Releases  |Availability |\n       | Train |                  |             |\n       |-------+------------------+-------------|\n       |12.2SY |12.2(14)SY4       |March 25     |\n       |-------+------------------+-------------|\n       |       |12.1(13)E14       |April 8      |\n       |12.1E  |12.1.(19)E7       |April 8      |\n       |       |12.1(20)E3        |April 26     |\n       +----------------------------------------+\n\n     * Cisco PIX Firewall - The vulnerability is fixed in software releases\n       6.0(4)102, 6.1(5)102, 6.2(3)107, and 6.3(3)124. These engineering\n       builds may be obtained by contacting the Cisco Technical Assistance\n       Center (TAC). TAC Contact information is given in the Obtaining Fixed\n       Software section below. \n     * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500\n       Series and Cisco 7600 Series routers - The vulnerability is fixed in\n       software release 1.1.3(14) which will be available by Monday, 22 of\n       March, 2004. This engineering builds may be obtained by contacting the\n       Cisco Technical Assistance Center (TAC). TAC Contact information is\n       given in the Obtaining Fixed Software section below. \n     * Cisco MDS 9000 Series Multilayer Switches - No fixed software release\n       or software availability date has been determined yet. \n     * Cisco Content Service Switch (CSS) 11000 series -No fixed software\n       release or software availability date has been determined yet. \n     * Cisco Global Site Selector (GSS) 4480 - No fixed software release or\n       software availability date has been determined yet. \n     * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common\n       Management Foundation (CMF) version 2.1 - No fixed software release or\n       software availability date has been determined yet. \n     * Cisco Access Registrar (CAR) - The vulnerability is fixed in software\n       release 3.5.0.12 which will be available by Friday, 26 of March, 2004. \n\nObtaining Fixed Software\n\n   Cisco is offering free software upgrades to address this vulnerability for\n   all affected customers. \n\n   Customers may only install and expect support for the feature sets they\n   have purchased. By installing, downloading, accessing or otherwise using\n   such software upgrades, Customers agree to be bound by the terms of\n   Cisco\u0027s software license terms found at\n   http://www.cisco.com/public/sw-license-agreement.html, or as otherwise set\n   forth at the Cisco Connection Online Software Center at\n   http://www.cisco.com/public/sw-center/sw-usingswc.shtml. \n\n   Customers with contracts should obtain upgraded software through their\n   regular update channels. For most customers, this means that upgrades\n   should be obtained through the Software Center on Cisco\u0027s worldwide\n   website at http://www.cisco.com/tacpage/sw-center. To access the software\n   download URL, you must be a registered user and you must be logged in. \n\n   Customers whose Cisco products are provided or maintained through a prior\n   or existing agreement with third-party support organizations such as Cisco\n   Partners, authorized resellers, or service providers, should contact that\n   support organization for assistance with obtaining the software\n   upgrade(s). \n\n   Customers who purchase direct from Cisco but who do not hold a Cisco\n   service contract and customers who purchase through third-party vendors\n   but are unsuccessful at obtaining fixed software through their point of\n   sale should get their upgrades by contacting the Cisco Technical\n   Assistance Center (TAC) using the contact information listed below. In\n   these cases, customers are entitled to obtain a free upgrade to a later\n   version of the same release or as indicated by the applicable corrected\n   software version in the Software Versions and Fixes section (noted above). \n\n   Cisco TAC contacts are as follows:\n\n     * +1 800 553 2447 (toll free from within North America)\n     * +1 408 526 7209 (toll call from anywhere in the world)\n     * e-mail: tac@cisco.com\n\n   See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for\n   additional TAC contact information, including special localized telephone\n   numbers and instructions and e-mail addresses for use in various\n   languages. \n\n   Please have your product serial number available and give the URL of this\n   notice as evidence of your entitlement to a upgrade. Upgrades for\n   non-contract customers must be requested through the TAC. \n\n   Please do not contact either \"psirt@cisco.com\" or\n   \"security-alert@cisco.com\" for software upgrades. \n\nWorkarounds\n\n   The Cisco PSIRT recommends that affected users upgrade to a fixed software\n   version of code as soon as it is available. \n\n     * Restrict access to the HTTPS server on the network device. Allow\n       access to the network device only from trusted workstations by using\n       access lists / MAC filters that are available on the affected\n       platforms. \n     * Disable the SSL server / service on the network device. This\n       workaround must be weighed against the need for secure communications\n       with the vulnerable device. \n\nExploitation and Public Announcements\n\n   The Cisco PSIRT is not aware of any malicious use of the vulnerability\n   described in this advisory. \n\n   This vulnerability was reported to Cisco PSIRT by NISCC. \n\nStatus of This Notice: INTERIM\n\n   This is an interim advisory. Although Cisco cannot guarantee the accuracy\n   of all statements in this advisory, all of the facts have been checked to\n   the best of our ability. Cisco does not anticipate issuing updated\n   versions of this advisory unless there is some material change in the\n   facts. Should there be a significant change in the facts, Cisco may update\n   this advisory. \n\n   A stand-alone copy or paraphrase of the text of this security advisory\n   that omits the distribution URL in the following section is an\n   uncontrolled copy, and may lack important information or contain factual\n   errors. \n\nDistribution\n\n   This advisory will be posted on Cisco\u0027s worldwide website at\n   http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml . \n\n   In addition to worldwide web posting, a text version of this notice is\n   clear-signed with the Cisco PSIRT PGP key having the fingerprint 8C82 5207\n   0CA9 ED40 1DD2 EE2A 7B31 A8CF 32B6 B590 and is posted to the following\n   e-mail and Usenet news recipients. \n\n     * cust-security-announce@cisco.com\n     * first-teams@first.org (includes CERT/CC)\n     * bugtraq@securityfocus.com\n     * vulnwatch@vulnwatch.org\n     * cisco@spot.colorado.edu\n     * cisco-nsp@puck.nether.net\n     * full-disclosure@lists.netsys.com\n     * comp.dcom.sys.cisco@newsgate.cisco.com\n\n   Future updates of this advisory, if any, will be placed on Cisco\u0027s\n   worldwide website, but may or may not be actively announced on mailing\n   lists or newsgroups. Users concerned about this problem are encouraged to\n   check the above URL for any updates. \n\nRevision History\n\n   +------------------------------------------+\n   |Revision 1.0|2004-March-17|Initial        |\n   |            |             |release.       |\n   +------------------------------------------+\n\nCisco Security Procedures\n\n   Complete information on reporting security vulnerabilities in Cisco\n   products, obtaining assistance with security incidents, and registering to\n   receive security information from Cisco, is available on Cisco\u0027s worldwide\n   website at\n   http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This\n   includes instructions for press inquiries regarding Cisco security\n   notices. All Cisco security advisories are available at\n   http://www.cisco.com/go/psirt. \n\n   This advisory is copyright 2004 by Cisco Systems, Inc. This advisory may\n   be redistributed freely after the release date given at the top of the\n   text, provided that redistributed copies are complete and unmodified,\n   including all date and version information. \n\n     ----------------------------------------------------------------------\n-----BEGIN PGP SIGNATURE-----\nComment: PGP Signed by Sharad Ahlawat, Cisco Systems PSIRT\n\niD8DBQFAWFvZezGozzK2tZARAqIwAKDXDMLAY6eDYyU8y1MhKZUto2SRxwCg+oid\n7AhsNlLsNVSLwTRKTHSigu0=\n=gtba\n-----END PGP SIGNATURE-----\n.  Any\napplication that makes use of OpenSSL\u0027s SSL/TLS library may be\naffected.  Any application that makes use of OpenSSL\u0027s SSL/TLS library\nmay be affected. \n\nRecommendations\n---------------\n\nUpgrade to OpenSSL 0.9.7d or 0.9.6m.  Recompile any OpenSSL applications\nstatically linked to OpenSSL libraries. \n\nOpenSSL 0.9.7d and OpenSSL 0.9.6m are available for download via HTTP and\nFTP from the following master locations (you can find the various FTP\nmirrors under http://www.openssl.org/source/mirror.html):\n\n    ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.7d.tar.gz\n      MD5 checksum: 1b49e90fc8a75c3a507c0a624529aca5\n    \n    o openssl-0.9.6m.tar.gz [normal]\n      MD5 checksum: 1b63bfdca1c37837dddde9f1623498f9\n    o openssl-engine-0.9.6m.tar.gz [engine]\n      MD5 checksum: 4c39d2524bd466180f9077f8efddac8c\n\nThe checksums were calculated using the following command:\n\n    openssl md5 openssl-0.9*.tar.gz\n\nCredits\n-------\n\nPatches for these issues were created by Dr Stephen Henson\n(steve@openssl.org) of the OpenSSL core team.  The OpenSSL team would\nlike to thank Codenomicon for supplying the TLS Test Tool which was\nused to discover these vulnerabilities, and Joe Orton of Red Hat for\nperforming the majority of the testing. \n\nReferences\n----------\n\nhttp://www.codenomicon.com/testtools/tls/\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20040317.txt\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0079"
      },
      {
        "db": "CERT/CC",
        "id": "VU#288574"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000086"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2004-0791"
      },
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "14567"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8509"
      },
      {
        "db": "PACKETSTORM",
        "id": "32887"
      },
      {
        "db": "PACKETSTORM",
        "id": "32886"
      }
    ],
    "trust": 3.96
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-8509",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-8509"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2004-0079",
        "trust": 4.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#288574",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "9899",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA04-078A",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "17398",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "18247",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "11139",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "17381",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "17401",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "15505",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1009458",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000086",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-124",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2004-0791",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "14567",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "13139",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "32886",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "32887",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-8509",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#288574"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2004-0791"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8509"
      },
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "14567"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000086"
      },
      {
        "db": "PACKETSTORM",
        "id": "32887"
      },
      {
        "db": "PACKETSTORM",
        "id": "32886"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-124"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0079"
      }
    ]
  },
  "id": "VAR-200411-0172",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-8509"
      }
    ],
    "trust": 0.52271296
  },
  "last_update_date": "2024-07-23T20:37:18.156000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl",
        "trust": 0.8,
        "url": "http://www.checkpoint.com/services/techsupport/alerts/openssl.html"
      },
      {
        "title": "cisco-sa-20040317-openssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
      },
      {
        "title": "HPSBMA01037",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c01007278"
      },
      {
        "title": "HPSBUX01019",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00944046"
      },
      {
        "title": "HPSBUX01011",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00897351"
      },
      {
        "title": "HPSBUX01019",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux01019.html"
      },
      {
        "title": "HPSBUX01011",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux01011.html"
      },
      {
        "title": "NetScreen Advisory 58466",
        "trust": 0.8,
        "url": "http://www.juniper.net/support/security/alerts/adv58466-2.txt"
      },
      {
        "title": "openssl096",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=155"
      },
      {
        "title": "AXSA-2005-129:1",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=210"
      },
      {
        "title": "NetBSD-SA2004-005",
        "trust": 0.8,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2004-005.txt.asc"
      },
      {
        "title": "016: RELIABILITY FIX: March 17, 2004",
        "trust": 0.8,
        "url": "http://www.openbsd.org/errata34.html#openssl"
      },
      {
        "title": "secadv_20040317",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20040317.txt"
      },
      {
        "title": "RHSA-2005:830",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2005-830.html"
      },
      {
        "title": "RHSA-2005:829",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2005-829.html"
      },
      {
        "title": "RHSA-2004:120",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2004-120.html"
      },
      {
        "title": "RHSA-2004:121",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2004-121.html"
      },
      {
        "title": "57524",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57524-1"
      },
      {
        "title": "57571",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57571-1"
      },
      {
        "title": "57571",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57571-3"
      },
      {
        "title": "57524",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57524-3"
      },
      {
        "title": "4 Apache Security Update 2.0.1",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng"
      },
      {
        "title": "19387",
        "trust": 0.8,
        "url": "http://kb.trendmicro.com/solutions/solutiondetail.asp?solutionid=19387"
      },
      {
        "title": "TLSA-2004-9",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2004/tlsa-2004-9.txt"
      },
      {
        "title": "OpenSSL \u306b\u95a2\u3059\u308b\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "http://www.checkpoint.co.jp/techsupport/alerts/openssl.html"
      },
      {
        "title": "RHSA-2004:120",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-120j.html"
      },
      {
        "title": "RHSA-2005:830",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2005-830j.html"
      },
      {
        "title": "RHSA-2005:829",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2005-829j.html"
      },
      {
        "title": "openssl \u306b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30db\u30fc\u30eb",
        "trust": 0.8,
        "url": "http://vinelinux.org/errata/25x/20040319-1.html"
      },
      {
        "title": "TLSA-2004-9",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2004/tlsa-2004-9j.txt"
      },
      {
        "title": "IPCOM\u30b7\u30ea\u30fc\u30ba\u306eOpenSSL\u8106\u5f31\u6027\u3078\u306e\u5bfe\u5fdc\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://primeserver.fujitsu.com/ipcom/support/security20040325/"
      },
      {
        "title": "[\u91cd\u8981] OpenSSL\u8106\u5f31\u6027\u3078\u306e\u5bfe\u5fdc\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://jp.fujitsu.com/support/security/backnumber/2004/0325/"
      },
      {
        "title": "224012",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/cert/niscc.html#224012-openssl"
      },
      {
        "title": "OpenSSL Repair measures for denial of service attack vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=169017"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000086"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-124"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0079"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://www.openssl.org/news/secadv_20040317.txt"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/9899"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta04-078a.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/288574"
      },
      {
        "trust": 2.5,
        "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
      },
      {
        "trust": 2.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
      },
      {
        "trust": 2.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2005-239.htm"
      },
      {
        "trust": 1.8,
        "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2005/aug/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2005//aug/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://docs.info.apple.com/article.html?artnum=61798"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2004/dsa-465"
      },
      {
        "trust": 1.7,
        "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
      },
      {
        "trust": 1.7,
        "url": "http://fedoranews.org/updates/fedora-2004-095.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/archives/fedora-announce-list/2005-october/msg00087.html"
      },
      {
        "trust": 1.7,
        "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2004:023"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2621"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5770"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a870"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a975"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9779"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2004-120.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2004-121.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2004-139.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2005-829.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2005-830.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/11139"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/17381"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/17398"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/17401"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/18247"
      },
      {
        "trust": 1.7,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
      },
      {
        "trust": 1.7,
        "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.trustix.org/errata/2004/0012"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
      },
      {
        "trust": 1.6,
        "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://support.lexmark.com/index?page=content\u0026id=te88\u0026locale=en\u0026userlocale=en_us"
      },
      {
        "trust": 1.6,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-04:05.openssl.asc"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2004-005.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.sco.com/pub/updates/openserver/scosa-2004.10/scosa-2004.10.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0079"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20040317-00389.xml"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/15505"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr041801.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr041201.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr041301.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr041701.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta04-078a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/niscc/niscc-224012/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta04-078a"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0079"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20040317-00389.pdf?lang=en"
      },
      {
        "trust": 0.8,
        "url": "http://www.securiteam.com/securitynews/5op0g20caa.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securitytracker.com/alerts/2004/mar/1009458.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/20040318_082932.html"
      },
      {
        "trust": 0.6,
        "url": "https://rhn.redhat.com/errata/rhsa-2004-119.html"
      },
      {
        "trust": 0.6,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57524"
      },
      {
        "trust": 0.3,
        "url": "http://www.4d.com/products/4dwsv.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/japple/css/japple?page=avaya.css.openpage\u0026temp.template.name=securityadvisory"
      },
      {
        "trust": 0.3,
        "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000827"
      },
      {
        "trust": 0.3,
        "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000834"
      },
      {
        "trust": 0.3,
        "url": "ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf1-readme.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1256"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1257"
      },
      {
        "trust": 0.3,
        "url": "http://www.netscreen.com/services/security/alerts/adv58466-signed.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/document/art/3123.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.checkpoint.com/techsupport/alerts/openssl.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-120.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-139.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2005-830.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com/support/knowledge/advisory_openssl_can-2004-0079.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/support/downloads/securityupdate_2004-04-05_(10_3_3).html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.securecomputing.com/pdf/52110relnotes.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57571"
      },
      {
        "trust": 0.3,
        "url": "http://www.tarantella.com/security/bulletin-10.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.adiscon.com/common/en/advisory/2004-03-18.asp"
      },
      {
        "trust": 0.3,
        "url": "http://www.litespeedtech.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/357672"
      },
      {
        "trust": 0.3,
        "url": "http://www.info.apple.com/usen/security/security_updates.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.suresec.org/advisories/adv5.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.peoplesoft.com:80/corp/en/support/security_index.jsp"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/395699"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0079"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0112"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=107953412903636\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000834"
      },
      {
        "trust": 0.1,
        "url": "http://support.lexmark.com/index?page=content\u0026amp;id=te88\u0026amp;locale=en\u0026amp;userlocale=en_us"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=108403806509920\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026amp;y=2004\u0026amp;m=slackware-security.455961"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/public/sw-license-agreement.html,"
      },
      {
        "trust": 0.1,
        "url": "https://ip_address_of_device/."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/univercd/cc/td/doc/cisintwk/."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/tacpage/sw-center."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/sec_incident_response.shtml."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/go/psirt."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/687/directory/dirtac.shtml"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml."
      },
      {
        "trust": 0.1,
        "url": "http://www.codenomicon.com/testtools/tls/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/source/mirror.html):"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0112"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0079"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#288574"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8509"
      },
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "14567"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000086"
      },
      {
        "db": "PACKETSTORM",
        "id": "32887"
      },
      {
        "db": "PACKETSTORM",
        "id": "32886"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-124"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0079"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#288574"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2004-0791"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8509"
      },
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "14567"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000086"
      },
      {
        "db": "PACKETSTORM",
        "id": "32887"
      },
      {
        "db": "PACKETSTORM",
        "id": "32886"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-124"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0079"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-03-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#288574"
      },
      {
        "date": "2004-03-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2004-0791"
      },
      {
        "date": "2004-11-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-8509"
      },
      {
        "date": "2004-03-17T00:00:00",
        "db": "BID",
        "id": "9899"
      },
      {
        "date": "2005-08-15T00:00:00",
        "db": "BID",
        "id": "14567"
      },
      {
        "date": "2005-04-12T00:00:00",
        "db": "BID",
        "id": "13139"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000086"
      },
      {
        "date": "2004-03-17T15:44:08",
        "db": "PACKETSTORM",
        "id": "32887"
      },
      {
        "date": "2004-03-17T14:36:13",
        "db": "PACKETSTORM",
        "id": "32886"
      },
      {
        "date": "2003-07-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200411-124"
      },
      {
        "date": "2004-11-23T05:00:00",
        "db": "NVD",
        "id": "CVE-2004-0079"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-03-26T00:00:00",
        "db": "CERT/CC",
        "id": "VU#288574"
      },
      {
        "date": "2004-03-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2004-0791"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-8509"
      },
      {
        "date": "2015-03-19T08:20:00",
        "db": "BID",
        "id": "9899"
      },
      {
        "date": "2006-05-05T23:10:00",
        "db": "BID",
        "id": "14567"
      },
      {
        "date": "2006-05-05T23:30:00",
        "db": "BID",
        "id": "13139"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000086"
      },
      {
        "date": "2021-11-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200411-124"
      },
      {
        "date": "2023-12-28T15:33:29.973000",
        "db": "NVD",
        "id": "CVE-2004-0079"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "14567"
      },
      {
        "db": "BID",
        "id": "13139"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL contains null-pointer assignment in do_change_cipher_spec() function",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#288574"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "14567"
      },
      {
        "db": "BID",
        "id": "13139"
      }
    ],
    "trust": 0.9
  }
}

var-200303-0118
Vulnerability from variot

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack.". SSL/TLS implementations that respond distinctively to an incorrect PKCS #1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application's private RSA key. OpenSSL In RSA Is used for the encryption algorithm, PKCS#1 Secret value shared across the session between the client and server due to inadequate version number handling in the process ) There is a vulnerability that leaks.There is a possibility of decrypting the encrypted communication content. A problem with OpenSSL may leak sensitive information. A user could abuse the response of vulnerable servers to act as an oracle. By sending a large number of adaptive attacks, the possibility exists for a remote user to create a choice of ciphertext encrypted with the private key of the server. OpenSSL Security Advisory [19 March 2003]

Klima-Pokorny-Rosa attack on RSA in SSL/TLS

Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa have come up with an extension of the "Bleichenbacher attack" on RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. Note that the server's RSA key is not compromised in this attack. OpenSSL releases up to 0.9.6i and 0.9.7a are vulnerable. The enclosed patch modifies SSL/TLS server behaviour to avoid the vulnerability.

Security Patch

The following patch can be applied to OpenSSL releases 0.9.6b up to 0.9.6i, 0.9.7, and 0.9.7a.

--- s3_srvr.c 29 Nov 2002 11:31:51 -0000 1.85.2.14 +++ s3_srvr.c 19 Mar 2003 18:00:00 -0000 @@ -1447,7 +1447,7 @@ if (i != SSL_MAX_MASTER_KEY_LENGTH) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); + / SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); / }

    if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))

@@ -1463,30 +1463,29 @@ (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); - goto f_err; + / SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); / + + / The Klima-Pokorny-Rosa extension of Bleichenbacher's attack + * (https://eprint.iacr.org/2003/052/) exploits the version + * number check as a "bad version oracle" -- an alert would + * reveal that the plaintext corresponding to some ciphertext + * made up by the adversary is properly formatted except + * that the version number is wrong. To avoid such attacks, + * we should treat this just like any other decryption error. / + p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-19"; } }

    if (al != -1)
        {

-#if 0 - goto f_err; -#else / Some decryption failure -- use random value instead as countermeasure * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding - * (see RFC 2246, section 7.4.7.1). - * But note that due to length and protocol version checking, the - * attack is impractical anyway (see section 5 in D. Bleichenbacher: - * "Chosen Ciphertext Attacks Against Protocols Based on the RSA - * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). - / + * (see RFC 2246, section 7.4.7.1). / ERR_clear_error(); i = SSL_MAX_MASTER_KEY_LENGTH; p[0] = s->client_version >> 8; p[1] = s->client_version & 0xff; RAND_pseudo_bytes(p+2, i-2); / should be RAND_bytes, but we cannot work around a failure */ -#endif }

    s->session->master_key_length=

References

Report "Attacking RSA-based Sessions in SSL/TLS" by V. Klima, O. Pokorny, and T. Rosa: https://eprint.iacr.org/2003/052/

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0131 to this issue. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131

URL for this Security Advisory: https://www.openssl.org/news/secadv_20030319.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200303-0118",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "conectiva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnu tls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "guardian digital",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ingrian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mirapoint",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sgi",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sorceror linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "wirex",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "esoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mod ssl",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.3"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0.2"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0.3"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0.4"
      },
      {
        "model": "cobalt raq4",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raq550",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raqxtr",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.5"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.00"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.20"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.22"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "8.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "9"
      },
      {
        "model": "cobalt raq xtr",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "cobalt raq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "550"
      },
      {
        "model": "cobalt raq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4"
      },
      {
        "model": "cobalt qube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.7"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.6"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "oracle9i application server .1s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "transport layer security library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "0.8.4"
      },
      {
        "model": "transport layer security library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "0.8.3"
      },
      {
        "model": "transport layer security library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "0.8.2"
      },
      {
        "model": "transport layer security library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "0.8.1"
      },
      {
        "model": "transport layer security library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "0.8.0"
      },
      {
        "model": "big-ip blade controller ptf-01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2.3"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "associates etrust security command center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "tru64 b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "5.1"
      },
      {
        "model": "tru64 a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "5.1"
      },
      {
        "model": "tru64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "5.1"
      },
      {
        "model": "tru64 a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "5.0"
      },
      {
        "model": "tru64 g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "4.0"
      },
      {
        "model": "tru64 f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "4.0"
      },
      {
        "model": "openvms vax",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.3"
      },
      {
        "model": "openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.3"
      },
      {
        "model": "openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.2.1"
      },
      {
        "model": "openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.2-2"
      },
      {
        "model": "openvms -1h2 alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.2"
      },
      {
        "model": "openvms -1h1 alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.2"
      },
      {
        "model": "openvms vax",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.2"
      },
      {
        "model": "openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.2"
      },
      {
        "model": "openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.1-2"
      },
      {
        "model": "openvms vax",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.1"
      },
      {
        "model": "openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.1"
      },
      {
        "model": "openvms vax",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "6.2"
      },
      {
        "model": "openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "6.2"
      },
      {
        "model": "openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "6.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "project openssl b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "hp-ux apache-based web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0.07.01"
      },
      {
        "model": "hp-ux apache-based web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0.03.01"
      },
      {
        "model": "apache-based web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.3.27.02"
      },
      {
        "model": "transport layer security library",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "0.8.5"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#888801"
      },
      {
        "db": "BID",
        "id": "7148"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000095"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0131"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-076"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0131"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Discovery credited to Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa.",
    "sources": [
      {
        "db": "BID",
        "id": "7148"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-076"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2003-0131",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2003-0131",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2003-0131",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#888801",
            "trust": 0.8,
            "value": "4.05"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200303-076",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#888801"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000095"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0131"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-076"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the \"Klima-Pokorny-Rosa attack.\". SSL/TLS implementations that respond distinctively to an incorrect PKCS #1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack.  An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application\u0027s private RSA key. OpenSSL In RSA Is used for the encryption algorithm, PKCS#1 Secret value shared across the session between the client and server due to inadequate version number handling in the process ) There is a vulnerability that leaks.There is a possibility of decrypting the encrypted communication content. A problem with OpenSSL may leak sensitive information.  A user could abuse the response of vulnerable servers to act as an oracle.  By sending a large number of adaptive attacks, the possibility exists for a remote user to create a choice of ciphertext encrypted with the private key of the server. OpenSSL Security Advisory [19 March 2003]\n\nKlima-Pokorny-Rosa attack on RSA in SSL/TLS\n===========================================\n\nCzech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa\nhave come up with an extension of the \"Bleichenbacher attack\" on RSA\nwith PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. \nNote that the server\u0027s RSA key is not compromised in this attack. \nOpenSSL releases up to 0.9.6i and 0.9.7a are vulnerable. The enclosed\npatch modifies SSL/TLS server behaviour to avoid the vulnerability. \n\n\nSecurity Patch\n--------------\n\nThe following patch can be applied to OpenSSL releases 0.9.6b up to 0.9.6i,\n0.9.7, and 0.9.7a. \n\n--- s3_srvr.c\t29 Nov 2002 11:31:51 -0000\t1.85.2.14\n+++ s3_srvr.c\t19 Mar 2003 18:00:00 -0000\n@@ -1447,7 +1447,7 @@\n \t\tif (i != SSL_MAX_MASTER_KEY_LENGTH)\n \t\t\t{\n \t\t\tal=SSL_AD_DECODE_ERROR;\n-\t\t\tSSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);\n+\t\t\t/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */\n \t\t\t}\n \n \t\tif ((al == -1) \u0026\u0026 !((p[0] == (s-\u003eclient_version\u003e\u003e8)) \u0026\u0026 (p[1] == (s-\u003eclient_version \u0026 0xff))))\n@@ -1463,30 +1463,29 @@\n \t\t\t\t(p[0] == (s-\u003eversion\u003e\u003e8)) \u0026\u0026 (p[1] == (s-\u003eversion \u0026 0xff))))\n \t\t\t\t{\n \t\t\t\tal=SSL_AD_DECODE_ERROR;\n-\t\t\t\tSSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);\n-\t\t\t\tgoto f_err;\n+\t\t\t\t/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */\n+\n+\t\t\t\t/* The Klima-Pokorny-Rosa extension of Bleichenbacher\u0027s attack\n+\t\t\t\t * (https://eprint.iacr.org/2003/052/) exploits the version\n+\t\t\t\t * number check as a \"bad version oracle\" -- an alert would\n+\t\t\t\t * reveal that the plaintext corresponding to some ciphertext\n+\t\t\t\t * made up by the adversary is properly formatted except\n+\t\t\t\t * that the version number is wrong.  To avoid such attacks,\n+\t\t\t\t * we should treat this just like any other decryption error. */\n+\t\t\t\tp[0] = (char)(int) \"CAN-2003-0131 patch 2003-03-19\";\n \t\t\t\t}\n \t\t\t}\n \n \t\tif (al != -1)\n \t\t\t{\n-#if 0\n-\t\t\tgoto f_err;\n-#else\n \t\t\t/* Some decryption failure -- use random value instead as countermeasure\n \t\t\t * against Bleichenbacher\u0027s attack on PKCS #1 v1.5 RSA padding\n-\t\t\t * (see RFC 2246, section 7.4.7.1). \n-\t\t\t * But note that due to length and protocol version checking, the\n-\t\t\t * attack is impractical anyway (see section 5 in D. Bleichenbacher:\n-\t\t\t * \"Chosen Ciphertext Attacks Against Protocols Based on the RSA\n-\t\t\t * Encryption Standard PKCS #1\", CRYPTO \u002798, LNCS 1462, pp. 1-12). \n-\t\t\t */\n+\t\t\t * (see RFC 2246, section 7.4.7.1). */\n \t\t\tERR_clear_error();\n \t\t\ti = SSL_MAX_MASTER_KEY_LENGTH;\n \t\t\tp[0] = s-\u003eclient_version \u003e\u003e 8;\n \t\t\tp[1] = s-\u003eclient_version \u0026 0xff;\n \t\t\tRAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */\n-#endif\n \t\t\t}\n \t\n \t\ts-\u003esession-\u003emaster_key_length=\n\n\nReferences\n----------\n\nReport \"Attacking RSA-based Sessions in SSL/TLS\" by V. Klima, O. Pokorny,\nand T. Rosa:\nhttps://eprint.iacr.org/2003/052/\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0131 to this issue. \nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20030319.txt\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0131"
      },
      {
        "db": "CERT/CC",
        "id": "VU#888801"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000095"
      },
      {
        "db": "BID",
        "id": "7148"
      },
      {
        "db": "PACKETSTORM",
        "id": "169675"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2003-0131",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "7148",
        "trust": 2.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#888801",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000095",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "11586",
        "trust": 0.6
      },
      {
        "db": "TRUSTIX",
        "id": "2003-0013",
        "trust": 0.6
      },
      {
        "db": "CALDERA",
        "id": "CSSA-2003-014.0",
        "trust": 0.6
      },
      {
        "db": "DEBIAN",
        "id": "DSA-288",
        "trust": 0.6
      },
      {
        "db": "SGI",
        "id": "20030501-01-I",
        "trust": 0.6
      },
      {
        "db": "NETBSD",
        "id": "NETBSD-SA2003-007",
        "trust": 0.6
      },
      {
        "db": "OPENPKG",
        "id": "OPENPKG-SA-2003.026",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20030327 IMMUNIX SECURED OS 7+ OPENSSL UPDATE",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20030319 [OPENSSL ADVISORY] KLIMA-POKORNY-ROSA ATTACK ON PKCS #1 V1.5 PADDING",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20030324 GLSA: OPENSSL (200303-20)",
        "trust": 0.6
      },
      {
        "db": "MANDRAKE",
        "id": "MDKSA-2003:035",
        "trust": 0.6
      },
      {
        "db": "SUSE",
        "id": "SUSE-SA:2003:024",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:461",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2003:102",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2003:101",
        "trust": 0.6
      },
      {
        "db": "GENTOO",
        "id": "GLSA-200303-20",
        "trust": 0.6
      },
      {
        "db": "CONECTIVA",
        "id": "CLA-2003:625",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-076",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "169675",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#888801"
      },
      {
        "db": "BID",
        "id": "7148"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000095"
      },
      {
        "db": "PACKETSTORM",
        "id": "169675"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0131"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-076"
      }
    ]
  },
  "id": "VAR-200303-0118",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.4615448
  },
  "last_update_date": "2023-12-18T12:40:39.190000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBUX0304-255",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0304-255"
      },
      {
        "title": "HPSBUX0304-255",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0304-255.html"
      },
      {
        "title": "secadv_20030319",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20030319.txt"
      },
      {
        "title": "RHSA-2003:101",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2003-101.html"
      },
      {
        "title": "4 Apache \u0026amp; SSL Security 2.0.1",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng\u0026amp;nav=patchpage"
      },
      {
        "title": "XTR Apache \u0026amp; SSL Security 1.0.1",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng\u0026amp;nav=patchpage"
      },
      {
        "title": "550 Apache \u0026amp; SSL Security 0.0.1",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng\u0026amp;nav=patchpage"
      },
      {
        "title": "TLSA-2003-22",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2003/tlsa-2003-22.txt"
      },
      {
        "title": "#62",
        "trust": 0.8,
        "url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
      },
      {
        "title": "RHSA-2003:101",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-101j.html"
      },
      {
        "title": "TLSA-2003-22",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-22j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000095"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0131"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://eprint.iacr.org/2003/052/"
      },
      {
        "trust": 2.5,
        "url": "http://www.openssl.org/news/secadv_20030319.txt"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/7148"
      },
      {
        "trust": 1.6,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2003-007.txt.asc"
      },
      {
        "trust": 1.6,
        "url": "ftp://ftp.sco.com/pub/security/openlinux/cssa-2003-014.0.txt"
      },
      {
        "trust": 1.6,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-i"
      },
      {
        "trust": 1.6,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000625"
      },
      {
        "trust": 1.6,
        "url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2003/dsa-288"
      },
      {
        "trust": 1.6,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml"
      },
      {
        "trust": 1.6,
        "url": "http://www.kb.cert.org/vuls/id/888801"
      },
      {
        "trust": 1.6,
        "url": "http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2003:035"
      },
      {
        "trust": 1.6,
        "url": "http://www.openpkg.org/security/openpkg-sa-2003.026-openssl.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.redhat.com/support/errata/rhsa-2003-101.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.redhat.com/support/errata/rhsa-2003-102.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=104811162730834\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=104852637112330\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=104878215721135\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11586"
      },
      {
        "trust": 1.0,
        "url": "https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.html"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a461"
      },
      {
        "trust": 0.8,
        "url": "http://www.i.cz/en/onas/tisk7.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.i.cz/en/onas/tisk8.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc2246.txt"
      },
      {
        "trust": 0.8,
        "url": "http://link.springer.de/link/service/series/0558/papers/1462/14620001.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/pkcs1/qa.html"
      },
      {
        "trust": 0.8,
        "url": "ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf"
      },
      {
        "trust": 0.8,
        "url": "ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc"
      },
      {
        "trust": 0.8,
        "url": "ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1.asc"
      },
      {
        "trust": 0.8,
        "url": "ftp://ftp.rsasecurity.com/pub/pdfs/bulletn7.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc2408.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc2409.txt"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0131"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0131"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104811162730834\u0026w=2"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/11586"
      },
      {
        "trust": 0.6,
        "url": "http://www.novell.com/linux/security/advisories/2003_024_openssl.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.suse.de/de/security/2003_024_openssl.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104878215721135\u0026w=2"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104852637112330\u0026w=2"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:461"
      },
      {
        "trust": 0.3,
        "url": "http://www.info.apple.com/usen/security/security_updates.html"
      },
      {
        "trust": 0.3,
        "url": "http://metalink.oracle.com"
      },
      {
        "trust": 0.3,
        "url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/315632"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/315884"
      },
      {
        "trust": 0.1,
        "url": "https://eprint.iacr.org/2003/052/)"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0131"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0131"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#888801"
      },
      {
        "db": "BID",
        "id": "7148"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000095"
      },
      {
        "db": "PACKETSTORM",
        "id": "169675"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0131"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-076"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#888801"
      },
      {
        "db": "BID",
        "id": "7148"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000095"
      },
      {
        "db": "PACKETSTORM",
        "id": "169675"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0131"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-076"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-04-23T00:00:00",
        "db": "CERT/CC",
        "id": "VU#888801"
      },
      {
        "date": "2003-03-19T00:00:00",
        "db": "BID",
        "id": "7148"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000095"
      },
      {
        "date": "2003-03-19T12:12:12",
        "db": "PACKETSTORM",
        "id": "169675"
      },
      {
        "date": "2003-03-24T05:00:00",
        "db": "NVD",
        "id": "CVE-2003-0131"
      },
      {
        "date": "2003-03-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200303-076"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-08-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#888801"
      },
      {
        "date": "2009-07-11T21:06:00",
        "db": "BID",
        "id": "7148"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000095"
      },
      {
        "date": "2018-10-19T15:29:23.713000",
        "db": "NVD",
        "id": "CVE-2003-0131"
      },
      {
        "date": "2005-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200303-076"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-076"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#888801"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "7148"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-076"
      }
    ],
    "trust": 0.9
  }
}

var-202103-1463
Vulnerability from variot

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an malicious user to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/

Security:

  • fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321)

  • fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322)

  • nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)

  • redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)

  • redis: Integer overflow via COPY command for large intsets (CVE-2021-29478)

  • nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)

  • nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)

  • golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing

  • -u- extension (CVE-2020-28851)

  • golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)

  • nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)

  • oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)

  • redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)

  • nodejs-lodash: command injection via template (CVE-2021-23337)

  • nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362)

  • browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)

  • nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)

  • nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)

  • nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)

  • nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)

  • openssl: integer overflow in CipherUpdate (CVE-2021-23840)

  • openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)

  • nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)

  • grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358)

  • nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)

  • nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)

  • ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)

  • normalize-url: ReDoS for data URLs (CVE-2021-33502)

  • nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)

  • nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)

  • html-parse-stringify: Regular Expression DoS (CVE-2021-23346)

  • openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)

For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.

Bugs:

  • RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444)

  • cluster became offline after apiserver health check (BZ# 1942589)

  • Bugs fixed (https://bugzilla.redhat.com/):

1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters

Bug fix:

  • RHACM 2.0.10 images (BZ #1940452)

  • Bugs fixed (https://bugzilla.redhat.com/):

1940452 - RHACM 2.0.10 images 1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: OpenShift Container Platform 4.10.3 security update Advisory ID: RHSA-2022:0056-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0056 Issue date: 2022-03-10 CVE Names: CVE-2014-3577 CVE-2016-10228 CVE-2017-14502 CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9169 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 CVE-2019-19906 CVE-2019-20454 CVE-2019-20807 CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 CVE-2020-25660 CVE-2020-25677 CVE-2020-27618 CVE-2020-27781 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2021-3121 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 CVE-2021-3733 CVE-2021-3749 CVE-2021-20305 CVE-2021-21684 CVE-2021-22946 CVE-2021-22947 CVE-2021-25215 CVE-2021-27218 CVE-2021-30666 CVE-2021-30761 CVE-2021-30762 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 CVE-2021-36222 CVE-2021-37750 CVE-2021-39226 CVE-2021-41190 CVE-2021-43813 CVE-2021-44716 CVE-2021-44717 CVE-2022-0532 CVE-2022-21673 CVE-2022-24407 =====================================================================

  1. Summary:

Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.3. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2022:0055

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

Security Fix(es):

  • gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
  • grafana: Snapshot authentication bypass (CVE-2021-39226)
  • golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
  • nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
  • golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
  • grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
  • grafana: directory traversal vulnerability (CVE-2021-43813)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-x86_64

The image digest is sha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-s390x

The image digest is sha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le

The image digest is sha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c

All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

  1. Solution:

For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for moderate instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

  1. Bugs fixed (https://bugzilla.redhat.com/):

1808240 - Always return metrics value for pods under the user's namespace 1815189 - feature flagged UI does not always become available after operator installation 1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters 1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly 1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal 1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered 1878925 - 'oc adm upgrade --to ...' rejects versions which occur only in history, while the cluster-version operator supports history fallback 1880738 - origin e2e test deletes original worker 1882983 - oVirt csi driver should refuse to provision RWX and ROX PV 1886450 - Keepalived router id check not documented for RHV/VMware IPI 1889488 - The metrics endpoint for the Scheduler is not protected by RBAC 1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom 1896474 - Path based routing is broken for some combinations 1897431 - CIDR support for additional network attachment with the bridge CNI plug-in 1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes 1907433 - Excessive logging in image operator 1909906 - The router fails with PANIC error when stats port already in use 1911173 - [MSTR-998] Many charts' legend names show {{}} instead of words 1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting. 1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true) 1917893 - [ovirt] install fails: due to terraform error "Cannot attach Virtual Disk: Disk is locked" on vm resource 1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1926522 - oc adm catalog does not clean temporary files 1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes. 1928141 - kube-storage-version-migrator constantly reporting type "Upgradeable" status Unknown 1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it's storageclass is not yet finished, confusing users 1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x 1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade 1937085 - RHV UPI inventory playbook missing guarantee_memory 1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion 1938236 - vsphere-problem-detector does not support overriding log levels via storage CR 1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods 1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer 1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s] 1942913 - ThanosSidecarUnhealthy isn't resilient to WAL replays. 1943363 - [ovn] CNO should gracefully terminate ovn-northd 1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17 1948080 - authentication should not set Available=False APIServices_Error with 503s 1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set 1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0 1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer 1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs 1953264 - "remote error: tls: bad certificate" logs in prometheus-operator container 1955300 - Machine config operator reports unavailable for 23m during upgrade 1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set 1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set 1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters 1956496 - Needs SR-IOV Docs Upstream 1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret 1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid 1956964 - upload a boot-source to OpenShift virtualization using the console 1957547 - [RFE]VM name is not auto filled in dev console 1958349 - ovn-controller doesn't release the memory after cluster-density run 1959352 - [scale] failed to get pod annotation: timed out waiting for annotations 1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not 1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial] 1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects 1961391 - String updates 1961509 - DHCP daemon pod should have CPU and memory requests set but not limits 1962066 - Edit machine/machineset specs not working 1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent 1963053 - oc whoami --show-console should show the web console URL, not the server api URL 1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters 1964327 - Support containers with name:tag@digest 1964789 - Send keys and disconnect does not work for VNC console 1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7 1966445 - Unmasking a service doesn't work if it masked using MCO 1966477 - Use GA version in KAS/OAS/OauthAS to avoid: "audit.k8s.io/v1beta1" is deprecated and will be removed in a future release, use "audit.k8s.io/v1" instead 1966521 - kube-proxy's userspace implementation consumes excessive CPU 1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up 1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount 1970218 - MCO writes incorrect file contents if compression field is specified 1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel] 1970805 - Cannot create build when docker image url contains dir structure 1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io 1972827 - image registry does not remain available during upgrade 1972962 - Should set the minimum value for the --max-icsp-size flag of oc adm catalog mirror 1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run 1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established 1976301 - [ci] e2e-azure-upi is permafailing 1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change. 1976674 - CCO didn't set Upgradeable to False when cco mode is configured to Manual on azure platform 1976894 - Unidling a StatefulSet does not work as expected 1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases 1977414 - Build Config timed out waiting for condition 400: Bad Request 1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus 1978528 - systemd-coredump started and failed intermittently for unknown reasons 1978581 - machine-config-operator: remove runlevel from mco namespace 1979562 - Cluster operators: don't show messages when neither progressing, degraded or unavailable 1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9 1979966 - OCP builds always fail when run on RHEL7 nodes 1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading 1981549 - Machine-config daemon does not recover from broken Proxy configuration 1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel] 1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues 1982063 - 'Control Plane' is not translated in Simplified Chinese language in Home->Overview page 1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands 1982662 - Workloads - DaemonSets - Add storage: i18n misses 1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE "/secrets/encryption-config" on single node clusters 1983758 - upgrades are failing on disruptive tests 1983964 - Need Device plugin configuration for the NIC "needVhostNet" & "isRdma" 1984592 - global pull secret not working in OCP4.7.4+ for additional private registries 1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs 1985486 - Cluster Proxy not used during installation on OSP with Kuryr 1985724 - VM Details Page missing translations 1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted 1985933 - Downstream image registry recommendation 1985965 - oVirt CSI driver does not report volume stats 1986216 - [scale] SNO: Slow Pod recovery due to "timed out waiting for OVS port binding" 1986237 - "MachineNotYetDeleted" in Pending state , alert not fired 1986239 - crictl create fails with "PID namespace requested, but sandbox infra container invalid" 1986302 - console continues to fetch prometheus alert and silences for normal user 1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI 1986338 - error creating list of resources in Import YAML 1986502 - yaml multi file dnd duplicates previous dragged files 1986819 - fix string typos for hot-plug disks 1987044 - [OCPV48] Shutoff VM is being shown as "Starting" in WebUI when using spec.runStrategy Manual/RerunOnFailure 1987136 - Declare operatorframework.io/arch. labels for all operators 1987257 - Go-http-client user-agent being used for oc adm mirror requests 1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold 1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP 1988406 - SSH key dropped when selecting "Customize virtual machine" in UI 1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade 1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with "Unable to connect to the server" 1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs 1989438 - expected replicas is wrong 1989502 - Developer Catalog is disappearing after short time 1989843 - 'More' and 'Show Less' functions are not translated on several page 1990014 - oc debug does not work for Windows pods 1990190 - e2e testing failed with basic manifest: reason/ExternalProvisioning waiting for a volume to be created 1990193 - 'more' and 'Show Less' is not being translated on Home -> Search page 1990255 - Partial or all of the Nodes/StorageClasses don't appear back on UI after text is removed from search bar 1990489 - etcdHighNumberOfFailedGRPCRequests fires only on metal env in CI 1990506 - Missing udev rules in initramfs for /dev/disk/by-id/scsi- symlinks 1990556 - get-resources.sh doesn't honor the no_proxy settings even with no_proxy var 1990625 - Ironic agent registers with SLAAC address with privacy-stable 1990635 - CVO does not recognize the channel change if desired version and channel changed at the same time 1991067 - github.com can not be resolved inside pods where cluster is running on openstack. 1991573 - Enable typescript strictNullCheck on network-policies files 1991641 - Baremetal Cluster Operator still Available After Delete Provisioning 1991770 - The logLevel and operatorLogLevel values do not work with Cloud Credential Operator 1991819 - Misspelled word "ocurred" in oc inspect cmd 1991942 - Alignment and spacing fixes 1992414 - Two rootdisks show on storage step if 'This is a CD-ROM boot source' is checked 1992453 - The configMap failed to save on VM environment tab 1992466 - The button 'Save' and 'Reload' are not translated on vm environment tab 1992475 - The button 'Open console in New Window' and 'Disconnect' are not translated on vm console tab 1992509 - Could not customize boot source due to source PVC not found 1992541 - all the alert rules' annotations "summary" and "description" should comply with the OpenShift alerting guidelines 1992580 - storageProfile should stay with the same value by check/uncheck the apply button 1992592 - list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply 1992777 - [IBMCLOUD] Default "ibm_iam_authorization_policy" is not working as expected in all scenarios 1993364 - cluster destruction fails to remove router in BYON with Kuryr as primary network (even after BZ 1940159 got fixed) 1993376 - periodic-ci-openshift-release-master-ci-4.6-upgrade-from-stable-4.5-e2e-azure-upgrade is permfailing 1994094 - Some hardcodes are detected at the code level in OpenShift console components 1994142 - Missing required cloud config fields for IBM Cloud 1994733 - MetalLB: IP address is not assigned to service if there is duplicate IP address in two address pools 1995021 - resolv.conf and corefile sync slows down/stops after keepalived container restart 1995335 - [SCALE] ovnkube CNI: remove ovs flows check 1995493 - Add Secret to workload button and Actions button are not aligned on secret details page 1995531 - Create RDO-based Ironic image to be promoted to OKD 1995545 - Project drop-down amalgamates inside main screen while creating storage system for odf-operator 1995887 - [OVN]After reboot egress node, lr-policy-list was not correct, some duplicate records or missed internal IPs 1995924 - CMO should report Upgradeable: false when HA workload is incorrectly spread 1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole 1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN 1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down 1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page 1996647 - Provide more useful degraded message in auth operator on DNS errors 1996736 - Large number of 501 lr-policies in INCI2 env 1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes 1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP 1996928 - Enable default operator indexes on ARM 1997028 - prometheus-operator update removes env var support for thanos-sidecar 1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used 1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller. 1997245 - "Subscription already exists in openshift-storage namespace" error message is seen while installing odf-operator via UI 1997269 - Have to refresh console to install kube-descheduler 1997478 - Storage operator is not available after reboot cluster instances 1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 1997967 - storageClass is not reserved from default wizard to customize wizard 1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order 1998038 - [e2e][automation] add tests for UI for VM disk hot-plug 1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus 1998174 - Create storageclass gp3-csi after install ocp cluster on aws 1998183 - "r: Bad Gateway" info is improper 1998235 - Firefox warning: Cookie “csrf-token” will be soon rejected 1998377 - Filesystem table head is not full displayed in disk tab 1998378 - Virtual Machine is 'Not available' in Home -> Overview -> Cluster inventory 1998519 - Add fstype when create localvolumeset instance on web console 1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses 1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page 1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable 1999091 - Console update toast notification can appear multiple times 1999133 - removing and recreating static pod manifest leaves pod in error state 1999246 - .indexignore is not ingore when oc command load dc configuration 1999250 - ArgoCD in GitOps operator can't manage namespaces 1999255 - ovnkube-node always crashes out the first time it starts 1999261 - ovnkube-node log spam (and security token leak?) 1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -> Operator Installation page 1999314 - console-operator is slow to mark Degraded as False once console starts working 1999425 - kube-apiserver with "[SHOULD NOT HAPPEN] failed to update managedFields" err="failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck) 1999556 - "master" pool should be updated before the CVO reports available at the new version occurred 1999578 - AWS EFS CSI tests are constantly failing 1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages 1999619 - cloudinit is malformatted if a user sets a password during VM creation flow 1999621 - Empty ssh_authorized_keys entry is added to VM's cloudinit if created from a customize flow 1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined 1999668 - openshift-install destroy cluster panic's when given invalid credentials to cloud provider (Azure Stack Hub) 1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource 1999771 - revert "force cert rotation every couple days for development" in 4.10 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 1999796 - Openshift Console Helm tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace. 1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions 1999903 - Click "This is a CD-ROM boot source" ticking "Use template size PVC" on pvc upload form 1999983 - No way to clear upload error from template boot source 2000081 - [IPI baremetal] The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter 2000096 - Git URL is not re-validated on edit build-config form reload 2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig 2000236 - Confusing usage message from dynkeepalived CLI 2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported 2000430 - bump cluster-api-provider-ovirt version in installer 2000450 - 4.10: Enable static PV multi-az test 2000490 - All critical alerts shipped by CMO should have links to a runbook 2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded) 2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster 2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled 2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console 2000754 - IPerf2 tests should be lower 2000846 - Structure logs in the entire codebase of Local Storage Operator 2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24 2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM 2000938 - CVO does not respect changes to a Deployment strategy 2000963 - 'Inline-volume (default fs)] volumes should store data' tests are failing on OKD with updated selinux-policy 2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don't have snapshot and should be fullClone 2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole 2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api 2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error 2001337 - Details Card in ODF Dashboard mentions OCS 2001339 - fix text content hotplug 2001413 - [e2e][automation] add/delete nic and disk to template 2001441 - Test: oc adm must-gather runs successfully for audit logs - fail due to startup log 2001442 - Empty termination.log file for the kube-apiserver has too permissive mode 2001479 - IBM Cloud DNS unable to create/update records 2001566 - Enable alerts for prometheus operator in UWM 2001575 - Clicking on the perspective switcher shows a white page with loader 2001577 - Quick search placeholder is not displayed properly when the search string is removed 2001578 - [e2e][automation] add tests for vm dashboard tab 2001605 - PVs remain in Released state for a long time after the claim is deleted 2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options 2001620 - Cluster becomes degraded if it can't talk to Manila 2001760 - While creating 'Backing Store', 'Bucket Class', 'Namespace Store' user is navigated to 'Installed Operators' page after clicking on ODF 2001761 - Unable to apply cluster operator storage for SNO on GCP platform. 2001765 - Some error message in the log of diskmaker-manager caused confusion 2001784 - show loading page before final results instead of showing a transient message No log files exist 2001804 - Reload feature on Environment section in Build Config form does not work properly 2001810 - cluster admin unable to view BuildConfigs in all namespaces 2001817 - Failed to load RoleBindings list that will lead to ‘Role name’ is not able to be selected on Create RoleBinding page as well 2001823 - OCM controller must update operator status 2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start 2001835 - Could not select image tag version when create app from dev console 2001855 - Add capacity is disabled for ocs-storagecluster 2001856 - Repeating event: MissingVersion no image found for operand pod 2001959 - Side nav list borders don't extend to edges of container 2002007 - Layout issue on "Something went wrong" page 2002010 - ovn-kube may never attempt to retry a pod creation 2002012 - Cannot change volume mode when cloning a VM from a template 2002027 - Two instances of Dotnet helm chart show as one in topology 2002075 - opm render does not automatically pulling in the image(s) used in the deployments 2002121 - [OVN] upgrades failed for IPI OSP16 OVN IPSec cluster 2002125 - Network policy details page heading should be updated to Network Policy details 2002133 - [e2e][automation] add support/virtualization and improve deleteResource 2002134 - [e2e][automation] add test to verify vm details tab 2002215 - Multipath day1 not working on s390x 2002238 - Image stream tag is not persisted when switching from yaml to form editor 2002262 - [vSphere] Incorrect user agent in vCenter sessions list 2002266 - SinkBinding create form doesn't allow to use subject name, instead of label selector 2002276 - OLM fails to upgrade operators immediately 2002300 - Altering the Schedule Profile configurations doesn't affect the placement of the pods 2002354 - Missing DU configuration "Done" status reporting during ZTP flow 2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn't use commonjs 2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation 2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN 2002397 - Resources search is inconsistent 2002434 - CRI-O leaks some children PIDs 2002443 - Getting undefined error on create local volume set page 2002461 - DNS operator performs spurious updates in response to API's defaulting of service's internalTrafficPolicy 2002504 - When the openshift-cluster-storage-operator is degraded because of "VSphereProblemDetectorController_SyncError", the insights operator is not sending the logs from all pods. 2002559 - User preference for topology list view does not follow when a new namespace is created 2002567 - Upstream SR-IOV worker doc has broken links 2002588 - Change text to be sentence case to align with PF 2002657 - ovn-kube egress IP monitoring is using a random port over the node network 2002713 - CNO: OVN logs should have millisecond resolution 2002748 - [ICNI2] 'ErrorAddingLogicalPort' failed to handle external GW check: timeout waiting for namespace event 2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite 2002763 - Two storage systems getting created with external mode RHCS 2002808 - KCM does not use web identity credentials 2002834 - Cluster-version operator does not remove unrecognized volume mounts 2002896 - Incorrect result return when user filter data by name on search page 2002950 - Why spec.containers.command is not created with "oc create deploymentconfig --image= -- " 2003096 - [e2e][automation] check bootsource URL is displaying on review step 2003113 - OpenShift Baremetal IPI installer uses first three defined nodes under hosts in install-config for master nodes instead of filtering the hosts with the master role 2003120 - CI: Uncaught error with ResizeObserver on operand details page 2003145 - Duplicate operand tab titles causes "two children with the same key" warning 2003164 - OLM, fatal error: concurrent map writes 2003178 - [FLAKE][knative] The UI doesn't show updated traffic distribution after accepting the form 2003193 - Kubelet/crio leaks netns and veth ports in the host 2003195 - OVN CNI should ensure host veths are removed 2003204 - Jenkins all new container images (openshift4/ose-jenkins) not supporting '-e JENKINS_PASSWORD=password' ENV which was working for old container images 2003206 - Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace 2003239 - "[sig-builds][Feature:Builds][Slow] can use private repositories as build input" tests fail outside of CI 2003244 - Revert libovsdb client code 2003251 - Patternfly components with list element has list item bullet when they should not. 2003252 - "[sig-builds][Feature:Builds][Slow] starting a build using CLI start-build test context override environment BUILD_LOGLEVEL in buildconfig" tests do not work as expected outside of CI 2003269 - Rejected pods should be filtered from admission regression 2003357 - QE- Removing the epic tags for gherkin tags related to 4.9 Release 2003426 - [e2e][automation] add test for vm details bootorder 2003496 - [e2e][automation] add test for vm resources requirment settings 2003641 - All metal ipi jobs are failing in 4.10 2003651 - ODF4.9+LSO4.8 installation via UI, StorageCluster move to error state 2003655 - [IPI ON-PREM] Keepalived chk_default_ingress track script failed even though default router pod runs on node 2003683 - Samples operator is panicking in CI 2003711 - [UI] Empty file ceph-external-cluster-details-exporter.py downloaded from external cluster "Connection Details" page 2003715 - Error on creating local volume set after selection of the volume mode 2003743 - Remove workaround keeping /boot RW for kdump support 2003775 - etcd pod on CrashLoopBackOff after master replacement procedure 2003788 - CSR reconciler report error constantly when BYOH CSR approved by other Approver 2003792 - Monitoring metrics query graph flyover panel is useless 2003808 - Add Sprint 207 translations 2003845 - Project admin cannot access image vulnerabilities view 2003859 - sdn emits events with garbage messages 2003896 - (release-4.10) ApiRequestCounts conditional gatherer 2004009 - 4.10: Fix multi-az zone scheduling e2e for 5 control plane replicas 2004051 - CMO can report as being Degraded while node-exporter is deployed on all nodes 2004059 - [e2e][automation] fix current tests for downstream 2004060 - Trying to use basic spring boot sample causes crash on Firefox 2004101 - [UI] When creating storageSystem deployment type dropdown under advanced setting doesn't close after selection 2004127 - [flake] openshift-controller-manager event reason/SuccessfulDelete occurs too frequently 2004203 - build config's created prior to 4.8 with image change triggers can result in trigger storm in OCM/openshift-apiserver 2004313 - [RHOCP 4.9.0-rc.0] Failing to deploy Azure cluster from the macOS installer - ignition_bootstrap.ign: no such file or directory 2004449 - Boot option recovery menu prevents image boot 2004451 - The backup filename displayed in the RecentBackup message is incorrect 2004459 - QE - Modified the AddFlow gherkin scripts and automation scripts 2004508 - TuneD issues with the recent ConfigParser changes. 2004510 - openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions 2004542 - [osp][octavia lb] cannot create LoadBalancer type svcs 2004578 - Monitoring and node labels missing for an external storage platform 2004585 - prometheus-k8s-0 cpu usage keeps increasing for the first 3 days 2004596 - [4.10] Bootimage bump tracker 2004597 - Duplicate ramdisk log containers running 2004600 - Duplicate ramdisk log containers running 2004609 - output of "crictl inspectp" is not complete 2004625 - BMC credentials could be logged if they change 2004632 - When LE takes a large amount of time, multiple whereabouts are seen 2004721 - ptp/worker custom threshold doesn't change ptp events threshold 2004736 - [knative] Create button on new Broker form is inactive despite form being filled 2004796 - [e2e][automation] add test for vm scheduling policy 2004814 - (release-4.10) OCM controller - change type of the etc-pki-entitlement secret to opaque 2004870 - [External Mode] Insufficient spacing along y-axis in RGW Latency Performance Card 2004901 - [e2e][automation] improve kubevirt devconsole tests 2004962 - Console frontend job consuming too much CPU in CI 2005014 - state of ODF StorageSystem is misreported during installation or uninstallation 2005052 - Adding a MachineSet selector matchLabel causes orphaned Machines 2005179 - pods status filter is not taking effect 2005182 - sync list of deprecated apis about to be removed 2005282 - Storage cluster name is given as title in StorageSystem details page 2005355 - setuptools 58 makes Kuryr CI fail 2005407 - ClusterNotUpgradeable Alert should be set to Severity Info 2005415 - PTP operator with sidecar api configured throws bind: address already in use 2005507 - SNO spoke cluster failing to reach coreos.live.rootfs_url is missing url in console 2005554 - The switch status of the button "Show default project" is not revealed correctly in code 2005581 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable 2005761 - QE - Implementing crw-basic feature file 2005783 - Fix accessibility issues in the "Internal" and "Internal - Attached Mode" Installation Flow 2005811 - vSphere Problem Detector operator - ServerFaultCode: InvalidProperty 2005854 - SSH NodePort service is created for each VM 2005901 - KS, KCM and KA going Degraded during master nodes upgrade 2005902 - Current UI flow for MCG only deployment is confusing and doesn't reciprocate any message to the end-user 2005926 - PTP operator NodeOutOfPTPSync rule is using max offset from the master instead of openshift_ptp_clock_state metrics 2005971 - Change telemeter to report the Application Services product usage metrics 2005997 - SELinux domain container_logreader_t does not have a policy to follow sym links for log files 2006025 - Description to use an existing StorageClass while creating StorageSystem needs to be re-phrased 2006060 - ocs-storagecluster-storagesystem details are missing on UI for MCG Only and MCG only in LSO mode deployment types 2006101 - Power off fails for drivers that don't support Soft power off 2006243 - Metal IPI upgrade jobs are running out of disk space 2006291 - bootstrapProvisioningIP set incorrectly when provisioningNetworkCIDR doesn't use the 0th address 2006308 - Backing Store YAML tab on click displays a blank screen on UI 2006325 - Multicast is broken across nodes 2006329 - Console only allows Web Terminal Operator to be installed in OpenShift Operators 2006364 - IBM Cloud: Set resourceGroupId for resourceGroups, not simply resource 2006561 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't have failing rules evaluation [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2006690 - OS boot failure "x64 Exception Type 06 - Invalid Opcode Exception" 2006714 - add retry for etcd errors in kube-apiserver 2006767 - KubePodCrashLooping may not fire 2006803 - Set CoreDNS cache entries for forwarded zones 2006861 - Add Sprint 207 part 2 translations 2006945 - race condition can cause crashlooping bootstrap kube-apiserver in cluster-bootstrap 2006947 - e2e-aws-proxy for 4.10 is permafailing with samples operator errors 2006975 - clusteroperator/etcd status condition should not change reasons frequently due to EtcdEndpointsDegraded 2007085 - Intermittent failure mounting /run/media/iso when booting live ISO from USB stick 2007136 - Creation of BackingStore, BucketClass, NamespaceStore fails 2007271 - CI Integration for Knative test cases 2007289 - kubevirt tests are failing in CI 2007322 - Devfile/Dockerfile import does not work for unsupported git host 2007328 - Updated patternfly to v4.125.3 and pf.quickstarts to v1.2.3. 2007379 - Events are not generated for master offset for ordinary clock 2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace 2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address 2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error 2007522 - No new local-storage-operator-metadata-container is build for 4.10 2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10 2007580 - Azure cilium installs are failing e2e tests 2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10 2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes 2007692 - 4.9 "old-rhcos" jobs are permafailing with storage test failures 2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow 2007757 - must-gather extracts imagestreams in the "openshift" namespace, but not Templates 2007802 - AWS machine actuator get stuck if machine is completely missing 2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator 2008119 - The serviceAccountIssuer field on Authentication CR is reseted to “” when installation process 2008151 - Topology breaks on clicking in empty state 2008185 - Console operator go.mod should use go 1.16.version 2008201 - openstack-az job is failing on haproxy idle test 2008207 - vsphere CSI driver doesn't set resource limits 2008223 - gather_audit_logs: fix oc command line to get the current audit profile 2008235 - The Save button in the Edit DC form remains disabled 2008256 - Update Internationalization README with scope info 2008321 - Add correct documentation link for MON_DISK_LOW 2008462 - Disable PodSecurity feature gate for 4.10 2008490 - Backing store details page does not contain all the kebab actions. 2008521 - gcp-hostname service should correct invalid search entries in resolv.conf 2008532 - CreateContainerConfigError:: failed to prepare subPath for volumeMount 2008539 - Registry doesn't fall back to secondary ImageContentSourcePolicy Mirror 2008540 - HighlyAvailableWorkloadIncorrectlySpread always fires on upgrade on cluster with two workers 2008599 - Azure Stack UPI does not have Internal Load Balancer 2008612 - Plugin asset proxy does not pass through browser cache headers 2008712 - VPA webhook timeout prevents all pods from starting 2008733 - kube-scheduler: exposed /debug/pprof port 2008911 - Prometheus repeatedly scaling prometheus-operator replica set 2008926 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial] 2008987 - OpenShift SDN Hosted Egress IP's are not being scheduled to nodes after upgrade to 4.8.12 2009055 - Instances of OCS to be replaced with ODF on UI 2009078 - NetworkPodsCrashLooping alerts in upgrade CI jobs 2009083 - opm blocks pruning of existing bundles during add 2009111 - [IPI-on-GCP] 'Install a cluster with nested virtualization enabled' failed due to unable to launch compute instances 2009131 - [e2e][automation] add more test about vmi 2009148 - [e2e][automation] test vm nic presets and options 2009233 - ACM policy object generated by PolicyGen conflicting with OLM Operator 2009253 - [BM] [IPI] [DualStack] apiVIP and ingressVIP should be of the same primary IP family 2009298 - Service created for VM SSH access is not owned by the VM and thus is not deleted if the VM is deleted 2009384 - UI changes to support BindableKinds CRD changes 2009404 - ovnkube-node pod enters CrashLoopBackOff after OVN_IMAGE is swapped 2009424 - Deployment upgrade is failing availability check 2009454 - Change web terminal subscription permissions from get to list 2009465 - container-selinux should come from rhel8-appstream 2009514 - Bump OVS to 2.16-15 2009555 - Supermicro X11 system not booting from vMedia with AI 2009623 - Console: Observe > Metrics page: Table pagination menu shows bullet points 2009664 - Git Import: Edit of knative service doesn't work as expected for git import flow 2009699 - Failure to validate flavor RAM 2009754 - Footer is not sticky anymore in import forms 2009785 - CRI-O's version file should be pinned by MCO 2009791 - Installer: ibmcloud ignores install-config values 2009823 - [sig-arch] events should not repeat pathologically - reason/VSphereOlderVersionDetected Marking cluster un-upgradeable because one or more VMs are on hardware version vmx-13 2009840 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo 2009859 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests 2009873 - Stale Logical Router Policies and Annotations for a given node 2009879 - There should be test-suite coverage to ensure admin-acks work as expected 2009888 - SRO package name collision between official and community version 2010073 - uninstalling and then reinstalling sriov-network-operator is not working 2010174 - 2 PVs get created unexpectedly with different paths that actually refer to the same device on the node. 2010181 - Environment variables not getting reset on reload on deployment edit form 2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2010341 - OpenShift Alerting Rules Style-Guide Compliance 2010342 - Local console builds can have out of memory errors 2010345 - OpenShift Alerting Rules Style-Guide Compliance 2010348 - Reverts PIE build mode for K8S components 2010352 - OpenShift Alerting Rules Style-Guide Compliance 2010354 - OpenShift Alerting Rules Style-Guide Compliance 2010359 - OpenShift Alerting Rules Style-Guide Compliance 2010368 - OpenShift Alerting Rules Style-Guide Compliance 2010376 - OpenShift Alerting Rules Style-Guide Compliance 2010662 - Cluster is unhealthy after image-registry-operator tests 2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent) 2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API 2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address 2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing 2010864 - Failure building EFS operator 2010910 - ptp worker events unable to identify interface for multiple interfaces 2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24 2010921 - Azure Stack Hub does not handle additionalTrustBundle 2010931 - SRO CSV uses non default category "Drivers and plugins" 2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well. 2011038 - optional operator conditions are confusing 2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass 2011171 - diskmaker-manager constantly redeployed by LSO when creating LV's 2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image 2011368 - Tooltip in pipeline visualization shows misleading data 2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels 2011411 - Managed Service's Cluster overview page contains link to missing Storage dashboards 2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster 2011513 - Kubelet rejects pods that use resources that should be freed by completed pods 2011668 - Machine stuck in deleting phase in VMware "reconciler failed to Delete machine" 2011693 - (release-4.10) "insightsclient_request_recvreport_total" metric is always incremented 2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn't export namespace labels anymore 2011733 - Repository README points to broken documentarion link 2011753 - Ironic resumes clean before raid configuration job is actually completed 2011809 - The nodes page in the openshift console doesn't work. You just get a blank page 2011822 - Obfuscation doesn't work at clusters with OVN 2011882 - SRO helm charts not synced with templates 2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot 2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages 2011903 - vsphere-problem-detector: session leak 2011927 - OLM should allow users to specify a proxy for GRPC connections 2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods 2011960 - [tracker] Storage operator is not available after reboot cluster instances 2011971 - ICNI2 pods are stuck in ContainerCreating state 2011972 - Ingress operator not creating wildcard route for hypershift clusters 2011977 - SRO bundle references non-existent image 2012069 - Refactoring Status controller 2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI 2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group 2012233 - [IBMCLOUD] IPI: "Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)" 2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig 2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off 2012407 - [e2e][automation] improve vm tab console tests 2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don't have namespace label 2012562 - migration condition is not detected in list view 2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written 2012780 - The port 50936 used by haproxy is occupied by kube-apiserver 2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working 2012902 - Neutron Ports assigned to Completed Pods are not reused Edit 2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack 2012971 - Disable operands deletes 2013034 - Cannot install to openshift-nmstate namespace 2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine) 2013199 - post reboot of node SRIOV policy taking huge time 2013203 - UI breaks when trying to create block pool before storage cluster/system creation 2013222 - Full breakage for nightly payload promotion 2013273 - Nil pointer exception when phc2sys options are missing 2013321 - TuneD: high CPU utilization of the TuneD daemon. 2013416 - Multiple assets emit different content to the same filename 2013431 - Application selector dropdown has incorrect font-size and positioning 2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8 2013545 - Service binding created outside topology is not visible 2013599 - Scorecard support storage is not included in ocp4.9 2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide) 2013646 - fsync controller will show false positive if gaps in metrics are observed. 2013710 - ZTP Operator subscriptions for 4.9 release branch should point to 4.9 by default 2013751 - Service details page is showing wrong in-cluster hostname 2013787 - There are two tittle 'Network Attachment Definition Details' on NAD details page 2013871 - Resource table headings are not aligned with their column data 2013895 - Cannot enable accelerated network via MachineSets on Azure 2013920 - "--collector.filesystem.ignored-mount-points is DEPRECATED and will be removed in 2.0.0, use --collector.filesystem.mount-points-exclude" 2013930 - Create Buttons enabled for Bucket Class, Backingstore and Namespace Store in the absence of Storagesystem(or MCG) 2013969 - oVIrt CSI driver fails on creating PVCs on hosted engine storage domain 2013990 - Observe dashboard crashs on reload when perspective has changed (in another tab) 2013996 - Project detail page: Action "Delete Project" does nothing for the default project 2014071 - Payload imagestream new tags not properly updated during cluster upgrade 2014153 - SRIOV exclusive pooling 2014202 - [OCP-4.8.10] OVN-Kubernetes: service IP is not responding when egressIP set to the namespace 2014238 - AWS console test is failing on importing duplicate YAML definitions 2014245 - Several aria-labels, external links, and labels aren't internationalized 2014248 - Several files aren't internationalized 2014352 - Could not filter out machine by using node name on machines page 2014464 - Unexpected spacing/padding below navigation groups in developer perspective 2014471 - Helm Release notes tab is not automatically open after installing a chart for other languages 2014486 - Integration Tests: OLM single namespace operator tests failing 2014488 - Custom operator cannot change orders of condition tables 2014497 - Regex slows down different forms and creates too much recursion errors in the log 2014538 - Kuryr controller crash looping on self._get_vip_port(loadbalancer).id 'NoneType' object has no attribute 'id' 2014614 - Metrics scraping requests should be assigned to exempt priority level 2014710 - TestIngressStatus test is broken on Azure 2014954 - The prometheus-k8s-{0,1} pods are CrashLoopBackoff repeatedly 2014995 - oc adm must-gather cannot gather audit logs with 'None' audit profile 2015115 - [RFE] PCI passthrough 2015133 - [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl '--resource-group-name' parameter 2015154 - Support ports defined networks and primarySubnet 2015274 - Yarn dev fails after updates to dynamic plugin JSON schema logic 2015337 - 4.9.0 GA MetalLB operator image references need to be adjusted to match production 2015386 - Possibility to add labels to the built-in OCP alerts 2015395 - Table head on Affinity Rules modal is not fully expanded 2015416 - CI implementation for Topology plugin 2015418 - Project Filesystem query returns No datapoints found 2015420 - No vm resource in project view's inventory 2015422 - No conflict checking on snapshot name 2015472 - Form and YAML view switch button should have distinguishable status 2015481 - [4.10] sriov-network-operator daemon pods are failing to start 2015493 - Cloud Controller Manager Operator does not respect 'additionalTrustBundle' setting 2015496 - Storage - PersistentVolumes : Claim colum value 'No Claim' in English 2015498 - [UI] Add capacity when not applicable (for MCG only deployment and External mode cluster) fails to pass any info. to user and tries to just load a blank screen on 'Add Capacity' button click 2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu 2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain. 2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart 'x% used' is in English 2015549 - Observe - Metrics: Column heading and pagination text is in English 2015557 - Workloads - DeploymentConfigs : Error message is in English 2015568 - Compute - Nodes : CPU column's values are in English 2015635 - Storage operator fails causing installation to fail on ASH 2015660 - "Finishing boot source customization" screen should not use term "patched" 2015793 - [hypershift] The collect-profiles job's pods should run on the control-plane node 2015806 - Metrics view in Deployment reports "Forbidden" when not cluster-admin 2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning 2015837 - OS_CLOUD overwrites install-config's platform.openstack.cloud 2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch 2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail 2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed) 2016008 - [4.10] Bootimage bump tracker 2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver 2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator 2016054 - No e2e CI presubmit configured for release component cluster-autoscaler 2016055 - No e2e CI presubmit configured for release component console 2016058 - openshift-sync does not synchronise in "ose-jenkins:v4.8" 2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager 2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers 2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters. 2016179 - Add Sprint 208 translations 2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager 2016235 - should update to 7.5.11 for grafana resources version label 2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails 2016334 - shiftstack: SRIOV nic reported as not supported 2016352 - Some pods start before CA resources are present 2016367 - Empty task box is getting created for a pipeline without finally task 2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts 2016438 - Feature flag gating is missing in few extensions contributed via knative plugin 2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc 2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets 2016453 - Complete i18n for GaugeChart defaults 2016479 - iface-id-ver is not getting updated for existing lsp 2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear 2016951 - dynamic actions list is not disabling "open console" for stopped vms 2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available 2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances 2017016 - [REF] Virtualization menu 2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn 2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly 2017130 - t is not a function error navigating to details page 2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue 2017244 - ovirt csi operator static files creation is in the wrong order 2017276 - [4.10] Volume mounts not created with the correct security context 2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed. 2017427 - NTO does not restart TuneD daemon when profile application is taking too long 2017535 - Broken Argo CD link image on GitOps Details Page 2017547 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references 2017564 - On-prem prepender dispatcher script overwrites DNS search settings 2017565 - CCMO does not handle additionalTrustBundle on Azure Stack 2017566 - MetalLB: Web Console -Create Address pool form shows address pool name twice 2017606 - [e2e][automation] add test to verify send key for VNC console 2017650 - [OVN]EgressFirewall cannot be applied correctly if cluster has windows nodes 2017656 - VM IP address is "undefined" under VM details -> ssh field 2017663 - SSH password authentication is disabled when public key is not supplied 2017680 - [gcp] Couldn’t enable support for instances with GPUs on GCP 2017732 - [KMS] Prevent creation of encryption enabled storageclass without KMS connection set 2017752 - (release-4.10) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource 2017756 - overlaySize setting on containerruntimeconfig is ignored due to cri-o defaults 2017761 - [e2e][automation] dummy bug for 4.9 test dependency 2017872 - Add Sprint 209 translations 2017874 - The installer is incorrectly checking the quota for X instances instead of G and VT instances 2017879 - Add Chinese translation for "alternate" 2017882 - multus: add handling of pod UIDs passed from runtime 2017909 - [ICNI 2.0] ovnkube-masters stop processing add/del events for pods 2018042 - HorizontalPodAutoscaler CPU averageValue did not show up in HPA metrics GUI 2018093 - Managed cluster should ensure control plane pods do not run in best-effort QoS 2018094 - the tooltip length is limited 2018152 - CNI pod is not restarted when It cannot start servers due to ports being used 2018208 - e2e-metal-ipi-ovn-ipv6 are failing 75% of the time 2018234 - user settings are saved in local storage instead of on cluster 2018264 - Delete Export button doesn't work in topology sidebar (general issue with unknown CSV?) 2018272 - Deployment managed by link and topology sidebar links to invalid resource page (at least for Exports) 2018275 - Topology graph doesn't show context menu for Export CSV 2018279 - Edit and Delete confirmation modals for managed resource should close when the managed resource is clicked 2018380 - Migrate docs links to access.redhat.com 2018413 - Error: context deadline exceeded, OCP 4.8.9 2018428 - PVC is deleted along with VM even with "Delete Disks" unchecked 2018445 - [e2e][automation] enhance tests for downstream 2018446 - [e2e][automation] move tests to different level 2018449 - [e2e][automation] add test about create/delete network attachment definition 2018490 - [4.10] Image provisioning fails with file name too long 2018495 - Fix typo in internationalization README 2018542 - Kernel upgrade does not reconcile DaemonSet 2018880 - Get 'No datapoints found.' when query metrics about alert rule KubeCPUQuotaOvercommit and KubeMemoryQuotaOvercommit 2018884 - QE - Adapt crw-basic feature file to OCP 4.9/4.10 changes 2018935 - go.sum not updated, that ART extracts version string from, WAS: Missing backport from 4.9 for Kube bump PR#950 2018965 - e2e-metal-ipi-upgrade is permafailing in 4.10 2018985 - The rootdisk size is 15Gi of windows VM in customize wizard 2019001 - AWS: Operator degraded (CredentialsFailing): 1 of 6 credentials requests are failing to sync. 2019096 - Update SRO leader election timeout to support SNO 2019129 - SRO in operator hub points to wrong repo for README 2019181 - Performance profile does not apply 2019198 - ptp offset metrics are not named according to the log output 2019219 - [IBMCLOUD]: cloud-provider-ibm missing IAM permissions in CCCMO CredentialRequest 2019284 - Stop action should not in the action list while VMI is not running 2019346 - zombie processes accumulation and Argument list too long 2019360 - [RFE] Virtualization Overview page 2019452 - Logger object in LSO appends to existing logger recursively 2019591 - Operator install modal body that scrolls has incorrect padding causing shadow position to be incorrect 2019634 - Pause and migration is enabled in action list for a user who has view only permission 2019636 - Actions in VM tabs should be disabled when user has view only permission 2019639 - "Take snapshot" should be disabled while VM image is still been importing 2019645 - Create button is not removed on "Virtual Machines" page for view only user 2019646 - Permission error should pop-up immediately while clicking "Create VM" button on template page for view only user 2019647 - "Remove favorite" and "Create new Template" should be disabled in template action list for view only user 2019717 - cant delete VM with un-owned pvc attached 2019722 - The shared-resource-csi-driver-node pod runs as “BestEffort” qosClass 2019739 - The shared-resource-csi-driver-node uses imagePullPolicy as "Always" 2019744 - [RFE] Suggest users to download newest RHEL 8 version 2019809 - [OVN][Upgrade] After upgrade to 4.7.34 ovnkube-master pods are in CrashLoopBackOff/ContainerCreating and other multiple issues at OVS/OVN level 2019827 - Display issue with top-level menu items running demo plugin 2019832 - 4.10 Nightlies blocked: Failed to upgrade authentication, operator was degraded 2019886 - Kuryr unable to finish ports recovery upon controller restart 2019948 - [RFE] Restructring Virtualization links 2019972 - The Nodes section doesn't display the csr of the nodes that are trying to join the cluster 2019977 - Installer doesn't validate region causing binary to hang with a 60 minute timeout 2019986 - Dynamic demo plugin fails to build 2019992 - instance:node_memory_utilisation:ratio metric is incorrect 2020001 - Update dockerfile for demo dynamic plugin to reflect dir change 2020003 - MCD does not regard "dangling" symlinks as a files, attempts to write through them on next backup, resulting in "not writing through dangling symlink" error and degradation. 2020107 - cluster-version-operator: remove runlevel from CVO namespace 2020153 - Creation of Windows high performance VM fails 2020216 - installer: Azure storage container blob where is stored bootstrap.ign file shouldn't be public 2020250 - Replacing deprecated ioutil 2020257 - Dynamic plugin with multiple webpack compilation passes may fail to build 2020275 - ClusterOperators link in console returns blank page during upgrades 2020377 - permissions error while using tcpdump option with must-gather 2020489 - coredns_dns metrics don't include the custom zone metrics data due to CoreDNS prometheus plugin is not defined 2020498 - "Show PromQL" button is disabled 2020625 - [AUTH-52] User fails to login from web console with keycloak OpenID IDP after enable group membership sync feature 2020638 - [4.7] CI conformance test failures related to CustomResourcePublishOpenAPI 2020664 - DOWN subports are not cleaned up 2020904 - When trying to create a connection from the Developer view between VMs, it fails 2021016 - 'Prometheus Stats' of dashboard 'Prometheus Overview' miss data on console compared with Grafana 2021017 - 404 page not found error on knative eventing page 2021031 - QE - Fix the topology CI scripts 2021048 - [RFE] Added MAC Spoof check 2021053 - Metallb operator presented as community operator 2021067 - Extensive number of requests from storage version operator in cluster 2021081 - Missing PolicyGenTemplate for configuring Local Storage Operator LocalVolumes 2021135 - [azure-file-csi-driver] "make unit-test" returns non-zero code, but tests pass 2021141 - Cluster should allow a fast rollout of kube-apiserver is failing on single node 2021151 - Sometimes the DU node does not get the performance profile configuration applied and MachineConfigPool stays stuck in Updating 2021152 - imagePullPolicy is "Always" for ptp operator images 2021191 - Project admins should be able to list available network attachment defintions 2021205 - Invalid URL in git import form causes validation to not happen on URL change 2021322 - cluster-api-provider-azure should populate purchase plan information 2021337 - Dynamic Plugins: ResourceLink doesn't render when passed a groupVersionKind 2021364 - Installer requires invalid AWS permission s3:GetBucketReplication 2021400 - Bump documentationBaseURL to 4.10 2021405 - [e2e][automation] VM creation wizard Cloud Init editor 2021433 - "[sig-builds][Feature:Builds][pullsearch] docker build where the registry is not specified" test fail permanently on disconnected 2021466 - [e2e][automation] Windows guest tool mount 2021544 - OCP 4.6.44 - Ingress VIP assigned as secondary IP in ovs-if-br-ex and added to resolv.conf as nameserver 2021551 - Build is not recognizing the USER group from an s2i image 2021607 - Unable to run openshift-install with a vcenter hostname that begins with a numeric character 2021629 - api request counts for current hour are incorrect 2021632 - [UI] Clicking on odf-operator breadcrumb from StorageCluster details page displays empty page 2021693 - Modals assigned modal-lg class are no longer the correct width 2021724 - Observe > Dashboards: Graph lines are not visible when obscured by other lines 2021731 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled 2021936 - Kubelet version in RPMs should be using Dockerfile label instead of git tags 2022050 - [BM][IPI] Failed during bootstrap - unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem 2022053 - dpdk application with vhost-net is not able to start 2022114 - Console logging every proxy request 2022144 - 1 of 3 ovnkube-master pods stuck in clbo after ipi bm deployment - dualstack (Intermittent) 2022251 - wait interval in case of a failed upload due to 403 is unnecessarily long 2022399 - MON_DISK_LOW troubleshooting guide link when clicked, gives 404 error . 2022447 - ServiceAccount in manifests conflicts with OLM 2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules. 2022509 - getOverrideForManifest does not check manifest.GVK.Group 2022536 - WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache 2022612 - no namespace field for "Kubernetes / Compute Resources / Namespace (Pods)" admin console dashboard 2022627 - Machine object not picking up external FIP added to an openstack vm 2022646 - configure-ovs.sh failure - Error: unknown connection 'WARN:' 2022707 - Observe / monitoring dashboard shows forbidden errors on Dev Sandbox 2022801 - Add Sprint 210 translations 2022811 - Fix kubelet log rotation file handle leak 2022812 - [SCALE] ovn-kube service controller executes unnecessary load balancer operations 2022824 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests 2022880 - Pipeline renders with minor visual artifact with certain task dependencies 2022886 - Incorrect URL in operator description 2023042 - CRI-O filters custom runtime allowed annotation when both custom workload and custom runtime sections specified under the config 2023060 - [e2e][automation] Windows VM with CDROM migration 2023077 - [e2e][automation] Home Overview Virtualization status 2023090 - [e2e][automation] Examples of Import URL for VM templates 2023102 - [e2e][automation] Cloudinit disk of VM from custom template 2023216 - ACL for a deleted egressfirewall still present on node join switch 2023228 - Remove Tech preview badge on Trigger components 1.6 OSP on OCP 4.9 2023238 - [sig-devex][Feature:ImageEcosystem][python][Slow] hot deploy for openshift python image Django example should work with hot deploy 2023342 - SCC admission should take ephemeralContainers into account 2023356 - Devfiles can't be loaded in Safari on macOS (403 - Forbidden) 2023434 - Update Azure Machine Spec API to accept Marketplace Images 2023500 - Latency experienced while waiting for volumes to attach to node 2023522 - can't remove package from index: database is locked 2023560 - "Network Attachment Definitions" has no project field on the top in the list view 2023592 - [e2e][automation] add mac spoof check for nad 2023604 - ACL violation when deleting a provisioning-configuration resource 2023607 - console returns blank page when normal user without any projects visit Installed Operators page 2023638 - Downgrade support level for extended control plane integration to Dev Preview 2023657 - inconsistent behaviours of adding ssh key on rhel node between 4.9 and 4.10 2023675 - Changing CNV Namespace 2023779 - Fix Patch 104847 in 4.9 2023781 - initial hardware devices is not loading in wizard 2023832 - CCO updates lastTransitionTime for non-Status changes 2023839 - Bump recommended FCOS to 34.20211031.3.0 2023865 - Console css overrides prevent dynamic plug-in PatternFly tables from displaying correctly 2023950 - make test-e2e-operator on kubernetes-nmstate results in failure to pull image from "registry:5000" repository 2023985 - [4.10] OVN idle service cannot be accessed after upgrade from 4.8 2024055 - External DNS added extra prefix for the TXT record 2024108 - Occasionally node remains in SchedulingDisabled state even after update has been completed sucessfully 2024190 - e2e-metal UPI is permafailing with inability to find rhcos.json 2024199 - 400 Bad Request error for some queries for the non admin user 2024220 - Cluster monitoring checkbox flickers when installing Operator in all-namespace mode 2024262 - Sample catalog is not displayed when one API call to the backend fails 2024309 - cluster-etcd-operator: defrag controller needs to provide proper observability 2024316 - modal about support displays wrong annotation 2024328 - [oVirt / RHV] PV disks are lost when machine deleted while node is disconnected 2024399 - Extra space is in the translated text of "Add/Remove alternate service" on Create Route page 2024448 - When ssh_authorized_keys is empty in form view it should not appear in yaml view 2024493 - Observe > Alerting > Alerting rules page throws error trying to destructure undefined 2024515 - test-blocker: Ceph-storage-plugin tests failing 2024535 - hotplug disk missing OwnerReference 2024537 - WINDOWS_IMAGE_LINK does not refer to windows cloud image 2024547 - Detail page is breaking for namespace store , backing store and bucket class. 2024551 - KMS resources not getting created for IBM FlashSystem storage 2024586 - Special Resource Operator(SRO) - Empty image in BuildConfig when using RT kernel 2024613 - pod-identity-webhook starts without tls 2024617 - vSphere CSI tests constantly failing with Rollout of the monitoring stack failed and is degraded 2024665 - Bindable services are not shown on topology 2024731 - linuxptp container: unnecessary checking of interfaces 2024750 - i18n some remaining OLM items 2024804 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured 2024826 - [RHOS/IPI] Masters are not joining a clusters when installing on OpenStack 2024841 - test Keycloak with latest tag 2024859 - Not able to deploy an existing image from private image registry using developer console 2024880 - Egress IP breaks when network policies are applied 2024900 - Operator upgrade kube-apiserver 2024932 - console throws "Unauthorized" error after logging out 2024933 - openshift-sync plugin does not sync existing secrets/configMaps on start up 2025093 - Installer does not honour diskformat specified in storage policy and defaults to zeroedthick 2025230 - ClusterAutoscalerUnschedulablePods should not be a warning 2025266 - CreateResource route has exact prop which need to be removed 2025301 - [e2e][automation] VM actions availability in different VM states 2025304 - overwrite storage section of the DV spec instead of the pvc section 2025431 - [RFE]Provide specific windows source link 2025458 - [IPI-AWS] cluster-baremetal-operator pod in a crashloop state after patching from 4.7.21 to 4.7.36 2025464 - [aws] openshift-install gather bootstrap collects logs for bootstrap and only one master node 2025467 - [OVN-K][ETP=local] Host to service backed by ovn pods doesn't work for ExternalTrafficPolicy=local 2025481 - Update VM Snapshots UI 2025488 - [DOCS] Update the doc for nmstate operator installation 2025592 - ODC 4.9 supports invalid devfiles only 2025765 - It should not try to load from storageProfile after unchecking"Apply optimized StorageProfile settings" 2025767 - VMs orphaned during machineset scaleup 2025770 - [e2e] non-priv seems looking for v2v-vmware configMap in ns "kubevirt-hyperconverged" while using customize wizard 2025788 - [IPI on azure]Pre-check on IPI Azure, should check VM Size’s vCPUsAvailable instead of vCPUs for the sku. 2025821 - Make "Network Attachment Definitions" available to regular user 2025823 - The console nav bar ignores plugin separator in existing sections 2025830 - CentOS capitalizaion is wrong 2025837 - Warn users that the RHEL URL expire 2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin- 2025903 - [UI] RoleBindings tab doesn't show correct rolebindings 2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2026178 - OpenShift Alerting Rules Style-Guide Compliance 2026209 - Updation of task is getting failed (tekton hub integration) 2026223 - Internal error occurred: failed calling webhook "ptpconfigvalidationwebhook.openshift.io" 2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates 2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct 2026352 - Kube-Scheduler revision-pruner fail during install of new cluster 2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment 2026383 - Error when rendering custom Grafana dashboard through ConfigMap 2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation 2026396 - Cachito Issues: sriov-network-operator Image build failure 2026488 - openshift-controller-manager - delete event is repeating pathologically 2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined. 2026560 - Cluster-version operator does not remove unrecognized volume mounts 2026699 - fixed a bug with missing metadata 2026813 - add Mellanox CX-6 Lx DeviceID 101f NIC support in SR-IOV Operator 2026898 - Description/details are missing for Local Storage Operator 2027132 - Use the specific icon for Fedora and CentOS template 2027238 - "Node Exporter / USE Method / Cluster" CPU utilization graph shows incorrect legend 2027272 - KubeMemoryOvercommit alert should be human readable 2027281 - [Azure] External-DNS cannot find the private DNS zone in the resource group 2027288 - Devfile samples can't be loaded after fixing it on Safari (redirect caching issue) 2027299 - The status of checkbox component is not revealed correctly in code 2027311 - K8s watch hooks do not work when fetching core resources 2027342 - Alert ClusterVersionOperatorDown is firing on OpenShift Container Platform after ca certificate rotation 2027363 - The azure-file-csi-driver and azure-file-csi-driver-operator don't use the downstream images 2027387 - [IBMCLOUD] Terraform ibmcloud-provider buffers entirely the qcow2 image causing spikes of 5GB of RAM during installation 2027498 - [IBMCloud] SG Name character length limitation 2027501 - [4.10] Bootimage bump tracker 2027524 - Delete Application doesn't delete Channels or Brokers 2027563 - e2e/add-flow-ci.feature fix accessibility violations 2027585 - CVO crashes when changing spec.upstream to a cincinnati graph which includes invalid conditional edges 2027629 - Gather ValidatingWebhookConfiguration and MutatingWebhookConfiguration resource definitions 2027685 - openshift-cluster-csi-drivers pods crashing on PSI 2027745 - default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced 2027824 - ovnkube-master CrashLoopBackoff: panic: Expected slice or struct but got string 2027917 - No settings in hostfirmwaresettings and schema objects for masters 2027927 - sandbox creation fails due to obsolete option in /etc/containers/storage.conf 2027982 - nncp stucked at ConfigurationProgressing 2028019 - Max pending serving CSRs allowed in cluster machine approver is not right for UPI clusters 2028024 - After deleting a SpecialResource, the node is still tagged although the driver is removed 2028030 - Panic detected in cluster-image-registry-operator pod 2028042 - Desktop viewer for Windows VM shows "no Service for the RDP (Remote Desktop Protocol) can be found" 2028054 - Cloud controller manager operator can't get leader lease when upgrading from 4.8 up to 4.9 2028106 - [RFE] Use dynamic plugin actions for kubevirt plugin 2028141 - Console tests doesn't pass on Node.js 15 and 16 2028160 - Remove i18nKey in network-policy-peer-selectors.tsx 2028162 - Add Sprint 210 translations 2028170 - Remove leading and trailing whitespace 2028174 - Add Sprint 210 part 2 translations 2028187 - Console build doesn't pass on Node.js 16 because node-sass doesn't support it 2028217 - Cluster-version operator does not default Deployment replicas to one 2028240 - Multiple CatalogSources causing higher CPU use than necessary 2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn't be set in HostFirmwareSettings 2028325 - disableDrain should be set automatically on SNO 2028484 - AWS EBS CSI driver's livenessprobe does not respect operator's loglevel 2028531 - Missing netFilter to the list of parameters when platform is OpenStack 2028610 - Installer doesn't retry on GCP rate limiting 2028685 - LSO repeatedly reports errors while diskmaker-discovery pod is starting 2028695 - destroy cluster does not prune bootstrap instance profile 2028731 - The containerruntimeconfig controller has wrong assumption regarding the number of containerruntimeconfigs 2028802 - CRI-O panic due to invalid memory address or nil pointer dereference 2028816 - VLAN IDs not released on failures 2028881 - Override not working for the PerformanceProfile template 2028885 - Console should show an error context if it logs an error object 2028949 - Masthead dropdown item hover text color is incorrect 2028963 - Whereabouts should reconcile stranded IP addresses 2029034 - enabling ExternalCloudProvider leads to inoperative cluster 2029178 - Create VM with wizard - page is not displayed 2029181 - Missing CR from PGT 2029273 - wizard is not able to use if project field is "All Projects" 2029369 - Cypress tests github rate limit errors 2029371 - patch pipeline--worker nodes unexpectedly reboot during scale out 2029394 - missing empty text for hardware devices at wizard review 2029414 - Alibaba Disk snapshots with XFS filesystem cannot be used 2029416 - Alibaba Disk CSI driver does not use credentials provided by CCO / ccoctl 2029521 - EFS CSI driver cannot delete volumes under load 2029570 - Azure Stack Hub: CSI Driver does not use user-ca-bundle 2029579 - Clicking on an Application which has a Helm Release in it causes an error 2029644 - New resource FirmwareSchema - reset_required exists for Dell machines and doesn't for HPE 2029645 - Sync upstream 1.15.0 downstream 2029671 - VM action "pause" and "clone" should be disabled while VM disk is still being importing 2029742 - [ovn] Stale lr-policy-list and snat rules left for egressip 2029750 - cvo keep restart due to it fail to get feature gate value during the initial start stage 2029785 - CVO panic when an edge is included in both edges and conditionaledges 2029843 - Downstream ztp-site-generate-rhel8 4.10 container image missing content(/home/ztp) 2030003 - HFS CRD: Attempt to set Integer parameter to not-numeric string value - no error 2030029 - [4.10][goroutine]Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace 2030228 - Fix StorageSpec resources field to use correct API 2030229 - Mirroring status card reflect wrong data 2030240 - Hide overview page for non-privileged user 2030305 - Export App job do not completes 2030347 - kube-state-metrics exposes metrics about resource annotations 2030364 - Shared resource CSI driver monitoring is not setup correctly 2030488 - Numerous Azure CI jobs are Failing with Partially Rendered machinesets 2030534 - Node selector/tolerations rules are evaluated too early 2030539 - Prometheus is not highly available 2030556 - Don't display Description or Message fields for alerting rules if those annotations are missing 2030568 - Operator installation fails to parse operatorframework.io/initialization-resource annotation 2030574 - console service uses older "service.alpha.openshift.io" for the service serving certificates. 2030677 - BOND CNI: There is no option to configure MTU on a Bond interface 2030692 - NPE in PipelineJobListener.upsertWorkflowJob 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2030847 - PerformanceProfile API version should be v2 2030961 - Customizing the OAuth server URL does not apply to upgraded cluster 2031006 - Application name input field is not autofocused when user selects "Create application" 2031012 - Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex 2031040 - Error screen when open topology sidebar for a Serverless / knative service which couldn't be started 2031049 - [vsphere upi] pod machine-config-operator cannot be started due to panic issue 2031057 - Topology sidebar for Knative services shows a small pod ring with "0 undefined" as tooltip 2031060 - Failing CSR Unit test due to expired test certificate 2031085 - ovs-vswitchd running more threads than expected 2031141 - Some pods not able to reach k8s api svc IP 198.223.0.1 2031228 - CVE-2021-43813 grafana: directory traversal vulnerability 2031502 - [RFE] New common templates crash the ui 2031685 - Duplicated forward upstreams should be removed from the dns operator 2031699 - The displayed ipv6 address of a dns upstream should be case sensitive 2031797 - [RFE] Order and text of Boot source type input are wrong 2031826 - CI tests needed to confirm driver-toolkit image contents 2031831 - OCP Console - Global CSS overrides affecting dynamic plugins 2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional 2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled) 2031875 - [RFE]: Provide online documentation for the SRO CRD (via oc explain) 2031926 - [ipv6dualstack] After SVC conversion from single stack only to RequireDualStack, cannot curl NodePort from the node itself 2032006 - openshift-gitops-application-controller-0 failed to schedule with sufficient node allocatable resource 2032111 - arm64 cluster, create project and deploy the example deployment, pod is CrashLoopBackOff due to the image is built on linux+amd64 2032141 - open the alertrule link in new tab, got empty page 2032179 - [PROXY] external dns pod cannot reach to cloud API in the cluster behind a proxy 2032296 - Cannot create machine with ephemeral disk on Azure 2032407 - UI will show the default openshift template wizard for HANA template 2032415 - Templates page - remove "support level" badge and add "support level" column which should not be hard coded 2032421 - [RFE] UI integration with automatic updated images 2032516 - Not able to import git repo with .devfile.yaml 2032521 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the aws_vpc_dhcp_options_association resource 2032547 - hardware devices table have filter when table is empty 2032565 - Deploying compressed files with a MachineConfig resource degrades the MachineConfigPool 2032566 - Cluster-ingress-router does not support Azure Stack 2032573 - Adopting enforces deploy_kernel/ramdisk which does not work with deploy_iso 2032589 - DeploymentConfigs ignore resolve-names annotation 2032732 - Fix styling conflicts due to recent console-wide CSS changes 2032831 - Knative Services and Revisions are not shown when Service has no ownerReference 2032851 - Networking is "not available" in Virtualization Overview 2032926 - Machine API components should use K8s 1.23 dependencies 2032994 - AddressPool IP is not allocated to service external IP wtih aggregationLength 24 2032998 - Can not achieve 250 pods/node with OVNKubernetes in a multiple worker node cluster 2033013 - Project dropdown in user preferences page is broken 2033044 - Unable to change import strategy if devfile is invalid 2033098 - Conjunction in ProgressiveListFooter.tsx is not translatable 2033111 - IBM VPC operator library bump removed global CLI args 2033138 - "No model registered for Templates" shows on customize wizard 2033215 - Flaky CI: crud/other-routes.spec.ts fails sometimes with an cypress ace/a11y AssertionError: 1 accessibility violation was detected 2033239 - [IPI on Alibabacloud] 'openshift-install' gets the wrong region (‘cn-hangzhou’) selected 2033257 - unable to use configmap for helm charts 2033271 - [IPI on Alibabacloud] destroying cluster succeeded, but the resource group deletion wasn’t triggered 2033290 - Product builds for console are failing 2033382 - MAPO is missing machine annotations 2033391 - csi-driver-shared-resource-operator sets unused CVO-manifest annotations 2033403 - Devfile catalog does not show provider information 2033404 - Cloud event schema is missing source type and resource field is using wrong value 2033407 - Secure route data is not pre-filled in edit flow form 2033422 - CNO not allowing LGW conversion from SGW in runtime 2033434 - Offer darwin/arm64 oc in clidownloads 2033489 - CCM operator failing on baremetal platform 2033518 - [aws-efs-csi-driver]Should not accept invalid FSType in sc for AWS EFS driver 2033524 - [IPI on Alibabacloud] interactive installer cannot list existing base domains 2033536 - [IPI on Alibabacloud] bootstrap complains invalid value for alibabaCloud.resourceGroupID when updating "cluster-infrastructure-02-config.yml" status, which leads to bootstrap failed and all master nodes NotReady 2033538 - Gather Cost Management Metrics Custom Resource 2033579 - SRO cannot update the special-resource-lifecycle ConfigMap if the data field is undefined 2033587 - Flaky CI test project-dashboard.scenario.ts: Resource Quotas Card was not found on project detail page 2033634 - list-style-type: disc is applied to the modal dropdowns 2033720 - Update samples in 4.10 2033728 - Bump OVS to 2.16.0-33 2033729 - remove runtime request timeout restriction for azure 2033745 - Cluster-version operator makes upstream update service / Cincinnati requests more frequently than intended 2033749 - Azure Stack Terraform fails without Local Provider 2033750 - Local volume should pull multi-arch image for kube-rbac-proxy 2033751 - Bump kubernetes to 1.23 2033752 - make verify fails due to missing yaml-patch 2033784 - set kube-apiserver degraded=true if webhook matches a virtual resource 2034004 - [e2e][automation] add tests for VM snapshot improvements 2034068 - [e2e][automation] Enhance tests for 4.10 downstream 2034087 - [OVN] EgressIP was assigned to the node which is not egress node anymore 2034097 - [OVN] After edit EgressIP object, the status is not correct 2034102 - [OVN] Recreate the deleted EgressIP object got InvalidEgressIP warning 2034129 - blank page returned when clicking 'Get started' button 2034144 - [OVN AWS] ovn-kube egress IP monitoring cannot detect the failure on ovn-k8s-mp0 2034153 - CNO does not verify MTU migration for OpenShiftSDN 2034155 - [OVN-K] [Multiple External Gateways] Per pod SNAT is disabled 2034170 - Use function.knative.dev for Knative Functions related labels 2034190 - unable to add new VirtIO disks to VMs 2034192 - Prometheus fails to insert reporting metrics when the sample limit is met 2034243 - regular user cant load template list 2034245 - installing a cluster on aws, gcp always fails with "Error: Incompatible provider version" 2034248 - GPU/Host device modal is too small 2034257 - regular user Create VM missing permissions alert 2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial] 2034287 - do not block upgrades if we can't create storageclass in 4.10 in vsphere 2034300 - Du validator policy is NonCompliant after DU configuration completed 2034319 - Negation constraint is not validating packages 2034322 - CNO doesn't pick up settings required when ExternalControlPlane topology 2034350 - The CNO should implement the Whereabouts IP reconciliation cron job 2034362 - update description of disk interface 2034398 - The Whereabouts IPPools CRD should include the podref field 2034409 - Default CatalogSources should be pointing to 4.10 index images 2034410 - Metallb BGP, BFD: prometheus is not scraping the frr metrics 2034413 - cloud-network-config-controller fails to init with secret "cloud-credentials" not found in manual credential mode 2034460 - Summary: cloud-network-config-controller does not account for different environment 2034474 - Template's boot source is "Unknown source" before and after set enableCommonBootImageImport to true 2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren't working properly 2034493 - Change cluster version operator log level 2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list 2034527 - IPI deployment fails 'timeout reached while inspecting the node' when provisioning network ipv6 2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer 2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART 2034537 - Update team 2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds 2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success 2034577 - Current OVN gateway mode should be reflected on node annotation as well 2034621 - context menu not popping up for application group 2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10 2034624 - Warn about unsupported CSI driver in vsphere operator 2034647 - missing volumes list in snapshot modal 2034648 - Rebase openshift-controller-manager to 1.23 2034650 - Rebase openshift/builder to 1.23 2034705 - vSphere: storage e2e tests logging configuration data 2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail. 2034766 - Special Resource Operator(SRO) - no cert-manager pod created in dual stack environment 2034785 - ptpconfig with summary_interval cannot be applied 2034823 - RHEL9 should be starred in template list 2034838 - An external router can inject routes if no service is added 2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent 2034879 - Lifecycle hook's name and owner shouldn't be allowed to be empty 2034881 - Cloud providers components should use K8s 1.23 dependencies 2034884 - ART cannot build the image because it tries to download controller-gen 2034889 - oc adm prune deployments does not work 2034898 - Regression in recently added Events feature 2034957 - update openshift-apiserver to kube 1.23.1 2035015 - ClusterLogForwarding CR remains stuck remediating forever 2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster 2035141 - [RFE] Show GPU/Host devices in template's details tab 2035146 - "kubevirt-plugin~PVC cannot be empty" shows on add-disk modal while adding existing PVC 2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting 2035199 - IPv6 support in mtu-migration-dispatcher.yaml 2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing 2035250 - Peering with ebgp peer over multi-hops doesn't work 2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices 2035315 - invalid test cases for AWS passthrough mode 2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env 2035321 - Add Sprint 211 translations 2035326 - [ExternalCloudProvider] installation with additional network on workers fails 2035328 - Ccoctl does not ignore credentials request manifest marked for deletion 2035333 - Kuryr orphans ports on 504 errors from Neutron 2035348 - Fix two grammar issues in kubevirt-plugin.json strings 2035393 - oc set data --dry-run=server makes persistent changes to configmaps and secrets 2035409 - OLM E2E test depends on operator package that's no longer published 2035439 - SDN Automatic assignment EgressIP on GCP returned node IP adress not egressIP address 2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to 'ecs-cn-hangzhou.aliyuncs.com' timeout, although the specified region is 'us-east-1' 2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster 2035467 - UI: Queried metrics can't be ordered on Oberve->Metrics page 2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers 2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class 2035602 - [e2e][automation] add tests for Virtualization Overview page cards 2035703 - Roles -> RoleBindings tab doesn't show RoleBindings correctly 2035704 - RoleBindings list page filter doesn't apply 2035705 - Azure 'Destroy cluster' get stuck when the cluster resource group is already not existing. 2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed 2035772 - AccessMode and VolumeMode is not reserved for customize wizard 2035847 - Two dashes in the Cronjob / Job pod name 2035859 - the output of opm render doesn't contain olm.constraint which is defined in dependencies.yaml 2035882 - [BIOS setting values] Create events for all invalid settings in spec 2035903 - One redundant capi-operator credential requests in “oc adm extract --credentials-requests” 2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen 2035927 - Cannot enable HighNodeUtilization scheduler profile 2035933 - volume mode and access mode are empty in customize wizard review tab 2035969 - "ip a " shows "Error: Peer netns reference is invalid" after create test pods 2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation 2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error 2036029 - New added cloud-network-config operator doesn’t supported aws sts format credential 2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend 2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes 2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23 2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23 2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments 2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists 2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected 2036826 - oc adm prune deployments can prune the RC/RS 2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform 2036861 - kube-apiserver is degraded while enable multitenant 2036937 - Command line tools page shows wrong download ODO link 2036940 - oc registry login fails if the file is empty or stdout 2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container 2036989 - Route URL copy to clipboard button wraps to a separate line by itself 2036990 - ZTP "DU Done inform policy" never becomes compliant on multi-node clusters 2036993 - Machine API components should use Go lang version 1.17 2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log. 2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api 2037073 - Alertmanager container fails to start because of startup probe never being successful 2037075 - Builds do not support CSI volumes 2037167 - Some log level in ibm-vpc-block-csi-controller are hard code 2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles 2037182 - PingSource badge color is not matched with knativeEventing color 2037203 - "Running VMs" card is too small in Virtualization Overview 2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly 2037237 - Add "This is a CD-ROM boot source" to customize wizard 2037241 - default TTL for noobaa cache buckets should be 0 2037246 - Cannot customize auto-update boot source 2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately 2037288 - Remove stale image reference 2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources 2037483 - Rbacs for Pods within the CBO should be more restrictive 2037484 - Bump dependencies to k8s 1.23 2037554 - Mismatched wave number error message should include the wave numbers that are in conflict 2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform] 2037635 - impossible to configure custom certs for default console route in ingress config 2037637 - configure custom certificate for default console route doesn't take effect for OCP >= 4.8 2037638 - Builds do not support CSI volumes as volume sources 2037664 - text formatting issue in Installed Operators list table 2037680 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080 2037689 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080 2037801 - Serverless installation is failing on CI jobs for e2e tests 2037813 - Metal Day 1 Networking - networkConfig Field Only Accepts String Format 2037856 - use lease for leader election 2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10 2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests 2037904 - upgrade operator deployment failed due to memory limit too low for manager container 2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation] 2038034 - non-privileged user cannot see auto-update boot source 2038053 - Bump dependencies to k8s 1.23 2038088 - Remove ipa-downloader references 2038160 - The default project missed the annotation : openshift.io/node-selector: "" 2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional 2038196 - must-gather is missing collecting some metal3 resources 2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777) 2038253 - Validator Policies are long lived 2038272 - Failures to build a PreprovisioningImage are not reported 2038384 - Azure Default Instance Types are Incorrect 2038389 - Failing test: [sig-arch] events should not repeat pathologically 2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket 2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips 2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained 2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect 2038663 - update kubevirt-plugin OWNERS 2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via "oc adm groups new" 2038705 - Update ptp reviewers 2038761 - Open Observe->Targets page, wait for a while, page become blank 2038768 - All the filters on the Observe->Targets page can't work 2038772 - Some monitors failed to display on Observe->Targets page 2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node 2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces 2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard 2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation 2038864 - E2E tests fail because multi-hop-net was not created 2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console 2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured 2038968 - Move feature gates from a carry patch to openshift/api 2039056 - Layout issue with breadcrumbs on API explorer page 2039057 - Kind column is not wide enough in API explorer page 2039064 - Bulk Import e2e test flaking at a high rate 2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled 2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters 2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost 2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy 2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator 2039170 - [upgrade]Error shown on registry operator "missing the cloud-provider-config configmap" after upgrade 2039227 - Improve image customization server parameter passing during installation 2039241 - Improve image customization server parameter passing during installation 2039244 - Helm Release revision history page crashes the UI 2039294 - SDN controller metrics cannot be consumed correctly by prometheus 2039311 - oc Does Not Describe Build CSI Volumes 2039315 - Helm release list page should only fetch secrets for deployed charts 2039321 - SDN controller metrics are not being consumed by prometheus 2039330 - Create NMState button doesn't work in OperatorHub web console 2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations 2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters. 2039359 - oc adm prune deployments can't prune the RS where the associated Deployment no longer exists 2039382 - gather_metallb_logs does not have execution permission 2039406 - logout from rest session after vsphere operator sync is finished 2039408 - Add GCP region northamerica-northeast2 to allowed regions 2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration 2039425 - No need to set KlusterletAddonConfig CR applicationManager->enabled: true in RAN ztp deployment 2039491 - oc - git:// protocol used in unit tests 2039516 - Bump OVN to ovn21.12-21.12.0-25 2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate 2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled 2039541 - Resolv-prepender script duplicating entries 2039586 - [e2e] update centos8 to centos stream8 2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty 2039619 - [AWS] In tree provisioner storageclass aws disk type should contain 'gp3' and csi provisioner storageclass default aws disk type should be 'gp3' 2039670 - Create PDBs for control plane components 2039678 - Page goes blank when create image pull secret 2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported 2039743 - React missing key warning when open operator hub detail page (and maybe others as well) 2039756 - React missing key warning when open KnativeServing details 2039770 - Observe dashboard doesn't react on time-range changes after browser reload when perspective is changed in another tab 2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard 2039781 - [GSS] OBC is not visible by admin of a Project on Console 2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector 2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled 2039880 - Log level too low for control plane metrics 2039919 - Add E2E test for router compression feature 2039981 - ZTP for standard clusters installs stalld on master nodes 2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead 2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced 2040143 - [IPI on Alibabacloud] suggest to remove region "cn-nanjing" or provide better error message 2040150 - Update ConfigMap keys for IBM HPCS 2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth 2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository 2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp 2040376 - "unknown instance type" error for supported m6i.xlarge instance 2040394 - Controller: enqueue the failed configmap till services update 2040467 - Cannot build ztp-site-generator container image 2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn't take affect in OpenShift 4 2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps 2040535 - Auto-update boot source is not available in customize wizard 2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name 2040603 - rhel worker scaleup playbook failed because missing some dependency of podman 2040616 - rolebindings page doesn't load for normal users 2040620 - [MAPO] Error pulling MAPO image on installation 2040653 - Topology sidebar warns that another component is updated while rendering 2040655 - User settings update fails when selecting application in topology sidebar 2040661 - Different react warnings about updating state on unmounted components when leaving topology 2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation 2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi 2040694 - Three upstream HTTPClientConfig struct fields missing in the operator 2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers 2040710 - cluster-baremetal-operator cannot update BMC subscription CR 2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms 2040782 - Import YAML page blocks input with more then one generateName attribute 2040783 - The Import from YAML summary page doesn't show the resource name if created via generateName attribute 2040791 - Default PGT policies must be 'inform' to integrate with the Lifecycle Operator 2040793 - Fix snapshot e2e failures 2040880 - do not block upgrades if we can't connect to vcenter 2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10 2041093 - autounattend.xml missing 2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates 2041319 - [IPI on Alibabacloud] installation in region "cn-shanghai" failed, due to "Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped" 2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23 2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller 2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener 2041441 - Provision volume with size 3000Gi even if sizeRange: '[10-2000]GiB' in storageclass on IBM cloud 2041466 - Kubedescheduler version is missing from the operator logs 2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses 2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR is missing (controller and speaker pods) 2041492 - Spacing between resources in inventory card is too small 2041509 - GCP Cloud provider components should use K8s 1.23 dependencies 2041510 - cluster-baremetal-operator doesn't run baremetal-operator's subscription webhook 2041541 - audit: ManagedFields are dropped using API not annotation 2041546 - ovnkube: set election timer at RAFT cluster creation time 2041554 - use lease for leader election 2041581 - KubeDescheduler operator log shows "Use of insecure cipher detected" 2041583 - etcd and api server cpu mask interferes with a guaranteed workload 2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure 2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation 2041620 - bundle CSV alm-examples does not parse 2041641 - Fix inotify leak and kubelet retaining memory 2041671 - Delete templates leads to 404 page 2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category 2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled 2041750 - [IPI on Alibabacloud] trying "create install-config" with region "cn-wulanchabu (China (Ulanqab))" (or "ap-southeast-6 (Philippines (Manila))", "cn-guangzhou (China (Guangzhou))") failed due to invalid endpoint 2041763 - The Observe > Alerting pages no longer have their default sort order applied 2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken 2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied 2041882 - cloud-network-config operator can't work normal on GCP workload identity cluster 2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases 2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist 2041971 - [vsphere] Reconciliation of mutating webhooks didn't happen 2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile 2041999 - [PROXY] external dns pod cannot recognize custom proxy CA 2042001 - unexpectedly found multiple load balancers 2042029 - kubedescheduler fails to install completely 2042036 - [IBMCLOUD] "openshift-install explain installconfig.platform.ibmcloud" contains not yet supported custom vpc parameters 2042049 - Seeing warning related to unrecognized feature gate in kubescheduler & KCM logs 2042059 - update discovery burst to reflect lots of CRDs on openshift clusters 2042069 - Revert toolbox to rhcos-toolbox 2042169 - Can not delete egressnetworkpolicy in Foreground propagation 2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool 2042265 - [IBM]"--scale-down-utilization-threshold" doesn't work on IBMCloud 2042274 - Storage API should be used when creating a PVC 2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection 2042366 - Lifecycle hooks should be independently managed 2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway 2042382 - [e2e][automation] CI takes more then 2 hours to run 2042395 - Add prerequisites for active health checks test 2042438 - Missing rpms in openstack-installer image 2042466 - Selection does not happen when switching from Topology Graph to List View 2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver 2042567 - insufficient info on CodeReady Containers configuration 2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk 2042619 - Overview page of the console is broken for hypershift clusters 2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running 2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud 2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud 2042770 - [IPI on Alibabacloud] with vpcID & vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly 2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring) 2042851 - Create template from SAP HANA template flow - VM is created instead of a new template 2042906 - Edit machineset with same machine deletion hook name succeed 2042960 - azure-file CI fails with "gid(0) in storageClass and pod fsgroup(1000) are not equal" 2043003 - [IPI on Alibabacloud] 'destroy cluster' of a failed installation (bug2041694) stuck after 'stage=Nat gateways' 2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial] 2043043 - Cluster Autoscaler should use K8s 1.23 dependencies 2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props) 2043078 - Favorite system projects not visible in the project selector after toggling "Show default projects". 2043117 - Recommended operators links are erroneously treated as external 2043130 - Update CSI sidecars to the latest release for 4.10 2043234 - Missing validation when creating several BGPPeers with the same peerAddress 2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler 2043254 - crio does not bind the security profiles directory 2043296 - Ignition fails when reusing existing statically-keyed LUKS volume 2043297 - [4.10] Bootimage bump tracker 2043316 - RHCOS VM fails to boot on Nutanix AOS 2043446 - Rebase aws-efs-utils to the latest upstream version. 2043556 - Add proper ci-operator configuration to ironic and ironic-agent images 2043577 - DPU network operator 2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator 2043675 - Too many machines deleted by cluster autoscaler when scaling down 2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation 2043709 - Logging flags no longer being bound to command line 2043721 - Installer bootstrap hosts using outdated kubelet containing bugs 2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather 2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23 2043780 - Bump router to k8s.io/api 1.23 2043787 - Bump cluster-dns-operator to k8s.io/api 1.23 2043801 - Bump CoreDNS to k8s.io/api 1.23 2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown 2043961 - [OVN-K] If pod creation fails, retry doesn't work as expected. 2044201 - Templates golden image parameters names should be supported 2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8] 2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter “csi.storage.k8s.io/fstype” create pvc,pod successfully but write data to the pod's volume failed of "Permission denied" 2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects 2044347 - Bump to kubernetes 1.23.3 2044481 - collect sharedresource cluster scoped instances with must-gather 2044496 - Unable to create hardware events subscription - failed to add finalizers 2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources 2044680 - Additional libovsdb performance and resource consumption fixes 2044704 - Observe > Alerting pages should not show runbook links in 4.10 2044717 - [e2e] improve tests for upstream test environment 2044724 - Remove namespace column on VM list page when a project is selected 2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff 2044808 - machine-config-daemon-pull.service: use cp instead of cat when extracting MCD in OKD 2045024 - CustomNoUpgrade alerts should be ignored 2045112 - vsphere-problem-detector has missing rbac rules for leases 2045199 - SnapShot with Disk Hot-plug hangs 2045561 - Cluster Autoscaler should use the same default Group value as Cluster API 2045591 - Reconciliation of aws pod identity mutating webhook did not happen 2045849 - Add Sprint 212 translations 2045866 - MCO Operator pod spam "Error creating event" warning messages in 4.10 2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin 2045916 - [IBMCloud] Default machine profile in installer is unreliable 2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment 2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify 2046137 - oc output for unknown commands is not human readable 2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance 2046297 - Bump DB reconnect timeout 2046517 - In Notification drawer, the "Recommendations" header shows when there isn't any recommendations 2046597 - Observe > Targets page may show the wrong service monitor is multiple monitors have the same namespace & label selectors 2046626 - Allow setting custom metrics for Ansible-based Operators 2046683 - [AliCloud]"--scale-down-utilization-threshold" doesn't work on AliCloud 2047025 - Installation fails because of Alibaba CSI driver operator is degraded 2047190 - Bump Alibaba CSI driver for 4.10 2047238 - When using communities and localpreferences together, only localpreference gets applied 2047255 - alibaba: resourceGroupID not found 2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions 2047317 - Update HELM OWNERS files under Dev Console 2047455 - [IBM Cloud] Update custom image os type 2047496 - Add image digest feature 2047779 - do not degrade cluster if storagepolicy creation fails 2047927 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used 2047929 - use lease for leader election 2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2048046 - New route annotation to show another URL or hide topology URL decorator doesn't work for Knative Services 2048048 - Application tab in User Preferences dropdown menus are too wide. 2048050 - Topology list view items are not highlighted on keyboard navigation 2048117 - [IBM]Shouldn't change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value 2048413 - Bond CNI: Failed to attach Bond NAD to pod 2048443 - Image registry operator panics when finalizes config deletion 2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-* 2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt 2048598 - Web terminal view is broken 2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure 2048891 - Topology page is crashed 2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class 2049043 - Cannot create VM from template 2049156 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used 2049886 - Placeholder bug for OCP 4.10.0 metadata release 2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning 2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2 2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0 2050227 - Installation on PSI fails with: 'openstack platform does not have the required standard-attr-tag network extension' 2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s] 2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members 2050310 - ContainerCreateError when trying to launch large (>500) numbers of pods across nodes 2050370 - alert data for burn budget needs to be updated to prevent regression 2050393 - ZTP missing support for local image registry and custom machine config 2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud 2050737 - Remove metrics and events for master port offsets 2050801 - Vsphere upi tries to access vsphere during manifests generation phase 2050883 - Logger object in LSO does not log source location accurately 2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit 2052062 - Whereabouts should implement client-go 1.22+ 2052125 - [4.10] Crio appears to be coredumping in some scenarios 2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config 2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. 2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests 2052598 - kube-scheduler should use configmap lease 2052599 - kube-controller-manger should use configmap lease 2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh 2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics vsphere_rwx_volumes_total not valid 2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop 2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. 2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1 2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch 2052756 - [4.10] PVs are not being cleaned up after PVC deletion 2053175 - oc adm catalog mirror throws 'missing signature key' error when using file://local/index 2053218 - ImagePull fails with error "unable to pull manifest from example.com/busy.box:v5 invalid reference format" 2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs 2053268 - inability to detect static lifecycle failure 2053314 - requestheader IDP test doesn't wait for cleanup, causing high failure rates 2053323 - OpenShift-Ansible BYOH Unit Tests are Broken 2053339 - Remove dev preview badge from IBM FlashSystem deployment windows 2053751 - ztp-site-generate container is missing convenience entrypoint 2053945 - [4.10] Failed to apply sriov policy on intel nics 2054109 - Missing "app" label 2054154 - RoleBinding in project without subject is causing "Project access" page to fail 2054244 - Latest pipeline run should be listed on the top of the pipeline run list 2054288 - console-master-e2e-gcp-console is broken 2054562 - DPU network operator 4.10 branch need to sync with master 2054897 - Unable to deploy hw-event-proxy operator 2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently 2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line 2055371 - Remove Check which enforces summary_interval must match logSyncInterval 2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11 2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API 2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured 2056479 - ovirt-csi-driver-node pods are crashing intermittently 2056572 - reconcilePrecaching error: cannot list resource "clusterserviceversions" in API group "operators.coreos.com" at the cluster scope" 2056629 - [4.10] EFS CSI driver can't unmount volumes with "wait: no child processes" 2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs 2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation 2056948 - post 1.23 rebase: regression in service-load balancer reliability 2057438 - Service Level Agreement (SLA) always show 'Unknown' 2057721 - Fix Proxy support in RHACM 2.4.2 2057724 - Image creation fails when NMstateConfig CR is empty 2058641 - [4.10] Pod density test causing problems when using kube-burner 2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install 2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials 2060956 - service domain can't be resolved when networkpolicy is used in OCP 4.10-rc

  1. References:

https://access.redhat.com/security/cve/CVE-2014-3577 https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2018-1000858 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-9952 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-25660 https://access.redhat.com/security/cve/CVE-2020-25677 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27781 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-21684 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/cve/CVE-2021-27218 https://access.redhat.com/security/cve/CVE-2021-30666 https://access.redhat.com/security/cve/CVE-2021-30761 https://access.redhat.com/security/cve/CVE-2021-30762 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/cve/CVE-2021-39226 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2021-43813 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0532 https://access.redhat.com/security/cve/CVE-2022-21673 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL 0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne eGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM CEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF aDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC Y/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp sQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO RDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN rs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry bSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z 7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT b5PUYUBIZLc= =GUDA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

The References section of this erratum contains a download link for the update. You must be logged in to download the update. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.1.6 images

Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

Bug fixes:

  • RHACM 2.1.6 images (BZ#1940581)

  • When generating the import cluster string, it can include unescaped characters (BZ#1934184)

  • Bugs fixed (https://bugzilla.redhat.com/):

1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1929338 - CVE-2020-35149 mquery: Code injection via merge or clone operation 1934184 - When generating the import cluster string, it can include unescaped characters 1940581 - RHACM 2.1.6 images

  1. Relevant releases/architectures:

Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64

  1. Description:

This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing

  1. Package List:

Red Hat JBoss Core Services on RHEL 7 Server:

Source: jbcs-httpd24-httpd-2.4.37-70.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.src.rpm jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.src.rpm jbcs-httpd24-mod_jk-1.2.48-13.redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.src.rpm jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.src.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.src.rpm

noarch: jbcs-httpd24-httpd-manual-2.4.37-70.jbcs.el7.noarch.rpm

ppc64: jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.ppc64.rpm

x86_64: jbcs-httpd24-httpd-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-60.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1g-6.jbcs.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. Description:

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.

Security Fix(es):

  • golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
  • golang: net: lookup functions may return invalid host names (CVE-2021-33195)
  • golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
  • golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
  • golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
  • golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
  • golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)

It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. Bugs fixed (https://bugzilla.redhat.com/):

1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196

5

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202103-1463",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "storagegrid",
        "scope": "eq",
        "trust": 2.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "capture client",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "3.6.24"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "mysql server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.33"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "8.2.19"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "windriver",
        "version": "18.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "14.16.1"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "15.0.0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.23"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "15.14.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.24.1"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.1.0.0"
      },
      {
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.0.0.2"
      },
      {
        "model": "web gateway cloud service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "10.1.1"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "nessus agent",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "8.2.1"
      },
      {
        "model": "nessus network monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.12.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "14.0.0"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1k"
      },
      {
        "model": "ontap select deploy administration utility",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.3.2"
      },
      {
        "model": "mysql workbench",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.23"
      },
      {
        "model": "sonicos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "7.0.1-r1456"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "windriver",
        "version": null
      },
      {
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "20.3.1.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "windriver",
        "version": "19.0"
      },
      {
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.3.5"
      },
      {
        "model": "web gateway cloud service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "8.2.19"
      },
      {
        "model": "web gateway cloud service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "9.2.10"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.57"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "12.0.0"
      },
      {
        "model": "secure backup",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.1.0.1.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "model": "mysql server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.15"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "windriver",
        "version": "17.0"
      },
      {
        "model": "santricity smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "enterprise manager for storage management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.4.0.0"
      },
      {
        "model": "mysql server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.23"
      },
      {
        "model": "jd edwards world security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "a9.4"
      },
      {
        "model": "email security",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "10.0.11"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.59"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1h"
      },
      {
        "model": "cloud volumes ontap mediator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "freebsd",
        "version": "12.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "10.1.1"
      },
      {
        "model": "nessus agent",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "8.2.3"
      },
      {
        "model": "mysql connectors",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.23"
      },
      {
        "model": "sma100",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "10.2.1.0-17sv"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "12.22.1"
      },
      {
        "model": "nessus network monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.11.1"
      },
      {
        "model": "nessus network monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.12.1"
      },
      {
        "model": "nessus network monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.13.0"
      },
      {
        "model": "nessus",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "8.13.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "9.2.10"
      },
      {
        "model": "nessus network monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.11.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-3450"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.1k",
                "versionStartIncluding": "1.1.1h",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:santricity_smi-s_provider_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:storagegrid_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:storagegrid:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:windriver:linux:-:*:*:*:cd:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:linux:18.0:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:linux:19.0:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:linux:17.0:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2.3",
                "versionStartIncluding": "8.2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.13.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.23",
                "versionStartIncluding": "8.0.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.7.33",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.23",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.23",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.23",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "18.1.0.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.59",
                "versionStartIncluding": "8.57",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway_cloud_service:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway_cloud_service:9.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway_cloud_service:8.2.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:9.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:8.2.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sonicwall:sma100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.2.1.0-17sv",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.1-r1456",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.11",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:capture_client:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.6.24",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.14.0",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.16.1",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.22.1",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.24.1",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-3450"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162694"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "162383"
      },
      {
        "db": "PACKETSTORM",
        "id": "166279"
      },
      {
        "db": "PACKETSTORM",
        "id": "162183"
      },
      {
        "db": "PACKETSTORM",
        "id": "162337"
      },
      {
        "db": "PACKETSTORM",
        "id": "162196"
      },
      {
        "db": "PACKETSTORM",
        "id": "162201"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2021-3450",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-388430",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-3450",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-3450",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-388430",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-3450",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-388430"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-3450"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3450"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. \nExploitation of these vulnerabilities could allow an malicious user to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html/release_notes/\n\nSecurity:\n\n* fastify-reply-from: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21321)\n\n* fastify-http-proxy: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21322)\n\n* nodejs-netmask: improper input validation of octal input data\n(CVE-2021-28918)\n\n* redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)\n\n* redis: Integer overflow via COPY command for large intsets\n(CVE-2021-29478)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n(CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing\n- -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing\nbcp47 tag (CVE-2020-28852)\n\n* nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)\n\n* oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)\n\n* redis: integer overflow when configurable limit for maximum supported\nbulk input size is too big on 32-bit platforms (CVE-2021-21309)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* nodejs-hosted-git-info: Regular Expression denial of service via\nshortcutMatch in fromUrl() (CVE-2021-23362)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with strict:true option (CVE-2021-23369)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with compat:true option (CVE-2021-23383)\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n(CVE-2021-23841)\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n(CVE-2021-27292)\n\n* grafana: snapshot feature allow an unauthenticated remote attacker to\ntrigger a DoS via a remote API call (CVE-2021-27358)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-netmask: incorrectly parses an IP address that has octal integer\nwith invalid character (CVE-2021-29418)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n(CVE-2021-29482)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\n* html-parse-stringify: Regular Expression DoS (CVE-2021-23346)\n\n* openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\nBugs:\n\n* RFE Make the source code for the endpoint-metrics-operator public (BZ#\n1913444)\n\n* cluster became offline after apiserver health check (BZ# 1942589)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension\n1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag\n1913444 - RFE Make the source code for the endpoint-metrics-operator public\n1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull\n1927520 - RHACM 2.3.0 images\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application\n1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call\n1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS\n1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service\n1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service\n1942589 - cluster became offline after apiserver health check\n1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()\n1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command\n1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets\n1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs\n1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method\n1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions\n1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id\n1983131 - Defragmenting an etcd member doesn\u0027t reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters\n\n5. \n\nBug fix:\n\n* RHACM 2.0.10 images (BZ #1940452)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1940452 - RHACM 2.0.10 images\n1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: OpenShift Container Platform 4.10.3 security update\nAdvisory ID:       RHSA-2022:0056-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:0056\nIssue date:        2022-03-10\nCVE Names:         CVE-2014-3577 CVE-2016-10228 CVE-2017-14502 \n                   CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625 \n                   CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 \n                   CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 \n                   CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 \n                   CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 \n                   CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 \n                   CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 \n                   CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 \n                   CVE-2019-8846 CVE-2019-9169 CVE-2019-13050 \n                   CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 \n                   CVE-2019-19906 CVE-2019-20454 CVE-2019-20807 \n                   CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 \n                   CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 \n                   CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 \n                   CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 \n                   CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 \n                   CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 \n                   CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 \n                   CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 \n                   CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 \n                   CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 \n                   CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 \n                   CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 \n                   CVE-2020-25660 CVE-2020-25677 CVE-2020-27618 \n                   CVE-2020-27781 CVE-2020-29361 CVE-2020-29362 \n                   CVE-2020-29363 CVE-2021-3121 CVE-2021-3326 \n                   CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 \n                   CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 \n                   CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 \n                   CVE-2021-3733 CVE-2021-3749 CVE-2021-20305 \n                   CVE-2021-21684 CVE-2021-22946 CVE-2021-22947 \n                   CVE-2021-25215 CVE-2021-27218 CVE-2021-30666 \n                   CVE-2021-30761 CVE-2021-30762 CVE-2021-33928 \n                   CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 \n                   CVE-2021-36222 CVE-2021-37750 CVE-2021-39226 \n                   CVE-2021-41190 CVE-2021-43813 CVE-2021-44716 \n                   CVE-2021-44717 CVE-2022-0532 CVE-2022-21673 \n                   CVE-2022-24407 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.10.3 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.10.3. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2022:0055\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n* nodejs-axios: Regular expression denial of service in trim function\n(CVE-2021-3749)\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n* grafana: Forward OAuth Identity Token can allow users to access some data\nsources (CVE-2022-21673)\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-x86_64\n\nThe image digest is\nsha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-s390x\n\nThe image digest is\nsha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le\n\nThe image digest is\nsha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1808240 - Always return metrics value for pods under the user\u0027s namespace\n1815189 - feature flagged UI does not always become available after operator installation\n1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters\n1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly\n1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal\n1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered\n1878925 - \u0027oc adm upgrade --to ...\u0027 rejects versions which occur only in history, while the cluster-version operator supports history fallback\n1880738 - origin e2e test deletes original worker\n1882983 - oVirt csi driver should refuse to provision RWX and ROX PV\n1886450 - Keepalived router id check not documented for RHV/VMware IPI\n1889488 - The metrics endpoint for the Scheduler is not protected by RBAC\n1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom\n1896474 - Path based routing is broken for some combinations\n1897431 - CIDR support for  additional network attachment with the bridge CNI plug-in\n1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes\n1907433 - Excessive logging in image operator\n1909906 - The router fails with PANIC error when stats port already in use\n1911173 - [MSTR-998] Many charts\u0027 legend names show {{}} instead of words\n1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting. \n1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true)\n1917893 - [ovirt] install fails: due to terraform error \"Cannot attach Virtual Disk: Disk is locked\" on vm resource\n1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1926522 - oc adm catalog does not clean temporary files\n1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes. \n1928141 - kube-storage-version-migrator constantly reporting type \"Upgradeable\" status Unknown\n1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it\u0027s storageclass is not yet finished, confusing users\n1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x\n1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade\n1937085 - RHV UPI inventory playbook missing guarantee_memory\n1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion\n1938236 - vsphere-problem-detector does not support overriding log levels via storage CR\n1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods\n1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer\n1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]\n1942913 - ThanosSidecarUnhealthy isn\u0027t resilient to WAL replays. \n1943363 - [ovn] CNO should gracefully terminate ovn-northd\n1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17\n1948080 - authentication should not set Available=False APIServices_Error with 503s\n1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set\n1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0\n1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer\n1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs\n1953264 - \"remote error: tls: bad certificate\" logs in prometheus-operator container\n1955300 - Machine config operator reports unavailable for 23m during upgrade\n1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set\n1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set\n1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters\n1956496 - Needs SR-IOV Docs Upstream\n1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret\n1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid\n1956964 - upload a boot-source to OpenShift virtualization using the console\n1957547 - [RFE]VM name is not auto filled in dev console\n1958349 - ovn-controller doesn\u0027t release the memory after cluster-density run\n1959352 - [scale] failed to get pod annotation: timed out waiting for annotations\n1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not\n1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]\n1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects\n1961391 - String updates\n1961509 - DHCP daemon pod should have CPU and memory requests set but not limits\n1962066 - Edit machine/machineset specs not working\n1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent\n1963053 - `oc whoami --show-console` should show the web console URL, not the server api URL\n1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters\n1964327 - Support containers with name:tag@digest\n1964789 - Send keys and disconnect does not work for VNC console\n1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7\n1966445 - Unmasking a service doesn\u0027t work if it masked using MCO\n1966477 - Use GA version in KAS/OAS/OauthAS to avoid: \"audit.k8s.io/v1beta1\" is deprecated and will be removed in a future release, use \"audit.k8s.io/v1\" instead\n1966521 - kube-proxy\u0027s userspace implementation consumes excessive CPU\n1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up\n1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount\n1970218 - MCO writes incorrect file contents if compression field is specified\n1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel]\n1970805 - Cannot create build when docker image url contains dir structure\n1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io\n1972827 - image registry does not remain available during upgrade\n1972962 - Should set the minimum value for the `--max-icsp-size` flag of `oc adm catalog mirror`\n1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run\n1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established\n1976301 - [ci] e2e-azure-upi is permafailing\n1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change. \n1976674 - CCO didn\u0027t set Upgradeable to False when cco mode is configured to Manual on azure platform\n1976894 - Unidling a StatefulSet does not work as expected\n1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases\n1977414 - Build Config timed out waiting for condition 400: Bad Request\n1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus\n1978528 - systemd-coredump started and failed intermittently for unknown reasons\n1978581 - machine-config-operator: remove runlevel from mco namespace\n1979562 - Cluster operators: don\u0027t show messages when neither progressing, degraded or unavailable\n1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9\n1979966 - OCP builds always fail when run on RHEL7 nodes\n1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading\n1981549 - Machine-config daemon does not recover from broken Proxy configuration\n1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel]\n1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues\n1982063 - \u0027Control Plane\u0027  is not translated in Simplified Chinese language in Home-\u003eOverview page\n1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands\n1982662 - Workloads - DaemonSets - Add storage: i18n misses\n1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE \"*/secrets/encryption-config\" on single node clusters\n1983758 - upgrades are failing on disruptive tests\n1983964 - Need Device plugin configuration for the NIC \"needVhostNet\" \u0026 \"isRdma\"\n1984592 - global pull secret not working in OCP4.7.4+ for additional private registries\n1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs\n1985486 - Cluster Proxy not used during installation on OSP with Kuryr\n1985724 - VM Details Page missing translations\n1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted\n1985933 - Downstream image registry recommendation\n1985965 - oVirt CSI driver does not report volume stats\n1986216 - [scale] SNO: Slow Pod recovery due to \"timed out waiting for OVS port binding\"\n1986237 - \"MachineNotYetDeleted\" in Pending state , alert not fired\n1986239 - crictl create fails with \"PID namespace requested, but sandbox infra container invalid\"\n1986302 - console continues to fetch prometheus alert and silences for normal user\n1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI\n1986338 - error creating list of resources in Import YAML\n1986502 - yaml multi file dnd duplicates previous dragged files\n1986819 - fix string typos for hot-plug disks\n1987044 - [OCPV48] Shutoff VM is being shown as \"Starting\" in WebUI when using spec.runStrategy Manual/RerunOnFailure\n1987136 - Declare operatorframework.io/arch.* labels for all operators\n1987257 - Go-http-client user-agent being used for oc adm mirror requests\n1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold\n1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP\n1988406 - SSH key dropped when selecting \"Customize virtual machine\" in UI\n1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade\n1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with \"Unable to connect to the server\"\n1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs\n1989438 - expected replicas is wrong\n1989502 - Developer Catalog is disappearing after short time\n1989843 - \u0027More\u0027 and \u0027Show Less\u0027 functions are not translated on several page\n1990014 - oc debug \u003cpod-name\u003e does not work for Windows pods\n1990190 - e2e testing failed with basic manifest: reason/ExternalProvisioning waiting for a volume to be created\n1990193 - \u0027more\u0027 and \u0027Show Less\u0027  is not being translated on Home -\u003e Search page\n1990255 - Partial or all of the Nodes/StorageClasses don\u0027t appear back on UI after text is removed from search bar\n1990489 - etcdHighNumberOfFailedGRPCRequests fires only on metal env in CI\n1990506 - Missing udev rules in initramfs for /dev/disk/by-id/scsi-* symlinks\n1990556 - get-resources.sh doesn\u0027t honor the no_proxy settings even with no_proxy var\n1990625 - Ironic agent registers with SLAAC address with privacy-stable\n1990635 - CVO does not recognize the channel change if desired version and channel changed at the same time\n1991067 - github.com can not be resolved inside pods where cluster is running on openstack. \n1991573 - Enable typescript strictNullCheck on network-policies files\n1991641 - Baremetal Cluster Operator still Available After Delete Provisioning\n1991770 - The logLevel and operatorLogLevel values do not work with Cloud Credential Operator\n1991819 - Misspelled word \"ocurred\"  in oc inspect cmd\n1991942 - Alignment and spacing fixes\n1992414 - Two rootdisks show on storage step if \u0027This is a CD-ROM boot source\u0027  is checked\n1992453 - The configMap failed to save on VM environment tab\n1992466 - The button \u0027Save\u0027 and \u0027Reload\u0027 are not translated on vm environment tab\n1992475 - The button \u0027Open console in New Window\u0027 and \u0027Disconnect\u0027 are not translated on vm console tab\n1992509 - Could not customize boot source due to source PVC not found\n1992541 - all the alert rules\u0027 annotations \"summary\" and \"description\" should comply with the OpenShift alerting guidelines\n1992580 - storageProfile should stay with the same value by check/uncheck the apply button\n1992592 - list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply\n1992777 - [IBMCLOUD] Default \"ibm_iam_authorization_policy\" is not working as expected in all scenarios\n1993364 - cluster destruction fails to remove router in BYON with Kuryr as primary network (even after BZ 1940159 got fixed)\n1993376 - periodic-ci-openshift-release-master-ci-4.6-upgrade-from-stable-4.5-e2e-azure-upgrade is permfailing\n1994094 - Some hardcodes are detected at the code level in OpenShift console components\n1994142 - Missing required cloud config fields for IBM Cloud\n1994733 - MetalLB: IP address is not assigned to service if there is duplicate IP address in two address pools\n1995021 - resolv.conf and corefile sync slows down/stops after keepalived container restart\n1995335 - [SCALE] ovnkube CNI: remove ovs flows check\n1995493 - Add Secret to workload button and Actions button are not aligned on secret details page\n1995531 - Create RDO-based Ironic image to be promoted to OKD\n1995545 - Project drop-down amalgamates inside main screen while creating storage system for odf-operator\n1995887 - [OVN]After reboot egress node,  lr-policy-list was not correct, some duplicate records or missed internal IPs\n1995924 - CMO should report `Upgradeable: false` when HA workload is incorrectly spread\n1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole\n1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN\n1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down\n1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page\n1996647 - Provide more useful degraded message in auth operator on DNS errors\n1996736 - Large number of 501 lr-policies in INCI2 env\n1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes\n1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP\n1996928 - Enable default operator indexes on ARM\n1997028 - prometheus-operator update removes env var support for thanos-sidecar\n1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used\n1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller. \n1997245 - \"Subscription already exists in openshift-storage namespace\" error message is seen while installing odf-operator via UI\n1997269 - Have to refresh console to install kube-descheduler\n1997478 - Storage operator is not available after reboot cluster instances\n1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n1997967 - storageClass is not reserved from default wizard to customize wizard\n1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order\n1998038 - [e2e][automation] add tests for UI for VM disk hot-plug\n1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus\n1998174 - Create storageclass gp3-csi  after install ocp cluster on aws\n1998183 - \"r: Bad Gateway\" info is improper\n1998235 - Firefox warning: Cookie \u201ccsrf-token\u201d will be soon rejected\n1998377 - Filesystem table head is not full displayed in disk tab\n1998378 - Virtual Machine is \u0027Not available\u0027 in Home -\u003e Overview -\u003e Cluster inventory\n1998519 - Add fstype when create localvolumeset instance on web console\n1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses\n1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page\n1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable\n1999091 - Console update toast notification can appear multiple times\n1999133 - removing and recreating static pod manifest leaves pod in error state\n1999246 - .indexignore is not ingore when oc command load dc configuration\n1999250 - ArgoCD in GitOps operator can\u0027t manage namespaces\n1999255 - ovnkube-node always crashes out the first time it starts\n1999261 - ovnkube-node log spam (and security token leak?)\n1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -\u003e Operator Installation page\n1999314 - console-operator is slow to mark Degraded as False once console starts working\n1999425 - kube-apiserver with \"[SHOULD NOT HAPPEN] failed to update managedFields\" err=\"failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck)\n1999556 - \"master\" pool should be updated before the CVO reports available at the new version occurred\n1999578 - AWS EFS CSI tests are constantly failing\n1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages\n1999619 - cloudinit is malformatted if a user sets a password during VM creation flow\n1999621 - Empty ssh_authorized_keys entry is added to VM\u0027s cloudinit if created from a customize flow\n1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined\n1999668 - openshift-install destroy cluster panic\u0027s when given invalid credentials to cloud provider (Azure Stack Hub)\n1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource\n1999771 - revert \"force cert rotation every couple days for development\" in 4.10\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n1999796 - Openshift Console `Helm` tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace. \n1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions\n1999903 - Click \"This is a CD-ROM boot source\" ticking \"Use template size PVC\" on pvc upload form\n1999983 - No way to clear upload error from template boot source\n2000081 - [IPI baremetal]  The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter\n2000096 - Git URL is not re-validated on edit build-config form reload\n2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig\n2000236 - Confusing usage message from dynkeepalived CLI\n2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported\n2000430 - bump cluster-api-provider-ovirt version in installer\n2000450 - 4.10: Enable static PV multi-az test\n2000490 - All critical alerts shipped by CMO should have links to a runbook\n2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded)\n2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster\n2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled\n2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console\n2000754 - IPerf2 tests should be lower\n2000846 - Structure logs in the entire codebase of Local Storage Operator\n2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24\n2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM\n2000938 - CVO does not respect changes to a Deployment strategy\n2000963 - \u0027Inline-volume (default fs)] volumes should store data\u0027 tests are failing on OKD with updated selinux-policy\n2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don\u0027t have snapshot and should be fullClone\n2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole\n2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api\n2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error\n2001337 - Details Card in ODF Dashboard mentions OCS\n2001339 - fix text content hotplug\n2001413 - [e2e][automation] add/delete nic and disk to template\n2001441 - Test: oc adm must-gather runs successfully for audit logs -  fail due to startup log\n2001442 - Empty termination.log file for the kube-apiserver has too permissive mode\n2001479 - IBM Cloud DNS unable to create/update records\n2001566 - Enable alerts for prometheus operator in UWM\n2001575 - Clicking on the perspective switcher shows a white page with loader\n2001577 - Quick search placeholder is not displayed properly when the search string is removed\n2001578 - [e2e][automation] add tests for vm dashboard tab\n2001605 - PVs remain in Released state for a long time after the claim is deleted\n2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options\n2001620 - Cluster becomes degraded if it can\u0027t talk to Manila\n2001760 - While creating \u0027Backing Store\u0027, \u0027Bucket Class\u0027, \u0027Namespace Store\u0027 user is navigated to \u0027Installed Operators\u0027 page after clicking on ODF\n2001761 - Unable to apply cluster operator storage for SNO on GCP platform. \n2001765 - Some error message in the log  of diskmaker-manager caused confusion\n2001784 - show loading page before final results instead of showing a transient message No log files exist\n2001804 - Reload feature on Environment section in Build Config form does not work properly\n2001810 - cluster admin unable to view BuildConfigs in all namespaces\n2001817 - Failed to load RoleBindings list that will lead to \u2018Role name\u2019 is not able to be selected on Create RoleBinding page as well\n2001823 - OCM controller must update operator status\n2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start\n2001835 - Could not select image tag version when create app from dev console\n2001855 - Add capacity is disabled for ocs-storagecluster\n2001856 - Repeating event: MissingVersion no image found for operand pod\n2001959 - Side nav list borders don\u0027t extend to edges of container\n2002007 - Layout issue on \"Something went wrong\" page\n2002010 - ovn-kube may never attempt to retry a pod creation\n2002012 - Cannot change volume mode when cloning a VM from a template\n2002027 - Two instances of Dotnet helm chart show as one in topology\n2002075 - opm render does not automatically pulling in the image(s) used in the deployments\n2002121 - [OVN] upgrades failed for IPI  OSP16 OVN  IPSec cluster\n2002125 - Network policy details page heading should be updated to Network Policy details\n2002133 - [e2e][automation] add support/virtualization and improve deleteResource\n2002134 - [e2e][automation] add test to verify vm details tab\n2002215 - Multipath day1 not working on s390x\n2002238 - Image stream tag is not persisted when switching from yaml to form editor\n2002262 - [vSphere] Incorrect user agent in vCenter sessions list\n2002266 - SinkBinding create form doesn\u0027t allow to use subject name, instead of label selector\n2002276 - OLM fails to upgrade operators immediately\n2002300 - Altering the Schedule Profile configurations doesn\u0027t affect the placement of the pods\n2002354 - Missing DU configuration \"Done\" status reporting during ZTP flow\n2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn\u0027t use commonjs\n2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation\n2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN\n2002397 - Resources search is inconsistent\n2002434 - CRI-O leaks some children PIDs\n2002443 - Getting undefined error on create local volume set page\n2002461 - DNS operator performs spurious updates in response to API\u0027s defaulting of service\u0027s internalTrafficPolicy\n2002504 - When the openshift-cluster-storage-operator is degraded because of \"VSphereProblemDetectorController_SyncError\", the insights operator is not sending the logs from all pods. \n2002559 - User preference for topology list view does not follow when a new namespace is created\n2002567 - Upstream SR-IOV worker doc has broken links\n2002588 - Change text to be sentence case to align with PF\n2002657 - ovn-kube egress IP monitoring is using a random port over the node network\n2002713 - CNO: OVN logs should have millisecond resolution\n2002748 - [ICNI2] \u0027ErrorAddingLogicalPort\u0027 failed to handle external GW check: timeout waiting for namespace event\n2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite\n2002763 - Two storage systems getting created with external mode RHCS\n2002808 - KCM does not use web identity credentials\n2002834 - Cluster-version operator does not remove unrecognized volume mounts\n2002896 - Incorrect result return when user filter data by name on search page\n2002950 - Why spec.containers.command is not created with \"oc create deploymentconfig \u003cdc-name\u003e --image=\u003cimage\u003e -- \u003ccommand\u003e\"\n2003096 - [e2e][automation] check bootsource URL is displaying on review step\n2003113 - OpenShift Baremetal IPI installer uses first three defined nodes under hosts in install-config for master nodes instead of filtering the hosts with the master role\n2003120 - CI: Uncaught error with ResizeObserver on operand details page\n2003145 - Duplicate operand tab titles causes \"two children with the same key\" warning\n2003164 - OLM, fatal error: concurrent map writes\n2003178 - [FLAKE][knative] The UI doesn\u0027t show updated traffic distribution after accepting the form\n2003193 - Kubelet/crio leaks netns and veth ports in the host\n2003195 - OVN CNI should ensure host veths are removed\n2003204 - Jenkins all new container images (openshift4/ose-jenkins) not supporting \u0027-e JENKINS_PASSWORD=password\u0027  ENV  which was working for old container images\n2003206 - Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace\n2003239 - \"[sig-builds][Feature:Builds][Slow] can use private repositories as build input\" tests fail outside of CI\n2003244 - Revert libovsdb client code\n2003251 - Patternfly components with list element has list item bullet when they should not. \n2003252 - \"[sig-builds][Feature:Builds][Slow] starting a build using CLI  start-build test context override environment BUILD_LOGLEVEL in buildconfig\" tests do not work as expected outside of CI\n2003269 - Rejected pods should be filtered from admission regression\n2003357 - QE- Removing the epic tags for gherkin tags related to 4.9 Release\n2003426 - [e2e][automation]  add test for vm details bootorder\n2003496 - [e2e][automation] add test for vm resources requirment settings\n2003641 - All metal ipi jobs are failing in 4.10\n2003651 - ODF4.9+LSO4.8 installation via UI, StorageCluster move to error state\n2003655 - [IPI ON-PREM] Keepalived chk_default_ingress track script failed even though default router pod runs on node\n2003683 - Samples operator is panicking in CI\n2003711 - [UI] Empty file ceph-external-cluster-details-exporter.py downloaded from external cluster \"Connection Details\" page\n2003715 - Error on creating local volume set after selection of the volume mode\n2003743 - Remove workaround keeping /boot RW for kdump support\n2003775 - etcd pod on CrashLoopBackOff after master replacement procedure\n2003788 - CSR reconciler report error constantly when BYOH CSR approved by other Approver\n2003792 - Monitoring metrics query graph flyover panel is useless\n2003808 - Add Sprint 207 translations\n2003845 - Project admin cannot access image vulnerabilities view\n2003859 - sdn emits events with garbage messages\n2003896 - (release-4.10) ApiRequestCounts conditional gatherer\n2004009 - 4.10: Fix multi-az zone scheduling e2e for 5 control plane replicas\n2004051 - CMO can report as being Degraded while node-exporter is deployed on all nodes\n2004059 - [e2e][automation] fix current tests for downstream\n2004060 - Trying to use basic spring boot sample causes crash on Firefox\n2004101 - [UI] When creating storageSystem deployment type dropdown under advanced setting doesn\u0027t close after selection\n2004127 - [flake] openshift-controller-manager event reason/SuccessfulDelete occurs too frequently\n2004203 - build config\u0027s created prior to 4.8 with image change triggers can result in trigger storm in OCM/openshift-apiserver\n2004313 - [RHOCP 4.9.0-rc.0] Failing to deploy Azure cluster from the macOS installer - ignition_bootstrap.ign: no such file or directory\n2004449 - Boot option recovery menu prevents image boot\n2004451 - The backup filename displayed in the RecentBackup message is incorrect\n2004459 - QE - Modified the AddFlow gherkin scripts and automation scripts\n2004508 - TuneD issues with the recent ConfigParser changes. \n2004510 - openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions\n2004542 - [osp][octavia lb] cannot create LoadBalancer type svcs\n2004578 - Monitoring and node labels missing for an external storage platform\n2004585 - prometheus-k8s-0 cpu usage keeps increasing for the first 3 days\n2004596 - [4.10] Bootimage bump tracker\n2004597 - Duplicate ramdisk log containers running\n2004600 - Duplicate ramdisk log containers running\n2004609 - output of \"crictl inspectp\" is not complete\n2004625 - BMC credentials could be logged if they change\n2004632 - When LE takes a large amount of time, multiple whereabouts are seen\n2004721 - ptp/worker custom threshold doesn\u0027t change ptp events threshold\n2004736 - [knative] Create button on new Broker form is inactive despite form being filled\n2004796 - [e2e][automation] add test for vm scheduling policy\n2004814 - (release-4.10) OCM controller - change type of the etc-pki-entitlement secret to opaque\n2004870 - [External Mode] Insufficient spacing along y-axis in RGW Latency Performance Card\n2004901 - [e2e][automation] improve kubevirt devconsole tests\n2004962 - Console frontend job consuming too much CPU in CI\n2005014 - state of ODF StorageSystem is misreported during installation or uninstallation\n2005052 - Adding a MachineSet selector matchLabel causes orphaned Machines\n2005179 - pods status filter is not taking effect\n2005182 - sync list of deprecated apis about to be removed\n2005282 - Storage cluster name is given as title in StorageSystem details page\n2005355 - setuptools 58 makes Kuryr CI fail\n2005407 - ClusterNotUpgradeable Alert should be set to Severity Info\n2005415 - PTP operator with sidecar api configured throws  bind: address already in use\n2005507 - SNO spoke cluster failing to reach coreos.live.rootfs_url is missing url in console\n2005554 - The switch status of the button \"Show default project\" is not revealed correctly in code\n2005581 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable\n2005761 - QE - Implementing crw-basic feature file\n2005783 - Fix accessibility issues in the \"Internal\" and \"Internal - Attached Mode\" Installation Flow\n2005811 - vSphere Problem Detector operator - ServerFaultCode: InvalidProperty\n2005854 - SSH NodePort service is created for each VM\n2005901 - KS, KCM and KA going Degraded during master nodes upgrade\n2005902 - Current UI flow for MCG only deployment is confusing and doesn\u0027t reciprocate any message to the end-user\n2005926 - PTP operator NodeOutOfPTPSync rule is using max offset from the master instead of openshift_ptp_clock_state metrics\n2005971 - Change telemeter to report the Application Services product usage metrics\n2005997 - SELinux domain container_logreader_t does not have a policy to follow sym links for log files\n2006025 - Description to use an existing StorageClass while creating StorageSystem needs to be re-phrased\n2006060 - ocs-storagecluster-storagesystem details are missing on UI for MCG Only and MCG only in LSO mode deployment types\n2006101 - Power off fails for drivers that don\u0027t support Soft power off\n2006243 - Metal IPI upgrade jobs are running out of disk space\n2006291 - bootstrapProvisioningIP set incorrectly when provisioningNetworkCIDR doesn\u0027t use the 0th address\n2006308 - Backing Store YAML tab on click displays a blank screen on UI\n2006325 - Multicast is broken across nodes\n2006329 - Console only allows Web Terminal Operator to be installed in OpenShift Operators\n2006364 - IBM Cloud: Set resourceGroupId for resourceGroups, not simply resource\n2006561 - [sig-instrumentation] Prometheus when installed on the cluster shouldn\u0027t have failing rules evaluation [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2006690 - OS boot failure \"x64 Exception Type 06 - Invalid Opcode Exception\"\n2006714 - add retry for etcd errors in kube-apiserver\n2006767 - KubePodCrashLooping may not fire\n2006803 - Set CoreDNS cache entries for forwarded zones\n2006861 - Add Sprint 207 part 2 translations\n2006945 - race condition can cause crashlooping bootstrap kube-apiserver in cluster-bootstrap\n2006947 - e2e-aws-proxy for 4.10 is permafailing with samples operator errors\n2006975 - clusteroperator/etcd status condition should not change reasons frequently due to EtcdEndpointsDegraded\n2007085 - Intermittent failure mounting /run/media/iso when booting live ISO from USB stick\n2007136 - Creation of BackingStore, BucketClass, NamespaceStore fails\n2007271 - CI Integration for Knative test cases\n2007289 - kubevirt tests are failing in CI\n2007322 - Devfile/Dockerfile import does not work for unsupported git host\n2007328 - Updated patternfly to v4.125.3 and pf.quickstarts to v1.2.3. \n2007379 - Events are not generated for master offset  for ordinary clock\n2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace\n2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address\n2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error\n2007522 - No new local-storage-operator-metadata-container is build for 4.10\n2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10\n2007580 - Azure cilium installs are failing e2e tests\n2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10\n2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes\n2007692 - 4.9 \"old-rhcos\" jobs are permafailing with storage test failures\n2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow\n2007757 - must-gather extracts imagestreams in the \"openshift\" namespace, but not Templates\n2007802 - AWS machine actuator get stuck if machine is completely missing\n2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator\n2008119 - The serviceAccountIssuer field on Authentication CR is reseted to \u201c\u201d when installation process\n2008151 - Topology breaks on clicking in empty state\n2008185 - Console operator go.mod should use go 1.16.version\n2008201 - openstack-az job is failing on haproxy idle test\n2008207 - vsphere CSI driver doesn\u0027t set resource limits\n2008223 - gather_audit_logs: fix oc command line to get the current audit profile\n2008235 - The Save button in the Edit DC form remains disabled\n2008256 - Update Internationalization README with scope info\n2008321 - Add correct documentation link for MON_DISK_LOW\n2008462 - Disable PodSecurity feature gate for 4.10\n2008490 - Backing store details page does not contain all the kebab actions. \n2008521 - gcp-hostname service should correct invalid search entries in resolv.conf\n2008532 - CreateContainerConfigError:: failed to prepare subPath for volumeMount\n2008539 - Registry doesn\u0027t fall back to secondary ImageContentSourcePolicy Mirror\n2008540 - HighlyAvailableWorkloadIncorrectlySpread always fires on upgrade on cluster with two workers\n2008599 - Azure Stack UPI does not have Internal Load Balancer\n2008612 - Plugin asset proxy does not pass through browser cache headers\n2008712 - VPA webhook timeout prevents all pods from starting\n2008733 - kube-scheduler: exposed /debug/pprof port\n2008911 - Prometheus repeatedly scaling prometheus-operator replica set\n2008926 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]\n2008987 - OpenShift SDN Hosted Egress IP\u0027s are not being scheduled to nodes after upgrade to 4.8.12\n2009055 - Instances of OCS to be replaced with ODF on UI\n2009078 - NetworkPodsCrashLooping alerts in upgrade CI jobs\n2009083 - opm blocks pruning of existing bundles during add\n2009111 - [IPI-on-GCP] \u0027Install a cluster with nested virtualization enabled\u0027 failed due to unable to launch compute instances\n2009131 - [e2e][automation] add more test about vmi\n2009148 - [e2e][automation] test vm nic presets and options\n2009233 - ACM policy object generated by PolicyGen conflicting with OLM Operator\n2009253 - [BM] [IPI] [DualStack] apiVIP and ingressVIP should be of the same primary IP family\n2009298 - Service created for VM SSH access is not owned by the VM and thus is not deleted if the VM is deleted\n2009384 - UI changes to support BindableKinds CRD changes\n2009404 - ovnkube-node pod enters CrashLoopBackOff after OVN_IMAGE is swapped\n2009424 - Deployment upgrade is failing availability check\n2009454 - Change web terminal subscription permissions from get to list\n2009465 - container-selinux should come from rhel8-appstream\n2009514 - Bump OVS to 2.16-15\n2009555 - Supermicro X11 system not booting from vMedia with AI\n2009623 - Console: Observe \u003e Metrics page: Table pagination menu shows bullet points\n2009664 - Git Import: Edit of knative service doesn\u0027t work as expected for git import flow\n2009699 - Failure to validate flavor RAM\n2009754 - Footer is not sticky anymore in import forms\n2009785 - CRI-O\u0027s version file should be pinned by MCO\n2009791 - Installer:  ibmcloud ignores install-config values\n2009823 - [sig-arch] events should not repeat pathologically - reason/VSphereOlderVersionDetected Marking cluster un-upgradeable because one or more VMs are on hardware version vmx-13\n2009840 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo\n2009859 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests\n2009873 - Stale Logical Router Policies and Annotations for a given node\n2009879 - There should be test-suite coverage to ensure admin-acks work as expected\n2009888 - SRO package name collision between official and community version\n2010073 - uninstalling and then reinstalling sriov-network-operator is not working\n2010174 - 2 PVs get created unexpectedly with different paths that actually refer to the same device on the node. \n2010181 - Environment variables not getting reset on reload on deployment edit form\n2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2010341 - OpenShift Alerting Rules Style-Guide Compliance\n2010342 - Local console builds can have out of memory errors\n2010345 - OpenShift Alerting Rules Style-Guide Compliance\n2010348 - Reverts PIE build mode for K8S components\n2010352 - OpenShift Alerting Rules Style-Guide Compliance\n2010354 - OpenShift Alerting Rules Style-Guide Compliance\n2010359 - OpenShift Alerting Rules Style-Guide Compliance\n2010368 - OpenShift Alerting Rules Style-Guide Compliance\n2010376 - OpenShift Alerting Rules Style-Guide Compliance\n2010662 - Cluster is unhealthy after image-registry-operator tests\n2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent)\n2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API\n2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address\n2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing\n2010864 - Failure building EFS operator\n2010910 - ptp worker events unable to identify interface for multiple interfaces\n2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24\n2010921 - Azure Stack Hub does not handle additionalTrustBundle\n2010931 - SRO CSV uses non default category \"Drivers and plugins\"\n2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well. \n2011038 - optional operator conditions are confusing\n2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass\n2011171 - diskmaker-manager constantly redeployed by LSO when creating LV\u0027s\n2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image\n2011368 - Tooltip in pipeline visualization shows misleading data\n2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels\n2011411 - Managed Service\u0027s Cluster overview page contains link to missing Storage dashboards\n2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster\n2011513 - Kubelet rejects pods that use resources that should be freed by completed pods\n2011668 - Machine stuck in deleting phase in VMware \"reconciler failed to Delete machine\"\n2011693 - (release-4.10) \"insightsclient_request_recvreport_total\" metric is always incremented\n2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn\u0027t export namespace labels anymore\n2011733 - Repository README points to broken documentarion link\n2011753 - Ironic resumes clean before raid configuration job is actually completed\n2011809 - The nodes page in the openshift console doesn\u0027t work. You just get a blank page\n2011822 - Obfuscation doesn\u0027t work at clusters with OVN\n2011882 - SRO helm charts not synced with templates\n2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot\n2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages\n2011903 - vsphere-problem-detector: session leak\n2011927 - OLM should allow users to specify a proxy for GRPC connections\n2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods\n2011960 - [tracker] Storage operator is not available after reboot cluster instances\n2011971 - ICNI2 pods are stuck in ContainerCreating state\n2011972 - Ingress operator not creating wildcard route for hypershift  clusters\n2011977 - SRO bundle references non-existent image\n2012069 - Refactoring Status controller\n2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI\n2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group\n2012233 - [IBMCLOUD] IPI: \"Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)\"\n2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig\n2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off\n2012407 - [e2e][automation] improve vm tab console tests\n2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don\u0027t have namespace label\n2012562 - migration condition is not detected in list view\n2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written\n2012780 - The port 50936 used by haproxy is occupied by kube-apiserver\n2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working\n2012902 - Neutron Ports assigned to Completed Pods are not reused Edit\n2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack\n2012971 - Disable operands deletes\n2013034 - Cannot install to openshift-nmstate namespace\n2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine)\n2013199 - post reboot of node SRIOV policy taking huge time\n2013203 - UI breaks when trying to create block pool before storage cluster/system creation\n2013222 - Full breakage for nightly payload promotion\n2013273 - Nil pointer exception when phc2sys options are missing\n2013321 - TuneD: high CPU utilization of the TuneD daemon. \n2013416 - Multiple assets emit different content to the same filename\n2013431 - Application selector dropdown has incorrect font-size and positioning\n2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8\n2013545 - Service binding created outside topology is not visible\n2013599 - Scorecard support storage is not included in ocp4.9\n2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide)\n2013646 - fsync controller will show false positive if gaps in metrics are observed. \n2013710 - ZTP Operator subscriptions for 4.9 release branch should point to 4.9 by default\n2013751 - Service details page is showing wrong in-cluster hostname\n2013787 - There are two tittle \u0027Network Attachment Definition Details\u0027 on NAD details page\n2013871 - Resource table headings are not aligned with their column data\n2013895 - Cannot enable accelerated network via MachineSets on Azure\n2013920 - \"--collector.filesystem.ignored-mount-points is DEPRECATED and will be removed in 2.0.0, use --collector.filesystem.mount-points-exclude\"\n2013930 - Create Buttons enabled for Bucket Class, Backingstore and Namespace Store in the absence of Storagesystem(or MCG)\n2013969 - oVIrt CSI driver fails on creating PVCs on hosted engine storage domain\n2013990 - Observe dashboard crashs on reload when perspective has changed (in another tab)\n2013996 - Project detail page: Action \"Delete Project\" does nothing for the default project\n2014071 - Payload imagestream new tags not properly updated during cluster upgrade\n2014153 - SRIOV exclusive pooling\n2014202 - [OCP-4.8.10] OVN-Kubernetes: service IP is not responding when egressIP set to the namespace\n2014238 - AWS console test is failing on importing duplicate YAML definitions\n2014245 - Several aria-labels, external links, and labels aren\u0027t internationalized\n2014248 - Several files aren\u0027t internationalized\n2014352 - Could not filter out machine by using node name on machines page\n2014464 - Unexpected spacing/padding below navigation groups in developer perspective\n2014471 - Helm Release notes tab is not automatically open after installing a chart for other languages\n2014486 - Integration Tests: OLM single namespace operator tests failing\n2014488 - Custom operator cannot change orders of condition tables\n2014497 - Regex slows down different forms and creates too much recursion errors in the log\n2014538 - Kuryr controller crash looping on  self._get_vip_port(loadbalancer).id   \u0027NoneType\u0027 object has no attribute \u0027id\u0027\n2014614 - Metrics scraping requests should be assigned to exempt priority level\n2014710 - TestIngressStatus test is broken on Azure\n2014954 - The prometheus-k8s-{0,1} pods are CrashLoopBackoff repeatedly\n2014995 - oc adm must-gather cannot gather audit logs with \u0027None\u0027 audit profile\n2015115 - [RFE] PCI passthrough\n2015133 - [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl \u0027--resource-group-name\u0027 parameter\n2015154 - Support ports defined networks and primarySubnet\n2015274 - Yarn dev fails after updates to dynamic plugin JSON schema logic\n2015337 - 4.9.0 GA MetalLB operator image references need to be adjusted to match production\n2015386 - Possibility to add labels to the built-in OCP alerts\n2015395 - Table head on Affinity Rules modal is not fully expanded\n2015416 - CI implementation for Topology plugin\n2015418 - Project Filesystem query returns No datapoints found\n2015420 - No vm resource in project view\u0027s inventory\n2015422 - No conflict checking on snapshot name\n2015472 - Form and YAML view switch button should have distinguishable status\n2015481 - [4.10]  sriov-network-operator daemon pods are failing to start\n2015493 - Cloud Controller Manager Operator does not respect \u0027additionalTrustBundle\u0027 setting\n2015496 - Storage - PersistentVolumes : Claim colum value \u0027No Claim\u0027 in English\n2015498 - [UI] Add capacity when not applicable (for MCG only deployment and External mode cluster) fails to pass any info. to user and tries to just load a blank screen on \u0027Add Capacity\u0027 button click\n2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu\n2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain. \n2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart \u0027x% used\u0027 is in English\n2015549 - Observe - Metrics: Column heading and pagination text is in English\n2015557 - Workloads - DeploymentConfigs :  Error message is in English\n2015568 - Compute - Nodes : CPU column\u0027s values are in English\n2015635 - Storage operator fails causing installation to fail on ASH\n2015660 - \"Finishing boot source customization\" screen should not use term \"patched\"\n2015793 - [hypershift] The collect-profiles job\u0027s pods should run on the control-plane node\n2015806 - Metrics view in Deployment reports \"Forbidden\" when not cluster-admin\n2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning\n2015837 - OS_CLOUD overwrites install-config\u0027s platform.openstack.cloud\n2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch\n2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail\n2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed)\n2016008 - [4.10] Bootimage bump tracker\n2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver\n2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator\n2016054 - No e2e CI presubmit configured for release component cluster-autoscaler\n2016055 - No e2e CI presubmit configured for release component console\n2016058 - openshift-sync does not synchronise in \"ose-jenkins:v4.8\"\n2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager\n2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers\n2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters. \n2016179 - Add Sprint 208 translations\n2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager\n2016235 - should update to 7.5.11 for grafana resources version label\n2016296 - Openshift virtualization  : Create Windows Server 2019 VM using template : Fails\n2016334 - shiftstack: SRIOV nic reported as not supported\n2016352 - Some pods start before CA resources are present\n2016367 - Empty task box is getting created for a pipeline without finally task\n2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts\n2016438 - Feature flag gating is missing in few extensions contributed via knative plugin\n2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc\n2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets\n2016453 - Complete i18n for GaugeChart defaults\n2016479 - iface-id-ver is not getting updated for existing lsp\n2016925 - Dashboards with All filter, change to a specific value and change back to All,  data will disappear\n2016951 - dynamic actions list is not disabling \"open console\" for stopped vms\n2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available\n2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances\n2017016 - [REF] Virtualization menu\n2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn\n2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly\n2017130 - t is not a function error navigating to details page\n2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue\n2017244 - ovirt csi operator static files creation is in the wrong order\n2017276 - [4.10] Volume mounts not created with the correct security context\n2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed. \n2017427 - NTO does not restart TuneD daemon when profile application is taking too long\n2017535 - Broken Argo CD link image on GitOps Details Page\n2017547 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references\n2017564 - On-prem prepender dispatcher script overwrites DNS search settings\n2017565 - CCMO does not handle additionalTrustBundle on Azure Stack\n2017566 - MetalLB: Web Console -Create Address pool form shows address pool name twice\n2017606 - [e2e][automation] add test to verify send key for VNC console\n2017650 - [OVN]EgressFirewall cannot be applied correctly if cluster has windows nodes\n2017656 - VM IP address is \"undefined\" under VM details -\u003e ssh field\n2017663 - SSH password authentication is disabled when public key is not supplied\n2017680 - [gcp] Couldn\u2019t enable support for instances with GPUs on GCP\n2017732 - [KMS] Prevent creation of encryption enabled storageclass without KMS connection set\n2017752 - (release-4.10) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource\n2017756 - overlaySize setting on containerruntimeconfig is ignored due to cri-o defaults\n2017761 - [e2e][automation] dummy bug for 4.9 test dependency\n2017872 - Add Sprint 209 translations\n2017874 - The installer is incorrectly checking the quota for X instances instead of G and VT instances\n2017879 - Add Chinese translation for \"alternate\"\n2017882 - multus: add handling of pod UIDs passed from runtime\n2017909 - [ICNI 2.0] ovnkube-masters stop processing add/del events for pods\n2018042 - HorizontalPodAutoscaler CPU averageValue did not show up in HPA metrics GUI\n2018093 - Managed cluster should ensure control plane pods do not run in best-effort QoS\n2018094 - the tooltip length is limited\n2018152 - CNI pod is not restarted when It cannot start servers due to ports being used\n2018208 - e2e-metal-ipi-ovn-ipv6 are failing 75% of the time\n2018234 - user settings are saved in local storage instead of on cluster\n2018264 - Delete Export button doesn\u0027t work in topology sidebar (general issue with unknown CSV?)\n2018272 - Deployment managed by link and topology sidebar links to invalid resource page (at least for Exports)\n2018275 - Topology graph doesn\u0027t show context menu for Export CSV\n2018279 - Edit and Delete confirmation modals for managed resource should close when the managed resource is clicked\n2018380 - Migrate docs links to access.redhat.com\n2018413 - Error: context deadline exceeded, OCP 4.8.9\n2018428 - PVC is deleted along with VM even with \"Delete Disks\" unchecked\n2018445 - [e2e][automation] enhance tests for downstream\n2018446 - [e2e][automation] move tests to different level\n2018449 - [e2e][automation] add test about create/delete network attachment definition\n2018490 - [4.10] Image provisioning fails with file name too long\n2018495 - Fix typo in internationalization README\n2018542 - Kernel upgrade does not reconcile DaemonSet\n2018880 - Get \u0027No datapoints found.\u0027 when query metrics about alert rule KubeCPUQuotaOvercommit and KubeMemoryQuotaOvercommit\n2018884 - QE - Adapt crw-basic feature file to OCP 4.9/4.10 changes\n2018935 - go.sum not updated, that ART extracts version string from, WAS: Missing backport from 4.9 for Kube bump PR#950\n2018965 - e2e-metal-ipi-upgrade is permafailing in 4.10\n2018985 - The rootdisk size is 15Gi of windows VM in customize wizard\n2019001 - AWS: Operator degraded (CredentialsFailing): 1 of 6 credentials requests are failing to sync. \n2019096 - Update SRO leader election timeout to support SNO\n2019129 - SRO in operator hub points to wrong repo for README\n2019181 - Performance profile does not apply\n2019198 - ptp offset metrics are not named according to the log output\n2019219 - [IBMCLOUD]: cloud-provider-ibm missing IAM permissions in CCCMO CredentialRequest\n2019284 - Stop action should not in the action list while VMI is not running\n2019346 - zombie processes accumulation and Argument list too long\n2019360 - [RFE] Virtualization Overview page\n2019452 - Logger object in LSO appends to existing logger recursively\n2019591 - Operator install modal body that scrolls has incorrect padding causing shadow position to be incorrect\n2019634 - Pause and migration is enabled in action list for a user who has view only permission\n2019636 - Actions in VM tabs should be disabled when user has view only permission\n2019639 - \"Take snapshot\" should be disabled while VM image is still been importing\n2019645 - Create button is not removed on \"Virtual Machines\" page for view only user\n2019646 - Permission error should pop-up immediately while clicking \"Create VM\" button on template page for view only user\n2019647 - \"Remove favorite\" and \"Create new Template\" should be disabled in template action list for view only user\n2019717 - cant delete VM with un-owned pvc attached\n2019722 - The shared-resource-csi-driver-node pod runs as \u201cBestEffort\u201d qosClass\n2019739 - The shared-resource-csi-driver-node uses imagePullPolicy as \"Always\"\n2019744 - [RFE] Suggest users to download newest RHEL 8 version\n2019809 - [OVN][Upgrade] After upgrade to 4.7.34 ovnkube-master pods are in CrashLoopBackOff/ContainerCreating and other multiple issues at OVS/OVN level\n2019827 - Display issue with top-level menu items running demo plugin\n2019832 - 4.10 Nightlies blocked: Failed to upgrade authentication, operator was degraded\n2019886 - Kuryr unable to finish ports recovery upon controller restart\n2019948 - [RFE] Restructring Virtualization links\n2019972 - The Nodes section doesn\u0027t display the csr of the nodes that are trying to join the cluster\n2019977 - Installer doesn\u0027t validate region causing binary to hang with a 60 minute timeout\n2019986 - Dynamic demo plugin fails to build\n2019992 - instance:node_memory_utilisation:ratio metric is incorrect\n2020001 - Update dockerfile for demo dynamic plugin to reflect dir change\n2020003 - MCD does not regard \"dangling\" symlinks as a files, attempts to write through them on next backup, resulting in \"not writing through dangling symlink\" error and degradation. \n2020107 - cluster-version-operator: remove runlevel from CVO namespace\n2020153 - Creation of Windows high performance VM fails\n2020216 - installer: Azure storage container blob where is stored bootstrap.ign file shouldn\u0027t be public\n2020250 - Replacing deprecated ioutil\n2020257 - Dynamic plugin with multiple webpack compilation passes may fail to build\n2020275 - ClusterOperators link in console returns blank page during upgrades\n2020377 - permissions error while using tcpdump option with must-gather\n2020489 - coredns_dns metrics don\u0027t include the custom zone metrics data due to CoreDNS prometheus plugin is not defined\n2020498 - \"Show PromQL\" button is disabled\n2020625 - [AUTH-52] User fails to login from web console with keycloak OpenID IDP after enable group membership sync feature\n2020638 - [4.7] CI conformance test failures related to CustomResourcePublishOpenAPI\n2020664 - DOWN subports are not cleaned up\n2020904 - When trying to create a connection from the Developer view between VMs, it fails\n2021016 - \u0027Prometheus Stats\u0027 of dashboard \u0027Prometheus Overview\u0027 miss data on console compared with Grafana\n2021017 - 404 page not found error on knative eventing page\n2021031 - QE - Fix the topology CI scripts\n2021048 - [RFE] Added MAC Spoof check\n2021053 - Metallb operator presented as community operator\n2021067 - Extensive number of requests from storage version operator in cluster\n2021081 - Missing PolicyGenTemplate for configuring Local Storage Operator LocalVolumes\n2021135 - [azure-file-csi-driver] \"make unit-test\" returns non-zero code, but tests pass\n2021141 - Cluster should allow a fast rollout of kube-apiserver is failing on single node\n2021151 - Sometimes the DU node does not get the performance profile configuration applied and MachineConfigPool stays stuck in Updating\n2021152 - imagePullPolicy is \"Always\" for ptp operator images\n2021191 - Project admins should be able to list available network attachment defintions\n2021205 - Invalid URL in git import form causes validation to not happen on URL change\n2021322 - cluster-api-provider-azure should populate purchase plan information\n2021337 - Dynamic Plugins: ResourceLink doesn\u0027t render when passed a groupVersionKind\n2021364 - Installer requires invalid AWS permission s3:GetBucketReplication\n2021400 - Bump documentationBaseURL to 4.10\n2021405 - [e2e][automation] VM creation wizard Cloud Init editor\n2021433 - \"[sig-builds][Feature:Builds][pullsearch] docker build where the registry is not specified\" test fail permanently on disconnected\n2021466 - [e2e][automation] Windows guest tool mount\n2021544 - OCP 4.6.44 - Ingress VIP assigned as secondary IP in ovs-if-br-ex and added to resolv.conf as nameserver\n2021551 - Build is not recognizing the USER group from an s2i image\n2021607 - Unable to run openshift-install with a vcenter hostname that begins with a numeric character\n2021629 - api request counts for current hour are incorrect\n2021632 - [UI] Clicking on odf-operator breadcrumb from StorageCluster details page displays empty page\n2021693 - Modals assigned modal-lg class are no longer the correct width\n2021724 - Observe \u003e Dashboards: Graph lines are not visible when obscured by other lines\n2021731 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled\n2021936 - Kubelet version in RPMs should be using Dockerfile label instead of git tags\n2022050 - [BM][IPI] Failed during bootstrap - unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem\n2022053 - dpdk application with vhost-net is not able to start\n2022114 - Console logging every proxy request\n2022144 - 1 of 3 ovnkube-master pods stuck in clbo after ipi bm deployment - dualstack  (Intermittent)\n2022251 - wait interval in case of a failed upload due to 403 is unnecessarily long\n2022399 - MON_DISK_LOW troubleshooting guide link when clicked, gives 404 error . \n2022447 - ServiceAccount in manifests conflicts with OLM\n2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules. \n2022509 - getOverrideForManifest does not check manifest.GVK.Group\n2022536 - WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache\n2022612 - no namespace field for \"Kubernetes / Compute Resources / Namespace (Pods)\" admin console dashboard\n2022627 - Machine object not picking up external FIP added to an openstack vm\n2022646 - configure-ovs.sh failure -  Error: unknown connection \u0027WARN:\u0027\n2022707 - Observe / monitoring dashboard shows forbidden errors on Dev Sandbox\n2022801 - Add Sprint 210 translations\n2022811 - Fix kubelet log rotation file handle leak\n2022812 - [SCALE] ovn-kube service controller executes unnecessary load balancer operations\n2022824 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests\n2022880 - Pipeline renders with minor visual artifact with certain task dependencies\n2022886 - Incorrect URL in operator description\n2023042 - CRI-O filters custom runtime allowed annotation when both custom workload and custom runtime sections specified under the config\n2023060 - [e2e][automation] Windows VM with CDROM migration\n2023077 - [e2e][automation] Home Overview Virtualization status\n2023090 - [e2e][automation] Examples of Import URL for VM templates\n2023102 - [e2e][automation] Cloudinit disk of VM from custom template\n2023216 - ACL for a deleted egressfirewall still present on node join switch\n2023228 - Remove Tech preview badge on Trigger components 1.6 OSP on OCP 4.9\n2023238 - [sig-devex][Feature:ImageEcosystem][python][Slow] hot deploy for openshift python image  Django example should work with hot deploy\n2023342 - SCC admission should take ephemeralContainers into account\n2023356 - Devfiles can\u0027t be loaded in Safari on macOS (403 - Forbidden)\n2023434 - Update Azure Machine Spec API to accept Marketplace Images\n2023500 - Latency experienced while waiting for volumes to attach to node\n2023522 - can\u0027t remove package from index: database is locked\n2023560 - \"Network Attachment Definitions\" has no project field on the top in the list view\n2023592 - [e2e][automation] add mac spoof check for nad\n2023604 - ACL violation when deleting a provisioning-configuration resource\n2023607 - console returns blank page when normal user without any projects visit Installed Operators page\n2023638 - Downgrade support level for extended control plane integration to Dev Preview\n2023657 - inconsistent behaviours of adding ssh key on rhel node between 4.9 and 4.10\n2023675 - Changing CNV Namespace\n2023779 - Fix Patch 104847 in 4.9\n2023781 - initial hardware devices is not loading in wizard\n2023832 - CCO updates lastTransitionTime for non-Status changes\n2023839 - Bump recommended FCOS to 34.20211031.3.0\n2023865 - Console css overrides prevent dynamic plug-in PatternFly tables from displaying correctly\n2023950 - make test-e2e-operator on kubernetes-nmstate results in failure to pull image from \"registry:5000\" repository\n2023985 - [4.10] OVN idle service cannot be accessed after upgrade from 4.8\n2024055 - External DNS added extra prefix for the TXT record\n2024108 - Occasionally node remains in SchedulingDisabled state even after update has been completed sucessfully\n2024190 - e2e-metal UPI is permafailing with inability to find rhcos.json\n2024199 - 400 Bad Request error for some queries for the non admin user\n2024220 - Cluster monitoring checkbox flickers when installing Operator in all-namespace mode\n2024262 - Sample catalog is not displayed when one API call to the backend fails\n2024309 - cluster-etcd-operator: defrag controller needs to provide proper observability\n2024316 - modal about support displays wrong annotation\n2024328 - [oVirt / RHV] PV disks are lost when machine deleted while node is disconnected\n2024399 - Extra space is in the translated text of \"Add/Remove alternate service\" on Create Route page\n2024448 - When ssh_authorized_keys is empty in form view it should not appear in yaml view\n2024493 - Observe \u003e Alerting \u003e Alerting rules page throws error trying to destructure undefined\n2024515 - test-blocker: Ceph-storage-plugin tests failing\n2024535 - hotplug disk missing OwnerReference\n2024537 - WINDOWS_IMAGE_LINK does not refer to windows cloud image\n2024547 - Detail page is breaking for namespace store , backing store and bucket class. \n2024551 - KMS resources not getting created for IBM FlashSystem storage\n2024586 - Special Resource Operator(SRO) - Empty image in BuildConfig when using RT kernel\n2024613 - pod-identity-webhook starts without tls\n2024617 - vSphere CSI tests constantly failing with Rollout of the monitoring stack failed and is degraded\n2024665 - Bindable services are not shown on topology\n2024731 - linuxptp container: unnecessary checking of interfaces\n2024750 - i18n some remaining OLM items\n2024804 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured\n2024826 - [RHOS/IPI] Masters are not joining a clusters when installing on OpenStack\n2024841 - test Keycloak with latest tag\n2024859 - Not able to deploy an existing image from private image registry using developer console\n2024880 - Egress IP breaks when network policies are applied\n2024900 - Operator upgrade kube-apiserver\n2024932 - console throws \"Unauthorized\" error after logging out\n2024933 - openshift-sync plugin does not sync existing secrets/configMaps on start up\n2025093 - Installer does not honour diskformat specified in storage policy and defaults to zeroedthick\n2025230 - ClusterAutoscalerUnschedulablePods should not be a warning\n2025266 - CreateResource route has exact prop which need to be removed\n2025301 - [e2e][automation] VM actions availability in different VM states\n2025304 - overwrite storage section of the DV spec instead of the pvc section\n2025431 - [RFE]Provide specific windows source link\n2025458 - [IPI-AWS] cluster-baremetal-operator pod in a crashloop state after patching from 4.7.21 to 4.7.36\n2025464 - [aws] openshift-install gather bootstrap collects logs for bootstrap and only one master node\n2025467 - [OVN-K][ETP=local] Host to service backed by ovn pods doesn\u0027t work for ExternalTrafficPolicy=local\n2025481 - Update VM Snapshots UI\n2025488 - [DOCS] Update the doc for nmstate operator installation\n2025592 - ODC 4.9 supports invalid devfiles only\n2025765 - It should not try to load from storageProfile after unchecking\"Apply optimized StorageProfile settings\"\n2025767 - VMs orphaned during machineset scaleup\n2025770 - [e2e] non-priv seems looking for v2v-vmware configMap in ns \"kubevirt-hyperconverged\" while using customize wizard\n2025788 - [IPI on azure]Pre-check on IPI Azure, should check VM Size\u2019s vCPUsAvailable instead of vCPUs for the sku. \n2025821 - Make \"Network Attachment Definitions\" available to regular user\n2025823 - The console nav bar ignores plugin separator in existing sections\n2025830 - CentOS capitalizaion is wrong\n2025837 - Warn users that the RHEL URL expire\n2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-*\n2025903 - [UI] RoleBindings tab doesn\u0027t show correct rolebindings\n2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2026178 - OpenShift Alerting Rules Style-Guide Compliance\n2026209 - Updation of task is getting failed (tekton hub integration)\n2026223 - Internal error occurred: failed calling webhook \"ptpconfigvalidationwebhook.openshift.io\"\n2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates\n2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct\n2026352 - Kube-Scheduler revision-pruner fail during install of new cluster\n2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment\n2026383 - Error when rendering custom Grafana dashboard through ConfigMap\n2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation\n2026396 - Cachito Issues: sriov-network-operator Image build failure\n2026488 - openshift-controller-manager - delete event is repeating pathologically\n2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined. \n2026560 - Cluster-version operator does not remove unrecognized volume mounts\n2026699 - fixed a bug with missing metadata\n2026813 - add Mellanox CX-6 Lx DeviceID 101f NIC support in SR-IOV Operator\n2026898 - Description/details are missing for Local Storage Operator\n2027132 - Use the specific icon for Fedora and CentOS template\n2027238 - \"Node Exporter / USE Method / Cluster\" CPU utilization graph shows incorrect legend\n2027272 - KubeMemoryOvercommit alert should be human readable\n2027281 - [Azure] External-DNS cannot find the private DNS zone in the resource group\n2027288 - Devfile samples can\u0027t be loaded after fixing it on Safari (redirect caching issue)\n2027299 - The status of checkbox component is not revealed correctly in code\n2027311 - K8s watch hooks do not work when fetching core resources\n2027342 - Alert ClusterVersionOperatorDown is firing on OpenShift Container Platform after ca certificate rotation\n2027363 - The azure-file-csi-driver and azure-file-csi-driver-operator don\u0027t use the downstream images\n2027387 - [IBMCLOUD] Terraform ibmcloud-provider buffers entirely the qcow2 image causing spikes of 5GB of RAM during installation\n2027498 - [IBMCloud] SG Name character length limitation\n2027501 - [4.10] Bootimage bump tracker\n2027524 - Delete Application doesn\u0027t delete Channels or Brokers\n2027563 - e2e/add-flow-ci.feature fix accessibility violations\n2027585 - CVO crashes when changing spec.upstream to a cincinnati graph which includes invalid conditional edges\n2027629 - Gather ValidatingWebhookConfiguration and MutatingWebhookConfiguration resource definitions\n2027685 - openshift-cluster-csi-drivers pods crashing on PSI\n2027745 - default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced\n2027824 - ovnkube-master CrashLoopBackoff: panic: Expected slice or struct but got string\n2027917 - No settings in hostfirmwaresettings and schema objects for masters\n2027927 - sandbox creation fails due to obsolete option in /etc/containers/storage.conf\n2027982 - nncp stucked at ConfigurationProgressing\n2028019 - Max pending serving CSRs allowed in cluster machine approver is not right for UPI clusters\n2028024 - After deleting a SpecialResource, the node is still tagged although the driver is removed\n2028030 - Panic detected in cluster-image-registry-operator pod\n2028042 - Desktop viewer for Windows VM shows \"no Service for the RDP (Remote Desktop Protocol) can be found\"\n2028054 - Cloud controller manager operator can\u0027t get leader lease when upgrading from 4.8 up to 4.9\n2028106 - [RFE] Use dynamic plugin actions for kubevirt plugin\n2028141 - Console tests doesn\u0027t pass on Node.js 15 and 16\n2028160 - Remove i18nKey in network-policy-peer-selectors.tsx\n2028162 - Add Sprint 210 translations\n2028170 - Remove leading and trailing whitespace\n2028174 - Add Sprint 210 part 2 translations\n2028187 - Console build doesn\u0027t pass on Node.js 16 because node-sass doesn\u0027t support it\n2028217 - Cluster-version operator does not default Deployment replicas to one\n2028240 - Multiple CatalogSources causing higher CPU use than necessary\n2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn\u0027t be set in HostFirmwareSettings\n2028325 - disableDrain should be set automatically on SNO\n2028484 - AWS EBS CSI driver\u0027s livenessprobe does not respect operator\u0027s loglevel\n2028531 - Missing netFilter to the list of parameters when platform is OpenStack\n2028610 - Installer doesn\u0027t retry on GCP rate limiting\n2028685 - LSO repeatedly reports errors while diskmaker-discovery pod is starting\n2028695 - destroy cluster does not prune bootstrap instance profile\n2028731 - The containerruntimeconfig controller has wrong assumption regarding the number of containerruntimeconfigs\n2028802 - CRI-O panic due to invalid memory address or nil pointer dereference\n2028816 - VLAN IDs not released on failures\n2028881 - Override not working for the PerformanceProfile template\n2028885 - Console should show an error context if it logs an error object\n2028949 - Masthead dropdown item hover text color is incorrect\n2028963 - Whereabouts should reconcile stranded IP addresses\n2029034 - enabling ExternalCloudProvider leads to inoperative cluster\n2029178 - Create VM with wizard - page is not displayed\n2029181 - Missing CR from PGT\n2029273 - wizard is not able to use if project field is \"All Projects\"\n2029369 - Cypress tests github rate limit errors\n2029371 - patch pipeline--worker nodes unexpectedly reboot during scale out\n2029394 - missing empty text for hardware devices at wizard review\n2029414 - Alibaba Disk snapshots with XFS filesystem cannot be used\n2029416 - Alibaba Disk CSI driver does not use credentials provided by CCO / ccoctl\n2029521 - EFS CSI driver cannot delete volumes under load\n2029570 - Azure Stack Hub: CSI Driver does not use user-ca-bundle\n2029579 - Clicking on an Application which has a Helm Release in it causes an error\n2029644 - New resource FirmwareSchema - reset_required exists for Dell machines and doesn\u0027t for HPE\n2029645 - Sync upstream 1.15.0 downstream\n2029671 - VM action \"pause\" and \"clone\" should be disabled while VM disk is still being importing\n2029742 - [ovn] Stale lr-policy-list  and snat rules left for egressip\n2029750 - cvo keep restart due to it fail to get feature gate value during the initial start stage\n2029785 - CVO panic when an edge is included in both edges and conditionaledges\n2029843 - Downstream ztp-site-generate-rhel8 4.10 container image missing content(/home/ztp)\n2030003 - HFS CRD: Attempt to set Integer parameter to not-numeric string value - no error\n2030029 - [4.10][goroutine]Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace\n2030228 - Fix StorageSpec resources field to use correct API\n2030229 - Mirroring status card reflect wrong data\n2030240 - Hide overview page for non-privileged user\n2030305 - Export App job do not completes\n2030347 - kube-state-metrics exposes metrics about resource annotations\n2030364 - Shared resource CSI driver monitoring is not setup correctly\n2030488 - Numerous Azure CI jobs are Failing with Partially Rendered machinesets\n2030534 - Node selector/tolerations rules are evaluated too early\n2030539 - Prometheus is not highly available\n2030556 - Don\u0027t display Description or Message fields for alerting rules if those annotations are missing\n2030568 - Operator installation fails to parse operatorframework.io/initialization-resource annotation\n2030574 - console service uses older \"service.alpha.openshift.io\" for the service serving certificates. \n2030677 - BOND CNI: There is no option to configure MTU on a Bond interface\n2030692 - NPE in PipelineJobListener.upsertWorkflowJob\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2030847 - PerformanceProfile API version should be v2\n2030961 - Customizing the OAuth server URL does not apply to upgraded cluster\n2031006 - Application name input field is not autofocused when user selects \"Create application\"\n2031012 - Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex\n2031040 - Error screen when open topology sidebar for a Serverless / knative service which couldn\u0027t be started\n2031049 - [vsphere upi] pod machine-config-operator cannot be started due to panic issue\n2031057 - Topology sidebar for Knative services shows a small pod ring with \"0 undefined\" as tooltip\n2031060 - Failing CSR Unit test due to expired test certificate\n2031085 - ovs-vswitchd running more threads than expected\n2031141 - Some pods not able to reach k8s api svc IP 198.223.0.1\n2031228 - CVE-2021-43813 grafana: directory traversal vulnerability\n2031502 - [RFE] New common templates crash the ui\n2031685 - Duplicated forward upstreams should be removed from the dns operator\n2031699 - The displayed ipv6 address of a dns upstream should be case sensitive\n2031797 - [RFE] Order and text of Boot source type input are wrong\n2031826 - CI tests needed to confirm driver-toolkit image contents\n2031831 - OCP Console - Global CSS overrides affecting dynamic plugins\n2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional\n2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled)\n2031875 - [RFE]: Provide online documentation for the SRO CRD (via oc explain)\n2031926 - [ipv6dualstack] After SVC conversion from single stack only to RequireDualStack, cannot curl NodePort from the node itself\n2032006 - openshift-gitops-application-controller-0 failed to schedule with sufficient node allocatable resource\n2032111 - arm64 cluster, create project and deploy the example deployment, pod is CrashLoopBackOff due to the image is built on linux+amd64\n2032141 - open the alertrule link in new tab, got empty page\n2032179 - [PROXY] external dns pod cannot reach to cloud API in the cluster behind a proxy\n2032296 - Cannot create machine with ephemeral disk on Azure\n2032407 - UI will show the default openshift template wizard for HANA template\n2032415 - Templates page - remove \"support level\" badge and add \"support level\" column which should not be hard coded\n2032421 - [RFE] UI integration with automatic updated images\n2032516 - Not able to import git repo with .devfile.yaml\n2032521 - openshift-installer intermittent failure on AWS with \"Error: Provider produced inconsistent result after apply\" when creating the aws_vpc_dhcp_options_association resource\n2032547 - hardware devices table have filter when table is empty\n2032565 - Deploying compressed files with a MachineConfig resource degrades the MachineConfigPool\n2032566 - Cluster-ingress-router does not support Azure Stack\n2032573 - Adopting enforces deploy_kernel/ramdisk which does not work with deploy_iso\n2032589 - DeploymentConfigs ignore resolve-names annotation\n2032732 - Fix styling conflicts due to recent console-wide CSS changes\n2032831 - Knative Services and Revisions are not shown when Service has no ownerReference\n2032851 - Networking is \"not available\" in Virtualization Overview\n2032926 - Machine API components should use K8s 1.23 dependencies\n2032994 - AddressPool IP is not allocated to service external IP wtih aggregationLength 24\n2032998 - Can not achieve 250 pods/node with OVNKubernetes in a multiple worker node cluster\n2033013 - Project dropdown in user preferences page is broken\n2033044 - Unable to change import strategy if devfile is invalid\n2033098 - Conjunction in ProgressiveListFooter.tsx is not translatable\n2033111 - IBM VPC operator library bump removed global CLI args\n2033138 - \"No model registered for Templates\" shows on customize wizard\n2033215 - Flaky CI: crud/other-routes.spec.ts fails sometimes with an cypress ace/a11y AssertionError: 1 accessibility violation was detected\n2033239 - [IPI on Alibabacloud] \u0027openshift-install\u0027 gets the wrong region (\u2018cn-hangzhou\u2019) selected\n2033257 - unable to use configmap for helm charts\n2033271 - [IPI on Alibabacloud] destroying cluster succeeded, but the resource group deletion wasn\u2019t triggered\n2033290 - Product builds for console are failing\n2033382 - MAPO is missing machine annotations\n2033391 - csi-driver-shared-resource-operator sets unused CVO-manifest annotations\n2033403 - Devfile catalog does not show provider information\n2033404 - Cloud event schema is missing source type and resource field is using wrong value\n2033407 - Secure route data is not pre-filled in edit flow form\n2033422 - CNO not allowing LGW conversion from SGW in runtime\n2033434 - Offer darwin/arm64 oc in clidownloads\n2033489 - CCM operator failing on baremetal platform\n2033518 - [aws-efs-csi-driver]Should not accept invalid FSType in sc for AWS EFS driver\n2033524 - [IPI on Alibabacloud] interactive installer cannot list existing base domains\n2033536 - [IPI on Alibabacloud] bootstrap complains invalid value for alibabaCloud.resourceGroupID when updating \"cluster-infrastructure-02-config.yml\" status, which leads to bootstrap failed and all master nodes NotReady\n2033538 - Gather Cost Management Metrics Custom Resource\n2033579 - SRO cannot update the special-resource-lifecycle ConfigMap if the data field is undefined\n2033587 - Flaky CI test project-dashboard.scenario.ts: Resource Quotas Card was not found on project detail page\n2033634 - list-style-type: disc is applied to the modal dropdowns\n2033720 - Update samples in 4.10\n2033728 - Bump OVS to 2.16.0-33\n2033729 - remove runtime request timeout restriction for azure\n2033745 - Cluster-version operator makes upstream update service / Cincinnati requests more frequently than intended\n2033749 - Azure Stack Terraform fails without Local Provider\n2033750 - Local volume should pull multi-arch image for kube-rbac-proxy\n2033751 - Bump kubernetes to 1.23\n2033752 - make verify fails due to missing yaml-patch\n2033784 - set kube-apiserver degraded=true if webhook matches a virtual resource\n2034004 - [e2e][automation] add tests for VM snapshot improvements\n2034068 - [e2e][automation] Enhance tests for 4.10 downstream\n2034087 - [OVN] EgressIP was assigned to the node which is not egress node anymore\n2034097 - [OVN] After edit EgressIP object, the status is not correct\n2034102 - [OVN] Recreate the  deleted EgressIP object got  InvalidEgressIP  warning\n2034129 - blank page returned when clicking \u0027Get started\u0027 button\n2034144 - [OVN AWS] ovn-kube egress IP monitoring cannot detect the failure on ovn-k8s-mp0\n2034153 - CNO does not verify MTU migration for OpenShiftSDN\n2034155 - [OVN-K] [Multiple External Gateways] Per pod SNAT is disabled\n2034170 - Use function.knative.dev for Knative Functions related labels\n2034190 - unable to add new VirtIO disks to VMs\n2034192 - Prometheus fails to insert reporting metrics when the sample limit is met\n2034243 - regular user cant load template list\n2034245 - installing a cluster on aws, gcp always fails with \"Error: Incompatible provider version\"\n2034248 - GPU/Host device modal is too small\n2034257 - regular user `Create VM` missing permissions alert\n2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]\n2034287 - do not block upgrades if we can\u0027t create storageclass in 4.10 in vsphere\n2034300 - Du validator policy is NonCompliant after DU configuration completed\n2034319 - Negation constraint is not validating packages\n2034322 - CNO doesn\u0027t pick up settings required when ExternalControlPlane topology\n2034350 - The CNO should implement the Whereabouts IP reconciliation cron job\n2034362 - update description of disk interface\n2034398 - The Whereabouts IPPools CRD should include the podref field\n2034409 - Default CatalogSources should be pointing to 4.10 index images\n2034410 - Metallb BGP, BFD:  prometheus is not scraping the frr metrics\n2034413 - cloud-network-config-controller fails to init with secret \"cloud-credentials\" not found in manual credential mode\n2034460 - Summary: cloud-network-config-controller does not account for different environment\n2034474 - Template\u0027s boot source is \"Unknown source\" before and after set enableCommonBootImageImport to true\n2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren\u0027t working properly\n2034493 - Change cluster version operator log level\n2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list\n2034527 - IPI deployment fails \u0027timeout reached while inspecting the node\u0027 when provisioning network ipv6\n2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer\n2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART\n2034537 - Update team\n2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds\n2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success\n2034577 - Current OVN gateway mode should be reflected on node annotation as well\n2034621 - context menu not popping up for application group\n2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10\n2034624 - Warn about unsupported CSI driver in vsphere operator\n2034647 - missing volumes list in snapshot modal\n2034648 - Rebase openshift-controller-manager to 1.23\n2034650 - Rebase openshift/builder to 1.23\n2034705 - vSphere: storage e2e tests logging configuration data\n2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail. \n2034766 - Special Resource Operator(SRO) -  no cert-manager pod created in dual stack environment\n2034785 - ptpconfig with summary_interval cannot be applied\n2034823 - RHEL9 should be starred in template list\n2034838 - An external router can inject routes if no service is added\n2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent\n2034879 - Lifecycle hook\u0027s name and owner shouldn\u0027t be allowed to be empty\n2034881 - Cloud providers components should use K8s 1.23 dependencies\n2034884 - ART cannot build the image because it tries to download controller-gen\n2034889 - `oc adm prune deployments` does not work\n2034898 - Regression in recently added Events feature\n2034957 - update openshift-apiserver to kube 1.23.1\n2035015 - ClusterLogForwarding CR remains stuck remediating forever\n2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster\n2035141 - [RFE] Show GPU/Host devices in template\u0027s details tab\n2035146 - \"kubevirt-plugin~PVC cannot be empty\" shows on add-disk modal while adding existing PVC\n2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting\n2035199 - IPv6 support in mtu-migration-dispatcher.yaml\n2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing\n2035250 - Peering with ebgp peer over multi-hops doesn\u0027t work\n2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices\n2035315 - invalid test cases for AWS passthrough mode\n2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env\n2035321 - Add Sprint 211 translations\n2035326 - [ExternalCloudProvider] installation with additional network on workers fails\n2035328 - Ccoctl does not ignore credentials request manifest marked for deletion\n2035333 - Kuryr orphans ports on 504 errors from Neutron\n2035348 - Fix two grammar issues in kubevirt-plugin.json strings\n2035393 - oc set data --dry-run=server  makes persistent changes to configmaps and secrets\n2035409 - OLM E2E test depends on operator package that\u0027s no longer published\n2035439 - SDN  Automatic assignment EgressIP on GCP returned node IP adress not egressIP address\n2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to \u0027ecs-cn-hangzhou.aliyuncs.com\u0027 timeout, although the specified region is \u0027us-east-1\u0027\n2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster\n2035467 - UI: Queried metrics can\u0027t be ordered on Oberve-\u003eMetrics page\n2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers\n2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class\n2035602 - [e2e][automation] add tests for Virtualization Overview page cards\n2035703 - Roles -\u003e RoleBindings tab doesn\u0027t show RoleBindings correctly\n2035704 - RoleBindings list page filter doesn\u0027t apply\n2035705 - Azure \u0027Destroy cluster\u0027 get stuck when the cluster resource group is already not existing. \n2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed\n2035772 - AccessMode and VolumeMode is not reserved for customize wizard\n2035847 - Two dashes in the Cronjob / Job pod name\n2035859 - the output of opm render doesn\u0027t contain  olm.constraint which is defined in dependencies.yaml\n2035882 - [BIOS setting values] Create events for all invalid settings in spec\n2035903 - One redundant capi-operator credential requests in \u201coc adm extract --credentials-requests\u201d\n2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen\n2035927 - Cannot enable HighNodeUtilization scheduler profile\n2035933 - volume mode and access mode are empty in customize wizard review tab\n2035969 - \"ip a \" shows \"Error: Peer netns reference is invalid\" after create test pods\n2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation\n2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error\n2036029 - New added cloud-network-config operator doesn\u2019t supported aws sts format credential\n2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend\n2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes\n2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23\n2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23\n2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments\n2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists\n2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected\n2036826 - `oc adm prune deployments` can prune the RC/RS\n2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform\n2036861 - kube-apiserver is degraded while enable multitenant\n2036937 - Command line tools page shows wrong download ODO link\n2036940 - oc registry login fails if the file is empty or stdout\n2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container\n2036989 - Route URL copy to clipboard button wraps to a separate line by itself\n2036990 - ZTP \"DU Done inform policy\" never becomes compliant on multi-node clusters\n2036993 - Machine API components should use Go lang version 1.17\n2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log. \n2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api\n2037073 - Alertmanager container fails to start because of startup probe never being successful\n2037075 - Builds do not support CSI volumes\n2037167 - Some log level in ibm-vpc-block-csi-controller are hard code\n2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles\n2037182 - PingSource badge color is not matched with knativeEventing color\n2037203 - \"Running VMs\" card is too small in Virtualization Overview\n2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly\n2037237 - Add \"This is a CD-ROM boot source\" to customize wizard\n2037241 - default TTL for noobaa cache buckets should be 0\n2037246 - Cannot customize auto-update boot source\n2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately\n2037288 - Remove stale image reference\n2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources\n2037483 - Rbacs for Pods within the CBO should be more restrictive\n2037484 - Bump dependencies to k8s 1.23\n2037554 - Mismatched wave number error message should include the wave numbers that are in conflict\n2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform]\n2037635 - impossible to configure custom certs for default console route in ingress config\n2037637 - configure custom certificate for default console route doesn\u0027t take effect for OCP \u003e= 4.8\n2037638 - Builds do not support CSI volumes as volume sources\n2037664 - text formatting issue in Installed Operators list table\n2037680 - [IPI on Alibabacloud] sometimes operator \u0027cloud-controller-manager\u0027 tells empty VERSION, due to conflicts on listening tcp :8080\n2037689 - [IPI on Alibabacloud] sometimes operator \u0027cloud-controller-manager\u0027 tells empty VERSION, due to conflicts on listening tcp :8080\n2037801 - Serverless installation is failing on CI jobs for e2e tests\n2037813 - Metal Day 1 Networking -  networkConfig Field Only Accepts String Format\n2037856 - use lease for leader election\n2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10\n2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests\n2037904 - upgrade operator deployment failed due to memory limit too low for manager container\n2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation]\n2038034 - non-privileged user cannot see auto-update boot source\n2038053 - Bump dependencies to k8s 1.23\n2038088 - Remove ipa-downloader references\n2038160 - The `default` project missed the annotation : openshift.io/node-selector: \"\"\n2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional\n2038196 - must-gather is missing collecting some metal3 resources\n2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777)\n2038253 - Validator Policies are long lived\n2038272 - Failures to build a PreprovisioningImage are not reported\n2038384 - Azure Default Instance Types are Incorrect\n2038389 - Failing test: [sig-arch] events should not repeat pathologically\n2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket\n2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips\n2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained\n2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect\n2038663 - update kubevirt-plugin OWNERS\n2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via \"oc adm groups new\"\n2038705 - Update ptp reviewers\n2038761 - Open Observe-\u003eTargets page, wait for a while, page become blank\n2038768 - All the filters on the Observe-\u003eTargets page can\u0027t work\n2038772 - Some monitors failed to display on Observe-\u003eTargets page\n2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node\n2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces\n2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard\n2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation\n2038864 - E2E tests fail because multi-hop-net was not created\n2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console\n2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured\n2038968 - Move feature gates from a carry patch to openshift/api\n2039056 - Layout issue with breadcrumbs on API explorer page\n2039057 - Kind column is not wide enough in API explorer page\n2039064 - Bulk Import e2e test flaking at a high rate\n2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled\n2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters\n2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost\n2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy\n2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator\n2039170 - [upgrade]Error shown on registry operator \"missing the cloud-provider-config configmap\" after upgrade\n2039227 - Improve image customization server parameter passing during installation\n2039241 - Improve image customization server parameter passing during installation\n2039244 - Helm Release revision history page crashes the UI\n2039294 - SDN controller metrics cannot be consumed correctly by prometheus\n2039311 - oc Does Not Describe Build CSI Volumes\n2039315 - Helm release list page should only fetch secrets for deployed charts\n2039321 - SDN controller metrics are not being consumed by prometheus\n2039330 - Create NMState button doesn\u0027t work in OperatorHub web console\n2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations\n2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters. \n2039359 - `oc adm prune deployments` can\u0027t prune the RS  where the associated Deployment no longer exists\n2039382 - gather_metallb_logs does not have execution permission\n2039406 - logout from rest session after vsphere operator sync is finished\n2039408 - Add GCP region northamerica-northeast2 to allowed regions\n2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration\n2039425 - No need to set KlusterletAddonConfig CR applicationManager-\u003eenabled: true in RAN ztp deployment\n2039491 - oc - git:// protocol used in unit tests\n2039516 - Bump OVN to ovn21.12-21.12.0-25\n2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate\n2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled\n2039541 - Resolv-prepender script duplicating entries\n2039586 - [e2e] update centos8 to centos stream8\n2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty\n2039619 - [AWS] In tree provisioner storageclass aws disk type should contain \u0027gp3\u0027 and csi provisioner storageclass default aws disk type should be \u0027gp3\u0027\n2039670 - Create PDBs for control plane components\n2039678 - Page goes blank when create image pull secret\n2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported\n2039743 - React missing key warning when open operator hub detail page (and maybe others as well)\n2039756 - React missing key warning when open KnativeServing details\n2039770 - Observe dashboard doesn\u0027t react on time-range changes after browser reload when perspective is changed in another tab\n2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard\n2039781 - [GSS] OBC is not visible by admin of a Project on Console\n2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector\n2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled\n2039880 - Log level too low for control plane metrics\n2039919 - Add E2E test for router compression feature\n2039981 - ZTP for standard clusters installs stalld on master nodes\n2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead\n2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced\n2040143 - [IPI on Alibabacloud] suggest to remove region \"cn-nanjing\" or provide better error message\n2040150 - Update ConfigMap keys for IBM HPCS\n2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth\n2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository\n2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp\n2040376 - \"unknown instance type\" error for supported m6i.xlarge instance\n2040394 - Controller: enqueue the failed configmap till services update\n2040467 - Cannot build ztp-site-generator container image\n2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn\u0027t take affect in OpenShift 4\n2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps\n2040535 - Auto-update boot source is not available in customize wizard\n2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name\n2040603 - rhel worker scaleup playbook failed because missing some dependency of podman\n2040616 - rolebindings page doesn\u0027t load for normal users\n2040620 - [MAPO] Error pulling MAPO image on installation\n2040653 - Topology sidebar warns that another component is updated while rendering\n2040655 - User settings update fails when selecting application in topology sidebar\n2040661 - Different react warnings about updating state on unmounted components when leaving topology\n2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation\n2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi\n2040694 - Three upstream HTTPClientConfig struct fields missing in the operator\n2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers\n2040710 - cluster-baremetal-operator cannot update BMC subscription CR\n2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms\n2040782 - Import YAML page blocks input with more then one generateName attribute\n2040783 - The Import from YAML summary page doesn\u0027t show the resource name if created via generateName attribute\n2040791 - Default PGT policies must be \u0027inform\u0027 to integrate with the Lifecycle Operator\n2040793 - Fix snapshot e2e failures\n2040880 - do not block upgrades if we can\u0027t connect to vcenter\n2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10\n2041093 - autounattend.xml missing\n2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates\n2041319 - [IPI on Alibabacloud] installation in region \"cn-shanghai\" failed, due to \"Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped\"\n2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23\n2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller\n2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener\n2041441 - Provision volume with size 3000Gi even if sizeRange: \u0027[10-2000]GiB\u0027 in storageclass on IBM cloud\n2041466 - Kubedescheduler version is missing from the operator logs\n2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses\n2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR  is missing (controller and speaker pods)\n2041492 - Spacing between resources in inventory card is too small\n2041509 - GCP Cloud provider components should use K8s 1.23 dependencies\n2041510 - cluster-baremetal-operator doesn\u0027t run baremetal-operator\u0027s subscription webhook\n2041541 - audit: ManagedFields are dropped using API not annotation\n2041546 - ovnkube: set election timer at RAFT cluster creation time\n2041554 - use lease for leader election\n2041581 - KubeDescheduler operator log shows \"Use of insecure cipher detected\"\n2041583 - etcd and api server cpu mask interferes with a guaranteed workload\n2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure\n2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation\n2041620 - bundle CSV alm-examples does not parse\n2041641 - Fix inotify leak and kubelet retaining memory\n2041671 - Delete templates leads to 404 page\n2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category\n2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled\n2041750 - [IPI on Alibabacloud] trying \"create install-config\" with region \"cn-wulanchabu (China (Ulanqab))\" (or \"ap-southeast-6 (Philippines (Manila))\", \"cn-guangzhou (China (Guangzhou))\") failed due to invalid endpoint\n2041763 - The Observe \u003e Alerting pages no longer have their default sort order applied\n2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken\n2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied\n2041882 - cloud-network-config operator can\u0027t work normal on GCP workload identity cluster\n2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases\n2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist\n2041971 - [vsphere] Reconciliation of mutating webhooks didn\u0027t happen\n2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile\n2041999 - [PROXY] external dns pod cannot recognize custom proxy CA\n2042001 - unexpectedly found multiple load balancers\n2042029 - kubedescheduler fails to install completely\n2042036 - [IBMCLOUD] \"openshift-install explain installconfig.platform.ibmcloud\" contains not yet supported custom vpc parameters\n2042049 - Seeing warning related to unrecognized feature gate in kubescheduler \u0026 KCM logs\n2042059 - update discovery burst to reflect lots of CRDs on openshift clusters\n2042069 - Revert toolbox to rhcos-toolbox\n2042169 - Can not delete egressnetworkpolicy in Foreground propagation\n2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool\n2042265 - [IBM]\"--scale-down-utilization-threshold\" doesn\u0027t work on IBMCloud\n2042274 - Storage API should be used when creating a PVC\n2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection\n2042366 - Lifecycle hooks should be independently managed\n2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway\n2042382 - [e2e][automation] CI takes more then 2 hours to run\n2042395 - Add prerequisites for active health checks test\n2042438 - Missing rpms in openstack-installer image\n2042466 - Selection does not happen when switching from Topology Graph to List View\n2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver\n2042567 - insufficient info on CodeReady Containers configuration\n2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk\n2042619 - Overview page of the console is broken for hypershift clusters\n2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running\n2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud\n2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud\n2042770 - [IPI on Alibabacloud] with vpcID \u0026 vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly\n2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring)\n2042851 - Create template from SAP HANA template flow - VM is created instead of a new template\n2042906 - Edit machineset with same machine deletion hook name succeed\n2042960 - azure-file CI fails with \"gid(0) in storageClass and pod fsgroup(1000) are not equal\"\n2043003 - [IPI on Alibabacloud] \u0027destroy cluster\u0027 of a failed installation (bug2041694) stuck after \u0027stage=Nat gateways\u0027\n2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]\n2043043 - Cluster Autoscaler should use K8s 1.23 dependencies\n2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props)\n2043078 - Favorite system projects not visible in the project selector after toggling \"Show default projects\". \n2043117 - Recommended operators links are erroneously treated as external\n2043130 - Update CSI sidecars to the latest release for 4.10\n2043234 - Missing validation when creating several BGPPeers with the same peerAddress\n2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler\n2043254 - crio does not bind the security profiles directory\n2043296 - Ignition fails when reusing existing statically-keyed LUKS volume\n2043297 - [4.10] Bootimage bump tracker\n2043316 - RHCOS VM fails to boot on Nutanix AOS\n2043446 - Rebase aws-efs-utils to the latest upstream version. \n2043556 - Add proper ci-operator configuration to ironic and ironic-agent images\n2043577 - DPU network operator\n2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator\n2043675 - Too many machines deleted by cluster autoscaler when scaling down\n2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation\n2043709 - Logging flags no longer being bound to command line\n2043721 - Installer bootstrap hosts using outdated kubelet containing bugs\n2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather\n2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23\n2043780 - Bump router to k8s.io/api 1.23\n2043787 - Bump cluster-dns-operator to k8s.io/api 1.23\n2043801 - Bump CoreDNS to k8s.io/api 1.23\n2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown\n2043961 - [OVN-K] If pod creation fails, retry doesn\u0027t work as expected. \n2044201 - Templates golden image parameters names should be supported\n2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8]\n2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter \u201ccsi.storage.k8s.io/fstype\u201d create pvc,pod successfully but write data to the pod\u0027s volume failed of \"Permission denied\"\n2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects\n2044347 - Bump to kubernetes 1.23.3\n2044481 - collect sharedresource cluster scoped instances with must-gather\n2044496 - Unable to create hardware events subscription - failed to add finalizers\n2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources\n2044680 - Additional libovsdb performance and resource consumption fixes\n2044704 - Observe \u003e Alerting pages should not show runbook links in 4.10\n2044717 - [e2e] improve tests for upstream test environment\n2044724 - Remove namespace column on VM list page when a project is selected\n2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff\n2044808 - machine-config-daemon-pull.service: use `cp` instead of `cat` when extracting MCD in OKD\n2045024 - CustomNoUpgrade alerts should be ignored\n2045112 - vsphere-problem-detector has missing rbac rules for leases\n2045199 - SnapShot with Disk Hot-plug hangs\n2045561 - Cluster Autoscaler should use the same default Group value as Cluster API\n2045591 - Reconciliation of aws pod identity mutating webhook did not happen\n2045849 - Add Sprint 212 translations\n2045866 - MCO Operator pod spam \"Error creating event\" warning messages in 4.10\n2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin\n2045916 - [IBMCloud] Default machine profile in installer is unreliable\n2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment\n2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify\n2046137 - oc output for unknown commands is not human readable\n2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance\n2046297 - Bump DB reconnect timeout\n2046517 - In Notification drawer, the \"Recommendations\" header shows when there isn\u0027t any recommendations\n2046597 - Observe \u003e Targets page may show the wrong service monitor is multiple monitors have the same namespace \u0026 label selectors\n2046626 - Allow setting custom metrics for Ansible-based Operators\n2046683 - [AliCloud]\"--scale-down-utilization-threshold\" doesn\u0027t work on AliCloud\n2047025 - Installation fails because of Alibaba CSI driver operator is degraded\n2047190 - Bump Alibaba CSI driver for 4.10\n2047238 - When using communities and localpreferences together, only localpreference gets applied\n2047255 - alibaba: resourceGroupID not found\n2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions\n2047317 - Update HELM OWNERS files under Dev Console\n2047455 - [IBM Cloud] Update custom image os type\n2047496 - Add image digest feature\n2047779 - do not degrade cluster if storagepolicy creation fails\n2047927 - \u0027oc get project\u0027 caused \u0027Observed a panic: cannot deep copy core.NamespacePhase\u0027 when AllRequestBodies is used\n2047929 - use lease for leader election\n2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2048046 - New route annotation to show another URL or hide topology URL decorator doesn\u0027t work for Knative Services\n2048048 - Application tab in User Preferences dropdown menus are too wide. \n2048050 - Topology list view items are not highlighted on keyboard navigation\n2048117 - [IBM]Shouldn\u0027t change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value\n2048413 - Bond CNI: Failed to  attach Bond NAD to pod\n2048443 - Image registry operator panics when finalizes config deletion\n2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-*\n2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt\n2048598 - Web terminal view is broken\n2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure\n2048891 - Topology page is crashed\n2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class\n2049043 - Cannot create VM from template\n2049156 - \u0027oc get project\u0027 caused \u0027Observed a panic: cannot deep copy core.NamespacePhase\u0027 when AllRequestBodies is used\n2049886 - Placeholder bug for OCP 4.10.0 metadata release\n2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning\n2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2\n2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0\n2050227 - Installation on PSI fails with: \u0027openstack platform does not have the required standard-attr-tag network extension\u0027\n2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s]\n2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members\n2050310 - ContainerCreateError when trying to launch large (\u003e500) numbers of pods across nodes\n2050370 - alert data for burn budget needs to be updated to prevent regression\n2050393 - ZTP missing support for local image registry and custom machine config\n2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud\n2050737 - Remove metrics and events for master port offsets\n2050801 - Vsphere upi tries to access vsphere during manifests generation phase\n2050883 - Logger object in LSO does not log source location accurately\n2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit\n2052062 - Whereabouts should implement client-go 1.22+\n2052125 - [4.10] Crio appears to be coredumping in some scenarios\n2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config\n2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. \n2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests\n2052598 - kube-scheduler should use configmap lease\n2052599 - kube-controller-manger should use configmap lease\n2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh\n2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid\n2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop\n2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. \n2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1\n2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch\n2052756 - [4.10] PVs are not being cleaned up after PVC deletion\n2053175 - oc adm catalog mirror throws \u0027missing signature key\u0027 error when using file://local/index\n2053218 - ImagePull fails with error  \"unable to pull manifest from example.com/busy.box:v5  invalid reference format\"\n2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs\n2053268 - inability to detect static lifecycle failure\n2053314 - requestheader IDP test doesn\u0027t wait for cleanup, causing high failure rates\n2053323 - OpenShift-Ansible BYOH Unit Tests are Broken\n2053339 - Remove dev preview badge from IBM FlashSystem deployment windows\n2053751 - ztp-site-generate container is missing convenience entrypoint\n2053945 - [4.10] Failed to apply sriov policy on intel nics\n2054109 - Missing \"app\" label\n2054154 - RoleBinding in project without subject is causing \"Project access\" page to fail\n2054244 - Latest pipeline run should be listed on the top of the pipeline run list\n2054288 - console-master-e2e-gcp-console is broken\n2054562 - DPU network operator 4.10 branch need to sync with master\n2054897 - Unable to deploy hw-event-proxy operator\n2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently\n2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line\n2055371 - Remove Check which enforces summary_interval must match logSyncInterval\n2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11\n2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API\n2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured\n2056479 - ovirt-csi-driver-node pods are crashing intermittently\n2056572 - reconcilePrecaching error: cannot list resource \"clusterserviceversions\" in API group \"operators.coreos.com\" at the cluster scope\"\n2056629 - [4.10] EFS CSI driver can\u0027t unmount volumes with \"wait: no child processes\"\n2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs\n2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation\n2056948 - post 1.23 rebase: regression in service-load balancer reliability\n2057438 - Service Level Agreement (SLA) always show \u0027Unknown\u0027\n2057721 - Fix Proxy support in RHACM 2.4.2\n2057724 - Image creation fails when NMstateConfig CR is empty\n2058641 - [4.10] Pod density test causing problems when using kube-burner\n2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install\n2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials\n2060956 - service domain can\u0027t be resolved when networkpolicy is used in OCP 4.10-rc\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3577\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2017-14502\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2018-1000858\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-9952\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-25660\nhttps://access.redhat.com/security/cve/CVE-2020-25677\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27781\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/cve/CVE-2021-3516\nhttps://access.redhat.com/security/cve/CVE-2021-3517\nhttps://access.redhat.com/security/cve/CVE-2021-3518\nhttps://access.redhat.com/security/cve/CVE-2021-3520\nhttps://access.redhat.com/security/cve/CVE-2021-3521\nhttps://access.redhat.com/security/cve/CVE-2021-3537\nhttps://access.redhat.com/security/cve/CVE-2021-3541\nhttps://access.redhat.com/security/cve/CVE-2021-3733\nhttps://access.redhat.com/security/cve/CVE-2021-3749\nhttps://access.redhat.com/security/cve/CVE-2021-20305\nhttps://access.redhat.com/security/cve/CVE-2021-21684\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/cve/CVE-2021-25215\nhttps://access.redhat.com/security/cve/CVE-2021-27218\nhttps://access.redhat.com/security/cve/CVE-2021-30666\nhttps://access.redhat.com/security/cve/CVE-2021-30761\nhttps://access.redhat.com/security/cve/CVE-2021-30762\nhttps://access.redhat.com/security/cve/CVE-2021-33928\nhttps://access.redhat.com/security/cve/CVE-2021-33929\nhttps://access.redhat.com/security/cve/CVE-2021-33930\nhttps://access.redhat.com/security/cve/CVE-2021-33938\nhttps://access.redhat.com/security/cve/CVE-2021-36222\nhttps://access.redhat.com/security/cve/CVE-2021-37750\nhttps://access.redhat.com/security/cve/CVE-2021-39226\nhttps://access.redhat.com/security/cve/CVE-2021-41190\nhttps://access.redhat.com/security/cve/CVE-2021-43813\nhttps://access.redhat.com/security/cve/CVE-2021-44716\nhttps://access.redhat.com/security/cve/CVE-2021-44717\nhttps://access.redhat.com/security/cve/CVE-2022-0532\nhttps://access.redhat.com/security/cve/CVE-2022-21673\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL\n0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne\neGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM\nCEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF\naDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC\nY/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp\nsQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO\nRDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN\nrs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry\nbSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z\n7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT\nb5PUYUBIZLc=\n=GUDA\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.6 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug fixes:\n\n* RHACM 2.1.6 images (BZ#1940581)\n\n* When generating the import cluster string, it can include unescaped\ncharacters (BZ#1934184)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1929338 - CVE-2020-35149 mquery: Code injection via merge or clone operation\n1934184 - When generating the import cluster string, it can include unescaped characters\n1940581 - RHACM 2.1.6 images\n\n5. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n\n6. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-httpd-2.4.37-70.jbcs.el7.src.rpm\njbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.src.rpm\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.src.rpm\njbcs-httpd24-mod_jk-1.2.48-13.redhat_1.jbcs.el7.src.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.src.rpm\njbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.src.rpm\njbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.src.rpm\njbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.37-70.jbcs.el7.noarch.rpm\n\nppc64:\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.ppc64.rpm\n\nx86_64:\njbcs-httpd24-httpd-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-manual-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.2-60.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_session-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1g-6.jbcs.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nSecurity Fix(es):\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to\npanic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names\n(CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if\nfirst one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error\nif passed inputs with very large exponents (CVE-2021-33198)\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a\ncustom TokenReader (CVE-2021-27918)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a\nvery large header (CVE-2021-31525)\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (CVE-2021-33196)\n\nIt was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196\nhave been incorrectly mentioned as fixed in RHSA for Serverless client kn\n1.16.0. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1983651 - Release of OpenShift Serverless Serving 1.17.0\n1983654 - Release of OpenShift Serverless Eventing 1.17.0\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196\n\n5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-3450"
      },
      {
        "db": "VULHUB",
        "id": "VHN-388430"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-3450"
      },
      {
        "db": "PACKETSTORM",
        "id": "162694"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "162383"
      },
      {
        "db": "PACKETSTORM",
        "id": "166279"
      },
      {
        "db": "PACKETSTORM",
        "id": "162183"
      },
      {
        "db": "PACKETSTORM",
        "id": "162337"
      },
      {
        "db": "PACKETSTORM",
        "id": "162196"
      },
      {
        "db": "PACKETSTORM",
        "id": "162201"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-3450",
        "trust": 2.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-389290",
        "trust": 1.2
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/03/28/3",
        "trust": 1.2
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/03/27/2",
        "trust": 1.2
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/03/28/4",
        "trust": 1.2
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/03/27/1",
        "trust": 1.2
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-05",
        "trust": 1.2
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-09",
        "trust": 1.2
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-08",
        "trust": 1.2
      },
      {
        "db": "PULSESECURE",
        "id": "SA44845",
        "trust": 1.2
      },
      {
        "db": "MCAFEE",
        "id": "SB10356",
        "trust": 1.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162337",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162196",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162383",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162201",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162183",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162151",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162197",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162189",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162172",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162307",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162200",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162013",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162041",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162699",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-388430",
        "trust": 0.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-069-09",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-3450",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162694",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163747",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166279",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164192",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-388430"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-3450"
      },
      {
        "db": "PACKETSTORM",
        "id": "162694"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "162383"
      },
      {
        "db": "PACKETSTORM",
        "id": "166279"
      },
      {
        "db": "PACKETSTORM",
        "id": "162183"
      },
      {
        "db": "PACKETSTORM",
        "id": "162337"
      },
      {
        "db": "PACKETSTORM",
        "id": "162196"
      },
      {
        "db": "PACKETSTORM",
        "id": "162201"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3450"
      }
    ]
  },
  "id": "VAR-202103-1463",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-388430"
      }
    ],
    "trust": 0.38583214499999996
  },
  "last_update_date": "2024-07-23T21:05:39.679000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2021/03/25/openssl_bug_fix/"
      },
      {
        "title": "Red Hat: CVE-2021-3450",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-3450"
      },
      {
        "title": "IBM: Security Bulletin: OpenSSL Vulnerabilities Affect IBM Sterling Connect:Express for UNIX (CVE-2021-3449, CVE-2021-3450)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=084930e972e3fa390ca483e019684fa8"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202103-10] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202103-10"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2021-1622",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1622"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-3450 log"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-openssl-2021-ghy28djd"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus 8.13.2 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-05"
      },
      {
        "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-117"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-09"
      },
      {
        "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-119"
      },
      {
        "title": "IBM: Security Bulletin: Vulnerabilities in XStream,  Java,  OpenSSL, WebSphere Application Server Liberty and Node.js affect IBM Spectrum Control",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=928e1f86fc9400462623e646ce4f11d9"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220056 - security advisory"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
      },
      {
        "title": "yr_of_the_jellyfish",
        "trust": 0.1,
        "url": "https://github.com/rnbochsr/yr_of_the_jellyfish "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/tianocore-docs/thirdpartysecurityadvisories "
      },
      {
        "title": "tekton-image-scan-trivy",
        "trust": 0.1,
        "url": "https://github.com/vinamra28/tekton-image-scan-trivy "
      },
      {
        "title": "TASSL-1.1.1k",
        "trust": 0.1,
        "url": "https://github.com/jntass/tassl-1.1.1k "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/scholarnishu/trivy-by-aquasecurity "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/teresaweber685/book_list "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/isgo-golgo13/gokit-gorillakit-enginesvc "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/fredrkl/trivy-demo "
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/openssl-fixes-severe-dos-certificate-validation-vulnerabilities/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-3450"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-295",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-388430"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3450"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.3,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd"
      },
      {
        "trust": 1.2,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
      },
      {
        "trust": 1.2,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845"
      },
      {
        "trust": 1.2,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013"
      },
      {
        "trust": 1.2,
        "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
      },
      {
        "trust": 1.2,
        "url": "https://www.openssl.org/news/secadv/20210325.txt"
      },
      {
        "trust": 1.2,
        "url": "https://www.tenable.com/security/tns-2021-05"
      },
      {
        "trust": 1.2,
        "url": "https://www.tenable.com/security/tns-2021-08"
      },
      {
        "trust": 1.2,
        "url": "https://www.tenable.com/security/tns-2021-09"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/202103-03"
      },
      {
        "trust": 1.2,
        "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-march/000198.html"
      },
      {
        "trust": 1.2,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
      },
      {
        "trust": 1.2,
        "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
      },
      {
        "trust": 1.2,
        "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
      },
      {
        "trust": 1.2,
        "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
      },
      {
        "trust": 1.0,
        "url": "https://access.redhat.com/security/cve/cve-2021-3450"
      },
      {
        "trust": 0.9,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/cve/cve-2021-3449"
      },
      {
        "trust": 0.9,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-20305"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-20454"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-1000858"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-13050"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-14889"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-1730"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-19906"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-13627"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-20843"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-15903"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-15358"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3520"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-13434"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3537"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3518"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-29362"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3516"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-14502"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-9169"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-29361"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3517"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3541"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3326"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-25013"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-8927"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-29363"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-10228"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-27618"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8286"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-28196"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8285"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-20271"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-2708"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8284"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3347"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-28374"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-27364"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26708"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-27152"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-27363"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-27365"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-0466"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-26708"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-27218"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3121"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/295.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20907"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7595"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13632"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8492"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16168"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13630"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20387"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.5/html/serverless_applications/index"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3115"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16935"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19221"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-6405"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20388"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3114"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2021"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13631"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8492"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5018"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19956"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13632"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14422"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6405"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20218"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7595"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20916"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28469"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28500"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29418"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33034"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28092"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33909"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27219"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29482"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23337"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-32399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27358"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23369"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21321"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23368"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11668"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23364"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23343"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21309"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33502"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23841"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28918"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28851"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3560"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33033"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25217"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3016"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3377"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21272"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29477"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27292"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23346"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29478"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11668"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33623"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21322"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23382"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33910"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23358"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15586"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23358"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-16845"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28362"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1448"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9925"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9802"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33938"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8783"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9895"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8625"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44716"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8812"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8812"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3899"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8819"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43813"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8720"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9893"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33930"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8782"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8808"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3902"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24407"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25215"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3900"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30761"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33928"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9805"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8820"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9807"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8769"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-37750"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8813"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9850"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27781"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8811"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0055"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22947"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9803"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9862"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3577"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3749"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3885"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15503"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-41190"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10018"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25660"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8764"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3733"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8844"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3864"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21684"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3862"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0056"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8811"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3901"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39226"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8823"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8808"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3895"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11793"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0532"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9894"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8816"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9843"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3897"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9806"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8814"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8743"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33929"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9915"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36222"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8815"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8813"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8783"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20807"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9952"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22946"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21673"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3868"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8846"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3894"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25677"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30666"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8782"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3521"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1196"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20218"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1369"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35149"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35149"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14040"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1199"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1202"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33196"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33196"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33198"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-31525"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-34558"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3556"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33197"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3421"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3703"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-388430"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-3450"
      },
      {
        "db": "PACKETSTORM",
        "id": "162694"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "162383"
      },
      {
        "db": "PACKETSTORM",
        "id": "166279"
      },
      {
        "db": "PACKETSTORM",
        "id": "162183"
      },
      {
        "db": "PACKETSTORM",
        "id": "162337"
      },
      {
        "db": "PACKETSTORM",
        "id": "162196"
      },
      {
        "db": "PACKETSTORM",
        "id": "162201"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3450"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-388430"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-3450"
      },
      {
        "db": "PACKETSTORM",
        "id": "162694"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "162383"
      },
      {
        "db": "PACKETSTORM",
        "id": "166279"
      },
      {
        "db": "PACKETSTORM",
        "id": "162183"
      },
      {
        "db": "PACKETSTORM",
        "id": "162337"
      },
      {
        "db": "PACKETSTORM",
        "id": "162196"
      },
      {
        "db": "PACKETSTORM",
        "id": "162201"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3450"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-03-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-388430"
      },
      {
        "date": "2021-03-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-3450"
      },
      {
        "date": "2021-05-19T14:19:18",
        "db": "PACKETSTORM",
        "id": "162694"
      },
      {
        "date": "2021-08-06T14:02:37",
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "date": "2021-04-29T14:37:49",
        "db": "PACKETSTORM",
        "id": "162383"
      },
      {
        "date": "2022-03-11T16:38:38",
        "db": "PACKETSTORM",
        "id": "166279"
      },
      {
        "date": "2021-04-14T16:40:32",
        "db": "PACKETSTORM",
        "id": "162183"
      },
      {
        "date": "2021-04-26T19:21:56",
        "db": "PACKETSTORM",
        "id": "162337"
      },
      {
        "date": "2021-04-15T13:49:54",
        "db": "PACKETSTORM",
        "id": "162196"
      },
      {
        "date": "2021-04-15T13:50:39",
        "db": "PACKETSTORM",
        "id": "162201"
      },
      {
        "date": "2021-09-17T16:04:56",
        "db": "PACKETSTORM",
        "id": "164192"
      },
      {
        "date": "2021-03-25T15:15:13.560000",
        "db": "NVD",
        "id": "CVE-2021-3450"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-388430"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-3450"
      },
      {
        "date": "2023-11-07T03:38:00.923000",
        "db": "NVD",
        "id": "CVE-2021-3450"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat Security Advisory 2021-2021-01",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162694"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162694"
      },
      {
        "db": "PACKETSTORM",
        "id": "162383"
      }
    ],
    "trust": 0.2
  }
}

var-200110-0342
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: PGP 8.1

iQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I otH/juFiPayhwdxQwX1pZwdm =e4BA -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDKSA-2006:172 http://www.mandriva.com/security/

Package : openssl Date : September 28, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0

Problem Description:

Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).

During the parsing of certain invalid ASN1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory. (CVE-2006-2937)

Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. (CVE-2006-2940)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. (CVE-2006-3738)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code. (CVE-2006-4343)

Updated packages are patched to address these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0342",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.2.6-p1"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.3.2-p1"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. Henson  of the OpenSSL core team and Open Network Security is credited  with the discovery of this vulnerability. He created the test suite that uncovered this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-2937",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nReferences: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I\notH/juFiPayhwdxQwX1pZwdm\n=e4BA\n-----END PGP SIGNATURE-----\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                         MDKSA-2006:172\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : openssl\n Date    : September 28, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n Dr S N Henson of the OpenSSL core team and Open Network Security\n recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). \n\n During the parsing of certain invalid ASN1 structures an error\n condition is mishandled. This can result in an infinite loop which\n consumes system memory. (CVE-2006-2937)\n\n Certain types of public key can take disproportionate amounts of time\n to process. This could be used by an attacker in a denial of service\n attack. (CVE-2006-2940)\n\n Tavis Ormandy and Will Drewry of the Google Security Team discovered a\n buffer overflow in the SSL_get_shared_ciphers utility function, used by\n some applications such as exim and mysql.  An attacker could send a\n list of ciphers that would overrun a buffer. (CVE-2006-3738)\n\n Tavis Ormandy and Will Drewry of the Google Security Team discovered a\n possible DoS in the sslv2 client code. (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      }
    ],
    "trust": 4.95
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 2.3
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200110-0342",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-04-20T19:49:59.696000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "BIND 9: OpenSSL Vulnerabilities",
        "trust": 0.8,
        "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "title": "102759",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  }
}

var-201012-0193
Vulnerability from variot

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL is prone to a security weakness that may allow attackers to downgrade the ciphersuite. Successfully exploiting this issue in conjunction with other latent vulnerabilities may allow attackers to gain access to sensitive information or gain unauthorized access to an affected application that uses OpenSSL. Releases prior to OpenSSL 1.0.0c are affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02824483 Version: 1

HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-05-05 Last Updated: 2011-05-05

Potential Security Impact: Remote Denial of Service (DoS), Unauthorized disclosure of information, unauthorized modification

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses.

References: CVE-2011-0014, CVE-2010-4180, CVE-2010-4252, CVE-2010-3864

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS v 1.4 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-4180 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2010-4252 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-3864 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

HP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers: http://h71000.www7.hp.com/openvms/products/ssl/ssl.html

HISTORY Version:1 (rev.1) - 5 May 2011 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                    VMware Security Advisory

Advisory ID: VMSA-2011-0013 Synopsis: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Issue date: 2011-10-27 Updated on: 2011-10-27 (initial release of advisory) CVE numbers: --- openssl --- CVE-2008-7270 CVE-2010-4180 --- libuser --- CVE-2011-0002 --- nss, nspr --- CVE-2010-3170 CVE-2010-3173 --- Oracle (Sun) JRE 1.6.0 --- CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467 CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475 CVE-2010-4476 --- Oracle (Sun) JRE 1.5.0 --- CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454 CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468 CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476 CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864 CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867 CVE-2011-0865 --- SFCB --- CVE-2010-2054

  1. Summary

Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues.

  1. Relevant releases

vCenter Server 4.1 without Update 2

vCenter Update Manager 4.1 without Update 2

ESXi 4.1 without patch ESX410-201110201-SG.

ESX 4.1 without patches ESX410-201110201-SG, ESX410-201110204-SG, ESX410-201110206-SG,ESX410-201110214-SG.

  1. Problem Description

a. ESX third party update for Service Console openssl RPM

The Service Console openssl RPM is updated to
openssl-0.9.8e.12.el5_5.7 resolving two security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-7270 and CVE-2010-4180 to these
issues.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware      Product     Running     Replace with/
Product     Version     on          Apply Patch
=========   ========    =======     =================
vCenter     any         Windows     not affected

hosted*     any         any         not affected

ESXi        any         any         not affected

ESX         4.1         ESX         ESX410-201110204-SG
ESX         4.0         ESX         patch pending
ESX         3.5         ESX         not applicable
ESX         3.0.3       ESX         not applicable
  • hosted products are VMware Workstation, Player, ACE, Fusion.

b. ESX third party update for Service Console libuser RPM

The Service Console libuser RPM is updated to version
0.54.7-2.1.el5_5.2 to resolve a security issue.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2011-0002 to this issue.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware      Product     Running     Replace with/
Product     Version     on          Apply Patch
=========   ========    =======     =================
vCenter     any         Windows     not affected

hosted*     any         any         not affected

ESXi        any         ESXi        not affected

ESX         4.1         ESX         ESX410-201110206-SG
ESX         4.0         ESX         patch pending
ESX         3.5         ESX         not applicable
ESX         3.0.3       ESX         not applicable
  • hosted products are VMware Workstation, Player, ACE, Fusion.

c. ESX third party update for Service Console nss and nspr RPMs

The Service Console Network Security Services (NSS) and Netscape
Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1
and nss-3.12.8-4 resolving multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3170 and CVE-2010-3173 to these
issues.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware      Product     Running     Replace with/
Product     Version     on          Apply Patch
=========   ========    =======     =================
vCenter     any         Windows     not affected

hosted*     any         any         not affected

ESXi        any         ESXi        not affected

ESX         4.1         ESX         ESX410-201110214-SG
ESX         4.0         ESX         patch pending
ESX         3.5         ESX         not applicable
ESX         3.0.3       ESX         not applicable
  • hosted products are VMware Workstation, Player, ACE, Fusion.

d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24

Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,
CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454,
CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466,
CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470,
CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474,
CVE-2010-4475 and CVE-2010-4476.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548,
CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552,
CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556,
CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560,
CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,
CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569,
CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and
CVE-2010-3574.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        5.0       Windows  not affected
vCenter        4.1       Windows  Update 2
vCenter        4.0       Windows  not applicable **
VirtualCenter  2.5       Windows  not applicable **

Update Manager 5.0       Windows  not affected
Update Manager 4.1       Windows  not applicable **
Update Manager 4.0       Windows  not applicable **

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      ESX410-201110201-SG
ESX            4.0       ESX      not applicable **
ESX            3.5       ESX      not applicable **
ESX            3.0.3     ESX      not applicable **
  • hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.5.0 family

e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30

Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873,
CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814,
CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448,
CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465,
CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473,
CVE-2010-4475, CVE-2010-4476.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        5.0       Windows  not applicable **
vCenter        4.1       Windows  not applicable **
vCenter        4.0       Windows  patch pending
VirtualCenter  2.5       Windows  patch pending

Update Manager 5.0       Windows  not applicable **
Update Manager 4.1       Windows  Update 2
Update Manager 4.0       Windows  patch pending

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      not applicable **
ESX            4.0       ESX      patch pending
ESX            3.5       ESX      patch pending
ESX            3.0.3     ESX      affected, no patch planned
  • hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.6.0 family

f. Integer overflow in VMware third party component sfcb

This release resolves an integer overflow issue present in the
third party library SFCB when the httpMaxContentLength has been
changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. 
The integer overflow could allow remote attackers to cause a
denial of service (heap memory corruption) or possibly execute
arbitrary code via a large integer in the Content-Length HTTP
header.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-2054 to this issue.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware      Product     Running     Replace with/
Product     Version     on          Apply Patch
=========   ========    =======     =================
vCenter     any         Windows     not affected

hosted*     any         any         not affected

ESXi        5.0         ESXi        not affected
ESXi        4.1         ESXi        ESXi410-201110201-SG
ESXi        4.0         ESXi        not affected
ESXi        3.5         ESXi        not affected

ESX         4.1         ESX         ESX410-201110201-SG
ESX         4.0         ESX         not affected
ESX         3.5         ESX         not affected
ESX         3.0.3       ESX         not affected

  • hosted products are VMware Workstation, Player, ACE, Fusion.

  • Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

VMware vCenter Server 4.1

vCenter Server 4.1 Update 2 The download for vCenter Server includes VMware Update Manager.

Download link:

http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1

Release Notes:

http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html https://www.vmware.com/support/pubs/vum_pubs.html

File: VMware-VIMSetup-all-4.1.0-493063.iso md5sum: d132326846a85bfc9ebbc53defeee6e1 sha1sum: 192c3e5d2a10bbe53c025cc7eedb3133a23e0541

File: VMware-VIMSetup-all-4.1.0-493063.zip md5sum: 7fd7b09e501bd8fde52649b395491222 sha1sum: 46dd00e7c594ac672a5d7c3c27d15be2f5a5f1f1

File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef

VMware ESXi 4.1

VMware ESXi 4.1 Update 2

Download link:

http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1

Release Notes:

https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html

File: VMware-VMvisor-Installer-4.1.0.update02-502767.x86_64.iso md5sum: 0aa78790a336c5fc6ba3d9807c98bfea sha1sum: 7eebd34ab5bdc81401ae20dcf59a8f8ae22086ce

File: upgrade-from-esxi4.0-to-4.1-update02-502767.zip md5sum: 459d9142a885854ef0fa6edd8d6a5677 sha1sum: 75978b6f0fc3b0ccc63babe6a65cfde6ec420d33

File: upgrade-from-ESXi3.5-to-4.1_update02.502767.zip md5sum: 3047fac78a4aaa05cf9528d62fad9d73 sha1sum: dc99b6ff352ace77d5513b4c6d8a2cb7e766a09f

File: VMware-tools-linux-8.3.12-493255.iso md5sum: 63028f2bf605d26798ac24525a0e6208 sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932

File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef

VMware ESXi 4.1 Update 2 contains ESXi410-201110201-SG.

VMware ESX 4.1

VMware ESX 4.1 Update 2 Download link:

http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1

Release Notes:

http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html

File: ESX-4.1.0-update02-502767.iso md5sum: 9a2b524446cbd756f0f1c7d8d88077f8 sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c

File: pre-upgrade-from-esx4.0-to-4.1-502767.zip md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4

File: upgrade-from-esx4.0-to-4.1-update02-502767.zip md5sum: 4b60f36ee89db8cb7e1243aa02cdb549 sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f

File: VMware-tools-linux-8.3.12-493255.iso md5sum: 63028f2bf605d26798ac24525a0e6208 sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932

File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef

VMware ESX 4.1 Update 2 contains ESX410-201110204-SG, ESX410-201110206-SG, ESX410-201110201-SG and ESX410-201110214-SG.

  1. References

CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4451 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873

  1. Change log

2011-10-27 VMSA-2011-0013 Initial security advisory in conjunction with the release of Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27.

  1. Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

 * security-announce at lists.vmware.com
 * bugtraq at securityfocus.com
 * full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2011 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6qRrIACgkQDEcm8Vbi9kPemwCeM4Q4S8aRp8X/8/LQ8NGVdU8l lJkAmweROyq5t0iWwM0EN2iP9ly6trbc =Dm8O -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-01

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 09, 2011 Bugs: #303739, #308011, #322575, #332027, #345767, #347623, #354139, #382069 ID: 201110-01

Synopsis

Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks.

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.0e >= 1.0.0e

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0e"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues.

References

[ 1 ] CVE-2009-3245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245 [ 2 ] CVE-2009-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355 [ 3 ] CVE-2010-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433 [ 4 ] CVE-2010-0740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740 [ 5 ] CVE-2010-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742 [ 6 ] CVE-2010-1633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633 [ 7 ] CVE-2010-2939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939 [ 8 ] CVE-2010-3864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864 [ 9 ] CVE-2010-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180 [ 10 ] CVE-2010-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252 [ 11 ] CVE-2011-0014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014 [ 12 ] CVE-2011-3207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207 [ 13 ] CVE-2011-3210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201110-01.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Debian Security Advisory DSA-2141-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch January 06, 2011 http://www.debian.org/security/faq

Package : openssl Vulnerability : SSL/TLS insecure renegotiation protocol design flaw Problem type : remote Debian-specific: no CVE ID : CVE-2009-3555 CVE-2010-4180 Debian Bug : 555829

CVE-2009-3555:

Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue.

If openssl is used in a server application, it will by default no longer accept renegotiation from clients that do not support the RFC5746 secure renegotiation extension. A separate advisory will add RFC5746 support for nss, the security library used by the iceweasel web browser. For apache2, there will be an update which allows to re-enable insecure renegotiation.

This version of openssl is not compatible with older versions of tor. You have to use at least tor version 0.2.1.26-1~lenny+1, which has been included in the point release 5.0.7 of Debian stable.

Currently we are not aware of other software with similar compatibility problems.

CVE-2010-4180:

In addition, this update fixes a flaw that allowed a client to bypass restrictions configured in the server for the used cipher suite.

For the stable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny11.

For the unstable distribution (sid), and the testing distribution (squeeze), this problem has been fixed in version 0.9.8o-4.

We recommend that you upgrade your openssl package. In some cases the ciphersuite can be downgraded to a weaker one on subsequent connections.

The OpenSSL security team would like to thank Martin Rex for reporting this issue.

This vulnerability is tracked as CVE-2010-4180

OpenSSL JPAKE validation error

Sebastian Martini found an error in OpenSSL's J-PAKE implementation which could lead to successful validation by someone with no knowledge of the shared secret. This error is fixed in 1.0.0c. Details of the problem can be found here:

http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf

Note that the OpenSSL Team still consider our implementation of J-PAKE to be experimental and is not compiled by default.

Any OpenSSL based SSL/TLS server is vulnerable if it uses OpenSSL's internal caching mechanisms and the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG flag (many applications enable this by using the SSL_OP_ALL option).

All users of OpenSSL's experimental J-PAKE implementation are vulnerable to the J-PAKE validation error.

Alternatively do not set the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG and/or SSL_OP_ALL flags.

Users of OpenSSL 1.0.0 releases should update to the OpenSSL 1.0.0c release which contains a patch to correct this issue and also contains a corrected version of the CVE-2010-3864 vulnerability fix.

If upgrading is not immediately possible, the relevant source code patch provided in this advisory should be applied.

Any user of OpenSSL's J-PAKE implementaion (which is not compiled in by default) should upgrade to OpenSSL 1.0.0c.

Patch

Index: ssl/s3_clnt.c

RCS file: /v/openssl/cvs/openssl/ssl/s3_clnt.c,v retrieving revision 1.129.2.16 diff -u -r1.129.2.16 s3_clnt.c --- ssl/s3_clnt.c 10 Oct 2010 12:33:10 -0000 1.129.2.16 +++ ssl/s3_clnt.c 24 Nov 2010 14:32:37 -0000 @@ -866,8 +866,11 @@ s->session->cipher_id = s->session->cipher->id; if (s->hit && (s->session->cipher_id != c->id)) { +/ Workaround is now obsolete / +#if 0 if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) +#endif { al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); Index: ssl/s3_srvr.c =================================================================== RCS file: /v/openssl/cvs/openssl/ssl/s3_srvr.c,v retrieving revision 1.171.2.22 diff -u -r1.171.2.22 s3_srvr.c --- ssl/s3_srvr.c 14 Nov 2010 13:50:29 -0000 1.171.2.22 +++ ssl/s3_srvr.c 24 Nov 2010 14:34:28 -0000 @@ -985,6 +985,10 @@ break; } } +/ Disabled because it can be used in a ciphersuite downgrade + * attack: CVE-2010-4180. + / +#if 0 if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) { / Special case as client bug workaround: the previously used cipher may @@ -999,6 +1003,7 @@ j = 1; } } +#endif if (j == 0) { / we need to have the cipher in the cipher

References

URL for this Security Advisory: http://www.openssl.org/news/secadv_20101202.txt

URL for updated CVS-2010-3864 Security Advisory: http://www.openssl.org/news/secadv_20101116-2.txt

. HP Integrated Lights-Out 2 (iLO2) firmware versions 2.05 and earlier. HP Integrated Lights-Out 3 (iLO3) firmware versions 1.16 and earlier.

The latest firmware and installation instructions are available from the HP Business Support Center: http://www.hp.com/go/bizsupport

HP Integrated Lights-Out 2 (iLO2) Online ROM Flash Component for Linux and Windows v2.06 or subsequent.

HP Integrated Lights-Out 3 (iLO3) Online ROM Flash Component for Linux and Windows v1.20 or subsequent

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201012-0193",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "linux enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "11.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "0.9.2"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "10.10"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "9.04"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "13"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "11.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "11.4"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "14"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "8.04"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "11.3"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "6.06"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "11.2"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "10.04"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "efi",
        "version": null
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "3.0.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6 to  v10.6.7"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6 to  v10.6.7"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3 (x86)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3 (x86-64)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0 (x86-64)"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.31"
      },
      {
        "model": "cacheflow",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "blue coat",
        "version": "2.1.4.7"
      },
      {
        "model": "director",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "packetshaper",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "policycenter",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "proxyav",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "reporter",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "proxyone",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "proxysg",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "blue coat",
        "version": "6.1.2.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.8 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.8 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (server)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5.0 (client)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "rhel desktop workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (client)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.3.3"
      },
      {
        "model": "linux enterprise sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "5.2.4.3"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "integrated lights out",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "21.16"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0.4"
      },
      {
        "model": "hat jboss enterprise web server for rhel as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "41.0"
      },
      {
        "model": "coat systems proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "3.2"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.1"
      },
      {
        "model": "hat jboss enterprise web server for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "61.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "syslog-ng premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "balabit",
        "version": "3.0.6"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "voice portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "syslog-ng premium edition 3.2.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "balabit",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.7"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "coat systems proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "3.2.6.1"
      },
      {
        "model": "hat enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.3"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.8"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.2.6"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "coat systems cacheflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "2.1.47"
      },
      {
        "model": "linux enterprise server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "coat systems policy center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8.6"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.11"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "syslog-ng premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "balabit",
        "version": "3.2"
      },
      {
        "model": "coat systems proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "5.2.4.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "5.2.2.5"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "integrated lights out",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "32.05"
      },
      {
        "model": "edirectory sp6 patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.83"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.0"
      },
      {
        "model": "hat jboss enterprise web server for rhel",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "red",
        "version": "61.0.2"
      },
      {
        "model": "hat enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "edirectory sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.8"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.2"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "5.2.4.8"
      },
      {
        "model": "coat systems proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "2.4.2"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "edirectory sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.8"
      },
      {
        "model": "linux armel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.3"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "coat systems proxyone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "0"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.2"
      },
      {
        "model": "hat enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "voice portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.32"
      },
      {
        "model": "intuity audix lx sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5300-06"
      },
      {
        "model": "onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.31"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "edirectory sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.8"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5200-10"
      },
      {
        "model": "syslog-ng premium edition 3.2.1b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "balabit",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.1"
      },
      {
        "model": "coat systems packetshaper",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8.7.1"
      },
      {
        "model": "hat jboss enterprise web server for rhel server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "51.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux enterprise sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "5.2.6"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "enterprise linux desktop version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.4"
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "appliance platform linux service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "syslog-ng premium edition 3.0.7a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "balabit",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "hat jboss enterprise web server for solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "red",
        "version": "1.0.2"
      },
      {
        "model": "linux enterprise server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "coat systems policy center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8.7.1"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "message networking sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.2.6.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.2"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "messaging storage server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.9"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "hat jboss enterprise web server for rhel es",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "red",
        "version": "41.0.2"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "hat jboss enterprise web server for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "red",
        "version": "1.0.2"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.6"
      },
      {
        "model": "linux enterprise desktop sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "coat systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "5.2.2.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.12"
      },
      {
        "model": "hat enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "aix l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.0"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "hat enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "syslog-ng premium edition 4.0.1a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "balabit",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.2.8.7"
      },
      {
        "model": "coat systems policy center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8.7"
      },
      {
        "model": "appliance platform linux service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "2"
      },
      {
        "model": "hat jboss enterprise web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "5.2.2.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "edirectory sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.8"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "coat systems proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "2.4.2.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "syslog-ng premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "balabit",
        "version": "4.0.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "linux enterprise desktop sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.3"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "hat jboss enterprise web server for rhel as",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "red",
        "version": "41.0.2"
      },
      {
        "model": "coat systems packetshaper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8.3.2"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "linux enterprise teradata sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "syslog-ng premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "balabit",
        "version": "3.0.7"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "hat enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat jboss enterprise web server for rhel server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "red",
        "version": "51.0.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.3"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.2"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "hat jboss enterprise web server for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "1.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.0"
      },
      {
        "model": "coat systems proxysg",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.1.21"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.2.1.6"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "syslog-ng premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "balabit",
        "version": "3.0.5"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "coat systems proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "3.2.6.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.7"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "hat jboss enterprise web server for rhel es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "41.0"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.8"
      },
      {
        "model": "hat enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "11.0"
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "intuity audix lx sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5"
      },
      {
        "model": "linux lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "coat systems cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "2.1.46"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "hat enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.2.10"
      },
      {
        "model": "edirectory sp5 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.84"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "aix l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.10"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "edirectory sp4 ftf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.8"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "edirectory sp5 ftf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.8"
      },
      {
        "model": "aura conferencing standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "intuity audix lx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "hat jboss enterprise web server for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "1.0"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "edirectory sp3 ftf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.8"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "aix l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.21"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "coat systems packetshaper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8.4"
      },
      {
        "model": "jboss enterprise web server el4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "edirectory sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.8"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "BID",
        "id": "45164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002548"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4180"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.0c",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.8q",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-4180"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Martin Rex",
    "sources": [
      {
        "db": "BID",
        "id": "45164"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-4180",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2010-4180",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-4180",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2010-4180",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-4180"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002548"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4180"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL is prone to a security weakness that may allow attackers to downgrade the ciphersuite. \nSuccessfully exploiting this issue in conjunction with other latent vulnerabilities may allow attackers to gain access to sensitive information or gain unauthorized access to an affected application that uses OpenSSL. \nReleases prior to OpenSSL 1.0.0c are affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02824483\nVersion: 1\n\nHPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-05-05\nLast Updated: 2011-05-05\n\nPotential Security Impact: Remote Denial of Service (DoS), Unauthorized disclosure of information, unauthorized modification\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses. \n\nReferences: CVE-2011-0014, CVE-2010-4180, CVE-2010-4252, CVE-2010-3864\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL for OpenVMS v 1.4 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2011-0014    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2010-4180    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2010-4252    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2010-3864    (AV:N/AC:H/Au:N/C:C/I:C/A:C)       7.6\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nHP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers:\nhttp://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\nHISTORY\nVersion:1 (rev.1) - 5 May 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n    -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n    -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n                        VMware Security Advisory\n\nAdvisory ID: VMSA-2011-0013\nSynopsis:    VMware third party component updates for VMware vCenter\n             Server, vCenter Update Manager, ESXi and ESX\nIssue date:  2011-10-27\nUpdated on:  2011-10-27 (initial release of advisory)\nCVE numbers: --- openssl ---\n             CVE-2008-7270 CVE-2010-4180\n             --- libuser ---\n             CVE-2011-0002\n             --- nss, nspr ---\n             CVE-2010-3170 CVE-2010-3173\n             --- Oracle (Sun) JRE 1.6.0 ---\n             CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549\n             CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553\n             CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557\n             CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561\n             CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566\n             CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570\n             CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574\n             CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450\n             CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462\n             CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467\n             CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471\n             CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475\n             CVE-2010-4476\n             --- Oracle (Sun) JRE 1.5.0 ---\n             CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454\n             CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468\n             CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476\n             CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864\n             CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867\n             CVE-2011-0865\n             --- SFCB ---\n             CVE-2010-2054\n- ------------------------------------------------------------------------\n\n1. Summary\n\n   Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere\n   Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues. \n\n2. Relevant releases\n\n   vCenter Server 4.1 without Update 2\n\n   vCenter Update Manager 4.1 without Update 2\n\n   ESXi 4.1 without patch ESX410-201110201-SG. \n\n   ESX 4.1 without patches ESX410-201110201-SG,\n   ESX410-201110204-SG, ESX410-201110206-SG,ESX410-201110214-SG. \n\n3. Problem Description\n\n a. ESX third party update for Service Console openssl RPM\n\n    The Service Console openssl RPM is updated to\n    openssl-0.9.8e.12.el5_5.7 resolving two security issues. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2008-7270 and CVE-2010-4180 to these\n    issues. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware      Product     Running     Replace with/\n    Product     Version     on          Apply Patch\n    =========   ========    =======     =================\n    vCenter     any         Windows     not affected\n\n    hosted*     any         any         not affected\n\n    ESXi        any         any         not affected\n\n    ESX         4.1         ESX         ESX410-201110204-SG\n    ESX         4.0         ESX         patch pending\n    ESX         3.5         ESX         not applicable\n    ESX         3.0.3       ESX         not applicable\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n b. ESX third party update for Service Console libuser RPM\n\n    The Service Console libuser RPM is updated to version\n    0.54.7-2.1.el5_5.2 to resolve a security issue. \n\n    The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n    has assigned the name CVE-2011-0002 to this issue. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware      Product     Running     Replace with/\n    Product     Version     on          Apply Patch\n    =========   ========    =======     =================\n    vCenter     any         Windows     not affected\n\n    hosted*     any         any         not affected\n\n    ESXi        any         ESXi        not affected\n\n    ESX         4.1         ESX         ESX410-201110206-SG\n    ESX         4.0         ESX         patch pending\n    ESX         3.5         ESX         not applicable\n    ESX         3.0.3       ESX         not applicable\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n c. ESX third party update for Service Console nss and nspr RPMs\n\n    The Service Console Network Security Services (NSS) and Netscape\n    Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1\n    and nss-3.12.8-4 resolving multiple security issues. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2010-3170 and CVE-2010-3173 to these\n    issues. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware      Product     Running     Replace with/\n    Product     Version     on          Apply Patch\n    =========   ========    =======     =================\n    vCenter     any         Windows     not affected\n\n    hosted*     any         any         not affected\n\n    ESXi        any         ESXi        not affected\n\n    ESX         4.1         ESX         ESX410-201110214-SG\n    ESX         4.0         ESX         patch pending\n    ESX         3.5         ESX         not applicable\n    ESX         3.0.3       ESX         not applicable\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24\n\n    Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses\n    multiple security issues that existed in earlier releases of\n    Oracle (Sun) JRE. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following names to the security issues fixed in\n    JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,\n    CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454,\n    CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466,\n    CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470,\n    CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474,\n    CVE-2010-4475 and CVE-2010-4476. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following names to the security issues fixed in\n    JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548,\n    CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552,\n    CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556,\n    CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560,\n    CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,\n    CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569,\n    CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and\n    CVE-2010-3574. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        5.0       Windows  not affected\n    vCenter        4.1       Windows  Update 2\n    vCenter        4.0       Windows  not applicable **\n    VirtualCenter  2.5       Windows  not applicable **\n\n    Update Manager 5.0       Windows  not affected\n    Update Manager 4.1       Windows  not applicable **\n    Update Manager 4.0       Windows  not applicable **\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      ESX410-201110201-SG\n    ESX            4.0       ESX      not applicable **\n    ESX            3.5       ESX      not applicable **\n    ESX            3.0.3     ESX      not applicable **\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.5.0 family\n\n e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30\n\n    Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses\n    multiple security issues that existed in earlier releases of\n    Oracle (Sun) JRE. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following names to the security issues fixed in\n    Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873,\n    CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814,\n    CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following names to the security issues fixed in\n    Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448,\n    CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465,\n    CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473,\n    CVE-2010-4475, CVE-2010-4476. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        5.0       Windows  not applicable **\n    vCenter        4.1       Windows  not applicable **\n    vCenter        4.0       Windows  patch pending\n    VirtualCenter  2.5       Windows  patch pending\n\n    Update Manager 5.0       Windows  not applicable **\n    Update Manager 4.1       Windows  Update 2\n    Update Manager 4.0       Windows  patch pending\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      not applicable **\n    ESX            4.0       ESX      patch pending\n    ESX            3.5       ESX      patch pending\n    ESX            3.0.3     ESX      affected, no patch planned\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.6.0 family\n\n f. Integer overflow in VMware third party component sfcb\n\n    This release resolves an integer overflow issue present in the\n    third party library SFCB when the httpMaxContentLength has been\n    changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. \n    The integer overflow could allow remote attackers to cause a\n    denial of service (heap memory corruption) or possibly execute\n    arbitrary code via a large integer in the Content-Length HTTP\n    header. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2010-2054 to this issue. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware      Product     Running     Replace with/\n    Product     Version     on          Apply Patch\n    =========   ========    =======     =================\n    vCenter     any         Windows     not affected\n\n    hosted*     any         any         not affected\n\n    ESXi        5.0         ESXi        not affected\n    ESXi        4.1         ESXi        ESXi410-201110201-SG\n    ESXi        4.0         ESXi        not affected\n    ESXi        3.5         ESXi        not affected\n\n    ESX         4.1         ESX         ESX410-201110201-SG\n    ESX         4.0         ESX         not affected\n    ESX         3.5         ESX         not affected\n    ESX         3.0.3       ESX         not affected\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n4. Solution\n   Please review the patch/release notes for your product and version\n   and verify the checksum of your downloaded file. \n\n   VMware vCenter Server 4.1\n   ----------------------------------------------\n   vCenter Server 4.1 Update 2\n   The download for vCenter Server includes VMware Update Manager. \n\n   Download link:\n\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1\n\n   Release Notes:\n\nhttp://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html\n   https://www.vmware.com/support/pubs/vum_pubs.html\n\n   File: VMware-VIMSetup-all-4.1.0-493063.iso\n   md5sum: d132326846a85bfc9ebbc53defeee6e1\n   sha1sum: 192c3e5d2a10bbe53c025cc7eedb3133a23e0541\n\n   File: VMware-VIMSetup-all-4.1.0-493063.zip\n   md5sum: 7fd7b09e501bd8fde52649b395491222\n   sha1sum: 46dd00e7c594ac672a5d7c3c27d15be2f5a5f1f1\n\n   File: VMware-viclient-all-4.1.0-491557.exe\n   md5sum: dafd31619ae66da65115ac3900697e3a\n   sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef\n\n   VMware ESXi 4.1\n   ---------------\n   VMware ESXi 4.1 Update 2\n\n   Download link:\n\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1\n\n   Release Notes:\n\nhttps://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html\n\n   File: VMware-VMvisor-Installer-4.1.0.update02-502767.x86_64.iso\n   md5sum: 0aa78790a336c5fc6ba3d9807c98bfea\n   sha1sum: 7eebd34ab5bdc81401ae20dcf59a8f8ae22086ce\n\n   File: upgrade-from-esxi4.0-to-4.1-update02-502767.zip\n   md5sum: 459d9142a885854ef0fa6edd8d6a5677\n   sha1sum: 75978b6f0fc3b0ccc63babe6a65cfde6ec420d33\n\n   File: upgrade-from-ESXi3.5-to-4.1_update02.502767.zip\n   md5sum: 3047fac78a4aaa05cf9528d62fad9d73\n   sha1sum: dc99b6ff352ace77d5513b4c6d8a2cb7e766a09f\n\n   File: VMware-tools-linux-8.3.12-493255.iso\n   md5sum: 63028f2bf605d26798ac24525a0e6208\n   sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932\n\n   File: VMware-viclient-all-4.1.0-491557.exe\n   md5sum: dafd31619ae66da65115ac3900697e3a\n   sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef\n\n   VMware ESXi 4.1 Update 2 contains ESXi410-201110201-SG. \n\n   VMware ESX 4.1\n   --------------\n   VMware ESX 4.1 Update 2\n   Download link:\n\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1\n\n   Release Notes:\n\nhttp://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html\n\n   File: ESX-4.1.0-update02-502767.iso\n   md5sum: 9a2b524446cbd756f0f1c7d8d88077f8\n   sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c\n\n   File: pre-upgrade-from-esx4.0-to-4.1-502767.zip\n   md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf\n   sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4\n\n   File: upgrade-from-esx4.0-to-4.1-update02-502767.zip\n   md5sum: 4b60f36ee89db8cb7e1243aa02cdb549\n   sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f\n\n   File: VMware-tools-linux-8.3.12-493255.iso\n   md5sum: 63028f2bf605d26798ac24525a0e6208\n   sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932\n\n   File: VMware-viclient-all-4.1.0-491557.exe\n   md5sum: dafd31619ae66da65115ac3900697e3a\n   sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef\n\n   VMware ESX 4.1 Update 2 contains ESX410-201110204-SG,\n   ESX410-201110206-SG, ESX410-201110201-SG and\n   ESX410-201110214-SG. \n\n5. References\n\n   CVE numbers\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7270\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2054\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4422\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4451\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4463\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4467\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4474\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0002\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873\n\n- ------------------------------------------------------------------------\n6. Change log\n\n   2011-10-27 VMSA-2011-0013\n   Initial security advisory in conjunction with the release of\n   Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1,\n   vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\n   E-mail list for product security notifications and announcements:\n   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n   This Security Advisory is posted to the following lists:\n\n     * security-announce at lists.vmware.com\n     * bugtraq at securityfocus.com\n     * full-disclosure at lists.grok.org.uk\n\n   E-mail:  security at vmware.com\n   PGP key at: http://kb.vmware.com/kb/1055\n\n   VMware Security Advisories\n   http://www.vmware.com/security/advisories\n\n   VMware security response policy\n   http://www.vmware.com/support/policies/security_response.html\n\n   General support life cycle policy\n   http://www.vmware.com/support/policies/eos.html\n\n   VMware Infrastructure support life cycle policy\n   http://www.vmware.com/support/policies/eos_vi.html\n\n   Copyright 2011 VMware Inc.  All rights reserved. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n\niEYEARECAAYFAk6qRrIACgkQDEcm8Vbi9kPemwCeM4Q4S8aRp8X/8/LQ8NGVdU8l\nlJkAmweROyq5t0iWwM0EN2iP9ly6trbc\n=Dm8O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201110-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: October 09, 2011\n     Bugs: #303739, #308011, #322575, #332027, #345767, #347623,\n           #354139, #382069\n       ID: 201110-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in OpenSSL, allowing for the\nexecution of arbitrary code and other attacks. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.0e                  \u003e= 1.0.0e\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA context-dependent attacker could cause a Denial of Service, possibly\nexecute arbitrary code, bypass intended key requirements, force the\ndowngrade to unintended ciphers, bypass the need for knowledge of\nshared secrets and successfully authenticate, bypass CRL validation, or\nobtain sensitive information in applications that use OpenSSL. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0e\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since September 17, 2011. It is likely that your system is\nalready no longer affected by most of these issues. \n\nReferences\n==========\n\n[  1 ] CVE-2009-3245\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245\n[  2 ] CVE-2009-4355\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355\n[  3 ] CVE-2010-0433\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433\n[  4 ] CVE-2010-0740\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740\n[  5 ] CVE-2010-0742\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742\n[  6 ] CVE-2010-1633\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633\n[  7 ] CVE-2010-2939\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939\n[  8 ] CVE-2010-3864\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864\n[  9 ] CVE-2010-4180\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180\n[ 10 ] CVE-2010-4252\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252\n[ 11 ] CVE-2011-0014\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014\n[ 12 ] CVE-2011-3207\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207\n[ 13 ] CVE-2011-3210\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2141-1                  security@debian.org\nhttp://www.debian.org/security/                           Stefan Fritsch\nJanuary 06, 2011                      http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage        : openssl\nVulnerability  : SSL/TLS insecure renegotiation protocol design flaw\nProblem type   : remote\nDebian-specific: no\nCVE ID         : CVE-2009-3555 CVE-2010-4180\nDebian Bug     : 555829\n\nCVE-2009-3555:\n\nMarsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS\nand SSLv3 protocols. If an attacker could perform a man in the middle\nattack at the start of a TLS connection, the attacker could inject\narbitrary content at the beginning of the user\u0027s session. This update\nadds backported support for the new RFC5746 renegotiation extension\nwhich fixes this issue. \n\nIf openssl is used in a server application, it will by default no\nlonger accept renegotiation from clients that do not support the\nRFC5746 secure renegotiation extension. A separate advisory will add\nRFC5746 support for nss, the security library used by the iceweasel\nweb browser. For apache2, there will be an update which allows to\nre-enable insecure renegotiation. \n\nThis version of openssl is not compatible with older versions of tor. \nYou have to use at least tor version 0.2.1.26-1~lenny+1, which has\nbeen included in the point release 5.0.7 of Debian stable. \n\nCurrently we are not aware of other software with similar compatibility\nproblems. \n\n\nCVE-2010-4180:\n \nIn addition, this update fixes a flaw that allowed a client to bypass\nrestrictions configured in the server for the used cipher suite. \n\n\nFor the stable distribution (lenny), this problem has been fixed\nin version 0.9.8g-15+lenny11. \n\nFor the unstable distribution (sid), and the testing distribution\n(squeeze), this problem has been fixed in version 0.9.8o-4. \n\nWe recommend that you upgrade your openssl package. In some cases the ciphersuite can be downgraded to a weaker one\non subsequent connections. \n\nThe OpenSSL security team would like to thank Martin Rex for reporting this\nissue. \n\nThis vulnerability is tracked as CVE-2010-4180\n\nOpenSSL JPAKE validation error\n===============================\n\nSebastian Martini found an error in OpenSSL\u0027s J-PAKE implementation\nwhich could lead to successful validation by someone with no knowledge\nof the shared secret. This error is fixed in 1.0.0c. Details of the\nproblem can be found here:\n\nhttp://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf\n\nNote that the OpenSSL Team still consider our implementation of J-PAKE\nto be experimental and is not compiled by default. \n\nAny OpenSSL based SSL/TLS server is vulnerable if it uses\nOpenSSL\u0027s internal caching mechanisms and the\nSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG flag (many applications enable this\nby using the SSL_OP_ALL option). \n\nAll users of OpenSSL\u0027s experimental J-PAKE implementation are vulnerable\nto the J-PAKE validation error. \n\nAlternatively do not set the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\nand/or SSL_OP_ALL flags. \n\nUsers of OpenSSL 1.0.0 releases should update to the OpenSSL 1.0.0c release\nwhich contains a patch to correct this issue and also contains a corrected\nversion of the CVE-2010-3864 vulnerability fix. \n\nIf upgrading is not immediately possible, the relevant source code patch\nprovided in this advisory should be applied. \n\nAny user of OpenSSL\u0027s J-PAKE implementaion (which is not compiled in by \ndefault) should upgrade to OpenSSL 1.0.0c. \n\nPatch\n=====\n\nIndex: ssl/s3_clnt.c\n===================================================================\nRCS file: /v/openssl/cvs/openssl/ssl/s3_clnt.c,v\nretrieving revision 1.129.2.16\ndiff -u -r1.129.2.16 s3_clnt.c\n--- ssl/s3_clnt.c\t10 Oct 2010 12:33:10 -0000\t1.129.2.16\n+++ ssl/s3_clnt.c\t24 Nov 2010 14:32:37 -0000\n@@ -866,8 +866,11 @@\n \t\ts-\u003esession-\u003ecipher_id = s-\u003esession-\u003ecipher-\u003eid;\n \tif (s-\u003ehit \u0026\u0026 (s-\u003esession-\u003ecipher_id != c-\u003eid))\n \t\t{\n+/* Workaround is now obsolete */\n+#if 0\n \t\tif (!(s-\u003eoptions \u0026\n \t\t\tSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))\n+#endif\n \t\t\t{\n \t\t\tal=SSL_AD_ILLEGAL_PARAMETER;\n \t\t\tSSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);\nIndex: ssl/s3_srvr.c\n===================================================================\nRCS file: /v/openssl/cvs/openssl/ssl/s3_srvr.c,v\nretrieving revision 1.171.2.22\ndiff -u -r1.171.2.22 s3_srvr.c\n--- ssl/s3_srvr.c\t14 Nov 2010 13:50:29 -0000\t1.171.2.22\n+++ ssl/s3_srvr.c\t24 Nov 2010 14:34:28 -0000\n@@ -985,6 +985,10 @@\n \t\t\t\tbreak;\n \t\t\t\t}\n \t\t\t}\n+/* Disabled because it can be used in a ciphersuite downgrade\n+ * attack: CVE-2010-4180. \n+ */\n+#if 0\n \t\tif (j == 0 \u0026\u0026 (s-\u003eoptions \u0026 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) \u0026\u0026 (sk_SSL_CIPHER_num(ciphers) == 1))\n \t\t\t{\n \t\t\t/* Special case as client bug workaround: the previously used cipher may\n@@ -999,6 +1003,7 @@\n \t\t\t\tj = 1;\n \t\t\t\t}\n \t\t\t}\n+#endif\n \t\tif (j == 0)\n \t\t\t{\n \t\t\t/* we need to have the cipher in the cipher\n\n\n\nReferences\n===========\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20101202.txt\n\nURL for updated CVS-2010-3864 Security Advisory:\nhttp://www.openssl.org/news/secadv_20101116-2.txt\n\n\n. \nHP Integrated Lights-Out 2 (iLO2) firmware versions 2.05 and earlier. \nHP Integrated Lights-Out 3 (iLO3) firmware versions 1.16 and earlier. \n\nThe latest firmware and installation instructions are available from the HP Business Support Center: http://www.hp.com/go/bizsupport\n\nHP Integrated Lights-Out 2 (iLO2) Online ROM Flash Component for Linux and Windows v2.06 or subsequent. \n\nHP Integrated Lights-Out 3 (iLO3) Online ROM Flash Component for Linux and Windows v1.20 or subsequent",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-4180"
      },
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002548"
      },
      {
        "db": "BID",
        "id": "45164"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-4180"
      },
      {
        "db": "PACKETSTORM",
        "id": "101256"
      },
      {
        "db": "PACKETSTORM",
        "id": "106330"
      },
      {
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "db": "PACKETSTORM",
        "id": "97287"
      },
      {
        "db": "PACKETSTORM",
        "id": "96498"
      },
      {
        "db": "PACKETSTORM",
        "id": "106754"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-4180",
        "trust": 2.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#737740",
        "trust": 2.2
      },
      {
        "db": "BID",
        "id": "45164",
        "trust": 2.2
      },
      {
        "db": "SECUNIA",
        "id": "42473",
        "trust": 1.9
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3120",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1024822",
        "trust": 1.9
      },
      {
        "db": "OSVDB",
        "id": "69565",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "43169",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42811",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42469",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "43172",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42571",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42493",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "43173",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "44269",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "43170",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42620",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42877",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "43171",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0076",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3188",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0268",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3122",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0032",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3134",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU91284469",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002548",
        "trust": 0.8
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-4180",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116124",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101256",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "106330",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "105638",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "97287",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "96498",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "106754",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-4180"
      },
      {
        "db": "BID",
        "id": "45164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002548"
      },
      {
        "db": "PACKETSTORM",
        "id": "116124"
      },
      {
        "db": "PACKETSTORM",
        "id": "101256"
      },
      {
        "db": "PACKETSTORM",
        "id": "106330"
      },
      {
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "db": "PACKETSTORM",
        "id": "97287"
      },
      {
        "db": "PACKETSTORM",
        "id": "96498"
      },
      {
        "db": "PACKETSTORM",
        "id": "106754"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4180"
      }
    ]
  },
  "id": "VAR-201012-0193",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.41666666
  },
  "last_update_date": "2024-07-23T19:37:04.941000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4723",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4723"
      },
      {
        "title": "openssl-0.9.8e-12.AXS3.7",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1324"
      },
      {
        "title": "HPSBUX02638",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c02737002"
      },
      {
        "title": "2168",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2168"
      },
      {
        "title": "20131",
        "trust": 0.8,
        "url": "http://cvs.openssl.org/chngview?cn=20131"
      },
      {
        "title": "secadv_20101202",
        "trust": 0.8,
        "url": "http://openssl.org/news/secadv_20101202.txt"
      },
      {
        "title": "RHSA-2010:0977",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2010-0977.html"
      },
      {
        "title": "RHSA-2010:0978",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2010-0978.html"
      },
      {
        "title": "RHSA-2010:0979",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2010-0979.html"
      },
      {
        "title": "SA53",
        "trust": 0.8,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa53"
      },
      {
        "title": "cve_2010_4180_affects_openssl",
        "trust": 0.8,
        "url": "http://blogs.oracle.com/sunsecurity/entry/cve_2010_4180_affects_openssl"
      },
      {
        "title": "Multiple OpenSSL vulnerabilities in Sun SPARC Enterprise M-series XCP Firmware",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_openssl_vulnerabilities_in_sun"
      },
      {
        "title": "TLSA-2013-3",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2013/tlsa-2013-3j.html"
      },
      {
        "title": "VMSA-2011-0013",
        "trust": 0.8,
        "url": "http://www.vmware.com/jp/support/support-resources/advisories/vmsa-2011-0013.html"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1029-1"
      },
      {
        "title": "Debian Security Advisories: DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=1c00cc4c6dbe7bb057db61e10ff97d6d"
      },
      {
        "title": "Symantec Security Advisories: SA53 : OpenSSL Ciphersuite Downgrade Attack (CVE-2010-4180)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=92a9a237511ca120aa4255feb5bdf611"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/hrbrmstr/internetdb "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/khulnasoft-labs/awesome-security "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-4180"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002548"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-DesignError",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002548"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4180"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.vupen.com/english/advisories/2010/3120"
      },
      {
        "trust": 1.9,
        "url": "http://secunia.com/advisories/42473"
      },
      {
        "trust": 1.9,
        "url": "http://osvdb.org/69565"
      },
      {
        "trust": 1.9,
        "url": "http://www.securitytracker.com/id?1024822"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/45164"
      },
      {
        "trust": 1.5,
        "url": "http://www.kb.cert.org/vuls/id/737740"
      },
      {
        "trust": 1.1,
        "url": "http://w3.efi.com/fiery"
      },
      {
        "trust": 1.1,
        "url": "http://cvs.openssl.org/chngview?cn=20131"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462"
      },
      {
        "trust": 1.1,
        "url": "http://openssl.org/news/secadv_20101202.txt"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/3122"
      },
      {
        "trust": 1.1,
        "url": "http://ubuntu.com/usn/usn-1029-1"
      },
      {
        "trust": 1.1,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/3134"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42493"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:248"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42469"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/3188"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-december/052027.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0979.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42620"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42571"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-december/052315.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2011/dsa-2141"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42811"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0032"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0977.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0978.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42877"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0076"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0268"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/43171"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/43172"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/43169"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/43173"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/43170"
      },
      {
        "trust": 1.1,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa53\u0026actp=list"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/44269"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4723"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2011-0896.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/522176"
      },
      {
        "trust": 1.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02794777"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18910"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4180"
      },
      {
        "trust": 0.8,
        "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64"
      },
      {
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu976710"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu91284469/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4180"
      },
      {
        "trust": 0.6,
        "url": "http://support.avaya.com/css/p8/documents/100124969"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4180"
      },
      {
        "trust": 0.3,
        "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000107.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000111.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000108.html"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.sun.com/security/entry/cve_2010_4180_affects_openssl"
      },
      {
        "trust": 0.3,
        "url": "http://www.novell.com/support/viewcontent.do?externalid=3426981"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03263573"
      },
      {
        "trust": 0.3,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_openssl_vulnerabilities_in_sun"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org/news/secadv_20101202.txt\\"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2011-0013.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/516801"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100124972"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100131810"
      },
      {
        "trust": 0.3,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa53"
      },
      {
        "trust": 0.3,
        "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03024266\u0026ac.admitted=1320706848406.876444892.492883150"
      },
      {
        "trust": 0.3,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02794777"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory2.asc"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100124969"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4252"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0014"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-7270"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/1029-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4410"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4325"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0830"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4110"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5029"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2496"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2761"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3188"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5064"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1089"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2699"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4609"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3597"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4132"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4324"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2484"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3864"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4473"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3556"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4472"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4474"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0862"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3554"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3562"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3170"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1321"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3557"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3550"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3173"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3567"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4451"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3553"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2054"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4465"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0864"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4469"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3561"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3541"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3559"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3565"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0802"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3574"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4466"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3563"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4452"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3573"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4422"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3549"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3548"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0873"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4450"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3568"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4471"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1321"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3560"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3572"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4463"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0815"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4447"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4476"
      },
      {
        "trust": 0.1,
        "url": "http://enigmail.mozdev.org/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4467"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0865"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0867"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3558"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0871"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3552"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4448"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7270"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3570"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0002"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4475"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4454"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4470"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4462"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3173"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/pubs/vum_pubs.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3170"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2054"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3569"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0814"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4468"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3551"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0742"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4355"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3207"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3864"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2939"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1633"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3210"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0740"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201110-01.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3245"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0433"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0014"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4355"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4252"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/news/secadv_20101202.txt"
      },
      {
        "trust": 0.1,
        "url": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/news/secadv_20101116-2.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/bizsupport"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-4180"
      },
      {
        "db": "BID",
        "id": "45164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002548"
      },
      {
        "db": "PACKETSTORM",
        "id": "116124"
      },
      {
        "db": "PACKETSTORM",
        "id": "101256"
      },
      {
        "db": "PACKETSTORM",
        "id": "106330"
      },
      {
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "db": "PACKETSTORM",
        "id": "97287"
      },
      {
        "db": "PACKETSTORM",
        "id": "96498"
      },
      {
        "db": "PACKETSTORM",
        "id": "106754"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4180"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-4180"
      },
      {
        "db": "BID",
        "id": "45164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002548"
      },
      {
        "db": "PACKETSTORM",
        "id": "116124"
      },
      {
        "db": "PACKETSTORM",
        "id": "101256"
      },
      {
        "db": "PACKETSTORM",
        "id": "106330"
      },
      {
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "db": "PACKETSTORM",
        "id": "97287"
      },
      {
        "db": "PACKETSTORM",
        "id": "96498"
      },
      {
        "db": "PACKETSTORM",
        "id": "106754"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4180"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-03-18T00:00:00",
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "date": "2010-12-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-4180"
      },
      {
        "date": "2010-12-02T00:00:00",
        "db": "BID",
        "id": "45164"
      },
      {
        "date": "2010-12-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002548"
      },
      {
        "date": "2012-09-01T00:00:25",
        "db": "PACKETSTORM",
        "id": "116124"
      },
      {
        "date": "2011-05-10T00:44:30",
        "db": "PACKETSTORM",
        "id": "101256"
      },
      {
        "date": "2011-10-28T14:46:28",
        "db": "PACKETSTORM",
        "id": "106330"
      },
      {
        "date": "2011-10-09T16:42:00",
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "date": "2011-01-06T16:22:22",
        "db": "PACKETSTORM",
        "id": "97287"
      },
      {
        "date": "2010-12-03T12:12:12",
        "db": "PACKETSTORM",
        "id": "96498"
      },
      {
        "date": "2011-11-09T00:58:11",
        "db": "PACKETSTORM",
        "id": "106754"
      },
      {
        "date": "2010-12-06T21:05:48.687000",
        "db": "NVD",
        "id": "CVE-2010-4180"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-05-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "date": "2022-08-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-4180"
      },
      {
        "date": "2015-04-13T21:15:00",
        "db": "BID",
        "id": "45164"
      },
      {
        "date": "2012-12-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002548"
      },
      {
        "date": "2022-08-04T19:59:42.243000",
        "db": "NVD",
        "id": "CVE-2010-4180"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "45164"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "45164"
      }
    ],
    "trust": 0.3
  }
}

var-201609-0593
Vulnerability from variot

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References. (CVE-2016-6304)

  • It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. (CVE-2016-0736)

  • It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. (CVE-2016-8610)

  • It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)

  • A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):

1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth 1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2 1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto 1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest 1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects 1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery

  1. JIRA issues fixed (https://issues.jboss.org/):

JBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The updates are documented in the Release Notes document linked to in the References. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)

  • A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. Solution:

Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. (CVE-2016-2178)

  • It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181)

  • An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. (CVE-2016-2182)

  • A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)

This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.

  • An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. (CVE-2016-6302)

  • Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)

  • An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm

ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm

s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm

ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm

s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm

s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

The References section of this erratum contains a download link (you must log in to download the update). Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/

CVE-2016-2178

Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.

CVE-2016-2179 / CVE-2016-2181

Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4.

For the unstable distribution (sid), these problems will be fixed soon. The JBoss server process must be restarted for the update to take effect. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016

openssl regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

USN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.

We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38

After a standard system update you need to reboot your computer to make all the necessary changes. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.

Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.

OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

SSL_peek() hang on empty record (CVE-2016-6305)

Severity: Moderate

OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.

SWEET32 Mitigation (CVE-2016-2183)

Severity: Low

SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.

OOB write in MDC2_Update() (CVE-2016-6303)

Severity: Low

An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.

The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Malformed SHA512 ticket DoS (CVE-2016-6302)

Severity: Low

If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.

The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB write in BN_bn2dec() (CVE-2016-2182)

Severity: Low

The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB read in TS_OBJ_print_bio() (CVE-2016-2180)

Severity: Low

The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Pointer arithmetic undefined behaviour (CVE-2016-2177)

Severity: Low

Avoid some undefined pointer arithmetic

A common idiom in the codebase is to check limits in the following manner: "p + len > limit"

Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS message).

The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.

For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

Constant time flag not preserved in DSA signing (CVE-2016-2178)

Severity: Low

Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.

DTLS buffered message DoS (CVE-2016-2179)

Severity: Low

In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.

DTLS replay protection DoS (CVE-2016-2181)

Severity: Low

A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.

Certificate message OOB reads (CVE-2016-6306)

Severity: Low

In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.

The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.

OpenSSL 1.1.0 is not affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)

Severity: Low

A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect DTLS users.

OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)

Severity: Low

This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.

A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect TLS users.

OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0593",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.16"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1t"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.47"
      },
      {
        "model": "suse linux enterprise module for web scripting",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "12.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.4"
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.2"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v8.5"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "sg3600 all series"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2i"
      },
      {
        "model": "linux enterprise module for web scripting",
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "ucosminexus service platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0 to  v8.1"
      },
      {
        "model": "ix1000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "cosminexus http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "-r"
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions  (linux edition )"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "node.js",
        "scope": null,
        "trust": 0.8,
        "vendor": "node js",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0a"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "webex centers t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "fujitsu m10-1 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2280"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13150-13"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.34"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.2.0"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "fujitsu m10-4 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2271"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.22"
      },
      {
        "model": "nexus series blade switches 4.1 e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sparc enterprise m5000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "7.0.3"
      },
      {
        "model": "stealthwatch management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment 5.1.fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.16"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.2"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router 1.2.1rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "communications session border controller scz7.4.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.8"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "nexus series switches standalone nx-os mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.29"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3.1"
      },
      {
        "model": "nexus series switches standalone nx-os mode 7.0 i5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.10"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.20"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "sparc enterprise m8000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.3"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.23"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.20"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.9"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.8"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "7.0.3"
      },
      {
        "model": "telepresence sx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.21"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.6"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0.1"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8200"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.12"
      },
      {
        "model": "unified communications manager im \u0026 presence service (formerly c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3"
      },
      {
        "model": "sparc enterprise m3000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "identifi wireless",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "10.11"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.5"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.24"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.22"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.20"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "9"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "10.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.12"
      },
      {
        "model": "fujitsu m12-2 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3000"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "10.2"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.2"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "10"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.1.3"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0.7"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.11"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "partner support service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime collaboration assurance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "email gateway 7.6.2h968406",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.8"
      },
      {
        "model": "webex meetings client on-premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6(1)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.12"
      },
      {
        "model": "services provisioning platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nac appliance clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.14"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.405"
      },
      {
        "model": "communications session border controller scz7.3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "services provisioning platform sfp1.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.5"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "jabber for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.4"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.2"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "12"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.9"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.1.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.1.4"
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3.8"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "fujitsu m12-2s server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2290"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.10"
      },
      {
        "model": "sparc enterprise m4000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "stealthwatch identity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.44"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2(1)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.30"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "jboss web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.26"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.19"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.4"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization quality management solution 11.5 su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system ex series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "universal small cell iuh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "11.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.24"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "infinity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "13"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.16"
      },
      {
        "model": "jabber client framework components",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings client on-premises t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dcm series d9900 digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.4"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.19"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.6"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.3"
      },
      {
        "model": "project openssl 1.0.2i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.4"
      },
      {
        "model": "bigfix remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "prime network services controller 1.01u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.12"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9.15.9.8"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.10"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "fujitsu m10-1 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2320"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.34"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103204.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.10"
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "fujitsu m10-4s server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2271"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.1"
      },
      {
        "model": "telepresence system ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.1.0"
      },
      {
        "model": "webex business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.5(3)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.1.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.19"
      },
      {
        "model": "fujitsu m12-2 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2320"
      },
      {
        "model": "nexus series blade switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.17"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.18"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.0.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-376.1"
      },
      {
        "model": "jabber for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence profile series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.14"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1.0.0"
      },
      {
        "model": "purview appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "7.0.3"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.28"
      },
      {
        "model": "edge digital media player 1.6rb5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "telepresence isdn gateway mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.10"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.43"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.6.1.0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wireless lan controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.6"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.18"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.5.0"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.0"
      },
      {
        "model": "telepresence mx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.16"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "sparc enterprise m4000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.4"
      },
      {
        "model": "sparc enterprise m9000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.26"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.14"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.3.0.179"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.35"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.11"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.23"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0.1"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.1.1049"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.36"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.4"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.401"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.8"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "bigfix remote control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "fujitsu m10-4s server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2320"
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.22"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.30"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.9"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.19"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.10"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.1"
      },
      {
        "model": "tandberg codian isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway 7.6.405h1165239",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11"
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.9"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.6"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9.0"
      },
      {
        "model": "digital media manager 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.4.0"
      },
      {
        "model": "identifi wireless",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "10.21"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.2.2"
      },
      {
        "model": "project openssl 1.0.1t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.15"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.7"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.23"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.24"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.12"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.3"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.4"
      },
      {
        "model": "fujitsu m10-4 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2230"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.27"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.2"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "webex meetings server multimedia platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified ip conference phone 10.3.1sr4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.5"
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.3.0.179"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.2.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.20"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "series stackable managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.14"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.3.0"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.26"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.8"
      },
      {
        "model": "ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "aironet series access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27000"
      },
      {
        "model": "onepk all-in-one virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "fujitsu m10-4 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2290"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.6.0.1"
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "7.0"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sparc enterprise m5000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "11"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13006.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.7.0.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11006.1"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.31"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.8"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "telepresence sx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.19"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nac appliance clean access server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fujitsu m10-4 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2280"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.27"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "fujitsu m12-2s server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2230"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.1"
      },
      {
        "model": "prime optical for service providers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.10"
      },
      {
        "model": "smart care",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.6.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.16"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.11"
      },
      {
        "model": "edge digital media player 1.2rb1.0.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "340"
      },
      {
        "model": "network performance analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.8"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.19"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "fujitsu m12-1 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2230"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.14"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82.8"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.0"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.7"
      },
      {
        "model": "fujitsu m10-1 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2271"
      },
      {
        "model": "telepresence integrator c series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.9"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.8"
      },
      {
        "model": "content security management appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.140"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.8"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.18"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.36"
      },
      {
        "model": "fujitsu m12-1 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2290"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "jabber client framework components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.6"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "communications session border controller scz7.2.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.403"
      },
      {
        "model": "unified sip proxy software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "purview appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.4.7895"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.20"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.3"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "5.0"
      },
      {
        "model": "telepresence server and mse",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087104.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "ucs series and series fabric interconnects",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "620063000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "communications eagle lnp application processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.24"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.6.0.0"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.0"
      },
      {
        "model": "purview appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.1"
      },
      {
        "model": "netflow generation appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(1)"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.11"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.4"
      },
      {
        "model": "sparc enterprise m8000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.3-6513"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.34"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.2.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.9"
      },
      {
        "model": "purview appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.18"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.8.15.7.15"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.26"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.4"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "prime infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.3"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "9.1"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "jboss core services on rhel server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "70"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.23"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.18"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103200"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.1"
      },
      {
        "model": "content security appliance update servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "videoscape anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.7.2"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "sparc enterprise m3000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "4.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.32"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.3"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.9"
      },
      {
        "model": "macos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "universal small cell iuh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1.1"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.4"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-326.1"
      },
      {
        "model": "unity express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.8"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.15"
      },
      {
        "model": "small business series managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.35"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "fujitsu m12-2s server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3000"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10006.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.0"
      },
      {
        "model": "telepresence isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.30"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "series smart plus switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2200"
      },
      {
        "model": "fujitsu m12-1 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3000"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "sparc enterprise m9000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.21"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "5.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.34"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.4.1102"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.32"
      },
      {
        "model": "access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.3.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "7.0"
      },
      {
        "model": "fujitsu m10-4s server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2230"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.38"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.35"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "7.0.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.21"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.22"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.12"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.4"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "telepresence system series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30006.1"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.4"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.13"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "identifi wireless",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "10.11.1"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.3.7856"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.12"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.9"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.5"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fujitsu m10-4s server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2290"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.6.0.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.9"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "7"
      },
      {
        "model": "mds series multilayer switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-3.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "4"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.2.0"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tealeaf customer experience on cloud network capture add-on",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "16.1.01"
      },
      {
        "model": "smart net total care local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.12"
      },
      {
        "model": "project openssl 1.1.0a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.8.9"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "fujitsu m10-4 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2320"
      },
      {
        "model": "prime performance manager sp1611",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "fujitsu m10-4s server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2280"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.0"
      },
      {
        "model": "unified ip phone 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "telepresence server and mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087100"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "12.2"
      },
      {
        "model": "jboss core services on rhel server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "60"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.10"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.19"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270015.5(3)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.18"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.11"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.3.0.1098"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "5.0"
      },
      {
        "model": "digital media manager 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified workforce optimization quality management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "sparc enterprise m9000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "cloud object storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.2"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.4"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "purview appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "7.0.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.10"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.4"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7.0"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47100"
      },
      {
        "model": "oss support tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.15.17.3.14"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x0"
      },
      {
        "model": "fujitsu m12-2s server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2320"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime infrastructure plug and play standalone gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.2"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.6"
      },
      {
        "model": "nac appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "7.0.6"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.19"
      },
      {
        "model": "project openssl 1.0.1u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.14"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "fujitsu m12-1 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2320"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "12.1"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.0"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "netsight appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "7.0.6"
      },
      {
        "model": "communications eagle lnp application processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.0.0"
      },
      {
        "model": "sparc enterprise m4000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4.1"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.3"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.16"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.8"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5(1.89)"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.2"
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.2"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.003(002)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8204.4"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.3"
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.400"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "prime network",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "431"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.28"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.7"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.33"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.14"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "fujitsu m10-1 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2230"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.26"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.36"
      },
      {
        "model": "network analysis module 6.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system ex series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mxe series media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "5.1"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "ip series phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "sparc enterprise m8000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.9"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.42"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.25"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2.0.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "unified meetingplace 8.6mr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.406-3402.103"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.9"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "fujitsu m12-2 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2230"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "spa525g 5-line ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.0"
      },
      {
        "model": "secure access control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone for third-party call control 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "fujitsu m10-1 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2290"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.6"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway 7.6.405h1157986",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.35"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.5"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.23"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "webex meetings client hosted t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.2"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "6"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1.30"
      },
      {
        "model": "sparc enterprise m3000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "fujitsu m12-2 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2290"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sparc enterprise m5000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.13"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.402"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.10"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93150"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-579"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6304"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.12.16",
                "versionStartIncluding": "0.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.10.47",
                "versionStartIncluding": "0.10.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.7.0",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.6.0",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_module_for_web_scripting:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6304"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "142848"
      },
      {
        "db": "PACKETSTORM",
        "id": "143874"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "142849"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "139769"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2016-6304",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6304",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6304",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6304",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201609-579",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-6304",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6304"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-579"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6304"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23\nService Pack 1 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes, which are documented in\nthe Release Notes document linked to in the References. (CVE-2016-6304)\n\n* It was discovered that the mod_session_crypto module of httpd did not use\nany mechanisms to verify integrity of the encrypted session data stored in\nthe user\u0027s browser. (CVE-2016-0736)\n\n* It was discovered that the mod_auth_digest module of httpd did not\nproperly check for memory allocation failures. \n(CVE-2016-8610)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in conjunction\nwith a proxy or backend server that interpreted those characters\ndifferently, a remote attacker could possibly use this flaw to inject data\ninto HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\n* A vulnerability was found in httpd\u0027s handling of the LimitRequestFields\ndirective in mod_http2, affecting servers with HTTP/2 enabled. An attacker\ncould send crafted requests with headers larger than the server\u0027s available\nmemory, causing httpd to crash. After installing the updated\npackages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS\n1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2\n1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto\n1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest\n1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects\n1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7\n\n7. \n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. The updates are documented in the Release Notes document\nlinked to in the References. If sendfile processing completed quickly, it was\npossible for the Processor to be added to the processor cache twice. This\ncould lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat\u0027s\nDefaultServlet implementation. A crafted HTTP request could cause undesired\nside effects, possibly including the removal or replacement of the custom\nerror page. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2016:1940-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1940.html\nIssue date:        2016-09-27\nCVE Names:         CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 \n                   CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 \n                   CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n(CVE-2016-2178)\n\n* It was discovered that the Datagram TLS (DTLS) implementation could fail\nto release memory in certain cases. A malicious DTLS client could cause a\nDTLS server using OpenSSL to consume an excessive amount of memory and,\npossibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw\nto make a DTLS server using OpenSSL to reject further packets sent from a\nDTLS client over an established DTLS connection. (CVE-2016-2181)\n\n* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()\nfunction. (CVE-2016-2182)\n\n* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL\nprotocol. A man-in-the-middle attacker could use this flaw to recover some\nplaintext data by capturing large amounts of encrypted traffic between\nTLS/SSL server and client if the communication used a DES/3DES based\nciphersuite. (CVE-2016-2183)\n\nThis update mitigates the CVE-2016-2183 issue by lowering priority of DES\ncipher suites so they are not preferred over cipher suites using AES. For\ncompatibility reasons, DES cipher suites remain enabled by default and\nincluded in the set of cipher suites identified by the HIGH cipher string. \nFuture updates may move them to MEDIUM or not enable them by default. \n\n* An integer underflow flaw leading to a buffer over-read was found in the\nway OpenSSL parsed TLS session tickets. (CVE-2016-6302)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* An out of bounds read flaw was found in the way OpenSSL formatted Public\nKey Infrastructure Time-Stamp Protocol data for printing. An attacker could\npossibly cause an application using OpenSSL to crash if it printed time\nstamp data from the attacker. A remote attacker could\npossibly use these flaws to crash a TLS/SSL server or client using OpenSSL. \n(CVE-2016-6306)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2179\nhttps://access.redhat.com/security/cve/CVE-2016-2180\nhttps://access.redhat.com/security/cve/CVE-2016-2181\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.openssl.org/news/secadv/20160922.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI\nxpTW7ApBLmKhVjs49DGYouI=\n=4VgY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Additional information can be found at\n    https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/    \n\nCVE-2016-2178\n\n    Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n    leak in the DSA code. \n\nCVE-2016-2179 / CVE-2016-2181\n\n    Quan Luo and the OCAP audit team discovered denial of service\n    vulnerabilities in DTLS. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4. \n\nFor the unstable distribution (sid), these problems will be fixed soon. The JBoss server process must be restarted for the update\nto take effect. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. This\n issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n  Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2181)\n  Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n  Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. \n (CVE-2016-2183)\n  Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)\n  Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2.  OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6304"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004990"
      },
      {
        "db": "BID",
        "id": "93150"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6304"
      },
      {
        "db": "PACKETSTORM",
        "id": "142848"
      },
      {
        "db": "PACKETSTORM",
        "id": "143874"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "142849"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "139769"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6304",
        "trust": 3.8
      },
      {
        "db": "BID",
        "id": "93150",
        "trust": 2.0
      },
      {
        "db": "MCAFEE",
        "id": "SB10171",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10215",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-21",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-20",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-16",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1036878",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1037640",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "139091",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "PULSESECURE",
        "id": "SA40312",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU98667810",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004990",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0680",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4645",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-054-03",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-579",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6304",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "142848",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143874",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138870",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "142849",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143176",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138817",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139769",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143181",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138826",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169633",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6304"
      },
      {
        "db": "BID",
        "id": "93150"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004990"
      },
      {
        "db": "PACKETSTORM",
        "id": "142848"
      },
      {
        "db": "PACKETSTORM",
        "id": "143874"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "142849"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "139769"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-579"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6304"
      }
    ]
  },
  "id": "VAR-201609-0593",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.37975769357142847
  },
  "last_update_date": "2024-07-23T22:01:08.857000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160927-openssl",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "title": "hitachi-sec-2017-103",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-103/index.html"
      },
      {
        "title": "1995039",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "title": "NV17-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html"
      },
      {
        "title": "OpenSSL 1.1.0 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.1.0-notes.html"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "Security updates for all active release lines, September 2016",
        "trust": 0.8,
        "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
      },
      {
        "title": "Fix OCSP Status Request extension unbounded memory growth",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=2c0d295e26306e15a92eb23a84a1802005c1c137"
      },
      {
        "title": "OCSP Status Request extension unbounded memory growth (CVE-2016-6304)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "title": "SUSE-SU-2016:2470",
        "trust": 0.8,
        "url": "https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Oracle Linux Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "title": "SA40312",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "title": "SA132",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaapsv#opensslvulnerabilitiesincludingsweet32addressedbyversionupgradeto101uand102jspl129207"
      },
      {
        "title": "TNS-2016-16",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "title": "hitachi-sec-2017-103",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2017-103/index.html"
      },
      {
        "title": "OpenSSL Repair measures for memory leaks",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=64358"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/09/23/openssl_swats_a_dozen_bugs_one_notable_nasty/"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162802 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171659 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171658 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171414 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171413 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171415 - security advisory"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-749",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-749"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2016-6304",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-6304"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-6304"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171801 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Web Server Service Pack 1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171802 - security advisory"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24"
      },
      {
        "title": "Debian CVElist Bug Report Logs: Security fixes from the October 2016 CPU",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=712a3573d4790c3bc5a64dddbbf15d5d"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-6304 OCSP Status Request Extension Security Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=9b728419f5660d2dfe495a4122ce2f24"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16"
      },
      {
        "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20"
      },
      {
        "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "openssl-x509-vulnerabilities",
        "trust": 0.1,
        "url": "https://github.com/guidovranken/openssl-x509-vulnerabilities "
      },
      {
        "title": "CheckCVE for Probe Manager",
        "trust": 0.1,
        "url": "https://github.com/treussart/probemanager_checkcve "
      },
      {
        "title": "hackerone-publicy-disclosed",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      },
      {
        "title": "OpenSSL-CVE-lib",
        "trust": 0.1,
        "url": "https://github.com/chnzzh/openssl-cve-lib "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/oracle-fixes-253-vulnerabilities-in-last-cpu-of-2016/121375/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/openssl-patches-high-severity-ocsp-bug-mitigates-sweet32-attack/120845/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6304"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-579"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-401",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-399",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004990"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6304"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2802.html"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2017:2493"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2017:1658"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2017:1414"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2017:1413"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2017-1659.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-3087-2"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-3087-1"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
      },
      {
        "trust": 1.7,
        "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/93150"
      },
      {
        "trust": 1.7,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "trust": 1.7,
        "url": "http://www.splunk.com/view/sp-caaapsv"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/201612-16"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10171"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1037640"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1036878"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-21"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-20"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2017:2494"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2017:1802"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2017:1801"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2017-1415.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2016/dsa-3673"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2016/oct/62"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2016/dec/47"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2017/jul/31"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/139091/openssl-x509-parsing-double-free-invalid-free.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=2c0d295e26306e15a92eb23a84a1802005c1c137"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.9,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6304"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98667810/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6304"
      },
      {
        "trust": 0.8,
        "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.7,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2016-6304"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=2c0d295e26306e15a92eb23a84a1802005c1c137"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0680"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-054-03"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2016-8610"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8610"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2016-10-07.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991896"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009586"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1009648"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992427"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992681"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21994534"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994861"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995038"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995886"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996181"
      },
      {
        "trust": 0.3,
        "url": "https://gtacknowledge.extremenetworks.com/articles/vulnerability_notice/vn-2016-009-cve-2016-6304"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.2,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-8740"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-0736"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8743"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7056"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-8743"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2161"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8740"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-7056"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0736"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2161"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/2688611"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/solutions/222023"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/401.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2016:2802"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/guidovranken/openssl-x509-vulnerabilities"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/treussart/probemanager_checkcve"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3087-1/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-5664"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-5647"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5647"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/3155411"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5664"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2181"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2179"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2182"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6302"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1626883"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://sweet32.info)"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6304"
      },
      {
        "db": "BID",
        "id": "93150"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004990"
      },
      {
        "db": "PACKETSTORM",
        "id": "142848"
      },
      {
        "db": "PACKETSTORM",
        "id": "143874"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "142849"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "139769"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-579"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6304"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6304"
      },
      {
        "db": "BID",
        "id": "93150"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004990"
      },
      {
        "db": "PACKETSTORM",
        "id": "142848"
      },
      {
        "db": "PACKETSTORM",
        "id": "143874"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "142849"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "139769"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-579"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6304"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6304"
      },
      {
        "date": "2016-09-23T00:00:00",
        "db": "BID",
        "id": "93150"
      },
      {
        "date": "2016-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004990"
      },
      {
        "date": "2017-06-07T22:47:57",
        "db": "PACKETSTORM",
        "id": "142848"
      },
      {
        "date": "2017-08-22T05:29:02",
        "db": "PACKETSTORM",
        "id": "143874"
      },
      {
        "date": "2016-09-27T19:32:00",
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "date": "2017-06-07T22:48:07",
        "db": "PACKETSTORM",
        "id": "142849"
      },
      {
        "date": "2017-06-28T22:12:00",
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "date": "2016-09-22T22:22:00",
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "date": "2016-11-17T23:52:44",
        "db": "PACKETSTORM",
        "id": "139769"
      },
      {
        "date": "2017-06-28T22:37:00",
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "date": "2016-09-23T19:19:00",
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "date": "2016-09-22T12:12:12",
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "date": "2016-09-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-579"
      },
      {
        "date": "2016-09-26T19:59:00.157000",
        "db": "NVD",
        "id": "CVE-2016-6304"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6304"
      },
      {
        "date": "2018-04-18T09:00:00",
        "db": "BID",
        "id": "93150"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004990"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-579"
      },
      {
        "date": "2023-11-07T02:33:57.020000",
        "db": "NVD",
        "id": "CVE-2016-6304"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "139769"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-579"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  t1_lib.c Denial of service in Japan  (DoS) Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004990"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-579"
      }
    ],
    "trust": 0.6
  }
}

var-200110-0169
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. Three of the vulnerabilities are denials of service, but the other is a buffer overflow that is expected to create remote unauthorized access vulnerabilities in other applications. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDKSA-2006:172-1 http://www.mandriva.com/security/

Package : openssl Date : October 2, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0

Problem Description:

Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). (CVE-2006-4343)

Updated packages are patched to address these issues.

Update:

There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . OpenSSL Security Advisory [28th September 2006]

New OpenSSL releases are now available to correct four security issues.

ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)

Vulnerability

Dr. S. N. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940).

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. N. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project.

SSL_get_shared_ciphers() buffer overflow (CVE-2006-3738)

Vulnerability

A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

Acknowledgements

The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Acknowledgements

The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20060928.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0169",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "igateway vpn/ssl-vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intoto",
        "version": "0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "intrusion detection system 4.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2940",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2940",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-533",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks.  Three of the vulnerabilities are denials of service,\n    but the other is a buffer overflow that is expected to create\n    remote unauthorized access vulnerabilities in other applications. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                       MDKSA-2006:172-1\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : openssl\n Date    : October 2, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n Dr S N Henson of the OpenSSL core team and Open Network Security\n recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. OpenSSL Security Advisory [28th September 2006]\n\nNew OpenSSL releases are now available to correct four security\nissues. \n\n\nASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)\n==============================================================\n\nVulnerability\n-------------\n\nDr. S. N. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  This can result in an infinite loop which\nconsumes system memory (CVE-2006-2937). Certain types of public key can take disproportionate amounts of\ntime to process. This could be used by an attacker in a denial of\nservice attack (CVE-2006-2940). \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. N. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project. \n\n\nSSL_get_shared_ciphers() buffer overflow (CVE-2006-3738)\n========================================================\n\nVulnerability\n-------------\n\nA buffer overflow was discovered in the SSL_get_shared_ciphers()\nutility function.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20060928.txt\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.6
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940",
        "trust": 2.2
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "20247",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26893",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29261",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "id": "VAR-200110-0169",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-05-29T08:55:04.788000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 1.9,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26893"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29261"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20247"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-2"
      },
      {
        "trust": 1.0,
        "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-1633"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10311"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20247"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2006-10-04T00:47:19",
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-05-09T19:53:00",
        "db": "BID",
        "id": "20247"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "date": "2018-10-18T16:44:22.137000",
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.6
  }
}

var-200208-0144
Vulnerability from variot

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. Abstract Syntax Notation number One (ASN.1) is an international standard used to describe and transmit data packets between applications and across networks. OpenSSL In ASN.1 library Inside ans1_get_length() A buffer overflow vulnerability exists when an abnormal certificate is passed to a function.OpenSSL Service disruption (DoS) It may be in a state. This vulnerability is due to parsing errors and affects SSL, TLS, S/MIME, PKCS#7 and certificate creation routines. OpenSSL is an open source general-purpose encryption library developed by the OpenSSL team that can implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a vulnerability in the ASN1 interpreter of OpenSSL when dealing with invalid encoding methods. Remote attackers may use this vulnerability to carry out denial-of-service attacks on applications that use the ASN1 library

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200208-0144",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.1.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.1.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.0.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.1.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.0.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.0.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "*"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "corporate time outlook connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.1.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": "corporate time outlook connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.1.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "corporate time outlook connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "corporate time outlook connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.0.2.1s"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "guardian digital",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "isc",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandrakesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openldap",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "secure computing",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix",
        "version": null
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9ias"
      },
      {
        "model": "cobalt raq3",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raq4",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raq550",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raqxtr",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.1"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.4"
      },
      {
        "model": "internet express eak",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      },
      {
        "model": "bind",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "software opera web browser linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "linux affinity toolkit",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "oracle9i application server .1s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "openssl for openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "project openssl beta3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "webproxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1"
      },
      {
        "model": "safeword premieraccess",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "securecomputing",
        "version": "3.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.4"
      },
      {
        "model": "corporatetime outlook connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.3"
      },
      {
        "model": "netmail b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "bind",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "1.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.5"
      },
      {
        "model": "netmail e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "virtualvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.6"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.8.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "netmail a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.2"
      },
      {
        "model": "project openssl g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.8.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.1"
      },
      {
        "model": "corporatetime outlook connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.2"
      },
      {
        "model": "corporatetime outlook connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.1"
      },
      {
        "model": "webproxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "netmail c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "project openssl e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "corporatetime outlook connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.2"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1.1"
      },
      {
        "model": "tru64 unix internet express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.3"
      },
      {
        "model": "tcp/ip services for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "openssl for openvms alpha -a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "oracle9i application server",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "virtualvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.5"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.9.2"
      },
      {
        "model": "bind",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "netmail d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "secure os software for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "suse email server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "3.1"
      },
      {
        "model": "software opera web browser win32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.5"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#748355"
      },
      {
        "db": "BID",
        "id": "5366"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0659"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:9.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:9.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-0659"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "James Yonan\u203b jim@ntlp.com\u203bAdi Stav\u203b stav@mercury.co.il",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2002-0659",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2002-0659",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-5050",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2002-0659",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#748355",
            "trust": 0.8,
            "value": "31.33"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200208-052",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-5050",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#748355"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5050"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0659"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. Abstract Syntax Notation number One (ASN.1) is an international standard used to describe and transmit data packets between applications and across networks. OpenSSL In ASN.1 library Inside ans1_get_length() A buffer overflow vulnerability exists when an abnormal certificate is passed to a function.OpenSSL Service disruption (DoS) It may be in a state.  This vulnerability is due to parsing errors and affects SSL, TLS, S/MIME, PKCS#7 and certificate creation routines. OpenSSL is an open source general-purpose encryption library developed by the OpenSSL team that can implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a vulnerability in the ASN1 interpreter of OpenSSL when dealing with invalid encoding methods. Remote attackers may use this vulnerability to carry out denial-of-service attacks on applications that use the ASN1 library",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-0659"
      },
      {
        "db": "CERT/CC",
        "id": "VU#748355"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      },
      {
        "db": "BID",
        "id": "5366"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5050"
      }
    ],
    "trust": 2.7
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-5050",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-5050"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "5366",
        "trust": 3.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#748355",
        "trust": 3.3
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0659",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174",
        "trust": 0.8
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2002:160",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2002:164",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2002:161",
        "trust": 0.6
      },
      {
        "db": "CONECTIVA",
        "id": "CLA-2002:516",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "CA-2002-23",
        "trust": 0.6
      },
      {
        "db": "CALDERA",
        "id": "CSSA-2002-033.0",
        "trust": 0.6
      },
      {
        "db": "CALDERA",
        "id": "CSSA-2002-033.1",
        "trust": 0.6
      },
      {
        "db": "FREEBSD",
        "id": "FREEBSD-SA-02:33",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "1",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "23199",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-5050",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#748355"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5050"
      },
      {
        "db": "BID",
        "id": "5366"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0659"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      }
    ]
  },
  "id": "VAR-200208-0144",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-5050"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:08:15.903000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "secadv_20020730",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20020730.txt"
      },
      {
        "title": "#37",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/htdocs/opensslalert.html"
      },
      {
        "title": "RHSA-2002:160",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2002-160.html"
      },
      {
        "title": "46424",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-46424-1"
      },
      {
        "title": "ISC Information for VU#748355",
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/jsha-5csl3x"
      },
      {
        "title": "RHSA-2002:160",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2002-160j.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-0659"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "http://www.securityfocus.com/bid/5366"
      },
      {
        "trust": 2.5,
        "url": "http://www.cert.org/advisories/ca-2002-23.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/748355"
      },
      {
        "trust": 2.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2002-160.html"
      },
      {
        "trust": 1.7,
        "url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.0.txt"
      },
      {
        "trust": 1.7,
        "url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.1.txt"
      },
      {
        "trust": 1.7,
        "url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-02:33.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2002-161.html"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2002-164.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.iss.net/security_center/static/9718.php"
      },
      {
        "trust": 1.6,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000516"
      },
      {
        "trust": 0.8,
        "url": "ftp://ftp.openssl.org/source/"
      },
      {
        "trust": 0.8,
        "url": "ftp://ftp.openssl.org/source/openssl-engine-0.9.6g.tar.gz"
      },
      {
        "trust": 0.8,
        "url": "ftp://ftp.openssl.org/source/openssl-engine-0.9.6g.tar.gz.asc"
      },
      {
        "trust": 0.8,
        "url": "ftp://ftp.openssl.org/source/openssl-engine-0.9.6g.tar.gz.md5"
      },
      {
        "trust": 0.8,
        "url": "http://www.ciac.org/ciac/bulletins/m-103.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0659"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr023101.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr023201.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr023601.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr023001.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnca-2002-23"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0659"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/20030416_114510.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/20030424_144742.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2965676.htm"
      },
      {
        "trust": 0.3,
        "url": "http://otn.oracle.com/deploy/security/htdocs/opensslalert.html"
      },
      {
        "trust": 0.3,
        "url": "http://docs.info.apple.com/article.html?artnum=120139"
      },
      {
        "trust": 0.3,
        "url": "http://docs.info.apple.com/article.html?artnum=120141"
      },
      {
        "trust": 0.1,
        "url": ""
      },
      {
        "trust": 0.1,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000516"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#748355"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5050"
      },
      {
        "db": "BID",
        "id": "5366"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0659"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#748355"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5050"
      },
      {
        "db": "BID",
        "id": "5366"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0659"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2002-07-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#748355"
      },
      {
        "date": "2002-08-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-5050"
      },
      {
        "date": "2002-07-30T00:00:00",
        "db": "BID",
        "id": "5366"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      },
      {
        "date": "2002-08-12T04:00:00",
        "db": "NVD",
        "id": "CVE-2002-0659"
      },
      {
        "date": "2002-07-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2002-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#748355"
      },
      {
        "date": "2008-09-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-5050"
      },
      {
        "date": "2009-07-11T14:56:00",
        "db": "BID",
        "id": "5366"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2002-000174"
      },
      {
        "date": "2008-09-10T19:12:40.273000",
        "db": "NVD",
        "id": "CVE-2002-0659"
      },
      {
        "date": "2006-09-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASN.1 parsing errors exist in implementations of SSL, TLS, S/MIME, PKCS#7 routines",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#748355"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "5366"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-052"
      }
    ],
    "trust": 0.9
  }
}

var-201506-0210
Vulnerability from variot

The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. The following are vulnerable: OpenSSL 1.0.2 prior to 1.0.2b OpenSSL 1.0.1 prior to 1.0.1n OpenSSL 1.0.0 prior to 1.0.0s OpenSSL 0.9.8 prior to 0.9.8zg. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04739301

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04739301 Version: 1

HPSBGN03371 rev.1 - HP IceWall Products running OpenSSL, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-07-10 Last Updated: 2015-07-10

Potential Security Impact: Remote Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP IceWall Products running OpenSSL. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Product Impacted Versions Impacted CVEs

HP IceWall MCRP v3.0 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792

HP IceWall SSO Dfw v10.0 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792

HP IceWall SSO Agent Option v10.0 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792

HP IceWall SSO Certd v10.0 CVE-2015-1792

HP IceWall Federation Agent v3.0 CVE-2015-1792

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP recommends applying the latest OS vendor security patches for OpenSSL to resolve the vulnerabilities for HP IceWall Products.

HP IceWall SSO Dfw v10.0 and Certd v10.0, which are running on RHEL, could be using either the OS bundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still using the OpenSSL bundled with HP IceWall, please apply the latest OS vendor security patches for OpenSSL and switch to the OpenSSL library bundled with the OS.

Documents are available at the following location with instructions to switch to the OS bundled OpenSSL library:

http://www.hp.com/jp/icewall_patchaccess

Note: The HP IceWall product is only available in Japan.

HISTORY Version:1 (rev.1) - 10 July 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201506-02

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: June 22, 2015 Bugs: #551832 ID: 201506-02

Synopsis

Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1o >= 0.9.8z_p7 >= 1.0.1o

Description

Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details.

Resolution

All OpenSSL 1.0.1 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1o"

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p7"

References

[ 1 ] CVE-2014-8176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176 [ 2 ] CVE-2015-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788 [ 3 ] CVE-2015-1789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789 [ 4 ] CVE-2015-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790 [ 5 ] CVE-2015-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791 [ 6 ] CVE-2015-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792 [ 7 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201506-02

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. ============================================================================ Ubuntu Security Notice USN-2639-1 June 11, 2015

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. (CVE-2014-8176)

Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. (CVE-2015-1788)

Robert Swiecki and Hanno B=C3=B6ck discovered that OpenSSL incorrectly handled certain ASN1_TIME strings. (CVE-2015-1791)

Johannes Bauer discovered that OpenSSL incorrectly handled verifying signedData messages using the CMS code. (CVE-2015-1792)

As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.4

Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.8

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.15

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.31

After a standard system update you need to reboot your computer to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2639-1 CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.4 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.8 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.15 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.31 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-15:10.openssl Security Advisory The FreeBSD Project

Topic: Multiple OpenSSL vulnerabilities

Category: contrib Module: openssl Announced: 2015-06-12 Affects: All supported versions of FreeBSD. Corrected: 2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE) 2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12) 2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE) 2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16) 2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE) 2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30) CVE Name: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 CVE-2015-1792, CVE-2015-4000

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. [CVE-2015-1791]

The OpenSSL advisory also describes a problem that is identified as CVE-2014-8176, which is already fixed by an earlier FreeBSD Errata Notice, FreeBSD-EN-15:02.openssl.

III. [CVE-2015-4000]. [CVE-2015-1788]. This affects FreeBSD 10.1 only, as the problem was no longer exist in OpenSSL 0.9.8 series since July 2012. [CVE-2015-1790]. [CVE-2015-1792]

An attacker may be able to crash multi-thread applications that supports resumed TLS handshakes. [CVE-2015-1791]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.1]

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc

gpg --verify openssl-10.1.patch.asc

[FreeBSD 9.3 and 8.4]

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc

gpg --verify openssl-8.4.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r284286 releng/8.4/ r284295 stable/9/ r284286 releng/9.3/ r284295 stable/10/ r284285 releng/10.1/ r284295

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.4 (FreeBSD)

iQIcBAEBCgAGBQJVeopGAAoJEO1n7NZdz2rnzhQP/Ak6el188Y+7QbEYVfCZ7eG8 BQLj5TMGHV5swSKVlPcEuBlMwTjpgB5Gqhc8luDS0eIAuJGdcMPSrZDdXxWQFtPf pbfIwp/ElFc7d6ut0Y8t6fFLJbhTOoHJpzTGkFRfJkjinGOx7OZQPeLJsxSubbnL JKugZ3diH6yk6IPMf9SvhO/kYXUF1VbXQvHNTnqgdhFVkgF6tK22Pkl2XoJ9EHbh vBXft1yJwiYlZ//DxZuScTUj1pHYzK3bOpg//REJMWCMj1RVwQr2EyDa0Q2cT02d eRnSZykXD69eybyzEck+BvwnUYYJICimnHuE5t78UIr0D/NWyOAZTQ99z5TID5aV HXkcil+1E/Q+xBB4+5UOOnESf6cmiWwewQOVvD26ZY39E6oJXvsrWnyxIuCG6DL9 sLtxB6iTYlTX5Civ/VJX8H7rFiw4UwMembthvGzck22026iHjplWM3GCWz0E8O3R PrXBHjAzNFawK3owNMxFSUFTuFw/qY7EEwJ3SKCEC+hoxcLOl26NMxrQKRIAUk+I MMOaZfvOh2uM19y9SJZz8+sqU8gIm7ihDm5fuSkO8kY0jdvLwyS9bXAejN/lZ6oJ TyfTDDyXDOdaPpnpQehh6vQV0NiaJ+WXfGhfiE8/G/t6b1E0LlCaaGJTpYkildGe vVCM4Nyx4S9WDFOi76ug =dyhg -----END PGP SIGNATURE----- .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz: Upgraded. Fixes several bugs and security issues: o Malformed ECParameters causes infinite loop (CVE-2015-1788) o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) o CMS verify infinite loop with unknown hash function (CVE-2015-1792) o Race condition handling NewSessionTicket (CVE-2015-1791) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791 ( Security fix ) patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 383ecfed6bfef1440a44d7082745848a openssl-0.9.8zg-i486-1_slack13.0.txz fb186187ffa200e22d9450a9d0e321f6 openssl-solibs-0.9.8zg-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: eb52318ed52fef726402f0b2a74745c5 openssl-0.9.8zg-x86_64-1_slack13.0.txz 9447927b960a01b21149e28a9783021f openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 37f46f6b4fe2acbe217eaf7c0b33b704 openssl-0.9.8zg-i486-1_slack13.1.txz 986de2e71676f61d788a59a1e0c8de1f openssl-solibs-0.9.8zg-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 6b160ce817dcde3ae5b3a861b284387b openssl-0.9.8zg-x86_64-1_slack13.1.txz 503d891680c711162386ea7e3daadca8 openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 5e7501b1d73d01d3d87704c3cfd3a888 openssl-0.9.8zg-i486-1_slack13.37.txz 874f0b59870dd3f259640c9930a02f99 openssl-solibs-0.9.8zg-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: b6d91614458040d461dff3c3eab45206 openssl-0.9.8zg-x86_64-1_slack13.37.txz be106df5e59c2be7fa442df8ba85ad0b openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz

Slackware 14.0 packages: ee7c3937e6a6d7ac7537f751af7da7b9 openssl-1.0.1n-i486-1_slack14.0.txz 758662437d33f99ec0a686cedeb1919e openssl-solibs-1.0.1n-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 2dfdc4729e93cf460018e9e30a6223dc openssl-1.0.1n-x86_64-1_slack14.0.txz 9cb4b34e97e60f6bfe4c843aabeae954 openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 5a9bf08d55615cfc097109c2e3786f7b openssl-1.0.1n-i486-1_slack14.1.txz fb1c05468e5c38d51a8ff6ac435e3a20 openssl-solibs-1.0.1n-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 1ef5cede3f954c3e4741012ffa76b750 openssl-1.0.1n-x86_64-1_slack14.1.txz ea22c288c60ae1d7ea8c5b3a1608462b openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz

Slackware -current packages: 56db8712d653c060f910e8915a8f8656 a/openssl-solibs-1.0.1n-i586-1.txz 6d6264c9943e27240db5c8f5ec342e27 n/openssl-1.0.1n-i586-1.txz

Slackware x86_64 -current packages: e73f7aff5aa0ad14bc06428544f99ae2 a/openssl-solibs-1.0.1n-x86_64-1.txz 91b550b9eb0ac0c580e158375a93c0e4 n/openssl-1.0.1n-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [11 Jun 2015] =======================================

DHE man-in-the-middle protection (Logjam)

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000).

OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n

Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx of the OpenSSL development team.

This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled.

This issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent 1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The fix was developed by Andy Polyakov of the OpenSSL development team.

Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)

Severity: Moderate

X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string.

An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki (Google), and independently on 11th April 2015 by Hanno Böck. The fix was developed by Emilia Käsper of the OpenSSL development team.

PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)

Severity: Moderate

The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.

Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 18th April 2015 by Michal Zalewski (Google). The fix was developed by Emilia Käsper of the OpenSSL development team.

CMS verify infinite loop with unknown hash function (CVE-2015-1792)

Severity: Moderate

When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID.

This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Race condition handling NewSessionTicket (CVE-2015-1791)

Severity: Low

If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was discovered by Emilia Käsper of the OpenSSL development team. The fix was developed by Matt Caswell of the OpenSSL development team.

Invalid free in DTLS (CVE-2014-8176)

Severity: Moderate

This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014.

If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption.

This issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

This issue was originally reported on March 28th 2014 in https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google). A fix was developed by zhu qun-ying.

The fix for this issue can be identified by commits bcc31166 (1.0.1), b79e6e3a (1.0.0) and 4b258e73 (0.9.8).

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150611.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0210",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zf"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.9,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "hs series all versions"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator probe option ver3.1.0.x to  ver4.1.0.x"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1 to  v8.1"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c cmm"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator agent ver3.3 to  ver4.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v4.2 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.2"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.54"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c ucm"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v7.1"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v7.1 to  v8.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "systemmanager ver5.5.2 to  ver6.2.1"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.53"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v4.1 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.2"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "jobcenter r14.1"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7500/nv5500/nv3500 series"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.4 to  v9.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v4.1 to  v6.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0s"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7400/nv5400/nv3400 series"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator manager ver3.2.2 to  ver4.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v4.2 to  v6.5"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "mcoperations ver3.6.2 to  ver4.2"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v7.1 to  v8.1"
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle exalogic infrastructure eecs 2.0.6.2.3"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "uddi registry v1.1 to  v7.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0 manager component"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.0.0"
      },
      {
        "model": "junos 12.1x44-d33",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "hp-ux b.11.22",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "buildforge ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.28"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.5"
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 14.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "open source siem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "junos 13.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "ascenlink",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.2.3"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "hp-ux b.11.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d51",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.9"
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "junos 13.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "imc products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "junos 12.1x44-d50",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server eus 6.6.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "junos 14.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "linux enterprise server sp2 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "communications security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "qradar incident forensics mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.10.38"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.00"
      },
      {
        "model": "filenet system monitor interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.0.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.3x48-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.33"
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "enterprise content management system monitor fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.02"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 15.1r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.03"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "junos 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "rational policy tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.1"
      },
      {
        "model": "junos 14.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "enterprise content management system monitor interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.3"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "junos 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "security proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "aura conferencing sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.11.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "junos 12.1x44-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x44-d30.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "junos 15.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos d20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "exalogic infrastructure eecs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.6.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.213"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.14"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "hp-ux b.11.11.16.09",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.12.3"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.413"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.34"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.14"
      },
      {
        "model": "cognos insight standard edition fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.214"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.16"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "icewall federation agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "hp-ux b.11.11.13.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "junos 14.1r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.16"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "hp-ux b.11.23.1.007",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "forticlient windows/mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security identity governance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "ds8870 r7.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.2.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.411"
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.12.4"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.12"
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.18"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.0.4.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "junos 13.2x51-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 14.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "fortivoice enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.6"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "hp-ux b.11.11.02.008",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.11"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.16"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.0"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x46-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.21.0"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "project openssl 0.9.8zg",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 14.2r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "junos 13.2x51-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "powerkvm build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.157"
      },
      {
        "model": "junos 13.2x51-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "buildforge ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.66"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "16.1"
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "insight orchestration",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "qradar siem mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1"
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "vcx products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational software architect for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "junos 12.1x47-d45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "qradar siem mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "hp-ux b.11.11.17.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.01"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.1.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "secure backup",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "project openssl 0.9.8zf",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "hp-ux b.11.23.07.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "qradar incident forensics mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "aura conferencing sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.3"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.15"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.02"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 12.1x46-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.3"
      },
      {
        "model": "junos 12.3r11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "linux enterprise server sp1 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.1"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.5"
      },
      {
        "model": "junos 13.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "cognos insight standard edition fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.24"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.3"
      },
      {
        "model": "infosphere guardium for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 15.1x49-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.41"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.2"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "junos 14.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "buildforge ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.37"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "workload deployer if9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.10"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.13"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.2"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "junos 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "16.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.6"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "cognos insight standard edition fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.124"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.0"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "fsso build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "235"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "hp-ux b.11.11.14.15",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "junos 12.1x44-d35.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.3x48-d30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.20.0"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.5"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.01"
      },
      {
        "model": "unified security management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.15"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "junos 13.2x51-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "hp-ux b.11.11.15.13",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.05"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.12"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "junos 15.1x49-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.3"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "icewall sso certd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.3r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.214"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.19"
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75154"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zf",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Johannes Bauer",
    "sources": [
      {
        "db": "BID",
        "id": "75154"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-1792",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-1792",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1792",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-1792",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1792"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. \nThe following are vulnerable:\nOpenSSL 1.0.2 prior to 1.0.2b\nOpenSSL 1.0.1 prior to 1.0.1n\nOpenSSL 1.0.0 prior to 1.0.0s\nOpenSSL 0.9.8 prior to 0.9.8zg. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04739301\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04739301\nVersion: 1\n\nHPSBGN03371 rev.1 - HP IceWall Products running OpenSSL, Remote Denial of\nService (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-07-10\nLast Updated: 2015-07-10\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP IceWall\nProducts running OpenSSL. The vulnerabilities could be exploited remotely\nresulting in Denial of Service (DoS). \nProduct\n Impacted Versions\n Impacted CVEs\n\nHP IceWall MCRP\n v3.0\n CVE-2015-1789\nCVE-2015-1790\nCVE-2015-1792\n\nHP IceWall SSO Dfw\n v10.0\n CVE-2015-1789\nCVE-2015-1790\nCVE-2015-1792\n\nHP IceWall SSO Agent Option\n v10.0\n CVE-2015-1789\nCVE-2015-1790\nCVE-2015-1792\n\nHP IceWall SSO Certd\n v10.0\n CVE-2015-1792\n\nHP IceWall Federation Agent\n v3.0\n CVE-2015-1792\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP recommends applying the latest OS vendor security patches for OpenSSL to\nresolve the vulnerabilities for HP IceWall Products. \n\n  HP IceWall SSO Dfw v10.0 and Certd v10.0, which are running on RHEL, could\nbe using either the OS bundled OpenSSL library or the OpenSSL bundled with HP\nIceWall. If still using the OpenSSL bundled with HP IceWall, please apply the\nlatest OS vendor security patches for OpenSSL and switch to the OpenSSL\nlibrary bundled with the OS. \n\n  Documents are available at the following location with instructions to\nswitch to the OS bundled OpenSSL library:\n\n    http://www.hp.com/jp/icewall_patchaccess\n\n  Note: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 10 July 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201506-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: June 22, 2015\n     Bugs: #551832\n       ID: 201506-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL that can result in\neither Denial of Service or information disclosure. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.1o               \u003e= 0.9.8z_p7\n                                                            \u003e= 1.0.1o\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1o\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-8176\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176\n[ 2 ] CVE-2015-1788\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788\n[ 3 ] CVE-2015-1789\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789\n[ 4 ] CVE-2015-1790\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790\n[ 5 ] CVE-2015-1791\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791\n[ 6 ] CVE-2015-1792\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792\n[ 7 ] CVE-2015-4000\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201506-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. ============================================================================\nUbuntu Security Notice USN-2639-1\nJune 11, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nPraveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that\nOpenSSL incorrectly handled memory when buffering DTLS data. (CVE-2014-8176)\n\nJoseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed\nECParameters structures. (CVE-2015-1788)\n\nRobert Swiecki and Hanno B=C3=B6ck discovered that OpenSSL incorrectly handled\ncertain ASN1_TIME strings. \n(CVE-2015-1791)\n\nJohannes Bauer discovered that OpenSSL incorrectly handled verifying\nsignedData messages using the CMS code. \n(CVE-2015-1792)\n\nAs a security improvement, this update also modifies OpenSSL behaviour to\nreject DH key sizes below 768 bits, preventing a possible downgrade\nattack. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n  libssl1.0.0                     1.0.1f-1ubuntu11.4\n\nUbuntu 14.10:\n  libssl1.0.0                     1.0.1f-1ubuntu9.8\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.15\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.31\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2639-1\n  CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790,\n  CVE-2015-1791, CVE-2015-1792\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.4\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.8\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.15\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.31\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:10.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          Multiple OpenSSL vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2015-06-12\nAffects:        All supported versions of FreeBSD. \nCorrected:      2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE)\n                2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12)\n                2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE)\n                2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16)\n                2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE)\n                2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30)\nCVE Name:       CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791\n                CVE-2015-1792, CVE-2015-4000\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. [CVE-2015-1791]\n\nThe OpenSSL advisory also describes a problem that is identified as\nCVE-2014-8176, which is already fixed by an earlier FreeBSD Errata\nNotice, FreeBSD-EN-15:02.openssl. \n\nIII. [CVE-2015-4000]. \n[CVE-2015-1788].  This affects FreeBSD 10.1 only, as the problem\nwas no longer exist in OpenSSL 0.9.8 series since July 2012. [CVE-2015-1790]. [CVE-2015-1792]\n\nAn attacker may be able to crash multi-thread applications that\nsupports resumed TLS handshakes. [CVE-2015-1791]\n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\n[FreeBSD 9.3 and 8.4]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc\n# gpg --verify openssl-8.4.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r284286\nreleng/8.4/                                                       r284295\nstable/9/                                                         r284286\nreleng/9.3/                                                       r284295\nstable/10/                                                        r284285\nreleng/10.1/                                                      r284295\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20150611.txt\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\u003e \n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:10.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.4 (FreeBSD)\n\niQIcBAEBCgAGBQJVeopGAAoJEO1n7NZdz2rnzhQP/Ak6el188Y+7QbEYVfCZ7eG8\nBQLj5TMGHV5swSKVlPcEuBlMwTjpgB5Gqhc8luDS0eIAuJGdcMPSrZDdXxWQFtPf\npbfIwp/ElFc7d6ut0Y8t6fFLJbhTOoHJpzTGkFRfJkjinGOx7OZQPeLJsxSubbnL\nJKugZ3diH6yk6IPMf9SvhO/kYXUF1VbXQvHNTnqgdhFVkgF6tK22Pkl2XoJ9EHbh\nvBXft1yJwiYlZ//DxZuScTUj1pHYzK3bOpg//REJMWCMj1RVwQr2EyDa0Q2cT02d\neRnSZykXD69eybyzEck+BvwnUYYJICimnHuE5t78UIr0D/NWyOAZTQ99z5TID5aV\nHXkcil+1E/Q+xBB4+5UOOnESf6cmiWwewQOVvD26ZY39E6oJXvsrWnyxIuCG6DL9\nsLtxB6iTYlTX5Civ/VJX8H7rFiw4UwMembthvGzck22026iHjplWM3GCWz0E8O3R\nPrXBHjAzNFawK3owNMxFSUFTuFw/qY7EEwJ3SKCEC+hoxcLOl26NMxrQKRIAUk+I\nMMOaZfvOh2uM19y9SJZz8+sqU8gIm7ihDm5fuSkO8kY0jdvLwyS9bXAejN/lZ6oJ\nTyfTDDyXDOdaPpnpQehh6vQV0NiaJ+WXfGhfiE8/G/t6b1E0LlCaaGJTpYkildGe\nvVCM4Nyx4S9WDFOi76ug\n=dyhg\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1n-i486-1_slack14.1.txz:  Upgraded. \n  Fixes several bugs and security issues:\n   o Malformed ECParameters causes infinite loop (CVE-2015-1788)\n   o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n   o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n   o CMS verify infinite loop with unknown hash function (CVE-2015-1792)\n   o Race condition handling NewSessionTicket (CVE-2015-1791)\n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n383ecfed6bfef1440a44d7082745848a  openssl-0.9.8zg-i486-1_slack13.0.txz\nfb186187ffa200e22d9450a9d0e321f6  openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\neb52318ed52fef726402f0b2a74745c5  openssl-0.9.8zg-x86_64-1_slack13.0.txz\n9447927b960a01b21149e28a9783021f  openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n37f46f6b4fe2acbe217eaf7c0b33b704  openssl-0.9.8zg-i486-1_slack13.1.txz\n986de2e71676f61d788a59a1e0c8de1f  openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n6b160ce817dcde3ae5b3a861b284387b  openssl-0.9.8zg-x86_64-1_slack13.1.txz\n503d891680c711162386ea7e3daadca8  openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n5e7501b1d73d01d3d87704c3cfd3a888  openssl-0.9.8zg-i486-1_slack13.37.txz\n874f0b59870dd3f259640c9930a02f99  openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nb6d91614458040d461dff3c3eab45206  openssl-0.9.8zg-x86_64-1_slack13.37.txz\nbe106df5e59c2be7fa442df8ba85ad0b  openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nee7c3937e6a6d7ac7537f751af7da7b9  openssl-1.0.1n-i486-1_slack14.0.txz\n758662437d33f99ec0a686cedeb1919e  openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2dfdc4729e93cf460018e9e30a6223dc  openssl-1.0.1n-x86_64-1_slack14.0.txz\n9cb4b34e97e60f6bfe4c843aabeae954  openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n5a9bf08d55615cfc097109c2e3786f7b  openssl-1.0.1n-i486-1_slack14.1.txz\nfb1c05468e5c38d51a8ff6ac435e3a20  openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1ef5cede3f954c3e4741012ffa76b750  openssl-1.0.1n-x86_64-1_slack14.1.txz\nea22c288c60ae1d7ea8c5b3a1608462b  openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n56db8712d653c060f910e8915a8f8656  a/openssl-solibs-1.0.1n-i586-1.txz\n6d6264c9943e27240db5c8f5ec342e27  n/openssl-1.0.1n-i586-1.txz\n\nSlackware x86_64 -current packages:\ne73f7aff5aa0ad14bc06428544f99ae2  a/openssl-solibs-1.0.1n-x86_64-1.txz\n91b550b9eb0ac0c580e158375a93c0e4  n/openssl-1.0.1n-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. OpenSSL Security Advisory [11 Jun 2015]\n=======================================\n\nDHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA vulnerability in the TLS protocol allows a man-in-the-middle\nattacker to downgrade vulnerable TLS connections using ephemeral\nDiffie-Hellman key exchange to 512-bit export-grade cryptography. This\nvulnerability is known as Logjam (CVE-2015-4000). \n\nOpenSSL has added protection for TLS clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. This limit will be increased\nto 1024 bits in a future release. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\n\nFixes for this issue were developed by Emilia K\u00e4sper and Kurt Roeckx\nof the OpenSSL development team. \n\nThis can be used to perform denial of service against any\nsystem which processes public keys, certificate requests or\ncertificates.  This includes TLS clients and TLS servers with\nclient authentication enabled. \n\nThis issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent\n1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s\nOpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The\nfix was developed by Andy Polyakov of the OpenSSL development team. \n\nExploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n===============================================================\n\nSeverity: Moderate\n\nX509_cmp_time does not properly check the length of the ASN1_TIME\nstring and can read a few bytes out of bounds. In addition,\nX509_cmp_time accepts an arbitrary number of fractional seconds in the\ntime string. \n\nAn attacker can use this to craft malformed certificates and CRLs of\nvarious sizes and potentially cause a segmentation fault, resulting in\na DoS on applications that verify certificates or CRLs. TLS clients\nthat verify CRLs are affected. TLS clients and servers with client\nauthentication enabled may be affected if they use custom verification\ncallbacks. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki\n(Google), and independently on 11th April 2015 by Hanno B\u00f6ck. The fix\nwas developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n=========================================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\nwith missing content and trigger a NULL pointer dereference on parsing. \n\nApplications that decrypt PKCS#7 data or otherwise parse PKCS#7\nstructures from untrusted sources are affected. OpenSSL clients and\nservers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 18th April 2015 by  Michal\nZalewski (Google). The fix was developed by Emilia K\u00e4sper of the\nOpenSSL development team. \n\nCMS verify infinite loop with unknown hash function (CVE-2015-1792)\n===================================================================\n\nSeverity: Moderate\n\nWhen verifying a signedData message the CMS code can enter an infinite loop\nif presented with an unknown hash function OID. \n\nThis can be used to perform denial of service against any system which\nverifies signedData messages using the CMS code. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The\nfix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nRace condition handling NewSessionTicket (CVE-2015-1791)\n========================================================\n\nSeverity: Low\n\nIf a NewSessionTicket is received by a multi-threaded client when attempting to\nreuse a previous ticket then a race condition can occur potentially leading to\na double free of the ticket data. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was discovered by Emilia K\u00e4sper of the OpenSSL development team. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nInvalid free in DTLS (CVE-2014-8176)\n====================================\n\nSeverity: Moderate\n\nThis vulnerability does not affect current versions of OpenSSL. It\nexisted in previous OpenSSL versions and was fixed in June 2014. \n\nIf a DTLS peer receives application data between the ChangeCipherSpec\nand Finished messages, buffering of such data may cause an invalid\nfree, resulting in a segmentation fault or potentially, memory\ncorruption. \n\nThis issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThis issue was originally reported on March 28th 2014 in\nhttps://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen\nKariyanahalli, and subsequently by Ivan Fratric and Felix Groebert\n(Google). A fix was developed by zhu qun-ying. \n\nThe fix for this issue can be identified by commits bcc31166 (1.0.1),\nb79e6e3a (1.0.0) and 4b258e73 (0.9.8). \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150611.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1792"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "db": "BID",
        "id": "75154"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1792"
      },
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1792",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "75154",
        "trust": 1.4
      },
      {
        "db": "JUNIPER",
        "id": "JSA10694",
        "trust": 1.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10122",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1032564",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU91445763",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1792",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132637",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132398",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132260",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132288",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132285",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136989",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169629",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1792"
      },
      {
        "db": "BID",
        "id": "75154"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "id": "VAR-201506-0210",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2242063475
  },
  "last_update_date": "2024-07-23T20:20:15.383000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "title": "Canonicalise input in CMS_verify.",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/cd30f03ac5bf2962f44bd02ae8d88245dff2f12c"
      },
      {
        "title": "HPSBUX03388",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2"
      },
      {
        "title": "HPSBMU03546",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05045763"
      },
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/522154/index.html"
      },
      {
        "title": "NV15-010",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-010.html"
      },
      {
        "title": "OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "title": "Tarballs",
        "trust": 0.8,
        "url": "https://www.openssl.org/source/"
      },
      {
        "title": "[11 Jun 2015] DHE man-in-the-middle protection (Logjam)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "JSA10694",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "title": "TLSA-2015-14",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-14j.html"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1129/1129443_cisco-sa-20150612-openssl-j.html"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/07/06/hpe_rushes_out_patch_for_more_than_a_year_of_openssl_vulns/"
      },
      {
        "title": "Red Hat: CVE-2015-1792",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1792"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2639-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-550",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-550"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150611\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-07"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150612-openssl"
      },
      {
        "title": "Symantec Security Advisories: SA98 : OpenSSL Security Advisory 11-June-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a7350b0751124b5a44ba8dbd2df71f9f"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-1792 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1792"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "trust": 1.4,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.4,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1115.html"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/75154"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201506-02"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2639-1"
      },
      {
        "trust": 1.1,
        "url": "https://github.com/openssl/openssl/commit/cd30f03ac5bf2962f44bd02ae8d88245dff2f12c"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131044"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143654156615516\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "https://openssl.org/news/secadv/20150611.txt"
      },
      {
        "trust": 1.1,
        "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.1,
        "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa98"
      },
      {
        "trust": 1.1,
        "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05353965"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.1,
        "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160647.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160436.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032564"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3287"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1792"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022444"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965845"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/13"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04739301"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05353965"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/135"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022527"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1022724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005313"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21961837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962520"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963232"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963954"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965415"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21966484"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022655"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098801"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101012435"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-014/"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/5438/security-advisory-alienvault-v5-0-4-addresses-31-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962726"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005375"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020862"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022647"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962686"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961800"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961633"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964033"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963532"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960157"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962493"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?rs=0\u0026uid=swg21963438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959518"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961569"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963270"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964113"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005314"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966847"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966873"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967384"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968046"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968871"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970020"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970103"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970667"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963603"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966381"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2639-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=43094"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/jp/icewall_patchaccess"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.8"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.15"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.31"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20150611.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4000\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-15:10.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/swpublishing/mtx-b59b11be53744759a650eadeb4"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/sim"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightcontrol"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://rt.openssl.org/ticket/display.html?id=3286"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1792"
      },
      {
        "db": "BID",
        "id": "75154"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1792"
      },
      {
        "db": "BID",
        "id": "75154"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1792"
      },
      {
        "date": "2015-06-11T00:00:00",
        "db": "BID",
        "id": "75154"
      },
      {
        "date": "2015-06-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "date": "2015-07-10T15:43:15",
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "date": "2015-06-22T14:14:00",
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "date": "2015-06-11T23:39:03",
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "date": "2015-06-12T13:25:28",
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "date": "2015-06-12T13:17:58",
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "date": "2016-05-13T16:14:13",
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "date": "2016-06-02T19:12:12",
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "date": "2015-06-11T12:12:12",
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "date": "2015-06-12T19:59:05.273000",
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1792"
      },
      {
        "date": "2017-05-02T04:06:00",
        "db": "BID",
        "id": "75154"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "date": "2023-02-13T00:46:54.330000",
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "75154"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/cms/cms_smime.c of  do_free_upto Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "75154"
      }
    ],
    "trust": 0.3
  }
}

var-201608-0006
Vulnerability from variot

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command. Supplementary information : CWE Vulnerability type by CWE-125: Out-of-bounds Read ( Read out of bounds ) Has been identified. OpenSSL is prone to a local denial-of-service vulnerability. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-2178)

  • It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181)

  • An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. (CVE-2016-2182)

  • A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)

This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.

  • An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. (CVE-2016-6302)

  • Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm

ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm

s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm

ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm

s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm

s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/

CVE-2016-2178

Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.

CVE-2016-2179 / CVE-2016-2181

Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4.

For the unstable distribution (sid), these problems will be fixed soon.

Gentoo Linux Security Advisory GLSA 201612-16

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2j >= 1.0.2j

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"

References

[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201612-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016

openssl regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

USN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.

We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38

After a standard system update you need to reboot your computer to make all the necessary changes. OpenSSL Security Advisory [22 Sep 2016] ========================================

OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

Severity: High

A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.

Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.

OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

SSL_peek() hang on empty record (CVE-2016-6305)

Severity: Moderate

OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.

SWEET32 Mitigation (CVE-2016-2183)

Severity: Low

SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.

OOB write in MDC2_Update() (CVE-2016-6303)

Severity: Low

An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.

The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Malformed SHA512 ticket DoS (CVE-2016-6302)

Severity: Low

If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.

The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB write in BN_bn2dec() (CVE-2016-2182)

Severity: Low

The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB read in TS_OBJ_print_bio() (CVE-2016-2180)

Severity: Low

The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Pointer arithmetic undefined behaviour (CVE-2016-2177)

Severity: Low

Avoid some undefined pointer arithmetic

A common idiom in the codebase is to check limits in the following manner: "p + len > limit"

Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS message).

The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.

For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

Constant time flag not preserved in DSA signing (CVE-2016-2178)

Severity: Low

Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.

DTLS buffered message DoS (CVE-2016-2179)

Severity: Low

In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.

DTLS replay protection DoS (CVE-2016-2181)

Severity: Low

A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.

Certificate message OOB reads (CVE-2016-6306)

Severity: Low

In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.

The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.

OpenSSL 1.1.0 is not affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)

Severity: Low

A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect DTLS users.

OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)

Severity: Low

This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.

A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect TLS users.

OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201608-0006",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1t"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "(linux edition )"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "sg3600 all series"
      },
      {
        "model": "ix1000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard v8.2 to  v9.4"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v8.5"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "webex centers t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13150-13"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zg",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series blade switches 4.1 e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "stealthwatch management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment 5.1.fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.2"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.5"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router 1.2.1rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.14"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches standalone nx-os mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3.1"
      },
      {
        "model": "nexus series switches standalone nx-os mode 7.0 i5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.26"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.11"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.1.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.9"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.8"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "telepresence sx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0.1"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8200"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.9"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "unified communications manager im \u0026 presence service (formerly c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.5"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.1.3"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0.7"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.11"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "partner support service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.9"
      },
      {
        "model": "cloud web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "email gateway 7.6.2h968406",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.8"
      },
      {
        "model": "webex meetings client on-premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6(1)"
      },
      {
        "model": "services provisioning platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "nac appliance clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.405"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "services provisioning platform sfp1.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.8"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.5"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "jabber for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.4"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.9"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3.8"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "stealthwatch identity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.2"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2(1)"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.1"
      },
      {
        "model": "unified workforce optimization quality management solution 11.5 su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "universal small cell iuh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.2"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "jabber client framework components",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "webex meetings client on-premises t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dcm series d9900 digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.19"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.4"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "prime network services controller 1.01u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9.15.9.8"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.10"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103204.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.10"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "api connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.1"
      },
      {
        "model": "telepresence system ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.1.0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.5(3)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series blade switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-376.1"
      },
      {
        "model": "jabber for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence profile series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1.0.0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.10"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.28"
      },
      {
        "model": "edge digital media player 1.6rb5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.12"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "telepresence isdn gateway mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "wireless lan controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.3"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.33"
      },
      {
        "model": "telepresence mx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.23"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.401"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.8"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.7"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "tandberg codian isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway 7.6.405h1165239",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.9"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9.0"
      },
      {
        "model": "digital media manager 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.2"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.7"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.3"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.19"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.2"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "webex meetings server multimedia platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "unified ip conference phone 10.3.1sr4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.5"
      },
      {
        "model": "series stackable managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.0.2"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.11"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.0.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "aironet series access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27000"
      },
      {
        "model": "onepk all-in-one virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13006.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11006.1"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "telepresence sx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5"
      },
      {
        "model": "nac appliance clean access server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.0.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime optical for service providers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart care",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.11"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "edge digital media player 1.2rb1.0.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "340"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "network performance analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.19"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82.8"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.7"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.7"
      },
      {
        "model": "telepresence integrator c series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "content security management appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.140"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.8"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.14"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "jabber client framework components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4"
      },
      {
        "model": "unified sip proxy software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8."
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.403"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "unified sip proxy software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.4.7895"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "telepresence server and mse",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087104.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.6"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "ucs series and series fabric interconnects",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "620063000"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.3.0"
      },
      {
        "model": "netflow generation appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(1)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.6"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.2"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.3-6513"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.28"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.9"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.29"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.8.15.7.15"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.2.0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "prime infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zh",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.23"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103200"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.24"
      },
      {
        "model": "content security appliance update servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "videoscape anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.7.2"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.6"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.9"
      },
      {
        "model": "universal small cell iuh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1.1"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.2"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.4"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-326.1"
      },
      {
        "model": "unity express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.8"
      },
      {
        "model": "small business series managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10006.1"
      },
      {
        "model": "telepresence isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "series smart plus switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2200"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.4.1102"
      },
      {
        "model": "access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.3.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "stored iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "project openssl 0.9.8zf",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0x"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "telepresence system series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30006.1"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.4"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.13"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.12"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.5"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.9"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.32"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.9"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "mds series multilayer switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-3.0"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.1"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart net total care local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.12"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.8.9"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "prime performance manager sp1611",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "unified ip phone 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.23"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.10"
      },
      {
        "model": "telepresence server and mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087100"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.19"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270015.5(3)"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.30"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.4"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.11"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.3.0.1098"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "digital media manager 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified workforce optimization quality management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.13"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "cloud object storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.5"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.4"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.4"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7.0"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47100"
      },
      {
        "model": "oss support tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.15.17.3.14"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x0"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.2.0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.2"
      },
      {
        "model": "prime infrastructure plug and play standalone gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.6"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.19"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.3"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4.1"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.8"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "telepresence mcu",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5(1.89)"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.003(002)"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.31"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8204.4"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.3"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.13"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.400"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "prime network",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "431"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.26"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "network analysis module 6.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system ex series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mxe series media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "ip series phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.9"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.27"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.17"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.18"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2.0.0"
      },
      {
        "model": "unified meetingplace 8.6mr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.406-3402.103"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.9"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "spa525g 5-line ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "unified ip conference phone for third-party call control 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.6"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway 7.6.405h1157986",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.23"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "webex meetings client hosted t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.15"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1.30"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.4.1.5.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.402"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "92117"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004110"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2180"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-952"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2180"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Shi Lei.,The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-952"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-2180",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-2180",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-2180",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2180",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201607-952",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-2180",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2180"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004110"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2180"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-952"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the \"openssl ts\" command. Supplementary information : CWE Vulnerability type by CWE-125: Out-of-bounds Read ( Read out of bounds ) Has been identified. OpenSSL is prone to a local denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2016:1940-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1940.html\nIssue date:        2016-09-27\nCVE Names:         CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 \n                   CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 \n                   CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. \n(CVE-2016-2178)\n\n* It was discovered that the Datagram TLS (DTLS) implementation could fail\nto release memory in certain cases. A malicious DTLS client could cause a\nDTLS server using OpenSSL to consume an excessive amount of memory and,\npossibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw\nto make a DTLS server using OpenSSL to reject further packets sent from a\nDTLS client over an established DTLS connection. (CVE-2016-2181)\n\n* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()\nfunction. (CVE-2016-2182)\n\n* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL\nprotocol. A man-in-the-middle attacker could use this flaw to recover some\nplaintext data by capturing large amounts of encrypted traffic between\nTLS/SSL server and client if the communication used a DES/3DES based\nciphersuite. (CVE-2016-2183)\n\nThis update mitigates the CVE-2016-2183 issue by lowering priority of DES\ncipher suites so they are not preferred over cipher suites using AES. For\ncompatibility reasons, DES cipher suites remain enabled by default and\nincluded in the set of cipher suites identified by the HIGH cipher string. \nFuture updates may move them to MEDIUM or not enable them by default. \n\n* An integer underflow flaw leading to a buffer over-read was found in the\nway OpenSSL parsed TLS session tickets. (CVE-2016-6302)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. A remote attacker could\npossibly use these flaws to crash a TLS/SSL server or client using OpenSSL. \n(CVE-2016-6306)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2179\nhttps://access.redhat.com/security/cve/CVE-2016-2180\nhttps://access.redhat.com/security/cve/CVE-2016-2181\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.openssl.org/news/secadv/20160922.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI\nxpTW7ApBLmKhVjs49DGYouI=\n=4VgY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Additional information can be found at\n    https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/    \n\nCVE-2016-2178\n\n    Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n    leak in the DSA code. \n\nCVE-2016-2179 / CVE-2016-2181\n\n    Quan Luo and the OCAP audit team discovered denial of service\n    vulnerabilities in DTLS. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4. \n\nFor the unstable distribution (sid), these problems will be fixed soon. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 07, 2016\n     Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n           #592082, #594500, #595186\n       ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2j                  \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[  1 ] CVE-2016-2105\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[  2 ] CVE-2016-2106\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[  3 ] CVE-2016-2107\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[  4 ] CVE-2016-2108\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[  5 ] CVE-2016-2109\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[  6 ] CVE-2016-2176\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[  7 ] CVE-2016-2177\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[  8 ] CVE-2016-2178\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[  9 ] CVE-2016-2180\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n       http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. This\n issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n  Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2181)\n  Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n  Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. \n (CVE-2016-2183)\n  Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)\n  Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2.  OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2180"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004110"
      },
      {
        "db": "BID",
        "id": "92117"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2180"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2180",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "92117",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1036486",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-20",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-21",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-16",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "PULSESECURE",
        "id": "SA40312",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU98667810",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004110",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-952",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2180",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138870",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138817",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140056",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138820",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138826",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169633",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2180"
      },
      {
        "db": "BID",
        "id": "92117"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004110"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2180"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-952"
      }
    ]
  },
  "id": "VAR-201608-0006",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.3797576935714285
  },
  "last_update_date": "2023-12-18T11:04:13.313000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160927-openssl",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "title": "Fix OOB read in TS_OBJ_print_bio().",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a"
      },
      {
        "title": "1995039",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "title": "NV17-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Oracle Linux Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "title": "Bug 1359615",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359615"
      },
      {
        "title": "SA40312",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "title": "SA132",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaapsv"
      },
      {
        "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "title": "TNS-2016-16",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "title": "OpenSSL Fixes for local denial of service vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=63306"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-2180"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-755",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c"
      },
      {
        "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16"
      },
      {
        "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
      },
      {
        "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "alpine-cvecheck",
        "trust": 0.1,
        "url": "https://github.com/tomwillfixit/alpine-cvecheck "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2180"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004110"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-952"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004110"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2180"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359615"
      },
      {
        "trust": 2.0,
        "url": "https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/92117"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201612-16"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "trust": 1.7,
        "url": "http://www.splunk.com/view/sp-caaapsv"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1036486"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-21"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-20"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 0.9,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2180"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98667810/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2180"
      },
      {
        "trust": 0.8,
        "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.6,
        "url": "https://www.openssl.org/news/vulnerabilities.html#y2017"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/openssl/openssl/commit/6adf409c7432b90c06d9890787fe56c48f2a16e7"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995935"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994870"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000242"
      },
      {
        "trust": 0.2,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.2,
        "url": "http://www.ubuntu.com/usn/usn-3087-1"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2016:1940"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3087-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2181"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2179"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2182"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6302"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "http://eprint.iacr.org/2016/594.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1626883"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-3087-2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://sweet32.info)"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2180"
      },
      {
        "db": "BID",
        "id": "92117"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004110"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2180"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-952"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2180"
      },
      {
        "db": "BID",
        "id": "92117"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004110"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2180"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-952"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-08-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2180"
      },
      {
        "date": "2016-07-21T00:00:00",
        "db": "BID",
        "id": "92117"
      },
      {
        "date": "2016-08-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004110"
      },
      {
        "date": "2016-09-27T19:32:00",
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "date": "2016-09-22T22:22:00",
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "date": "2016-12-07T16:37:31",
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "date": "2016-09-22T22:25:00",
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "date": "2016-09-23T19:19:00",
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "date": "2016-09-22T12:12:12",
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "date": "2016-08-01T02:59:11.120000",
        "db": "NVD",
        "id": "CVE-2016-2180"
      },
      {
        "date": "2016-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-952"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2180"
      },
      {
        "date": "2018-02-05T14:00:00",
        "db": "BID",
        "id": "92117"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004110"
      },
      {
        "date": "2022-12-13T12:15:22.070000",
        "db": "NVD",
        "id": "CVE-2016-2180"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-952"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-952"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  X.509 Implementation of public key infrastructure time stamp protocol  crypto/ts/ts_lib.c Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004110"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-952"
      }
    ],
    "trust": 0.6
  }
}

var-200110-0224
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it. (CVE-2006-4343)

Updated packages are patched to address these issues.

Update:

There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- .

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20060928.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0224",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. Henson  of the OpenSSL core team and Open Network Security is credited  with the discovery of this vulnerability. He created the test suite that uncovered this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20060928.txt\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      }
    ],
    "trust": 4.95
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 2.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200110-0224",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-06-06T20:09:53.938000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.6,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.2,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2006-10-04T00:47:19",
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2011-05-10T00:45:11",
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  }
}

var-200110-0258
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it.

Update:

There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)

files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

BACKGROUND

RESOLUTION

HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

PRODUCT SPECIFIC INFORMATION

The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0258",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      }
    ],
    "trust": 5.04
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 3.0
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200110-0258",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-06-05T22:57:21.246000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.6,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.2,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.4,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.4,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.3,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.2,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
      },
      {
        "trust": 0.1,
        "url": "http://h30097.www3.hp.com/cma/patches.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2006-10-04T00:47:19",
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2007-04-19T00:58:08",
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  }
}

var-201501-0340
Vulnerability from variot

Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause the memory exhaustion, resulting in denial-of-service conditions.

Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe

Easy Update Via ThinPro / EasyUpdate (x86):

http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar

Via ThinPro / EasyUpdate (ARM):

http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar

Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem. ============================================================================ Ubuntu Security Notice USN-2459-1 January 12, 2015

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenSSL. (CVE-2014-3571)

Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could possibly use this issue to downgrade to ECDH, removing forward secrecy from the ciphersuite. (CVE-2014-3572)

Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that OpenSSL incorrectly handled certain certificate fingerprints. A remote attacker could possibly use this issue to downgrade the security of the session to EXPORT_RSA. (CVE-2015-0204)

Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled client authentication. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0205)

Chris Mueller discovered that OpenSSL incorrect handled memory when processing DTLS records. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0206)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.1

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.8

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.21

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.23

After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04774019

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04774019 Version: 1

HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-08-24 Last Updated: 2015-08-24

Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.

References:

CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:

HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment

HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:

http://www.hp.com/go/insightupdates

Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.

HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.

HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location

HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744

HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=

HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169

HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115

HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021

HISTORY Version:1 (rev.1) - 24 August 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

References:

CVE-2014-0118 - Remote Denial of Service (DoS) CVE-2014-0226 - Remote Denial of Service (DoS) CVE-2014-0231 - Remote Denial of Service (DoS) CVE-2014-3523 - Remote Denial of Service (DoS) CVE-2014-3569 - Remote Denial of Service (DoS) CVE-2014-3570 - Remote Disclosure of Information CVE-2014-3571 - Remote Denial of Service (DoS) CVE-2014-3572 - Remote Disclosure of Information CVE-2014-8142 - Remote Code Execution CVE-2014-8275 - Unauthorized Modification CVE-2014-9427 - Remote Disclosure of Information CVE-2014-9652 - Remote Denial of Service (DoS) CVE-2014-9653 - Remote Denial of Service (DoS) CVE-2014-9705 - Remote Code Execution CVE-2015-0204 - Remote Disclosure of Information CVE-2015-0205 - Remote Unauthorized Access CVE-2015-0206 - Remote Denial of Service (DoS) CVE-2015-0207 - Remote Denial of Service (DoS) CVE-2015-0208 - Remote Denial of Service (DoS) CVE-2015-0209 - Remote Denial of Service (DoS) CVE-2015-0231 - Remote Denial of Service (DoS) CVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-0273 - Remote Execution of Arbitrary Code CVE-2015-0285 - Remote Disclosure of Information CVE-2015-0286 - Remote Denial of Service (DoS) CVE-2015-0287 - Remote Denial of Service (DoS) CVE-2015-0288 - Remote Denial of Service (DoS) CVE-2015-0289 - Remote Denial of Service (DoS) CVE-2015-0290 - Remote Denial of Service (DoS) CVE-2015-0291 - Remote Denial of Service (DoS) CVE-2015-0292 - Remote Denial of Service (DoS) CVE-2015-0293 - Remote Denial of Service (DoS) CVE-2015-1787 - Remote Denial of Service (DoS) CVE-2015-2301 - Remote Execution of Arbitrary Code CVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-2348 - Unauthorized Modification CVE-2015-2787 - Remote Execution of Arbitrary Code CVE-2015-2134 - Cross-site Request Forgery (CSRF) SSRT102109

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.

A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571)

A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206)

It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)

It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user. (CVE-2014-3572)

It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)

Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)

It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205)

All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-30.el6_6.5.src.rpm

i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-30.el6_6.5.src.rpm

x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-30.el6_6.5.src.rpm

i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm

ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm

s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm

x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-30.el6_6.5.src.rpm

i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-34.el7_0.7.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-34.el7_0.7.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-34.el7_0.7.src.rpm

ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm

s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm

x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-34.el7_0.7.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0340",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "mate collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "bladecenter advanced management module 25r5778",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "es750",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1948"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22025850"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "6"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.4"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "85100"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.1"
      },
      {
        "model": "prime security manager 04.8 qa08",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0-68"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.842"
      },
      {
        "model": "flex system manager node types",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79550"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "app for netapp data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2-77"
      },
      {
        "model": "telepresence te software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "linux enterprise software development kit sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.1.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350073830"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "7"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.2.2.2"
      },
      {
        "model": "network configuration and change management service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.8"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310025820"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "1"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.3"
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2.00"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24087380"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.96"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "es1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6.156"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "system management homepage c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1"
      },
      {
        "model": "enterprise content delivery service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4(7.26)"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8.0.10"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.4"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.2"
      },
      {
        "model": "app for stream",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "systems insight manager sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1(5.106)"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22079060"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "physical access gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "5"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x638370"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x88042590"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79180"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.102"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "application policy infrastructure controller 1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nextscale nx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54550"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15-210"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "communications core session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.3.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0-103"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12.201"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.95"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.3.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0-95"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "ace30 application control engine module 3.0 a5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified computing system b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.96"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079150"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.7"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2.127"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.2"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "cms r17 r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087220"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bluemix workflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.00"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1-73"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.5.03.00"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "wag310g residential gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0-14"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "cognos controller if1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.3"
      },
      {
        "model": "as infinity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.2"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux enterprise server for vmware sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux enterprise server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(0.625)"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "agent desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x88079030"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24087370"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "jabber voice for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "system management homepage a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11.197"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15210"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "system m4 hd type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054600"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.0"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.740"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "systems insight manager update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.31"
      },
      {
        "model": "system management homepage 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "cms r17 r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22279160"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "cognos controller interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "business process manager advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6"
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "system m4 bd type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054660"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "openssh for gpfs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "iptv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "linux enterprise desktop sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325025830"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2.106"
      },
      {
        "model": "web security appliance 9.0.0 -fcs",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "systems insight manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "42000"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mint",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage 7.3.2.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "3"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14.20"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.760"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.7"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "84200"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3.0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x330073820"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1.730"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x363071580"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "bladecenter t advanced management module 32r0835",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.801"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8734-"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "mobile wireless transport manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mate design",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24078630"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.143"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "business process manager advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087330"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24089560"
      },
      {
        "model": "powervu d9190 conditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x353071600"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0(4.29)"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "mate live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0-12"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "mobile security suite mss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1.104"
      },
      {
        "model": "cognos controller if3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.00"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087180"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8731-"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "systems insight manager sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1.73"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "45000"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310054570"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1841"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "cognos controller fp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.2(3.1)"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.4"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.179"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079140"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087520"
      },
      {
        "model": "vds service broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x638370"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "app for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "004.000(1233)"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2.10"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.841"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.103"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.3"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "53000"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.0.121"
      },
      {
        "model": "communications core session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.2.5"
      },
      {
        "model": "ios 15.5 s",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "prime performance manager for sps ppm sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.1.2"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x44079170"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "systems insight manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79190"
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.750"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325054580"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.1"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "71940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-173"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0206"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0206"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2015-0206",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-0206",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-0206",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201501-173",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-0206",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0206"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-173"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0206"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause the memory exhaustion, resulting in denial-of-service conditions. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. ============================================================================\nUbuntu Security Notice USN-2459-1\nJanuary 12, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2014-3571)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain\nhandshakes. A remote attacker could possibly use this issue to downgrade to\nECDH, removing forward secrecy from the ciphersuite. (CVE-2014-3572)\n\nAntti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that\nOpenSSL incorrectly handled certain certificate fingerprints. A remote attacker could possibly use this issue to downgrade\nthe security of the session to EXPORT_RSA. (CVE-2015-0204)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled client\nauthentication. \nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0205)\n\nChris Mueller discovered that OpenSSL incorrect handled memory when\nprocessing DTLS records. This issue\nonly affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. \n(CVE-2015-0206)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n  libssl1.0.0                     1.0.1f-1ubuntu9.1\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.8\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.21\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.23\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04774019\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04774019\nVersion: 1\n\nHPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5107    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2013-0248    (AV:L/AC:M/Au:N/C:N/I:P/A:P)        3.3\nCVE-2014-0118    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2014-0226    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2014-0231    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-1692    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-3523    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3569    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3570    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2014-3571    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3572    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-8142    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-8275    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-9427    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-9652    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-9653    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-9705    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0204    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2015-0205    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-0206    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0207    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0208    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-0209    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-0231    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0232    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-0273    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0285    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2015-0286    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0287    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0288    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0289    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0290    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0291    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0293    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-1787    (AV:N/AC:H/Au:N/C:N/I:N/A:P)        2.6\nCVE-2015-1788    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-2134    (AV:N/AC:M/Au:S/C:P/I:P/A:P)        6.0\nCVE-2015-2139    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\nCVE-2015-2140    (AV:N/AC:M/Au:S/C:P/I:P/A:N)        4.9\nCVE-2015-2301    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-2331    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-2348    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-2787    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-3113    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5122    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5123    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5402    (AV:L/AC:M/Au:N/C:C/I:C/A:C)        6.9\nCVE-2015-5403    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\nCVE-2015-5404    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5405    (AV:N/AC:M/Au:S/C:P/I:P/A:P)        6.0\nCVE-2015-5427    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5428    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5429    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5430    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2015-5431    (AV:N/AC:M/Au:S/C:P/I:P/A:N)        4.9\nCVE-2015-5432    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5433    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nReferences:\n\nCVE-2014-0118 - Remote Denial of Service (DoS)\nCVE-2014-0226 - Remote Denial of Service (DoS)\nCVE-2014-0231 - Remote Denial of Service (DoS)\nCVE-2014-3523 - Remote Denial of Service (DoS)\nCVE-2014-3569 - Remote Denial of Service (DoS)\nCVE-2014-3570 - Remote Disclosure of Information\nCVE-2014-3571 - Remote Denial of Service (DoS)\nCVE-2014-3572 - Remote Disclosure of Information\nCVE-2014-8142 - Remote Code Execution\nCVE-2014-8275 - Unauthorized Modification\nCVE-2014-9427 - Remote Disclosure of Information\nCVE-2014-9652 - Remote Denial of Service (DoS)\nCVE-2014-9653 - Remote Denial of Service (DoS)\nCVE-2014-9705 - Remote Code Execution\nCVE-2015-0204 - Remote Disclosure of Information\nCVE-2015-0205 - Remote Unauthorized Access\nCVE-2015-0206 - Remote Denial of Service (DoS)\nCVE-2015-0207 - Remote Denial of Service (DoS)\nCVE-2015-0208 - Remote Denial of Service (DoS)\nCVE-2015-0209 - Remote Denial of Service (DoS)\nCVE-2015-0231 - Remote Denial of Service (DoS)\nCVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-0273 - Remote Execution of Arbitrary Code\nCVE-2015-0285 - Remote Disclosure of Information\nCVE-2015-0286 - Remote Denial of Service (DoS)\nCVE-2015-0287 - Remote Denial of Service (DoS)\nCVE-2015-0288 - Remote Denial of Service (DoS)\nCVE-2015-0289 - Remote Denial of Service (DoS)\nCVE-2015-0290 - Remote Denial of Service (DoS)\nCVE-2015-0291 - Remote Denial of Service (DoS)\nCVE-2015-0292 - Remote Denial of Service (DoS)\nCVE-2015-0293 - Remote Denial of Service (DoS)\nCVE-2015-1787 - Remote Denial of Service (DoS)\nCVE-2015-2301 - Remote Execution of Arbitrary Code\nCVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-2348 - Unauthorized Modification\nCVE-2015-2787 - Remote Execution of Arbitrary Code\nCVE-2015-2134 - Cross-site Request Forgery (CSRF)\nSSRT102109\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2015:0066-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-0066.html\nIssue date:        2015-01-20\nUpdated on:        2015-01-21\nCVE Names:         CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n                   CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 \n                   CVE-2015-0206 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function\nof OpenSSL parsed certain DTLS messages. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL\u0027s BigNumber Squaring implementation could produce\nincorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected. \nA malicious server could make a TLS/SSL client using OpenSSL use a weaker\nkey exchange method than the one requested by the user. (CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept\nDiffie-Hellman client certificates without the use of a private key. \nAn attacker could use a user\u0027s client certificate to authenticate as that\nuser, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites\n1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record\n1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record\n1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3571\nhttps://access.redhat.com/security/cve/CVE-2014-3572\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0205\nhttps://access.redhat.com/security/cve/CVE-2015-0206\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X\nENFobdxQdJ+gVAiRe8Qf54A=\n=wyAg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0206"
      },
      {
        "db": "BID",
        "id": "71940"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0206"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "129893"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0206",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "71940",
        "trust": 1.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10102",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10108",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1033378",
        "trust": 1.1
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4252",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-173",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0206",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133318",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133316",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130987",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129893",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133325",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132763",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130051",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0206"
      },
      {
        "db": "BID",
        "id": "71940"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "129893"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-173"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0206"
      }
    ]
  },
  "id": "VAR-201501-0340",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.396927715
  },
  "last_update_date": "2024-07-23T20:50:41.225000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl-1.0.0p",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53190"
      },
      {
        "title": "openssl-0.9.8zd",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53189"
      },
      {
        "title": "openssl-1.0.1k.tar.gz",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53191"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150066 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2015-0206",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-0206"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2459-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150108\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-03"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-469",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-469"
      },
      {
        "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
      },
      {
        "title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0206"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-173"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0206"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "https://www.openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html"
      },
      {
        "trust": 1.1,
        "url": "https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3125"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa88"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1033378"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/71940"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99704"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4252/"
      },
      {
        "trust": 0.5,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.5,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
      },
      {
        "trust": 0.3,
        "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857"
      },
      {
        "trust": 0.3,
        "url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101008182"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098358"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0206"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:0066"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2459-1/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5409"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result\u0026doc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5413"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5410"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5411"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2459-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.23"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.8"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/insightupdates"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/smh"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0206"
      },
      {
        "db": "BID",
        "id": "71940"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "129893"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-173"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0206"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0206"
      },
      {
        "db": "BID",
        "id": "71940"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "129893"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-173"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0206"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-01-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-0206"
      },
      {
        "date": "2015-01-07T00:00:00",
        "db": "BID",
        "id": "71940"
      },
      {
        "date": "2015-08-26T01:33:25",
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "date": "2015-08-26T01:33:07",
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "date": "2015-03-24T17:05:09",
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "date": "2015-01-12T21:48:37",
        "db": "PACKETSTORM",
        "id": "129893"
      },
      {
        "date": "2015-08-26T01:35:08",
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "date": "2015-07-21T13:37:51",
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "date": "2015-01-22T01:35:41",
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "date": "2015-01-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-173"
      },
      {
        "date": "2015-01-09T02:59:12.117000",
        "db": "NVD",
        "id": "CVE-2015-0206"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-10-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-0206"
      },
      {
        "date": "2017-01-23T00:09:00",
        "db": "BID",
        "id": "71940"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-173"
      },
      {
        "date": "2017-10-20T01:29:04.393000",
        "db": "NVD",
        "id": "CVE-2015-0206"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "129893"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-173"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL \u2018 dtls1_buffer_record \u2018Function buffer error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-173"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-173"
      }
    ],
    "trust": 0.6
  }
}

var-201605-0075
Vulnerability from variot

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. OpenSSL is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer.. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. Following product versions are affected: OpenSSL versions 1.0.2 prior to 1.0.2h OpenSSL versions 1.0.1 prior to 1.0.1t. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0996-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0996.html Issue date: 2016-05-10 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2105, CVE-2016-2106)

  • It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)

  • Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)

  • A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-48.el6_8.1.src.rpm

i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-48.el6_8.1.src.rpm

x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-48.el6_8.1.src.rpm

i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm

ppc64: openssl-1.0.1e-48.el6_8.1.ppc.rpm openssl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc64.rpm

s390x: openssl-1.0.1e-48.el6_8.1.s390.rpm openssl-1.0.1e-48.el6_8.1.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-devel-1.0.1e-48.el6_8.1.s390.rpm openssl-devel-1.0.1e-48.el6_8.1.s390x.rpm

x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-static-1.0.1e-48.el6_8.1.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-perl-1.0.1e-48.el6_8.1.s390x.rpm openssl-static-1.0.1e-48.el6_8.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-48.el6_8.1.src.rpm

i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFXMXPXXlSAg2UNWIIRAmqpAJ4sxaxPc4fbLjR32h/PW1fxwOZG7ACgtaSz 6dbI0EemYRoHCDagPHSycq4= =g2Zb -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004

OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following:

apache_mod_php Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36. CVE-2016-4650

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro

Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro

bsdiff Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher

CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc.

CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo

Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4634 : Stefan Esser of SektionEins

ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex

ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : an anonymous researcher

IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins

IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero

Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team

Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

libc++abi Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4621 : an anonymous researcher

libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-0718 : Gustavo Grieco

LibreSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand, Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck

libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to the compromise of user information Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a denial of service Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

OpenSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. CVE-2016-2105 : Guido Vranken CVE-2016-2106 : Guido Vranken CVE-2016-2107 : Juraj Somorovsky CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter CVE-2016-2176 : Guido Vranken

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted SGI file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab

Safari Login AutoFill Available for: OS X El Capitan v10.11 and later Impact: A user's password may be visible on screen Description: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields. CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD

Sandbox Profiles Available for: OS X El Capitan v10.11 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins

Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900

OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y +cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc 55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5 YozOGPQFmX0OviWCQsX6 =ng+m -----END PGP SIGNATURE----- . Description:

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.

This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. (CVE-2016-2108)

  • Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3195)

  • A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2016-2106)

  • It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-2109)

  • It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash.

The References section of this erratum contains a download link (you must log in to download the update)

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0075",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2g"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "mysql",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.14"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.10"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.0.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "node.js",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.0.0"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.6.30"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.12"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.11.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.45"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1r"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "mysql",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.4.4"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.0.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.2.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.1.2"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions  (linux)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "ucosminexus developer standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7.2)"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle access manager 11.1.1.7"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "cosminexus developer version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.x"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.7.12 and earlier"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1t"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base version 6"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7.2)"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "leap",
        "scope": null,
        "trust": 0.8,
        "vendor": "opensuse",
        "version": null
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "7.0"
      },
      {
        "model": "cosminexus developer standard version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer professional version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional for plug-in"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- messaging"
      },
      {
        "model": "ip38x/3000",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "cosminexus application server version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ip38x/1200",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.4"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.30 and earlier"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "netvisorpro 6.1"
      },
      {
        "model": "ip38x/810",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.3"
      },
      {
        "model": "ip38x/n500",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus developer light",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "cosminexus developer light version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "st ard-r"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "business connect v7.1.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 and later"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7.2)"
      },
      {
        "model": "ip38x/sr100",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "6.2"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver6.1 to  v8.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "ip38x/1210",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "2.x"
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "cosminexus application server standard",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "express"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- security enhancement"
      },
      {
        "model": "ip38x/3500",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ip38x/fw120",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "01"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "opensuse",
        "scope": null,
        "trust": 0.8,
        "vendor": "opensuse",
        "version": null
      },
      {
        "model": "ip38x/5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus application server standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle access manager 10.1.4.x"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "paging server",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport encryption appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa51x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mate collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "network health framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.2.1"
      },
      {
        "model": "unified series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "780011.5.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.22"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6(3)"
      },
      {
        "model": "10.2-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(3.10000.9)"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.40"
      },
      {
        "model": "emergency responder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.2"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "nexus series blade switches 0.9.8zf",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "telepresence isdn link",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "telepresence sx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.6"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "85100"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.131"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.26"
      },
      {
        "model": "mediasense 9.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.8"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "cognos business intelligence interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.119"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "10.1-release-p26",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.8"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "prime collaboration assurance sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "tivoli netcool system service monitors fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.29"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.8"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "10.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5.4.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13-34"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.20"
      },
      {
        "model": "im and presence service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1879.2.5"
      },
      {
        "model": "tivoli netcool system service monitors fp15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5(2)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.23"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.1"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs central 1.5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration deployment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-11.5.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 1.0.1t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p28",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "webex recording playback client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p38",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.6"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.10.1"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "9.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90008.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.16-37"
      },
      {
        "model": "10.2-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "opensuse evergreen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "prime infrastructure standalone plug and play gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa50x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.014-01"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.24"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.5.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.0"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "model": "tivoli netcool system service monitors fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.1"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4-23"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.2"
      },
      {
        "model": "10.2-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.25-57"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-109"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-43"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "workload deployer if12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus intercloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.5"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.0.0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4.2"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "unified workforce optimization quality management sr3 es5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "qradar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "meetingplace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0.1.7"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.17"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "webex messenger service ep1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "mediasense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8961"
      },
      {
        "model": "10.2-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified wireless ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.1-release-p27",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "spa122 ata with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "webex meeting center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "webex node for mcs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.12.9.8"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2.8"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "10.2-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack interix fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.11-28"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "qradar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.31"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.5"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1"
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.1.0"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.17"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.19"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.10"
      },
      {
        "model": "netezza platform software 7.2.0.4-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.0.997"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.44"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.0"
      },
      {
        "model": "unified ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "connected analytics for collaboration 1.0.1q",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.26"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(2)"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "mmp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.0-13"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6.7"
      },
      {
        "model": "prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.3.4.2-4"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.14"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.6.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.16"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2.1"
      },
      {
        "model": "telepresence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.4"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.31"
      },
      {
        "model": "agent for openflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0.7"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "cognos business intelligence interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.117"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(3)"
      },
      {
        "model": "globalprotect agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.0"
      },
      {
        "model": "netezza platform software 7.1.0.9-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "webex meetings for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "mds series multilayer switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "ios software and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "webex meeting center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.0.5"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.15-36"
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.34"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.10"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client hosted t31r1sp6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "9.3-release-p35",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.8"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3x000"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "unified sip proxy",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.12"
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "10.2-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.7"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.1"
      },
      {
        "model": "spa50x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "netezza platform software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.9"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.17"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5"
      },
      {
        "model": "netezza platform software 7.2.0.8-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.14"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.8"
      },
      {
        "model": "9.3-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.10"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.43"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.0.0"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions if03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.18"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "identity services engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.1"
      },
      {
        "model": "10.1-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.16"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.4"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.10000.5)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.26"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.14"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.35"
      },
      {
        "model": "telepresence mx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.4"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "qradar siem/qrif/qrm/qvm patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.71"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "telepresence profile series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.41"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.36"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.6"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "jabber for android mr",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "netezza platform software 7.2.0.4-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.22"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2919"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "connected grid router-cgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.30"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.9"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.19"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.10"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "unified ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "telepresence server on virtual machine mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60008.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.6"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.2-9"
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70008.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.2"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-110"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "ironport email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.15"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.2"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-113"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "spa30x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30-12"
      },
      {
        "model": "tivoli netcool system service monitors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.3"
      },
      {
        "model": "webex meetings client on premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.3(1)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "bm security identity governance and intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.12"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.131)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.20"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.3"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1(1)"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.3.0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.8"
      },
      {
        "model": "spa525g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "algo audit and compliance if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.32"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "9.3-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.26"
      },
      {
        "model": "netezza platform software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.29-9"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9971"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.1.1"
      },
      {
        "model": "webex messenger service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "telepresence server mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "10.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.10"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "connected grid router 15.6.2.15t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "telepresence server on multiparty media mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.12"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5:20"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "counter fraud management for safer payments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.0"
      },
      {
        "model": "telepresence server on multiparty media mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.31"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.17"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.19"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.1"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "packet tracer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3.1"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "unified wireless ip phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security access manager for web",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.27"
      },
      {
        "model": "virtual security gateway vsg2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.10"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client on premises",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-2.7"
      },
      {
        "model": "10.2-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "spa51x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.9.1"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.7"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.14"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(3.10000.9)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.16"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "telepresence sx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.9"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-108"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(2.1)"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.18"
      },
      {
        "model": "physical access control gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.36"
      },
      {
        "model": "wide area application services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.5.7"
      },
      {
        "model": "9.3-release-p24",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "10.1-release-p19",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.10"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.5.41"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.6"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "10.1-release-p30",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "netezza platform software 7.2.0.7-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "9.3-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0.9.8"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "edge digital media player 1.6rb4 5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "mds series multilayer switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "9.3-release-p36",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.28"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "partner supporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.24"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.4.0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.11"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.29"
      },
      {
        "model": "mobility services engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.0"
      },
      {
        "model": "edge digital media player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3401.2.0.20"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.1"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "spa30x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "10.2-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "42000"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.11"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "security access manager for web",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.0"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "standalone rack server cimc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.34"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.2.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.12.2"
      },
      {
        "model": "tivoli netcool system service monitors fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "jabber for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.2"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.4.7"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.7"
      },
      {
        "model": "9.3-release-p33",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.5"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "84200"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.24"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.112"
      },
      {
        "model": "spa525g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.0.5"
      },
      {
        "model": "9.3-release-p41",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitors fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud object store",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.8"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "cognos business intelligence fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.12"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network controller 1.0.3394m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.1.5"
      },
      {
        "model": "registered envelope service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "mq appliance m2001",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "tivoli netcool system service monitors fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "telepresence content server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(4)"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.4"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.32"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "asa cx and prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.21"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1)"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50007.3.1"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(3)"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.30"
      },
      {
        "model": "10.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8945"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.18-49"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1.10000.12)"
      },
      {
        "model": "mq appliance m2000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "telepresence ex series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.3"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.34"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "mate design",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.32"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "10.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.38"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.13-41"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.35"
      },
      {
        "model": "network admission control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.12"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "10.1-release-p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "telepresence conductor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified attendant console standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.115"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.1"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mate live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.13"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.12"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.6)"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified workforce optimization sr3 es5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "unified communications manager 10.5 su3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nac server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0(0.400)"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9-34"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "9.3-release-p31",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "security proventia network active bypass 0343c3c",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.23"
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "unified ip phones 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0(0.98000.225)"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.2.0"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "websphere application server liberty profile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.30"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.4"
      },
      {
        "model": "unity connection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.8"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1.98991.13)"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "prime optical for sps",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "45000"
      },
      {
        "model": "telepresence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50008.3"
      },
      {
        "model": "10.1-release-p31",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.12-04"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.1"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.18"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-2.7"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.6"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1.10000.5)"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "tivoli composite application manager for transactions if37",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "tivoli network manager ip edition fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.94"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "prime license manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "netezza platform software 7.2.1.1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-42"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.8"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.8"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.2"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v vsg2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "connected grid router cgos 15.6.2.15t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.3"
      },
      {
        "model": "9.3-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.12-01"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.4"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.9"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.3-release-p39",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-114"
      },
      {
        "model": "telepresence mx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence profile series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.13"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.2"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.014-08"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.21"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "globalprotect agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.1"
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "19.0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "10.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1876"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "10.3-release-p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9951"
      },
      {
        "model": "local collector appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.12"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.32"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.0"
      },
      {
        "model": "content security appliance updater servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "netezza platform software 7.2.1.2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "connected analytics for collaboration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1.1"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p23",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "telepresence ex series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.16"
      },
      {
        "model": "mac os security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016"
      },
      {
        "model": "10.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.8"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.4-12"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder 10.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.113"
      },
      {
        "model": "nexus",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "900012.0"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "9.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7(0)"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.3-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "services analytic platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "unified ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79009.4(2)"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.17"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "tivoli netcool system service monitors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "unified series ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "video surveillance media server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9"
      },
      {
        "model": "unified communications manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "agent for openflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.28"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.7"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.27"
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.33"
      },
      {
        "model": "10.2-release-p16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "policy suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "53000"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.4.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "9.3-release-p34",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1)"
      },
      {
        "model": "tivoli provisioning manager for images system edition build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.20290.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.42"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.10"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "webex meetings server mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.99.2"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.1"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "asa cx and cisco prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5.4.3"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.35"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.5"
      },
      {
        "model": "9.3-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2.1"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.2"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.13900.9)"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(0.98000.88)"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "89757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.30",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.7.12",
                "versionStartIncluding": "5.7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:6.0.0:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.11.1",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.12.14",
                "versionStartIncluding": "0.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.10.45",
                "versionStartIncluding": "0.10.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.4.4",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Guido Vranken",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-2105",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-2105",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-90924",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-2105",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2105",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201605-081",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90924",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90924"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. OpenSSL is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer.. \nAttackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. \nFollowing product versions are affected:\nOpenSSL versions 1.0.2 prior to 1.0.2h\nOpenSSL versions 1.0.1 prior to 1.0.1t. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2016:0996-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0996.html\nIssue date:        2016-05-10\nCVE Names:         CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 \n                   CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 \n                   CVE-2016-2842 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. \n(CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application. \n(CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno B\u00f6ck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0799\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2107\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-2842\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXMXPXXlSAg2UNWIIRAmqpAJ4sxaxPc4fbLjR32h/PW1fxwOZG7ACgtaSz\n6dbI0EemYRoHCDagPHSycq4=\n=g2Zb\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update\n2016-004\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 is now\navailable and addresses the following:\n\napache_mod_php\nAvailable for:  \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple issues existed in PHP versions prior to\n5.5.36. These were addressed by updating PHP to version 5.5.36. \nCVE-2016-4650\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Parsing a maliciously crafted audio file may lead to the\ndisclosure of user information\nDescription:  An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend\nMicro\u0027s Zero Day Initiative\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nbsdiff\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription:  An integer overflow existed in bspatch. This issue was\naddressed through improved bounds checking. \nCVE-2014-9862 : an anonymous researcher\n\nCFNetwork\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to view sensitive user information\nDescription:  A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed through improved\nrestrictions. \nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc. \n\nCoreGraphics\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nCoreGraphics\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to elevate privileges\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nFaceTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription:  User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nGraphics Drivers\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4634 : Stefan Esser of SektionEins\n\nImageIO\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nImageIO\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nIntel Graphics Driver\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4633 : an anonymous researcher\n\nIOHIDFamily\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nIOSurface\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A use-after-free was addressed through improved memory\nmanagement. \nCVE-2016-4625 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibc++abi\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  An application may be able to execute arbitrary code with\nroot privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4621 : an anonymous researcher\n\nlibexpat\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-0718 : Gustavo Grieco\n\nLibreSSL\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple issues existed in LibreSSL before 2.2.7. These\nwere addressed by updating LibreSSL to version 2.2.7. \nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand,\nIan Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription:  An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Multiple vulnerabilities in libxml2\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxslt\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Multiple vulnerabilities in libxslt\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode leading to compromise of user information\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode leading to the compromise of user information\nDescription:  A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a denial of service\nDescription:  A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to gain root privileges\nDescription:  A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. \nCVE-2016-2105 : Guido Vranken\nCVE-2016-2106 : Guido Vranken\nCVE-2016-2107 : Juraj Somorovsky\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\nCVE-2016-2176 : Guido Vranken\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4596 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4597 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4600 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4602 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4598 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted SGI file may lead to\narbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4601 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4599 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nSafari Login AutoFill\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A user\u0027s password may be visible on screen\nDescription:  An issue existed in Safari\u0027s password auto-fill. This\nissue was addressed through improved matching of form fields. \nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\nSandbox Profiles\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local application may be able to access the process list\nDescription:  An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nNote: OS X El Capitan 10.11.6 includes the security content of Safari\n9.1.2. For further details see https://support.apple.com/kb/HT206900\n\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y\n+cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy\npSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV\nxj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u\nwevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN\nZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k\nah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk\nmmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC\nJM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc\n55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs\nxPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5\nYozOGPQFmX0OviWCQsX6\n=ng+m\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release includes bug fixes and enhancements, as well as a new release\nof OpenSSL that addresses a number of outstanding security flaws. For\nfurther information, see the knowledge base article linked to in the\nReferences section. \n(CVE-2016-2108)\n\n* Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3195)\n\n* A flaw was found in the way the TLS protocol composes the Diffie-Hellman\nexchange (for both export and non-export grade cipher suites). An attacker\ncould use this flaw to downgrade a DHE connection to use export-grade key\nsizes, which could then be broken by sufficient pre-computation. This can\nlead to a passive man-in-the-middle attack in which the attacker is able to\ndecrypt all traffic. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-2109)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2105"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "db": "BID",
        "id": "89757"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90924"
      },
      {
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139167"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      }
    ],
    "trust": 2.34
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-90924",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90924"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2105",
        "trust": 3.2
      },
      {
        "db": "BID",
        "id": "89757",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1035721",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10160",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "136912",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-18",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU93163809",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94844193",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2148",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "143513",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136895",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138471",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "142803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138472",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136893",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136919",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139379",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140056",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-90924",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136958",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139167",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137958",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139116",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90924"
      },
      {
        "db": "BID",
        "id": "89757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139167"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "id": "VAR-201605-0075",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90924"
      }
    ],
    "trust": 0.5305209371428571
  },
  "last_update_date": "2024-07-23T20:50:28.659000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
      },
      {
        "title": "HT206903",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206903"
      },
      {
        "title": "HT206903",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206903"
      },
      {
        "title": "HPSBMU03691",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
      },
      {
        "title": "SB10160",
        "trust": 0.8,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160"
      },
      {
        "title": "NV16-015",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv16-015.html"
      },
      {
        "title": "Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "Avoid overflow in EVP_EncodeUpdate",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a"
      },
      {
        "title": "EVP_EncodeUpdate overflow (CVE-2016-2105)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20160503.txt"
      },
      {
        "title": "openSUSE-SU-2016:1566",
        "trust": 0.8,
        "url": "https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Linux Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "title": "Oracle Linux Bulletin - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
      },
      {
        "title": "RHSA-2016:0722",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html"
      },
      {
        "title": "RHSA-2016:0996",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html"
      },
      {
        "title": "SA40202",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759 "
      },
      {
        "title": "TLSA-2016-14",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-14j.html"
      },
      {
        "title": "HS16-023",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs16-023/index.html"
      },
      {
        "title": "OpenSSL Fixes for integer overflow vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=61406"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-190",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-189",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90924"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/89757"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 2.3,
        "url": "http://www.debian.org/security/2016/dsa-3566"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 2.0,
        "url": "https://www.openssl.org/news/secadv/20160503.txt"
      },
      {
        "trust": 2.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2073.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa123"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
      },
      {
        "trust": 1.7,
        "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht206903"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-18"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183457.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183607.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184605.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-16:17.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/201612-16"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1648.html"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1649.html"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1650.html"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1035721"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.ubuntu.com/usn/usn-2959-1"
      },
      {
        "trust": 1.6,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03756en_us"
      },
      {
        "trust": 1.6,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03765en_us"
      },
      {
        "trust": 1.6,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160"
      },
      {
        "trust": 1.6,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
      },
      {
        "trust": 1.6,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu93163809/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94844193/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2105"
      },
      {
        "trust": 0.8,
        "url": "http://www.aratana.jp/security/detail.php?id=16"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2016/may/25"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023779"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023814"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024319"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000158"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021361"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021376"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "https://securityadvisories.paloaltonetworks.com/home/detail/56?aspxautodetectcookiesupport=1"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987903"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988007"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009147"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21982823"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982949"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983158"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983514"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983555"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984323"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21984483"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984583"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984609"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984794"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984920"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984977"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985736"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985981"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986068"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986123"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986152"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986260"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986473"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986506"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986563"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986564"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986669"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987671"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987707"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987779"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987968"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988055"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988071"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988189"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988350"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988383"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988976"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989046"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992493"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000192"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10759"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03756en_us"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03765en_us"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10160"
      },
      {
        "trust": 0.1,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2016\u0026amp;m=slackware-security.542103"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4599"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4601"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4597"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4596"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4595"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9862"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4598"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4602"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht206900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/2688611"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/solutions/222023"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3110"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3183"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90924"
      },
      {
        "db": "BID",
        "id": "89757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139167"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-90924"
      },
      {
        "db": "BID",
        "id": "89757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139167"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90924"
      },
      {
        "date": "2016-05-03T00:00:00",
        "db": "BID",
        "id": "89757"
      },
      {
        "date": "2016-05-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "date": "2016-05-10T17:01:56",
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "date": "2016-10-18T13:58:46",
        "db": "PACKETSTORM",
        "id": "139167"
      },
      {
        "date": "2016-07-19T19:45:20",
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "date": "2016-10-12T23:44:55",
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "date": "2016-05-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      },
      {
        "date": "2016-05-05T01:59:01.200000",
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90924"
      },
      {
        "date": "2017-05-02T01:10:00",
        "db": "BID",
        "id": "89757"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      },
      {
        "date": "2023-11-07T02:30:55.583000",
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/evp/encode.c of  EVP_EncodeUpdate Integer overflow vulnerability in functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      }
    ],
    "trust": 0.6
  }
}

var-200609-0959
Vulnerability from variot

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow an attacker to forge RSA signatures. Adobe Reader fails to properly handle RSA signatures. Adobe Reader contains an issue where it may fail to properly verify RSA signatures. Masahiko Takenaka of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker may be able to forge an RSA signature on a PDF document. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. OpenSSL Security Advisory [5th September 2006]

RSA Signature Forgery (CVE-2006-4339)

Vulnerability

Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Implementations may incorrectly verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature.

Since there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is used in X.509 certificates, all software that uses OpenSSL to verify X.509 certificates is potentially vulnerable, as well as any other use of PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or TLS.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2006-4339 to this issue.

Recommendations

There are multiple ways to avoid this vulnerability. Any one of the following measures is sufficient.

  1. Upgrade the OpenSSL server software.

    The vulnerability is resolved in the following versions of OpenSSL:

    • in the 0.9.7 branch, version 0.9.7k (or later);
    • in the 0.9.8 branch, version 0.9.8c (or later).

    OpenSSL 0.9.8c and OpenSSL 0.9.7k are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html):

    o http://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

    The distribution file names are:

    o openssl-0.9.8c.tar.gz
  MD5 checksum: 78454bec556bcb4c45129428a766c886
  SHA1 checksum: d0798e5c7c4509d96224136198fa44f7f90e001d

o openssl-0.9.7k.tar.gz
  MD5 checksum: be6bba1d67b26eabb48cf1774925416f
  SHA1 checksum: 90056b8f5e518edc9f74f66784fbdcfd9b784dd2

    The checksums were calculated using the following commands:

    openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

  2. If this version upgrade is not an option at the present time, alternatively the following patch may be applied to the OpenSSL source code to resolve the problem. The patch is compatible with the 0.9.6, 0.9.7, 0.9.8, and 0.9.9 branches of OpenSSL. 

    o http://www.openssl.org/news/patch-CVE-2006-4339.txt

Whether you choose to upgrade to a new version or to apply the patch, make sure to recompile any applications statically linked to OpenSSL libraries.

Acknowledgements

The OpenSSL team thank Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie, of Google Security, who successfully forged various certificates, showing OpenSSL was vulnerable, and provided the patch to fix the problems.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html

URL for this Security Advisory: http://www.openssl.org/news/secadv_20060905.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0959",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "jre 011",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 011",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 010",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 010",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 013",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 014",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": "sdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 15",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 015",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jdk 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jdk 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "jre 1.4.2 12",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "sdk 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre .0 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "sdk 07",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk b 005",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "sdk 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk .0 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk .0 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk .0 4",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk 008",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2"
      },
      {
        "model": "sdk 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre .0 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 015",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "sdk 012",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 014",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 009",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": "reader",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "8.x"
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "cosminexus application server standard",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "cosminexus application server version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer light version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer professional version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer standard version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus server - enterprise edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus server - standard edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus server - standard edition version 4",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus server - web edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus server - web edition version 4",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "ucosminexus developer light",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus service platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jre 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jdk 003",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk .0 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "sdk 13",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre .0 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jdk 006",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk 05",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk .0 03",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sybase",
        "version": "3.1"
      },
      {
        "model": "jdk 06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre b 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jdk 002",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 008",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 004",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 009",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "jdk 004",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "sdk 013",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk b 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "jre 012",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 009",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.5"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.1"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.9"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "java system web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.10"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.5"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "5.2.2"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ffi global fix lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "java web proxy server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.6"
      },
      {
        "model": "2-stable-20061018",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "jre b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "4,0 beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "jre .0 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "software opera web browser 1win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "jdk 09",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "7.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "6.2.3"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.51"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "sdk 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "java web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "thunderbird",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.5"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "jdk 1.5.0.0 06",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "one application server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "java system web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "sdk 04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.6"
      },
      {
        "model": "thunderbird",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.7"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "java system web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "solonde etl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.6"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "jsse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.2"
      },
      {
        "model": "one web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.54"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "one web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.51"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "one web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.1"
      },
      {
        "model": "java system web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "www-client/opera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gentoo",
        "version": "9.0.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.3"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.10"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.12"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.4"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "sdk 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.02"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-release-p32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.1.1"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5.1"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "jre 01a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "reflection ftp client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "12.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "ffi global fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.1"
      },
      {
        "model": "jsse 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "java system web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "java system application server 2004q2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "java web proxy server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "jre 009",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.52"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "jre b 005",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "jsse 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "jre 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "international cryptographic infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.7.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.54"
      },
      {
        "model": "software opera web browser beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "83"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.53"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.21"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "java system web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "data auditing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.5.3"
      },
      {
        "model": "openoffice",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.2"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "-release-p42",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "java system application server 2004q2 r1standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "seamonkey",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.5"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.0"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "data direct odbc/ole-db drivers for ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "java system web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "communications security tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "global fix lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.3"
      },
      {
        "model": "software opera web browser win32 beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.01"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.7"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.22"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.4"
      },
      {
        "model": "virtualvault a.04.50",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "jdk 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "integrated management",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "jre 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "one web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.2.1"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.1"
      },
      {
        "model": "jdk 1.5.0.0 04",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "java system web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.5"
      },
      {
        "model": "tomboy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "one application server platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "x0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "ecda",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.6"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.2"
      },
      {
        "model": "software opera web browser j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "solaris 8 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.1"
      },
      {
        "model": "one web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.50"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.06"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "ecda",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "sdk 05a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "java web proxy server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "software opera web browser beta build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.2012981"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "9"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.2"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "sdk 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.53"
      },
      {
        "model": "reflection sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.1"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "current pre20010701",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "jdk b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "-release-p38",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.13"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "corp banking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "java system application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "tomboy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.9"
      },
      {
        "model": "one web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.10"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.5"
      },
      {
        "model": "java system application server 2004q2 r1enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "jdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "seamonkey",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.3"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.1"
      },
      {
        "model": "-release-p17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "9.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0.4"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser .6win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "data integration suite di",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.0"
      },
      {
        "model": "linux enterprise sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.14"
      },
      {
        "model": "java web proxy server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "java system application server platform edition q1 ur1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "data auditing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.5.2"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.1"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.4"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.2"
      },
      {
        "model": "stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "java system web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "sdk 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "4.10-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "java enterprise system 2005q1",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "reflection sftp client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "solaris 8 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "java system application server platform edition q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "iq extended enterpirse edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.7"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "jdk 13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "java system application server standard 2004q2 r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "sdk 07a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "interactive response",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.1"
      },
      {
        "model": "software opera web browser mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.1"
      },
      {
        "model": "java system application server enterprise edition 2005q1rhel2.1/rhel3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "international cryptographic infostructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.6.1"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.8"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "software opera web browser b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "project openssl k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "java system application server standard 2004q2 r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "9.01"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "java system application server 2004q2 r2 enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java system web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "current august",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "232006"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "jre 05a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "sdk 007",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "one web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.2"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.3"
      },
      {
        "model": "jdk 15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "cvlan",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "jre 099",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "java system application server 2004q2 r3 enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java enterprise system 2003q4",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "java system application server 2004q2 r3 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "jre beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.10"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "java system application server 2004q2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20090"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "3.1 rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "e-biz impact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.5"
      },
      {
        "model": "ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "11.5"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.02"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "java system application server enterprise 2004q2 r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "-release-p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "8.0"
      },
      {
        "model": "one web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "jre 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "jre 13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "10.5"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "jdk 12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "mach desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "jdk 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "advanced linux environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "secure global desktop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.0.2"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.4"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "one web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "7.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "java system application server standard platform q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.52"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3)4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "webproxy a.02.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.2"
      },
      {
        "model": "java system application server enterprise 2004q2 r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "java system web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "java system web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "one web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "project openssl c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bpi for healthcare",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2"
      },
      {
        "model": "jdk 099",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 006",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "10.2.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.13"
      },
      {
        "model": "webproxy a.02.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "virtualvault a.04.70",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "11.0"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "e-biz impact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.4.5"
      },
      {
        "model": "java system application server enterprise edition q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "jdk 1.5.0.0 03",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.3-1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "jdk 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "ffi uofx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.50"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.0"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "java web proxy server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "reflection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0.5"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "seamonkey",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.6"
      },
      {
        "model": "ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5.2"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.4"
      },
      {
        "model": "jsse 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "one web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "e1.0-solid",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.2"
      },
      {
        "model": "-release/alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "ffi bptw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "java web proxy server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "java system application server 2004q2 r2 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.2"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "virtualvault a.04.60",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.3"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "10.0"
      },
      {
        "model": "java enterprise system 2005q4",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "hat fedora core5",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "one web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "sdk 01a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "solaris 9 x86 update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0.x"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "network security services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.11.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "jre 004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.23"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "8.1"
      },
      {
        "model": "legion of the bouncy castle java cryptography api",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "the",
        "version": "1.37"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "-stablepre2002-03-07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.0"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.2"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1"
      },
      {
        "model": "thunderbird",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.8"
      },
      {
        "model": "ffi cons banking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "java enterprise system 2004q2",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "securefx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "van dyke",
        "version": "4.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "java system web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.5"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "software opera web browser 3win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "java web proxy server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.0"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "jre 09",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "software opera web browser 2win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.01"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.8"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.7"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "bpi for healthcare",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2.1"
      },
      {
        "model": "java web proxy server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "sdk .0 05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.20"
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "java system web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.14"
      },
      {
        "model": "sdk .0 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.12"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3"
      },
      {
        "model": "jre .0 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.3.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "mfolio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.2.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.11"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "jdk 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "software opera web browser win32 beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.02"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.6"
      },
      {
        "model": "firefox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.8"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.11"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "jsse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "current pre20010805",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "java web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.0"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "legion of the bouncy castle java cryptography api",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "the",
        "version": "1.38"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "java system web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "java web proxy server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "solaris update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "95"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "solonde etl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "vshell",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "van dyke",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "interactive response",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.3"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000079"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andy Davis advisories@irmplc.com\u203bVicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es\u203bAlexander Kornbrust ak@red-database-security.com David Litchfield",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-4339",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2012-000079",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4339",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2012-000079",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-044",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000079"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow an attacker to forge RSA signatures. Adobe Reader fails to properly handle RSA signatures. Adobe Reader contains an issue where it may fail to properly verify RSA signatures. Masahiko Takenaka of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker may be able to forge an RSA signature on a PDF document. \nAn attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. \nAll versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. OpenSSL Security Advisory [5th September 2006]\n\nRSA Signature Forgery (CVE-2006-4339)\n=====================================\n\nVulnerability\n-------------\n\nDaniel Bleichenbacher recently described an attack on PKCS #1 v1.5\nsignatures. Implementations\nmay incorrectly verify the certificate if they are not checking for\nexcess data in the RSA exponentiation result of the signature. \n\nSince there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is\nused in X.509 certificates, all software that uses OpenSSL to verify\nX.509 certificates is potentially vulnerable, as well as any other use\nof PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or\nTLS. \n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2006-4339 to this issue. \n\nRecommendations\n---------------\n\nThere are multiple ways to avoid this vulnerability.  Any one of the\nfollowing measures is sufficient. \n\n1.  Upgrade the OpenSSL server software. \n\n    The vulnerability is resolved in the following versions of OpenSSL:\n\n     - in the 0.9.7 branch, version 0.9.7k (or later);\n     - in the 0.9.8 branch, version 0.9.8c (or later). \n\n    OpenSSL 0.9.8c and OpenSSL 0.9.7k are available for download via\n    HTTP and FTP from the following master locations (you can find the\n    various FTP mirrors under http://www.openssl.org/source/mirror.html):\n\n        o http://www.openssl.org/source/\n        o ftp://ftp.openssl.org/source/\n\n    The distribution file names are:\n\n        o openssl-0.9.8c.tar.gz\n          MD5 checksum: 78454bec556bcb4c45129428a766c886\n          SHA1 checksum: d0798e5c7c4509d96224136198fa44f7f90e001d\n\n        o openssl-0.9.7k.tar.gz\n          MD5 checksum: be6bba1d67b26eabb48cf1774925416f\n          SHA1 checksum: 90056b8f5e518edc9f74f66784fbdcfd9b784dd2\n    \n    The checksums were calculated using the following commands:\n\n        openssl md5 openssl-0.9*.tar.gz\n        openssl sha1 openssl-0.9*.tar.gz\n\n2.  If this version upgrade is not an option at the present time,\n    alternatively the following patch may be applied to the OpenSSL\n    source code to resolve the problem.  The patch is compatible with\n    the 0.9.6, 0.9.7, 0.9.8, and 0.9.9 branches of OpenSSL. \n\n        o http://www.openssl.org/news/patch-CVE-2006-4339.txt\n\nWhether you choose to upgrade to a new version or to apply the patch,\nmake sure to recompile any applications statically linked to OpenSSL\nlibraries. \n\n \nAcknowledgements\n----------------\n\nThe OpenSSL team thank Philip Mackenzie, Marius Schilder, Jason Waddle\nand Ben Laurie, of Google Security, who successfully forged various\ncertificates, showing OpenSSL was vulnerable, and provided the patch\nto fix the problems. \n\n\nReferences\n----------\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://www.imc.org/ietf-openpgp/mail-archive/msg14307.html\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20060905.txt\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000079"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "49749"
      }
    ],
    "trust": 3.42
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 2.9
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVN51615542",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000079",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "19849",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "25399",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22936",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23841",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21785",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22325",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21870",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22044",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22934",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22689",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22036",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22509",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21927",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22939",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "28115",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22446",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22733",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22938",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21852",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22932",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21873",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22711",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22066",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "60799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "38567",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22937",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "41818",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21930",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "38568",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21776",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22523",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25649",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21982",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21767",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21906",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22232",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22513",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21846",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22949",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21823",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22161",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22940",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26893",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22226",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21778",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23455",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22948",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21812",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22585",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22545",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24099",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-4224",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4366",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3793",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4586",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4216",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-5146",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3899",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4205",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3730",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4206",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1945",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4744",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0366",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0254",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3453",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4207",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3748",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3566",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1815",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2163",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1016791",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "28549",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "49749",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000079"
      },
      {
        "db": "PACKETSTORM",
        "id": "49749"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "id": "VAR-200609-0959",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.32525984999999996
  },
  "last_update_date": "2024-04-04T20:39:33.547000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Adobe Reader",
        "trust": 0.8,
        "url": "http://get.adobe.com/reader/"
      },
      {
        "title": "HS07-034",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs07-034/index.html"
      },
      {
        "title": "OOo_3.2.1_Win_x86_install-wJRE_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3189"
      },
      {
        "title": "OOo_3.2.0_Linux_x86-64_install-deb_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3193"
      },
      {
        "title": "OOo_3.2.0_Linux_x86-64_install-rpm-wJRE_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3192"
      },
      {
        "title": "OOo_3.2.1_Linux_x86_install-deb_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3191"
      },
      {
        "title": "OOo_3.2.0_Solaris_x86_install-wJRE_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3195"
      },
      {
        "title": "OOo_3.2.1_Linux_x86_install-rpm-wJRE_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3190"
      },
      {
        "title": "OOo_3.2.0_MacOS_x86_install_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3194"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000079"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-255",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000079"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.2,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/845620"
      },
      {
        "trust": 1.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 1.8,
        "url": "http://jvn.jp/en/jp/jvn51615542/index.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.openssl.org/news/secadv_20060905.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=3117"
      },
      {
        "trust": 1.3,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-188.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://support.attachmate.com/techdocs/2137.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.openoffice.org/security/cves/cve-2006-4339.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.bluecoat.com/support/knowledge/openssl_rsa_signature_forgery.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.3,
        "url": "http://docs.info.apple.com/article.html?artnum=307177"
      },
      {
        "trust": 1.3,
        "url": "https://secure-support.novell.com/kanisaplatform/publishing/41/3143224_f.sal_public.html"
      },
      {
        "trust": 1.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1"
      },
      {
        "trust": 1.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "trust": 1.3,
        "url": "http://www.sybase.com/detail?id=1047991"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://dev2dev.bea.com/pub/advisory/238"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c01070495"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://jvndb.jvn.jp/ja/contents/2012/jvndb-2012-000079.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2007/dec/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21709"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21767"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21776"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21778"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21785"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21812"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21823"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21846"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21852"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21870"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21873"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21906"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21927"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21982"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22036"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22044"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22066"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22161"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22226"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22232"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22325"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22446"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22509"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22513"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22523"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22545"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22585"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22689"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22711"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22733"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22932"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22934"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22936"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22937"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22938"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22939"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22940"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22948"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22949"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23455"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23841"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24099"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25399"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25649"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26893"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/28115"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/38567"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/38568"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/41818"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/60799"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:19.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200609-05.xml"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200609-18.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016791"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.566955"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.605306"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2127.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2128.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/40ak-2006-04-fr-1.1_ssl360_openssl_rsa.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1174"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:161"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:207"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_61_opera.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openbsd.org/errata.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.com/security/advisories/openpkg-sa-2006.018.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.029-bind.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.opera.com/support/search/supsearch.dml?index=845"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/28549"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0661.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0062.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0072.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0073.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/445231/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/445822/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/450327/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/19849"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-339-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.us.debian.org/security/2006/dsa-1173"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3453"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3566"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3730"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3748"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3793"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3899"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4205"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4206"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4207"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4216"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4366"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4586"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4744"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/5146"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0254"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1815"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1945"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2163"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/4224"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2010/0366"
      },
      {
        "trust": 1.0,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00771742"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28755"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-1633"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-616"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11656"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4339"
      },
      {
        "trust": 0.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1\u0026searchclause="
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.3,
        "url": "http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-196.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-224.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-246.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.cdc.informatik.tu-darmstadt.de/securebrowser/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
      },
      {
        "trust": 0.3,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2006-023.txt.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-451.php"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0735.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0661.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0675.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0676.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0677.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0733.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0734.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/44ak-2006-04-en-1.1_ssl360_openssl_rsa.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www1.vandyke.com/support/advisory/2007/01/845620.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.slackware.com/security/list.php?l=slackware-security\u0026y=2006"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "/archive/1/446038"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2007-091.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-250.htm"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?admit=-1335382922+1174502331230+28353475\u0026docid=c00774579"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-january/051708.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2007-0062.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2007-0072.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/594904"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/news/patch-cve-2006-4339.txt"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000079"
      },
      {
        "db": "PACKETSTORM",
        "id": "49749"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000079"
      },
      {
        "db": "PACKETSTORM",
        "id": "49749"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-05T00:00:00",
        "db": "BID",
        "id": "19849"
      },
      {
        "date": "2012-08-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-000079"
      },
      {
        "date": "2006-09-07T08:41:36",
        "db": "PACKETSTORM",
        "id": "49749"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "date": "2006-09-05T17:04:00",
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2015-03-19T08:19:00",
        "db": "BID",
        "id": "19849"
      },
      {
        "date": "2014-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-000079"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "date": "2018-10-17T21:35:10.617000",
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      }
    ],
    "trust": 0.6
  }
}

var-201711-0007
Vulnerability from variot

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. OpenSSL is prone to denial-of-service vulnerability. Successful exploitation of the issue will cause excessive memory or CPU resource consumption, resulting in a denial-of-service condition. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The following versions are affected: OpenSSL version 0.9.8, version 1.0.1, versions 1.0.2 through 1.0.2h, version 1.1.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7 Advisory ID: RHSA-2017:1413-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2017:1413 Issue date: 2017-06-07 CVE Names: CVE-2016-0736 CVE-2016-2161 CVE-2016-6304 CVE-2016-7056 CVE-2016-8610 CVE-2016-8740 CVE-2016-8743 =====================================================================

  1. Summary:

An update is now available for Red Hat JBoss Core Services on RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64

  1. Description:

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)

  • It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. (CVE-2016-0736)

  • It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. (CVE-2016-2161)

  • A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. (CVE-2016-8610)

  • It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)

  • A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. (CVE-2016-8740)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth 1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2 1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto 1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest 1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects 1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery

  1. JIRA issues fixed (https://issues.jboss.org/):

JBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7

  1. Package List:

Red Hat JBoss Core Services on RHEL 7 Server:

Source: jbcs-httpd24-httpd-2.4.23-120.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.src.rpm

noarch: jbcs-httpd24-httpd-manual-2.4.23-120.jbcs.el7.noarch.rpm

ppc64: jbcs-httpd24-httpd-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_session-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.ppc64.rpm

x86_64: jbcs-httpd24-httpd-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-0736 https://access.redhat.com/security/cve/CVE-2016-2161 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-7056 https://access.redhat.com/security/cve/CVE-2016-8610 https://access.redhat.com/security/cve/CVE-2016-8740 https://access.redhat.com/security/cve/CVE-2016-8743 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en/red-hat-jboss-core-services/

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFZOEFDXlSAg2UNWIIRAkmJAJ4vtOF2J+v5N45Dg4fckgqFa+L96wCfVBp2 JFT0GtD56HPD72nOXhIXyG8= =7n2G -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The updates are documented in the Release Notes document linked to in the References. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)

  • A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. Solution:

Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

The References section of this erratum contains a download link (you must log in to download the update).

This release includes bug fixes as well as a new release of OpenSSL. The JBoss server process must be restarted for the update to take effect. (CVE-2016-6304)

  • It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. (CVE-2016-8610)

  • Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. =========================================================================== Ubuntu Security Notice USN-3181-1 January 31, 2017

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update. (CVE-2016-2177)

It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7056)

Shi Lei discovered that OpenSSL incorrectly handled certain warning alerts. (CVE-2016-8610)

Robert =C5=9Awi=C4=99cki discovered that OpenSSL incorrectly handled certain truncated packets. (CVE-2017-3731)

It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2017-3732)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.10: libssl1.0.0 1.0.2g-1ubuntu9.1

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.6

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.22

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.39

After a standard system update you need to reboot your computer to make all the necessary changes

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0007",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "pan-os",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "7.1.0"
      },
      {
        "model": "m10-1",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3000"
      },
      {
        "model": "m10-4",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3070"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "m12-2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2361"
      },
      {
        "model": "m12-2",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3000"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "communications analytics",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.1"
      },
      {
        "model": "core rdbms",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18c"
      },
      {
        "model": "m10-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3070"
      },
      {
        "model": "e-series santricity os controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "11.40"
      },
      {
        "model": "communications ip service activator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.3.4"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.3.6.0.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "communications ip service activator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.4.0"
      },
      {
        "model": "storagegrid",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "cn1610",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "core rdbms",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.2.0.4"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0.0"
      },
      {
        "model": "pan-os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "7.0.15"
      },
      {
        "model": "m12-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2361"
      },
      {
        "model": "oncommand balance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "m12-1",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3000"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "m12-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3070"
      },
      {
        "model": "m12-2s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2361"
      },
      {
        "model": "m12-2s",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3000"
      },
      {
        "model": "m10-4",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2361"
      },
      {
        "model": "m10-4",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3000"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "timesten in-memory database",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.1.4.1.0"
      },
      {
        "model": "host agent",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "m12-2s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3070"
      },
      {
        "model": "service processor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "m10-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2361"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.4.0"
      },
      {
        "model": "application testing suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3.0.1"
      },
      {
        "model": "core rdbms",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19c"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "6.1.17"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "core rdbms",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.0.2"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.5"
      },
      {
        "model": "ontap select deploy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "m12-2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3070"
      },
      {
        "model": "goldengate application adapters",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.3.2.1.0"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "e-series santricity os controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "11.0"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "data ontap edge",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "m10-4s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp2361"
      },
      {
        "model": "m10-4s",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3000"
      },
      {
        "model": "oncommand unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.56"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "m10-4s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "xcp3070"
      },
      {
        "model": "snapcenter server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.3.3"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "storagegrid webscale",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.4.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "pan-os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "7.1.10"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.57"
      },
      {
        "model": "core rdbms",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.0.1"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.3.0.0"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.58"
      },
      {
        "model": "adaptive access manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.2.3.0"
      },
      {
        "model": "pan-os",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "7.0.0"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "snapdrive",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2  to  1.0.2h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "16.10"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "16.04"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "jboss web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "0"
      },
      {
        "model": "jboss core services on rhel server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "70"
      },
      {
        "model": "jboss core services on rhel server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "60"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.15"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.14"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.13"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.12"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.11"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.10"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.5"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.4"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.9"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.8"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.7"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "project openssl 0.9.8zh",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zg",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zf",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.4"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.3"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.8.0"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.6.0"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.9.0"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.8.0"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.7.0"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.6.0"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.0"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.10.0"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.3"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.4"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.9"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.4"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.10"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.9"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.8"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.13"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.12"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.11"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.10"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.9"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.16"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.15"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.14"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.13"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.12"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.11"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.10"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "pan-os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.16"
      },
      {
        "model": "project openssl 1.1.0b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:direct for unix 4.1.0.4.ifix085",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "netezza host management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.9.0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.2.2"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.4"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.5"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.11"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.14"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.17"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93841"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008860"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-726"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8610"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.2h",
                "versionStartIncluding": "1.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.40",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:storagegrid_webscale:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:host_agent:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8610"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Shi Lei from Gear Team, Qihoo 360 Inc.",
    "sources": [
      {
        "db": "BID",
        "id": "93841"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-726"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-8610",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-8610",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-97430",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-8610",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-8610",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-726",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-97430",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-8610",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97430"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8610"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008860"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-726"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8610"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. OpenSSL is prone to denial-of-service vulnerability. \nSuccessful exploitation of the issue will cause excessive memory or CPU resource consumption, resulting in a denial-of-service condition. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The following versions are affected: OpenSSL version 0.9.8, version 1.0.1, versions 1.0.2 through 1.0.2h, version 1.1.0. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7\nAdvisory ID:       RHSA-2017:1413-01\nProduct:           Red Hat JBoss Core Services\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2017:1413\nIssue date:        2017-06-07\nCVE Names:         CVE-2016-0736 CVE-2016-2161 CVE-2016-6304 \n                   CVE-2016-7056 CVE-2016-8610 CVE-2016-8740 \n                   CVE-2016-8743 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Core Services on RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23\nService Pack 1 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes, which are documented in\nthe Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* A memory leak flaw was found in the way OpenSSL handled TLS status\nrequest extension data during session renegotiation. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. (CVE-2016-6304)\n\n* It was discovered that the mod_session_crypto module of httpd did not use\nany mechanisms to verify integrity of the encrypted session data stored in\nthe user\u0027s browser. (CVE-2016-0736)\n\n* It was discovered that the mod_auth_digest module of httpd did not\nproperly check for memory allocation failures. (CVE-2016-2161)\n\n* A timing attack flaw was found in OpenSSL that could allow a malicious\nuser with local access to recover ECDSA P-256 private keys. \n(CVE-2016-8610)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in conjunction\nwith a proxy or backend server that interpreted those characters\ndifferently, a remote attacker could possibly use this flaw to inject data\ninto HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\n* A vulnerability was found in httpd\u0027s handling of the LimitRequestFields\ndirective in mod_http2, affecting servers with HTTP/2 enabled. An attacker\ncould send crafted requests with headers larger than the server\u0027s available\nmemory, causing httpd to crash. (CVE-2016-8740)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. \nUpstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original\nreporter of CVE-2016-6304. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. After installing the updated\npackages, the httpd daemon will be restarted automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS\n1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2\n1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto\n1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest\n1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects\n1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7\n\n7. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-httpd-2.4.23-120.jbcs.el7.src.rpm\njbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.src.rpm\njbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.23-120.jbcs.el7.noarch.rpm\n\nppc64:\njbcs-httpd24-httpd-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_session-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.ppc64.rpm\n\nx86_64:\njbcs-httpd24-httpd-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_session-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0736\nhttps://access.redhat.com/security/cve/CVE-2016-2161\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-7056\nhttps://access.redhat.com/security/cve/CVE-2016-8610\nhttps://access.redhat.com/security/cve/CVE-2016-8740\nhttps://access.redhat.com/security/cve/CVE-2016-8743\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en/red-hat-jboss-core-services/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZOEFDXlSAg2UNWIIRAkmJAJ4vtOF2J+v5N45Dg4fckgqFa+L96wCfVBp2\nJFT0GtD56HPD72nOXhIXyG8=\n=7n2G\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. The updates are documented in the Release Notes document\nlinked to in the References. If sendfile processing completed quickly, it was\npossible for the Processor to be added to the processor cache twice. This\ncould lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat\u0027s\nDefaultServlet implementation. A crafted HTTP request could cause undesired\nside effects, possibly including the removal or replacement of the custom\nerror page. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThis release includes bug fixes as well as a new release of OpenSSL. The JBoss server process must be restarted for the update\nto take effect. (CVE-2016-6304)\n\n* It was discovered that OpenSSL did not always use constant time\noperations when computing Digital Signature Algorithm (DSA) signatures. \n(CVE-2016-8610)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. \n===========================================================================\nUbuntu Security Notice USN-3181-1\nJanuary 31, 2017\n\nopenssl vulnerabilities\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This\nissue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other\nreleases were fixed in a previous security update. (CVE-2016-2177)\n\nIt was discovered that OpenSSL did not properly handle Montgomery\nmultiplication, resulting in incorrect results leading to transient\nfailures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS. (CVE-2016-7056)\n\nShi Lei discovered that OpenSSL incorrectly handled certain warning alerts. (CVE-2016-8610)\n\nRobert =C5=9Awi=C4=99cki discovered that OpenSSL incorrectly handled certain\ntruncated packets. (CVE-2017-3731)\n\nIt was discovered that OpenSSL incorrectly performed the x86_64 Montgomery\nsquaring procedure. This issue only applied to Ubuntu 16.04\nLTS, and Ubuntu 16.10. (CVE-2017-3732)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.10:\n  libssl1.0.0                     1.0.2g-1ubuntu9.1\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.6\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.22\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.39\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8610"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008860"
      },
      {
        "db": "BID",
        "id": "93841"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97430"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8610"
      },
      {
        "db": "PACKETSTORM",
        "id": "142848"
      },
      {
        "db": "PACKETSTORM",
        "id": "143874"
      },
      {
        "db": "PACKETSTORM",
        "id": "142847"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "143873"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "140850"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-8610",
        "trust": 4.4
      },
      {
        "db": "BID",
        "id": "93841",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1037084",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008860",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-726",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2173",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "141173",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141752",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-92490",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-97430",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8610",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "142848",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143874",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "142847",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143176",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143873",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143181",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140850",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97430"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8610"
      },
      {
        "db": "BID",
        "id": "93841"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008860"
      },
      {
        "db": "PACKETSTORM",
        "id": "142848"
      },
      {
        "db": "PACKETSTORM",
        "id": "143874"
      },
      {
        "db": "PACKETSTORM",
        "id": "142847"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "143873"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "140850"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-726"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8610"
      }
    ]
  },
  "id": "VAR-201711-0007",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97430"
      }
    ],
    "trust": 0.35113123999999996
  },
  "last_update_date": "2024-07-23T21:57:50.988000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Don\u0027t\u00a0allow\u00a0too\u00a0many\u00a0consecutive\u00a0warning\u00a0alerts Red hat Red\u00a0Hat\u00a0Bugzilla",
        "trust": 0.8,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401"
      },
      {
        "title": "OpenSSL Remediation measures for denial of service vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=65089"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170286 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171659 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: gnutls security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170574 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171658 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171414 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171415 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171413 - security advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-3773-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9f660812dd6a423f7e72aa57751d0031"
      },
      {
        "title": "Red Hat: CVE-2016-8610",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-8610"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2017-803",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-803"
      },
      {
        "title": "Ubuntu Security Notice: gnutls26 vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3183-2"
      },
      {
        "title": "Ubuntu Security Notice: gnutls26, gnutls28 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3183-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3181-1"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171801 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Web Server Service Pack 1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171802 - security advisory"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2017-815",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-815"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=ecbe5f193404d1e9c62e8323118ae6cf"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=04299a624c15ae57f9f110f484bc5f66"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=d78b3379ca364568964f30138964c7e7"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=bf8deceb640f4a0fee008855afe6aa85"
      },
      {
        "title": "CVE-2016-8610-PoC",
        "trust": 0.1,
        "url": "https://github.com/cujanovic/cve-2016-8610-poc "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-8610"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008860"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-726"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.1
      },
      {
        "problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-399",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97430"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008860"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8610"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/93841"
      },
      {
        "trust": 2.1,
        "url": "http://seclists.org/oss-sec/2016/q4/224"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/errata/rhsa-2017:1413"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2017-1415.html"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/errata/rhsa-2017:1658"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2017-1659.html"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/errata/rhsa-2017:2493"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/errata/rhsa-2017:2494"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1037084"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2017/dsa-3773"
      },
      {
        "trust": 1.8,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:35.openssl.asc"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2017-0286.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2017-0574.html"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2017:1414"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2017:1801"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2017:1802"
      },
      {
        "trust": 1.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2016-8610"
      },
      {
        "trust": 1.8,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
      },
      {
        "trust": 1.8,
        "url": "https://security.360.cn/cve/cve-2016-8610/"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
      },
      {
        "trust": 1.8,
        "url": "https://security.paloaltonetworks.com/cve-2016-8610"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03897en_us"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8610"
      },
      {
        "trust": 0.9,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401"
      },
      {
        "trust": 0.9,
        "url": "https://securityadvisories.paloaltonetworks.com/home/detail/87"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2016-8610"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2016-6304"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191553-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2173/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory22.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994867"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996760"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21997209"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7056"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-8740"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-0736"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8743"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-8743"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2161"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8740"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-7056"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0736"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2161"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2017-5664"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2017-5647"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5647"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/3155411"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5664"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/2688611"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/solutions/222023"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03897en_us"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/400.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/cujanovic/cve-2016-8610-poc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49575"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3183-2/"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.23"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.1.2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.6"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu9.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.22"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.39"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-3181-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97430"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8610"
      },
      {
        "db": "BID",
        "id": "93841"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008860"
      },
      {
        "db": "PACKETSTORM",
        "id": "142848"
      },
      {
        "db": "PACKETSTORM",
        "id": "143874"
      },
      {
        "db": "PACKETSTORM",
        "id": "142847"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "143873"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "140850"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-726"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8610"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-97430"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8610"
      },
      {
        "db": "BID",
        "id": "93841"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008860"
      },
      {
        "db": "PACKETSTORM",
        "id": "142848"
      },
      {
        "db": "PACKETSTORM",
        "id": "143874"
      },
      {
        "db": "PACKETSTORM",
        "id": "142847"
      },
      {
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "db": "PACKETSTORM",
        "id": "143873"
      },
      {
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "db": "PACKETSTORM",
        "id": "140850"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-726"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8610"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97430"
      },
      {
        "date": "2017-11-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-8610"
      },
      {
        "date": "2016-10-24T00:00:00",
        "db": "BID",
        "id": "93841"
      },
      {
        "date": "2017-12-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008860"
      },
      {
        "date": "2017-06-07T22:47:57",
        "db": "PACKETSTORM",
        "id": "142848"
      },
      {
        "date": "2017-08-22T05:29:02",
        "db": "PACKETSTORM",
        "id": "143874"
      },
      {
        "date": "2017-06-07T22:47:43",
        "db": "PACKETSTORM",
        "id": "142847"
      },
      {
        "date": "2017-06-28T22:12:00",
        "db": "PACKETSTORM",
        "id": "143176"
      },
      {
        "date": "2017-08-22T05:28:16",
        "db": "PACKETSTORM",
        "id": "143873"
      },
      {
        "date": "2017-06-28T22:37:00",
        "db": "PACKETSTORM",
        "id": "143181"
      },
      {
        "date": "2017-02-01T00:36:45",
        "db": "PACKETSTORM",
        "id": "140850"
      },
      {
        "date": "2016-10-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-726"
      },
      {
        "date": "2017-11-13T22:29:00.203000",
        "db": "NVD",
        "id": "CVE-2016-8610"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97430"
      },
      {
        "date": "2023-02-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-8610"
      },
      {
        "date": "2017-08-22T08:11:00",
        "db": "BID",
        "id": "93841"
      },
      {
        "date": "2024-02-27T03:18:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008860"
      },
      {
        "date": "2023-02-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-726"
      },
      {
        "date": "2024-01-26T17:44:24.227000",
        "db": "NVD",
        "id": "CVE-2016-8610"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "140850"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-726"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL\u00a0 Service operation interruption in \u00a0(DoS)\u00a0 Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008860"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-726"
      }
    ],
    "trust": 0.6
  }
}

var-200609-1273
Vulnerability from variot

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ASN.1 Denial of Service Attack (1/2)

 During the parsing of certain invalid ASN.1 structures an error
 condition is mishandled. ASN.1 Denial of Service Attack (2/2)

 Certain types of public key can take disproportionate amounts of
 time to process. SSL_get_shared_ciphers() Buffer Overflow

 A buffer overflow was discovered in the SSL_get_shared_ciphers()
 utility function. An attacker could send a list of ciphers to an
 application that uses this function and overrun a buffer. SSLv2 Client Crash

 A flaw in the SSLv2 client code was discovered.

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library.

Affected packages

-------------------------------------------------------------------
 Package           /  Vulnerable  /                     Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 0.9.8d >= 0.9.8d *>= 0.9.7l

Description

Tavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSL_get_shared_ciphers() function contains a buffer overflow vulnerability, and that the SSLv2 client code contains a flaw leading to a crash. Additionally Dr. Stephen N.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1273",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "5.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "6.06"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "5.10"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.10"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.9"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "x8610.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.50.3.45"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "ciscosecure acs appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1111"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "mds 9216i",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.10.2.65"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "ciscosecure acs for windows and unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with the discovery of this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "20246"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-4343",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4343",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ASN.1 Denial of Service Attack (1/2)\n\n     During the parsing of certain invalid ASN.1 structures an error\n     condition is mishandled. ASN.1 Denial of Service Attack (2/2)\n\n     Certain types of public key can take disproportionate amounts of\n     time to process. SSL_get_shared_ciphers() Buffer Overflow\n\n     A buffer overflow was discovered in the SSL_get_shared_ciphers()\n     utility function. An attacker could send a list of ciphers to an\n     application that uses this function and overrun a buffer. SSLv2 Client Crash\n \n     A flaw in the SSLv2 client code was discovered. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package           /  Vulnerable  /                     Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl      \u003c 0.9.8d                          \u003e= 0.9.8d\n                                                            *\u003e= 0.9.7l\n\nDescription\n===========\n\nTavis Ormandy and Will Drewry, both of the Google Security Team,\ndiscovered that the SSL_get_shared_ciphers() function contains a buffer\noverflow vulnerability, and that the SSLv2 client code contains a flaw\nleading to a crash. Additionally Dr. Stephen N. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      }
    ],
    "trust": 3.87
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 2.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 2.1
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25420",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1973",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4443",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29263",
        "trust": 1.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4773",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "id": "VAR-200609-1273",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.32525984999999996
  },
  "last_update_date": "2024-06-06T20:58:26.894000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.7,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 1.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/386964"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25420"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29263"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4443"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1973"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10207"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4356"
      },
      {
        "trust": 1.0,
        "url": "https://www.exploit-db.com/exploits/4773"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20246"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T09:25:00",
        "db": "BID",
        "id": "20246"
      },
      {
        "date": "2018-10-17T21:36:13.210000",
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20246"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "20246"
      }
    ],
    "trust": 0.3
  }
}

var-201512-0482
Vulnerability from variot

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-10-27-1 Xcode 8.1

Xcode 8.1 is now available and addresses the following:

IDE Xcode Server Available for: OS X El Capitan v10.11.5 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple issues existed in Node.js in Xcode Server. These issues were addressed by updating to Node.js version 4.5.0. CVE-2016-1669 CVE-2016-0705 CVE-2016-0797 CVE-2016-0702 CVE-2016-2086 CVE-2016-2216 CVE-2015-8027 CVE-2015-3193 CVE-2015-3194 CVE-2015-6764

Xcode 8.1 may be obtained from:

https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

  • Select Xcode in the menu bar
  • Select About Xcode
  • The version after applying this update will be "8.1". ============================================================================ Ubuntu Security Notice USN-2830-1 December 07, 2015

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. A remote attacker could possibly use this issue to break encryption. (CVE-2015-3193)

Lo=C3=AFc Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1 signatures with a missing PSS parameter. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-3194)

Adam Langley discovered that OpenSSL incorrectly handled malformed X509_ATTRIBUTE structures. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (CVE-2015-3195)

It was discovered that OpenSSL incorrectly handled PSK identity hints. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10: libssl1.0.0 1.0.2d-0ubuntu1.2

Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.5

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.16

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.32

After a standard system update you need to reboot your computer to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2830-1 CVE-2015-1794, CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.2 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.5 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.16 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.32 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05398322 Version: 1

HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-02-21 Last Updated: 2017-02-21

Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE Network products including Comware 5, Comware 7, IMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.

References:

  • CVE-2015-1794 - Remote Denial of Service (DoS)
  • CVE-2015-3193 - Remote disclosure of sensitive information
  • CVE-2015-3194 - Remote Denial of Service (DoS)
  • CVE-2015-3195 - Remote disclosure of sensitive information
  • CVE-2015-3196 - Remote Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • HPE Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.
  • VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2015-1794
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3193
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2015-3194
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3195
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3196
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software updates to resolve the vulnerabilities in the Comware, IMC and VCX products running OpenSSL.

COMWARE 5 Products

  • A6600 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • HSR6602 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JC176A HP 6602 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • MSR20 (Comware 5) - Version: R2516
    • HP Network Products
    • JD432A HP A-MSR20-21 Router
    • JD662A HP MSR20-20 Router
    • JD663A HP A-MSR20-21 Router
    • JD663B HP MSR20-21 Router
    • JD664A HP MSR20-40 Router
    • JF228A HP MSR20-40 Router
    • JF283A HP MSR20-20 Router
  • MSR20-1X (Comware 5) - Version: R2516
    • HP Network Products
    • JD431A HP MSR20-10 Router
    • JD667A HP MSR20-15 IW Multi-Service Router
    • JD668A HP MSR20-13 Multi-Service Router
    • JD669A HP MSR20-13 W Multi-Service Router
    • JD670A HP MSR20-15 A Multi-Service Router
    • JD671A HP MSR20-15 AW Multi-Service Router
    • JD672A HP MSR20-15 I Multi-Service Router
    • JD673A HP MSR20-11 Multi-Service Router
    • JD674A HP MSR20-12 Multi-Service Router
    • JD675A HP MSR20-12 W Multi-Service Router
    • JD676A HP MSR20-12 T1 Multi-Service Router
    • JF236A HP MSR20-15-I Router
    • JF237A HP MSR20-15-A Router
    • JF238A HP MSR20-15-I-W Router
    • JF239A HP MSR20-11 Router
    • JF240A HP MSR20-13 Router
    • JF241A HP MSR20-12 Router
    • JF806A HP MSR20-12-T Router
    • JF807A HP MSR20-12-W Router
    • JF808A HP MSR20-13-W Router
    • JF809A HP MSR20-15-A-W Router
    • JF817A HP MSR20-15 Router
    • JG209A HP MSR20-12-T-W Router (NA)
    • JG210A HP MSR20-13-W Router (NA)
  • MSR 30 (Comware 5) - Version: R2516
    • HP Network Products
    • JD654A HP MSR30-60 POE Multi-Service Router
    • JD657A HP MSR30-40 Multi-Service Router
    • JD658A HP MSR30-60 Multi-Service Router
    • JD660A HP MSR30-20 POE Multi-Service Router
    • JD661A HP MSR30-40 POE Multi-Service Router
    • JD666A HP MSR30-20 Multi-Service Router
    • JF229A HP MSR30-40 Router
    • JF230A HP MSR30-60 Router
    • JF232A HP RTMSR3040-AC-OVSAS-H3
    • JF235A HP MSR30-20 DC Router
    • JF284A HP MSR30-20 Router
    • JF287A HP MSR30-40 DC Router
    • JF801A HP MSR30-60 DC Router
    • JF802A HP MSR30-20 PoE Router
    • JF803A HP MSR30-40 PoE Router
    • JF804A HP MSR30-60 PoE Router
    • JG728A HP MSR30-20 TAA-compliant DC Router
    • JG729A HP MSR30-20 TAA-compliant Router
  • MSR 30-16 (Comware 5) - Version: R2516
    • HP Network Products
    • JD659A HP MSR30-16 POE Multi-Service Router
    • JD665A HP MSR30-16 Multi-Service Router
    • JF233A HP MSR30-16 Router
    • JF234A HP MSR30-16 PoE Router
  • MSR 30-1X (Comware 5) - Version: R2516
    • HP Network Products
    • JF800A HP MSR30-11 Router
    • JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
    • JG182A HP MSR30-11E Router
    • JG183A HP MSR30-11F Router
    • JG184A HP MSR30-10 DC Router
  • MSR 50 (Comware 5) - Version: R2516
    • HP Network Products
    • JD433A HP MSR50-40 Router
    • JD653A HP MSR50 Processor Module
    • JD655A HP MSR50-40 Multi-Service Router
    • JD656A HP MSR50-60 Multi-Service Router
    • JF231A HP MSR50-60 Router
    • JF285A HP MSR50-40 DC Router
    • JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
  • MSR 50-G2 (Comware 5) - Version: R2516
    • HP Network Products
    • JD429A HP MSR50 G2 Processor Module
    • JD429B HP MSR50 G2 Processor Module
  • MSR 9XX (Comware 5) - Version: R2516
    • HP Network Products
    • JF812A HP MSR900 Router
    • JF813A HP MSR920 Router
    • JF814A HP MSR900-W Router
    • JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
    • JG207A HP MSR900-W Router (NA)
    • JG208A HP MSR920-W Router (NA)
  • MSR 93X (Comware 5) - Version: R2516
    • HP Network Products
    • JG511A HP MSR930 Router
    • JG511B HP MSR930 Router
    • JG512A HP MSR930 Wireless Router
    • JG513A HP MSR930 3G Router
    • JG513B HP MSR930 3G Router
    • JG514A HP MSR931 Router
    • JG514B HP MSR931 Router
    • JG515A HP MSR931 3G Router
    • JG516A HP MSR933 Router
    • JG517A HP MSR933 3G Router
    • JG518A HP MSR935 Router
    • JG518B HP MSR935 Router
    • JG519A HP MSR935 Wireless Router
    • JG520A HP MSR935 3G Router
    • JG531A HP MSR931 Dual 3G Router
    • JG531B HP MSR931 Dual 3G Router
    • JG596A HP MSR930 4G LTE/3G CDMA Router
    • JG597A HP MSR936 Wireless Router
    • JG665A HP MSR930 4G LTE/3G WCDMA Global Router
    • JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
    • JH009A HP MSR931 Serial (TI) Router
    • JH010A HP MSR933 G.SHDSL (TI) Router
    • JH011A HP MSR935 ADSL2+ (TI) Router
    • JH012A HP MSR930 Wireless 802.11n (NA) Router
    • JH012B HP MSR930 Wireless 802.11n (NA) Router
    • JH013A HP MSR935 Wireless 802.11n (NA) Router
  • MSR1000 (Comware 5) - Version: See Mitigation
    • HP Network Products
    • JG732A HP MSR1003-8 AC Router
  • 12500 (Comware 5) - Version: R1829P02
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JC808A HP 12500 TAA Main Processing Unit
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
  • 9500E (Comware 5) - Version: R1829P02
    • HP Network Products
    • JC124A HP A9508 Switch Chassis
    • JC124B HP 9505 Switch Chassis
    • JC125A HP A9512 Switch Chassis
    • JC125B HP 9512 Switch Chassis
    • JC474A HP A9508-V Switch Chassis
    • JC474B HP 9508-V Switch Chassis
  • 10500 (Comware 5) - Version: R1210P02
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC614A HP 10500 Main Processing Unit
    • JC748A HP 10512 Switch Chassis
    • JG375A HP 10500 TAA-compliant Main Processing Unit
    • JG820A HP 10504 TAA-compliant Switch Chassis
    • JG821A HP 10508 TAA-compliant Switch Chassis
    • JG822A HP 10508-V TAA-compliant Switch Chassis
    • JG823A HP 10512 TAA-compliant Switch Chassis
  • 7500 (Comware 5) - Version: R6710P02
    • HP Network Products
    • JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
    • JC697A HP 7502 TAA-compliant Main Processing Unit
    • JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
    • JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
    • JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
    • JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
    • JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD194A HP 7500 384Gbps Fabric Module
    • JD194B HP 7500 384Gbps Fabric Module
    • JD195A HP 7500 384Gbps Advanced Fabric Module
    • JD196A HP 7502 Fabric Module
    • JD220A HP 7500 768Gbps Fabric Module
    • JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
    • JD238A HP 7510 Switch Chassis
    • JD238B HP 7510 Switch Chassis
    • JD239A HP 7506 Switch Chassis
    • JD239B HP 7506 Switch Chassis
    • JD240A HP 7503 Switch Chassis
    • JD240B HP 7503 Switch Chassis
    • JD241A HP 7506-V Switch Chassis
    • JD241B HP 7506-V Switch Chassis
    • JD242A HP 7502 Switch Chassis
    • JD242B HP 7502 Switch Chassis
    • JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
    • JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
    • JE164A HP E7902 Switch Chassis
    • JE165A HP E7903 Switch Chassis
    • JE166A HP E7903 1 Fabric Slot Switch Chassis
    • JE167A HP E7906 Switch Chassis
    • JE168A HP E7906 Vertical Switch Chassis
    • JE169A HP E7910 Switch Chassis
  • 6125G/XG Blade Switch - Version: R2112P05
    • HP Network Products
    • 737220-B21 HP 6125G Blade Switch with TAA
    • 737226-B21 HP 6125G/XG Blade Switch with TAA
    • 658250-B21 HP 6125G/XG Blade Switch Opt Kit
    • 658247-B21 HP 6125G Blade Switch Opt Kit
  • 5830 (Comware 5) - Version: R1118P13
    • HP Network Products
    • JC691A HP 5830AF-48G Switch with 1 Interface Slot
    • JC694A HP 5830AF-96G Switch
    • JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
    • JG374A HP 5830AF-96G TAA-compliant Switch
  • 5800 (Comware 5) - Version: R1810P03
    • HP Network Products
    • JC099A HP 5800-24G-PoE Switch
    • JC099B HP 5800-24G-PoE+ Switch
    • JC100A HP 5800-24G Switch
    • JC100B HP 5800-24G Switch
    • JC101A HP 5800-48G Switch with 2 Slots
    • JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
    • JC103A HP 5800-24G-SFP Switch
    • JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
    • JC104A HP 5800-48G-PoE Switch
    • JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
    • JC105A HP 5800-48G Switch
    • JC105B HP 5800-48G Switch with 1 Interface Slot
    • JG254A HP 5800-24G-PoE+ TAA-compliant Switch
    • JG254B HP 5800-24G-PoE+ TAA-compliant Switch
    • JG255A HP 5800-24G TAA-compliant Switch
    • JG255B HP 5800-24G TAA-compliant Switch
    • JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG225A HP 5800AF-48G Switch
    • JG225B HP 5800AF-48G Switch
    • JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
    • JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
    • JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
    • JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
    • JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
    • JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
    • JG219A HP 5820AF-24XG Switch
    • JG219B HP 5820AF-24XG Switch
    • JC102A HP 5820-24XG-SFP+ Switch
    • JC102B HP 5820-24XG-SFP+ Switch
  • 5500 HI (Comware 5) - Version: R5501P21
    • HP Network Products
    • JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
    • JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
    • JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
    • JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
  • 5500 EI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD373A HP 5500-24G DC EI Switch
    • JD374A HP 5500-24G-SFP EI Switch
    • JD375A HP 5500-48G EI Switch
    • JD376A HP 5500-48G-PoE EI Switch
    • JD377A HP 5500-24G EI Switch
    • JD378A HP 5500-24G-PoE EI Switch
    • JD379A HP 5500-24G-SFP DC EI Switch
    • JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
    • JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
    • JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
    • JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
    • JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
  • 4800G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD007A HP 4800-24G Switch
    • JD008A HP 4800-24G-PoE Switch
    • JD009A HP 4800-24G-SFP Switch
    • JD010A HP 4800-48G Switch
    • JD011A HP 4800-48G-PoE Switch
  • 5500SI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD369A HP 5500-24G SI Switch
    • JD370A HP 5500-48G SI Switch
    • JD371A HP 5500-24G-PoE SI Switch
    • JD372A HP 5500-48G-PoE SI Switch
    • JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
    • JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
  • 4500G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JF428A HP 4510-48G Switch
    • JF847A HP 4510-24G Switch
  • 5120 EI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JE066A HP 5120-24G EI Switch
    • JE067A HP 5120-48G EI Switch
    • JE068A HP 5120-24G EI Switch with 2 Interface Slots
    • JE069A HP 5120-48G EI Switch with 2 Interface Slots
    • JE070A HP 5120-24G-PoE EI 2-slot Switch
    • JE071A HP 5120-48G-PoE EI 2-slot Switch
    • JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
    • JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
    • JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
    • JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
  • 4210G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JF844A HP 4210-24G Switch
    • JF845A HP 4210-48G Switch
    • JF846A HP 4210-24G-PoE Switch
  • 5120 SI (Comware 5) - Version: R1517
    • HP Network Products
    • JE072A HP 5120-48G SI Switch
    • JE072B HPE 5120 48G SI Switch
    • JE073A HP 5120-16G SI Switch
    • JE073B HPE 5120 16G SI Switch
    • JE074A HP 5120-24G SI Switch
    • JE074B HPE 5120 24G SI Switch
    • JG091A HP 5120-24G-PoE+ (370W) SI Switch
    • JG091B HPE 5120 24G PoE+ (370W) SI Switch
    • JG092A HP 5120-24G-PoE+ (170W) SI Switch
    • JG309B HPE 5120 8G PoE+ (180W) SI Switch
    • JG310B HPE 5120 8G PoE+ (65W) SI Switch
  • 3610 (Comware 5) - Version: R5319P15
    • HP Network Products
    • JD335A HP 3610-48 Switch
    • JD336A HP 3610-24-4G-SFP Switch
    • JD337A HP 3610-24-2G-2G-SFP Switch
    • JD338A HP 3610-24-SFP Switch
  • 3600V2 (Comware 5) - Version: R2111P01
    • HP Network Products
    • JG299A HP 3600-24 v2 EI Switch
    • JG299B HP 3600-24 v2 EI Switch
    • JG300A HP 3600-48 v2 EI Switch
    • JG300B HP 3600-48 v2 EI Switch
    • JG301A HP 3600-24-PoE+ v2 EI Switch
    • JG301B HP 3600-24-PoE+ v2 EI Switch
    • JG301C HP 3600-24-PoE+ v2 EI Switch
    • JG302A HP 3600-48-PoE+ v2 EI Switch
    • JG302B HP 3600-48-PoE+ v2 EI Switch
    • JG302C HP 3600-48-PoE+ v2 EI Switch
    • JG303A HP 3600-24-SFP v2 EI Switch
    • JG303B HP 3600-24-SFP v2 EI Switch
    • JG304A HP 3600-24 v2 SI Switch
    • JG304B HP 3600-24 v2 SI Switch
    • JG305A HP 3600-48 v2 SI Switch
    • JG305B HP 3600-48 v2 SI Switch
    • JG306A HP 3600-24-PoE+ v2 SI Switch
    • JG306B HP 3600-24-PoE+ v2 SI Switch
    • JG306C HP 3600-24-PoE+ v2 SI Switch
    • JG307A HP 3600-48-PoE+ v2 SI Switch
    • JG307B HP 3600-48-PoE+ v2 SI Switch
    • JG307C HP 3600-48-PoE+ v2 SI Switch
  • 3100V2 (Comware 5) - Version: R5213P01
    • HP Network Products
    • JD313B HPE 3100 24 PoE v2 EI Switch
    • JD318B HPE 3100 8 v2 EI Switch
    • JD319B HPE 3100 16 v2 EI Switch
    • JD320B HPE 3100 24 v2 EI Switch
    • JG221A HPE 3100 8 v2 SI Switch
    • JG222A HPE 3100 16 v2 SI Switch
    • JG223A HPE 3100 24 v2 SI Switch
  • HP870 (Comware 5) - Version: R2607P51
    • HP Network Products
    • JG723A HP 870 Unified Wired-WLAN Appliance
    • JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
  • HP850 (Comware 5) - Version: R2607P51
    • HP Network Products
    • JG722A HP 850 Unified Wired-WLAN Appliance
    • JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
  • HP830 (Comware 5) - Version: R3507P51
    • HP Network Products
    • JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
    • JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
    • JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
    • JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
  • HP6000 (Comware 5) - Version: R2507P44
    • HP Network Products
    • JG639A HP 10500/7500 20G Unified Wired-WLAN Module
    • JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
  • WX5004-EI (Comware 5) - Version: R2507P44
    • HP Network Products
    • JD447B HP WX5002 Access Controller
    • JD448A HP WX5004 Access Controller
    • JD448B HP WX5004 Access Controller
    • JD469A HP WX5004 Access Controller
  • SecBlade FW (Comware 5) - Version: R3181P07
    • HP Network Products
    • JC635A HP 12500 VPN Firewall Module
    • JD245A HP 9500 VPN Firewall Module
    • JD249A HP 10500/7500 Advanced VPN Firewall Module
    • JD250A HP 6600 Firewall Processing Router Module
    • JD251A HP 8800 Firewall Processing Module
    • JD255A HP 5820 VPN Firewall Module
  • F1000-E (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JD272A HP F1000-E VPN Firewall Appliance
  • F1000-A-EI (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG214A HP F1000-A-EI VPN Firewall Appliance
  • F1000-S-EI (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG213A HP F1000-S-EI VPN Firewall Appliance
  • F5000-A (Comware 5) - Version: F3210P26
    • HP Network Products
    • JD259A HP A5000-A5 VPN Firewall Chassis
    • JG215A HP F5000 Firewall Main Processing Unit
    • JG216A HP F5000 Firewall Standalone Chassis
  • U200S and CS (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD273A HP U200-S UTM Appliance
  • U200A and M (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD275A HP U200-A UTM Appliance
  • F5000-C/S (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG650A HP F5000-C VPN Firewall Appliance
    • JG370A HP F5000-S VPN Firewall Appliance
  • SecBlade III (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG371A HP 12500 20Gbps VPN Firewall Module
    • JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
  • 6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
  • 6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HPE FlexNetwork 6608 Router Chassis
    • JC178A HPE FlexNetwork 6604 Router Chassis
    • JC178B HPE FlexNetwork 6604 Router Chassis
    • JC496A HPE FlexNetwork 6616 Router Chassis
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • 6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC176A HP 6602 Router Chassis
  • HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • SMB1910 (Comware 5) - Version: R1113
    • HP Network Products
    • JG540A HP 1910-48 Switch
    • JG539A HP 1910-24-PoE+ Switch
    • JG538A HP 1910-24 Switch
    • JG537A HP 1910-8 -PoE+ Switch
    • JG536A HP 1910-8 Switch
  • SMB1920 (Comware 5) - Version: R1112
    • HP Network Products
    • JG928A HP 1920-48G-PoE+ (370W) Switch
    • JG927A HP 1920-48G Switch
    • JG926A HP 1920-24G-PoE+ (370W) Switch
    • JG925A HP 1920-24G-PoE+ (180W) Switch
    • JG924A HP 1920-24G Switch
    • JG923A HP 1920-16G Switch
    • JG922A HP 1920-8G-PoE+ (180W) Switch
    • JG921A HP 1920-8G-PoE+ (65W) Switch
    • JG920A HP 1920-8G Switch
  • V1910 (Comware 5) - Version: R1517P01
    • HP Network Products
    • JE005A HP 1910-16G Switch
    • JE006A HP 1910-24G Switch
    • JE007A HP 1910-24G-PoE (365W) Switch
    • JE008A HP 1910-24G-PoE(170W) Switch
    • JE009A HP 1910-48G Switch
    • JG348A HP 1910-8G Switch
    • JG349A HP 1910-8G-PoE+ (65W) Switch
    • JG350A HP 1910-8G-PoE+ (180W) Switch
  • SMB 1620 (Comware 5) - Version: R1110
    • HP Network Products
    • JG914A HP 1620-48G Switch
    • JG913A HP 1620-24G Switch
    • JG912A HP 1620-8G Switch
  • NJ5000 - Version: R1107
    • HP Network Products
    • JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7377
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
  • 10500 (Comware 7) - Version: R7180
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
  • 12900 (Comware 7) - Version: R1150
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
  • 5900 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
  • MSR1000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
  • MSR2000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
  • MSR3000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
  • MSR4000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
  • VSR (Comware 7) - Version: E0322P01
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
  • 7900 (Comware 7) - Version: R2150
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
  • 5130 (Comware 7) - Version: R3113P02
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
  • 6125XLG - Version: R2432P01
    • HP Network Products
    • 711307-B21 HP 6125XLG Blade Switch
    • 737230-B21 HP 6125XLG Blade Switch with TAA
  • 6127XLG - Version: R2432P01
    • HP Network Products
    • 787635-B21 HP 6127XLG Blade Switch Opt Kit
    • 787635-B22 HP 6127XLG Blade Switch with TAA
  • Moonshot - Version: R2432P01
    • HP Network Products
    • 786617-B21 - HP Moonshot-45Gc Switch Module
    • 704654-B21 - HP Moonshot-45XGc Switch Module
    • 786619-B21 - HP Moonshot-180XGc Switch Module
  • 5700 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
  • 5930 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
  • HSR6600 (Comware 7) - Version: R7103P09
    • HP Network Products
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
  • HSR6800 (Comware 7) - Version: R7103P09
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
    • JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
  • 1950 (Comware 7) - Version: R3113P02
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
  • 7500 (Comware 7) - Version: R7180
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
  • 5510HI (Comware 7) - Version: R1120
    • HP Network Products
    • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
    • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
    • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
    • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
    • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
  • 5130HI (Comware 7) - Version: R1120
    • HP Network Products
    • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
    • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
    • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
    • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch

iMC Products

  • IMC PLAT - Version: 7.2 E0403P04
    • HP Network Products
    • JD125A HP IMC Std S/W Platform w/100-node
    • JD126A HP IMC Ent S/W Platform w/100-node
    • JD808A HP IMC Ent Platform w/100-node License
    • JD814A HP A-IMC Enterprise Edition Software DVD Media
    • JD815A HP IMC Std Platform w/100-node License
    • JD816A HP A-IMC Standard Edition Software DVD Media
    • JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
    • JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
    • JF377A HP IMC Std S/W Platform w/100-node Lic
    • JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
    • JF378A HP IMC Ent S/W Platform w/200-node Lic
    • JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
    • JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
    • JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
    • JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
    • JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
    • JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
    • JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
  • IMC iNode - Version: 7.2 E0407
    • HP Network Products
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
  • iMC UAM_TAM - Version: 7.1 E0406
    • HP Network Products
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
  • IMC WSM - Version: 7.2 E0502P04
    • HP Network Products
    • JD456A HP IMC WSM Software Module with 50-Access Point License
    • JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
    • JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
    • JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
    • JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
    • JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU

VCX Products

  • VCX - Version: 9.8.19
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 21 February 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEcBAEBCAAGBQJYrLMnAAoJELXhAxt7SZaiF8wH/3YruymhIoADdbuMZwr+LWqo FC2sM1bBsBSOc1sUJCjMqyIlHqXhugsz2SnMqkhyVL+icWrpj7DoH0JYAOfVW8sN nJqBmv+p16bIWeNEhOouSzzvxaXgcA8YtnEKTbPqi2wzvi4slUVzN3mHFa0BbgrO qvgr2UNU1V9SFxj1VA0BkJqXrinu7YmWyIl1VeccZJQX0LI9DIkgIKcYqU88E7jC CAd/P8CBwQvj0+hfYSysab5U1I1exk0rUXcX3Wmp/56LbgT5jrGjx6O9cvFZyE5O Bi/Xlu/GDBa6pw3kZsPEH5dqohLFFA0R7ayvg7f4ggfrskWrQn8c7RgogVw2FLs= =yvIR -----END PGP SIGNATURE----- .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. This update fixes the following security issues: BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193). X509_ATTRIBUTE memory leak (CVE-2015-3195). Race condition handling PSK identify hint (CVE-2015-3196). Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). For more information, see: https://openssl.org/news/secadv_20151203.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196 ( Security fix ) patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 5e45a22283b41aaf4f867918746ebc1d openssl-0.9.8zh-i486-1_slack13.0.txz 0ad74b36ce143d28e15dfcfcf1fcb483 openssl-solibs-0.9.8zh-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: c360d323a2bed57c62d6699b2d4be65e openssl-0.9.8zh-x86_64-1_slack13.0.txz 122240badbfbe51c842a9102d3cfe30f openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 1bf98b27573b20a7de5f6359f3eadbd7 openssl-0.9.8zh-i486-1_slack13.1.txz 2b732f1f29de1cb6078fd1ddda8eb9ec openssl-solibs-0.9.8zh-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 735c3bbc55902ec57e46370cde32ea4b openssl-0.9.8zh-x86_64-1_slack13.1.txz 483f506f3b86572e60fe4c46a67c226b openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 9af41ba336c64b92d5bbd86c17a93e94 openssl-0.9.8zh-i486-1_slack13.37.txz b83170b9c5ec56b4e2dc882b3c64b306 openssl-solibs-0.9.8zh-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 2220ff161d0bf3635d2dea7caae6e5e7 openssl-0.9.8zh-x86_64-1_slack13.37.txz 17b3e8884f383e3327d5e4a6080634cb openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz

Slackware 14.0 packages: ced42bc3799f2b54aeb3b631a2864b90 openssl-1.0.1q-i486-1_slack14.0.txz 52965f98ee30e8f3d22bde6b0fe7f53b openssl-solibs-1.0.1q-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: cbf49f09bdcebc61cf7fcb2857dc3a71 openssl-1.0.1q-x86_64-1_slack14.0.txz 156911f58b71ee6369467d8fec34a59f openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 36d5f60b634788d4315ffb46ef6d4d88 openssl-1.0.1q-i486-1_slack14.1.txz fc18f566a9a2f5c6adb15d288245403a openssl-solibs-1.0.1q-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 03f1832417a79f73b35180a39ae4fb16 openssl-1.0.1q-x86_64-1_slack14.1.txz bf447792f23deb14e1fe3f008a6b78a7 openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz

Slackware -current packages: 27b2974199a970392ed2192bf4a207a9 a/openssl-solibs-1.0.2e-i586-1.txz 940a7653a6cadb44ce143d3b0e0eaa16 n/openssl-1.0.2e-i586-1.txz

Slackware x86_64 -current packages: 8636a45f49d186d505b356b9be66309b a/openssl-solibs-1.0.2e-x86_64-1.txz 87c33a76a94993864a52bfe4e5d5b2f0 n/openssl-1.0.2e-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [26 Jan 2017] ========================================

Truncated packet could crash via OOB read (CVE-2017-3731)

Severity: Moderate

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash.

For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d

For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k

This issue was reported to OpenSSL on 13th November 2016 by Robert Święcki of Google. The fix was developed by Andy Polyakov of the OpenSSL development team.

Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)

Severity: Moderate

If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0d

This issue does not affect OpenSSL version 1.0.2.

Note that this issue was fixed prior to it being recognised as a security concern. This means the git commit with the fix does not contain the CVE identifier. The relevant fix commit can be identified by commit hash efbe126e3.

This issue was reported to OpenSSL on 14th January 2017 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)

Severity: Moderate

There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients.

UPDATE 31 Jan 2017. The original text said For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. This is not true. DHE key re-use was removed by commit c5b831f for 1.0.2 or commit ffaef3f for 1.1.0 on 17 December 2015

Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.

OpenSSL 1.1.0 users should upgrade to 1.1.0d OpenSSL 1.0.2 users should upgrade to 1.0.2k

This issue was reported to OpenSSL on 15th January 2017 by the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team.

Montgomery multiplication may produce incorrect results (CVE-2016-7055)

Severity: Low

This issue was previously fixed in 1.1.0c and covered in security advisory https://www.openssl.org/news/secadv/20161110.txt

OpenSSL 1.0.2 users should upgrade to 1.0.2k

Note

Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20170126.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . OpenSSL Security Advisory [07 Dec 2017] ========================================

Read/write after SSL object in error state (CVE-2017-3737)

Severity: Moderate

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer.

In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error.

This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation).

Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The issue was originally found via the OSS-Fuzz project. OpenSSL Security Advisory [27 Mar 2018] ========================================

Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)

Severity: Moderate

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0482",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.1.1"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.1.2"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.0.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.10"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.2.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.0.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.2.3"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "oncommand unified manager host package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "oncommand unified manager for clustered data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "6.0"
      },
      {
        "model": "oncommand report",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "oncommand performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "manageability sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "altavault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.3"
      },
      {
        "model": "ctpview 7.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ctpview 7.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "security network controller 1.0.3394m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.17"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.16"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.19"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "qlogic virtual fabric extension module for ibm bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014111002"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014091001"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014090801"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014090800"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014090300"
      },
      {
        "model": "mq light client module for node.js 1.0.2014091000-red",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.9"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.12"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "vcx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "intelligent management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.5"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.4"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.2"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.1"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.4"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortiwan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortivoiceos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortiswitch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.1"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.3"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.2"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.5"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.4.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortidb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4.0650"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3.633"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3.091"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.2.1"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.4.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.5"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.4"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.4"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.5"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "ctpview 7.3r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ctpview 7.1r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.11"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.18"
      },
      {
        "model": "qlogic virtual fabric extension module for ibm bladecenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3.16.00"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10.1.38.00"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.10"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.13"
      },
      {
        "model": "wx5004-ei (comware r2507p44",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "vsr (comware e0322p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "vcx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.8.19"
      },
      {
        "model": "(comware r1517p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v19105)"
      },
      {
        "model": "u200s and cs (comware f5123p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "u200a and m (comware f5123p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "smb1920 (comware r1112",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "smb1910 (comware r1113",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "smb (comware r1110",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "16205)"
      },
      {
        "model": "secblade fw (comware r3181p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "nj5000 r1107",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "msr4000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "msr3000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "msr2000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "msr20-1x (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "msr20 (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "msr1000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9xx5)"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "93x5)"
      },
      {
        "model": "msr 50-g2 (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "505)"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-1x5)"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-165)"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "305)"
      },
      {
        "model": "moonshot r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "imc wsm e0502p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "imc uam tam e0406",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "imc plat e0403p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "imc inode e0407",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "hsr6800 ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "hsr6800 (comware r7103p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "hsr6800 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hsr6602 ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "hsr6602 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hsr6600 (comware r7103p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "hp870 (comware r2607p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hp850 (comware r2607p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hp830 (comware r3507p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hp6000 (comware r2507p44",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "f5000-a (comware f3210p26",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "a6600 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "9500e (comware r1829p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "(comware r2150",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79007)"
      },
      {
        "model": "(comware r7180",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75007)"
      },
      {
        "model": "(comware r6710p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75005)"
      },
      {
        "model": "ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66025"
      },
      {
        "model": "rse ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66005"
      },
      {
        "model": "rpe ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66005"
      },
      {
        "model": "6127xlg r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "6125xlg r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "6125g/xg blade switch r2112p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59307)"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59007)"
      },
      {
        "model": "(comware r1118p13",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58305)"
      },
      {
        "model": "(comware r1810p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58005)"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "57007)"
      },
      {
        "model": "5510hi (comware r1120",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "5500si (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hi (comware r5501p21",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)"
      },
      {
        "model": "ei (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)"
      },
      {
        "model": "5130hi (comware r1120",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "(comware r3113p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51307)"
      },
      {
        "model": "si (comware r1517",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51205)"
      },
      {
        "model": "ei (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51205)"
      },
      {
        "model": "4800g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "4500g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "4210g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "(comware r5319p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "36105)"
      },
      {
        "model": "(comware r2111p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v25)"
      },
      {
        "model": "(comware r5213p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v25)"
      },
      {
        "model": "(comware r3113p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19507)"
      },
      {
        "model": "(comware r1150",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129007)"
      },
      {
        "model": "(comware r7377",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125007)"
      },
      {
        "model": "(comware r1829p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125005)"
      },
      {
        "model": "(comware r7180",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105007)"
      },
      {
        "model": "(comware r1210p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105005)"
      },
      {
        "model": "xcode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "78705"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.3",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.1.1",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hanno B\u00f6ck",
    "sources": [
      {
        "db": "BID",
        "id": "78705"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3193",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-3193",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3193",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-073",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3193",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3193"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. OpenSSL is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-10-27-1 Xcode 8.1\n\nXcode 8.1 is now available and addresses the following:\n\nIDE Xcode Server\nAvailable for:  OS X El Capitan v10.11.5 and later\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: Multiple issues existed in Node.js in Xcode Server. \nThese issues were addressed by updating to Node.js version 4.5.0. \nCVE-2016-1669\nCVE-2016-0705\nCVE-2016-0797\nCVE-2016-0702\nCVE-2016-2086\nCVE-2016-2216\nCVE-2015-8027\nCVE-2015-3193\nCVE-2015-3194\nCVE-2015-6764\n\nXcode 8.1 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"8.1\". ============================================================================\nUbuntu Security Notice USN-2830-1\nDecember 07, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nGuy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange\nfor an anonymous DH ciphersuite with the value of p set to 0. A remote\nattacker could possibly use this issue to cause OpenSSL to crash, resulting\nin a denial of service. A remote\nattacker could possibly use this issue to break encryption. (CVE-2015-3193)\n\nLo=C3=AFc Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1\nsignatures with a missing PSS parameter. A remote attacker could possibly\nuse this issue to cause OpenSSL to crash, resulting in a denial of service. \n(CVE-2015-3194)\n\nAdam Langley discovered that OpenSSL incorrectly handled malformed\nX509_ATTRIBUTE structures. A remote attacker could possibly use this issue\nto cause OpenSSL to consume resources, resulting in a denial of service. \n(CVE-2015-3195)\n\nIt was discovered that OpenSSL incorrectly handled PSK identity hints. A\nremote attacker could possibly use this issue to cause OpenSSL to crash,\nresulting in a denial of service. This issue only applied to Ubuntu 12.04\nLTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  libssl1.0.0                     1.0.2d-0ubuntu1.2\n\nUbuntu 15.04:\n  libssl1.0.0                     1.0.1f-1ubuntu11.5\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.16\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.32\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2830-1\n  CVE-2015-1794, CVE-2015-3193, CVE-2015-3194, CVE-2015-3195,\n  CVE-2015-3196\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.2\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.5\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.16\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.32\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05398322\nVersion: 1\n\nHPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-02-21\nLast Updated: 2017-02-21\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nNetwork products including Comware 5, Comware 7, IMC, and VCX. The\nvulnerabilities could be remotely exploited resulting in Denial of Service\n(DoS) or disclosure of sensitive information. \n\nReferences:\n\n  - CVE-2015-1794 - Remote Denial of Service (DoS)\n  - CVE-2015-3193 - Remote disclosure of sensitive information\n  - CVE-2015-3194 - Remote Denial of Service (DoS)\n  - CVE-2015-3195 - Remote disclosure of sensitive information\n  - CVE-2015-3196 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - HPE Intelligent Management Center (iMC) All versions - Please refer to\nthe RESOLUTION below for a list of updated products. \n  - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2015-1794\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3193\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n    CVE-2015-3194\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3195\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3196\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates to resolve the vulnerabilities in\nthe Comware, IMC and VCX products running OpenSSL. \n\n\n**COMWARE 5 Products**\n\n  + **A6600 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **HSR6602 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **MSR20 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD432A HP A-MSR20-21 Router\n      - JD662A HP MSR20-20 Router\n      - JD663A HP A-MSR20-21 Router\n      - JD663B HP MSR20-21 Router\n      - JD664A HP MSR20-40 Router\n      - JF228A HP MSR20-40 Router\n      - JF283A HP MSR20-20 Router\n  + **MSR20-1X  (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD431A HP MSR20-10 Router\n      - JD667A HP MSR20-15 IW Multi-Service Router\n      - JD668A HP MSR20-13 Multi-Service Router\n      - JD669A HP MSR20-13 W Multi-Service Router\n      - JD670A HP MSR20-15 A Multi-Service Router\n      - JD671A HP MSR20-15 AW Multi-Service Router\n      - JD672A HP MSR20-15 I Multi-Service Router\n      - JD673A HP MSR20-11 Multi-Service Router\n      - JD674A HP MSR20-12 Multi-Service Router\n      - JD675A HP MSR20-12 W Multi-Service Router\n      - JD676A HP MSR20-12 T1 Multi-Service Router\n      - JF236A HP MSR20-15-I Router\n      - JF237A HP MSR20-15-A Router\n      - JF238A HP MSR20-15-I-W Router\n      - JF239A HP MSR20-11 Router\n      - JF240A HP MSR20-13 Router\n      - JF241A HP MSR20-12 Router\n      - JF806A HP MSR20-12-T Router\n      - JF807A HP MSR20-12-W Router\n      - JF808A HP MSR20-13-W Router\n      - JF809A HP MSR20-15-A-W Router\n      - JF817A HP MSR20-15 Router\n      - JG209A HP MSR20-12-T-W Router (NA)\n      - JG210A HP MSR20-13-W Router (NA)\n  + **MSR 30 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD654A HP MSR30-60 POE Multi-Service Router\n      - JD657A HP MSR30-40 Multi-Service Router\n      - JD658A HP MSR30-60 Multi-Service Router\n      - JD660A HP MSR30-20 POE Multi-Service Router\n      - JD661A HP MSR30-40 POE Multi-Service Router\n      - JD666A HP MSR30-20 Multi-Service Router\n      - JF229A HP MSR30-40 Router\n      - JF230A HP MSR30-60 Router\n      - JF232A HP RTMSR3040-AC-OVSAS-H3\n      - JF235A HP MSR30-20 DC Router\n      - JF284A HP MSR30-20 Router\n      - JF287A HP MSR30-40 DC Router\n      - JF801A HP MSR30-60 DC Router\n      - JF802A HP MSR30-20 PoE Router\n      - JF803A HP MSR30-40 PoE Router\n      - JF804A HP MSR30-60 PoE Router\n      - JG728A HP MSR30-20 TAA-compliant DC Router\n      - JG729A HP MSR30-20 TAA-compliant Router\n  + **MSR 30-16 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD659A HP MSR30-16 POE Multi-Service Router\n      - JD665A HP MSR30-16 Multi-Service Router\n      - JF233A HP MSR30-16 Router\n      - JF234A HP MSR30-16 PoE Router\n  + **MSR 30-1X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF800A HP MSR30-11 Router\n      - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n      - JG182A HP MSR30-11E Router\n      - JG183A HP MSR30-11F Router\n      - JG184A HP MSR30-10 DC Router\n  + **MSR 50 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD433A HP MSR50-40 Router\n      - JD653A HP MSR50 Processor Module\n      - JD655A HP MSR50-40 Multi-Service Router\n      - JD656A HP MSR50-60 Multi-Service Router\n      - JF231A HP MSR50-60 Router\n      - JF285A HP MSR50-40 DC Router\n      - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n  + **MSR 50-G2 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD429A HP MSR50 G2 Processor Module\n      - JD429B HP MSR50 G2 Processor Module\n  + **MSR 9XX (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF812A HP MSR900 Router\n      - JF813A HP MSR920 Router\n      - JF814A HP MSR900-W Router\n      - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n      - JG207A HP MSR900-W Router (NA)\n      - JG208A HP MSR920-W Router (NA)\n  + **MSR 93X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JG511A HP MSR930 Router\n      - JG511B HP MSR930 Router\n      - JG512A HP MSR930 Wireless Router\n      - JG513A HP MSR930 3G Router\n      - JG513B HP MSR930 3G Router\n      - JG514A HP MSR931 Router\n      - JG514B HP MSR931 Router\n      - JG515A HP MSR931 3G Router\n      - JG516A HP MSR933 Router\n      - JG517A HP MSR933 3G Router\n      - JG518A HP MSR935 Router\n      - JG518B HP MSR935 Router\n      - JG519A HP MSR935 Wireless Router\n      - JG520A HP MSR935 3G Router\n      - JG531A HP MSR931 Dual 3G Router\n      - JG531B HP MSR931 Dual 3G Router\n      - JG596A HP MSR930 4G LTE/3G CDMA Router\n      - JG597A HP MSR936 Wireless Router\n      - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n      - JG704A HP MSR930 4G LTE/3G WCDMA  ATT Router\n      - JH009A HP MSR931 Serial (TI) Router\n      - JH010A HP MSR933 G.SHDSL (TI) Router\n      - JH011A HP MSR935 ADSL2+ (TI) Router\n      - JH012A HP MSR930 Wireless 802.11n (NA) Router\n      - JH012B HP MSR930 Wireless 802.11n (NA) Router\n      - JH013A HP MSR935 Wireless 802.11n (NA) Router\n  + **MSR1000 (Comware 5) - Version: See Mitigation**\n    * HP Network Products\n      - JG732A HP MSR1003-8 AC Router\n  + **12500 (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JC808A HP 12500 TAA Main Processing Unit\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n  + **9500E (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC124A HP A9508 Switch Chassis\n      - JC124B HP 9505 Switch Chassis\n      - JC125A HP A9512 Switch Chassis\n      - JC125B HP 9512 Switch Chassis\n      - JC474A HP A9508-V Switch Chassis\n      - JC474B HP 9508-V Switch Chassis\n  + **10500 (Comware 5) - Version: R1210P02**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC614A HP 10500 Main Processing Unit\n      - JC748A HP 10512 Switch Chassis\n      - JG375A HP 10500 TAA-compliant Main Processing Unit\n      - JG820A HP 10504 TAA-compliant Switch Chassis\n      - JG821A HP 10508 TAA-compliant Switch Chassis\n      - JG822A HP 10508-V TAA-compliant Switch Chassis\n      - JG823A HP 10512 TAA-compliant Switch Chassis\n  + **7500 (Comware 5) - Version: R6710P02**\n    * HP Network Products\n      - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n      - JC697A HP 7502 TAA-compliant Main Processing Unit\n      - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n      - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n      - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n      - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n      - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD194A HP 7500 384Gbps Fabric Module\n      - JD194B HP 7500 384Gbps Fabric Module\n      - JD195A HP 7500 384Gbps Advanced Fabric Module\n      - JD196A HP 7502 Fabric Module\n      - JD220A HP 7500 768Gbps Fabric Module\n      - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n      - JD238A HP 7510 Switch Chassis\n      - JD238B HP 7510 Switch Chassis\n      - JD239A HP 7506 Switch Chassis\n      - JD239B HP 7506 Switch Chassis\n      - JD240A HP 7503 Switch Chassis\n      - JD240B HP 7503 Switch Chassis\n      - JD241A HP 7506-V Switch Chassis\n      - JD241B HP 7506-V Switch Chassis\n      - JD242A HP 7502 Switch Chassis\n      - JD242B HP 7502 Switch Chassis\n      - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JE164A HP E7902 Switch Chassis\n      - JE165A HP E7903 Switch Chassis\n      - JE166A HP E7903 1 Fabric Slot Switch Chassis\n      - JE167A HP E7906 Switch Chassis\n      - JE168A HP E7906 Vertical Switch Chassis\n      - JE169A HP E7910 Switch Chassis\n  + **6125G/XG Blade Switch - Version: R2112P05**\n    * HP Network Products\n      - 737220-B21 HP 6125G Blade Switch with TAA\n      - 737226-B21 HP 6125G/XG Blade Switch with TAA\n      - 658250-B21 HP 6125G/XG Blade Switch Opt Kit\n      - 658247-B21 HP 6125G Blade Switch Opt Kit\n  + **5830 (Comware 5) - Version: R1118P13**\n    * HP Network Products\n      - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n      - JC694A HP 5830AF-96G Switch\n      - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n      - JG374A HP 5830AF-96G TAA-compliant Switch\n  + **5800 (Comware 5) - Version: R1810P03**\n    * HP Network Products\n      - JC099A HP 5800-24G-PoE Switch\n      - JC099B HP 5800-24G-PoE+ Switch\n      - JC100A HP 5800-24G Switch\n      - JC100B HP 5800-24G Switch\n      - JC101A HP 5800-48G Switch with 2 Slots\n      - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n      - JC103A HP 5800-24G-SFP Switch\n      - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n      - JC104A HP 5800-48G-PoE Switch\n      - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n      - JC105A HP 5800-48G Switch\n      - JC105B HP 5800-48G Switch with 1 Interface Slot\n      - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG255A HP 5800-24G TAA-compliant Switch\n      - JG255B HP 5800-24G TAA-compliant Switch\n      - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG225A HP 5800AF-48G Switch\n      - JG225B HP 5800AF-48G Switch\n      - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n      - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n      - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n      - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n      - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n      - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n      - JG219A HP 5820AF-24XG Switch\n      - JG219B HP 5820AF-24XG Switch\n      - JC102A HP 5820-24XG-SFP+ Switch\n      - JC102B HP 5820-24XG-SFP+ Switch\n  + **5500 HI (Comware 5) - Version: R5501P21**\n    * HP Network Products\n      - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n      - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n      - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n      - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n  + **5500 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD373A HP 5500-24G DC EI Switch\n      - JD374A HP 5500-24G-SFP EI Switch\n      - JD375A HP 5500-48G EI Switch\n      - JD376A HP 5500-48G-PoE EI Switch\n      - JD377A HP 5500-24G EI Switch\n      - JD378A HP 5500-24G-PoE EI Switch\n      - JD379A HP 5500-24G-SFP DC EI Switch\n      - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n      - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n      - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n  + **4800G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD007A HP 4800-24G Switch\n      - JD008A HP 4800-24G-PoE Switch\n      - JD009A HP 4800-24G-SFP Switch\n      - JD010A HP 4800-48G Switch\n      - JD011A HP 4800-48G-PoE Switch\n  + **5500SI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD369A HP 5500-24G SI Switch\n      - JD370A HP 5500-48G SI Switch\n      - JD371A HP 5500-24G-PoE SI Switch\n      - JD372A HP 5500-48G-PoE SI Switch\n      - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n      - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n  + **4500G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF428A HP 4510-48G Switch\n      - JF847A HP 4510-24G Switch\n  + **5120 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JE066A HP 5120-24G EI Switch\n      - JE067A HP 5120-48G EI Switch\n      - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n      - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n      - JE070A HP 5120-24G-PoE EI 2-slot Switch\n      - JE071A HP 5120-48G-PoE EI 2-slot Switch\n      - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n      - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n  + **4210G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF844A HP 4210-24G Switch\n      - JF845A HP 4210-48G Switch\n      - JF846A HP 4210-24G-PoE Switch\n  + **5120 SI (Comware 5) - Version: R1517**\n    * HP Network Products\n      - JE072A HP 5120-48G SI Switch\n      - JE072B HPE 5120 48G SI Switch\n      - JE073A HP 5120-16G SI Switch\n      - JE073B HPE 5120 16G SI Switch\n      - JE074A HP 5120-24G SI Switch\n      - JE074B HPE 5120 24G SI Switch\n      - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n      - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n      - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n      - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n      - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n  + **3610 (Comware 5) - Version: R5319P15**\n    * HP Network Products\n      - JD335A HP 3610-48 Switch\n      - JD336A HP 3610-24-4G-SFP Switch\n      - JD337A HP 3610-24-2G-2G-SFP Switch\n      - JD338A HP 3610-24-SFP Switch\n  + **3600V2 (Comware 5) - Version: R2111P01**\n    * HP Network Products\n      - JG299A HP 3600-24 v2 EI Switch\n      - JG299B HP 3600-24 v2 EI Switch\n      - JG300A HP 3600-48 v2 EI Switch\n      - JG300B HP 3600-48 v2 EI Switch\n      - JG301A HP 3600-24-PoE+ v2 EI Switch\n      - JG301B HP 3600-24-PoE+ v2 EI Switch\n      - JG301C HP 3600-24-PoE+ v2 EI Switch\n      - JG302A HP 3600-48-PoE+ v2 EI Switch\n      - JG302B HP 3600-48-PoE+ v2 EI Switch\n      - JG302C HP 3600-48-PoE+ v2 EI Switch\n      - JG303A HP 3600-24-SFP v2 EI Switch\n      - JG303B HP 3600-24-SFP v2 EI Switch\n      - JG304A HP 3600-24 v2 SI Switch\n      - JG304B HP 3600-24 v2 SI Switch\n      - JG305A HP 3600-48 v2 SI Switch\n      - JG305B HP 3600-48 v2 SI Switch\n      - JG306A HP 3600-24-PoE+ v2 SI Switch\n      - JG306B HP 3600-24-PoE+ v2 SI Switch\n      - JG306C HP 3600-24-PoE+ v2 SI Switch\n      - JG307A HP 3600-48-PoE+ v2 SI Switch\n      - JG307B HP 3600-48-PoE+ v2 SI Switch\n      - JG307C HP 3600-48-PoE+ v2 SI Switch\n  + **3100V2 (Comware 5) - Version: R5213P01**\n    * HP Network Products\n      - JD313B HPE 3100 24 PoE v2 EI Switch\n      - JD318B HPE 3100 8 v2 EI Switch\n      - JD319B HPE 3100 16 v2 EI Switch\n      - JD320B HPE 3100 24 v2 EI Switch\n      - JG221A HPE 3100 8 v2 SI Switch\n      - JG222A HPE 3100 16 v2 SI Switch\n      - JG223A HPE 3100 24 v2 SI Switch\n  + **HP870 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG723A HP 870 Unified Wired-WLAN Appliance\n      - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP850 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG722A HP 850 Unified Wired-WLAN Appliance\n      - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP830 (Comware 5) - Version: R3507P51**\n    * HP Network Products\n      - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n      - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n      - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n      - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n  + **HP6000 (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n      - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n  + **WX5004-EI (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JD447B HP WX5002 Access Controller\n      - JD448A HP WX5004 Access Controller\n      - JD448B HP WX5004 Access Controller\n      - JD469A HP WX5004 Access Controller\n  + **SecBlade FW (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JC635A HP 12500 VPN Firewall Module\n      - JD245A HP 9500 VPN Firewall Module\n      - JD249A HP 10500/7500 Advanced VPN Firewall Module\n      - JD250A HP 6600 Firewall Processing Router Module\n      - JD251A HP 8800 Firewall Processing Module\n      - JD255A HP 5820 VPN Firewall Module\n  + **F1000-E (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JD272A HP F1000-E VPN Firewall Appliance\n  + **F1000-A-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG214A HP F1000-A-EI VPN Firewall Appliance\n  + **F1000-S-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG213A HP F1000-S-EI VPN Firewall Appliance\n  + **F5000-A (Comware 5) - Version: F3210P26**\n    * HP Network Products\n      - JD259A HP A5000-A5 VPN Firewall Chassis\n      - JG215A HP F5000 Firewall Main Processing Unit\n      - JG216A HP F5000 Firewall Standalone Chassis\n  + **U200S and CS (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD273A HP U200-S UTM Appliance\n  + **U200A and M (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD275A HP U200-A UTM Appliance\n  + **F5000-C/S (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG650A HP F5000-C VPN Firewall Appliance\n      - JG370A HP F5000-S VPN Firewall Appliance\n  + **SecBlade III (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG371A HP 12500 20Gbps VPN Firewall Module\n      - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n  + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n  + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HPE FlexNetwork 6608 Router Chassis\n      - JC178A HPE FlexNetwork 6604 Router Chassis\n      - JC178B HPE FlexNetwork 6604 Router Chassis\n      - JC496A HPE FlexNetwork 6616 Router Chassis\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n  + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **SMB1910 (Comware 5) - Version: R1113**\n    * HP Network Products\n      - JG540A HP 1910-48 Switch\n      - JG539A HP 1910-24-PoE+ Switch\n      - JG538A HP 1910-24 Switch\n      - JG537A HP 1910-8 -PoE+ Switch\n      - JG536A HP 1910-8 Switch\n  + **SMB1920 (Comware 5) - Version: R1112**\n    * HP Network Products\n      - JG928A HP 1920-48G-PoE+ (370W) Switch\n      - JG927A HP 1920-48G Switch\n      - JG926A HP 1920-24G-PoE+ (370W) Switch\n      - JG925A HP 1920-24G-PoE+ (180W) Switch\n      - JG924A HP 1920-24G Switch\n      - JG923A HP 1920-16G Switch\n      - JG922A HP 1920-8G-PoE+ (180W) Switch\n      - JG921A HP 1920-8G-PoE+ (65W) Switch\n      - JG920A HP 1920-8G Switch\n  + **V1910 (Comware 5) - Version: R1517P01**\n    * HP Network Products\n      - JE005A HP 1910-16G Switch\n      - JE006A HP 1910-24G Switch\n      - JE007A HP 1910-24G-PoE (365W) Switch\n      - JE008A HP 1910-24G-PoE(170W) Switch\n      - JE009A HP 1910-48G Switch\n      - JG348A HP 1910-8G Switch\n      - JG349A HP 1910-8G-PoE+ (65W) Switch\n      - JG350A HP 1910-8G-PoE+ (180W) Switch\n  + **SMB 1620 (Comware 5) - Version: R1110**\n    * HP Network Products\n      - JG914A HP 1620-48G Switch\n      - JG913A HP 1620-24G Switch\n      - JG912A HP 1620-8G Switch\n  + **NJ5000 - Version: R1107**\n    * HP Network Products\n      - JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack\n\n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7377**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1150**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0322P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2150**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **6125XLG - Version: R2432P01**\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n  + **6127XLG - Version: R2432P01**\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n  + **Moonshot - Version: R2432P01**\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n  + **5700 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n  + **5510HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n  + **5130HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n\n\n**iMC Products**\n\n  + **IMC PLAT - Version: 7.2 E0403P04**\n    * HP Network Products\n      - JD125A  HP IMC Std S/W Platform w/100-node\n      - JD126A  HP IMC Ent S/W Platform w/100-node\n      - JD808A  HP IMC Ent Platform w/100-node License\n      - JD814A   HP A-IMC Enterprise Edition Software DVD Media\n      - JD815A  HP IMC Std Platform w/100-node License\n      - JD816A  HP A-IMC Standard Edition Software DVD Media\n      - JF288AAE  HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n      - JF289AAE  HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n      - JF377A  HP IMC Std S/W Platform w/100-node Lic\n      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU\n      - JF378A  HP IMC Ent S/W Platform w/200-node Lic\n      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU\n      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU\n      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU\n      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU\n      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n  + **IMC iNode - Version: 7.2 E0407**\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n  + **iMC UAM_TAM - Version: 7.1 E0406**\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n  + **IMC WSM - Version: 7.2 E0502P04**\n    * HP Network Products\n      - JD456A HP IMC WSM Software Module with 50-Access Point License\n      - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n      - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n      - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n      - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n      - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n  + **VCX - Version: 9.8.19**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 February 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBCAAGBQJYrLMnAAoJELXhAxt7SZaiF8wH/3YruymhIoADdbuMZwr+LWqo\nFC2sM1bBsBSOc1sUJCjMqyIlHqXhugsz2SnMqkhyVL+icWrpj7DoH0JYAOfVW8sN\nnJqBmv+p16bIWeNEhOouSzzvxaXgcA8YtnEKTbPqi2wzvi4slUVzN3mHFa0BbgrO\nqvgr2UNU1V9SFxj1VA0BkJqXrinu7YmWyIl1VeccZJQX0LI9DIkgIKcYqU88E7jC\nCAd/P8CBwQvj0+hfYSysab5U1I1exk0rUXcX3Wmp/56LbgT5jrGjx6O9cvFZyE5O\nBi/Xlu/GDBa6pw3kZsPEH5dqohLFFA0R7ayvg7f4ggfrskWrQn8c7RgogVw2FLs=\n=yvIR\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz:  Upgraded. \n  This update fixes the following security issues:\n  BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193). \n  X509_ATTRIBUTE memory leak (CVE-2015-3195). \n  Race condition handling PSK identify hint (CVE-2015-3196). \n  Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). \n  For more information, see:\n    https://openssl.org/news/secadv_20151203.txt\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n5e45a22283b41aaf4f867918746ebc1d  openssl-0.9.8zh-i486-1_slack13.0.txz\n0ad74b36ce143d28e15dfcfcf1fcb483  openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\nc360d323a2bed57c62d6699b2d4be65e  openssl-0.9.8zh-x86_64-1_slack13.0.txz\n122240badbfbe51c842a9102d3cfe30f  openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1bf98b27573b20a7de5f6359f3eadbd7  openssl-0.9.8zh-i486-1_slack13.1.txz\n2b732f1f29de1cb6078fd1ddda8eb9ec  openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n735c3bbc55902ec57e46370cde32ea4b  openssl-0.9.8zh-x86_64-1_slack13.1.txz\n483f506f3b86572e60fe4c46a67c226b  openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n9af41ba336c64b92d5bbd86c17a93e94  openssl-0.9.8zh-i486-1_slack13.37.txz\nb83170b9c5ec56b4e2dc882b3c64b306  openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n2220ff161d0bf3635d2dea7caae6e5e7  openssl-0.9.8zh-x86_64-1_slack13.37.txz\n17b3e8884f383e3327d5e4a6080634cb  openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nced42bc3799f2b54aeb3b631a2864b90  openssl-1.0.1q-i486-1_slack14.0.txz\n52965f98ee30e8f3d22bde6b0fe7f53b  openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ncbf49f09bdcebc61cf7fcb2857dc3a71  openssl-1.0.1q-x86_64-1_slack14.0.txz\n156911f58b71ee6369467d8fec34a59f  openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n36d5f60b634788d4315ffb46ef6d4d88  openssl-1.0.1q-i486-1_slack14.1.txz\nfc18f566a9a2f5c6adb15d288245403a  openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n03f1832417a79f73b35180a39ae4fb16  openssl-1.0.1q-x86_64-1_slack14.1.txz\nbf447792f23deb14e1fe3f008a6b78a7  openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n27b2974199a970392ed2192bf4a207a9  a/openssl-solibs-1.0.2e-i586-1.txz\n940a7653a6cadb44ce143d3b0e0eaa16  n/openssl-1.0.2e-i586-1.txz\n\nSlackware x86_64 -current packages:\n8636a45f49d186d505b356b9be66309b  a/openssl-solibs-1.0.2e-x86_64-1.txz\n87c33a76a94993864a52bfe4e5d5b2f0  n/openssl-1.0.2e-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \nOpenSSL Security Advisory [26 Jan 2017]\n========================================\n\nTruncated packet could crash via OOB read (CVE-2017-3731)\n=========================================================\n\nSeverity: Moderate\n\nIf an SSL/TLS server or client is running on a 32-bit host, and a specific\ncipher is being used, then a truncated packet can cause that server or client\nto perform an out-of-bounds read, usually resulting in a crash. \n\nFor OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305;\nusers should upgrade to 1.1.0d\n\nFor Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have\nnot disabled that algorithm should update to 1.0.2k\n\nThis issue was reported to OpenSSL on 13th November 2016 by Robert \u015awi\u0119cki of\nGoogle. The fix was developed by Andy Polyakov of the OpenSSL development team. \n\nBad (EC)DHE parameters cause a client crash (CVE-2017-3730)\n===========================================================\n\nSeverity: Moderate\n\nIf a malicious server supplies bad parameters for a DHE or ECDHE key exchange\nthen this can result in the client attempting to dereference a NULL pointer\nleading to a client crash. This could be exploited in a Denial of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0d\n\nThis issue does not affect OpenSSL version 1.0.2. \n\nNote that this issue was fixed prior to it being recognised as a security\nconcern. This means the git commit with the fix does not contain the CVE\nidentifier. The relevant fix commit can be identified by commit hash efbe126e3. \n\nThis issue was reported to OpenSSL on 14th January 2017 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nBN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n==================================================================\n\nSeverity: Moderate\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring procedure. No\nEC algorithms are affected. Analysis suggests that attacks against RSA and DSA\nas a result of this defect would be very difficult to perform and are not\nbelieved likely. Attacks against DH are considered just feasible (although very\ndifficult) because most of the work necessary to deduce information\nabout a private key may be performed offline. The amount of resources\nrequired for such an attack would be very significant and likely only\naccessible to a limited number of attackers. An attacker would\nadditionally need online access to an unpatched system using the target\nprivate key in a scenario with persistent DH parameters and a private\nkey that is shared between multiple clients. \n\nUPDATE 31 Jan 2017.  The original text said\n    For example this can occur by\n    default in OpenSSL DHE based SSL/TLS ciphersuites. \nThis is not true.  DHE key re-use was removed by commit c5b831f for 1.0.2\nor commit ffaef3f for 1.1.0 on 17 December 2015\n\nNote: This issue is very similar to CVE-2015-3193 but must be treated as\na separate problem. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0d\nOpenSSL 1.0.2 users should upgrade to 1.0.2k\n\nThis issue was reported to OpenSSL on 15th January 2017 by the OSS-Fuzz project. \nThe fix was developed by Andy Polyakov of the OpenSSL development team. \n\nMontgomery multiplication may produce incorrect results (CVE-2016-7055)\n=======================================================================\n\nSeverity: Low\n\nThis issue was previously fixed in 1.1.0c and covered in security advisory\nhttps://www.openssl.org/news/secadv/20161110.txt\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2k\n\n\nNote\n====\n\nSupport for version 1.0.1 ended on 31st December 2016. Support for versions\n0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer\nreceiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20170126.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n. \nOpenSSL Security Advisory [07 Dec 2017]\n========================================\n\nRead/write after SSL object in error state (CVE-2017-3737)\n==========================================================\n\nSeverity: Moderate\n\nOpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\"\nmechanism. The intent was that if a fatal error occurred during a handshake then\nOpenSSL would move into the error state and would immediately fail if you\nattempted to continue the handshake. This works as designed for the explicit\nhandshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()),\nhowever due to a bug it does not work correctly if SSL_read() or SSL_write() is\ncalled directly. In that scenario, if the handshake fails then a fatal error\nwill be returned in the initial function call. If SSL_read()/SSL_write() is\nsubsequently called by the application for the same SSL object then it will\nsucceed and the data is passed without being decrypted/encrypted directly from\nthe SSL/TLS record layer. \n\nIn order to exploit this issue an application bug would have to be present that\nresulted in a call to SSL_read()/SSL_write() being issued after having already\nreceived a fatal error. \n\nThis only affects processors that support the AVX2 but not ADX extensions\nlike Intel Haswell (4th generation). \n\nDue to the low severity of this issue we are not issuing a new release of\nOpenSSL 1.1.0 at this time. The issue was originally found via the OSS-Fuzz project. \nOpenSSL Security Advisory [27 Mar 2018]\n========================================\n\nConstructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)\n==========================================================================================\n\nSeverity: Moderate\n\nConstructed ASN.1 types with a recursive definition (such as can be found in\nPKCS7) could eventually exceed the stack given malicious input with\nexcessive recursion. There are\nno such structures used within SSL/TLS that come from untrusted sources so this\nis considered safe. \nThis allows an attacker to forge messages that would be considered as\nauthenticated in an amount of tries lower than that guaranteed by the security\nclaims of the scheme. The module can only be compiled by the HP-UX assembler, so\nthat only HP-UX PA-RISC targets are affected",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3193"
      },
      {
        "db": "BID",
        "id": "78705"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3193"
      },
      {
        "db": "PACKETSTORM",
        "id": "139380"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "169650"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "169626"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3193",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "78705",
        "trust": 2.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10761",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1034294",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "PULSESECURE",
        "id": "SA40100",
        "trust": 1.7
      },
      {
        "db": "ISC",
        "id": "AA-01438",
        "trust": 1.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4645",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4325",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073",
        "trust": 0.6
      },
      {
        "db": "MCAFEE",
        "id": "SB10203",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3193",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139380",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134652",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141239",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134859",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169650",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169655",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169626",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3193"
      },
      {
        "db": "BID",
        "id": "78705"
      },
      {
        "db": "PACKETSTORM",
        "id": "139380"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "169650"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "169626"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "id": "VAR-201512-0482",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.43503637333333334
  },
  "last_update_date": "2024-07-04T21:07:09.468000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "OpenSSL\u0027BN_mod_exp\u0027 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=58935"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201701-37] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201701-37"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201701-36] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201701-36"
      },
      {
        "title": "Red Hat: CVE-2015-3193",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3193"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2830-1"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151204-openssl"
      },
      {
        "title": "Symantec Security Advisories: SA105 : OpenSSL Vulnerabilities 3-Dec-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a924415f718a299b2d1e8046890941f3"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=525e4e31765e47b9e53b24e880af9d6e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "bignum-fuzz",
        "trust": 0.1,
        "url": "https://github.com/hannob/bignum-fuzz "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3193 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2017-3732 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2017-3738 "
      },
      {
        "title": "fuzzing-stuff",
        "trust": 0.1,
        "url": "https://github.com/alphaseclab/fuzzing-stuff "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/aravindb26/new.txt "
      },
      {
        "title": "afl-cve",
        "trust": 0.1,
        "url": "https://github.com/mrash/afl-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3193"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2830-1"
      },
      {
        "trust": 1.7,
        "url": "https://blog.fuzzing-project.org/31-fuzzing-math-miscalculations-in-openssls-bn_mod_exp-cve-2015-3193.html"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288317"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40100"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.7,
        "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151204-openssl"
      },
      {
        "trust": 1.7,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
      },
      {
        "trust": 1.7,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.539966"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "https://kb.isc.org/article/aa-01438"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05398322"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1034294"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/78705"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=d73cc256c8e256c32ed959456101b73ba9842f72"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1106811"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4325/"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05398322"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.3,
        "url": "https://kb.netapp.com/support/index?page=content\u0026id=9010051\u0026actp=rss"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2016/oct/msg00005.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10203"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099426"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021091"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21979528"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21979761"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974168"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980969"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982172"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982608"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982877"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982883"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983532"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982347"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1794"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0701"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3738"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3736"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/hannob/bignum-fuzz"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42528"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2830-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2086"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8027"
      },
      {
        "trust": 0.1,
        "url": "https://developer.apple.com/xcode/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6764"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1669"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.16"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.32"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3193"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://openssl.org/news/secadv_20151203.txt"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1794"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20161110.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20170126.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3730"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20171207.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3737"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20180327.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0739"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0733"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3193"
      },
      {
        "db": "BID",
        "id": "78705"
      },
      {
        "db": "PACKETSTORM",
        "id": "139380"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "169650"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "169626"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3193"
      },
      {
        "db": "BID",
        "id": "78705"
      },
      {
        "db": "PACKETSTORM",
        "id": "139380"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "169650"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "169626"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3193"
      },
      {
        "date": "2015-12-03T00:00:00",
        "db": "BID",
        "id": "78705"
      },
      {
        "date": "2016-10-28T12:22:22",
        "db": "PACKETSTORM",
        "id": "139380"
      },
      {
        "date": "2015-12-07T16:36:58",
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "date": "2017-02-23T17:10:09",
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "date": "2015-12-16T20:20:47",
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "date": "2017-01-26T12:12:12",
        "db": "PACKETSTORM",
        "id": "169650"
      },
      {
        "date": "2017-12-07T12:12:12",
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "date": "2018-03-27T12:12:12",
        "db": "PACKETSTORM",
        "id": "169626"
      },
      {
        "date": "2015-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      },
      {
        "date": "2015-12-06T20:59:02.613000",
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3193"
      },
      {
        "date": "2017-12-19T22:37:00",
        "db": "BID",
        "id": "78705"
      },
      {
        "date": "2023-02-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      },
      {
        "date": "2023-02-13T00:47:51.587000",
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL \u2018 BN_mod_exp Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      }
    ],
    "trust": 0.6
  }
}

var-201201-0314
Vulnerability from variot

The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03360041

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03360041 Version: 1

HPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-06-26 Last Updated: 2012-06-26

Potential Security Impact: Remote unauthorized access, disclosure of information, data modification, Denial of Service (DoS), execution of arbitrary code

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code.

References: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS), CVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege Elevation), CVE-2012-2016 (Information disclosure), SSRT100336, SSRT100753, SSRT100669, SSRT100676, SSRT100695, SSRT100714, SSRT100760, SSRT100786, SSRT100787, SSRT100815, SSRT100840, SSRT100843, SSRT100869

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v7.1.1 running on Linux and Windows.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2012-2012 (AV:N/AC:L/Au:N/C:C/I:C/A:P) 9.7 CVE-2012-2013 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2012-2014 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 6.8 CVE-2012-2015 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 6.5 CVE-2012-2016 (AV:L/AC:M/Au:S/C:C/I:N/A:N) 4.4 CVE-2011-1944 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-2821 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-2834 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3379 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-4078 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-4415 (AV:L/AC:H/Au:N/C:N/I:N/A:P) 1.2 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4885 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2012-0027 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0036 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0057 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-1165 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided HP System Management Homepage v7.1.1 or subsequent to resolve the vulnerabilities. HP System Management Homepage v7.1.1 is available here:

HP System Management Homepage for Windows x64

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab 0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Windows x86

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7 c0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Linux (AMD64/EM64T)

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18 d373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Linux (x86)

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4006%257CswLang%253D8%257CswItem%253DMTX-9e 8a0188f97d48139dcb466509%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HISTORY Version:1 (rev.1) 26 June 2012 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Relevant releases/architectures:

RHEV Hypervisor for RHEL-5 - noarch

  1. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor.

A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029)

A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207)

A double free flaw was discovered in the policy checking code in OpenSSL. (CVE-2011-4619)

Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029, and Simon McVittie for reporting CVE-2012-0207. The security fixes included in this update address the following CVE numbers:

CVE-2006-1168 and CVE-2011-2716 (busybox issues)

CVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc issues)

CVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and CVE-2012-0028 (kernel issues)

CVE-2011-1526 (krb5 issue)

CVE-2011-4347 (kvm issue)

CVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2011-1944 (libxml2 issues)

CVE-2011-1749 (nfs-utils issue)

CVE-2011-4108 (openssl issue)

CVE-2011-0010 (sudo issue)

CVE-2011-1675 and CVE-2011-1677 (util-linux issues)

CVE-2010-0424 (vixie-cron issue)

This updated rhev-hypervisor5 package fixes various bugs. Bugs fixed (http://bugzilla.redhat.com/):

606191 - after upgrade , reboot can't shut off network successfully and back to firstboot menu again 627538 - System will not boot sometimes when using rhevm to do upgrade twice. 650179 - rhevm bridge came up instead of breth0 after fail to configure network 675325 - Changes to networking always clear the contents of resolv.conf 696875 - RHEVH bootup hanging in ovirt-early when doing LVM scanning 717535 - [RFE] No confirm message for ntp server setting 728895 - RHEV-H rpm should include a versions text file 732948 - CCISS: Auto install fail at creating physical volume. 734110 - rhevh - upgrade ovirt node fails due to nonexistent breth0 734480 - [RFE] Add virt-who package to RHEVH 734710 - Register RHN satellite will fail if RHN satellite password include space. 740127 - Provide our CPE name in a new system file 743938 - Make rhev-hypervisor RPM multi-installable like the kernel 747519 - RHEV-H 5.8 register to RHN will fail. 747647 - Change rhev-hypervisor RPM to be rhev-hypervisor5 to allow coinstallations with rhev-hypervisor6 756178 - remove redundant brcm-iscsi.log rotation from ovirt-node now that it is in iscsi-initiator-utils 758465 - RHEV-H 5.8 register to RHN will fail if password contains quotes or spaces 759462 - Can not retrieve running guests UUID in RHEVH node. 759632 - virt-who debugging output going to stderr always 759635 - Revert workaround of virt-who output 761357 - Multipathd service is stopped by default cause change password failed in single mode. 768256 - network layout is incorrect when configure network with nic up 771771 - CVE-2011-4109 openssl: double-free in policy checks 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771780 - CVE-2011-4619 openssl: SGC restart DoS attack 772075 - CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow 772867 - CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries 783625 - The setup command should only allow password setting and viewing logs in single mode. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-12

                                        http://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 06, 2012 Bugs: #397695, #399365 ID: 201203-12

Synopsis

Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to cause a Denial of Service or obtain sensitive information.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.0g *>= 0.9.8t >= 1.0.0g

Description

Multiple vulnerabilities have been found in OpenSSL:

  • Timing differences for decryption are exposed by CBC mode encryption in OpenSSL's implementation of DTLS (CVE-2011-4108).
  • A policy check failure can result in a double-free error when X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109).
  • Assertion errors can occur during the handling of malformed X.509 certificates when OpenSSL is built with RFC 3779 support (CVE-2011-4577).
  • Invalid parameters in the GOST block cipher are not properly handled by the GOST ENGINE(CVE-2012-0027).
  • An incorrect fix for CVE-2011-4108 creates an unspecified vulnerability for DTLS applications using OpenSSL (CVE-2012-0050).

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0g"

References

[ 1 ] CVE-2011-4108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108 [ 2 ] CVE-2011-4109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109 [ 3 ] CVE-2011-4576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576 [ 4 ] CVE-2011-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577 [ 5 ] CVE-2011-4619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619 [ 6 ] CVE-2012-0027 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027 [ 7 ] CVE-2012-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201203-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 .

Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code.

Warning: Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files).

All users of JBoss Enterprise Web Server 1.0.2 for Solaris and Microsoft Windows as provided from the Red Hat Customer Portal are advised to apply this update. Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2012:0059-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0059.html Issue date: 2012-01-24 CVE Names: CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)

An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)

A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially-crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4619)

All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

  1. Bugs fixed (http://bugzilla.redhat.com/):

771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771778 - CVE-2011-4577 openssl: malformed RFC 3779 data can cause assertion failures 771780 - CVE-2011-4619 openssl: SGC restart DoS attack

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm

x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm

x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm

ppc64: openssl-1.0.0-20.el6_2.1.ppc.rpm openssl-1.0.0-20.el6_2.1.ppc64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-devel-1.0.0-20.el6_2.1.ppc.rpm openssl-devel-1.0.0-20.el6_2.1.ppc64.rpm

s390x: openssl-1.0.0-20.el6_2.1.s390.rpm openssl-1.0.0-20.el6_2.1.s390x.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-devel-1.0.0-20.el6_2.1.s390.rpm openssl-devel-1.0.0-20.el6_2.1.s390x.rpm

x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm

ppc64: openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-perl-1.0.0-20.el6_2.1.ppc64.rpm openssl-static-1.0.0-20.el6_2.1.ppc64.rpm

s390x: openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-perl-1.0.0-20.el6_2.1.s390x.rpm openssl-static-1.0.0-20.el6_2.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm

x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm

x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2011-4108.html https://www.redhat.com/security/data/cve/CVE-2011-4576.html https://www.redhat.com/security/data/cve/CVE-2011-4577.html https://www.redhat.com/security/data/cve/CVE-2011-4619.html https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPHySOXlSAg2UNWIIRAlYpAKCQCY5k4gZ5VKOHZekEaWFHDNjGZwCZAdR3 CJl5iUxU4cxJLOsSBESSRVs= =PMiS -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.

CVE-2011-4109 A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check.

CVE-2011-4354 On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server.

For the oldstable distribution (lenny), these problems have been fixed in version 0.9.8g-15+lenny15.

For the stable distribution (squeeze), these problems have been fixed in version 0.9.8o-4squeeze5.

For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1.0.0f-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The verification of md5 checksums and GPG signatures is performed automatically for you

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0314",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "efi",
        "version": null
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.32"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16.2"
      },
      {
        "model": "aura system platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "hardware management console 7r7.7.0",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux enterprise sdk sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.41"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.1"
      },
      {
        "model": "big-ip webaccelerator hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "aura system manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "hardware management console 7r7.2.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "hardware management console 7r7.1.0 sp4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "8.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "junos space ja1500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip asm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "proactive contact",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "voice portal",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.3"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "junos space ja2500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411.2"
      },
      {
        "model": "linux enterprise server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "reflection sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "aura communication manager sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.0.52"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip webaccelerator hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "8.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "xiv storage system gen3 mtm 11.1.0.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-114"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.44"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "hardware management console 7r7.1.0 sp3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "junos space 14.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "8.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "tivoli network manager fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "pfsense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.1"
      },
      {
        "model": "big-ip ltm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "junos space 13.1p1.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.2"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "reflection for ibm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20070"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "hardware management console 7r7.3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.3"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "big-ip ltm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "messaging storage server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.14"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "linux enterprise server sp3 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.01"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "voice portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "enterprise linux desktop version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.50"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.55"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56001"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "big-ip psm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.00"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.1.2"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411.1.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4"
      },
      {
        "model": "meeting exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "jboss enterprise web server for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "1.0.2"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411.2"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "tivoli remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "big-ip edge gateway hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "message networking sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux enterprise server for vmware sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "infosphere balanced warehouse d5100",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "hardware management console 7r7.2.0 sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.7"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip wom hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "messaging storage server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip analytics 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip afm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.2"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "onboard administrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.56"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.12"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.1"
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "xiv storage system gen3 mtm 11.0.1.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-114"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "fiery print controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "efi",
        "version": "2.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "docucolor dc260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "docucolor dc242",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "linux enterprise server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.13"
      },
      {
        "model": "aura sip enablement services sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "reflection for ibm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20080"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.5.0.15"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.1"
      },
      {
        "model": "7.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.9"
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "pfsense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.3"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.4"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411.1.1"
      },
      {
        "model": "reflection sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.1"
      },
      {
        "model": "big-ip psm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aura application server sip core pb26",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "xiv storage system gen3 mtm 11.1.0.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-114"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411"
      },
      {
        "model": "sterling connect:direct",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.61"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "enterprise virtualization hypervisor for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "60"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "linux enterprise sdk sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56002"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "76000"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "junos space r1.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.40"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.00"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux enterprise desktop sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "reflection for unix and openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20080"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0"
      },
      {
        "model": "enterprise virtualization hypervisor for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "50"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "tivoli network manager fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9"
      },
      {
        "model": "jboss enterprise web server for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "1.0.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77100"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "hardware management console 7r7.1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm 11.0.1.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-114"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip analytics hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77000"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16.3"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "docucolor dc252",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "ds8870",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "linux enterprise desktop sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip pem hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "aura conferencing standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "hardware management console 7r7.2.0 sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "pfsense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "message networking",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.5"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4619"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8r",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.0e",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4619"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nadhem Alfardan and Kenny Paterson, Information Security Group at Royal Holloway, University of London, Ben Laurie, Adam Langley, Andrew Chi, BBN Technologies and Andrey Kulikov",
    "sources": [
      {
        "db": "BID",
        "id": "51281"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-4619",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2011-4619",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-4619",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2011-4619",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2011-4619"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4619"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03360041\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03360041\nVersion: 1\n\nHPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on\nLinux and Windows, Remote Unauthorized Access, Disclosure of Information,\nData Modification, Denial of Service (DoS), Execution of Arbitrary Code\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2012-06-26\nLast Updated: 2012-06-26\n\nPotential Security Impact: Remote unauthorized access, disclosure of\ninformation, data modification, Denial of Service (DoS), execution of\narbitrary code\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) running on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in unauthorized access, disclosure of\ninformation, data modification, Denial of Service (DoS), and execution of\narbitrary code. \n\nReferences: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379,\nCVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317,\nCVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885,\nCVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053,\nCVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823,\nCVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS),\nCVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege\nElevation),\nCVE-2012-2016 (Information disclosure),\nSSRT100336, SSRT100753, SSRT100669, SSRT100676,\nSSRT100695, SSRT100714, SSRT100760, SSRT100786,\nSSRT100787, SSRT100815, SSRT100840, SSRT100843, SSRT100869\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) before v7.1.1 running on Linux and\nWindows. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2012-2012    (AV:N/AC:L/Au:N/C:C/I:C/A:P)       9.7\nCVE-2012-2013    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2012-2014    (AV:N/AC:M/Au:S/C:N/I:N/A:N)       6.8\nCVE-2012-2015    (AV:N/AC:M/Au:S/C:P/I:N/A:N)       6.5\nCVE-2012-2016    (AV:L/AC:M/Au:S/C:C/I:N/A:N)       4.4\nCVE-2011-1944    (AV:N/AC:M/Au:N/C:C/I:C/A:C)       9.3\nCVE-2011-2821    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2011-2834    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2011-3379    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2011-3607    (AV:L/AC:M/Au:N/C:P/I:P/A:P)       4.4\nCVE-2011-4078    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2011-4108    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2011-4153    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2011-4317    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2011-4415    (AV:L/AC:H/Au:N/C:N/I:N/A:P)       1.2\nCVE-2011-4576    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\nCVE-2011-4577    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2011-4619    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2011-4885    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2012-0021    (AV:N/AC:H/Au:N/C:N/I:N/A:P)       2.6\nCVE-2012-0027    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2012-0031    (AV:L/AC:L/Au:N/C:P/I:P/A:P)       4.6\nCVE-2012-0036    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2012-0053    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2012-0057    (AV:N/AC:L/Au:N/C:P/I:P/A:N)       6.4\nCVE-2012-0830    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2012-1165    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2012-1823    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided HP System Management Homepage v7.1.1 or subsequent to resolve\nthe vulnerabilities. HP System Management Homepage v7.1.1 is available here:\n\nHP System Management Homepage for Windows x64\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab\n0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Windows x86\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7\nc0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (AMD64/EM64T)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18\nd373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (x86)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4006%257CswLang%253D8%257CswItem%253DMTX-9e\n8a0188f97d48139dcb466509%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHISTORY\nVersion:1 (rev.1) 26 June 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. Relevant releases/architectures:\n\nRHEV Hypervisor for RHEL-5 - noarch\n\n3. The Red Hat Enterprise Virtualization\nHypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. \n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nA divide-by-zero flaw was found in the Linux kernel\u0027s igmp_heard_query()\nfunction. An attacker able to send certain IGMP (Internet Group Management\nProtocol) packets to a target system could use this flaw to cause a denial\nof service. (CVE-2012-0207)\n\nA double free flaw was discovered in the policy checking code in OpenSSL. \n(CVE-2011-4619)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029,\nand Simon McVittie for reporting CVE-2012-0207. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2006-1168 and CVE-2011-2716 (busybox issues)\n\nCVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc\nissues)\n\nCVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and\nCVE-2012-0028 (kernel issues)\n\nCVE-2011-1526 (krb5 issue)\n\nCVE-2011-4347 (kvm issue)\n\nCVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919\nand CVE-2011-1944 (libxml2 issues)\n\nCVE-2011-1749 (nfs-utils issue)\n\nCVE-2011-4108 (openssl issue)\n\nCVE-2011-0010 (sudo issue)\n\nCVE-2011-1675 and CVE-2011-1677 (util-linux issues)\n\nCVE-2010-0424 (vixie-cron issue)\n\nThis updated rhev-hypervisor5 package fixes various bugs. Bugs fixed (http://bugzilla.redhat.com/):\n\n606191 - after upgrade , reboot can\u0027t shut off network successfully and back to firstboot menu again\n627538 - System will not boot sometimes when using rhevm to do upgrade twice. \n650179 - rhevm bridge came up instead of breth0 after fail to configure network\n675325 - Changes to networking always clear the contents of resolv.conf\n696875 - RHEVH bootup hanging in ovirt-early when doing LVM scanning\n717535 - [RFE] No confirm message for ntp server setting\n728895 - RHEV-H rpm should include a versions text file\n732948 - CCISS: Auto install fail at creating physical volume. \n734110 - rhevh - upgrade ovirt node fails due to nonexistent breth0\n734480 - [RFE] Add virt-who package to RHEVH\n734710 - Register RHN satellite will fail if RHN satellite password include space. \n740127 - Provide our CPE name in a new system file\n743938 - Make rhev-hypervisor RPM multi-installable like the kernel\n747519 - RHEV-H 5.8 register to RHN will fail. \n747647 - Change rhev-hypervisor RPM to be rhev-hypervisor5 to allow coinstallations with rhev-hypervisor6\n756178 - remove redundant brcm-iscsi.log rotation from ovirt-node now that it is in iscsi-initiator-utils\n758465 - RHEV-H 5.8 register to RHN will fail if password contains quotes or spaces\n759462 - Can not retrieve running guests UUID in RHEVH node. \n759632 - virt-who debugging output going to stderr always\n759635 - Revert workaround of virt-who output\n761357 - Multipathd service is stopped by default cause change password failed in single mode. \n768256 - network layout is incorrect when configure network with  nic up\n771771 - CVE-2011-4109 openssl: double-free in policy checks\n771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding\n771780 - CVE-2011-4619 openssl: SGC restart DoS attack\n772075 - CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow\n772867 - CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries\n783625 - The setup command should only allow password setting and viewing logs in single mode. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201203-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: March 06, 2012\n     Bugs: #397695, #399365\n       ID: 201203-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, allowing remote\nattackers to cause a Denial of Service or obtain sensitive information. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.0g                 *\u003e= 0.9.8t\n                                                            \u003e= 1.0.0g\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL:\n\n* Timing differences for decryption are exposed by CBC mode encryption\n  in OpenSSL\u0027s implementation of DTLS (CVE-2011-4108). \n* A policy check failure can result in a double-free error when\n  X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109). \n* Assertion errors can occur during the handling of malformed X.509\n  certificates when OpenSSL is built with RFC 3779 support\n  (CVE-2011-4577). \n* Invalid parameters in the GOST block cipher are not properly handled\n  by the GOST ENGINE(CVE-2012-0027). \n* An incorrect fix for CVE-2011-4108 creates an unspecified\n  vulnerability for DTLS applications using OpenSSL (CVE-2012-0050). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0g\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-4108\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108\n[ 2 ] CVE-2011-4109\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109\n[ 3 ] CVE-2011-4576\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576\n[ 4 ] CVE-2011-4577\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577\n[ 5 ] CVE-2011-4619\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619\n[ 6 ] CVE-2012-0027\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027\n[ 7 ] CVE-2012-0050\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-12.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\nfrom BIO (OpenSSL\u0027s I/O abstraction) inputs. Specially-crafted DER\n(Distinguished Encoding Rules) encoded data read from a file or other BIO\ninput could cause an application using the OpenSSL library to crash or,\npotentially, execute arbitrary code. \n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles). \n\nAll users of JBoss Enterprise Web Server 1.0.2 for Solaris and Microsoft\nWindows as provided from the Red Hat Customer Portal are advised to apply\nthis update. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2012:0059-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2012-0059.html\nIssue date:        2012-01-24\nCVE Names:         CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 \n                   CVE-2011-4619 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use this\nflaw to retrieve plain text from the encrypted packets by using a DTLS\nserver as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection. \n(CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application using\nOpenSSL exit unexpectedly by providing a specially-crafted X.509\ncertificate that has malformed RFC 3779 extension data. \n(CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack\n771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding\n771778 - CVE-2011-4577 openssl: malformed RFC 3779 data can cause assertion failures\n771780 - CVE-2011-4619 openssl: SGC restart DoS attack\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\n\nppc64:\nopenssl-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-devel-1.0.0-20.el6_2.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.0-20.el6_2.1.s390.rpm\nopenssl-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-devel-1.0.0-20.el6_2.1.s390.rpm\nopenssl-devel-1.0.0-20.el6_2.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-static-1.0.0-20.el6_2.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-perl-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-static-1.0.0-20.el6_2.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-4108.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4576.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4577.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4619.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPHySOXlSAg2UNWIIRAlYpAKCQCY5k4gZ5VKOHZekEaWFHDNjGZwCZAdR3\nCJl5iUxU4cxJLOsSBESSRVs=\n=PMiS\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n.  The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:\n\nCVE-2011-4108\n\tThe DTLS implementation performs a MAC check only if certain\n\tpadding is valid, which makes it easier for remote attackers\n\tto recover plaintext via a padding oracle attack. \n\nCVE-2011-4109 \n\tA double free vulnerability when X509_V_FLAG_POLICY_CHECK is\n\tenabled, allows remote attackers to cause applications crashes\n\tand potentially allow execution of arbitrary code by\n\ttriggering failure of a policy check. \n\nCVE-2011-4354\n\tOn 32-bit systems, the operations on NIST elliptic curves\n\tP-256 and P-384 are not correctly implemented, potentially\n\tleaking the private ECC key of a TLS server. \n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.9.8g-15+lenny15. \n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.9.8o-4squeeze5. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.0.0f-1. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n.  The verification\n of md5 checksums and GPG signatures is performed automatically for you",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4619"
      },
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4619"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "116825"
      },
      {
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "db": "PACKETSTORM",
        "id": "108700"
      },
      {
        "db": "PACKETSTORM",
        "id": "113582"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#737740",
        "trust": 2.2
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4619",
        "trust": 2.2
      },
      {
        "db": "SECUNIA",
        "id": "48528",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57353",
        "trust": 1.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10659",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "51281",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4619",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "114272",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "110012",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "110482",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116825",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "108700",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "113582",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "108735",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4619"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "116825"
      },
      {
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "db": "PACKETSTORM",
        "id": "108700"
      },
      {
        "db": "PACKETSTORM",
        "id": "113582"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4619"
      }
    ]
  },
  "id": "VAR-201201-0314",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44401007833333334
  },
  "last_update_date": "2024-07-23T19:33:28.448000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120086 - security advisory"
      },
      {
        "title": "Red Hat: Important: rhev-hypervisor6 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120109 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120060 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120059 - security advisory"
      },
      {
        "title": "Debian CVElist Bug Report Logs: CVE-2011-4354: OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ea25fd33228ddfe870d0eb9177265369"
      },
      {
        "title": "Debian Security Advisories: DSA-2390-1 openssl -- several vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e583d2cd94d02b09eb008edba3c25e28"
      },
      {
        "title": "Debian CVElist Bug Report Logs: Potential DTLS crasher bug",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=42b9da1ce27bbcacbdb9142890b6ad6b"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2012-038",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2012-038"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1357-1"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/hrbrmstr/internetdb "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2011-4619"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4619"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "http://www.openssl.org/news/secadv_20120104.txt"
      },
      {
        "trust": 1.5,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-1306.html"
      },
      {
        "trust": 1.5,
        "url": "http://www.kb.cert.org/vuls/id/737740"
      },
      {
        "trust": 1.4,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041"
      },
      {
        "trust": 1.4,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
      },
      {
        "trust": 1.4,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-1307.html"
      },
      {
        "trust": 1.4,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-1308.html"
      },
      {
        "trust": 1.4,
        "url": "http://support.apple.com/kb/ht5784"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564"
      },
      {
        "trust": 1.1,
        "url": "http://w3.efi.com/fiery"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:006"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:007"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/48528"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2012/dsa-2390"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2013/jun/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-november/092905.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57353"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
      },
      {
        "trust": 0.8,
        "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64"
      },
      {
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4109"
      },
      {
        "trust": 0.3,
        "url": "http://www.attachmate.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg400001530"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg400001529"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us"
      },
      {
        "trust": 0.3,
        "url": "https://www14.software.ibm.com/webapp/iwm/web/prelogin.do?source=aixbp"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100157565"
      },
      {
        "trust": 0.3,
        "url": "http://blog.pfsense.org/?p=676"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21637929"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/1708.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2502.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631429"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626257"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651196"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100156631"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100156392"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100157969"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100161892"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100161590"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643698"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912"
      },
      {
        "trust": 0.3,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03383940"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638022"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/support/docview.wss?uid=swg21619837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631322"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001560"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24030251"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033501"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004323"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643442"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651176"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21627934"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21633107"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635888"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638669"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638670"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643439"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643437"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15314.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15388.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15389.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15395.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15460.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15461.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643316"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100158312"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100150578"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100156392"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "http://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4619.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4576.html"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165"
      },
      {
        "trust": 0.2,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.2,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.2,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/kb/docs/doc-11259"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4109.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0050"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0884"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4108.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2012:0086"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/1357-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2016"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4078"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2014"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4415"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2012"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-0168.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-0029.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0029"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-0207.html"
      },
      {
        "trust": 0.1,
        "url": "https://docs.redhat.com/docs/en-us/red_hat_enterprise_virtualization_for_servers/2.2/html/technical_notes/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0207"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4577"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4576"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0027"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4619"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0050"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201203-12.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4109"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4108"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2333"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-2333.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-2110.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=1.0.2"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-0884.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-1165.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4577.html"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-0059.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4354"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1473"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-e41b71e6cfbe471dbd029deaab"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1583"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3192"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2691"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0027"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4108"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4576"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4619"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4109"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4619"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "116825"
      },
      {
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "db": "PACKETSTORM",
        "id": "108700"
      },
      {
        "db": "PACKETSTORM",
        "id": "113582"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4619"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4619"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "116825"
      },
      {
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "db": "PACKETSTORM",
        "id": "108700"
      },
      {
        "db": "PACKETSTORM",
        "id": "113582"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4619"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-03-18T00:00:00",
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "date": "2012-01-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-4619"
      },
      {
        "date": "2012-01-05T00:00:00",
        "db": "BID",
        "id": "51281"
      },
      {
        "date": "2012-06-28T03:39:12",
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "date": "2012-02-21T15:34:06",
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "date": "2012-03-06T23:57:33",
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "date": "2012-09-25T00:15:29",
        "db": "PACKETSTORM",
        "id": "116825"
      },
      {
        "date": "2012-01-24T23:58:58",
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "date": "2012-01-16T02:59:37",
        "db": "PACKETSTORM",
        "id": "108700"
      },
      {
        "date": "2012-06-12T22:49:22",
        "db": "PACKETSTORM",
        "id": "113582"
      },
      {
        "date": "2012-01-17T01:20:23",
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "date": "2012-01-06T01:55:01.003000",
        "db": "NVD",
        "id": "CVE-2011-4619"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-05-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "date": "2016-08-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-4619"
      },
      {
        "date": "2015-04-13T21:31:00",
        "db": "BID",
        "id": "51281"
      },
      {
        "date": "2016-08-23T02:04:40.557000",
        "db": "NVD",
        "id": "CVE-2011-4619"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "db": "PACKETSTORM",
        "id": "108700"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      }
    ],
    "trust": 0.4
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "51281"
      }
    ],
    "trust": 0.3
  }
}

var-201811-0912
Vulnerability from variot

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. An information disclosure vulnerability exists in OpenSSL. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components.

Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 ( Security fix ) patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz

Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz

Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 packages: e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz

Slackware 14.2 packages: d5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz 594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz

Slackware x86_64 14.2 packages: 943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz 0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz

Slackware -current packages: 6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz 6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz

Slackware x86_64 -current packages: eb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz 12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Solution:

For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html

  1. Description:

This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements.

Security Fix(es):

  • openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):

1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2019:0483-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0483 Issue date: 2019-03-12 CVE Names: CVE-2018-5407 ==================================================================== 1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Perform the RSA signature self-tests with SHA-256 (BZ#1673914)

  • Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.2k-16.el7_6.1.src.rpm

x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.2k-16.el7_6.1.src.rpm

x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.2k-16.el7_6.1.src.rpm

ppc64: openssl-1.0.2k-16.el7_6.1.ppc64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64.rpm

ppc64le: openssl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm

s390x: openssl-1.0.2k-16.el7_6.1.s390x.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-devel-1.0.2k-16.el7_6.1.s390.rpm openssl-devel-1.0.2k-16.el7_6.1.s390x.rpm openssl-libs-1.0.2k-16.el7_6.1.s390.rpm openssl-libs-1.0.2k-16.el7_6.1.s390x.rpm

x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source: openssl-1.0.2k-16.el7_6.1.src.rpm

aarch64: openssl-1.0.2k-16.el7_6.1.aarch64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm openssl-devel-1.0.2k-16.el7_6.1.aarch64.rpm openssl-libs-1.0.2k-16.el7_6.1.aarch64.rpm

ppc64le: openssl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm

s390x: openssl-1.0.2k-16.el7_6.1.s390x.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-devel-1.0.2k-16.el7_6.1.s390.rpm openssl-devel-1.0.2k-16.el7_6.1.s390x.rpm openssl-libs-1.0.2k-16.el7_6.1.s390.rpm openssl-libs-1.0.2k-16.el7_6.1.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64.rpm openssl-static-1.0.2k-16.el7_6.1.ppc.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm

s390x: openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-perl-1.0.2k-16.el7_6.1.s390x.rpm openssl-static-1.0.2k-16.el7_6.1.s390.rpm openssl-static-1.0.2k-16.el7_6.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64: openssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm openssl-perl-1.0.2k-16.el7_6.1.aarch64.rpm openssl-static-1.0.2k-16.el7_6.1.aarch64.rpm

ppc64le: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm

s390x: openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-perl-1.0.2k-16.el7_6.1.s390x.rpm openssl-static-1.0.2k-16.el7_6.1.s390.rpm openssl-static-1.0.2k-16.el7_6.1.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.2k-16.el7_6.1.src.rpm

x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2018-5407 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXIj7zdzjgjWX9erEAQiieQ//TzEytTXxxzNqnsMz3yxbDgb1jni0dPYx 6If80sSKu32kPgoTUgTcoJ27jUIpupYHJj3ml1zhF0zTqMAd2fYXkl2/0HSzbX6z w7FKXiRuzoA8JNG+bbqNjLhwsJBP4Avqfi/S9Z/s/0v93ep54Aqo9pmxfZYJuUMQ GncD2JcidZXLm1sky4PFl59D94szXdRkkzS3xxYcp37dyAUxwqOyzDPwbDA4q3CO 4+TBL1hevmm5FSJjp/Bux70iEXubT+aGRM7Ab1Qex1h6rZjOfEgZabLOAJL9feGT mXPnML6DW96C4W9urZJZZcYJcZ34MfeH7TjaFKjfKeDIlb0fzdGuDqsrUXi95GjF atGtjkXsu5n2Nh3QQNvTRs5N+0w1PSp5VMlrQbeizE0FQVH60z6EUUGlcKEQglof Gs+pRtn7e9R/ncCNOrGAW0QbkmCGge3cg/kYlrJTt5dvQH1oSuG49ZqowG5It4vT kzIIDIhxrQrHE23eV7O1g48nV8/rPIZI6W2UuYs4sgQuWAtHx1gncWGXwiWRNtn1 38Iqnd+UBpxwBgb+fYYwZ54SOpLXGeUa1pR+ZV2+ToEmGM1yHQ+DMVKhRlAojKYa qwSvm7HPdu7ceUkW3HTOwU8llXOGmXJ0UIr+reqIJBemRg/24NeHZ20a9qMeybEX t5ytPgxAFC4=jvvo -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

For the stable distribution (stretch), these problems have been fixed in version 1.1.0j-1~deb9u1.

For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8 TjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6 Udto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj 45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ VXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2 Dwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx /qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn q+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/ u8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM 9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT 7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61 P2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji -----END PGP SIGNATURE----- . Description:

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. 7) - noarch

  1. Description:

OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

Security Fix(es):

  • edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731)

  • edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732)

  • edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733)

  • edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734)

  • edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735)

  • edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613)

  • openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)

  • edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181)

  • edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160)

  • edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):

1641433 - CVE-2018-3613 edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users 1641442 - CVE-2017-5731 edk2: Privilege escalation via processing of malformed files in TianoCompress.c 1641446 - CVE-2017-5732 edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c 1641450 - CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function 1641458 - CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function 1641465 - CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1686783 - CVE-2018-12181 edk2: Stack buffer overflow with corrupted BMP 1691640 - CVE-2019-0160 edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media 1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service

6. OpenSSL Security Advisory [12 November 2018]

Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)

Severity: Low

OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key.

This issue does not impact OpenSSL 1.1.1 and is already fixed in the latest version of OpenSSL 1.1.0 (1.1.0i). OpenSSL 1.0.2 is affected but due to the low severity of this issue we are not creating a new release at this time. The 1.0.2 mitigation for this issue can be found in commit b18162a7c.

OpenSSL 1.1.0 users should upgrade to 1.1.0i.

This issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri.

Note

OpenSSL 1.1.0 is currently only receiving security updates. Support for this version will end on 11th September 2019. Users of this version should upgrade to OpenSSL 1.1.1.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20181112.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0912",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.0.1"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.3.3"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.0.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.8"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2q"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.7"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.12.3"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.0.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.14.4"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.0.5.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "tuxedo",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.1.0.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.2"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.10"
      },
      {
        "model": "nessus",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "8.1.1"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.0.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.57"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.2.0.0.0"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.1.2"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.9.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "0.9.8"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.12.4"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.11.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.0.0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3.0.0.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0i"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.56"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.9.0",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.11.4",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.14.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.2q",
                "versionStartIncluding": "1.0.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.0i",
                "versionStartIncluding": "1.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "17.12",
                "versionStartIncluding": "17.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.12.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "3.12.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "152240"
      },
      {
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "db": "PACKETSTORM",
        "id": "152071"
      },
      {
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "db": "PACKETSTORM",
        "id": "153887"
      },
      {
        "db": "PACKETSTORM",
        "id": "152241"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2018-5407",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-135438",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2018-5407",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "LOW",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.0,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-5407",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-135438",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-5407",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5407"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. An information disclosure vulnerability exists in OpenSSL. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.2q-i586-1_slack14.2.txz:  Upgraded. \n  For more information, see:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\ne6d4b3a76383f9f253da4128ba23f269  openssl-1.0.1u-i486-1_slack14.0.txz\nc61d31a1751ae39af89d3fee0b54f0d8  openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n96be19e6a96c9beb5d3bbc55348fb483  openssl-1.0.1u-x86_64-1_slack14.0.txz\nb7a8fa2ebd16c8ae106fc1267bc29eca  openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n099b960e62eaea5d1a639a61a2fabca7  openssl-1.0.1u-i486-1_slack14.1.txz\nb5d5219e05db97f63c4d6c389d6884fb  openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nfc96c87d76c9d1efd1290ac847fa7c7c  openssl-1.0.1u-x86_64-1_slack14.1.txz\ne873b66f84f45ea34d028a3d524ce573  openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nSlackware 14.2 packages:\nd5f0cc19451e9c7e3967820cf02a20c6  openssl-1.0.2q-i586-1_slack14.2.txz\n594ca80447baecd608a51083b12a26d9  openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n943bb2f3259ccf97a1b8b25f5f511c30  openssl-1.0.2q-x86_64-1_slack14.2.txz\n0d45afe2487c47b283c06902c56e4559  openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n6f01f6dd0f40a12e473320386cfc8536  a/openssl-solibs-1.1.1a-i586-1.txz\n6e5a2ab2475a0d851376d12911b3c6b7  n/openssl-1.1.1a-i586-1.txz\n\nSlackware x86_64 -current packages:\neb4697703f1f4b81ad38e9247ab70dac  a/openssl-solibs-1.1.1a-x86_64-1.txz\n12a10fd6bd2344b3e73106c8d5b9828c  n/openssl-1.1.1a-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. \n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in\ncrypto/rsa/rsa_gen.c allows attackers to recover private keys\n(CVE-2018-0737) * openssl: timing side channel attack in the DSA signature\nalgorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to\nrace condition (CVE-2019-0217) * openssl: Side-channel vulnerability on\nSMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) *\nmod_session_cookie does not respect expiry time (CVE-2018-17199) *\nmod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) *\nmod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2:\nread-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2:\nlarge amount of data request leads to denial of service (CVE-2019-9511) *\nnghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive\nresource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers\nleads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for\nlarge response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. After installing the updated\npackages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys\n1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm\n1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)\n1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time\n1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies\n1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition\n1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare\n1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: openssl security and bug fix update\nAdvisory ID:       RHSA-2019:0483-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:0483\nIssue date:        2019-03-12\nCVE Names:         CVE-2018-5407\n====================================================================\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures\n(PortSmash) (CVE-2018-5407)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Perform the RSA signature self-tests with SHA-256 (BZ#1673914)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-static-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-static-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\nppc64:\nopenssl-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.ppc64.rpm\n\nppc64le:\nopenssl-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\naarch64:\nopenssl-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.aarch64.rpm\n\nppc64le:\nopenssl-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-static-1.0.2k-16.el7_6.1.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-static-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-static-1.0.2k-16.el7_6.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-static-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.aarch64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-static-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-static-1.0.2k-16.el7_6.1.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-static-1.0.2k-16.el7_6.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-5407\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXIj7zdzjgjWX9erEAQiieQ//TzEytTXxxzNqnsMz3yxbDgb1jni0dPYx\n6If80sSKu32kPgoTUgTcoJ27jUIpupYHJj3ml1zhF0zTqMAd2fYXkl2/0HSzbX6z\nw7FKXiRuzoA8JNG+bbqNjLhwsJBP4Avqfi/S9Z/s/0v93ep54Aqo9pmxfZYJuUMQ\nGncD2JcidZXLm1sky4PFl59D94szXdRkkzS3xxYcp37dyAUxwqOyzDPwbDA4q3CO\n4+TBL1hevmm5FSJjp/Bux70iEXubT+aGRM7Ab1Qex1h6rZjOfEgZabLOAJL9feGT\nmXPnML6DW96C4W9urZJZZcYJcZ34MfeH7TjaFKjfKeDIlb0fzdGuDqsrUXi95GjF\natGtjkXsu5n2Nh3QQNvTRs5N+0w1PSp5VMlrQbeizE0FQVH60z6EUUGlcKEQglof\nGs+pRtn7e9R/ncCNOrGAW0QbkmCGge3cg/kYlrJTt5dvQH1oSuG49ZqowG5It4vT\nkzIIDIhxrQrHE23eV7O1g48nV8/rPIZI6W2UuYs4sgQuWAtHx1gncWGXwiWRNtn1\n38Iqnd+UBpxwBgb+fYYwZ54SOpLXGeUa1pR+ZV2+ToEmGM1yHQ+DMVKhRlAojKYa\nqwSvm7HPdu7ceUkW3HTOwU8llXOGmXJ0UIr+reqIJBemRg/24NeHZ20a9qMeybEX\nt5ytPgxAFC4=jvvo\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.0j-1~deb9u1. \n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8\nTjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6\nUdto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj\n45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ\nVXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2\nDwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx\n/qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn\nq+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/\nu8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM\n9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT\n7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61\nP2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. 7) - noarch\n\n3. Description:\n\nOVMF (Open Virtual Machine Firmware) is a project to enable UEFI support\nfor Virtual Machines. This package contains a sample 64-bit UEFI firmware\nfor QEMU and KVM. \n\nSecurity Fix(es):\n\n* edk2: Privilege escalation via processing of malformed files in\nTianoCompress.c (CVE-2017-5731)\n\n* edk2: Privilege escalation via processing of malformed files in\nBaseUefiDecompressLib.c (CVE-2017-5732)\n\n* edk2: Privilege escalation via heap-based buffer overflow in MakeTable()\nfunction (CVE-2017-5733)\n\n* edk2: Privilege escalation via stack-based buffer overflow in MakeTable()\nfunction (CVE-2017-5734)\n\n* edk2: Privilege escalation via heap-based buffer overflow in Decode()\nfunction (CVE-2017-5735)\n\n* edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege\nescalation by authenticated users (CVE-2018-3613)\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures\n(PortSmash) (CVE-2018-5407)\n\n* edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181)\n\n* edk2: buffer overflows in PartitionDxe and UdfDxe with long file names\nand invalid UDF media (CVE-2019-0160)\n\n* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1641433 - CVE-2018-3613 edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users\n1641442 - CVE-2017-5731 edk2: Privilege escalation via processing of malformed files in TianoCompress.c\n1641446 - CVE-2017-5732 edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c\n1641450 - CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function\n1641458 - CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function\n1641465 - CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function\n1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)\n1686783 - CVE-2018-12181 edk2: Stack buffer overflow with corrupted BMP\n1691640 - CVE-2019-0160 edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media\n1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service\n\n6. OpenSSL Security Advisory [12 November 2018]\n============================================\n\nMicroarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)\n===================================================================================\n\nSeverity: Low\n\nOpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown\nto be vulnerable to a microarchitecture timing side channel attack. An attacker\nwith sufficient access to mount local timing attacks during ECDSA signature\ngeneration could recover the private key. \n\nThis issue does not impact OpenSSL 1.1.1 and is already fixed in the latest\nversion of OpenSSL 1.1.0 (1.1.0i). OpenSSL 1.0.2 is affected but due to the low\nseverity of this issue we are not creating a new release at this time. The 1.0.2\nmitigation for this issue can be found in commit b18162a7c. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0i. \n\nThis issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera\nAldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri. \n\nNote\n====\n\nOpenSSL 1.1.0 is currently only receiving security updates. Support for this\nversion will end on 11th September 2019. Users of this version should upgrade to\nOpenSSL 1.1.1. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20181112.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-5407"
      },
      {
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5407"
      },
      {
        "db": "PACKETSTORM",
        "id": "150437"
      },
      {
        "db": "PACKETSTORM",
        "id": "152240"
      },
      {
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "db": "PACKETSTORM",
        "id": "152071"
      },
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "db": "PACKETSTORM",
        "id": "153887"
      },
      {
        "db": "PACKETSTORM",
        "id": "152241"
      },
      {
        "db": "PACKETSTORM",
        "id": "169678"
      }
    ],
    "trust": 1.98
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-135438",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=45785",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-5407",
        "trust": 2.2
      },
      {
        "db": "TENABLE",
        "id": "TNS-2018-17",
        "trust": 1.2
      },
      {
        "db": "TENABLE",
        "id": "TNS-2018-16",
        "trust": 1.2
      },
      {
        "db": "BID",
        "id": "105897",
        "trust": 1.2
      },
      {
        "db": "EXPLOIT-DB",
        "id": "45785",
        "trust": 1.2
      },
      {
        "db": "PACKETSTORM",
        "id": "152241",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "152240",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "152071",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "155415",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "152084",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150138",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155413",
        "trust": 0.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-279",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-135438",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5407",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150437",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155414",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155417",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150561",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "153887",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169678",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5407"
      },
      {
        "db": "PACKETSTORM",
        "id": "150437"
      },
      {
        "db": "PACKETSTORM",
        "id": "152240"
      },
      {
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "db": "PACKETSTORM",
        "id": "152071"
      },
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "db": "PACKETSTORM",
        "id": "153887"
      },
      {
        "db": "PACKETSTORM",
        "id": "152241"
      },
      {
        "db": "PACKETSTORM",
        "id": "169678"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "id": "VAR-201811-0912",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-135438"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T20:03:27.882000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Red Hat: Moderate: openssl security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190483 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Ansible Tower 3.4.3",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190651 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193931 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193929 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Ansible Tower 3.3.5",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190652 - security advisory"
      },
      {
        "title": "Ubuntu Security Notice: openssl, openssl1.0 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3840-1"
      },
      {
        "title": "Red Hat: CVE-2018-5407",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-5407"
      },
      {
        "title": "HP: HPSBHF03597 rev. 3 - PortSmash Side-Channel Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbhf03597"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2018-5407"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201812-7] lib32-openssl-1.0: private key recovery",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201812-7"
      },
      {
        "title": "Red Hat: Moderate: ovmf security and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192125 - security advisory"
      },
      {
        "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBHF03597 rev. 3 - PortSmash Side-Channel Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=ffa91dec4581eb47b3539880d466865f"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2019-1188",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1188"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201812-8] openssl-1.0: private key recovery",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201812-8"
      },
      {
        "title": "Debian Security Advisories: DSA-4355-1 openssl1.0 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=7cc6b04edacd67d6e5bf27bd36f54217"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2019-1188",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1188"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193935 - security advisory"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by a an openssl vulnerability (CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=002162619f80b70121c9a8d365823283"
      },
      {
        "title": "IBM: IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a information disclosure (CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8aafdc7a03aa0793602eaa5ae3724cec"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193932 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193933 - security advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-4348-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=322bd50b7b929759e38c99b73122a852"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=78c4a4229b60aec60d80d95cb29a4147"
      },
      {
        "title": "IBM: IBM Security Bulletin: A vulnerability in OpenSSL affects PowerKVM",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e1dbc019531cd5742827de595730d1b0"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to OpenSSL vulnerability CVE-2018-5407",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e2e9722c1fb1c14c9f54120082381491"
      },
      {
        "title": "IBM: IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=49fff94fe759cd40f1f516a339f15743"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e4ca493bfda92c5355c98328872a84e5"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2018-0734, CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c36f1dd66164e22918d817553be91620"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2018-0734 and CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=fda6d001f041b9b0a29d906059d798b4"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM DataPower Gateway is affected by vulnerabilities in OpenSSL",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c7313d7a6ba5364a603c214269588feb"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0734, CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ddeebd7237369bd2318e4087834121a5"
      },
      {
        "title": "IBM: IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e59d7f075c856823d6f7370dea35e662"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2018-16"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Event Streams is affected by OpenSSL vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=efdce9b94f89918f3f2b2dfc69780ccd"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c829d56f5888779e791387897875c4b4"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2018-17"
      },
      {
        "title": "IBM: IBM Security Bulletin: BigFix Platform 9.2.x affected by multiple vulnerabilities (CVE-2017-1231, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3101664cb57ad9d937108c187df59ecf"
      },
      {
        "title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x affected by multiple vulnerabilities (CVE-2019-4013, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7dde8d528837d3c0eae28428fd6e703d"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private \u2013 Node.js",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2e571e7bc5566212c3e69e37ecfa5ad4"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2bd72b857f21f300d83d07a791be44cf"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=dce787e9d669a768893a91801bf5eea4"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=26f585287da19915b94b6cae2d1b864f"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=800337bc69aa7ad92ac88a2adcc7d426"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private \u2013 fluentd",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=60de0933c28b353f38df30120aa2a908"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Releases 1801-w and 1801-y",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=bf3f2299a8658b7cd3984c40e7060666"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=aea3fcafd82c179d3a5dfa015e920864"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Release 1801-v",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=413b5f9466c1ebf3ab090a45e189b43e"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u2019s dependencies \u2013 Cumulative list from June 28, 2018 to December 13, 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61"
      },
      {
        "title": "portsmash",
        "trust": 0.1,
        "url": "https://github.com/bbbrumley/portsmash "
      },
      {
        "title": "vyger",
        "trust": 0.1,
        "url": "https://github.com/mrodden/vyger "
      },
      {
        "title": "Firmware-Security",
        "trust": 0.1,
        "url": "https://github.com/virusbeee/firmware-security "
      },
      {
        "title": "Hardware-and-Firmware-Security-Guidance",
        "trust": 0.1,
        "url": "https://github.com/nsacyber/hardware-and-firmware-security-guidance "
      },
      {
        "title": "hardware-attacks-state-of-the-art",
        "trust": 0.1,
        "url": "https://github.com/codexlynx/hardware-attacks-state-of-the-art "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/portsmash-side-channel-attack-siphons-data-from-intel-other-cpus/138777/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-203",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/105897"
      },
      {
        "trust": 1.3,
        "url": "https://www.exploit-db.com/exploits/45785/"
      },
      {
        "trust": 1.3,
        "url": "https://github.com/bbbrumley/portsmash"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:0483"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:0651"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:0652"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:2125"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:3929"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:3932"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:3935"
      },
      {
        "trust": 1.3,
        "url": "https://usn.ubuntu.com/3840-1/"
      },
      {
        "trust": 1.2,
        "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
      },
      {
        "trust": 1.2,
        "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.tenable.com/security/tns-2018-16"
      },
      {
        "trust": 1.2,
        "url": "https://www.tenable.com/security/tns-2018-17"
      },
      {
        "trust": 1.2,
        "url": "https://www.debian.org/security/2018/dsa-4348"
      },
      {
        "trust": 1.2,
        "url": "https://www.debian.org/security/2018/dsa-4355"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201903-10"
      },
      {
        "trust": 1.2,
        "url": "https://eprint.iacr.org/2018/1060.pdf"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
      },
      {
        "trust": 1.2,
        "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2019:3931"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2019:3933"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/csp/article/k49711130?utm_source=f5support\u0026amp%3butm_medium=rss"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
      },
      {
        "trust": 0.7,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2018-5407"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.5,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
      },
      {
        "trust": 0.2,
        "url": "https://docs.ansible.com/ansible-tower/latest/html/release-notes/index.html"
      },
      {
        "trust": 0.2,
        "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9511"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9517"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-0737"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-17199"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9516"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9513"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0217"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0197"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-17189"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0196"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-0734"
      },
      {
        "trust": 0.1,
        "url": "https://support.f5.com/csp/article/k49711130?utm_source=f5support\u0026amp;amp;utm_medium=rss"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/203.html"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/portsmash-side-channel-attack-siphons-data-from-intel-other-cpus/138777/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59118"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0734"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5407"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3835"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0732"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/openssl"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0735"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10072"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10072"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1559"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1559"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5731"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3613"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5735"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12181"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-5734"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-12181"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0161"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-5731"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-5733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5732"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5734"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0160"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-5732"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-5735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5733"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-3613"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0161"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20181112.txt"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5407"
      },
      {
        "db": "PACKETSTORM",
        "id": "150437"
      },
      {
        "db": "PACKETSTORM",
        "id": "152240"
      },
      {
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "db": "PACKETSTORM",
        "id": "152071"
      },
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "db": "PACKETSTORM",
        "id": "153887"
      },
      {
        "db": "PACKETSTORM",
        "id": "152241"
      },
      {
        "db": "PACKETSTORM",
        "id": "169678"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5407"
      },
      {
        "db": "PACKETSTORM",
        "id": "150437"
      },
      {
        "db": "PACKETSTORM",
        "id": "152240"
      },
      {
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "db": "PACKETSTORM",
        "id": "152071"
      },
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "db": "PACKETSTORM",
        "id": "153887"
      },
      {
        "db": "PACKETSTORM",
        "id": "152241"
      },
      {
        "db": "PACKETSTORM",
        "id": "169678"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-11-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "date": "2018-11-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-5407"
      },
      {
        "date": "2018-11-22T23:23:23",
        "db": "PACKETSTORM",
        "id": "150437"
      },
      {
        "date": "2019-03-27T00:33:09",
        "db": "PACKETSTORM",
        "id": "152240"
      },
      {
        "date": "2019-11-20T23:02:22",
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "date": "2019-11-20T21:11:11",
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "date": "2019-03-13T14:25:37",
        "db": "PACKETSTORM",
        "id": "152071"
      },
      {
        "date": "2018-12-03T21:06:37",
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "date": "2019-11-20T20:44:44",
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "date": "2019-08-06T20:47:00",
        "db": "PACKETSTORM",
        "id": "153887"
      },
      {
        "date": "2019-03-27T00:35:38",
        "db": "PACKETSTORM",
        "id": "152241"
      },
      {
        "date": "2018-11-12T12:12:12",
        "db": "PACKETSTORM",
        "id": "169678"
      },
      {
        "date": "2018-11-15T21:29:00.233000",
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-5407"
      },
      {
        "date": "2023-11-07T02:58:42.920000",
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "169678"
      }
    ],
    "trust": 0.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Slackware Security Advisory - openssl Updates",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "150437"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155415"
      }
    ],
    "trust": 0.1
  }
}

var-200110-0349
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02824490 Version: 1

HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-05-05 Last Updated: 2011-05-05

Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications.

References: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html

CSWS_PHP V2.2 http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html

HISTORY Version:1 (rev.1) - 5 May 2011 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)

iEUEARECAAYFAk3C8qwACgkQ4B86/C0qfVnBqgCYtJgc2OLmG0JEGU4sCpzntC4E HACgjeWEt9Ja5qNdjhL5iwOp3JVtVic= =EvRT -----END PGP SIGNATURE----- . --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library.

Affected packages

-------------------------------------------------------------------
 Package           /  Vulnerable  /                     Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 0.9.8d >= 0.9.8d *>= 0.9.7l

Description

Tavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSL_get_shared_ciphers() function contains a buffer overflow vulnerability, and that the SSLv2 client code contains a flaw leading to a crash. Additionally Dr. Stephen N. Henson found that the ASN.1 handler contains two Denial of Service vulnerabilities: while parsing an invalid ASN.1 structure and while handling certain types of public key.

Impact

An attacker could trigger the buffer overflow vulnerability by sending a malicious suite of ciphers to an application using the vulnerable function, and thus execute arbitrary code with the rights of the user running the application. An attacker could also consume CPU and/or memory by exploiting the Denial of Service vulnerabilities. Finally a malicious server could crash a SSLv2 client through the SSLv2 vulnerability.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0349",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "igateway vpn/ssl-vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intoto",
        "version": "0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "intrusion detection system 4.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.48"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.47"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.22"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i standard edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i personal edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i enterprise edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle8i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "oracle8i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4.0"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.5"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.4.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.0.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.2.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.1.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "identity management 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.0.1"
      },
      {
        "model": "9i application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0.2.2"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3"
      },
      {
        "model": "e-business suite 11i cu2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.9"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.8"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.7"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "developer suite 6i",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.2"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.1"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.0"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.2.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle for openview for linux ltu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1.1"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.7"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2940",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2940",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#221788",
            "trust": 0.8,
            "value": "4.20"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-533",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02824490\nVersion: 1\n\nHPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-05-05\nLast Updated: 2011-05-05\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. \n\nReferences: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \n http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html\n\nCSWS_PHP V2.2\n http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html\n\nHISTORY\nVersion:1 (rev.1) - 5 May 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n    -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n    -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEUEARECAAYFAk3C8qwACgkQ4B86/C0qfVnBqgCYtJgc2OLmG0JEGU4sCpzntC4E\nHACgjeWEt9Ja5qNdjhL5iwOp3JVtVic=\n=EvRT\n-----END PGP SIGNATURE-----\n. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package           /  Vulnerable  /                     Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl      \u003c 0.9.8d                          \u003e= 0.9.8d\n                                                            *\u003e= 0.9.7l\n\nDescription\n===========\n\nTavis Ormandy and Will Drewry, both of the Google Security Team,\ndiscovered that the SSL_get_shared_ciphers() function contains a buffer\noverflow vulnerability, and that the SSLv2 client code contains a flaw\nleading to a crash. Additionally Dr. Stephen N. Henson found that the\nASN.1 handler contains two Denial of Service vulnerabilities: while\nparsing an invalid ASN.1 structure and while handling certain types of\npublic key. \n\nImpact\n======\n\nAn attacker could trigger the buffer overflow vulnerability by sending\na malicious suite of ciphers to an application using the vulnerable\nfunction, and thus execute arbitrary code with the rights of the user\nrunning the application. An attacker could also consume CPU and/or\nmemory by exploiting the Denial of Service vulnerabilities. Finally a\nmalicious server could crash a SSLv2 client through the SSLv2\nvulnerability. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      }
    ],
    "trust": 3.78
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.9
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940",
        "trust": 2.4
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "20247",
        "trust": 1.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26893",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29261",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "101257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "id": "VAR-200110-0349",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-07-23T20:05:55.152000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 1.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26893"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29261"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20247"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-2"
      },
      {
        "trust": 1.0,
        "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-1633"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10311"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/index.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/221788"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/457193"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/464470"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458657"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458036"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458006"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458037"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458005"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458041"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458038"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458475"
      },
      {
        "trust": 0.3,
        "url": "http://docs.info.apple.com/article.html?artnum=307177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20247"
      },
      {
        "date": "2007-01-16T00:00:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2011-05-10T00:45:11",
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-05-09T19:53:00",
        "db": "BID",
        "id": "20247"
      },
      {
        "date": "2008-05-20T23:05:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "date": "2018-10-18T16:44:22.137000",
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "BID",
        "id": "22083"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.6
  }
}

var-201609-0352
Vulnerability from variot

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. OpenSSL is prone to a remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0352",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "openssl",
        "version": "1.1.0a"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "webex centers t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13150-13"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series blade switches 4.1 e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "stealthwatch management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.2"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router 1.2.1rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "nexus series switches standalone nx-os mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches standalone nx-os mode 7.0 i5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.1.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.9"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.8"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "telepresence sx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0.1"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8200"
      },
      {
        "model": "unified communications manager im \u0026 presence service (formerly c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.1.3"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0.7"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.11"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "partner support service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.8"
      },
      {
        "model": "webex meetings client on-premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6(1)"
      },
      {
        "model": "services provisioning platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "nac appliance clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "services provisioning platform sfp1.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.4"
      },
      {
        "model": "project openssl 1.1.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.9"
      },
      {
        "model": "stealthwatch identity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.2"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2(1)"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.1"
      },
      {
        "model": "unified workforce optimization quality management solution 11.5 su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "universal small cell iuh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber client framework components",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings client on-premises t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dcm series d9900 digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.19"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.4"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "prime network services controller 1.01u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9.15.9.8"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.10"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103204.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.5(3)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series blade switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-376.1"
      },
      {
        "model": "jabber for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence profile series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1.0.0"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.28"
      },
      {
        "model": "edge digital media player 1.6rb5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "telepresence isdn gateway mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "wireless lan controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.3"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "telepresence mx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.23"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "tandberg codian isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.9"
      },
      {
        "model": "digital media manager 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.2"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.7"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone 10.3.1sr4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "webex meetings server multimedia platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.5"
      },
      {
        "model": "series stackable managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "aironet series access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27000"
      },
      {
        "model": "onepk all-in-one virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13006.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7.1"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11006.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence sx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5"
      },
      {
        "model": "nac appliance clean access server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.0.1"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime optical for service providers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart care",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player 1.2rb1.0.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "340"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "network performance analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.19"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82.8"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.7"
      },
      {
        "model": "telepresence integrator c series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "content security management appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.140"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "jabber client framework components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "telepresence server and mse",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087104.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "ucs series and series fabric interconnects",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "620063000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "netflow generation appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(1)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.9"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.8.15.7.15"
      },
      {
        "model": "prime infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103200"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.1"
      },
      {
        "model": "content security appliance update servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "videoscape anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.7.2"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.9"
      },
      {
        "model": "universal small cell iuh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1.1"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.4"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-326.1"
      },
      {
        "model": "unity express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.8"
      },
      {
        "model": "small business series managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10006.1"
      },
      {
        "model": "telepresence isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "series smart plus switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2200"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "telepresence system series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30006.1"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.13"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.9"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.9"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "mds series multilayer switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-3.0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.1"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart net total care local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.12"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.8.9"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "prime performance manager sp1611",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "unified ip phone 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "telepresence server and mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087100"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.19"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270015.5(3)"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.11"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "digital media manager 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified workforce optimization quality management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "cloud object storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47100"
      },
      {
        "model": "oss support tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.15.17.3.14"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x0"
      },
      {
        "model": "prime infrastructure plug and play standalone gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.6"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.19"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4.1"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.8"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5(1.89)"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.003(002)"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8204.4"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.3"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "prime network",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "431"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.26"
      },
      {
        "model": "network analysis module 6.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system ex series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mxe series media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip series phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "tandberg codian mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2.0.0"
      },
      {
        "model": "unified meetingplace 8.6mr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.9"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "spa525g 5-line ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone for third-party call control 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.6"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.23"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client hosted t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1.30"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004995"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6309"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-598"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6309"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-598"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-6309",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2016-6309",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-6309",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6309",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201609-598",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-6309",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004995"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6309"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-598"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. OpenSSL is prone to  a remote code execution vulnerability. \nAn attacker can exploit this issue to execute arbitrary code in the  context of the user running the affected application. Failed exploit  attempts will likely result in denial-of-service conditions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004995"
      },
      {
        "db": "BID",
        "id": "93177"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6309"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6309",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "93177",
        "trust": 1.4
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-16",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-20",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1036885",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU99474230",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004995",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-598",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6309",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6309"
      },
      {
        "db": "BID",
        "id": "93177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004995"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6309"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-598"
      }
    ]
  },
  "id": "VAR-201609-0352",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.3797576935714285
  },
  "last_update_date": "2023-12-25T20:38:46.477000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160927-openssl",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "title": "OpenSSL 1.1.0 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.1.0-notes.html"
      },
      {
        "title": "Fix Use After Free for large message sizes",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=acacbfa7565c78d2273c0b2a2e5e803f44afefeb"
      },
      {
        "title": "Fix Use After Free for large message sizes (CVE-2016-6309)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20160926.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64376"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/09/26/openssl_patches_last_weeks_patch/"
      },
      {
        "title": "Red Hat: CVE-2016-6309",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-6309"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-6309"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16"
      },
      {
        "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "SEEKER_dataset",
        "trust": 0.1,
        "url": "https://github.com/sf4bin/seeker_dataset "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/khadas/android_external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/crdroid-r/external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/yaap/external_honggfuzz "
      },
      {
        "title": "articles",
        "trust": 0.1,
        "url": "https://github.com/xinali/articles "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/dennissimos/platform_external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/r3p3r/nixawk-honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/aosp-caf-upstream/platform_external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/tinkerboard-android/rockchip-android-external-honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/jingpad-bsp/android_external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/tinkeredger-android/external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/random-aosp-stuff/android_external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/bananadroid/android_external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/wave-project/external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/imbaya2466/honggfuzz_read "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/thexperienceproject/android_external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/forklineageos/external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/statixos/android_external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/aosp10-public/external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/crdroidandroid/android_external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/tinkerboard2-android/external-honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/corvus-r/android_external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/caf-extended/external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/protonaosp/android_external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/protonaosp-platina/android_external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/havocr/external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/tomoms/android_external_honggfuzz "
      },
      {
        "title": "Honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/ep-infosec/50_google_honggfuzz "
      },
      {
        "title": "Honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/lllnx/lllnx "
      },
      {
        "title": "Honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/google/honggfuzz "
      },
      {
        "title": "OpenSSL-CVE-lib",
        "trust": 0.1,
        "url": "https://github.com/chnzzh/openssl-cve-lib "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004995"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-598"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-416",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004995"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6309"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.4,
        "url": "https://www.openssl.org/news/secadv/20160926.txt"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/93177"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036885"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-20"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=acacbfa7565c78d2273c0b2a2e5e803f44afefeb"
      },
      {
        "trust": 0.9,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6309"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu99474230/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6309"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996181"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/416.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49041"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/xinali/articles"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6309"
      },
      {
        "db": "BID",
        "id": "93177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004995"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6309"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-598"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6309"
      },
      {
        "db": "BID",
        "id": "93177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004995"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6309"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-598"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6309"
      },
      {
        "date": "2016-09-26T00:00:00",
        "db": "BID",
        "id": "93177"
      },
      {
        "date": "2016-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004995"
      },
      {
        "date": "2016-09-26T19:59:06.393000",
        "db": "NVD",
        "id": "CVE-2016-6309"
      },
      {
        "date": "2016-09-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-598"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6309"
      },
      {
        "date": "2017-05-02T00:06:00",
        "db": "BID",
        "id": "93177"
      },
      {
        "date": "2016-12-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004995"
      },
      {
        "date": "2023-11-07T02:33:57.517000",
        "db": "NVD",
        "id": "CVE-2016-6309"
      },
      {
        "date": "2019-02-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-598"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-598"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  statem/statem.c Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004995"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-598"
      }
    ],
    "trust": 0.6
  }
}

var-201609-0481
Vulnerability from variot

crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition.

Gentoo Linux Security Advisory GLSA 201612-16

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2j >= 1.0.2j

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"

References

[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201612-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

[slackware-security] openssl (SSA:2016-270-01)

New openssl packages are available for Slackware 14.2 and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2j-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: Missing CRL sanity check (CVE-2016-7052) For more information, see: https://www.openssl.org/news/secadv/20160926.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7052 ( Security fix ) patches/packages/openssl-solibs-1.0.2j-i586-1_slack14.2.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2j-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2j-i586-1_slack14.2.txz

Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2j-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2j-x86_64-1_slack14.2.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2j-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2j-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2j-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2j-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.2 packages: cf3e90f91b35ee96f5a900e5f2ec8fd5 openssl-1.0.2j-i586-1_slack14.2.txz 31cc46351fdd4c487f75abdbfcd696e7 openssl-solibs-1.0.2j-i586-1_slack14.2.txz

Slackware x86_64 14.2 packages: 333fd278752b5f04a805aeabd77f28c4 openssl-1.0.2j-x86_64-1_slack14.2.txz 6b25daf23b1cfc59351308b9c11e830a openssl-solibs-1.0.2j-x86_64-1_slack14.2.txz

Slackware -current packages: 98337bdfe00f04be784953fee5c023ca a/openssl-solibs-1.0.2j-i586-1.txz 3cd05a7ed655e7f51f652a31b9b908e7 n/openssl-1.0.2j-i586-1.txz

Slackware x86_64 -current packages: 6907d9a091ace959d8f04aa92cd7e5f6 a/openssl-solibs-1.0.2j-x86_64-1.txz 4017d82d5c4c370ab6850a5d623d321a n/openssl-1.0.2j-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.2j-i586-1_slack14.2.txz openssl-solibs-1.0.2j-i586-1_slack14.2.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlfpZcsACgkQakRjwEAQIjPMMACbB1R3zcPgLf11KPr1jtmRE7PN BvgAnjd81wwT0k1DTOieELSStonzadsk =AuZJ -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0481",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "openssl",
        "version": "1.0.2i"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.6.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.7.0"
      },
      {
        "model": "suse linux enterprise module for web scripting",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "12.0"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.1.2"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.0.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.0.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.2.0"
      },
      {
        "model": "linux enterprise module for web scripting",
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "webex centers t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13150-13"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series blade switches 4.1 e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "project openssl 1.0.2i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "stealthwatch management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment 5.1.fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.2"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router 1.2.1rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "nexus series switches standalone nx-os mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches standalone nx-os mode 7.0 i5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.1.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.9"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.8"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "telepresence sx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0.1"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8200"
      },
      {
        "model": "unified communications manager im \u0026 presence service (formerly c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.1.3"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0.7"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.11"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "partner support service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "email gateway 7.6.2h968406",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.8"
      },
      {
        "model": "webex meetings client on-premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6(1)"
      },
      {
        "model": "services provisioning platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "nac appliance clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "project openssl 1.0.2j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.405"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "services provisioning platform sfp1.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.4"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.9"
      },
      {
        "model": "stealthwatch identity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.2"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2(1)"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.1"
      },
      {
        "model": "unified workforce optimization quality management solution 11.5 su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "universal small cell iuh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "jabber client framework components",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings client on-premises t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dcm series d9900 digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.19"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.4"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "prime network services controller 1.01u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9.15.9.8"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.10"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103204.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.1.0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.5(3)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series blade switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-376.1"
      },
      {
        "model": "jabber for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence profile series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1.0.0"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.28"
      },
      {
        "model": "edge digital media player 1.6rb5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "telepresence isdn gateway mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "wireless lan controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.3"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "telepresence mx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.23"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.401"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "tandberg codian isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway 7.6.405h1165239",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.9"
      },
      {
        "model": "digital media manager 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.2"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.7"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone 10.3.1sr4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "webex meetings server multimedia platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.5"
      },
      {
        "model": "series stackable managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.0.2"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.0.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "aironet series access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27000"
      },
      {
        "model": "onepk all-in-one virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13006.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11006.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence sx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5"
      },
      {
        "model": "nac appliance clean access server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.0.1"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime optical for service providers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart care",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player 1.2rb1.0.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "340"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "network performance analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.19"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82.8"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.7"
      },
      {
        "model": "telepresence integrator c series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "content security management appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.140"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "jabber client framework components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.403"
      },
      {
        "model": "unified sip proxy software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "openssh for gpfs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "telepresence server and mse",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087104.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "ucs series and series fabric interconnects",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "620063000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "16.1"
      },
      {
        "model": "netflow generation appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(1)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.9"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.8.15.7.15"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.2.0"
      },
      {
        "model": "prime infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "tuxedo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1.0"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103200"
      },
      {
        "model": "content security appliance update servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "videoscape anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.7.2"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.9"
      },
      {
        "model": "universal small cell iuh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1.1"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.4"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-326.1"
      },
      {
        "model": "unity express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.8"
      },
      {
        "model": "small business series managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10006.1"
      },
      {
        "model": "telepresence isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "series smart plus switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2200"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "telepresence system series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30006.1"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.13"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.9"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.9"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "mds series multilayer switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-3.0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.1"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart net total care local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.12"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.8.9"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "prime performance manager sp1611",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "unified ip phone 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "telepresence server and mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087100"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.19"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270015.5(3)"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.11"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "digital media manager 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified workforce optimization quality management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "cloud object storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47100"
      },
      {
        "model": "oss support tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.15.17.3.14"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "prime infrastructure plug and play standalone gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.6"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.19"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "16.2"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4.1"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.8"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5(1.89)"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.003(002)"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8204.4"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.3"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.400"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "prime network",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "431"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.26"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "network analysis module 6.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system ex series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mxe series media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "ip series phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2.0.0"
      },
      {
        "model": "unified meetingplace 8.6mr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.406-3402.103"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.9"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "spa525g 5-line ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone for third-party call control 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.6"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway 7.6.405h1157986",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.23"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client hosted t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1.30"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.4.1.5.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.402"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93171"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004996"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-599"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_module_for_web_scripting:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.7.0",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.6.0",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-7052"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-599"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-7052",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-7052",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-7052",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-7052",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201609-599",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-7052",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-7052"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004996"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-599"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 07, 2016\n     Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n           #592082, #594500, #595186\n       ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2j                  \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. Additionally, a time based side-channel\nattack may allow a local attacker to recover a private DSA key. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[  1 ] CVE-2016-2105\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[  2 ] CVE-2016-2106\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[  3 ] CVE-2016-2107\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[  4 ] CVE-2016-2108\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[  5 ] CVE-2016-2109\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[  6 ] CVE-2016-2176\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[  7 ] CVE-2016-2177\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[  8 ] CVE-2016-2178\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[  9 ] CVE-2016-2180\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n       http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security]  openssl (SSA:2016-270-01)\n\nNew openssl packages are available for Slackware 14.2 and -current to\nfix a security issue. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.2j-i586-1_slack14.2.txz:  Upgraded. \n  This update fixes a security issue:\n  Missing CRL sanity check (CVE-2016-7052)\n  For more information, see:\n    https://www.openssl.org/news/secadv/20160926.txt\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7052\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.2j-i586-1_slack14.2.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2j-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2j-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2j-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2j-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2j-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2j-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2j-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2j-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.2 packages:\ncf3e90f91b35ee96f5a900e5f2ec8fd5  openssl-1.0.2j-i586-1_slack14.2.txz\n31cc46351fdd4c487f75abdbfcd696e7  openssl-solibs-1.0.2j-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n333fd278752b5f04a805aeabd77f28c4  openssl-1.0.2j-x86_64-1_slack14.2.txz\n6b25daf23b1cfc59351308b9c11e830a  openssl-solibs-1.0.2j-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n98337bdfe00f04be784953fee5c023ca  a/openssl-solibs-1.0.2j-i586-1.txz\n3cd05a7ed655e7f51f652a31b9b908e7  n/openssl-1.0.2j-i586-1.txz\n\nSlackware x86_64 -current packages:\n6907d9a091ace959d8f04aa92cd7e5f6  a/openssl-solibs-1.0.2j-x86_64-1.txz\n4017d82d5c4c370ab6850a5d623d321a  n/openssl-1.0.2j-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.2j-i586-1_slack14.2.txz openssl-solibs-1.0.2j-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address.      |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAlfpZcsACgkQakRjwEAQIjPMMACbB1R3zcPgLf11KPr1jtmRE7PN\nBvgAnjd81wwT0k1DTOieELSStonzadsk\n=AuZJ\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-7052"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004996"
      },
      {
        "db": "BID",
        "id": "93171"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-7052"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "138863"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-7052",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "93171",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1036885",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-16",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-20",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-19",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10171",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU99474230",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004996",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4645",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-599",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-7052",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140056",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138863",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-7052"
      },
      {
        "db": "BID",
        "id": "93171"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004996"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "138863"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-599"
      }
    ]
  },
  "id": "VAR-201609-0481",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.3797576935714285
  },
  "last_update_date": "2023-12-18T11:18:09.171000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160927-openssl",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "Add some sanity checks when checking CRL scores",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=6e629b5be45face20b4ca71c4fcbfed78b864a2e"
      },
      {
        "title": "Missing CRL sanity check (CVE-2016-7052)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20160926.txt"
      },
      {
        "title": "SUSE-SU-2016:2470",
        "trust": 0.8,
        "url": "https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64377"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/09/26/openssl_patches_last_weeks_patch/"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-28] lib32-openssl: denial of service",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-28"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-30] openssl: denial of service",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-30"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-7052"
      },
      {
        "title": "Red Hat: CVE-2016-7052",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-7052"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl"
      },
      {
        "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16"
      },
      {
        "title": "Tenable Security Advisories: [R6] SecurityCenter 5.4.1 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-19"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-7052 "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/openssl-fixes-critical-bug-introduced-by-latest-update/120851/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-7052"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004996"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-599"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004996"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7052"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://www.openssl.org/news/secadv/20160926.txt"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/93171"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201612-16"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10171"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1036885"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-20"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-19"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:27.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=6e629b5be45face20b4ca71c4fcbfed78b864a2e"
      },
      {
        "trust": 0.9,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7052"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu99474230/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7052"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=6e629b5be45face20b4ca71c4fcbfed78b864a2e"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996181"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/476.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/openssl-fixes-critical-bug-introduced-by-latest-update/120851/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49228"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://eprint.iacr.org/2016/594.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-7052"
      },
      {
        "db": "BID",
        "id": "93171"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004996"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "138863"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-599"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-7052"
      },
      {
        "db": "BID",
        "id": "93171"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004996"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "138863"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-599"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-7052"
      },
      {
        "date": "2016-09-26T00:00:00",
        "db": "BID",
        "id": "93171"
      },
      {
        "date": "2016-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004996"
      },
      {
        "date": "2016-12-07T16:37:31",
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "date": "2016-09-26T23:23:00",
        "db": "PACKETSTORM",
        "id": "138863"
      },
      {
        "date": "2016-09-26T19:59:07.533000",
        "db": "NVD",
        "id": "CVE-2016-7052"
      },
      {
        "date": "2016-09-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-599"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-7052"
      },
      {
        "date": "2017-12-19T22:37:00",
        "db": "BID",
        "id": "93171"
      },
      {
        "date": "2016-12-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004996"
      },
      {
        "date": "2023-11-07T02:34:13.277000",
        "db": "NVD",
        "id": "CVE-2016-7052"
      },
      {
        "date": "2022-08-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-599"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-599"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/x509/x509_vfy.c Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004996"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-599"
      }
    ],
    "trust": 0.6
  }
}

var-200110-0353
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it.

Update:

There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)

files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

BACKGROUND

RESOLUTION

HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

PRODUCT SPECIFIC INFORMATION

The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0353",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.2.6-p1"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.3.2-p1"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. Henson  of the OpenSSL core team and Open Network Security is credited  with the discovery of this vulnerability. He created the test suite that uncovered this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-2937",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      }
    ],
    "trust": 5.76
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 3.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200110-0353",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-03-27T19:24:31.614000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "BIND 9: OpenSSL Vulnerabilities",
        "trust": 0.8,
        "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "title": "102759",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.6,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.4,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.4,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.4,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.2,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
      },
      {
        "trust": 0.1,
        "url": "http://h30097.www3.hp.com/cma/patches.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2006-10-04T00:47:19",
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2007-04-19T00:58:08",
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2011-05-10T00:45:11",
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  }
}

var-200110-0185
Vulnerability from variot

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDKSA-2006:207 http://www.mandriva.com/security/

Package : bind Date : November 14, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0

Problem Description:

The BIND DNS server is vulnerable to the recently-discovered OpenSSL RSA signature verification problem (CVE-2006-4339). BIND uses RSA cryptography as part of its DNSSEC implementation. As a result, to resolve the security issue, these packages need to be upgraded and for both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to be generated using the "-e" option of dnssec-keygen, if the current keys were generated using the default exponent of 3.

You are able to determine if your keys are vulnerable by looking at the algorithm (1 or 5) and the first three characters of the Base64 encoded RSA key. RSAMD5 (1) and RSASHA1 (5) keys that start with "AQM", "AQN", "AQO", or "AQP" are vulnerable.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445

Updated Packages:

Mandriva Linux 2006.0: 1035f92172986ed63ca035de0603a0fd 2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm 4f5949d85f13c68220f4f5f030f63849 2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm f201e05548b673268038e95225451085 2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm 4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 83b6c31bef9e4df229e2fe5cf8c3aa2a 2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm fb03e9a493645041816c206267a052f4 2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm f54babadfba3ec593563724208df1eaa 2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm 4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm

Mandriva Linux 2007.0: 6c282a7b5c3cfec534e2557926005bbf 2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm 03390448f140777d62cdd76e50361526 2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm 7546dc98ff5e8061636a3a75d6b318fb 2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm 8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: c190d522505a16aa97891f525e0034a4 2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm 594cacdac86db81b0c62a7380c6a3a2d 2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm e827e65717615868896e43bcb4856f2d 2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm 8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm

Corporate 3.0: fa096b2fac1840797e382ba61728d47e corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm 0f1e56f1f3a2689443c04b52d8ce5545 corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm 99bf1f4127e97b8941b597aa5e19aa0a corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm 2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm

Corporate 3.0/X86_64: e74bea44aee406d11c87227584790c26 corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm b108edf227b55f3af3ab55b48c23a62a corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm ba548cbba992f479ad40ecf0808f36cb corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm 2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm

Corporate 4.0: 8bfc97510d4f07568d64c9b9872b4bba corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm dda709703f8bf05f1ff59ae6132a81a7 corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm daf59d23abaaaf62c990d2fa1155688c corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 3d1bbe1e7d4f2de6e546996e181a16b0 corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm c1b8467d62623ef5daf35a696ab2389e corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm 83cf57110f107c450aaac5931ee52ecb corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0: abd228e7f0b762ae8c11c8ecd90200c2 mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm dd7b0785e31880a09d10957695c0552d mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm 0a2052e5f263b8b8d94111a581928c57 mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm eff2c78779b4285783ffea14e6e33c31 mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFWlnDmqjQ0CJFipgRAvl+AKCd5q51CkdHf1UnUJ4imb9Fzl5mZQCfaW5Z 6faoicEmIFqGW4QuEVIhCbU= =bI0u -----END PGP SIGNATURE-----

. ----------------------------------------------------------------------

Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/

TITLE: OpenOffice.org 2 Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA38567

VERIFY ADVISORY: http://secunia.com/advisories/38567/

DESCRIPTION: Some vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system.

For more information: SA38568

SOLUTION: Upgrade to version 3.2.

ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2006-4339.html http://www.openoffice.org/security/cves/CVE-2009-0217.html http://www.openoffice.org/security/cves/CVE-2009-2949.html http://www.openoffice.org/security/cves/CVE-2009-2950.html http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html

OTHER REFERENCES: SA38568: http://secunia.com/advisories/38568/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0185",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": "jre 011",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 011",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 010",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 010",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 013",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 014",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": "sdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 15",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 015",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jdk 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jdk 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "jre 1.4.2 12",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "sdk 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre .0 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "sdk 07",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk b 005",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "sdk 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk .0 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk .0 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk .0 4",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk 008",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2"
      },
      {
        "model": "sdk 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre .0 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 015",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "sdk 012",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 014",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 009",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": "jre 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jdk 003",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk .0 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "sdk 13",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre .0 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jdk 006",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk 05",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk .0 03",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sybase",
        "version": "3.1"
      },
      {
        "model": "jdk 06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre b 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jdk 002",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 008",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 004",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 009",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "jdk 004",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "sdk 013",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk b 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "jre 012",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 009",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.5"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.1"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.9"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "java system web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.10"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.5"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "5.2.2"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ffi global fix lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "java web proxy server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.6"
      },
      {
        "model": "2-stable-20061018",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "jre b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "4,0 beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "jre .0 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "software opera web browser 1win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "jdk 09",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "7.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "6.2.3"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.51"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "sdk 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "java web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "thunderbird",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.5"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "jdk 1.5.0.0 06",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "one application server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "java system web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "sdk 04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.6"
      },
      {
        "model": "thunderbird",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.7"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "java system web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "solonde etl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.6"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "jsse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.2"
      },
      {
        "model": "one web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.54"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "one web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.51"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "one web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.1"
      },
      {
        "model": "java system web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "www-client/opera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gentoo",
        "version": "9.0.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.3"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.10"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.12"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.4"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "sdk 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.02"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-release-p32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.1.1"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5.1"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "jre 01a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "reflection ftp client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "12.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "ffi global fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.1"
      },
      {
        "model": "jsse 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "java system web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "java system application server 2004q2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "java web proxy server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "jre 009",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.52"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "jre b 005",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "jsse 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "jre 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "international cryptographic infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.7.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.54"
      },
      {
        "model": "software opera web browser beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "83"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.53"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.21"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "java system web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "data auditing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.5.3"
      },
      {
        "model": "openoffice",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.2"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "-release-p42",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "java system application server 2004q2 r1standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "seamonkey",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.5"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.0"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "data direct odbc/ole-db drivers for ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "java system web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "communications security tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "global fix lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.3"
      },
      {
        "model": "software opera web browser win32 beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.01"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.7"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.22"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.4"
      },
      {
        "model": "virtualvault a.04.50",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "jdk 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "integrated management",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "jre 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "one web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.2.1"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.1"
      },
      {
        "model": "jdk 1.5.0.0 04",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "java system web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.5"
      },
      {
        "model": "tomboy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "one application server platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "x0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "ecda",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.6"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.2"
      },
      {
        "model": "software opera web browser j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "solaris 8 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.1"
      },
      {
        "model": "one web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.50"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.06"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "ecda",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "sdk 05a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "java web proxy server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "software opera web browser beta build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.2012981"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "9"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.2"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "sdk 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.53"
      },
      {
        "model": "reflection sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.1"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "current pre20010701",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "jdk b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "-release-p38",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.13"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "corp banking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "java system application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "tomboy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.9"
      },
      {
        "model": "one web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.10"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.5"
      },
      {
        "model": "java system application server 2004q2 r1enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "jdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "seamonkey",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.3"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.1"
      },
      {
        "model": "-release-p17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "9.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0.4"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser .6win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "data integration suite di",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.0"
      },
      {
        "model": "linux enterprise sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.14"
      },
      {
        "model": "java web proxy server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "java system application server platform edition q1 ur1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "data auditing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.5.2"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.1"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.4"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.2"
      },
      {
        "model": "stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "java system web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "sdk 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "4.10-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "java enterprise system 2005q1",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "reflection sftp client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "solaris 8 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "java system application server platform edition q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "iq extended enterpirse edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.7"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "jdk 13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "java system application server standard 2004q2 r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "sdk 07a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "interactive response",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.1"
      },
      {
        "model": "software opera web browser mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.1"
      },
      {
        "model": "java system application server enterprise edition 2005q1rhel2.1/rhel3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "international cryptographic infostructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.6.1"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.8"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "software opera web browser b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "project openssl k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "java system application server standard 2004q2 r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "9.01"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "java system application server 2004q2 r2 enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java system web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "current august",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "232006"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "jre 05a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "sdk 007",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "one web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.2"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.3"
      },
      {
        "model": "jdk 15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "cvlan",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "jre 099",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "java system application server 2004q2 r3 enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java enterprise system 2003q4",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "java system application server 2004q2 r3 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "jre beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.10"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "java system application server 2004q2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20090"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "3.1 rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "e-biz impact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.5"
      },
      {
        "model": "ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "11.5"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.02"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "java system application server enterprise 2004q2 r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "-release-p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "8.0"
      },
      {
        "model": "one web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "jre 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "jre 13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "10.5"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "jdk 12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "mach desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "jdk 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "advanced linux environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "secure global desktop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.0.2"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.4"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "one web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "7.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "java system application server standard platform q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.52"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3)4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "webproxy a.02.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.2"
      },
      {
        "model": "java system application server enterprise 2004q2 r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "java system web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "java system web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "one web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "project openssl c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bpi for healthcare",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2"
      },
      {
        "model": "jdk 099",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 006",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "10.2.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.13"
      },
      {
        "model": "webproxy a.02.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "virtualvault a.04.70",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "11.0"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "e-biz impact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.4.5"
      },
      {
        "model": "java system application server enterprise edition q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "jdk 1.5.0.0 03",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.3-1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "jdk 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "ffi uofx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.50"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.0"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "java web proxy server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "reflection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0.5"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "seamonkey",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.6"
      },
      {
        "model": "ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5.2"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.4"
      },
      {
        "model": "jsse 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "one web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "e1.0-solid",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.2"
      },
      {
        "model": "-release/alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "ffi bptw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "java web proxy server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "java system application server 2004q2 r2 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.2"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "virtualvault a.04.60",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.3"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "10.0"
      },
      {
        "model": "java enterprise system 2005q4",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "hat fedora core5",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "one web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "sdk 01a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "solaris 9 x86 update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0.x"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "network security services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.11.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "jre 004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.23"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "8.1"
      },
      {
        "model": "legion of the bouncy castle java cryptography api",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "the",
        "version": "1.37"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "-stablepre2002-03-07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.0"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.2"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1"
      },
      {
        "model": "thunderbird",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.8"
      },
      {
        "model": "ffi cons banking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "java enterprise system 2004q2",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "securefx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "van dyke",
        "version": "4.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "java system web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.5"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "software opera web browser 3win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "java web proxy server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.0"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "jre 09",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "software opera web browser 2win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.01"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.8"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.7"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "bpi for healthcare",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2.1"
      },
      {
        "model": "java web proxy server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "sdk .0 05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.20"
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "java system web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.14"
      },
      {
        "model": "sdk .0 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.12"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3"
      },
      {
        "model": "jre .0 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.3.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "mfolio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.2.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.11"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "jdk 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "software opera web browser win32 beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.02"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.6"
      },
      {
        "model": "firefox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.8"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.11"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "jsse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "current pre20010805",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "java web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.0"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "legion of the bouncy castle java cryptography api",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "the",
        "version": "1.38"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "java system web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "java web proxy server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "solaris update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "95"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "solonde etl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "vshell",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "van dyke",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "interactive response",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.3"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Daniel Bleichenbacher reported this issue to the vendor.",
    "sources": [
      {
        "db": "BID",
        "id": "19849"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-4339",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4339",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. \nAll versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                         MDKSA-2006:207\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : bind\n Date    : November 14, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n The BIND DNS server is vulnerable to the recently-discovered OpenSSL\n RSA signature verification problem (CVE-2006-4339).  BIND uses RSA\n cryptography as part of its DNSSEC implementation.  As a result, to\n resolve the security issue, these packages need to be upgraded and for\n both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to\n be generated using the \"-e\" option of dnssec-keygen, if the current\n keys were generated using the default exponent of 3. \n\n You are able to determine if your keys are vulnerable by looking at the\n algorithm (1 or 5) and the first three characters of the Base64 encoded\n RSA key.  RSAMD5 (1) and RSASHA1 (5) keys that start with \"AQM\", \"AQN\",\n \"AQO\", or \"AQP\" are vulnerable. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 1035f92172986ed63ca035de0603a0fd  2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm\n 4f5949d85f13c68220f4f5f030f63849  2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm\n f201e05548b673268038e95225451085  2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm \n 4f57cbdc960171c439223f5c20952460  2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 83b6c31bef9e4df229e2fe5cf8c3aa2a  2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm\n fb03e9a493645041816c206267a052f4  2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm\n f54babadfba3ec593563724208df1eaa  2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm \n 4f57cbdc960171c439223f5c20952460  2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 6c282a7b5c3cfec534e2557926005bbf  2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm\n 03390448f140777d62cdd76e50361526  2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm\n 7546dc98ff5e8061636a3a75d6b318fb  2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm \n 8be8a7d591971e760d1251bd75f97a6c  2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n c190d522505a16aa97891f525e0034a4  2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm\n 594cacdac86db81b0c62a7380c6a3a2d  2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm\n e827e65717615868896e43bcb4856f2d  2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm \n 8be8a7d591971e760d1251bd75f97a6c  2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n fa096b2fac1840797e382ba61728d47e  corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm\n 0f1e56f1f3a2689443c04b52d8ce5545  corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm\n 99bf1f4127e97b8941b597aa5e19aa0a  corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm \n 2b49bd9c7edf8bd81b297260b54de32d  corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n e74bea44aee406d11c87227584790c26  corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm\n b108edf227b55f3af3ab55b48c23a62a  corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm\n ba548cbba992f479ad40ecf0808f36cb  corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm \n 2b49bd9c7edf8bd81b297260b54de32d  corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm\n\n Corporate 4.0:\n 8bfc97510d4f07568d64c9b9872b4bba  corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm\n dda709703f8bf05f1ff59ae6132a81a7  corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm\n daf59d23abaaaf62c990d2fa1155688c  corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm \n ccfd1d4d79b168ab5f7998e51c305a26  corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 3d1bbe1e7d4f2de6e546996e181a16b0  corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm\n c1b8467d62623ef5daf35a696ab2389e  corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm\n 83cf57110f107c450aaac5931ee52ecb  corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm \n ccfd1d4d79b168ab5f7998e51c305a26  corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n abd228e7f0b762ae8c11c8ecd90200c2  mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm\n dd7b0785e31880a09d10957695c0552d  mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm\n 0a2052e5f263b8b8d94111a581928c57  mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm \n eff2c78779b4285783ffea14e6e33c31  mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFWlnDmqjQ0CJFipgRAvl+AKCd5q51CkdHf1UnUJ4imb9Fzl5mZQCfaW5Z\n6faoicEmIFqGW4QuEVIhCbU=\n=bI0u\n-----END PGP SIGNATURE-----\n\n. ----------------------------------------------------------------------\n\n\n\nSecunia integrated with Microsoft WSUS \nhttp://secunia.com/blog/71/\n\n\n\n----------------------------------------------------------------------\n\nTITLE:\nOpenOffice.org 2 Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA38567\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38567/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in OpenOffice.org, which can\nbe exploited by malicious people to bypass certain security\nrestrictions, conduct spoofing attacks, or compromise a user\u0027s\nsystem. \n\nFor more information:\nSA38568\n\nSOLUTION:\nUpgrade to version 3.2. \n\nORIGINAL ADVISORY:\nhttp://www.openoffice.org/security/cves/CVE-2006-4339.html\nhttp://www.openoffice.org/security/cves/CVE-2009-0217.html\nhttp://www.openoffice.org/security/cves/CVE-2009-2949.html\nhttp://www.openoffice.org/security/cves/CVE-2009-2950.html\nhttp://www.openoffice.org/security/cves/CVE-2009-3301-3302.html\n\nOTHER REFERENCES:\nSA38568:\nhttp://secunia.com/advisories/38568/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "52186"
      },
      {
        "db": "PACKETSTORM",
        "id": "86234"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 1.8
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339",
        "trust": 1.5
      },
      {
        "db": "BID",
        "id": "19849",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "38567",
        "trust": 1.2
      },
      {
        "db": "SECUNIA",
        "id": "25399",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22936",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23841",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21785",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22325",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21870",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22044",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22934",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22689",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22036",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22509",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21927",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22939",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "28115",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22446",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22733",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22938",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21852",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22932",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21873",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22711",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22066",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "60799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22937",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "41818",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21930",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "38568",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21776",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22523",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25649",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21982",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21767",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21906",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22232",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22513",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21846",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22949",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21823",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22161",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22940",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26893",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22226",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21778",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23455",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22948",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21812",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22585",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22545",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24099",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-4224",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4366",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3793",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4586",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4216",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-5146",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3899",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4205",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3730",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4206",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1945",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4744",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0366",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0254",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3453",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4207",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3748",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3566",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1815",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2163",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1016791",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000079",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "28549",
        "trust": 1.0
      },
      {
        "db": "JVN",
        "id": "JVN51615542",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "52186",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "86234",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "52186"
      },
      {
        "db": "PACKETSTORM",
        "id": "86234"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "id": "VAR-200110-0185",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.32525984999999996
  },
  "last_update_date": "2024-06-08T22:21:36.650000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 1.4,
        "url": "http://www.openoffice.org/security/cves/cve-2006-4339.html"
      },
      {
        "trust": 1.3,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=3117"
      },
      {
        "trust": 1.3,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-188.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://support.attachmate.com/techdocs/2137.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.openssl.org/news/secadv_20060905.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.bluecoat.com/support/knowledge/openssl_rsa_signature_forgery.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/845620"
      },
      {
        "trust": 1.3,
        "url": "http://docs.info.apple.com/article.html?artnum=307177"
      },
      {
        "trust": 1.3,
        "url": "https://secure-support.novell.com/kanisaplatform/publishing/41/3143224_f.sal_public.html"
      },
      {
        "trust": 1.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1"
      },
      {
        "trust": 1.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "trust": 1.3,
        "url": "http://www.sybase.com/detail?id=1047991"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://dev2dev.bea.com/pub/advisory/238"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c01070495"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://jvn.jp/en/jp/jvn51615542/index.html"
      },
      {
        "trust": 1.0,
        "url": "http://jvndb.jvn.jp/ja/contents/2012/jvndb-2012-000079.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2007/dec/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21709"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21767"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21776"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21778"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21785"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21812"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21823"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21846"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21852"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21870"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21873"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21906"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21927"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21982"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22036"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22044"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22066"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22161"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22226"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22232"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22325"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22446"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22509"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22513"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22523"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22545"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22585"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22689"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22711"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22733"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22932"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22934"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22936"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22937"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22938"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22939"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22940"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22948"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22949"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23455"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23841"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24099"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25399"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25649"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26893"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/28115"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/38567"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/38568"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/41818"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/60799"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:19.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200609-05.xml"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200609-18.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016791"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.566955"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.605306"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2127.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2128.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/40ak-2006-04-fr-1.1_ssl360_openssl_rsa.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1174"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:161"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:207"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_61_opera.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openbsd.org/errata.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.com/security/advisories/openpkg-sa-2006.018.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.029-bind.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.opera.com/support/search/supsearch.dml?index=845"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/28549"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0661.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0062.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0072.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0073.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/445231/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/445822/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/450327/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/19849"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-339-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.us.debian.org/security/2006/dsa-1173"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3453"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3566"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3730"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3748"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3793"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3899"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4205"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4206"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4207"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4216"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4366"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4586"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4744"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/5146"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0254"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1815"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1945"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2163"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/4224"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2010/0366"
      },
      {
        "trust": 1.0,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00771742"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28755"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-1633"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-616"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11656"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-196.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-224.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-246.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.cdc.informatik.tu-darmstadt.de/securebrowser/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
      },
      {
        "trust": 0.3,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2006-023.txt.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-451.php"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0735.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0661.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0675.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0676.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0677.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0733.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0734.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/44ak-2006-04-en-1.1_ssl360_openssl_rsa.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www1.vandyke.com/support/advisory/2007/01/845620.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.slackware.com/security/list.php?l=slackware-security\u0026y=2006"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "/archive/1/446038"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2007-091.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-250.htm"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?admit=-1335382922+1174502331230+28353475\u0026docid=c00774579"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-january/051708.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2007-0062.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2007-0072.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/594904"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://www.openoffice.org/security/cves/cve-2009-0217.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/38568/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/blog/71/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openoffice.org/security/cves/cve-2009-3301-3302.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.openoffice.org/security/cves/cve-2009-2950.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openoffice.org/security/cves/cve-2009-2949.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/38567/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "52186"
      },
      {
        "db": "PACKETSTORM",
        "id": "86234"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "52186"
      },
      {
        "db": "PACKETSTORM",
        "id": "86234"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-05T00:00:00",
        "db": "BID",
        "id": "19849"
      },
      {
        "date": "2006-11-16T16:32:32",
        "db": "PACKETSTORM",
        "id": "52186"
      },
      {
        "date": "2010-02-12T13:01:15",
        "db": "PACKETSTORM",
        "id": "86234"
      },
      {
        "date": "2006-09-05T17:04:00",
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2015-03-19T08:19:00",
        "db": "BID",
        "id": "19849"
      },
      {
        "date": "2018-10-17T21:35:10.617000",
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "19849"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "19849"
      }
    ],
    "trust": 0.3
  }
}

var-200303-0010
Vulnerability from variot

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency. OpenSSL so RSA Is used for the encryption algorithm, RSA There is a vulnerability that is subject to timing attacks that can analyze the private key by measuring and analyzing the processing time when generating the private key in the format.The server's private key may be obtained. A side-channel attack in the OpenSSL implementation has been published in a recent paper that may ultimately result in an active adversary gaining the RSA private key of a target server. The attack involves analysis of the timing of certain operations during client-server session key negotiation

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200303-0010",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "stunnel",
        "version": "4.04"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "stunnel",
        "version": "4.03"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "stunnel",
        "version": "4.02"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "stunnel",
        "version": "4.01"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "stunnel",
        "version": "3.22"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "stunnel",
        "version": "3.21"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "stunnel",
        "version": "3.19"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "stunnel",
        "version": "3.18"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "stunnel",
        "version": "3.20"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "stunnel",
        "version": "4.0"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stunnel",
        "version": "3.17"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stunnel",
        "version": "3.16"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stunnel",
        "version": "3.15"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stunnel",
        "version": "3.14"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stunnel",
        "version": "3.13"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stunnel",
        "version": "3.12"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stunnel",
        "version": "3.11"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stunnel",
        "version": "3.9"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stunnel",
        "version": "3.8"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stunnel",
        "version": "3.7"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stunnel",
        "version": "3.10"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "openpkg",
        "version": "1.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "openpkg",
        "version": "1.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openpkg",
        "version": "*"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "conectiva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "covalent",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "crypto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "foundry",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "fressh",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnu libgcrypt",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnu tls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "guardian digital",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandrakesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openssh",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sgi",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sorceror linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stunnel",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "the sco group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "wirex",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cryptlib",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "esoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mod ssl",
        "version": null
      },
      {
        "model": "http server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "apache",
        "version": "2.0.44"
      },
      {
        "model": "openssh",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openbsd",
        "version": "3.5"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.3"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0.2"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0.3"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0.4"
      },
      {
        "model": "cobalt raq4",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raq550",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raqxtr",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "2.6 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "2.6 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "7.0 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "7.0 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "8 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "8 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.5"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.00"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.20"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.22"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "8.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "9"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "4.0.4"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "4.0.3"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "4.0.2"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "4.0.1"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.4.8"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.4.7"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.4.6"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.4.5"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.4.4"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.4.3"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.4.2"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.4.1"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.4"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.3.4"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.3.3"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.3.2"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.3.1"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.3"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.2.2"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.2.1"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.2"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.1.2"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.1.1"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.1"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.0"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "2.4"
      },
      {
        "model": "cobalt raq xtr",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "cobalt raq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "550"
      },
      {
        "model": "cobalt raq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4"
      },
      {
        "model": "cobalt qube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "4.00"
      },
      {
        "model": "communications security ipsec express toolkit",
        "scope": null,
        "trust": 0.3,
        "vendor": "ssh",
        "version": null
      },
      {
        "model": "communications security certificate/tls toolkit",
        "scope": null,
        "trust": 0.3,
        "vendor": "ssh",
        "version": null
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "mgetty-sendfax-1.1.14-8.i386.rpm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.2"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "oracle9i application server .1s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "mod ssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mod ssl",
        "version": "2.8.14"
      },
      {
        "model": "igateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intoto",
        "version": "3.2"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.22"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "transport layer security library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "0.8.5"
      },
      {
        "model": "transport layer security library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "0.8.4"
      },
      {
        "model": "transport layer security library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "0.8.3"
      },
      {
        "model": "transport layer security library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "0.8.2"
      },
      {
        "model": "transport layer security library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "0.8.1"
      },
      {
        "model": "transport layer security library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "0.8.0"
      },
      {
        "model": "libgcrypt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "1.1.12"
      },
      {
        "model": "libgcrypt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "1.1.11"
      },
      {
        "model": "libgcrypt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "1.1.10"
      },
      {
        "model": "libgcrypt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "1.1.9"
      },
      {
        "model": "libgcrypt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "1.1.8"
      },
      {
        "model": "networks ironview",
        "scope": null,
        "trust": 0.3,
        "vendor": "foundry",
        "version": null
      },
      {
        "model": "big-ip blade controller ptf-01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2.3"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "crypto++ library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "crypto",
        "version": "5.0"
      },
      {
        "model": "crypto++ library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "crypto",
        "version": "4.2"
      },
      {
        "model": "fast start server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "covalent",
        "version": "3.3"
      },
      {
        "model": "fast start server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "covalent",
        "version": "3.2"
      },
      {
        "model": "fast start server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "covalent",
        "version": "3.1"
      },
      {
        "model": "enterprise ready server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "covalent",
        "version": "2.3"
      },
      {
        "model": "enterprise ready server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "covalent",
        "version": "2.2"
      },
      {
        "model": "enterprise ready server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "covalent",
        "version": "2.1"
      },
      {
        "model": "associates etrust security command center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "tru64 b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "5.1"
      },
      {
        "model": "tru64 a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "5.1"
      },
      {
        "model": "tru64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "5.1"
      },
      {
        "model": "tru64 a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "5.0"
      },
      {
        "model": "tru64 g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "4.0"
      },
      {
        "model": "tru64 f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "4.0"
      },
      {
        "model": "openvms vax",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.3"
      },
      {
        "model": "openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.3"
      },
      {
        "model": "openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.2.1"
      },
      {
        "model": "openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.2-2"
      },
      {
        "model": "openvms -1h2 alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.2"
      },
      {
        "model": "openvms -1h1 alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.2"
      },
      {
        "model": "openvms vax",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.2"
      },
      {
        "model": "openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.2"
      },
      {
        "model": "openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.1-2"
      },
      {
        "model": "openvms vax",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.1"
      },
      {
        "model": "openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "7.1"
      },
      {
        "model": "openvms vax",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "6.2"
      },
      {
        "model": "openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "6.2"
      },
      {
        "model": "openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "compaq",
        "version": "6.2"
      },
      {
        "model": "securecrt",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "4.0.5"
      },
      {
        "model": "project openssl b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "3.6.1"
      },
      {
        "model": "hp-ux apache-based web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0.07.01"
      },
      {
        "model": "crypto++ library",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "crypto",
        "version": "5.1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#997481"
      },
      {
        "db": "BID",
        "id": "7101"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000098"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0147"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-116"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:4.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:4.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:4.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:4.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0147"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Brumley and Dan Boneh.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-116"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2003-0147",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2003-0147",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2003-0147",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#997481",
            "trust": 0.8,
            "value": "9.42"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200303-116",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#997481"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000098"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0147"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-116"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server\u0027s private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (\"Karatsuba\" and normal). Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys.  Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency. OpenSSL so RSA Is used for the encryption algorithm, RSA There is a vulnerability that is subject to timing attacks that can analyze the private key by measuring and analyzing the processing time when generating the private key in the format.The server\u0027s private key may be obtained. A side-channel attack in the OpenSSL implementation has been published in a recent paper that may ultimately result in an active adversary gaining the RSA  private key of a target server.  The attack involves analysis of the timing of certain operations during client-server session key negotiation",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0147"
      },
      {
        "db": "CERT/CC",
        "id": "VU#997481"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000098"
      },
      {
        "db": "BID",
        "id": "7101"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2003-0147",
        "trust": 2.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#997481",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "7101",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000098",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-116",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#997481"
      },
      {
        "db": "BID",
        "id": "7101"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000098"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0147"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-116"
      }
    ]
  },
  "id": "VAR-200303-0010",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.4615448
  },
  "last_update_date": "2023-12-18T13:10:54.856000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.apache.org/"
      },
      {
        "title": "HPSBUX00280",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00954663"
      },
      {
        "title": "HPSBUX0304-255",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0304-255"
      },
      {
        "title": "HPSBUX0309-280",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0309-280.html"
      },
      {
        "title": "HPSBUX0304-255",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0304-255.html"
      },
      {
        "title": "secadv_20030317",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20030317.txt"
      },
      {
        "title": "RHSA-2003:205",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2003-205.html"
      },
      {
        "title": "RHSA-2003:102",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2003-102.html"
      },
      {
        "title": "RHSA-2003:101",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2003-101.html"
      },
      {
        "title": "56380",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56380-1"
      },
      {
        "title": "56380",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56380-3"
      },
      {
        "title": "4 Apache \u0026amp; SSL Security 2.0.1",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng\u0026amp;nav=patchpage"
      },
      {
        "title": "XTR Apache \u0026amp; SSL Security 1.0.1",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng\u0026amp;nav=patchpage"
      },
      {
        "title": "550 Apache \u0026amp; SSL Security 0.0.1",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng\u0026amp;nav=patchpage"
      },
      {
        "title": "TLSA-2003-22",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2003/tlsa-2003-22.txt"
      },
      {
        "title": "#62",
        "trust": 0.8,
        "url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
      },
      {
        "title": "RHSA-2003:205",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-205j.html"
      },
      {
        "title": "RHSA-2003:102",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-102j.html"
      },
      {
        "title": "RHSA-2003:101",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-101j.html"
      },
      {
        "title": "TLSA-2003-22",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-22j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000098"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0147"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.openssl.org/news/secadv_20030317.txt"
      },
      {
        "trust": 1.1,
        "url": "http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.sco.com/pub/security/openlinux/cssa-2003-014.0.txt"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-i"
      },
      {
        "trust": 1.0,
        "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html"
      },
      {
        "trust": 1.0,
        "url": "http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000625"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=104766550528628\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=104792570615648\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=104819602408063\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=104829040921835\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=104861762028637\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2003/dsa-288"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.kb.cert.org/vuls/id/997481"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=mdksa-2003:035"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.com/security/advisories/openpkg-sa-2003.019.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2003-101.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2003-102.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/316165/30/25370/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a466"
      },
      {
        "trust": 0.8,
        "url": "http://ietf.org/rfc/rfc2246.txt"
      },
      {
        "trust": 0.8,
        "url": "http://wp.netscape.com/eng/ssl3/draft302.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.cryptography.com/resources/whitepapers/timingattacks.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://www.bell-labs.com/user/bleichen/papers/chosen.ps"
      },
      {
        "trust": 0.8,
        "url": "ftp://ftp.rsasecurity.com/pub/pdfs/bull-2.pdf"
      },
      {
        "trust": 0.8,
        "url": "ftp://ftp.rsasecurity.com/pub/pdfs/bulletn5.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://link.springer.de/link/service/series/0558/papers/1070/10700001.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://islab.oregonstate.edu/documents/people/blaze/quantize.shar"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0147"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0147"
      },
      {
        "trust": 0.8,
        "url": "http://www.securiteam.com/unixfocus/5fp0c209fe.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/7101"
      },
      {
        "trust": 0.3,
        "url": "http://www.info.apple.com/usen/security/security_updates.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.eskimo.com/~weidai/cryptlib.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.openbsd.org/errata31.html#kadmin"
      },
      {
        "trust": 0.3,
        "url": "http://www.openbsd.org/errata32.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/ip/deploy/ias/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://metalink.oracle.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.covalent.net/support/rotate.php?page=109"
      },
      {
        "trust": 0.3,
        "url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/315884"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/315904"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/315292"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/315069"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#997481"
      },
      {
        "db": "BID",
        "id": "7101"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000098"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0147"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#997481"
      },
      {
        "db": "BID",
        "id": "7101"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000098"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0147"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-116"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-03-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#997481"
      },
      {
        "date": "2003-03-14T00:00:00",
        "db": "BID",
        "id": "7101"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000098"
      },
      {
        "date": "2003-03-31T05:00:00",
        "db": "NVD",
        "id": "CVE-2003-0147"
      },
      {
        "date": "2003-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200303-116"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-08-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#997481"
      },
      {
        "date": "2009-07-11T21:06:00",
        "db": "BID",
        "id": "7101"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000098"
      },
      {
        "date": "2018-10-19T15:29:26.540000",
        "db": "NVD",
        "id": "CVE-2003-0147"
      },
      {
        "date": "2005-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200303-116"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-116"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Timing Attack RSA Private Key Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "7101"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-116"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Configuration Error",
    "sources": [
      {
        "db": "BID",
        "id": "7101"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-116"
      }
    ],
    "trust": 0.9
  }
}

var-201506-0496
Vulnerability from variot

Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier. OpenSSL is prone to a race-condition security vulnerability. The impact of this issue is currently unknown. We will update this BID when more information emerges. The following are vulnerable: OpenSSL 1.0.2 prior to 1.0.2b OpenSSL 1.0.1 prior to 1.0.1n OpenSSL 1.0.0 prior to 1.0.0s OpenSSL 0.9.8 prior to 0.9.8zg. The following firmware versions of Virtual Connect (VC) are impacted:

HPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45 HPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21

Note: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800, CVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and CVE-2016-2842. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04760669

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04760669 Version: 1

HPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-08-05 Last Updated: 2015-08-05

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled.

This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information.

References:

CVE-2015-4000: DHE man-in-the-middle protection (Logjam).

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1793 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided an updated version of OpenSSL to resolve this vulnerability.

A new B.11.31 depot for OpenSSL_A.01.00.01p is available here:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I

MANUAL ACTIONS: Yes - Update

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.31

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.01.00.01p or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 5 August 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlXCSD4ACgkQ4B86/C0qfVlKnQCg5XcK1amrTACEyDY3QtJF75u2 L90AnAgGXxSCZgBVzDQCAezbHbrHPwtg =74KM -----END PGP SIGNATURE----- .

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security as well as a general purpose cryptography library.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1o >= 0.9.8z_p7 >= 1.0.1o

Description

Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 1.0.1 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1o"

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p7"

References

[ 1 ] CVE-2014-8176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176 [ 2 ] CVE-2015-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788 [ 3 ] CVE-2015-1789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789 [ 4 ] CVE-2015-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790 [ 5 ] CVE-2015-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791 [ 6 ] CVE-2015-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792 [ 7 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201506-02

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

.

References:

  • CVE-2014-8176 - Remote Denial of Service (DoS)
  • CVE-2015-1788 - Remote Denial of Service (DoS)
  • CVE-2015-1789 - Remote Denial of Service (DoS)
  • CVE-2015-1790 - Remote Denial of Service (DoS)
  • CVE-2015-1791 - Remote Denial of Service (DoS)
  • CVE-2015-1792 - Remote Denial of Service (DoS)
  • CVE-2015-1793 - Remote Unauthorized Access
  • PSRT110158, SSRT102264

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

Please refer to the RESOLUTION below for a list of impacted products.

COMWARE 5 Products

  • A6600 (Comware 5) - Version: R3303P23
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • HSR6602 (Comware 5) - Version: R3303P23
    • HP Network Products
    • JC176A HP 6602 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 (Comware 5) - Version: R3303P23
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • MSR20 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD432A HP A-MSR20-21 Router
    • JD662A HP MSR20-20 Router
    • JD663A HP A-MSR20-21 Router
    • JD663B HP MSR20-21 Router
    • JD664A HP MSR20-40 Router
    • JF228A HP MSR20-40 Router
    • JF283A HP MSR20-20 Router
  • MSR20-1X (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD431A HP MSR20-10 Router
    • JD667A HP MSR20-15 IW Multi-Service Router
    • JD668A HP MSR20-13 Multi-Service Router
    • JD669A HP MSR20-13 W Multi-Service Router
    • JD670A HP MSR20-15 A Multi-Service Router
    • JD671A HP MSR20-15 AW Multi-Service Router
    • JD672A HP MSR20-15 I Multi-Service Router
    • JD673A HP MSR20-11 Multi-Service Router
    • JD674A HP MSR20-12 Multi-Service Router
    • JD675A HP MSR20-12 W Multi-Service Router
    • JD676A HP MSR20-12 T1 Multi-Service Router
    • JF236A HP MSR20-15-I Router
    • JF237A HP MSR20-15-A Router
    • JF238A HP MSR20-15-I-W Router
    • JF239A HP MSR20-11 Router
    • JF240A HP MSR20-13 Router
    • JF241A HP MSR20-12 Router
    • JF806A HP MSR20-12-T Router
    • JF807A HP MSR20-12-W Router
    • JF808A HP MSR20-13-W Router
    • JF809A HP MSR20-15-A-W Router
    • JF817A HP MSR20-15 Router
    • JG209A HP MSR20-12-T-W Router (NA)
    • JG210A HP MSR20-13-W Router (NA)
  • MSR 30 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD654A HP MSR30-60 POE Multi-Service Router
    • JD657A HP MSR30-40 Multi-Service Router
    • JD658A HP MSR30-60 Multi-Service Router
    • JD660A HP MSR30-20 POE Multi-Service Router
    • JD661A HP MSR30-40 POE Multi-Service Router
    • JD666A HP MSR30-20 Multi-Service Router
    • JF229A HP MSR30-40 Router
    • JF230A HP MSR30-60 Router
    • JF232A HP RTMSR3040-AC-OVSAS-H3
    • JF235A HP MSR30-20 DC Router
    • JF284A HP MSR30-20 Router
    • JF287A HP MSR30-40 DC Router
    • JF801A HP MSR30-60 DC Router
    • JF802A HP MSR30-20 PoE Router
    • JF803A HP MSR30-40 PoE Router
    • JF804A HP MSR30-60 PoE Router
    • JG728A HP MSR30-20 TAA-compliant DC Router
    • JG729A HP MSR30-20 TAA-compliant Router
  • MSR 30-16 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD659A HP MSR30-16 POE Multi-Service Router
    • JD665A HP MSR30-16 Multi-Service Router
    • JF233A HP MSR30-16 Router
    • JF234A HP MSR30-16 PoE Router
  • MSR 30-1X (Comware 5) - Version: R2514P10
    • HP Network Products
    • JF800A HP MSR30-11 Router
    • JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
    • JG182A HP MSR30-11E Router
    • JG183A HP MSR30-11F Router
    • JG184A HP MSR30-10 DC Router
  • MSR 50 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD433A HP MSR50-40 Router
    • JD653A HP MSR50 Processor Module
    • JD655A HP MSR50-40 Multi-Service Router
    • JD656A HP MSR50-60 Multi-Service Router
    • JF231A HP MSR50-60 Router
    • JF285A HP MSR50-40 DC Router
    • JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
  • MSR 50-G2 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD429A HP MSR50 G2 Processor Module
    • JD429B HP MSR50 G2 Processor Module
  • MSR 9XX (Comware 5) - Version: R2514P10
    • HP Network Products
    • JF812A HP MSR900 Router
    • JF813A HP MSR920 Router
    • JF814A HP MSR900-W Router
    • JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
    • JG207A HP MSR900-W Router (NA)
    • JG208A HP MSR920-W Router (NA)
  • MSR 93X (Comware 5) - Version: R2514P10
    • HP Network Products
    • JG511A HP MSR930 Router
    • JG511B HP MSR930 Router
    • JG512A HP MSR930 Wireless Router
    • JG513A HP MSR930 3G Router
    • JG513B HP MSR930 3G Router
    • JG514A HP MSR931 Router
    • JG514B HP MSR931 Router
    • JG515A HP MSR931 3G Router
    • JG516A HP MSR933 Router
    • JG517A HP MSR933 3G Router
    • JG518A HP MSR935 Router
    • JG518B HP MSR935 Router
    • JG519A HP MSR935 Wireless Router
    • JG520A HP MSR935 3G Router
    • JG531A HP MSR931 Dual 3G Router
    • JG531B HP MSR931 Dual 3G Router
    • JG596A HP MSR930 4G LTE/3G CDMA Router
    • JG597A HP MSR936 Wireless Router
    • JG665A HP MSR930 4G LTE/3G WCDMA Global Router
    • JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
    • JH009A HP MSR931 Serial (TI) Router
    • JH010A HP MSR933 G.SHDSL (TI) Router
    • JH011A HP MSR935 ADSL2+ (TI) Router
    • JH012A HP MSR930 Wireless 802.11n (NA) Router
    • JH012B HP MSR930 Wireless 802.11n (NA) Router
    • JH013A HP MSR935 Wireless 802.11n (NA) Router
  • MSR1000 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JG732A HP MSR1003-8 AC Router
  • 12500 (Comware 5) - Version: R1829P01
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JC808A HP 12500 TAA Main Processing Unit
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
  • 9500E (Comware 5) - Version: R1829P01
    • HP Network Products
    • JC124A HP A9508 Switch Chassis
    • JC124B HP 9505 Switch Chassis
    • JC125A HP A9512 Switch Chassis
    • JC125B HP 9512 Switch Chassis
    • JC474A HP A9508-V Switch Chassis
    • JC474B HP 9508-V Switch Chassis
  • 10500 (Comware 5) - Version: R1210P01
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC614A HP 10500 Main Processing Unit
    • JC748A HP 10512 Switch Chassis
    • JG375A HP 10500 TAA-compliant Main Processing Unit
    • JG820A HP 10504 TAA-compliant Switch Chassis
    • JG821A HP 10508 TAA-compliant Switch Chassis
    • JG822A HP 10508-V TAA-compliant Switch Chassis
    • JG823A HP 10512 TAA-compliant Switch Chassis
  • 7500 (Comware 5) - Version: R6710P01
    • HP Network Products
    • JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
    • JC697A HP 7502 TAA-compliant Main Processing Unit
    • JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
    • JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
    • JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
    • JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
    • JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD194A HP 7500 384Gbps Fabric Module
    • JD194B HP 7500 384Gbps Fabric Module
    • JD195A HP 7500 384Gbps Advanced Fabric Module
    • JD196A HP 7502 Fabric Module
    • JD220A HP 7500 768Gbps Fabric Module
    • JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
    • JD238A HP 7510 Switch Chassis
    • JD238B HP 7510 Switch Chassis
    • JD239A HP 7506 Switch Chassis
    • JD239B HP 7506 Switch Chassis
    • JD240A HP 7503 Switch Chassis
    • JD240B HP 7503 Switch Chassis
    • JD241A HP 7506-V Switch Chassis
    • JD241B HP 7506-V Switch Chassis
    • JD242A HP 7502 Switch Chassis
    • JD242B HP 7502 Switch Chassis
    • JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
    • JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
    • JE164A HP E7902 Switch Chassis
    • JE165A HP E7903 Switch Chassis
    • JE166A HP E7903 1 Fabric Slot Switch Chassis
    • JE167A HP E7906 Switch Chassis
    • JE168A HP E7906 Vertical Switch Chassis
    • JE169A HP E7910 Switch Chassis
  • 5830 (Comware 5) - Version: R1118P13
    • HP Network Products
    • JC691A HP 5830AF-48G Switch with 1 Interface Slot
    • JC694A HP 5830AF-96G Switch
    • JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
    • JG374A HP 5830AF-96G TAA-compliant Switch
  • 5800 (Comware 5) - Version: R1809P11
    • HP Network Products
    • JC099A HP 5800-24G-PoE Switch
    • JC099B HP 5800-24G-PoE+ Switch
    • JC100A HP 5800-24G Switch
    • JC100B HP 5800-24G Switch
    • JC101A HP 5800-48G Switch with 2 Slots
    • JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
    • JC103A HP 5800-24G-SFP Switch
    • JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
    • JC104A HP 5800-48G-PoE Switch
    • JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
    • JC105A HP 5800-48G Switch
    • JC105B HP 5800-48G Switch with 1 Interface Slot
    • JG254A HP 5800-24G-PoE+ TAA-compliant Switch
    • JG254B HP 5800-24G-PoE+ TAA-compliant Switch
    • JG255A HP 5800-24G TAA-compliant Switch
    • JG255B HP 5800-24G TAA-compliant Switch
    • JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG225A HP 5800AF-48G Switch
    • JG225B HP 5800AF-48G Switch
    • JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
    • JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
    • JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
    • JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
    • JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
    • JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
    • JG219A HP 5820AF-24XG Switch
    • JG219B HP 5820AF-24XG Switch
    • JC102A HP 5820-24XG-SFP+ Switch
    • JC102B HP 5820-24XG-SFP+ Switch
  • 5500 HI (Comware 5) - Version: R5501P17
    • HP Network Products
    • JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
    • JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
    • JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
    • JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
  • 5500 EI (Comware 5) - Version: R2221P19
    • HP Network Products
    • JD373A HP 5500-24G DC EI Switch
    • JD374A HP 5500-24G-SFP EI Switch
    • JD375A HP 5500-48G EI Switch
    • JD376A HP 5500-48G-PoE EI Switch
    • JD377A HP 5500-24G EI Switch
    • JD378A HP 5500-24G-PoE EI Switch
    • JD379A HP 5500-24G-SFP DC EI Switch
    • JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
    • JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
    • JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
    • JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
    • JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
  • 4800G (Comware 5) - Version: R2221P19
    • HP Network Products
    • JD007A HP 4800-24G Switch
    • JD008A HP 4800-24G-PoE Switch
    • JD009A HP 4800-24G-SFP Switch
    • JD010A HP 4800-48G Switch
    • JD011A HP 4800-48G-PoE Switch
  • 5500SI (Comware 5) - Version: R2221P20
    • HP Network Products
    • JD369A HP 5500-24G SI Switch
    • JD370A HP 5500-48G SI Switch
    • JD371A HP 5500-24G-PoE SI Switch
    • JD372A HP 5500-48G-PoE SI Switch
    • JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
    • JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
  • 4500G (Comware 5) - Version: R2221P20
    • HP Network Products
    • JF428A HP 4510-48G Switch
    • JF847A HP 4510-24G Switch
  • 5120 EI (Comware 5) - Version: R2221P20
    • HP Network Products
    • JE066A HP 5120-24G EI Switch
    • JE067A HP 5120-48G EI Switch
    • JE068A HP 5120-24G EI Switch with 2 Interface Slots
    • JE069A HP 5120-48G EI Switch with 2 Interface Slots
    • JE070A HP 5120-24G-PoE EI 2-slot Switch
    • JE071A HP 5120-48G-PoE EI 2-slot Switch
    • JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
    • JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
    • JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
    • JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
  • 4210G (Comware 5) - Version: R2221P20
    • HP Network Products
    • JF844A HP 4210-24G Switch
    • JF845A HP 4210-48G Switch
    • JF846A HP 4210-24G-PoE Switch
  • 5120 SI (Comware 5) - Version: R1516
    • HP Network Products
    • JE072A HP 5120-48G SI Switch
    • JE072B HPE 5120 48G SI Switch
    • JE073A HP 5120-16G SI Switch
    • JE073B HPE 5120 16G SI Switch
    • JE074A HP 5120-24G SI Switch
    • JE074B HPE 5120 24G SI Switch
    • JG091A HP 5120-24G-PoE+ (370W) SI Switch
    • JG091B HPE 5120 24G PoE+ (370W) SI Switch
    • JG092A HP 5120-24G-PoE+ (170W) SI Switch
    • JG309B HPE 5120 8G PoE+ (180W) SI Switch
    • JG310B HPE 5120 8G PoE+ (65W) SI Switch
  • 3610 (Comware 5) - Version: R5319P14
    • HP Network Products
    • JD335A HP 3610-48 Switch
    • JD336A HP 3610-24-4G-SFP Switch
    • JD337A HP 3610-24-2G-2G-SFP Switch
    • JD338A HP 3610-24-SFP Switch
  • 3600V2 (Comware 5) - Version: R2110P06
    • HP Network Products
    • JG299A HP 3600-24 v2 EI Switch
    • JG299B HP 3600-24 v2 EI Switch
    • JG300A HP 3600-48 v2 EI Switch
    • JG300B HP 3600-48 v2 EI Switch
    • JG301A HP 3600-24-PoE+ v2 EI Switch
    • JG301B HP 3600-24-PoE+ v2 EI Switch
    • JG301C HP 3600-24-PoE+ v2 EI Switch
    • JG302A HP 3600-48-PoE+ v2 EI Switch
    • JG302B HP 3600-48-PoE+ v2 EI Switch
    • JG302C HP 3600-48-PoE+ v2 EI Switch
    • JG303A HP 3600-24-SFP v2 EI Switch
    • JG303B HP 3600-24-SFP v2 EI Switch
    • JG304A HP 3600-24 v2 SI Switch
    • JG304B HP 3600-24 v2 SI Switch
    • JG305A HP 3600-48 v2 SI Switch
    • JG305B HP 3600-48 v2 SI Switch
    • JG306A HP 3600-24-PoE+ v2 SI Switch
    • JG306B HP 3600-24-PoE+ v2 SI Switch
    • JG306C HP 3600-24-PoE+ v2 SI Switch
    • JG307A HP 3600-48-PoE+ v2 SI Switch
    • JG307B HP 3600-48-PoE+ v2 SI Switch
    • JG307C HP 3600-48-PoE+ v2 SI Switch
  • 3100V2-48 (Comware 5) - Version: R2110P06
    • HP Network Products
    • JG315A HP 3100-48 v2 Switch
    • JG315B HP 3100-48 v2 Switch
  • HP870 (Comware 5) - Version: R2607P46
    • HP Network Products
    • JG723A HP 870 Unified Wired-WLAN Appliance
    • JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
  • HP850 (Comware 5) - Version: R2607P46
    • HP Network Products
    • JG722A HP 850 Unified Wired-WLAN Appliance
    • JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
  • HP830 (Comware 5) - Version: R3507P46
    • HP Network Products
    • JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
    • JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
    • JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
    • JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
  • HP6000 (Comware 5) - Version: R2507P46
    • HP Network Products
    • JG639A HP 10500/7500 20G Unified Wired-WLAN Module
    • JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
  • WX5004-EI (Comware 5) - Version: R2507P46
    • HP Network Products
    • JD447B HP WX5002 Access Controller
    • JD448A HP WX5004 Access Controller
    • JD448B HP WX5004 Access Controller
    • JD469A HP WX5004 Access Controller
  • SecBlade FW (Comware 5) - Version: R3181P07
    • HP Network Products
    • JC635A HP 12500 VPN Firewall Module
    • JD245A HP 9500 VPN Firewall Module
    • JD249A HP 10500/7500 Advanced VPN Firewall Module
    • JD250A HP 6600 Firewall Processing Router Module
    • JD251A HP 8800 Firewall Processing Module
    • JD255A HP 5820 VPN Firewall Module
  • F1000-E (Comware 5) - Version: R3181P07
    • HP Network Products
    • JD272A HP F1000-E VPN Firewall Appliance
  • F1000-A-EI (Comware 5) - Version: R3734P08
    • HP Network Products
    • JG214A HP F1000-A-EI VPN Firewall Appliance
  • F1000-S-EI (Comware 5) - Version: R3734P08
    • HP Network Products
    • JG213A HP F1000-S-EI VPN Firewall Appliance
  • F5000-A (Comware 5) - Version: F3210P26
    • HP Network Products
    • JD259A HP A5000-A5 VPN Firewall Chassis
    • JG215A HP F5000 Firewall Main Processing Unit
    • JG216A HP F5000 Firewall Standalone Chassis
  • U200S and CS (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD273A HP U200-S UTM Appliance
  • U200A and M (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD275A HP U200-A UTM Appliance
  • F5000-C/S (Comware 5) - Version: R3811P05
    • HP Network Products
    • JG650A HP F5000-C VPN Firewall Appliance
    • JG370A HP F5000-S VPN Firewall Appliance
  • SecBlade III (Comware 5) - Version: R3820P06
    • HP Network Products
    • JG371A HP 12500 20Gbps VPN Firewall Module
    • JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
  • 6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
  • 6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC165A) HP 6600 RPE-X1 Router Module
    • JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • 6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC176A) HP 6602 Router Chassis
  • HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • SMB1910 (Comware 5) - Version: R1111
    • HP Network Products
    • JG540A HP 1910-48 Switch
    • JG539A HP 1910-24-PoE+ Switch
    • JG538A HP 1910-24 Switch
    • JG537A HP 1910-8 -PoE+ Switch
    • JG536A HP 1910-8 Switch
  • SMB1920 (Comware 5) - Version: R1109
    • HP Network Products
    • JG928A HP 1920-48G-PoE+ (370W) Switch
    • JG927A HP 1920-48G Switch
    • JG926A HP 1920-24G-PoE+ (370W) Switch
    • JG925A HP 1920-24G-PoE+ (180W) Switch
    • JG924A HP 1920-24G Switch
    • JG923A HP 1920-16G Switch
    • JG922A HP 1920-8G-PoE+ (180W) Switch
    • JG921A HP 1920-8G-PoE+ (65W) Switch
    • JG920A HP 1920-8G Switch
  • V1910 (Comware 5) - Version: R1516
    • HP Network Products
    • JE005A HP 1910-16G Switch
    • JE006A HP 1910-24G Switch
    • JE007A HP 1910-24G-PoE (365W) Switch
    • JE008A HP 1910-24G-PoE(170W) Switch
    • JE009A HP 1910-48G Switch
    • JG348A HP 1910-8G Switch
    • JG349A HP 1910-8G-PoE+ (65W) Switch
    • JG350A HP 1910-8G-PoE+ (180W) Switch
  • SMB 1620 (Comware 5) - Version: R1108
    • HP Network Products
    • JG914A HP 1620-48G Switch
    • JG913A HP 1620-24G Switch
    • JG912A HP 1620-8G Switch

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7376
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
  • 10500 (Comware 7) - Version: R7170
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
  • 12900 (Comware 7) - Version: R1138P01
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
  • 5900 (Comware 7) - Version: R2422P01
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
  • MSR1000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
  • MSR2000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
  • MSR3000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
  • MSR4000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
  • VSR (Comware 7) - Version: E0321P01
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
  • 7900 (Comware 7) - Version: R2138P01
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
  • 5130 (Comware 7) - Version: R3109P16
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
  • 5700 (Comware 7) - Version: R2422P01
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
  • 5930 (Comware 7) - Version: R2422P01
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
  • HSR6600 (Comware 7) - Version: R7103P05
    • HP Network Products
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
  • HSR6800 (Comware 7) - Version: R7103P05
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
    • JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
  • 1950 (Comware 7) - Version: R3109P16
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
  • 7500 (Comware 7) - Version: R7170
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit

iMC Products

  • iMC Plat - Version: iMC Plat 7.1 E0303P16
    • HP Network Products
    • JD125A HP IMC Std S/W Platform w/100-node
    • JD126A HP IMC Ent S/W Platform w/100-node
    • JD808A HP IMC Ent Platform w/100-node License
    • JD814A HP A-IMC Enterprise Edition Software DVD Media
    • JD815A HP IMC Std Platform w/100-node License
    • JD816A HP A-IMC Standard Edition Software DVD Media
    • JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
    • JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
    • JF377A HP IMC Std S/W Platform w/100-node Lic
    • JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
    • JF378A HP IMC Ent S/W Platform w/200-node Lic
    • JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
    • JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
    • JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
    • JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
    • JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
    • JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
    • JG659AAE HP IMC Smart Connect VAE E-LTU
    • JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
    • JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
    • JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
    • JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
    • JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
    • JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
  • iMC iNode - Version: iNode PC 7.1 E0313, or, iNode PC 7.2 (E0401)
    • HP Network Products
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
  • iMC TAM_UAM - Version: iMC UAM_TAM 7.1 (E0307)
    • HP Network Products
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
  • iMC NSM - Version: iMC WSM 7.1 E0303P10
    • HP Network Products
    • JD456A HP IMC WSM Software Module with 50-Access Point License
    • JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
    • JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
    • JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
    • JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
    • JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU

VCX Products

  • VCX - Version: 9.8.18
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0

HISTORY Version:1 (rev.1) - 5 July 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 383ecfed6bfef1440a44d7082745848a openssl-0.9.8zg-i486-1_slack13.0.txz fb186187ffa200e22d9450a9d0e321f6 openssl-solibs-0.9.8zg-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: eb52318ed52fef726402f0b2a74745c5 openssl-0.9.8zg-x86_64-1_slack13.0.txz 9447927b960a01b21149e28a9783021f openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 37f46f6b4fe2acbe217eaf7c0b33b704 openssl-0.9.8zg-i486-1_slack13.1.txz 986de2e71676f61d788a59a1e0c8de1f openssl-solibs-0.9.8zg-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 6b160ce817dcde3ae5b3a861b284387b openssl-0.9.8zg-x86_64-1_slack13.1.txz 503d891680c711162386ea7e3daadca8 openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 5e7501b1d73d01d3d87704c3cfd3a888 openssl-0.9.8zg-i486-1_slack13.37.txz 874f0b59870dd3f259640c9930a02f99 openssl-solibs-0.9.8zg-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: b6d91614458040d461dff3c3eab45206 openssl-0.9.8zg-x86_64-1_slack13.37.txz be106df5e59c2be7fa442df8ba85ad0b openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz

Slackware 14.0 packages: ee7c3937e6a6d7ac7537f751af7da7b9 openssl-1.0.1n-i486-1_slack14.0.txz 758662437d33f99ec0a686cedeb1919e openssl-solibs-1.0.1n-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 2dfdc4729e93cf460018e9e30a6223dc openssl-1.0.1n-x86_64-1_slack14.0.txz 9cb4b34e97e60f6bfe4c843aabeae954 openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 5a9bf08d55615cfc097109c2e3786f7b openssl-1.0.1n-i486-1_slack14.1.txz fb1c05468e5c38d51a8ff6ac435e3a20 openssl-solibs-1.0.1n-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 1ef5cede3f954c3e4741012ffa76b750 openssl-1.0.1n-x86_64-1_slack14.1.txz ea22c288c60ae1d7ea8c5b3a1608462b openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz

Slackware -current packages: 56db8712d653c060f910e8915a8f8656 a/openssl-solibs-1.0.1n-i586-1.txz 6d6264c9943e27240db5c8f5ec342e27 n/openssl-1.0.1n-i586-1.txz

Slackware x86_64 -current packages: e73f7aff5aa0ad14bc06428544f99ae2 a/openssl-solibs-1.0.1n-x86_64-1.txz 91b550b9eb0ac0c580e158375a93c0e4 n/openssl-1.0.1n-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [11 Jun 2015] =======================================

DHE man-in-the-middle protection (Logjam)

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000).

OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n

Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx of the OpenSSL development team.

Malformed ECParameters causes infinite loop (CVE-2015-1788)

Severity: Moderate

When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field.

This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled.

This issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent 1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The fix was developed by Andy Polyakov of the OpenSSL development team.

Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)

Severity: Moderate

X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string.

An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki (Google), and independently on 11th April 2015 by Hanno Böck. The fix was developed by Emilia Käsper of the OpenSSL development team.

PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)

Severity: Moderate

The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.

Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 18th April 2015 by Michal Zalewski (Google). The fix was developed by Emilia Käsper of the OpenSSL development team.

CMS verify infinite loop with unknown hash function (CVE-2015-1792)

Severity: Moderate

When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID.

This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was discovered by Emilia Käsper of the OpenSSL development team. The fix was developed by Matt Caswell of the OpenSSL development team.

Invalid free in DTLS (CVE-2014-8176)

Severity: Moderate

This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014.

If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption.

This issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

This issue was originally reported on March 28th 2014 in https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google). A fix was developed by zhu qun-ying.

The fix for this issue can be identified by commits bcc31166 (1.0.1), b79e6e3a (1.0.0) and 4b258e73 (0.9.8).

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150611.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0496",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zf"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.9,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "hs series all versions"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.2"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator probe option ver3.1.0.x to  ver4.1.0.x"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1 to  v8.1"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c cmm"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.63"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "6.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v4.2 to  v6.5"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator agent ver3.3 to  ver4.1"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.71"
      },
      {
        "model": "communications applications",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle enterprise session border controller ecz7.3m1p4 and earlier"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.2"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.54"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver6.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c ucm"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v7.1"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v7.1 to  v8.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "systemmanager ver5.5.2 to  ver6.2.1"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.53"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v4.1 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.2"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "jobcenter r14.1"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7500/nv5500/nv3500 series"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.4 to  v9.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v4.1 to  v6.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0s"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "7.0"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7400/nv5400/nv3400 series"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator manager ver3.2.2 to  ver4.1"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v4.2 to  v6.5"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "mcoperations ver3.6.2 to  ver4.2"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "8.0"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "7.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v7.1 to  v8.1"
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle exalogic infrastructure eecs 2.0.6.2.3"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "uddi registry v1.1 to  v7.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0 manager component"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.14"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.2"
      },
      {
        "model": "junos 12.1x44-d33",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.0.0"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "hp-ux b.11.22",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "insight orchestration",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 14.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.13"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.6"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.12"
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "open source siem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "junos 13.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "communications session border controller scz7.4.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.2"
      },
      {
        "model": "ascenlink",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.2.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.19"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sterling integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "hp-ux b.11.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d51",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "imc products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37001.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4"
      },
      {
        "model": "junos 12.1x44-d50",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server eus 6.6.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "junos 14.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flashsystem 9843-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.8"
      },
      {
        "model": "linux enterprise server sp2 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "qradar incident forensics mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50001.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "qradar siem patch ifix01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.44"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.10.38"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.00"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.8"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 12.3x48-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.33"
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "screenos 6.3.0r21",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.19"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "communications session border controller scz7.3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 15.1r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.3"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.03"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "junos 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.1.8"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1.8"
      },
      {
        "model": "rational policy tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "junos 14.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.12"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.9"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.30"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4.2"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5.0"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "security proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura conferencing sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "junos 12.1x44-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x44-d30.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "junos 15.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos d20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "exalogic infrastructure eecs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.6.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.213"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.07"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.14"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.50"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.6"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "hp-ux b.11.11.16.09",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.5"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "screenos 6.3.0r22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "qradar siem mr2 patch ifi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.110"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.07"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.413"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.34"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.38"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "hp-ux b.11.11.13.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "junos 14.1r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.16"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.10"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.12"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.7"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "hp-ux b.11.23.1.007",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "forticlient windows/mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.31"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "flashsystem 9848-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "flashsystem 9840-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.34"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "screenos 6.3.0r12",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.6"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security identity governance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.2.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.411"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.12.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.5"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.18"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.12"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.0.4.0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.6"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "junos 13.2x51-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.45"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 14.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.3"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "fortivoice enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.6"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "flashsystem 9846-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.7"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.19"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.1"
      },
      {
        "model": "hp-ux b.11.11.02.008",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.16"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.21"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.0"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "junos 12.1x46-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "netinsight",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.14"
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.35"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.19"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "junos 14.2r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zg",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.6"
      },
      {
        "model": "junos 13.2x51-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "powerkvm build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.157"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "junos 13.2x51-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.26"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "qradar siem mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.12"
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "vcx products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "junos 12.1x47-d45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.10"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "qradar siem mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.37"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "flashsystem 9843-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2.2"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "hp-ux b.11.11.17.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "screenos 6.3.0r13",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.01"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.1.5"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "secure backup",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.13"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.03"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "project openssl 0.9.8zf",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.41"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.19"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.1.8"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.41"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "hp-ux b.11.23.07.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.7"
      },
      {
        "model": "qradar incident forensics mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "aura conferencing sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.6"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.7"
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.15"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.6"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.02"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.2"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 12.1x46-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.3"
      },
      {
        "model": "junos 12.3r11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "linux enterprise server sp1 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.1"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "screenos 6.3.0r20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.5"
      },
      {
        "model": "junos 13.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.3"
      },
      {
        "model": "infosphere guardium for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "junos 15.1x49-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.41"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.2"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "junos 14.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.3"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "workload deployer if9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.12"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.10"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "flashsystem 9848-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.13"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.2"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.62"
      },
      {
        "model": "junos 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.33"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.12"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35001.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.212"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.0"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "flashsystem 9846-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.2"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "fsso build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "235"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "hp-ux b.11.11.14.15",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "junos 12.1x44-d35.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.3"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "junos 12.3x48-d30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.3"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.5"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.21"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3.1"
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.01"
      },
      {
        "model": "unified security management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "junos 13.2x51-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "hp-ux b.11.11.15.13",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.05"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.2"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.12"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "junos 15.1x49-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.6"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.6"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.32"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.8"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.3r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.214"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.19"
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zf",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2015-1791",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-1791",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1791",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201506-247",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-1791",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1791"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier. OpenSSL is prone to a race-condition security vulnerability. \nThe impact of this issue is currently unknown. We will update this BID when more information emerges. \nThe following are vulnerable:\nOpenSSL 1.0.2 prior to 1.0.2b\nOpenSSL 1.0.1 prior to 1.0.1n\nOpenSSL 1.0.0 prior to 1.0.0s\nOpenSSL 0.9.8 prior to 0.9.8zg. \nThe following firmware versions of Virtual Connect (VC) are impacted:\n\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21\n\nNote: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800,\nCVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and\nCVE-2016-2842. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04760669\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04760669\nVersion: 1\n\nHPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-05\nLast Updated: 2015-08-05\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running\nOpenSSL with SSL/TLS enabled. \n\nThis is the TLS vulnerability using US export-grade 512-bit keys in\nDiffie-Hellman key exchange known as Logjam which could be exploited remotely\nresulting in disclosure of information. \n\nReferences:\n\nCVE-2015-4000: DHE man-in-the-middle protection (Logjam). \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2015-4000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2015-1788    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1793    (AV:N/AC:L/Au:N/C:P/I:P/A:N)       6.4\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided an updated version of OpenSSL to resolve this vulnerability. \n\nA new B.11.31 depot for OpenSSL_A.01.00.01p is available here:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nMANUAL ACTIONS: Yes - Update\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.01.00.01p or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 5 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niEYEARECAAYFAlXCSD4ACgkQ4B86/C0qfVlKnQCg5XcK1amrTACEyDY3QtJF75u2\nL90AnAgGXxSCZgBVzDQCAezbHbrHPwtg\n=74KM\n-----END PGP SIGNATURE-----\n. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\nand Transport Layer Security as well as a general purpose cryptography\nlibrary. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.1o               \u003e= 0.9.8z_p7\n                                                            \u003e= 1.0.1o\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1o\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-8176\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176\n[ 2 ] CVE-2015-1788\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788\n[ 3 ] CVE-2015-1789\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789\n[ 4 ] CVE-2015-1790\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790\n[ 5 ] CVE-2015-1791\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791\n[ 6 ] CVE-2015-1792\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792\n[ 7 ] CVE-2015-4000\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201506-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\nReferences:\n\n  - CVE-2014-8176 - Remote Denial of Service (DoS)\n  - CVE-2015-1788 - Remote Denial of Service (DoS)\n  - CVE-2015-1789 - Remote Denial of Service (DoS)\n  - CVE-2015-1790 - Remote Denial of Service (DoS)\n  - CVE-2015-1791 - Remote Denial of Service (DoS)\n  - CVE-2015-1792 - Remote Denial of Service (DoS)\n  - CVE-2015-1793 - Remote Unauthorized Access\n  - PSRT110158, SSRT102264\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nPlease refer to the RESOLUTION\n below for a list of impacted products. \n\n**COMWARE 5 Products**\n\n  + **A6600 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **HSR6602 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **MSR20 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD432A HP A-MSR20-21 Router\n      - JD662A HP MSR20-20 Router\n      - JD663A HP A-MSR20-21 Router\n      - JD663B HP MSR20-21 Router\n      - JD664A HP MSR20-40 Router\n      - JF228A HP MSR20-40 Router\n      - JF283A HP MSR20-20 Router\n  + **MSR20-1X  (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD431A HP MSR20-10 Router\n      - JD667A HP MSR20-15 IW Multi-Service Router\n      - JD668A HP MSR20-13 Multi-Service Router\n      - JD669A HP MSR20-13 W Multi-Service Router\n      - JD670A HP MSR20-15 A Multi-Service Router\n      - JD671A HP MSR20-15 AW Multi-Service Router\n      - JD672A HP MSR20-15 I Multi-Service Router\n      - JD673A HP MSR20-11 Multi-Service Router\n      - JD674A HP MSR20-12 Multi-Service Router\n      - JD675A HP MSR20-12 W Multi-Service Router\n      - JD676A HP MSR20-12 T1 Multi-Service Router\n      - JF236A HP MSR20-15-I Router\n      - JF237A HP MSR20-15-A Router\n      - JF238A HP MSR20-15-I-W Router\n      - JF239A HP MSR20-11 Router\n      - JF240A HP MSR20-13 Router\n      - JF241A HP MSR20-12 Router\n      - JF806A HP MSR20-12-T Router\n      - JF807A HP MSR20-12-W Router\n      - JF808A HP MSR20-13-W Router\n      - JF809A HP MSR20-15-A-W Router\n      - JF817A HP MSR20-15 Router\n      - JG209A HP MSR20-12-T-W Router (NA)\n      - JG210A HP MSR20-13-W Router (NA)\n  + **MSR 30 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD654A HP MSR30-60 POE Multi-Service Router\n      - JD657A HP MSR30-40 Multi-Service Router\n      - JD658A HP MSR30-60 Multi-Service Router\n      - JD660A HP MSR30-20 POE Multi-Service Router\n      - JD661A HP MSR30-40 POE Multi-Service Router\n      - JD666A HP MSR30-20 Multi-Service Router\n      - JF229A HP MSR30-40 Router\n      - JF230A HP MSR30-60 Router\n      - JF232A HP RTMSR3040-AC-OVSAS-H3\n      - JF235A HP MSR30-20 DC Router\n      - JF284A HP MSR30-20 Router\n      - JF287A HP MSR30-40 DC Router\n      - JF801A HP MSR30-60 DC Router\n      - JF802A HP MSR30-20 PoE Router\n      - JF803A HP MSR30-40 PoE Router\n      - JF804A HP MSR30-60 PoE Router\n      - JG728A HP MSR30-20 TAA-compliant DC Router\n      - JG729A HP MSR30-20 TAA-compliant Router\n  + **MSR 30-16 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD659A HP MSR30-16 POE Multi-Service Router\n      - JD665A HP MSR30-16 Multi-Service Router\n      - JF233A HP MSR30-16 Router\n      - JF234A HP MSR30-16 PoE Router\n  + **MSR 30-1X (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JF800A HP MSR30-11 Router\n      - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n      - JG182A HP MSR30-11E Router\n      - JG183A HP MSR30-11F Router\n      - JG184A HP MSR30-10 DC Router\n  + **MSR 50 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD433A HP MSR50-40 Router\n      - JD653A HP MSR50 Processor Module\n      - JD655A HP MSR50-40 Multi-Service Router\n      - JD656A HP MSR50-60 Multi-Service Router\n      - JF231A HP MSR50-60 Router\n      - JF285A HP MSR50-40 DC Router\n      - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n  + **MSR 50-G2 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD429A HP MSR50 G2 Processor Module\n      - JD429B HP MSR50 G2 Processor Module\n  + **MSR 9XX (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JF812A HP MSR900 Router\n      - JF813A HP MSR920 Router\n      - JF814A HP MSR900-W Router\n      - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n      - JG207A HP MSR900-W Router (NA)\n      - JG208A HP MSR920-W Router (NA)\n  + **MSR 93X (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JG511A HP MSR930 Router\n      - JG511B HP MSR930 Router\n      - JG512A HP MSR930 Wireless Router\n      - JG513A HP MSR930 3G Router\n      - JG513B HP MSR930 3G Router\n      - JG514A HP MSR931 Router\n      - JG514B HP MSR931 Router\n      - JG515A HP MSR931 3G Router\n      - JG516A HP MSR933 Router\n      - JG517A HP MSR933 3G Router\n      - JG518A HP MSR935 Router\n      - JG518B HP MSR935 Router\n      - JG519A HP MSR935 Wireless Router\n      - JG520A HP MSR935 3G Router\n      - JG531A HP MSR931 Dual 3G Router\n      - JG531B HP MSR931 Dual 3G Router\n      - JG596A HP MSR930 4G LTE/3G CDMA Router\n      - JG597A HP MSR936 Wireless Router\n      - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n      - JG704A HP MSR930 4G LTE/3G WCDMA  ATT Router\n      - JH009A HP MSR931 Serial (TI) Router\n      - JH010A HP MSR933 G.SHDSL (TI) Router\n      - JH011A HP MSR935 ADSL2+ (TI) Router\n      - JH012A HP MSR930 Wireless 802.11n (NA) Router\n      - JH012B HP MSR930 Wireless 802.11n (NA) Router\n      - JH013A HP MSR935 Wireless 802.11n (NA) Router\n  + **MSR1000 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JG732A HP MSR1003-8 AC Router\n  + **12500 (Comware 5) - Version: R1829P01**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JC808A HP 12500 TAA Main Processing Unit\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n  + **9500E (Comware 5) - Version: R1829P01**\n    * HP Network Products\n      - JC124A HP A9508 Switch Chassis\n      - JC124B HP 9505 Switch Chassis\n      - JC125A HP A9512 Switch Chassis\n      - JC125B HP 9512 Switch Chassis\n      - JC474A HP A9508-V Switch Chassis\n      - JC474B HP 9508-V Switch Chassis\n  + **10500 (Comware 5) - Version: R1210P01**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC614A HP 10500 Main Processing Unit\n      - JC748A HP 10512 Switch Chassis\n      - JG375A HP 10500 TAA-compliant Main Processing Unit\n      - JG820A HP 10504 TAA-compliant Switch Chassis\n      - JG821A HP 10508 TAA-compliant Switch Chassis\n      - JG822A HP 10508-V TAA-compliant Switch Chassis\n      - JG823A HP 10512 TAA-compliant Switch Chassis\n  + **7500 (Comware 5) - Version: R6710P01**\n    * HP Network Products\n      - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n      - JC697A HP 7502 TAA-compliant Main Processing Unit\n      - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n      - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n      - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n      - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n      - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD194A HP 7500 384Gbps Fabric Module\n      - JD194B HP 7500 384Gbps Fabric Module\n      - JD195A HP 7500 384Gbps Advanced Fabric Module\n      - JD196A HP 7502 Fabric Module\n      - JD220A HP 7500 768Gbps Fabric Module\n      - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n      - JD238A HP 7510 Switch Chassis\n      - JD238B HP 7510 Switch Chassis\n      - JD239A HP 7506 Switch Chassis\n      - JD239B HP 7506 Switch Chassis\n      - JD240A HP 7503 Switch Chassis\n      - JD240B HP 7503 Switch Chassis\n      - JD241A HP 7506-V Switch Chassis\n      - JD241B HP 7506-V Switch Chassis\n      - JD242A HP 7502 Switch Chassis\n      - JD242B HP 7502 Switch Chassis\n      - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JE164A HP E7902 Switch Chassis\n      - JE165A HP E7903 Switch Chassis\n      - JE166A HP E7903 1 Fabric Slot Switch Chassis\n      - JE167A HP E7906 Switch Chassis\n      - JE168A HP E7906 Vertical Switch Chassis\n      - JE169A HP E7910 Switch Chassis\n  + **5830 (Comware 5) - Version: R1118P13**\n    * HP Network Products\n      - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n      - JC694A HP 5830AF-96G Switch\n      - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n      - JG374A HP 5830AF-96G TAA-compliant Switch\n  + **5800 (Comware 5) - Version: R1809P11**\n    * HP Network Products\n      - JC099A HP 5800-24G-PoE Switch\n      - JC099B HP 5800-24G-PoE+ Switch\n      - JC100A HP 5800-24G Switch\n      - JC100B HP 5800-24G Switch\n      - JC101A HP 5800-48G Switch with 2 Slots\n      - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n      - JC103A HP 5800-24G-SFP Switch\n      - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n      - JC104A HP 5800-48G-PoE Switch\n      - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n      - JC105A HP 5800-48G Switch\n      - JC105B HP 5800-48G Switch with 1 Interface Slot\n      - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG255A HP 5800-24G TAA-compliant Switch\n      - JG255B HP 5800-24G TAA-compliant Switch\n      - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG225A HP 5800AF-48G Switch\n      - JG225B HP 5800AF-48G Switch\n      - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n      - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n      - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n      - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n      - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n      - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n      - JG219A HP 5820AF-24XG Switch\n      - JG219B HP 5820AF-24XG Switch\n      - JC102A HP 5820-24XG-SFP+ Switch\n      - JC102B HP 5820-24XG-SFP+ Switch\n  + **5500 HI (Comware 5) - Version: R5501P17**\n    * HP Network Products\n      - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n      - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n      - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n      - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n  + **5500 EI (Comware 5) - Version: R2221P19**\n    * HP Network Products\n      - JD373A HP 5500-24G DC EI Switch\n      - JD374A HP 5500-24G-SFP EI Switch\n      - JD375A HP 5500-48G EI Switch\n      - JD376A HP 5500-48G-PoE EI Switch\n      - JD377A HP 5500-24G EI Switch\n      - JD378A HP 5500-24G-PoE EI Switch\n      - JD379A HP 5500-24G-SFP DC EI Switch\n      - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n      - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n      - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n  + **4800G (Comware 5) - Version: R2221P19**\n    * HP Network Products\n      - JD007A HP 4800-24G Switch\n      - JD008A HP 4800-24G-PoE Switch\n      - JD009A HP 4800-24G-SFP Switch\n      - JD010A HP 4800-48G Switch\n      - JD011A HP 4800-48G-PoE Switch\n  + **5500SI (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JD369A HP 5500-24G SI Switch\n      - JD370A HP 5500-48G SI Switch\n      - JD371A HP 5500-24G-PoE SI Switch\n      - JD372A HP 5500-48G-PoE SI Switch\n      - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n      - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n  + **4500G (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JF428A HP 4510-48G Switch\n      - JF847A HP 4510-24G Switch\n  + **5120 EI (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JE066A HP 5120-24G EI Switch\n      - JE067A HP 5120-48G EI Switch\n      - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n      - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n      - JE070A HP 5120-24G-PoE EI 2-slot Switch\n      - JE071A HP 5120-48G-PoE EI 2-slot Switch\n      - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n      - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n  + **4210G (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JF844A HP 4210-24G Switch\n      - JF845A HP 4210-48G Switch\n      - JF846A HP 4210-24G-PoE Switch\n  + **5120 SI (Comware 5) - Version: R1516**\n    * HP Network Products\n      - JE072A HP 5120-48G SI Switch\n      - JE072B HPE 5120 48G SI Switch\n      - JE073A HP 5120-16G SI Switch\n      - JE073B HPE 5120 16G SI Switch\n      - JE074A HP 5120-24G SI Switch\n      - JE074B HPE 5120 24G SI Switch\n      - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n      - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n      - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n      - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n      - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n  + **3610 (Comware 5) - Version: R5319P14**\n    * HP Network Products\n      - JD335A HP 3610-48 Switch\n      - JD336A HP 3610-24-4G-SFP Switch\n      - JD337A HP 3610-24-2G-2G-SFP Switch\n      - JD338A HP 3610-24-SFP Switch\n  + **3600V2 (Comware 5) - Version: R2110P06**\n    * HP Network Products\n      - JG299A HP 3600-24 v2 EI Switch\n      - JG299B HP 3600-24 v2 EI Switch\n      - JG300A HP 3600-48 v2 EI Switch\n      - JG300B HP 3600-48 v2 EI Switch\n      - JG301A HP 3600-24-PoE+ v2 EI Switch\n      - JG301B HP 3600-24-PoE+ v2 EI Switch\n      - JG301C HP 3600-24-PoE+ v2 EI Switch\n      - JG302A HP 3600-48-PoE+ v2 EI Switch\n      - JG302B HP 3600-48-PoE+ v2 EI Switch\n      - JG302C HP 3600-48-PoE+ v2 EI Switch\n      - JG303A HP 3600-24-SFP v2 EI Switch\n      - JG303B HP 3600-24-SFP v2 EI Switch\n      - JG304A HP 3600-24 v2 SI Switch\n      - JG304B HP 3600-24 v2 SI Switch\n      - JG305A HP 3600-48 v2 SI Switch\n      - JG305B HP 3600-48 v2 SI Switch\n      - JG306A HP 3600-24-PoE+ v2 SI Switch\n      - JG306B HP 3600-24-PoE+ v2 SI Switch\n      - JG306C HP 3600-24-PoE+ v2 SI Switch\n      - JG307A HP 3600-48-PoE+ v2 SI Switch\n      - JG307B HP 3600-48-PoE+ v2 SI Switch\n      - JG307C HP 3600-48-PoE+ v2 SI Switch\n  + **3100V2-48 (Comware 5) - Version: R2110P06**\n    * HP Network Products\n      - JG315A HP 3100-48 v2 Switch\n      - JG315B HP 3100-48 v2 Switch\n  + **HP870 (Comware 5) - Version: R2607P46**\n    * HP Network Products\n      - JG723A HP 870 Unified Wired-WLAN Appliance\n      - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP850 (Comware 5) - Version: R2607P46**\n    * HP Network Products\n      - JG722A HP 850 Unified Wired-WLAN Appliance\n      - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP830 (Comware 5) - Version: R3507P46**\n    * HP Network Products\n      - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n      - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n      - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n      - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n  + **HP6000 (Comware 5) - Version: R2507P46**\n    * HP Network Products\n      - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n      - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n  + **WX5004-EI (Comware 5) - Version: R2507P46**\n    * HP Network Products\n      - JD447B HP WX5002 Access Controller\n      - JD448A HP WX5004 Access Controller\n      - JD448B HP WX5004 Access Controller\n      - JD469A HP WX5004 Access Controller\n  + **SecBlade FW (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JC635A HP 12500 VPN Firewall Module\n      - JD245A HP 9500 VPN Firewall Module\n      - JD249A HP 10500/7500 Advanced VPN Firewall Module\n      - JD250A HP 6600 Firewall Processing Router Module\n      - JD251A HP 8800 Firewall Processing Module\n      - JD255A HP 5820 VPN Firewall Module\n  + **F1000-E (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JD272A HP F1000-E VPN Firewall Appliance\n  + **F1000-A-EI (Comware 5) - Version: R3734P08**\n    * HP Network Products\n      - JG214A HP F1000-A-EI VPN Firewall Appliance\n  + **F1000-S-EI (Comware 5) - Version: R3734P08**\n    * HP Network Products\n      - JG213A HP F1000-S-EI VPN Firewall Appliance\n  + **F5000-A (Comware 5) - Version: F3210P26**\n    * HP Network Products\n      - JD259A HP A5000-A5 VPN Firewall Chassis\n      - JG215A HP F5000 Firewall Main Processing Unit\n      - JG216A HP F5000 Firewall Standalone Chassis\n  + **U200S and CS (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD273A HP U200-S UTM Appliance\n  + **U200A and M (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD275A HP U200-A UTM Appliance\n  + **F5000-C/S (Comware 5) - Version: R3811P05**\n    * HP Network Products\n      - JG650A HP F5000-C VPN Firewall Appliance\n      - JG370A HP F5000-S VPN Firewall Appliance\n  + **SecBlade III (Comware 5) - Version: R3820P06**\n    * HP Network Products\n      - JG371A HP 12500 20Gbps VPN Firewall Module\n      - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n  + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n  + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC165A) HP 6600 RPE-X1 Router Module\n      - JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC176A) HP 6602 Router Chassis\n  + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **SMB1910 (Comware 5) - Version: R1111**\n    * HP Network Products\n      - JG540A HP 1910-48 Switch\n      - JG539A HP 1910-24-PoE+ Switch\n      - JG538A HP 1910-24 Switch\n      - JG537A HP 1910-8 -PoE+ Switch\n      - JG536A HP 1910-8 Switch\n  + **SMB1920 (Comware 5) - Version: R1109**\n    * HP Network Products\n      - JG928A HP 1920-48G-PoE+ (370W) Switch\n      - JG927A HP 1920-48G Switch\n      - JG926A HP 1920-24G-PoE+ (370W) Switch\n      - JG925A HP 1920-24G-PoE+ (180W) Switch\n      - JG924A HP 1920-24G Switch\n      - JG923A HP 1920-16G Switch\n      - JG922A HP 1920-8G-PoE+ (180W) Switch\n      - JG921A HP 1920-8G-PoE+ (65W) Switch\n      - JG920A HP 1920-8G Switch\n  + **V1910 (Comware 5) - Version: R1516**\n    * HP Network Products\n      - JE005A HP 1910-16G Switch\n      - JE006A HP 1910-24G Switch\n      - JE007A HP 1910-24G-PoE (365W) Switch\n      - JE008A HP 1910-24G-PoE(170W) Switch\n      - JE009A HP 1910-48G Switch\n      - JG348A HP 1910-8G Switch\n      - JG349A HP 1910-8G-PoE+ (65W) Switch\n      - JG350A HP 1910-8G-PoE+ (180W) Switch\n  + **SMB 1620 (Comware 5) - Version: R1108**\n    * HP Network Products\n      - JG914A HP 1620-48G Switch\n      - JG913A HP 1620-24G Switch\n      - JG912A HP 1620-8G Switch\n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7376**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7170**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1138P01**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0321P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2138P01**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3109P16**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **5700 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P05**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P05**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3109P16**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7170**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n\n**iMC Products**\n\n  + **iMC Plat - Version: iMC Plat 7.1 E0303P16**\n    * HP Network Products\n      - JD125A  HP IMC Std S/W Platform w/100-node\n      - JD126A  HP IMC Ent S/W Platform w/100-node\n      - JD808A  HP IMC Ent Platform w/100-node License\n      - JD814A   HP A-IMC Enterprise Edition Software DVD Media\n      - JD815A  HP IMC Std Platform w/100-node License\n      - JD816A  HP A-IMC Standard Edition Software DVD Media\n      - JF288AAE  HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n      - JF289AAE  HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n      - JF377A  HP IMC Std S/W Platform w/100-node Lic\n      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU\n      - JF378A  HP IMC Ent S/W Platform w/200-node Lic\n      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU\n      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU\n      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU\n      - JG550AAE  HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\n      - JG590AAE  HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\n      - JG659AAE  HP IMC Smart Connect VAE E-LTU\n      - JG660AAE  HP IMC Smart Connect w/WLM VAE E-LTU\n      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU\n      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n      - JG766AAE  HP IMC SmCnct Vrtl Applnc SW E-LTU\n      - JG767AAE  HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\n      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n  + **iMC iNode - Version: iNode PC 7.1 E0313, or, iNode PC 7.2 (E0401)**\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n  + **iMC TAM_UAM - Version: iMC UAM_TAM 7.1 (E0307)**\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n  + **iMC NSM - Version: iMC WSM 7.1 E0303P10**\n    * HP Network Products\n      - JD456A HP IMC WSM Software Module with 50-Access Point License\n      - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n      - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n      - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n      - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n      - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n  + **VCX - Version: 9.8.18**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n\nHISTORY\nVersion:1 (rev.1) - 5 July 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1n-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n383ecfed6bfef1440a44d7082745848a  openssl-0.9.8zg-i486-1_slack13.0.txz\nfb186187ffa200e22d9450a9d0e321f6  openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\neb52318ed52fef726402f0b2a74745c5  openssl-0.9.8zg-x86_64-1_slack13.0.txz\n9447927b960a01b21149e28a9783021f  openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n37f46f6b4fe2acbe217eaf7c0b33b704  openssl-0.9.8zg-i486-1_slack13.1.txz\n986de2e71676f61d788a59a1e0c8de1f  openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n6b160ce817dcde3ae5b3a861b284387b  openssl-0.9.8zg-x86_64-1_slack13.1.txz\n503d891680c711162386ea7e3daadca8  openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n5e7501b1d73d01d3d87704c3cfd3a888  openssl-0.9.8zg-i486-1_slack13.37.txz\n874f0b59870dd3f259640c9930a02f99  openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nb6d91614458040d461dff3c3eab45206  openssl-0.9.8zg-x86_64-1_slack13.37.txz\nbe106df5e59c2be7fa442df8ba85ad0b  openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nee7c3937e6a6d7ac7537f751af7da7b9  openssl-1.0.1n-i486-1_slack14.0.txz\n758662437d33f99ec0a686cedeb1919e  openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2dfdc4729e93cf460018e9e30a6223dc  openssl-1.0.1n-x86_64-1_slack14.0.txz\n9cb4b34e97e60f6bfe4c843aabeae954  openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n5a9bf08d55615cfc097109c2e3786f7b  openssl-1.0.1n-i486-1_slack14.1.txz\nfb1c05468e5c38d51a8ff6ac435e3a20  openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1ef5cede3f954c3e4741012ffa76b750  openssl-1.0.1n-x86_64-1_slack14.1.txz\nea22c288c60ae1d7ea8c5b3a1608462b  openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n56db8712d653c060f910e8915a8f8656  a/openssl-solibs-1.0.1n-i586-1.txz\n6d6264c9943e27240db5c8f5ec342e27  n/openssl-1.0.1n-i586-1.txz\n\nSlackware x86_64 -current packages:\ne73f7aff5aa0ad14bc06428544f99ae2  a/openssl-solibs-1.0.1n-x86_64-1.txz\n91b550b9eb0ac0c580e158375a93c0e4  n/openssl-1.0.1n-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. OpenSSL Security Advisory [11 Jun 2015]\n=======================================\n\nDHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA vulnerability in the TLS protocol allows a man-in-the-middle\nattacker to downgrade vulnerable TLS connections using ephemeral\nDiffie-Hellman key exchange to 512-bit export-grade cryptography. This\nvulnerability is known as Logjam (CVE-2015-4000). \n\nOpenSSL has added protection for TLS clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. This limit will be increased\nto 1024 bits in a future release. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\n\nFixes for this issue were developed by Emilia K\u00e4sper and Kurt Roeckx\nof the OpenSSL development team. \n\nMalformed ECParameters causes infinite loop (CVE-2015-1788)\n===========================================================\n\nSeverity: Moderate\n\nWhen processing an ECParameters structure OpenSSL enters an infinite loop if\nthe curve specified is over a specially malformed binary polynomial field. \n\nThis can be used to perform denial of service against any\nsystem which processes public keys, certificate requests or\ncertificates.  This includes TLS clients and TLS servers with\nclient authentication enabled. \n\nThis issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent\n1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s\nOpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The\nfix was developed by Andy Polyakov of the OpenSSL development team. \n\nExploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n===============================================================\n\nSeverity: Moderate\n\nX509_cmp_time does not properly check the length of the ASN1_TIME\nstring and can read a few bytes out of bounds. In addition,\nX509_cmp_time accepts an arbitrary number of fractional seconds in the\ntime string. \n\nAn attacker can use this to craft malformed certificates and CRLs of\nvarious sizes and potentially cause a segmentation fault, resulting in\na DoS on applications that verify certificates or CRLs. TLS clients\nthat verify CRLs are affected. TLS clients and servers with client\nauthentication enabled may be affected if they use custom verification\ncallbacks. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki\n(Google), and independently on 11th April 2015 by Hanno B\u00f6ck. The fix\nwas developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n=========================================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\nwith missing content and trigger a NULL pointer dereference on parsing. \n\nApplications that decrypt PKCS#7 data or otherwise parse PKCS#7\nstructures from untrusted sources are affected. OpenSSL clients and\nservers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 18th April 2015 by  Michal\nZalewski (Google). The fix was developed by Emilia K\u00e4sper of the\nOpenSSL development team. \n\nCMS verify infinite loop with unknown hash function (CVE-2015-1792)\n===================================================================\n\nSeverity: Moderate\n\nWhen verifying a signedData message the CMS code can enter an infinite loop\nif presented with an unknown hash function OID. \n\nThis can be used to perform denial of service against any system which\nverifies signedData messages using the CMS code. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The\nfix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was discovered by Emilia K\u00e4sper of the OpenSSL development team. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nInvalid free in DTLS (CVE-2014-8176)\n====================================\n\nSeverity: Moderate\n\nThis vulnerability does not affect current versions of OpenSSL. It\nexisted in previous OpenSSL versions and was fixed in June 2014. \n\nIf a DTLS peer receives application data between the ChangeCipherSpec\nand Finished messages, buffering of such data may cause an invalid\nfree, resulting in a segmentation fault or potentially, memory\ncorruption. \n\nThis issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThis issue was originally reported on March 28th 2014 in\nhttps://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen\nKariyanahalli, and subsequently by Ivan Fratric and Felix Groebert\n(Google). A fix was developed by zhu qun-ying. \n\nThe fix for this issue can be identified by commits bcc31166 (1.0.1),\nb79e6e3a (1.0.0) and 4b258e73 (0.9.8). \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150611.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1791"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "db": "BID",
        "id": "75161"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1791"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1791",
        "trust": 3.7
      },
      {
        "db": "BID",
        "id": "75161",
        "trust": 2.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10694",
        "trust": 2.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10733",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1032479",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10122",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU91445763",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1791",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137294",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132973",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132398",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137772",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132285",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136989",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137201",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169629",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1791"
      },
      {
        "db": "BID",
        "id": "75161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "id": "VAR-201506-0496",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2242063475
  },
  "last_update_date": "2024-07-23T19:41:24.247000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "title": "Fix race condition in NewSessionTicket",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc"
      },
      {
        "title": "HPSBUX03388",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2"
      },
      {
        "title": "HPSBMU03546",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05045763"
      },
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/522154/index.html"
      },
      {
        "title": "NV15-010",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-010.html"
      },
      {
        "title": "OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "title": "Tarballs",
        "trust": 0.8,
        "url": "https://www.openssl.org/source/"
      },
      {
        "title": "[11 Jun 2015] DHE man-in-the-middle protection (Logjam)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "October 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
      },
      {
        "title": "JSA10694",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "title": "TLSA-2015-14",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-14j.html"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1129/1129443_cisco-sa-20150612-openssl-j.html"
      },
      {
        "title": "openssl-1.0.0s",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56611"
      },
      {
        "title": "openssl-0.9.8zg",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56610"
      },
      {
        "title": "openssl-1.0.2b",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56613"
      },
      {
        "title": "openssl-1.0.1n",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56612"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/07/06/hpe_rushes_out_patch_for_more_than_a_year_of_openssl_vulns/"
      },
      {
        "title": "Red Hat: CVE-2015-1791",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1791"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2639-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-550",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-550"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150612-openssl"
      },
      {
        "title": "Symantec Security Advisories: SA98 : OpenSSL Security Advisory 11-June-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a7350b0751124b5a44ba8dbd2df71f9f"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/no-25-miner/vulseeker-master "
      },
      {
        "title": "FirmKit",
        "trust": 0.1,
        "url": "https://github.com/syssec-kaist/firmkit "
      },
      {
        "title": "BinSeeker",
        "trust": 0.1,
        "url": "https://github.com/buptssegj/binseeker "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1791"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "trust": 2.0,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1115.html"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "trust": 2.0,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201506-02"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131044"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/75161"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733"
      },
      {
        "trust": 1.7,
        "url": "https://openssl.org/news/secadv/20150611.txt"
      },
      {
        "trust": 1.7,
        "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa98"
      },
      {
        "trust": 1.7,
        "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05353965"
      },
      {
        "trust": 1.7,
        "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160647.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160436.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.ubuntu.com/usn/usn-2639-1"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032479"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2015/dsa-3287"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1791"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.5,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.5,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022444"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962775"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965845"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/13"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05353965"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/135"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05157667"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022527"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005313"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005376"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962520"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963232"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963954"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966723"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022655"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022724"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101012435"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-014/"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/5438/security-advisory-alienvault-v5-0-4-addresses-31-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962726"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962039"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020862"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022647"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961800"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961633"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960633"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963096"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960713"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964033"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964441"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960157"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962493"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?rs=0\u0026uid=swg21963438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959518"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961569"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964113"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005314"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005373"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005434"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960045"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966484"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966847"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966873"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968871"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970020"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970103"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971238"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966381"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1793"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/362.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/no-25-miner/vulseeker-master"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/syssec-kaist/firmkit"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2639-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/swd/public"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5161"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0800"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?doci"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/swpublishing/mtx-b59b11be53744759a650eadeb4"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/sim"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightcontrol"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightmanagement"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2019"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2018"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2021"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://rt.openssl.org/ticket/display.html?id=3286"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1791"
      },
      {
        "db": "BID",
        "id": "75161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1791"
      },
      {
        "db": "BID",
        "id": "75161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1791"
      },
      {
        "date": "2015-06-11T00:00:00",
        "db": "BID",
        "id": "75161"
      },
      {
        "date": "2015-06-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "date": "2016-06-02T16:22:00",
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "date": "2015-08-06T10:10:00",
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "date": "2015-06-22T14:14:00",
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "date": "2016-07-05T18:18:00",
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "date": "2015-06-12T13:17:58",
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "date": "2016-05-13T16:14:13",
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "date": "2016-06-02T19:12:12",
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "date": "2016-05-26T09:22:00",
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "date": "2015-06-11T12:12:12",
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "date": "2015-06-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      },
      {
        "date": "2015-06-12T19:59:04.397000",
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1791"
      },
      {
        "date": "2017-05-23T16:28:00",
        "db": "BID",
        "id": "75161"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      },
      {
        "date": "2022-12-13T12:15:15.400000",
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  ssl/s3_clnt.c of  ssl3_get_new_session_ticket Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "competition condition problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      }
    ],
    "trust": 0.6
  }
}

var-201705-3649
Vulnerability from variot

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. OpenSSL There is a service disruption ( crash ) There are vulnerabilities that are put into a state.Service operation interruption ( crash ) There is a possibility of being put into a state.

Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2k-i586-1_slack14.2.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2k-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2k-i586-1_slack14.2.txz

Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2k-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2k-x86_64-1_slack14.2.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2k-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2k-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2k-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2k-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.2 packages: 1d03d7f59dece41b97104cbe8341b812 openssl-1.0.2k-i586-1_slack14.2.txz c5e689d9ac1c1675c5059b8e7cd42594 openssl-solibs-1.0.2k-i586-1_slack14.2.txz

Slackware x86_64 14.2 packages: 5e075d516ab7ccc1ef14f430e599bdef openssl-1.0.2k-x86_64-1_slack14.2.txz 110479b47a4208bcdb43fee59b9f06ca openssl-solibs-1.0.2k-x86_64-1_slack14.2.txz

Slackware -current packages: 8eca7a113cf58688dc6203c4091fd0ac a/openssl-solibs-1.0.2k-i586-1.txz 1ee03441f6409e48dda42c006ae5a7ad n/openssl-1.0.2k-i586-1.txz

Slackware x86_64 -current packages: 51ed87062d6898bd50705b2c2abc2c68 a/openssl-solibs-1.0.2k-x86_64-1.txz d9e56ff59fd7aa5791bf6809ccea0f92 n/openssl-1.0.2k-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.2k-i586-1_slack14.2.txz openssl-solibs-1.0.2k-i586-1_slack14.2.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158061

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03158061 Version: 1

MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2018-05-09 Last Updated: 2018-05-09

Potential Security Impact: Remote: Disclosure of Information

Source: Micro Focus, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Service Manager. These vulnerabilities have been identified in the OpenSSL open source library component and may be exploited to cause disruption of service and unauthorized disclosure of information.

References:

  • CVE-2017-3731
  • CVE-2017-3732

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • HP Service Manager Software - v9.30, v9.31, v9.32, v9.33, v9.34, v9.35, v9.40, v9.41, v9.50, v9.51

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

RESOLUTION

MicroFocus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:

For versions 9.30, 9.31, 9.32, 9.33, 9.34.9.35 please upgrade to SM 9.35.P6:

SM9.35 P6 packages, SM 9.35 AIX Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00916

SM 9.35 HP Itanium Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00917

SM 9.35 HP Itanium Server for Oracle 12c 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00918

SM 9.35 Linux Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00919

SM 9.35 Solaris Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00920

SM 9.35 Windows Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00921

For version 9.40, 9.41 please upgrade to SM 9.41.P6:

SM9.41.P6 packages, Service Manager 9.41.6000 p6 - Server for AIX http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00891

Service Manager 9.41.6000 p6 - Server for HP-UX/IA http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00892

Service Manager 9.41.6000 p6 - Server for Linux http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00893

Service Manager 9.41.6000 p6 - Server for Solaris http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00894

Service Manager 9.41.6000 p6 - Server for Windows http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00895

For version 9.50, 9.51 Server and KM components please upgrade to SM 9.52.P2:

SM9.52.P2 packages, Service Manager 9.52.2021 p2 - Server for Windows http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00906

Service Manager 9.52.2021 p2 - Server for Linux http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00907

HISTORY Version:1 (rev.1) - 9 May 2018 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Micro Focus products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. For other issues about the content of this Security Bulletin, send e-mail to cyber-psrt@microfocus.com.

Report: To report a potential security vulnerability for any supported product: Web form: https://www.microfocus.com/support-and-services/report-security Email: security@microfocus.com

Subscribe: To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification Once you are logged in to the portal, please choose security bulletins under product and document types. Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://softwaresupport.hpe.com/security-vulnerability

Software Product Category: The Software Product Category is represented in the title by the two characters following Micro Focus Security Bulletin.

3P = 3rd Party Software GN = Micro Focus General Software MU = Multi-Platform Software

System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Copyright 2017 EntIT Software LLC

Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Micro Focus and the names of Micro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Gentoo Linux Security Advisory GLSA 201702-07

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: February 14, 2017 Bugs: #607318 ID: 201702-07

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which might allow attackers to access sensitive information.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2k >= 1.0.2k

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker is able to crash applications linked against OpenSSL or could obtain sensitive private-key information via an attack against the Diffie-Hellman (DH) ciphersuite.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2k"

References

[ 1 ] CVE-2016-7055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7055 [ 2 ] CVE-2017-3730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3730 [ 3 ] CVE-2017-3731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3731 [ 4 ] CVE-2017-3732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3732

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201702-07

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

--6TxcaqolfH5V8d0tqHGgGlj1v2tmUA9I9--

. Description:

This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.

This release upgrades OpenSSL to version 1.0.2.n

Security Fix(es):

  • openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)

  • openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)

  • openssl: certificate message OOB reads (CVE-2016-6306)

  • openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)

  • openssl: Truncated packet could crash via OOB read (CVE-2017-3731)

  • openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)

  • openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)

  • openssl: Read/write after SSL object in error state (CVE-2017-3737)

  • openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 and CVE-2016-7055. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1393929 - CVE-2016-7055 openssl: Carry propagating bug in Montgomery multiplication 1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1523504 - CVE-2017-3737 openssl: Read/write after SSL object in error state 1523510 - CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64

  1. JIRA issues fixed (https://issues.jboss.org/):

JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-17:02.openssl Security Advisory The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib Module: openssl Announced: 2017-02-23 Affects: All supported versions of FreeBSD. Corrected: 2017-01-26 19:14:14 UTC (stable/11, 11.0-STABLE) 2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8) 2017-01-27 07:45:06 UTC (stable/10, 10.3-STABLE) 2017-02-23 07:12:18 UTC (releng/10.3, 10.3-RELEASE-p16) CVE Name: CVE-2016-7055, CVE-2017-3731, CVE-2017-3732

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. Problem Description

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. [CVE-2017-3732]

Montgomery multiplication may produce incorrect results. [CVE-2016-7055]

III. Impact

A remote attacker may trigger a crash on servers or clients that supported RC4-MD5. [CVE-2017-3732, CVE-2016-7055]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

Restart all daemons that use the library, or reboot the system.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

Restart all daemons that use the library, or reboot the system.

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 11.0]

fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-11.patch

fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-11.patch.asc

gpg --verify openssl-11.patch.asc

[FreeBSD 10.3]

fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-10.patch

fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-10.patch.asc

gpg --verify openssl-10.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all daemons that use the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/10/ r312863 releng/10.3/ r314125 stable/11/ r312826 releng/11.0/ r314126

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.18 (FreeBSD)

iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujOsACgkQ7Wfs1l3P aufZHhAAy8U5oOrLGq0XH8Dumpkyc+bFOmsEh+S1hL6jFL13jUVpDqogZ3w/a7If Hcqiyipx5dbcGbHJayokfimkxPcIYydYQK9NwWaXVlnZifvgWka+KxtcD0u2A8S5 cpTbNl+CALQQqEF3+JmOc4Uq2Dtui0xFG1N5Og4oF5Uo+lvQh4bcJ1UbfhMdq8EG US3hGlJLJJW75m3jkgHyu0o7A0swnNTUQrW9Z0p/3iTiel7fM57d/N1who+kt59V UErXTzMDBT1kkWRne0aTA71gdy3SUeRiVi9/LWggjIRJNyMnQjO3UI2UOIHLLQAG CXcZLPekB87iHZxMAw8oV6b4GIkJhqUFW2ep2AZkUdDZ2Mup9bDrx/0Ik0jHjyQY KEmZDroHvP8z569q+aWfIIpMXPv6zJTnent45U2/q13wMHJwWsADu9ukeWKTw7wI P0Rc3vht+AXbXFi9SjxwdldgrVszV7x8Yi6W9KhHsGqCl6NBCW9Md/PWbNQQUVkq I5tV0WB3pTwOk0yMi3h/okM9VBr1lPDU18W0he5T9wbOh4w0jwFb8AqMu1slst3l 9MlhRfO/4LIDlfRQ/dj4dOfVLZqEd/xleax99yFXZUzibUYrOMlBxNaKvV80plwB Kg2Hr3DJuJa3599kNgXMCNV1lRIOJbJ9dRmX6B0YzMgvxKPIXY4= =8Jsr -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: java-1.8.0-ibm security update Advisory ID: RHSA-2018:2575-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2018:2575 Issue date: 2018-08-28 CVE Names: CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-12539 ==================================================================== 1. Summary:

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

  1. Description:

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR5-FP20.

Security Fix(es):

  • IBM JDK: privilege escalation via insufficiently restricted access to Attach API (CVE-2018-12539)

  • openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)

  • openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)

  • IBM JDK: DoS in the java.math component (CVE-2018-1517)

  • IBM JDK: path traversal flaw in the Diagnostic Tooling Framework (CVE-2018-1656)

  • Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940)

  • OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952)

  • Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973)

  • OpenSSL: Double-free in DSA code (CVE-2016-0705)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take effect. Bugs fixed (https://bugzilla.redhat.com/):

1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) 1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) 1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) 1618767 - CVE-2018-12539 IBM JDK: privilege escalation via insufficiently restricted access to Attach API 1618869 - CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework 1618871 - CVE-2018-1517 IBM JDK: DoS in the java.math component

  1. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm

x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm

ppc64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.ppc64.rpm

s390x: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.s390x.rpm

x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm

x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-0705 https://access.redhat.com/security/cve/CVE-2017-3732 https://access.redhat.com/security/cve/CVE-2017-3736 https://access.redhat.com/security/cve/CVE-2018-1517 https://access.redhat.com/security/cve/CVE-2018-1656 https://access.redhat.com/security/cve/CVE-2018-2940 https://access.redhat.com/security/cve/CVE-2018-2952 https://access.redhat.com/security/cve/CVE-2018-2973 https://access.redhat.com/security/cve/CVE-2018-12539 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.

This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

OpenSSL 1.1.0 users should upgrade to 1.1.0g OpenSSL 1.0.2 users should upgrade to 1.0.2m

This issue was reported to OpenSSL on 10th August 2017 by the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team.

Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)

Severity: Low

This issue was previously announced in security advisory https://www.openssl.org/news/secadv/20170828.txt, but the fix has not previously been included in a release due to its low severity.

OpenSSL 1.1.0 users should upgrade to 1.1.0g OpenSSL 1.0.2 users should upgrade to 1.0.2m

Note

Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20171102.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3649",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0a"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.9.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "7.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2i"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.1.2"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.12.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0c"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.0.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "7.5.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.7.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0b"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.0.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.2.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.9.5"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.8.1"
      },
      {
        "model": "jp1/automatic job management system 3",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- manager web console"
      },
      {
        "model": "jp1/integrated management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- service support starter edition"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0d"
      },
      {
        "model": "jp1/it desktop management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "2 - operations director"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "(64)"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "systemdirector enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions"
      },
      {
        "model": "job management partner 1/integrated management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- service support"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation"
      },
      {
        "model": "job management partner 1/it desktop management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "2 - smart device manager"
      },
      {
        "model": "jp1/performance management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- web console"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg all versions"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2k"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "(64)"
      },
      {
        "model": "jp1/performance management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- manager"
      },
      {
        "model": "jp1/it desktop management - manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/automatic operation",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "job management partner 1/performance management - web console",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "job management partner 1/it desktop management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "2 - manager"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "jp1/it desktop management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "2 - smart device manager"
      },
      {
        "model": "jp1/integrated management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- service support"
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base(64)"
      },
      {
        "model": "job management partner 1/integrated management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- service support advanced edition"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "it operations director",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/service support",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "jp1/operations analytics",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/service support",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "starter edition"
      },
      {
        "model": "cosminexus http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "-r"
      },
      {
        "model": "jp1/it desktop management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "2 - manager"
      },
      {
        "model": "job management partner 1/it desktop management - manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express"
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions  (linux edition )"
      },
      {
        "model": "jp1/performance management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- manager web console"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "webotx portal",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise"
      },
      {
        "model": "jp1/integrated management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- service support advanced edition"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.8.1",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.12.0",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.5.0",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.9.5",
                "versionStartIncluding": "6.9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.7.3",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vulnerability is caused by OpenSSL Official website disclosure.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2017-3732",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-3732",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-3732",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-3732",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-216",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-3732",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. OpenSSL There is a service disruption ( crash ) There are vulnerabilities that are put into a state.Service operation interruption ( crash ) There is a possibility of being put into a state. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.2k-i586-1_slack14.2.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2k-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2k-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2k-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2k-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2k-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2k-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2k-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2k-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.2 packages:\n1d03d7f59dece41b97104cbe8341b812  openssl-1.0.2k-i586-1_slack14.2.txz\nc5e689d9ac1c1675c5059b8e7cd42594  openssl-solibs-1.0.2k-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n5e075d516ab7ccc1ef14f430e599bdef  openssl-1.0.2k-x86_64-1_slack14.2.txz\n110479b47a4208bcdb43fee59b9f06ca  openssl-solibs-1.0.2k-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n8eca7a113cf58688dc6203c4091fd0ac  a/openssl-solibs-1.0.2k-i586-1.txz\n1ee03441f6409e48dda42c006ae5a7ad  n/openssl-1.0.2k-i586-1.txz\n\nSlackware x86_64 -current packages:\n51ed87062d6898bd50705b2c2abc2c68  a/openssl-solibs-1.0.2k-x86_64-1.txz\nd9e56ff59fd7aa5791bf6809ccea0f92  n/openssl-1.0.2k-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.2k-i586-1_slack14.2.txz openssl-solibs-1.0.2k-i586-1_slack14.2.txz \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158061\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: KM03158061\nVersion: 1\n\nMFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2018-05-09\nLast Updated: 2018-05-09\n\nPotential Security Impact: Remote: Disclosure of Information\n\nSource: Micro Focus, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Service Manager. \nThese vulnerabilities have been identified in the OpenSSL open source library\ncomponent and may be exploited to cause disruption of service and\nunauthorized disclosure of information. \n\nReferences:\n\n  - CVE-2017-3731\n  - CVE-2017-3732\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - HP Service Manager Software - v9.30, v9.31, v9.32, v9.33, v9.34, v9.35,\nv9.40, v9.41, v9.50, v9.51\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n\nRESOLUTION\n\nMicroFocus has made the following mitigation information available to resolve\nthe vulnerability for the impacted versions of Service Manager:\n\nFor versions 9.30, 9.31, 9.32, 9.33, 9.34.9.35 please upgrade to SM 9.35.P6:\n\nSM9.35 P6 packages,\nSM 9.35 AIX Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00916\u003e\n\nSM 9.35 HP Itanium Server  9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00917\u003e\n\nSM 9.35 HP Itanium Server for Oracle 12c 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00918\u003e\n\nSM 9.35 Linux Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00919\u003e\n\nSM 9.35 Solaris Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00920\u003e\n\nSM 9.35 Windows Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00921\u003e\n\n\nFor version 9.40, 9.41 please upgrade to SM 9.41.P6:\n\nSM9.41.P6 packages,\nService Manager 9.41.6000 p6 - Server for AIX\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00891\u003e\n\nService Manager 9.41.6000 p6 - Server for HP-UX/IA\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00892\u003e\n\nService Manager 9.41.6000 p6 - Server for Linux\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00893\u003e\n\nService Manager 9.41.6000 p6 - Server for Solaris\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00894\u003e\n\nService Manager 9.41.6000 p6 - Server for Windows\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00895\u003e\n\n\nFor version 9.50, 9.51 Server and KM components please upgrade to SM 9.52.P2:\n\nSM9.52.P2 packages,\nService Manager 9.52.2021 p2 - Server for Windows\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00906\u003e\n\nService Manager 9.52.2021 p2 - Server for Linux\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00907\u003e\n\nHISTORY\nVersion:1 (rev.1) - 9 May 2018 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on \nsystems running Micro Focus products should be applied in accordance with the customer\u0027s \npatch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. \nFor other issues about the content of this Security Bulletin, send e-mail to  cyber-psrt@microfocus.com. \n\nReport: To report a potential security vulnerability for any supported product:\n  Web form: https://www.microfocus.com/support-and-services/report-security\n  Email: security@microfocus.com\n\nSubscribe:\n To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email,  please subscribe here - https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification\n Once you are logged in to the portal, please choose security bulletins under product and document types. \n Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do \n\nSecurity Bulletin Archive:\n A list of recently released Security Bulletins is available here: https://softwaresupport.hpe.com/security-vulnerability\n \nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following Micro Focus Security Bulletin. \n\n3P = 3rd Party Software\nGN = Micro Focus General Software\nMU = Multi-Platform Software\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. \nMicro Focus is continually reviewing and enhancing the security features of software products to provide \ncustomers with current secure solutions. \n\n\"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the \naffected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends \nthat all users determine the applicability of this information to their individual situations and take appropriate action. \nMicro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, \nMicro Focus will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in \nthis Security Bulletin. To the extent permitted by law, Micro Focus  disclaims  all warranties, either express or \nimplied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\" \n\n\nCopyright 2017 EntIT Software LLC\n\nMicro Focus shall not be liable for technical or editorial errors or omissions contained herein. \nThe information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, \nneither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special \nor consequential damages including downtime cost; lost profits; damages relating to the procurement of \nsubstitute products or services; or damages for loss of data, or software restoration. \nThe information in this document is subject to change without notice. Micro Focus and the names of \nMicro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. \nOther product and company names mentioned herein may be trademarks of their respective owners. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201702-07\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: February 14, 2017\n     Bugs: #607318\n       ID: 201702-07\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nmight allow attackers to access sensitive information. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2k                  \u003e= 1.0.2k\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker is able to crash applications linked against OpenSSL\nor could obtain sensitive private-key information via an attack against\nthe Diffie-Hellman (DH) ciphersuite. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2k\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-7055\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7055\n[ 2 ] CVE-2017-3730\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3730\n[ 3 ] CVE-2017-3731\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3731\n[ 4 ] CVE-2017-3732\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3732\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201702-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--6TxcaqolfH5V8d0tqHGgGlj1v2tmUA9I9--\n\n. Description:\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release. \n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es):\n\n*  openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n(CVE-2016-2182)\n\n*  openssl: Insufficient TLS session ticket HMAC length checks\n(CVE-2016-6302)\n\n*  openssl: certificate message OOB reads (CVE-2016-6306)\n\n*  openssl: Carry propagating bug in Montgomery multiplication\n(CVE-2016-7055)\n\n*  openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n*  openssl: BN_mod_exp may produce incorrect results on x86_64\n(CVE-2017-3732)\n\n*  openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n*  openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n*  openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306\nand CVE-2016-7055. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1393929 - CVE-2016-7055 openssl: Carry propagating bug in Montgomery multiplication\n1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read\n1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64\n1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64\n1523504 - CVE-2017-3737 openssl: Read/write after SSL object in error state\n1523510 - CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-373 - Errata for httpd 2.4.29 GA RHEL 7\n\n7. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-17:02.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          OpenSSL multiple vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2017-02-23\nAffects:        All supported versions of FreeBSD. \nCorrected:      2017-01-26 19:14:14 UTC (stable/11, 11.0-STABLE)\n                2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8)\n                2017-01-27 07:45:06 UTC (stable/10, 10.3-STABLE)\n                2017-02-23 07:12:18 UTC (releng/10.3, 10.3-RELEASE-p16)\nCVE Name:       CVE-2016-7055, CVE-2017-3731, CVE-2017-3732\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII.  Problem Description\n\nIf an SSL/TLS server or client is running on a 32-bit host, and a specific\ncipher is being used, then a truncated packet can cause that server or\nclient to perform an out-of-bounds read, usually resulting in a crash. [CVE-2017-3732]\n\nMontgomery multiplication may produce incorrect results. [CVE-2016-7055]\n\nIII. Impact\n\nA remote attacker may trigger a crash on servers or clients that supported\nRC4-MD5. [CVE-2017-3732,\nCVE-2016-7055]\n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nRestart all daemons that use the library, or reboot the system. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nRestart all daemons that use the library, or reboot the system. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 11.0]\n# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-11.patch\n# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-11.patch.asc\n# gpg --verify openssl-11.patch.asc\n\n[FreeBSD 10.3]\n# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-10.patch\n# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-10.patch.asc\n# gpg --verify openssl-10.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all daemons that use the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/10/                                                        r312863\nreleng/10.3/                                                      r314125\nstable/11/                                                        r312826\nreleng/11.0/                                                      r314126\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055\u003e \n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731\u003e \n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732\u003e\n\n\u003cURL:https://www.openssl.org/news/secadv/20170126.txt\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.18 (FreeBSD)\n\niQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujOsACgkQ7Wfs1l3P\naufZHhAAy8U5oOrLGq0XH8Dumpkyc+bFOmsEh+S1hL6jFL13jUVpDqogZ3w/a7If\nHcqiyipx5dbcGbHJayokfimkxPcIYydYQK9NwWaXVlnZifvgWka+KxtcD0u2A8S5\ncpTbNl+CALQQqEF3+JmOc4Uq2Dtui0xFG1N5Og4oF5Uo+lvQh4bcJ1UbfhMdq8EG\nUS3hGlJLJJW75m3jkgHyu0o7A0swnNTUQrW9Z0p/3iTiel7fM57d/N1who+kt59V\nUErXTzMDBT1kkWRne0aTA71gdy3SUeRiVi9/LWggjIRJNyMnQjO3UI2UOIHLLQAG\nCXcZLPekB87iHZxMAw8oV6b4GIkJhqUFW2ep2AZkUdDZ2Mup9bDrx/0Ik0jHjyQY\nKEmZDroHvP8z569q+aWfIIpMXPv6zJTnent45U2/q13wMHJwWsADu9ukeWKTw7wI\nP0Rc3vht+AXbXFi9SjxwdldgrVszV7x8Yi6W9KhHsGqCl6NBCW9Md/PWbNQQUVkq\nI5tV0WB3pTwOk0yMi3h/okM9VBr1lPDU18W0he5T9wbOh4w0jwFb8AqMu1slst3l\n9MlhRfO/4LIDlfRQ/dj4dOfVLZqEd/xleax99yFXZUzibUYrOMlBxNaKvV80plwB\nKg2Hr3DJuJa3599kNgXMCNV1lRIOJbJ9dRmX6B0YzMgvxKPIXY4=\n=8Jsr\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: java-1.8.0-ibm security update\nAdvisory ID:       RHSA-2018:2575-01\nProduct:           Red Hat Enterprise Linux Supplementary\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2018:2575\nIssue date:        2018-08-28\nCVE Names:         CVE-2016-0705 CVE-2017-3732 CVE-2017-3736\n                   CVE-2018-1517 CVE-2018-1656 CVE-2018-2940\n                   CVE-2018-2952 CVE-2018-2973 CVE-2018-12539\n====================================================================\n1. Summary:\n\nAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux\n6 Supplementary. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit. \n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP20. \n\nSecurity Fix(es):\n\n* IBM JDK: privilege escalation via insufficiently restricted access to\nAttach API (CVE-2018-12539)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64\n(CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* IBM JDK: DoS in the java.math component (CVE-2018-1517)\n\n* IBM JDK: path traversal flaw in the Diagnostic Tooling Framework\n(CVE-2018-1656)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and\n10.0.2 (Libraries) (CVE-2018-2940)\n\n* OpenJDK: insufficient index validation in PatternSyntaxException\ngetMessage() (Concurrency, 8199547) (CVE-2018-2952)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and\n10.0.2 (JSSE) (CVE-2018-2973)\n\n* OpenSSL: Double-free in DSA code (CVE-2016-0705)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the\noriginal reporter of CVE-2016-0705. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of IBM Java must be restarted for this update to take\neffect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code\n1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64\n1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64\n1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)\n1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)\n1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries)\n1618767 - CVE-2018-12539 IBM JDK: privilege escalation via insufficiently restricted access to Attach API\n1618869 - CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework\n1618871 - CVE-2018-1517 IBM JDK: DoS in the java.math component\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm\n\nx86_64:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm\n\nppc64:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.ppc64.rpm\n\ns390x:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.s390x.rpm\n\nx86_64:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm\n\nx86_64:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0705\nhttps://access.redhat.com/security/cve/CVE-2017-3732\nhttps://access.redhat.com/security/cve/CVE-2017-3736\nhttps://access.redhat.com/security/cve/CVE-2018-1517\nhttps://access.redhat.com/security/cve/CVE-2018-1656\nhttps://access.redhat.com/security/cve/CVE-2018-2940\nhttps://access.redhat.com/security/cve/CVE-2018-2952\nhttps://access.redhat.com/security/cve/CVE-2018-2973\nhttps://access.redhat.com/security/cve/CVE-2018-12539\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n\nThis only affects processors that support the BMI1, BMI2 and ADX extensions like\nIntel Broadwell (5th generation) and later or AMD Ryzen. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0g\nOpenSSL 1.0.2 users should upgrade to 1.0.2m\n\nThis issue was reported to OpenSSL on 10th August 2017 by the OSS-Fuzz project. \nThe fix was developed by Andy Polyakov of the OpenSSL development team. \n\nMalformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)\n====================================================================\n\nSeverity: Low\n\nThis issue was previously announced in security advisory\nhttps://www.openssl.org/news/secadv/20170828.txt, but the fix has not previously\nbeen included in a release due to its low severity. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0g\nOpenSSL 1.0.2 users should upgrade to 1.0.2m\n\n\nNote\n====\n\nSupport for version 1.0.1 ended on 31st December 2016. Support for versions\n0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer\nreceiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20171102.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3732"
      },
      {
        "db": "PACKETSTORM",
        "id": "141025"
      },
      {
        "db": "PACKETSTORM",
        "id": "147577"
      },
      {
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "db": "PACKETSTORM",
        "id": "141088"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "141255"
      },
      {
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "db": "PACKETSTORM",
        "id": "169631"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3732",
        "trust": 3.3
      },
      {
        "db": "SECTRACK",
        "id": "1037717",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "95814",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2017-04",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU92830136",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1415",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4325",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0258.3",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1613",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0733",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3732",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141025",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "147577",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149403",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141088",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148524",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141255",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149130",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169631",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "db": "PACKETSTORM",
        "id": "141025"
      },
      {
        "db": "PACKETSTORM",
        "id": "147577"
      },
      {
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "db": "PACKETSTORM",
        "id": "141088"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "141255"
      },
      {
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "id": "VAR-201705-3649",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.206875005
  },
  "last_update_date": "2024-06-14T20:46:02.785000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "hitachi-sec-2018-103",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-103/index.html"
      },
      {
        "title": "hitachi-sec-2017-115",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-115/index.html"
      },
      {
        "title": "NV17-011",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv17-011.html"
      },
      {
        "title": "BN_mod_exp may produce incorrect results on x86_64",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20170126.txt"
      },
      {
        "title": "hitachi-sec-2018-103",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2018-103/index.html"
      },
      {
        "title": "hitachi-sec-2017-115",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2017-115/index.html"
      },
      {
        "title": "OpenSSL Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67520"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2017/01/31/openssl_patches/"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29  RHEL 7 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182185 - security advisory"
      },
      {
        "title": "Red Hat: Important: java-1.8.0-ibm security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182575 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182186 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: java-1.8.0-ibm security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182713 - security advisory"
      },
      {
        "title": "Red Hat: Important: java-1.8.0-ibm security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182568 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182187 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2017-3732",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-3732"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-3732"
      },
      {
        "title": "IBM: Security Bulletin: OpenSSL vulnerabilites impacting IBM Aspera Connect 3.7.4 and earlier (CVE-2017-3732, CVE-2016-7055)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=030cb7ac9266aec85453c1d2339fbc00"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3181-1"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201701-37] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201701-37"
      },
      {
        "title": "Huawei Security Advisories: Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories\u0026qid=1181e052a6a83786d4182d45ddb56d5d"
      },
      {
        "title": "Symantec Security Advisories: SA141 : OpenSSL Vulnerabilities 26-Jan-2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=117bc0d26e74d755d85acf15af842eaf"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201701-36] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201701-36"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1656, CVE-2018-12539)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3d9ab13c871ea2142681c7977b25c5ff"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU \u2013 Jul 2018 \u2013 Includes Oracle Jul 2018 CPU affects DB2 Recovery Expert for Linux, Unix and Windows",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=af4ddb95056d65a4af347aec0f652f0e"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20170130-openssl"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Planning",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=62ef85c9034c17315b7d0a712483c5ea"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligence",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=03b0267d78cd8ac1bbb43afc737474f0"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=63bbfc68418161b36080acd59a541d45"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Manager",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=42a34f9348fc5f34065c6d25764eb2a2"
      },
      {
        "title": "Debian CVElist Bug Report Logs: Security fixes from the July 2017 CPU",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=adc1e0c986afd5f2f3b0797ba936d072"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=38227211accce022b0a3d9b56a974186"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2017-3730, -3731, -3732 OpenSSL Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=16a227df38f44014c9520f3b6cb5344e"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a2bac27fb002bed513645d4775c7275b"
      },
      {
        "title": "Tenable Security Advisories: [R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2017-04"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=dd8c9d5928cc3b1ac8c35b4b24703e38"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c36fc403a4c2c6439b732d2fca738f58"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=525e4e31765e47b9e53b24e880af9d6e"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/95814"
      },
      {
        "trust": 1.8,
        "url": "https://www.openssl.org/news/secadv/20170126.txt"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201702-07"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2185"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2575"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2713"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1037717"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2017-04"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-17:02.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2018:2187"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2018:2186"
      },
      {
        "trust": 1.7,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03838en_us"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2018:2568"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3732"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu92830136/"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10715641"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10871356"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10882734"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76710"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4325/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics-for-nps/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10882292"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/80494"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10882754"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/79678"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1106811"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10734877"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170503-01-openssl-cn"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/74714"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3736"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3732"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3736"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-2940"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-2952"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-12539"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-2973"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-1656"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-2940"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-1517"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1517"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-2952"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1656"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-2973"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12539"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=52438"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3181-1/"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7055"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3731"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://www.microfocus.com/support-and-services/report-security"
      },
      {
        "trust": 0.1,
        "url": "https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification"
      },
      {
        "trust": 0.1,
        "url": "https://cf.passport.softwaregrp.com/hppcf/createuser.do"
      },
      {
        "trust": 0.1,
        "url": "http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-"
      },
      {
        "trust": 0.1,
        "url": "https://softwaresupport.hpe.com/document/-/facetsearch/document/km03158061"
      },
      {
        "trust": 0.1,
        "url": "https://softwaresupport.hpe.com/security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3730"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3732"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3731"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3730"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7055"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3738"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-3731"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-3737"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-3738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2182"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7055"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3737"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6302"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20170126.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-17:02/openssl-11.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-17:02.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-17:02/openssl-11.patch"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-17:02/openssl-10.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3732\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3731\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-17:02/openssl-10.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7055\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20170828.txt,"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20171102.txt"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "db": "PACKETSTORM",
        "id": "141025"
      },
      {
        "db": "PACKETSTORM",
        "id": "147577"
      },
      {
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "db": "PACKETSTORM",
        "id": "141088"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "141255"
      },
      {
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "db": "PACKETSTORM",
        "id": "141025"
      },
      {
        "db": "PACKETSTORM",
        "id": "147577"
      },
      {
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "db": "PACKETSTORM",
        "id": "141088"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "141255"
      },
      {
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3732"
      },
      {
        "date": "2017-05-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "date": "2017-02-13T16:38:20",
        "db": "PACKETSTORM",
        "id": "141025"
      },
      {
        "date": "2018-05-10T10:11:22",
        "db": "PACKETSTORM",
        "id": "147577"
      },
      {
        "date": "2018-09-18T02:18:55",
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "date": "2017-02-14T17:07:17",
        "db": "PACKETSTORM",
        "id": "141088"
      },
      {
        "date": "2018-07-12T21:48:49",
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "date": "2017-02-23T17:14:20",
        "db": "PACKETSTORM",
        "id": "141255"
      },
      {
        "date": "2018-08-29T00:28:49",
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "date": "2017-11-02T12:12:12",
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "date": "2017-01-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      },
      {
        "date": "2017-05-04T19:29:00.400000",
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-08-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3732"
      },
      {
        "date": "2018-02-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "date": "2022-08-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      },
      {
        "date": "2022-08-29T20:43:33.220000",
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      }
    ],
    "trust": 0.6
  }
}

var-201201-0312
Vulnerability from variot

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. HP SSL for OpenVMS v 1.4-453 (based on OpenSSL 0.9.8o stream) and earlier. HP System Management Homepage (SMH) before v7.1.1 running on Linux and Windows. HP System Management Homepage v7.1.1 is available here:

HP System Management Homepage for Windows x64

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab 0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Windows x86

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7 c0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Linux (AMD64/EM64T)

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18 d373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Linux (x86)

[Download here] or enter the following URL into the browser address window. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-12

                                        http://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 06, 2012 Bugs: #397695, #399365 ID: 201203-12

Synopsis

Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to cause a Denial of Service or obtain sensitive information.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.0g *>= 0.9.8t >= 1.0.0g

Description

Multiple vulnerabilities have been found in OpenSSL:

  • Timing differences for decryption are exposed by CBC mode encryption in OpenSSL's implementation of DTLS (CVE-2011-4108).
  • An incorrect fix for CVE-2011-4108 creates an unspecified vulnerability for DTLS applications using OpenSSL (CVE-2012-0050).

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0g"

References

[ 1 ] CVE-2011-4108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108 [ 2 ] CVE-2011-4109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109 [ 3 ] CVE-2011-4576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576 [ 4 ] CVE-2011-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577 [ 5 ] CVE-2011-4619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619 [ 6 ] CVE-2012-0027 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027 [ 7 ] CVE-2012-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201203-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2012:0059-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0059.html Issue date: 2012-01-24 CVE Names: CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)

An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)

A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially-crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577)

It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)

All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

  1. Bugs fixed (http://bugzilla.redhat.com/):

771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771778 - CVE-2011-4577 openssl: malformed RFC 3779 data can cause assertion failures 771780 - CVE-2011-4619 openssl: SGC restart DoS attack

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm

x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm

x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm

ppc64: openssl-1.0.0-20.el6_2.1.ppc.rpm openssl-1.0.0-20.el6_2.1.ppc64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-devel-1.0.0-20.el6_2.1.ppc.rpm openssl-devel-1.0.0-20.el6_2.1.ppc64.rpm

s390x: openssl-1.0.0-20.el6_2.1.s390.rpm openssl-1.0.0-20.el6_2.1.s390x.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-devel-1.0.0-20.el6_2.1.s390.rpm openssl-devel-1.0.0-20.el6_2.1.s390x.rpm

x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm

ppc64: openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-perl-1.0.0-20.el6_2.1.ppc64.rpm openssl-static-1.0.0-20.el6_2.1.ppc64.rpm

s390x: openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-perl-1.0.0-20.el6_2.1.s390x.rpm openssl-static-1.0.0-20.el6_2.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm

x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm

x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2011-4108.html https://www.redhat.com/security/data/cve/CVE-2011-4576.html https://www.redhat.com/security/data/cve/CVE-2011-4577.html https://www.redhat.com/security/data/cve/CVE-2011-4619.html https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPHySOXlSAg2UNWIIRAlYpAKCQCY5k4gZ5VKOHZekEaWFHDNjGZwCZAdR3 CJl5iUxU4cxJLOsSBESSRVs= =PMiS -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Content-Disposition: inline

==========================================================================Ubuntu Security Notice USN-1357-1 February 09, 2012

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.10
  • Ubuntu 10.04 LTS
  • Ubuntu 8.04 LTS

Summary:

Multiple vulnerabilities exist in OpenSSL that could expose sensitive information or cause applications to crash.

Software Description: - openssl: Secure Socket Layer (SSL) binary and related cryptographic tools

Details:

It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)

Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. This could allow a remote attacker to recover plaintext. This could allow a remote attacker to cause a denial of service. This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109)

It was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This issue only affected Ubuntu 8.04 LTS. This could allow a remote attacker to cause a denial of service. This could allow a remote attacker to cause a denial of service. (CVE-2011-4619)

Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL did not properly handle invalid parameters. This could allow a remote attacker to cause a denial of service via crafted data from a TLS client. This issue only affected Ubuntu 11.10. (CVE-2012-0027)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.10: libssl1.0.0 1.0.0e-2ubuntu4.2 openssl 1.0.0e-2ubuntu4.2

Ubuntu 11.04: libssl0.9.8 0.9.8o-5ubuntu1.2 openssl 0.9.8o-5ubuntu1.2

Ubuntu 10.10: libssl0.9.8 0.9.8o-1ubuntu4.6 openssl 0.9.8o-1ubuntu4.6

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.8 openssl 0.9.8k-7ubuntu8.8

Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.15 openssl 0.9.8g-4ubuntu3.15

After a standard system update you need to reboot your computer to make all the necessary changes. Relevant releases/architectures:

RHEV Hypervisor for RHEL-6 - noarch

  1. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor.

A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. The security fixes included in this update address the following CVE numbers:

CVE-2009-5029 and CVE-2011-4609 (glibc issues)

CVE-2012-0056 (kernel issue)

CVE-2011-4108 and CVE-2012-0050 (openssl issues)

This update also fixes the following bugs:

  • Previously, it was possible to begin a Hypervisor installation without any valid disks to install to.

Now, if no valid disks are found for Hypervisor installation, a message is displayed informing the user that there are no valid disks for installation. (BZ#781471)

  • Previously, the user interface for the Hypervisor did not indicate whether the system was registered with Red Hat Network (RHN) Classic or RHN Satellite. As a result, customers could not easily determine the registration status of their Hypervisor installations.

The TUI has been updated to display the registration status of the Hypervisor. (BZ#788223)

  • Previously, autoinstall would fail if the firstboot or reinstall options were passed but local_boot or upgrade were not passed. Now, neither the local_boot or upgrade parameters are required for autoinstall. 788225 - autoinstall fails when local_boot or upgrade not passed on command line 788226 - rhev-hypervisor6 6.2 Update 2 Release bugzilla

Release Date: 2012-01-19 Last Updated: 2012-01-19

Potential Security Impact: Remote Denial of Service (DoS), unauthorized access

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08s.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4109 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 9.3 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided upgrades to resolve this vulnerability. The upgrades are available from the following location ftp://ossl098s:Secure12@ftp.usa.hp.com

HP-UX Release / Depot Name

B.11.11 PA (32 and 64) / OpenSSL_A.00.09.08s.001_HP-UX_B.11.11_32+64.depot

B.11.23 (PA and IA) / OpenSSL_A.00.09.08s.002_HP-UX_B.11.23_IA-PA.depot

B.11.31 (PA and IA) / OpenSSL_A.00.09.08s.003_HP-UX_B.11.31_IA-PA.depot

MANUAL ACTIONS: Yes - Update

Install OpenSSL A.00.09.08s or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.11

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.001 or subsequent

HP-UX B.11.23

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.002 or subsequent

HP-UX B.11.31

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.003 or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) 19 January 2012 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

DTLS Plaintext Recovery Attack (CVE-2011-4108)

Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can be found at http://www.isg.rhul.ac.uk/~kp/dtls.pdf

Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann seggelmann@fh-muenster.de and Michael Tuexen tuexen@fh-muenster.de for preparing the fix.

Double-free in Policy Checks (CVE-2011-4109)

If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected.

This flaw was discovered by Ben Laurie and a fix provided by Emilia Kasper ekasper@google.com of Google. This affects both clients and servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with SSLv3_{server|client}method or SSLv23{server|client}_method. It does not affect TLS. This could include sensitive contents of previously freed memory.

However, in practice, most deployments do not use SSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer any any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue.

Thanks to Adam Langley agl@chromium.org for identifying and fixing this issue.

Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)

RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack.

Note, however, that in the standard release of OpenSSL, RFC 3779 support is disabled by default, and in this case OpenSSL is not vulnerable. Builds of OpenSSL are vulnerable if configured with "enable-rfc3779".

Thanks to Andrew Chi, BBN Technologies, for discovering the flaw, and Rob Austein sra@hactrn.net for fixing it.

Thanks to George Kadianakis desnacked@gmail.com for identifying this issue and to Adam Langley agl@chromium.org for fixing it.

Invalid GOST parameters DoS Attack (CVE-2012-0027)

A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack.

Only users of the OpenSSL GOST ENGINE are affected by this bug.

Thanks to Andrey Kulikov amdeich@gmail.com for identifying and fixing this issue.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20120104.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0312",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "efi",
        "version": null
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.32"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16.2"
      },
      {
        "model": "aura system platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "hardware management console 7r7.7.0",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux enterprise sdk sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.41"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.1"
      },
      {
        "model": "big-ip webaccelerator hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "aura system manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "hardware management console 7r7.2.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "hardware management console 7r7.1.0 sp4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "8.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "junos space ja1500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip asm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "proactive contact",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "voice portal",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.3"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "junos space ja2500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411.2"
      },
      {
        "model": "linux enterprise server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "reflection sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "aura communication manager sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.0.52"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip webaccelerator hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "8.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "xiv storage system gen3 mtm 11.1.0.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-114"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.44"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "hardware management console 7r7.1.0 sp3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "junos space 14.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "8.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "tivoli network manager fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "pfsense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.1"
      },
      {
        "model": "big-ip ltm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "junos space 13.1p1.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.2"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "reflection for ibm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20070"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "hardware management console 7r7.3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.3"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "big-ip ltm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "messaging storage server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.14"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "linux enterprise server sp3 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.01"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "voice portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "enterprise linux desktop version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.50"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.55"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56001"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "big-ip psm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.00"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.1.2"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411.1.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4"
      },
      {
        "model": "meeting exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "jboss enterprise web server for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "1.0.2"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411.2"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "tivoli remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "big-ip edge gateway hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "message networking sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux enterprise server for vmware sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "infosphere balanced warehouse d5100",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "hardware management console 7r7.2.0 sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.7"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip wom hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "messaging storage server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip analytics 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip afm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.2"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "onboard administrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.56"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.12"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.1"
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "xiv storage system gen3 mtm 11.0.1.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-114"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "fiery print controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "efi",
        "version": "2.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "docucolor dc260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "docucolor dc242",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "linux enterprise server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.13"
      },
      {
        "model": "aura sip enablement services sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "reflection for ibm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20080"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.5.0.15"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.1"
      },
      {
        "model": "7.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.9"
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "pfsense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.3"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.4"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411.1.1"
      },
      {
        "model": "reflection sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.1"
      },
      {
        "model": "big-ip psm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aura application server sip core pb26",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "xiv storage system gen3 mtm 11.1.0.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-114"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411"
      },
      {
        "model": "sterling connect:direct",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.61"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "enterprise virtualization hypervisor for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "60"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "linux enterprise sdk sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56002"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "76000"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "junos space r1.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.40"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.00"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux enterprise desktop sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "reflection for unix and openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20080"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0"
      },
      {
        "model": "enterprise virtualization hypervisor for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "50"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "tivoli network manager fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9"
      },
      {
        "model": "jboss enterprise web server for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "1.0.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77100"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "hardware management console 7r7.1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm 11.0.1.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-114"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip analytics hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77000"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16.3"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "docucolor dc252",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "ds8870",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "linux enterprise desktop sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip pem hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "aura conferencing standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "hardware management console 7r7.2.0 sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "pfsense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "message networking",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.5"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-060"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4577"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8r",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.0e",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4577"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nadhem Alfardan and Kenny Paterson, Information Security Group at Royal Holloway, University of London, Ben Laurie, Adam Langley, Andrew Chi, BBN Technologies and Andrey Kulikov",
    "sources": [
      {
        "db": "BID",
        "id": "51281"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-4577",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2011-4577",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-4577",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201201-060",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2011-4577",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2011-4577"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-060"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4577"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. \nHP SSL for OpenVMS v 1.4-453 (based on OpenSSL 0.9.8o stream) and earlier. \nHP System Management Homepage (SMH) before v7.1.1 running on Linux and\nWindows. HP System Management Homepage v7.1.1 is available here:\n\nHP System Management Homepage for Windows x64\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab\n0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Windows x86\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7\nc0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (AMD64/EM64T)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18\nd373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (x86)\n\n[Download here] or enter the following URL into the browser address window. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201203-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: March 06, 2012\n     Bugs: #397695, #399365\n       ID: 201203-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, allowing remote\nattackers to cause a Denial of Service or obtain sensitive information. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.0g                 *\u003e= 0.9.8t\n                                                            \u003e= 1.0.0g\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL:\n\n* Timing differences for decryption are exposed by CBC mode encryption\n  in OpenSSL\u0027s implementation of DTLS (CVE-2011-4108). \n* An incorrect fix for CVE-2011-4108 creates an unspecified\n  vulnerability for DTLS applications using OpenSSL (CVE-2012-0050). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0g\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-4108\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108\n[ 2 ] CVE-2011-4109\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109\n[ 3 ] CVE-2011-4576\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576\n[ 4 ] CVE-2011-4577\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577\n[ 5 ] CVE-2011-4619\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619\n[ 6 ] CVE-2012-0027\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027\n[ 7 ] CVE-2012-0050\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-12.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2012:0059-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2012-0059.html\nIssue date:        2012-01-24\nCVE Names:         CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 \n                   CVE-2011-4619 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use this\nflaw to retrieve plain text from the encrypted packets by using a DTLS\nserver as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection. \n(CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application using\nOpenSSL exit unexpectedly by providing a specially-crafted X.509\ncertificate that has malformed RFC 3779 extension data. (CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake. \n(CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack\n771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding\n771778 - CVE-2011-4577 openssl: malformed RFC 3779 data can cause assertion failures\n771780 - CVE-2011-4619 openssl: SGC restart DoS attack\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\n\nppc64:\nopenssl-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-devel-1.0.0-20.el6_2.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.0-20.el6_2.1.s390.rpm\nopenssl-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-devel-1.0.0-20.el6_2.1.s390.rpm\nopenssl-devel-1.0.0-20.el6_2.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-static-1.0.0-20.el6_2.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-perl-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-static-1.0.0-20.el6_2.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-4108.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4576.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4577.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4619.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPHySOXlSAg2UNWIIRAlYpAKCQCY5k4gZ5VKOHZekEaWFHDNjGZwCZAdR3\nCJl5iUxU4cxJLOsSBESSRVs=\n=PMiS\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Content-Disposition: inline\n\n==========================================================================Ubuntu Security Notice USN-1357-1\nFebruary 09, 2012\n\nopenssl vulnerabilities\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nMultiple vulnerabilities exist in OpenSSL that could expose\nsensitive information or cause applications to crash. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) binary and related cryptographic tools\n\nDetails:\n\nIt was discovered that the elliptic curve cryptography (ECC) subsystem\nin OpenSSL, when using the Elliptic Curve Digital Signature Algorithm\n(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement\ncurves over binary fields. This could allow an attacker to determine\nprivate keys via a timing attack. This issue only affected Ubuntu 8.04\nLTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\nAdam Langley discovered that the ephemeral Elliptic Curve\nDiffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread\nsafety while processing handshake messages from clients. This\ncould allow a remote attacker to cause a denial of service via\nout-of-order messages that violate the TLS protocol. This issue only\naffected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu\n11.04. This could allow a remote\nattacker to recover plaintext. This could allow a remote\nattacker to cause a denial of service. This\ncould allow a remote attacker to cause a denial of service. This\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. (CVE-2011-4109)\n\nIt was discovered that OpenSSL, in certain circumstances involving\nECDH or ECDHE cipher suites, used an incorrect modular reduction\nalgorithm in its implementation of the P-256 and P-384 NIST elliptic\ncurves. This issue only\naffected Ubuntu 8.04 LTS. This could allow a remote attacker\nto cause a denial of service. This could allow a remote attacker to cause a denial of\nservice. (CVE-2011-4619)\n\nAndrey Kulikov discovered that the GOST block cipher engine in OpenSSL\ndid not properly handle invalid parameters. This could allow a remote\nattacker to cause a denial of service via crafted data from a TLS\nclient. This issue only affected Ubuntu 11.10. (CVE-2012-0027)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n  libssl1.0.0                     1.0.0e-2ubuntu4.2\n  openssl                         1.0.0e-2ubuntu4.2\n\nUbuntu 11.04:\n  libssl0.9.8                     0.9.8o-5ubuntu1.2\n  openssl                         0.9.8o-5ubuntu1.2\n\nUbuntu 10.10:\n  libssl0.9.8                     0.9.8o-1ubuntu4.6\n  openssl                         0.9.8o-1ubuntu4.6\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.8\n  openssl                         0.9.8k-7ubuntu8.8\n\nUbuntu 8.04 LTS:\n  libssl0.9.8                     0.9.8g-4ubuntu3.15\n  openssl                         0.9.8g-4ubuntu3.15\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Relevant releases/architectures:\n\nRHEV Hypervisor for RHEL-6 - noarch\n\n3. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. \n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2009-5029 and CVE-2011-4609 (glibc issues)\n\nCVE-2012-0056 (kernel issue)\n\nCVE-2011-4108 and CVE-2012-0050 (openssl issues)\n\nThis update also fixes the following bugs:\n\n* Previously, it was possible to begin a Hypervisor installation without\nany valid disks to install to. \n\nNow, if no valid disks are found for Hypervisor installation, a message is\ndisplayed informing the user that there are no valid disks for\ninstallation. (BZ#781471)\n\n* Previously, the user interface for the Hypervisor did not indicate\nwhether the system was registered with Red Hat Network (RHN) Classic or RHN\nSatellite. As a result, customers could not easily determine the\nregistration status of their Hypervisor installations. \n\nThe TUI has been updated to display the registration status of the\nHypervisor. (BZ#788223)\n\n* Previously, autoinstall would fail if the firstboot or reinstall options\nwere passed but local_boot or upgrade were not passed. Now, neither the\nlocal_boot or upgrade parameters are required for autoinstall. \n788225 - autoinstall fails when local_boot or upgrade not passed on command line\n788226 - rhev-hypervisor6 6.2 Update 2 Release bugzilla\n\n6. \n\nRelease Date: 2012-01-19\nLast Updated: 2012-01-19\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized access\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08s. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2011-3210    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2011-4108    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2011-4109    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       9.3\nCVE-2011-4576    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\nCVE-2011-4577    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2011-4619    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided upgrades to resolve this vulnerability. \nThe upgrades are available from the following location\nftp://ossl098s:Secure12@ftp.usa.hp.com\n\nHP-UX Release / Depot Name\n\nB.11.11 PA (32 and 64) / OpenSSL_A.00.09.08s.001_HP-UX_B.11.11_32+64.depot\n\nB.11.23 (PA and IA) / OpenSSL_A.00.09.08s.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (PA and IA) / OpenSSL_A.00.09.08s.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08s or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 19 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel.  For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\nDTLS Plaintext Recovery Attack (CVE-2011-4108)\n==============================================\n\nNadhem Alfardan and Kenny Paterson have discovered an extension of the \nVaudenay padding oracle attack on CBC mode encryption which enables an \nefficient plaintext recovery attack against the OpenSSL implementation\nof DTLS. Their attack exploits timing differences arising during\ndecryption processing. A research paper describing this attack can be\nfound at http://www.isg.rhul.ac.uk/~kp/dtls.pdf\n\nThanks go to Nadhem Alfardan and Kenny Paterson of the Information\nSecurity Group at Royal Holloway, University of London\n(www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann\n\u003cseggelmann@fh-muenster.de\u003e and Michael Tuexen \u003ctuexen@fh-muenster.de\u003e\nfor preparing the fix. \n\nDouble-free in Policy Checks (CVE-2011-4109)\n============================================\n\nIf X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy\ncheck failure can lead to a double-free. The bug does not occur \nunless this flag is set. Users of OpenSSL 1.0.0 are not affected. \n\nThis flaw was discovered by Ben Laurie and a fix provided by Emilia\nKasper \u003cekasper@google.com\u003e of Google. This affects both clients and\nservers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with\nSSLv3_{server|client}_method or SSLv23_{server|client}_method. It does\nnot affect TLS. This could include sensitive\ncontents of previously freed memory. \n\nHowever, in practice, most deployments do not use\nSSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per\nconnection. That write buffer is partially filled with non-sensitive,\nhandshake data at the beginning of the connection and, thereafter,\nonly records which are longer any any previously sent record leak any\nnon-encrypted data. This, combined with the small number of bytes\nleaked per record, serves to limit to severity of this issue. \n\nThanks to Adam Langley \u003cagl@chromium.org\u003e for identifying and fixing\nthis issue. \n\nMalformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)\n====================================================================\n\nRFC 3779 data can be included in certificates, and if it is malformed,\nmay trigger an assertion failure. This could be used in a\ndenial-of-service attack. \n\nNote, however, that in the standard release of OpenSSL, RFC 3779\nsupport is disabled by default, and in this case OpenSSL is not\nvulnerable. Builds of OpenSSL are vulnerable if configured with \n\"enable-rfc3779\". \n\nThanks to Andrew Chi, BBN Technologies, for discovering the flaw, and\nRob Austein \u003csra@hactrn.net\u003e for fixing it. \n\nThanks to George Kadianakis \u003cdesnacked@gmail.com\u003e for identifying\nthis issue and to Adam Langley \u003cagl@chromium.org\u003e for fixing it. \n\nInvalid GOST parameters DoS Attack (CVE-2012-0027)\n===================================================\n\nA malicious TLS client can send an invalid set of GOST parameters\nwhich will cause the server to crash due to lack of error checking. \nThis could be used in a denial-of-service attack. \n\nOnly users of the OpenSSL GOST ENGINE are affected by this bug. \n\nThanks to Andrey Kulikov \u003camdeich@gmail.com\u003e for identifying and fixing\nthis issue. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20120104.txt\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4577"
      },
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4577"
      },
      {
        "db": "PACKETSTORM",
        "id": "114105"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "109788"
      },
      {
        "db": "PACKETSTORM",
        "id": "109073"
      },
      {
        "db": "PACKETSTORM",
        "id": "169679"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-4577",
        "trust": 2.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#737740",
        "trust": 2.2
      },
      {
        "db": "SECUNIA",
        "id": "57353",
        "trust": 1.1
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-24443",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-060",
        "trust": 0.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10659",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "51281",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4577",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "114105",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "114272",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "110482",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109614",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109788",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109073",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169679",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4577"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "PACKETSTORM",
        "id": "114105"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "109788"
      },
      {
        "db": "PACKETSTORM",
        "id": "109073"
      },
      {
        "db": "PACKETSTORM",
        "id": "169679"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-060"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4577"
      }
    ]
  },
  "id": "VAR-201201-0312",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44401007833333334
  },
  "last_update_date": "2024-07-22T21:12:07.836000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl-1.0.0f",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42348"
      },
      {
        "title": "openssl-0.9.8s",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42347"
      },
      {
        "title": "Red Hat: Important: rhev-hypervisor6 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120109 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120059 - security advisory"
      },
      {
        "title": "Debian CVElist Bug Report Logs: Potential DTLS crasher bug",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=42b9da1ce27bbcacbdb9142890b6ad6b"
      },
      {
        "title": "Debian CVElist Bug Report Logs: CVE-2011-4354: OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ea25fd33228ddfe870d0eb9177265369"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2012-038",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2012-038"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1357-1"
      },
      {
        "title": "VMware Security Advisories: VMware vSphere and vCOps updates to third party libraries",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=ebfa7ecfec1f973ff975279d7fce2976"
      },
      {
        "title": "git-vuln-finder",
        "trust": 0.1,
        "url": "https://github.com/cve-search/git-vuln-finder "
      },
      {
        "title": "vuln-finder",
        "trust": 0.1,
        "url": "https://github.com/ananya-0306/vuln-finder "
      },
      {
        "title": "git-vuln-2",
        "trust": 0.1,
        "url": "https://github.com/darknsparkly777s/git-vuln-2 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2011-4577"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-060"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4577"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "http://www.kb.cert.org/vuls/id/737740"
      },
      {
        "trust": 1.5,
        "url": "http://www.openssl.org/news/secadv_20120104.txt"
      },
      {
        "trust": 1.4,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041"
      },
      {
        "trust": 1.4,
        "url": "http://support.apple.com/kb/ht5784"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564"
      },
      {
        "trust": 1.1,
        "url": "http://w3.efi.com/fiery"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2013/jun/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-november/092905.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57353"
      },
      {
        "trust": 0.8,
        "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64"
      },
      {
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/solutions/len-24443"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4109"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027"
      },
      {
        "trust": 0.3,
        "url": "http://www.attachmate.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg400001530"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg400001529"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us"
      },
      {
        "trust": 0.3,
        "url": "https://www14.software.ibm.com/webapp/iwm/web/prelogin.do?source=aixbp"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100157565"
      },
      {
        "trust": 0.3,
        "url": "http://blog.pfsense.org/?p=676"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21637929"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/1708.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2502.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631429"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626257"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651196"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100156631"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100156392"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100157969"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100161892"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100161590"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643698"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912"
      },
      {
        "trust": 0.3,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03383940"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638022"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/support/docview.wss?uid=swg21619837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631322"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001560"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24030251"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033501"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004323"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-1306.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-1307.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-1308.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643442"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651176"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21627934"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21633107"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635888"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638669"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638670"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643439"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643437"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15314.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15388.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15389.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15395.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15460.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15461.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643316"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100158312"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100150578"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100156392"
      },
      {
        "trust": 0.3,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.3,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0050"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165"
      },
      {
        "trust": 0.2,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/kb/docs/doc-11259"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4577.html"
      },
      {
        "trust": 0.2,
        "url": "http://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4619.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4576.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3210"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/hpsmh-cve-2011-4577"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2012:0109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/cve-search/git-vuln-finder"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0884"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2131"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2016"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4078"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2014"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4415"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2012"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4577"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4576"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0027"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4619"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0050"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201203-12.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4109"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4108"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-0059.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4108.html"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8g-4ubuntu3.15"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-1357-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1945"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8o-1ubuntu4.6"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4354"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8o-5ubuntu1.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.8"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.0e-2ubuntu4.2"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-0109.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0029"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-0029.html"
      },
      {
        "trust": 0.1,
        "url": "http://docs.redhat.com/docs/en-us/red_hat_enterprise_virtualization/3.0/html/technical_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://www.isg.rhul.ac.uk)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4577"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "PACKETSTORM",
        "id": "114105"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "109788"
      },
      {
        "db": "PACKETSTORM",
        "id": "109073"
      },
      {
        "db": "PACKETSTORM",
        "id": "169679"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-060"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4577"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4577"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "PACKETSTORM",
        "id": "114105"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "109788"
      },
      {
        "db": "PACKETSTORM",
        "id": "109073"
      },
      {
        "db": "PACKETSTORM",
        "id": "169679"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-060"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4577"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-03-18T00:00:00",
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "date": "2012-01-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-4577"
      },
      {
        "date": "2012-01-05T00:00:00",
        "db": "BID",
        "id": "51281"
      },
      {
        "date": "2012-06-23T01:42:26",
        "db": "PACKETSTORM",
        "id": "114105"
      },
      {
        "date": "2012-06-28T03:39:12",
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "date": "2012-03-06T23:57:33",
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "date": "2012-01-24T23:58:58",
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "date": "2012-02-10T07:44:13",
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "date": "2012-02-15T22:44:29",
        "db": "PACKETSTORM",
        "id": "109788"
      },
      {
        "date": "2012-01-25T16:35:29",
        "db": "PACKETSTORM",
        "id": "109073"
      },
      {
        "date": "2012-01-04T12:12:12",
        "db": "PACKETSTORM",
        "id": "169679"
      },
      {
        "date": "2012-01-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201201-060"
      },
      {
        "date": "2012-01-06T01:55:00.957000",
        "db": "NVD",
        "id": "CVE-2011-4577"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-05-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "date": "2014-03-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-4577"
      },
      {
        "date": "2015-04-13T21:31:00",
        "db": "BID",
        "id": "51281"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201201-060"
      },
      {
        "date": "2014-03-26T04:25:16.987000",
        "db": "NVD",
        "id": "CVE-2011-4577"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-060"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-060"
      }
    ],
    "trust": 0.6
  }
}

var-201003-0281
Vulnerability from variot

The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information. OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL versions 0.9.8f through 0.9.8m are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

               VMware Security Advisory

Advisory ID: VMSA-2011-0003 Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Issue date: 2011-02-10 Updated on: 2011-02-10 (initial release of advisory) CVE numbers: --- Apache Tomcat --- CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 CVE-2009-3548 CVE-2010-2227 CVE-2010-1157 --- Apache Tomcat Manager --- CVE-2010-2928 --- cURL --- CVE-2010-0734 --- COS Kernel --- CVE-2010-1084 CVE-2010-2066 CVE-2010-2070 CVE-2010-2226 CVE-2010-2248 CVE-2010-2521 CVE-2010-2524 CVE-2010-0008 CVE-2010-0415 CVE-2010-0437 CVE-2009-4308 CVE-2010-0003 CVE-2010-0007 CVE-2010-0307 CVE-2010-1086 CVE-2010-0410 CVE-2010-0730 CVE-2010-1085 CVE-2010-0291 CVE-2010-0622 CVE-2010-1087 CVE-2010-1173 CVE-2010-1437 CVE-2010-1088 CVE-2010-1187 CVE-2010-1436 CVE-2010-1641 CVE-2010-3081 --- Microsoft SQL Express --- CVE-2008-5416 CVE-2008-0085 CVE-2008-0086 CVE-2008-0107 CVE-2008-0106 --- OpenSSL --- CVE-2010-0740 CVE-2010-0433 CVE-2010-3864 CVE-2010-2939 --- Oracle (Sun) JRE --- CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-0850 CVE-2010-0886 CVE-2010-3556 CVE-2010-3566 CVE-2010-3567 CVE-2010-3550 CVE-2010-3561 CVE-2010-3573 CVE-2010-3565 CVE-2010-3568 CVE-2010-3569 CVE-2010-1321 CVE-2010-3548 CVE-2010-3551 CVE-2010-3562 CVE-2010-3571 CVE-2010-3554 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3574 --- pam_krb5 --- CVE-2008-3825 CVE-2009-1384

  1. Summary

Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues.

  1. Relevant releases

vCenter Server 4.1 without Update 1,

vCenter Update Manager 4.1 without Update 1,

ESXi 4.1 without patch ESXi410-201101201-SG,

ESX 4.1 without patch ESX410-201101201-SG.

  1. Problem Description

a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3

Microsoft SQL Server 2005 Express Edition (SQL Express)
distributed with vCenter Server 4.1 Update 1 and vCenter Update
Manager 4.1 Update 1 is upgraded from  SQL Express Service Pack 2
to SQL Express Service Pack 3, to address multiple security
issues that exist in the earlier releases of Microsoft SQL Express.

Customers using other database solutions need not update for
these issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,
CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL
Express Service Pack 3.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  Update 1
vCenter        4.0       Windows  affected, patch pending
VirtualCenter  2.5       Windows  affected, no patch planned

Update Manager 4.1       Windows  Update 1
Update Manager 4.0       Windows  affected, patch pending
Update Manager 1.0       Windows  affected, no patch planned

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            any       ESX      not affected
  • Hosted products are VMware Workstation, Player, ACE, Fusion.

b. vCenter Apache Tomcat Management Application Credential Disclosure

The Apache Tomcat Manager application configuration file contains
logon credentials that can be read by unprivileged local users.

The issue is resolved by removing the Manager application in
vCenter 4.1 Update 1.

If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon
credentials are not present in the configuration file after the
update.

VMware would like to thank Claudio Criscione of Secure Networking
for reporting this issue to us.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-2928 to this issue.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  Update 1
vCenter        4.0       Windows  not affected
VirtualCenter  2.5       Windows  not affected

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            any       ESX      not affected
  • hosted products are VMware Workstation, Player, ACE, Fusion.

c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21

Oracle (Sun) JRE update to version 1.6.0_21, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082,
CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,
CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,
CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,
CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,
CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845,
CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849,
CVE-2010-0850.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following name to the security issue fixed in
Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  Update 1
vCenter        4.0       Windows  not applicable **
VirtualCenter  2.5       Windows  not applicable **

Update Manager 4.1       Windows  not applicable **
Update Manager 4.0       Windows  not applicable **
Update Manager 1.0       Windows  not applicable **


hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      ESX410-201101201-SG
ESX            4.0       ESX      not applicable **
ESX            3.5       ESX      not applicable **
ESX            3.0.3     ESX      not applicable **
  • hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.5.0 family

d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26

Oracle (Sun) JRE update to version 1.5.0_26, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566,
CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573,
CVE-2010-3565,CVE-2010-3568, CVE-2010-3569,  CVE-2009-3555,
CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562,
CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572,
CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541,
CVE-2010-3574.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  not applicable **
vCenter        4.0       Windows  affected, patch pending
VirtualCenter  2.5       Windows  affected, no patch planned

Update Manager 4.1       Windows  Update 1
Update Manager 4.0       Windows  affected, patch pending
Update Manager 1.0       Windows  affected, no patch planned

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      not applicable **
ESX            4.0       ESX      affected, patch pending
ESX            3.5       ESX      affected, no patch planned
ESX            3.0.3     ESX      affected, no patch planned
  • hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.6.0 family

e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28

Apache Tomcat updated to version 6.0.28, which addresses multiple
security issues that existed in earlier releases of Apache Tomcat

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i
and CVE-2009-3548.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  Update 1
vCenter        4.0       Windows  affected, patch pending
VirtualCenter  2.5       Windows  not applicable **

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      ESX410-201101201-SG
ESX            4.0       ESX      affected, patch pending
ESX            3.5       ESX      not applicable **
ESX            3.0.3     ESX      not applicable **
  • hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Apache Tomcat 5.5 family

f. vCenter Server third party component OpenSSL updated to version 0.9.8n

The version of the OpenSSL library in vCenter Server is updated to
0.9.8n.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-0740 and CVE-2010-0433 to the
issues addressed in this version of OpenSSL.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  Update 1
vCenter        4.0       Windows  affected, patch pending
VirtualCenter  2.5       Windows  affected, no patch planned

hosted *       any       any      not applicable

ESXi           any       ESXi     not applicable

ESX            any       ESX      not applicable
  • hosted products are VMware Workstation, Player, ACE, Fusion.

g. ESX third party component OpenSSL updated to version 0.9.8p

The version of the ESX OpenSSL library is updated to 0.9.8p.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3864 and CVE-2010-2939 to the
issues addressed in this update.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        any       Windows  not applicable

hosted *       any       any      not applicable
ESXi           4.1       ESXi     ESXi410-201101201-SG
ESXi           4.0       ESXi     affected, patch pending
ESXi           3.5       ESXi     affected, patch pending

ESX            4.1       ESX      ESX410-201101201-SG
ESX            4.0       ESX      affected, patch pending
ESX            3.5       ESX      affected, patch pending
ESX            3.0.3     ESX      affected, patch pending
  • hosted products are VMware Workstation, Player, ACE, Fusion.

h. ESXi third party component cURL updated

The version of cURL library in ESXi is updated.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-0734 to the issues addressed in
this update.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        any       Windows  not affected

hosted *       any       any      not affected

ESXi           4.1       ESXi     ESXi410-201101201-SG
ESXi           4.0       ESXi     affected, patch pending
ESXi           3.5       ESXi     affected, patch pending

ESX            any       ESX      not applicable
  • hosted products are VMware Workstation, Player, ACE, Fusion.

i. ESX third party component pam_krb5 updated

The version of pam_krb5 library is updated.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-3825 and CVE-2009-1384 to the
issues addressed in the update.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        any       Windows  not affected

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      ESX410-201101201-SG
ESX            4.0       ESX      not affected
ESX            3.5       ESX      not affected
ESX            3.0.3     ESX      not affected
  • hosted products are VMware Workstation, Player, ACE, Fusion.

j. ESX third party update for Service Console kernel

The Service Console kernel is updated to include kernel version
2.6.18-194.11.1.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,
CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,
CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,
CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,
CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,
CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,
CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and
CVE-2010-3081 to the issues addressed in the update.

Note: This update also addresses the 64-bit compatibility mode
stack pointer underflow issue identified by CVE-2010-3081. This
issue was patched in an ESX 4.1 patch prior to the release of
ESX 4.1 Update 1.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        any       Windows  not affected

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      ESX410-201101201-SG
ESX            4.0       ESX      affected, patch pending
ESX            3.5       ESX      not applicable
ESX            3.0.3     ESX      not applicable

  • hosted products are VMware Workstation, Player, ACE, Fusion.

  • Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

VMware vCenter Server 4.1 Update 1 and modules

http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html

File type: .iso md5sum: 729cf247aa5d33ceec431c86377eee1a sha1sum: c1e10a5fcbc1ae9d13348d43541d574c563d66f0

File type: .zip md5sum: fd1441bef48a153f2807f6823790e2f0 sha1sum: 31737a816ed1c08ab3a505fb6db2483f49ad7c19

VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4

ESXi 4.1 Installable Update 1

http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes:

http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html http://kb.vmware.com/kb/1027919

File type: .iso MD5SUM: d68d6c2e040a87cd04cd18c04c22c998 SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64

ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1) File type: .zip MD5SUM: 2f1e009c046b20042fae3b7ca42a840f SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1

ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0) File type: .zip MD5SUM: 67b924618d196dafaf268a7691bd1a0f SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516

ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5) File type: .zip MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4 SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488

VMware Tools CD image for Linux Guest OSes File type: .iso MD5SUM: dad66fa8ece1dd121c302f45444daa70 SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af

VMware vSphere Client File type: .exe MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4

ESXi Installable Update 1 contains the following security bulletins: ESXi410-201101201-SG.

ESX 4.1 Update 1

http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes:

http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html http://kb.vmware.com/kb/1029353

ESX 4.1 Update 1 (DVD ISO) File type: .iso md5sum: b9a275b419a20c7bedf31c0bf64f504e sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11

ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1) File type: .zip md5sum: 2d81a87e994aa2b329036f11d90b4c14 sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798

Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1 File type: .zip md5sum: 75f8cebfd55d8a81deb57c27def963c2 sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2

ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0) File type: .zip md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2 sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922

VMware Tools CD image for Linux Guest OSes File type: .iso md5sum: dad66fa8ece1dd121c302f45444daa70 sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af

VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4

ESX410-Update01 contains the following security bulletins: ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL, Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904 ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330

ESX410-Update01 also contains the following non-security bulletins ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG, ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG, ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG, ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG, ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG, ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG.

To install an individual bulletin use esxupdate with the -b option.

  1. References

CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0730 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1436 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574

  1. Change log

2011-02-10 VMSA-2011-0003 Initial security advisory in conjunction with the release of vCenter Server 4.1 Update 1, vCenter Update Manager 4.1 Update 1, ESXi 4.1 Update 1, and ESX 4.1 Update 1 on 2011-02-10.

  1. Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  • security-announce at lists.vmware.com
  • bugtraq at securityfocus.com
  • full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2011 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32)

iEYEARECAAYFAk1U1eoACgkQS2KysvBH1xm3swCfeh4sWvPOubDT1K7QlRj3SjW9 dxYAmwbNLMR9IG/rKZDYh9hqcf4IldCX =2pVj -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-01

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 09, 2011 Bugs: #303739, #308011, #322575, #332027, #345767, #347623, #354139, #382069 ID: 201110-01

Synopsis

Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks.

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.0e >= 1.0.0e

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0e"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues.

References

[ 1 ] CVE-2009-3245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245 [ 2 ] CVE-2009-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355 [ 3 ] CVE-2010-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433 [ 4 ] CVE-2010-0740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740 [ 5 ] CVE-2010-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742 [ 6 ] CVE-2010-1633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633 [ 7 ] CVE-2010-2939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939 [ 8 ] CVE-2010-3864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864 [ 9 ] CVE-2010-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180 [ 10 ] CVE-2010-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252 [ 11 ] CVE-2011-0014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014 [ 12 ] CVE-2011-3207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207 [ 13 ] CVE-2011-3210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201110-01.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02079216 Version: 1

HPSBUX02517 SSRT100058 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2010-04-13 Last Updated: 2010-04-13

Potential Security Impact: Remote unauthorized information disclosure, unauthorized data modification, Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities has been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS). HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08n.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2009-3245 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2009-4355 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided upgrades to resolve these vulnerabilities. The upgrades are available from the following location.

Host / Account / Password

ftp.usa.hp.com / sb02517 / Secure12

HP-UX Release / Depot Name / SHA-1 digest

B.11.11 PA (32 and 64) / OpenSSL_A.00.09.08n.001_HP-UX_B.11.11_32+64.depot / 2FE85DEE859C93F9D02A69666A455E9A7442DC5D

B.11.23 (PA and IA) / OpenSSL_A.00.09.08n.002_HP-UX_B.11.23_IA-PA.depot / 69F9AEE88F89C53FFE6794822F6A843F312384CD

B.11.31 (PA and IA) / OpenSSL_A.00.09.08n.003_HP-UX_B.11.31_IA-PA.depot / 07A205AA57B4BDF98B65D31287CDCBE3B9F011D5

MANUAL ACTIONS: Yes - Update

Install OpenSSL A.00.09.08n or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.11

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08n.001 or subsequent

HP-UX B.11.23

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08n.002 or subsequent

HP-UX B.11.31

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08n.003 or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) 13 April 2010 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Apache-based Web Server is contained in the Apache Web Server Suite. The upgrades are available from the following location:

URL http://software.hp.com

Note: HP-UX Web Server Suite v3.09 contains HP-UX Apache-based Web Server v2.2.8.09 Note: HP-UX Web Server Suite v2.30 contains HP-UX Apache-based Web Server v2.0.59.15

Web Server Suite Version / HP-UX Release / Depot name

Web Server v3.09 / B.11.23 and B.11.31 PA-32 / HPUXWS22ATW-B309-32.depot

Web Server v3.09 / B.11.23 and B.11.31 IA-64 / HPUXWS22ATW-B309-64.depot

Web Server v2.30 / B.11.11 PA-32 / HPUXWSATW-B230-1111.depot

Web Server v2.30 / B.11.23 PA-32 / HPUXWSATW-B230-32.depot

Web Server v2.30 / B.11.23 IA-64 / HPUXWSATW-B230-64.depot

Web Server v2.30 / B.11.31 IA-32 / HPUXWSATW-B230-32-1131.depot

Web Server v2.30 / B.11.31 IA-64 / HPUXWSATW-B230-64-1131.depot

MANUAL ACTIONS: Yes - Update

Install Apache-based Web Server from the Apache Web Server Suite v2.30 or subsequent or Install Apache-based Web Server from the Apache Web Server Suite v3.09 or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check.

Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products.

Update:

Packages for 2009.0 are provided due to the Extended Maintenance Program.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433

Updated Packages:

Mandriva Linux 2009.0: 1f42cf30ee84314be4125a070709d239 2009.0/i586/libopenssl0.9.8-0.9.8h-3.7mdv2009.0.i586.rpm 372bffd962ced1965c33b752def70b8b 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.7mdv2009.0.i586.rpm ace965066796e71bf4ecf4af6bc831c5 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.7mdv2009.0.i586.rpm a6e08ca29b012c695e0763f6fd15fac1 2009.0/i586/openssl-0.9.8h-3.7mdv2009.0.i586.rpm 1e1164ec8615415e325166d13c4248cc 2009.0/SRPMS/openssl-0.9.8h-3.7mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64: f6748700d01abc7e33053e339575cede 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.7mdv2009.0.x86_64.rpm b53a75b4c732a3371a3bcd0e8ed47481 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.7mdv2009.0.x86_64.rpm 187bff89c19e2d65ccc5c640a32d0cc7 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.7mdv2009.0.x86_64.rpm 1d6f6fca3b51e498359cbbbde07a4a0e 2009.0/x86_64/openssl-0.9.8h-3.7mdv2009.0.x86_64.rpm 1e1164ec8615415e325166d13c4248cc 2009.0/SRPMS/openssl-0.9.8h-3.7mdv2009.0.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLzKP9mqjQ0CJFipgRAsUVAJkBjISC/NXul8GxUaeiBPsnb6gRNQCgt+ty X3hfPZSWARaTxUmX7P/4FDM= =FrW5 -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it.

Affected versions depend on the C compiler used with OpenSSL:

  • If 'short' is a 16-bit integer, this issue applies only to OpenSSL 0.9.8m.
  • Otherwise, this issue applies to OpenSSL 0.9.8f through 0.9.8m. If upgrading is not immediately possible, the source code patch provided in this advisory should be applied.

Bodo Moeller and Adam Langley (Google) have identified the vulnerability and prepared the fix.

Patch

--- ssl/s3_pkt.c 24 Jan 2010 13:52:38 -0000 1.57.2.9 +++ ssl/s3_pkt.c 24 Mar 2010 00:00:00 -0000 @@ -291,9 +291,9 @@ if (version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - / Send back error using their - * version number :-) / - s->version=version; + if ((s->version & 0xFF00) == (version & 0xFF00)) + / Send back error using their minor version number :-) / + s->version = (unsigned short)version; al=SSL_AD_PROTOCOL_VERSION; goto f_err; }

References

This vulnerability is tracked as CVE-2010-0740.

URL for this Security Advisory: https://www.openssl.org/news/secadv_20100324.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201003-0281",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": "vcenter",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "virtualcenter",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "2.5"
      },
      {
        "model": "vcenter",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8f to  0.9.8m"
      },
      {
        "model": "ace",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "esx",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "esxi",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "fusion",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "player",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "workstation",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6 to  v10.6.7"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6 to  v10.6.7"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.31"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "opensolaris build snv 134",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "active management technology sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "2.6"
      },
      {
        "model": "opensolaris build snv 41",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 104",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 83",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "9.2.3.1"
      },
      {
        "model": "opensolaris build snv 106",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.7"
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.52"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensolaris build snv 131",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 56",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 95",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 38",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "opensolaris build snv 126",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "opensolaris build snv 125",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.6"
      },
      {
        "model": "vcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.01"
      },
      {
        "model": "circle",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "voodoo",
        "version": "1.1.40"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensolaris build snv 133",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 54",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 129",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 93",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "5.1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "opensolaris build snv 35",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "4.7"
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "9.2.4.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "opensolaris build snv 92",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.55"
      },
      {
        "model": "big-ip protocol security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "opensolaris build snv 76",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "opensolaris build snv 130",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "opensolaris build snv 121",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0"
      },
      {
        "model": "opensolaris build snv 84",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 101a",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 105",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 99",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 111a",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "active management technology sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "4.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "bigip global traffic manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "opensolaris build snv 87",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "aix l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "opensolaris build snv 88",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "opensolaris build snv 98",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "4.6"
      },
      {
        "model": "opensolaris build snv 117",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.0"
      },
      {
        "model": "opensolaris build snv 58",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 111",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.51"
      },
      {
        "model": "opensolaris build snv 113",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 100",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "opensolaris build snv 124",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 118",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bigip edge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "opensolaris build snv 123",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 59",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 49",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "big-ip application security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "opensolaris build snv 57",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "setup and configuration service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "5.0"
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "9.1.5.1"
      },
      {
        "model": "opensolaris build snv 22",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 114",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "opensolaris build snv 112",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 81",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.1"
      },
      {
        "model": "opensolaris build snv 119",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 128",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 103",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "5.1.5"
      },
      {
        "model": "opensolaris build snv 85",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 19",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 107",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "setup and configuration service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "6.0"
      },
      {
        "model": "circle xtelnet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "voodoo",
        "version": "0.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.6"
      },
      {
        "model": "opensolaris build snv 45",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.7"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "virtualcenter 2.5.update build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "31"
      },
      {
        "model": "opensolaris build snv 96",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 110",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 71",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 78",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bigip application security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "opensolaris build snv 108",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 28",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 13",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "active management technology sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.0"
      },
      {
        "model": "opensolaris build snv 132",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "active management technology sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": "6.0"
      },
      {
        "model": "opensolaris build snv 91",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "vcenter update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.11"
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8.3.3.1"
      },
      {
        "model": "circle",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "voodoo",
        "version": "1.1.39"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "4.5"
      },
      {
        "model": "opensolaris build snv 36",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 89",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.8"
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.56"
      },
      {
        "model": "opensolaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "0"
      },
      {
        "model": "opensolaris build snv 47",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 39",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 48",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 64",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "circle xtelnet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "voodoo",
        "version": "0.4.6"
      },
      {
        "model": "aix l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "opensolaris build snv 94",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 37",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "active management technology sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "5.0"
      },
      {
        "model": "opensolaris build snv 101",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8.3.7.1"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "opensolaris build snv 122",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 115",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 90",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 68",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "opensolaris build snv 109",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 74",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 67",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 120",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 51",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 50",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 136",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "big-ip wan optimization module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20090"
      },
      {
        "model": "opensolaris build snv 102",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.54"
      },
      {
        "model": "opensolaris build snv 02",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.0"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "opensolaris build snv 77",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aix l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "opensolaris build snv 61",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 137",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "opensolaris build snv 116",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 127",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.9"
      },
      {
        "model": "opensolaris build snv 80",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "opensolaris build snv 82",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 135",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 01",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 29",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "39013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Bodo Moeller and Adam Langley",
    "sources": [
      {
        "db": "BID",
        "id": "39013"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-0740",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2010-0740",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-0740",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201003-393",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2010-0740",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-0740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number.  NOTE: some of these details are obtained from third party information. OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. \nOpenSSL versions 0.9.8f through 0.9.8m are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2011-0003\nSynopsis:          Third party component updates for VMware vCenter\n                   Server, vCenter Update Manager, ESXi and ESX\nIssue date:        2011-02-10\nUpdated on:        2011-02-10 (initial release of advisory)\nCVE numbers:       --- Apache Tomcat ---\n                   CVE-2009-2693 CVE-2009-2901 CVE-2009-2902\n                   CVE-2009-3548 CVE-2010-2227 CVE-2010-1157\n                   --- Apache Tomcat Manager ---\n                   CVE-2010-2928\n                   --- cURL ---\n                   CVE-2010-0734\n                   --- COS Kernel ---\n                   CVE-2010-1084 CVE-2010-2066 CVE-2010-2070\n                   CVE-2010-2226 CVE-2010-2248 CVE-2010-2521\n                   CVE-2010-2524 CVE-2010-0008 CVE-2010-0415\n                   CVE-2010-0437 CVE-2009-4308 CVE-2010-0003\n                   CVE-2010-0007 CVE-2010-0307 CVE-2010-1086\n                   CVE-2010-0410 CVE-2010-0730 CVE-2010-1085\n                   CVE-2010-0291 CVE-2010-0622 CVE-2010-1087\n                   CVE-2010-1173 CVE-2010-1437 CVE-2010-1088\n                   CVE-2010-1187 CVE-2010-1436 CVE-2010-1641\n                   CVE-2010-3081\n                   --- Microsoft SQL Express ---\n                   CVE-2008-5416 CVE-2008-0085 CVE-2008-0086\n                   CVE-2008-0107 CVE-2008-0106\n                   --- OpenSSL ---\n                   CVE-2010-0740 CVE-2010-0433\n                   CVE-2010-3864 CVE-2010-2939\n                   --- Oracle (Sun) JRE ---\n                   CVE-2009-3555 CVE-2010-0082 CVE-2010-0084\n                   CVE-2010-0085 CVE-2010-0087 CVE-2010-0088\n                   CVE-2010-0089 CVE-2010-0090 CVE-2010-0091\n                   CVE-2010-0092 CVE-2010-0093 CVE-2010-0094\n                   CVE-2010-0095 CVE-2010-0837 CVE-2010-0838\n                   CVE-2010-0839 CVE-2010-0840 CVE-2010-0841\n                   CVE-2010-0842 CVE-2010-0843 CVE-2010-0844\n                   CVE-2010-0845 CVE-2010-0846 CVE-2010-0847\n                   CVE-2010-0848 CVE-2010-0849 CVE-2010-0850\n                   CVE-2010-0886 CVE-2010-3556 CVE-2010-3566\n                   CVE-2010-3567 CVE-2010-3550 CVE-2010-3561\n                   CVE-2010-3573 CVE-2010-3565 CVE-2010-3568\n                   CVE-2010-3569 CVE-2010-1321 CVE-2010-3548\n                   CVE-2010-3551 CVE-2010-3562 CVE-2010-3571\n                   CVE-2010-3554 CVE-2010-3559 CVE-2010-3572\n                   CVE-2010-3553 CVE-2010-3549 CVE-2010-3557\n                   CVE-2010-3541 CVE-2010-3574\n                   --- pam_krb5 ---\n                   CVE-2008-3825 CVE-2009-1384\n- ------------------------------------------------------------------------\n\n1. Summary\n\n   Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere\n   Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues. \n\n\n2. Relevant releases\n\n   vCenter Server 4.1 without Update 1,\n\n   vCenter Update Manager 4.1 without Update 1,\n\n   ESXi 4.1 without patch ESXi410-201101201-SG,\n\n   ESX 4.1 without patch ESX410-201101201-SG. \n\n\n3. Problem Description\n\n a. vCenter Server and vCenter Update Manager update Microsoft\n    SQL Server 2005 Express Edition to Service Pack 3\n\n    Microsoft SQL Server 2005 Express Edition (SQL Express)\n    distributed with vCenter Server 4.1 Update 1 and vCenter Update\n    Manager 4.1 Update 1 is upgraded from  SQL Express Service Pack 2\n    to SQL Express Service Pack 3, to address multiple security\n    issues that exist in the earlier releases of Microsoft SQL Express. \n\n    Customers using other database solutions need not update for\n    these issues. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,\n    CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL\n    Express Service Pack 3. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  Update 1\n    vCenter        4.0       Windows  affected, patch pending\n    VirtualCenter  2.5       Windows  affected, no patch planned\n\n    Update Manager 4.1       Windows  Update 1\n    Update Manager 4.0       Windows  affected, patch pending\n    Update Manager 1.0       Windows  affected, no patch planned\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            any       ESX      not affected\n\n  * Hosted products are VMware Workstation, Player, ACE, Fusion. \n\n b. vCenter Apache Tomcat Management Application Credential Disclosure\n\n    The Apache Tomcat Manager application configuration file contains\n    logon credentials that can be read by unprivileged local users. \n\n    The issue is resolved by removing the Manager application in\n    vCenter 4.1 Update 1. \n\n    If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon\n    credentials are not present in the configuration file after the\n    update. \n\n    VMware would like to thank Claudio Criscione of Secure Networking\n    for reporting this issue to us. \n\n    The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n    has assigned the name CVE-2010-2928 to this issue. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  Update 1\n    vCenter        4.0       Windows  not affected\n    VirtualCenter  2.5       Windows  not affected\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            any       ESX      not affected\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version\n    1.6.0_21\n\n    Oracle (Sun) JRE update to version 1.6.0_21, which addresses\n    multiple security issues that existed in earlier releases of\n    Oracle (Sun) JRE. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following names to the security issues fixed in\n    Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082,\n    CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,\n    CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,\n    CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,\n    CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,\n    CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845,\n    CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849,\n    CVE-2010-0850. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following name to the security issue fixed in\n    Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  Update 1\n    vCenter        4.0       Windows  not applicable **\n    VirtualCenter  2.5       Windows  not applicable **\n\n    Update Manager 4.1       Windows  not applicable **\n    Update Manager 4.0       Windows  not applicable **\n    Update Manager 1.0       Windows  not applicable **\n\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      ESX410-201101201-SG\n    ESX            4.0       ESX      not applicable **\n    ESX            3.5       ESX      not applicable **\n    ESX            3.0.3     ESX      not applicable **\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.5.0 family\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version\n   1.5.0_26\n\n    Oracle (Sun) JRE update to version 1.5.0_26, which addresses\n    multiple security issues that existed in earlier releases of\n    Oracle (Sun) JRE. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following names to the security issues fixed in\n    Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566,\n    CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573,\n    CVE-2010-3565,CVE-2010-3568, CVE-2010-3569,  CVE-2009-3555,\n    CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562,\n    CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572,\n    CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541,\n    CVE-2010-3574. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  not applicable **\n    vCenter        4.0       Windows  affected, patch pending\n    VirtualCenter  2.5       Windows  affected, no patch planned\n\n    Update Manager 4.1       Windows  Update 1\n    Update Manager 4.0       Windows  affected, patch pending\n    Update Manager 1.0       Windows  affected, no patch planned\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      not applicable **\n    ESX            4.0       ESX      affected, patch pending\n    ESX            3.5       ESX      affected, no patch planned\n    ESX            3.0.3     ESX      affected, no patch planned\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.6.0 family\n\n e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n    Apache Tomcat updated to version 6.0.28, which addresses multiple\n    security issues that existed in earlier releases of Apache Tomcat\n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following names to the security issues fixed in\n    Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i\n    and CVE-2009-3548. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following names to the security issues fixed in\n    Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  Update 1\n    vCenter        4.0       Windows  affected, patch pending\n    VirtualCenter  2.5       Windows  not applicable **\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      ESX410-201101201-SG\n    ESX            4.0       ESX      affected, patch pending\n    ESX            3.5       ESX      not applicable **\n    ESX            3.0.3     ESX      not applicable **\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Apache Tomcat 5.5 family\n\n f. vCenter Server third party component OpenSSL updated to version\n    0.9.8n\n\n    The version of the OpenSSL library in vCenter Server is updated to\n    0.9.8n. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2010-0740 and CVE-2010-0433 to the\n    issues addressed in this version of OpenSSL. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  Update 1\n    vCenter        4.0       Windows  affected, patch pending\n    VirtualCenter  2.5       Windows  affected, no patch planned\n\n    hosted *       any       any      not applicable\n\n    ESXi           any       ESXi     not applicable\n\n    ESX            any       ESX      not applicable\n\n  * hosted products are VMware Workstation, Player, ACE,  Fusion. \n\n g. ESX third party component OpenSSL updated to version 0.9.8p\n\n    The version of the ESX OpenSSL library is updated to 0.9.8p. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2010-3864 and CVE-2010-2939 to the\n    issues addressed in this update. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        any       Windows  not applicable\n\n    hosted *       any       any      not applicable\n    ESXi           4.1       ESXi     ESXi410-201101201-SG\n    ESXi           4.0       ESXi     affected, patch pending\n    ESXi           3.5       ESXi     affected, patch pending\n\n    ESX            4.1       ESX      ESX410-201101201-SG\n    ESX            4.0       ESX      affected, patch pending\n    ESX            3.5       ESX      affected, patch pending\n    ESX            3.0.3     ESX      affected, patch pending\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n h. ESXi third party component cURL updated\n\n    The version of cURL library in ESXi is updated. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2010-0734 to the issues addressed in\n    this update. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        any       Windows  not affected\n\n    hosted *       any       any      not affected\n\n    ESXi           4.1       ESXi     ESXi410-201101201-SG\n    ESXi           4.0       ESXi     affected, patch pending\n    ESXi           3.5       ESXi     affected, patch pending\n\n    ESX            any       ESX      not applicable\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n i. ESX third party component pam_krb5 updated\n\n    The version of pam_krb5 library is updated. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2008-3825 and CVE-2009-1384 to the\n    issues addressed in the update. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        any       Windows  not affected\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      ESX410-201101201-SG\n    ESX            4.0       ESX      not affected\n    ESX            3.5       ESX      not affected\n    ESX            3.0.3     ESX      not affected\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n j. ESX third party update for Service Console kernel\n\n    The Service Console kernel is updated to include kernel version\n    2.6.18-194.11.1. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,\n    CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,\n    CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,\n    CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,\n    CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,\n    CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,\n    CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and\n    CVE-2010-3081 to the issues addressed in the update. \n\n    Note: This update also addresses the 64-bit compatibility mode\n    stack pointer underflow issue identified by CVE-2010-3081. This\n    issue was patched in an ESX 4.1 patch prior to the release of\n    ESX 4.1 Update 1. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        any       Windows  not affected\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      ESX410-201101201-SG\n    ESX            4.0       ESX      affected, patch pending\n    ESX            3.5       ESX      not applicable\n    ESX            3.0.3     ESX      not applicable\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n\n4. Solution\n\n   Please review the patch/release notes for your product and version\n   and verify the checksum of your downloaded file. \n\n   VMware vCenter Server 4.1 Update 1 and modules\n   ----------------------------------------------\n\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0\n   Release Notes:\n   http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html\n\n   File type: .iso\n   md5sum: 729cf247aa5d33ceec431c86377eee1a\n   sha1sum: c1e10a5fcbc1ae9d13348d43541d574c563d66f0\n\n   File type: .zip\n   md5sum: fd1441bef48a153f2807f6823790e2f0\n   sha1sum: 31737a816ed1c08ab3a505fb6db2483f49ad7c19\n\n   VMware vSphere Client\n   File type: .exe\n   md5sum: cb6aa91ada1289575355d79e8c2a9f8e\n   sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\n\n   ESXi 4.1 Installable Update 1\n   -----------------------------\n\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0\n   Release Notes:\n\nhttp://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html\n   http://kb.vmware.com/kb/1027919\n\n   File type: .iso\n   MD5SUM: d68d6c2e040a87cd04cd18c04c22c998\n   SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64\n\n   ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1)\n   File type: .zip\n   MD5SUM: 2f1e009c046b20042fae3b7ca42a840f\n   SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1\n\n   ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0)\n   File type: .zip\n   MD5SUM: 67b924618d196dafaf268a7691bd1a0f\n   SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516 \t\n\n   ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5)\n   File type: .zip\n   MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4\n   SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488 \t\n\n   VMware Tools CD image for Linux Guest OSes\n   File type: .iso\n   MD5SUM: dad66fa8ece1dd121c302f45444daa70\n   SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af \t\n\n   VMware vSphere Client\n   File type: .exe\n   MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e\n   SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\n\n   ESXi Installable Update 1 contains the following security bulletins:\n   ESXi410-201101201-SG. \n\n   ESX 4.1 Update 1\n   ----------------\n\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0\n   Release Notes:\n\nhttp://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html\n   http://kb.vmware.com/kb/1029353\n\n   ESX 4.1 Update 1 (DVD ISO)\n   File type: .iso\n   md5sum: b9a275b419a20c7bedf31c0bf64f504e\n   sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11 \t\n\n   ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1)\n   File type: .zip\n   md5sum: 2d81a87e994aa2b329036f11d90b4c14\n   sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798 \t\n\n   Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1\n   File type: .zip\n   md5sum: 75f8cebfd55d8a81deb57c27def963c2\n   sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2 \t\n\n   ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0)\n   File type: .zip\n   md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2\n   sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922 \t\n\n   VMware Tools CD image for Linux Guest OSes\n   File type: .iso\n   md5sum: dad66fa8ece1dd121c302f45444daa70\n   sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af \t\n\n   VMware vSphere Client\n   File type: .exe\n   md5sum: cb6aa91ada1289575355d79e8c2a9f8e\n   sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\n\n   ESX410-Update01 contains the following security bulletins:\n   ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL,\n   Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904\n   ESX410-201101226-SG (glibc)      | http://kb.vmware.com/kb/1031330\n\n   ESX410-Update01 also contains the following non-security bulletins\n   ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG,\n   ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG,\n   ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG,\n   ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG,\n   ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG,\n   ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG. \n\n   To install an individual bulletin use esxupdate with the -b option. \n\n\n5. References\n\n   CVE numbers\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0085\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2928\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0415\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0437\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0003\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0007\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0307\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0410\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0730\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1085\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0291\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1087\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1088\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1187\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1436\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1641\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2011-02-10  VMSA-2011-0003\nInitial security advisory in conjunction with the release of vCenter\nServer 4.1 Update 1, vCenter Update Manager 4.1 Update 1, ESXi 4.1\nUpdate 1, and ESX 4.1 Update 1 on 2011-02-10. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n  * security-announce at lists.vmware.com\n  * bugtraq at securityfocus.com\n  * full-disclosure at lists.grok.org.uk\n\nE-mail:  security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Advisories\nhttp://www.vmware.com/security/advisories\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2011 VMware Inc.  All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (MingW32)\n\niEYEARECAAYFAk1U1eoACgkQS2KysvBH1xm3swCfeh4sWvPOubDT1K7QlRj3SjW9\ndxYAmwbNLMR9IG/rKZDYh9hqcf4IldCX\n=2pVj\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201110-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: October 09, 2011\n     Bugs: #303739, #308011, #322575, #332027, #345767, #347623,\n           #354139, #382069\n       ID: 201110-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in OpenSSL, allowing for the\nexecution of arbitrary code and other attacks. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.0e                  \u003e= 1.0.0e\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA context-dependent attacker could cause a Denial of Service, possibly\nexecute arbitrary code, bypass intended key requirements, force the\ndowngrade to unintended ciphers, bypass the need for knowledge of\nshared secrets and successfully authenticate, bypass CRL validation, or\nobtain sensitive information in applications that use OpenSSL. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0e\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since September 17, 2011. It is likely that your system is\nalready no longer affected by most of these issues. \n\nReferences\n==========\n\n[  1 ] CVE-2009-3245\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245\n[  2 ] CVE-2009-4355\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355\n[  3 ] CVE-2010-0433\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433\n[  4 ] CVE-2010-0740\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740\n[  5 ] CVE-2010-0742\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742\n[  6 ] CVE-2010-1633\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633\n[  7 ] CVE-2010-2939\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939\n[  8 ] CVE-2010-3864\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864\n[  9 ] CVE-2010-4180\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180\n[ 10 ] CVE-2010-4252\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252\n[ 11 ] CVE-2011-0014\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014\n[ 12 ] CVE-2011-3207\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207\n[ 13 ] CVE-2011-3210\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02079216\nVersion: 1\n\nHPSBUX02517 SSRT100058 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2010-04-13\nLast Updated: 2010-04-13\n\nPotential Security Impact: Remote unauthorized information disclosure, unauthorized data modification, Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities has been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS). \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08n. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2009-3245    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2009-3555    (AV:N/AC:L/Au:N/C:N/I:P/A:P)        6.4\nCVE-2009-4355    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2010-0433    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2010-0740    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location. \n\nHost / Account / Password\n\nftp.usa.hp.com / sb02517 / Secure12\n\nHP-UX Release / Depot Name / SHA-1 digest\n\nB.11.11 PA (32 and 64) / OpenSSL_A.00.09.08n.001_HP-UX_B.11.11_32+64.depot /\n 2FE85DEE859C93F9D02A69666A455E9A7442DC5D\n\nB.11.23 (PA and IA) / OpenSSL_A.00.09.08n.002_HP-UX_B.11.23_IA-PA.depot /\n 69F9AEE88F89C53FFE6794822F6A843F312384CD\n\nB.11.31 (PA and IA) / OpenSSL_A.00.09.08n.003_HP-UX_B.11.31_IA-PA.depot /\n 07A205AA57B4BDF98B65D31287CDCBE3B9F011D5\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08n or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08n.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08n.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08n.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 13 April 2010 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n    -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n    -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Apache-based Web Server is contained in the Apache Web Server Suite. \nThe upgrades are available from the following location:\n\nURL http://software.hp.com\n\nNote: HP-UX Web Server Suite v3.09 contains HP-UX Apache-based Web Server v2.2.8.09\nNote: HP-UX Web Server Suite v2.30 contains HP-UX Apache-based Web Server v2.0.59.15\n\nWeb Server Suite Version / HP-UX Release / Depot name\n\nWeb Server v3.09 / B.11.23 and B.11.31 PA-32 / HPUXWS22ATW-B309-32.depot\n\nWeb Server v3.09 / B.11.23 and B.11.31 IA-64 / HPUXWS22ATW-B309-64.depot\n\nWeb Server v2.30 / B.11.11 PA-32 / HPUXWSATW-B230-1111.depot\n\nWeb Server v2.30 / B.11.23 PA-32 / HPUXWSATW-B230-32.depot\n\nWeb Server v2.30 / B.11.23 IA-64 / HPUXWSATW-B230-64.depot\n\nWeb Server v2.30 / B.11.31 IA-32 / HPUXWSATW-B230-32-1131.depot\n\nWeb Server v2.30 / B.11.31 IA-64 / HPUXWSATW-B230-64-1131.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall Apache-based Web Server from the Apache Web Server Suite v2.30 or subsequent\nor\nInstall Apache-based Web Server from the Apache Web Server Suite v3.09 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. \n \n Packages for 2008.0 and 2009.0 are provided due to the Extended\n Maintenance Program for those products. \n\n Update:\n\n Packages for 2009.0 are provided due to the Extended Maintenance\n Program. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n 1f42cf30ee84314be4125a070709d239  2009.0/i586/libopenssl0.9.8-0.9.8h-3.7mdv2009.0.i586.rpm\n 372bffd962ced1965c33b752def70b8b  2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.7mdv2009.0.i586.rpm\n ace965066796e71bf4ecf4af6bc831c5  2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.7mdv2009.0.i586.rpm\n a6e08ca29b012c695e0763f6fd15fac1  2009.0/i586/openssl-0.9.8h-3.7mdv2009.0.i586.rpm \n 1e1164ec8615415e325166d13c4248cc  2009.0/SRPMS/openssl-0.9.8h-3.7mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n f6748700d01abc7e33053e339575cede  2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.7mdv2009.0.x86_64.rpm\n b53a75b4c732a3371a3bcd0e8ed47481  2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.7mdv2009.0.x86_64.rpm\n 187bff89c19e2d65ccc5c640a32d0cc7  2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.7mdv2009.0.x86_64.rpm\n 1d6f6fca3b51e498359cbbbde07a4a0e  2009.0/x86_64/openssl-0.9.8h-3.7mdv2009.0.x86_64.rpm \n 1e1164ec8615415e325166d13c4248cc  2009.0/SRPMS/openssl-0.9.8h-3.7mdv2009.0.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLzKP9mqjQ0CJFipgRAsUVAJkBjISC/NXul8GxUaeiBPsnb6gRNQCgt+ty\nX3hfPZSWARaTxUmX7P/4FDM=\n=FrW5\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\nAffected versions depend on the C compiler used with OpenSSL:\n\n- If \u0027short\u0027 is a 16-bit integer, this issue applies only to OpenSSL 0.9.8m. \n- Otherwise, this issue applies to OpenSSL 0.9.8f through 0.9.8m.  If upgrading is not immediately possible, the\nsource code patch provided in this advisory should be applied. \n\nBodo Moeller and Adam Langley (Google) have identified the vulnerability\nand prepared the fix. \n\n\nPatch\n-----\n\n--- ssl/s3_pkt.c\t24 Jan 2010 13:52:38 -0000\t1.57.2.9\n+++ ssl/s3_pkt.c\t24 Mar 2010 00:00:00 -0000\n@@ -291,9 +291,9 @@\n \t\t\tif (version != s-\u003eversion)\n \t\t\t\t{\n \t\t\t\tSSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);\n-\t\t\t\t/* Send back error using their\n-\t\t\t\t * version number :-) */\n-\t\t\t\ts-\u003eversion=version;\n+                                if ((s-\u003eversion \u0026 0xFF00) == (version \u0026 0xFF00))\n+                                \t/* Send back error using their minor version number :-) */\n+\t\t\t\t\ts-\u003eversion = (unsigned short)version;\n \t\t\t\tal=SSL_AD_PROTOCOL_VERSION;\n \t\t\t\tgoto f_err;\n \t\t\t\t}\n\n\nReferences\n----------\n\nThis vulnerability is tracked as CVE-2010-0740. \n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20100324.txt\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "db": "BID",
        "id": "39013"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-0740"
      },
      {
        "db": "PACKETSTORM",
        "id": "98419"
      },
      {
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "db": "PACKETSTORM",
        "id": "88621"
      },
      {
        "db": "PACKETSTORM",
        "id": "88387"
      },
      {
        "db": "PACKETSTORM",
        "id": "90263"
      },
      {
        "db": "PACKETSTORM",
        "id": "88698"
      },
      {
        "db": "PACKETSTORM",
        "id": "169649"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=12334",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-0740",
        "trust": 3.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0710",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1023748",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1216",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0933",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0839",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "42733",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "39932",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "42724",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "43311",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "39013",
        "trust": 0.3
      },
      {
        "db": "EXPLOIT-DB",
        "id": "12334",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-0740",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "98419",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "105638",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88621",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88387",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "90263",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88698",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169649",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-0740"
      },
      {
        "db": "BID",
        "id": "39013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "db": "PACKETSTORM",
        "id": "98419"
      },
      {
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "db": "PACKETSTORM",
        "id": "88621"
      },
      {
        "db": "PACKETSTORM",
        "id": "88387"
      },
      {
        "db": "PACKETSTORM",
        "id": "90263"
      },
      {
        "db": "PACKETSTORM",
        "id": "88698"
      },
      {
        "db": "PACKETSTORM",
        "id": "169649"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "id": "VAR-201003-0281",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44448256
  },
  "last_update_date": "2024-07-23T19:41:24.155000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4723",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4723"
      },
      {
        "title": "HPSBUX02517",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c02079216"
      },
      {
        "title": "HPSBUX02531",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c02160663"
      },
      {
        "title": "5092",
        "trust": 0.8,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=5092"
      },
      {
        "title": "5101",
        "trust": 0.8,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=5101"
      },
      {
        "title": "secadv_20100324",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20100324.txt"
      },
      {
        "title": "VMSA-2011-0003",
        "trust": 0.8,
        "url": "http://www.vmware.com/security/advisories/vmsa-2011-0003.html"
      },
      {
        "title": "openssl-0.9.8n",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=155"
      },
      {
        "title": "Debian CVElist Bug Report Logs: CVE-2010-0740: openssl denial-of-service",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f6760a316bfc017e8e4b03c469542809"
      },
      {
        "title": "Symantec Security Advisories: SA50 : Multiple SSL/TLS vulnerabilities in Reporter",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e934b8269c86666c1ebc108ca0e3d35"
      },
      {
        "title": "VMware Security Advisories: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=ea953b0a91a1816979ec1d304d5e3d93"
      },
      {
        "title": "deepdig",
        "trust": 0.1,
        "url": "https://github.com/cyberdeception/deepdig "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-0740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.vupen.com/english/advisories/2010/0710"
      },
      {
        "trust": 2.5,
        "url": "http://www.securitytracker.com/id?1023748"
      },
      {
        "trust": 2.0,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
      },
      {
        "trust": 2.0,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa50"
      },
      {
        "trust": 1.8,
        "url": "http://www.openssl.org/news/secadv_20100324.txt"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2010/0839"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/038587.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2010/0933"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:076"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2010/1216"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/39932"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/42733"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/42724"
      },
      {
        "trust": 1.7,
        "url": "http://www.vmware.com/security/advisories/vmsa-2011-0003.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
      },
      {
        "trust": 1.7,
        "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-january/000101.html"
      },
      {
        "trust": 1.7,
        "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-january/000102.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/43311"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht4723"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11731"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0740"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu976710"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0740"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0740"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0433"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.sun.com/security/entry/cve_2010_0433_openssl_with"
      },
      {
        "trust": 0.3,
        "url": "http://www.openbsd.org/errata45.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.openbsd.org/errata46.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.openbsd.org/errata47.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "http://security-center.intel.com/advisory.aspx?intelid=intel-sa-00024\u0026languageid=en-fr"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/510726"
      },
      {
        "trust": 0.3,
        "url": "http://voodoo-circle.sourceforge.net/sa/sa-20100624-02.html"
      },
      {
        "trust": 0.3,
        "url": "https://support.f5.com/kb/en-us/solutions/public/11000/500/sol11504.html"
      },
      {
        "trust": 0.3,
        "url": "https://support.f5.com/kb/en-us/solutions/public/11000/500/sol11533.html"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/news/secadv_20100324.txt"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0433"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4355"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3245"
      },
      {
        "trust": 0.2,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.2,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=20139"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/12334/"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/cyberdeception/deepdig"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3556"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0086"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0085"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1086"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0730"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1088"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1027919"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2939"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0095"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0307"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0092"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0093"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3548"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1031330"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3554"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3562"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0088"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0084"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0091"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0089"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3557"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3550"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0085"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1384"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3567"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0086"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0003"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0837"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3553"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0106"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2227"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0107"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2902"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2901"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1085"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0091"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0841"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0840"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0291"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2248"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0415"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3561"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3541"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3559"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3565"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1027904"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0093"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0842"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0082"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3574"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0886"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0734"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1157"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0094"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0007"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0850"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2524"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0839"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1087"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0622"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0090"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3825"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3573"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1084"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5416"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1384"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0008"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0088"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0849"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2070"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4308"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3549"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3548"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2693"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0007"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3568"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0084"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5416"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3864"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3825"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0410"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1321"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0092"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1437"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0003"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0094"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0847"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0082"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0437"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0844"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2066"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0089"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0087"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0087"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1436"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1029353"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0085"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0846"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2226"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1173"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0008"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1641"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2928"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0106"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0845"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0848"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0095"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1187"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2521"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3569"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0085"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0090"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3081"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3551"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0843"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0742"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4355"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3207"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3864"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2939"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1633"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3210"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0740"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201110-01.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3245"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0433"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0014"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4252"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0434"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3094"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0408"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-0740"
      },
      {
        "db": "BID",
        "id": "39013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "db": "PACKETSTORM",
        "id": "98419"
      },
      {
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "db": "PACKETSTORM",
        "id": "88621"
      },
      {
        "db": "PACKETSTORM",
        "id": "88387"
      },
      {
        "db": "PACKETSTORM",
        "id": "90263"
      },
      {
        "db": "PACKETSTORM",
        "id": "88698"
      },
      {
        "db": "PACKETSTORM",
        "id": "169649"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2010-0740"
      },
      {
        "db": "BID",
        "id": "39013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "db": "PACKETSTORM",
        "id": "98419"
      },
      {
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "db": "PACKETSTORM",
        "id": "88621"
      },
      {
        "db": "PACKETSTORM",
        "id": "88387"
      },
      {
        "db": "PACKETSTORM",
        "id": "90263"
      },
      {
        "db": "PACKETSTORM",
        "id": "88698"
      },
      {
        "db": "PACKETSTORM",
        "id": "169649"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-03-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-0740"
      },
      {
        "date": "2010-03-24T00:00:00",
        "db": "BID",
        "id": "39013"
      },
      {
        "date": "2010-04-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "date": "2011-02-11T13:13:00",
        "db": "PACKETSTORM",
        "id": "98419"
      },
      {
        "date": "2011-10-09T16:42:00",
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "date": "2010-04-19T20:27:54",
        "db": "PACKETSTORM",
        "id": "88621"
      },
      {
        "date": "2010-04-15T22:26:05",
        "db": "PACKETSTORM",
        "id": "88387"
      },
      {
        "date": "2010-06-04T04:25:14",
        "db": "PACKETSTORM",
        "id": "90263"
      },
      {
        "date": "2010-04-20T15:07:58",
        "db": "PACKETSTORM",
        "id": "88698"
      },
      {
        "date": "2010-03-24T12:12:12",
        "db": "PACKETSTORM",
        "id": "169649"
      },
      {
        "date": "2010-03-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      },
      {
        "date": "2010-03-26T18:30:00.467000",
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-0740"
      },
      {
        "date": "2015-04-13T22:05:00",
        "db": "BID",
        "id": "39013"
      },
      {
        "date": "2011-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "date": "2023-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      },
      {
        "date": "2023-11-07T02:05:08.907000",
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "88621"
      },
      {
        "db": "PACKETSTORM",
        "id": "88698"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  ssl3_get_record Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      }
    ],
    "trust": 0.6
  }
}

var-200609-1220
Vulnerability from variot

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. OpenSSL library vulnerabilities:

ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

(CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
allows remote attackers to cause a denial of service (infinite
loop and memory consumption) via malformed ASN.1 structures that
trigger an improperly handled error condition.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

(CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
SSH protocol, allows remote attackers to cause a denial of service
(CPU consumption) via an SSH packet that contains duplicate blocks,
which is not properly handled by the CRC compensation attack
detector.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)

files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  2. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- .

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1220",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "5.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "6.06"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "5.10"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.10"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.9"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "x8610.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.50.3.45"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "ciscosecure acs appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1111"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "mds 9216i",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.10.2.65"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "ciscosecure acs for windows and unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.48"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.47"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.22"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i standard edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i personal edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i enterprise edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle8i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "oracle8i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4.0"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.5"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.4.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.0.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.2.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.1.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "identity management 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.0.1"
      },
      {
        "model": "9i application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0.2.2"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3"
      },
      {
        "model": "e-business suite 11i cu2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.9"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.8"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.7"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "developer suite 6i",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.2"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.1"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.0"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.2.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle for openview for linux ltu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1.1"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.7"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-4343",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4343",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#221788",
            "trust": 0.8,
            "value": "4.20"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-534",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      }
    ],
    "trust": 4.95
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 3.7
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 2.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25420",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1973",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4443",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29263",
        "trust": 1.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4773",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "id": "VAR-200609-1220",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.32525984999999996
  },
  "last_update_date": "2024-07-23T20:18:09.590000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 1.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/386964"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25420"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29263"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4443"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1973"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10207"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4356"
      },
      {
        "trust": 1.0,
        "url": "https://www.exploit-db.com/exploits/4773"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/index.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/221788"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/457193"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/464470"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458657"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458036"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458006"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458037"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458005"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458041"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458038"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458475"
      },
      {
        "trust": 0.3,
        "url": "http://docs.info.apple.com/article.html?artnum=307177"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20246"
      },
      {
        "date": "2007-01-16T00:00:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T09:25:00",
        "db": "BID",
        "id": "20246"
      },
      {
        "date": "2008-05-20T23:05:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "date": "2018-10-17T21:36:13.210000",
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "design error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      }
    ],
    "trust": 0.6
  }
}

var-200609-1335
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)

files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

BACKGROUND

RESOLUTION

HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

PRODUCT SPECIFIC INFORMATION

The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDKSA-2006:172 http://www.mandriva.com/security/

Package : openssl Date : September 28, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0

Problem Description:

Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).

During the parsing of certain invalid ASN1 structures an error condition is mishandled. (CVE-2006-2937)

Certain types of public key can take disproportionate amounts of time to process. (CVE-2006-2940)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. (CVE-2006-3738)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1335",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.2.6-p1"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.3.2-p1"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-2937",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                         MDKSA-2006:172\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : openssl\n Date    : September 28, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n Dr S N Henson of the OpenSSL core team and Open Network Security\n recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). \n\n During the parsing of certain invalid ASN1 structures an error\n condition is mishandled. (CVE-2006-2937)\n\n Certain types of public key can take disproportionate amounts of time\n to process. (CVE-2006-2940)\n\n Tavis Ormandy and Will Drewry of the Google Security Team discovered a\n buffer overflow in the SSL_get_shared_ciphers utility function, used by\n some applications such as exim and mysql.  An attacker could send a\n list of ciphers that would overrun a buffer. (CVE-2006-3738)\n\n Tavis Ormandy and Will Drewry of the Google Security Team discovered a\n possible DoS in the sslv2 client code. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      }
    ],
    "trust": 5.67
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 3.7
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200609-1335",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-06-11T21:44:28.628000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "BIND 9: OpenSSL Vulnerabilities",
        "trust": 0.8,
        "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "title": "102759",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 1.2,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.4,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.4,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
      },
      {
        "trust": 0.1,
        "url": "http://h30097.www3.hp.com/cma/patches.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2007-04-19T00:58:08",
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2011-05-10T00:45:11",
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  }
}

var-200110-0292
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)

files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01118771 Version: 1

HPSBMA02250 SSRT061275 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-08-01 Last Updated: 2007-08-01

Potential Security Impact: Remote execution of arbitrary code and Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified HP System Management Homepage (SMH) for Linux and Windows.

References: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-4339, CVE-2006-4343

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. A more recent version is available: System Management Homepage (SMH) version 2.1.8

HP System Management Homepage for Linux (x86) version 2.1.8-177 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26864.html

HP System Management Homepage for Linux (AMD64/EM64T) version 2.1.8-177 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26866.html

HP System Management Homepage for Windows version 2.1.8-179 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26977.html

PRODUCT SPECIFIC INFORMATION

HISTORY: Version:1 (rev.1) - 1 August 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDKSA-2006:172 http://www.mandriva.com/security/

Package : openssl Date : September 28, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0

Problem Description:

Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).

During the parsing of certain invalid ASN1 structures an error condition is mishandled. (CVE-2006-2937)

Certain types of public key can take disproportionate amounts of time to process. (CVE-2006-2940)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. (CVE-2006-3738)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0292",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.2.6-p1"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.3.2-p1"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-2937",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01118771\nVersion: 1\n\nHPSBMA02250 SSRT061275 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-08-01\nLast Updated: 2007-08-01\n\n\nPotential Security Impact: Remote execution of arbitrary code and Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified HP System Management Homepage (SMH) for Linux and Windows. \n\nReferences: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-4339, CVE-2006-4343\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \nA more recent version is available: System Management Homepage (SMH) version 2.1.8 \n\nHP System Management Homepage for Linux (x86) version 2.1.8-177 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26864.html \n\nHP System Management Homepage for Linux (AMD64/EM64T) version 2.1.8-177 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26866.html \n\nHP System Management Homepage for Windows version 2.1.8-179 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26977.html \n\nPRODUCT SPECIFIC INFORMATION \n\nHISTORY: \nVersion:1 (rev.1) - 1 August 2007 Initial Release \n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux \nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                         MDKSA-2006:172\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : openssl\n Date    : September 28, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n Dr S N Henson of the OpenSSL core team and Open Network Security\n recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). \n\n During the parsing of certain invalid ASN1 structures an error\n condition is mishandled. (CVE-2006-2937)\n\n Certain types of public key can take disproportionate amounts of time\n to process. (CVE-2006-2940)\n\n Tavis Ormandy and Will Drewry of the Google Security Team discovered a\n buffer overflow in the SSL_get_shared_ciphers utility function, used by\n some applications such as exim and mysql.  An attacker could send a\n list of ciphers that would overrun a buffer. (CVE-2006-3738)\n\n Tavis Ormandy and Will Drewry of the Google Security Team discovered a\n possible DoS in the sslv2 client code. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      }
    ],
    "trust": 5.22
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 3.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200110-0292",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-06-07T21:31:54.786000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "BIND 9: OpenSSL Vulnerabilities",
        "trust": 0.8,
        "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "title": "102759",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  }
}

var-200312-0218
Vulnerability from variot

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. OpenSSL Is ASN.1 (Abstract Syntax Notation One) A vulnerability that causes deep recursion exists due to poor handling of sequences.By sending a client certificate crafted by a third party to the target host, OpenSSL Server using the library interferes with service operation (DoS) It may be in a state. A problem has been identified in OpenSSL when handling specific types of ASN.1 requests. This issue is also known to affect numerous Cisco products. It is possible that other vendors will also be acknowledging this issue and providing fixes. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. Oracle has released a Critical Patch Update to address these issues in various supported applications and platforms. Other non-supported versions may be affected, but Symantec has not confirmed this. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. This BID will be divided and updated into separate BIDs when more information is available. An attacker could exploit these vulnerabilities to take complete control of an affected database.

TITLE: Red Hat update for openssl

SECUNIA ADVISORY ID: SA17398

VERIFY ADVISORY: http://secunia.com/advisories/17398/

CRITICAL: Moderately critical

IMPACT: DoS

WHERE:

From remote

OPERATING SYSTEM: RedHat Linux Advanced Workstation 2.1 for Itanium http://secunia.com/product/1326/ RedHat Enterprise Linux WS 2.1 http://secunia.com/product/1044/ RedHat Enterprise Linux ES 2.1 http://secunia.com/product/1306/ RedHat Enterprise Linux AS 2.1 http://secunia.com/product/48/

DESCRIPTION: Red Hat has issued an update for openssl. http://rhn.redhat.com/

ORIGINAL ADVISORY: http://rhn.redhat.com/errata/RHSA-2005-829.html

OTHER REFERENCES: SA11139: http://secunia.com/advisories/11139/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. OpenSSL Security Advisory [4 November 2003]

Denial of Service in ASN.1 parsing

Previously, OpenSSL 0.9.6k was released on the 30 September 2003 to address various ASN.1 issues. The issues were found using a test suite from NISCC (www.niscc.gov.uk) and fixed by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team.

Subsequent to that release, Novell Inc. carried out further testing using the NISCC suite. This could be performed for example by sending a client certificate to a SSL/TLS enabled server which is configured to accept them.

Patches for this issue have been created by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team.

Who is affected?

OpenSSL 0.9.6k is affected by the bug, but the denial of service does not affect all platforms. This issue does not affect OpenSSL 0.9.7. Currently only OpenSSL running on Windows platforms is known to crash.

Recommendations

Upgrade to OpenSSL 0.9.6l or 0.9.7c. Recompile any OpenSSL applications statically linked to OpenSSL libraries.

OpenSSL 0.9.6l is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file name is:

o openssl-0.9.6l.tar.gz [normal]
  MD5 checksum: 843a65ddc56634f0e30a4f9474bb5b27
o openssl-engine-0.9.6l.tar.gz [engine]
  MD5 checksum: dd372198cdf31667f2cb29cd76fbda1c

The checksums were calculated using the following command:

openssl md5 < openssl-0.9.6l.tar.gz
openssl md5 < openssl-engine-0.9.6l.tar.gz

References

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851 to this issue.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0851

URL for this Security Advisory: https://www.openssl.org/news/secadv_20031104.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200312-0218",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.2sy"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1\\(11b\\)e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1\\(11\\)e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.2sx"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "netbsd",
        "version": "1.6.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "netbsd",
        "version": "1.6"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2.2_.111"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(3\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(2\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(3\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(1\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(4\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "css11000 content services switch",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(5\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3\\(1\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(3\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(4.101\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(1\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(2\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3\\(3.102\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(2\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(1\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(4\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netbsd",
        "version": "1.5"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netbsd",
        "version": "1.5.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netbsd",
        "version": "1.5.2"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netbsd",
        "version": "1.5.3"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sgi",
        "version": "2.3"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sgi",
        "version": "2.4"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.3"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "ios 12.1 e",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.22"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.21"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.20"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.2.111"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(3)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.4"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.3"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(5)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(4)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(3)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(2)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.4"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.3"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(4.101)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(4)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(2)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(1)"
      },
      {
        "model": "ios 12.2sy",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sx",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e12",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ec",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1(0.208)"
      },
      {
        "model": "css11000 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "software opera web browser",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.23"
      },
      {
        "model": "project openssl c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "coat systems security gateway os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "3.1.2"
      },
      {
        "model": "coat systems security gateway os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "2.1.10"
      },
      {
        "model": "coat systems cacheos ca/sa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.1.12"
      },
      {
        "model": "oneworld xe/erp8 applications sp22",
        "scope": null,
        "trust": 0.3,
        "vendor": "peoplesoft",
        "version": null
      },
      {
        "model": "enterpriseone applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "peoplesoft",
        "version": "8.93"
      },
      {
        "model": "enterpriseone applications sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "peoplesoft",
        "version": "8.9"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "oracle8i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "oracle8i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4.0"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.0"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.0"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.9"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.8"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.7"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.6"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.5"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.4"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.3"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.2"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.1"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "collaboration suite release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.4.2"
      },
      {
        "model": "collaboration suite release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.4.1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#412478"
      },
      {
        "db": "BID",
        "id": "8970"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sx:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Litchfield\u203b david@nextgenss.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2003-0851",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2003-0851",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-7676",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2003-0851",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#412478",
            "trust": 0.8,
            "value": "3.23"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200312-003",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-7676",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#412478"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7676"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. OpenSSL Is ASN.1 (Abstract Syntax Notation One) A vulnerability that causes deep recursion exists due to poor handling of sequences.By sending a client certificate crafted by a third party to the target host, OpenSSL Server using the library interferes with service operation (DoS) It may be in a state. A problem has been identified in OpenSSL when handling specific types of ASN.1 requests. \nThis issue is also known to affect numerous Cisco products.  It is possible that other vendors will also be acknowledging this issue and providing fixes. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. \nOracle has released a Critical Patch Update to address these issues in various supported applications and platforms. Other non-supported versions may be affected, but Symantec has not confirmed this. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. \nThis BID will be divided and updated into separate BIDs when more information is available. An attacker could exploit these vulnerabilities to take complete control of an affected database. \n\nTITLE:\nRed Hat update for openssl\n\nSECUNIA ADVISORY ID:\nSA17398\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17398/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nRedHat Linux Advanced Workstation 2.1 for Itanium\nhttp://secunia.com/product/1326/\nRedHat Enterprise Linux WS 2.1\nhttp://secunia.com/product/1044/\nRedHat Enterprise Linux ES 2.1\nhttp://secunia.com/product/1306/\nRedHat Enterprise Linux AS 2.1\nhttp://secunia.com/product/48/\n\nDESCRIPTION:\nRed Hat has issued an update for openssl. \nhttp://rhn.redhat.com/\n\nORIGINAL ADVISORY:\nhttp://rhn.redhat.com/errata/RHSA-2005-829.html\n\nOTHER REFERENCES:\nSA11139:\nhttp://secunia.com/advisories/11139/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. OpenSSL Security Advisory [4 November 2003]\n\nDenial of Service in ASN.1 parsing\n==================================\n\nPreviously, OpenSSL 0.9.6k was released on the 30 September 2003 to\naddress various ASN.1 issues.  The issues were found using a test\nsuite from NISCC (www.niscc.gov.uk) and fixed by Dr Stephen Henson\n(steve@openssl.org) of the OpenSSL core team. \n\nSubsequent to that release, Novell Inc. carried out further testing\nusing the NISCC suite.  This could be\nperformed for example by sending a client certificate to a SSL/TLS\nenabled server which is configured to accept them.  \n\nPatches for this issue have been created by Dr Stephen Henson\n(steve@openssl.org) of the OpenSSL core team. \n\nWho is affected?\n----------------\n\nOpenSSL 0.9.6k is affected by the bug, but the denial of service does\nnot affect all platforms.  This issue does not affect OpenSSL 0.9.7. \nCurrently only OpenSSL running on Windows platforms is known to crash. \n\nRecommendations\n---------------\n\nUpgrade to OpenSSL 0.9.6l or 0.9.7c.  Recompile any OpenSSL\napplications statically linked to OpenSSL libraries. \n\nOpenSSL 0.9.6l is available for download via HTTP and FTP from the\nfollowing master locations (you can find the various FTP mirrors under\nhttps://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file name is:\n\n    o openssl-0.9.6l.tar.gz [normal]\n      MD5 checksum: 843a65ddc56634f0e30a4f9474bb5b27\n    o openssl-engine-0.9.6l.tar.gz [engine]\n      MD5 checksum: dd372198cdf31667f2cb29cd76fbda1c\n\nThe checksums were calculated using the following command:\n\n    openssl md5 \u003c openssl-0.9.6l.tar.gz\n    openssl md5 \u003c openssl-engine-0.9.6l.tar.gz\n\nReferences\n----------\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0851 to this issue. \n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0851\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20031104.txt\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0851"
      },
      {
        "db": "CERT/CC",
        "id": "VU#412478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      },
      {
        "db": "BID",
        "id": "8970"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7676"
      },
      {
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "db": "PACKETSTORM",
        "id": "169672"
      }
    ],
    "trust": 3.15
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#412478",
        "trust": 3.3
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0851",
        "trust": 3.2
      },
      {
        "db": "BID",
        "id": "8970",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "17381",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000331",
        "trust": 0.8
      },
      {
        "db": "NETBSD",
        "id": "NETBSD-SA2004-003",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:5528",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20040508 [FLSA-2004:1395] UPDATED OPENSSL RESOLVES SECURITY VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20031104 [OPENSSL ADVISORY] DENIAL OF SERVICE IN ASN.1 PARSING",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20030930 SSL IMPLEMENTATION VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2004:119",
        "trust": 0.6
      },
      {
        "db": "SGI",
        "id": "20040304-01-U",
        "trust": 0.6
      },
      {
        "db": "FEDORA",
        "id": "FEDORA-2005-1042",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "13139",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-7676",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "17398",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41200",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169672",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#412478"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7676"
      },
      {
        "db": "BID",
        "id": "8970"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      },
      {
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "db": "PACKETSTORM",
        "id": "169672"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "id": "VAR-200312-0218",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-7676"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:21:01.334000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20030930-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
      },
      {
        "title": "NetBSD-SA2004-003",
        "trust": 0.8,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2004-003.txt.asc"
      },
      {
        "title": "secadv_20031104",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20031104.txt"
      },
      {
        "title": "RHSA-2004:119",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2004-119.html"
      },
      {
        "title": "20040304-01-U",
        "trust": 0.8,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-u.asc"
      },
      {
        "title": "RHSA-2004:119",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-119j.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://www.openssl.org/news/secadv_20031104.txt"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/8970"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/412478"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/17381"
      },
      {
        "trust": 2.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-119.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/archives/fedora-announce-list/2005-october/msg00087.html"
      },
      {
        "trust": 1.7,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2004-003.txt.asc"
      },
      {
        "trust": 1.7,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-u.asc"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5528"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
      },
      {
        "trust": 0.8,
        "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl2.htm"
      },
      {
        "trust": 0.8,
        "url": "http://www.itu.int/itu-t/asn1/"
      },
      {
        "trust": 0.8,
        "url": "http://www.itu.int/itu-t/studygroups/com10/languages/"
      },
      {
        "trust": 0.8,
        "url": "http://www.cert.org/advisories/ca-2003-26.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0851"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20031104-00753.xml"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnca-2003-26"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trca-2003-26"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0851"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20031104-00753.pdf?lang=en"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/20031001_103420.html"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106796246511667\u0026w=2"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5528"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108403850228012\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.opera.com/windows/changelogs/723/"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-139.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com/support/knowledge/advisory_asn1_parsing_0.9.6.l.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.peoplesoft.com:80/corp/en/support/security_index.jsp"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/395699"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=106796246511667\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=108403850228012\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": ""
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/48/"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2005-829.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1326/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1306/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/11139/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/17398/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1044/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0851"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0851"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#412478"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7676"
      },
      {
        "db": "BID",
        "id": "8970"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      },
      {
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "db": "PACKETSTORM",
        "id": "169672"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#412478"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7676"
      },
      {
        "db": "BID",
        "id": "8970"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      },
      {
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "db": "PACKETSTORM",
        "id": "169672"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-11-04T00:00:00",
        "db": "CERT/CC",
        "id": "VU#412478"
      },
      {
        "date": "2003-12-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-7676"
      },
      {
        "date": "2003-11-04T00:00:00",
        "db": "BID",
        "id": "8970"
      },
      {
        "date": "2005-04-12T00:00:00",
        "db": "BID",
        "id": "13139"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      },
      {
        "date": "2005-11-03T01:02:14",
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "date": "2003-11-04T12:12:12",
        "db": "PACKETSTORM",
        "id": "169672"
      },
      {
        "date": "2003-07-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      },
      {
        "date": "2003-12-01T05:00:00",
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-11-05T00:00:00",
        "db": "CERT/CC",
        "id": "VU#412478"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-7676"
      },
      {
        "date": "2015-03-19T08:52:00",
        "db": "BID",
        "id": "8970"
      },
      {
        "date": "2006-05-05T23:30:00",
        "db": "BID",
        "id": "13139"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      },
      {
        "date": "2009-03-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      },
      {
        "date": "2018-10-30T16:26:18.123000",
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169672"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.6k does not properly handle ASN.1 sequences",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#412478"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      }
    ],
    "trust": 0.6
  }
}

var-201609-0350
Vulnerability from variot

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. Supplementary information : CWE Vulnerability type by CWE-400: Uncontrolled Resource Consumption ( Resource depletion ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. OpenSSL version 1.1.0 is vulnerable. OpenSSL Security Advisory [22 Sep 2016] ========================================

OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

Severity: High

A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.

Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.

OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

SSL_peek() hang on empty record (CVE-2016-6305)

Severity: Moderate

OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.

SWEET32 Mitigation (CVE-2016-2183)

Severity: Low

SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.

OOB write in MDC2_Update() (CVE-2016-6303)

Severity: Low

An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.

The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Malformed SHA512 ticket DoS (CVE-2016-6302)

Severity: Low

If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.

The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB write in BN_bn2dec() (CVE-2016-2182)

Severity: Low

The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB read in TS_OBJ_print_bio() (CVE-2016-2180)

Severity: Low

The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Pointer arithmetic undefined behaviour (CVE-2016-2177)

Severity: Low

Avoid some undefined pointer arithmetic

A common idiom in the codebase is to check limits in the following manner: "p + len > limit"

Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS message).

The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.

For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

Constant time flag not preserved in DSA signing (CVE-2016-2178)

Severity: Low

Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.

DTLS buffered message DoS (CVE-2016-2179)

Severity: Low

In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.

DTLS replay protection DoS (CVE-2016-2181)

Severity: Low

A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.

Certificate message OOB reads (CVE-2016-6306)

Severity: Low

In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.

The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)

Severity: Low

A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect DTLS users.

OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)

Severity: Low

This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.

A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect TLS users.

OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0350",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions  (linux edition )"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.4"
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0a"
      },
      {
        "model": "ix1000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "sg3600 all series"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "webex centers t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13150-13"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series blade switches 4.1 e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "stealthwatch management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.2"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router 1.2.1rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "nexus series switches standalone nx-os mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches standalone nx-os mode 7.0 i5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.9"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.8"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "telepresence sx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0.1"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8200"
      },
      {
        "model": "unified communications manager im \u0026 presence service (formerly c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.1.3"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0.7"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.11"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "partner support service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.8"
      },
      {
        "model": "webex meetings client on-premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6(1)"
      },
      {
        "model": "services provisioning platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "nac appliance clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "services provisioning platform sfp1.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.4"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.9"
      },
      {
        "model": "stealthwatch identity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.2"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2(1)"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.1"
      },
      {
        "model": "unified workforce optimization quality management solution 11.5 su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "universal small cell iuh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber client framework components",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings client on-premises t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dcm series d9900 digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.19"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.4"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "prime network services controller 1.01u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9.15.9.8"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.10"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103204.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.5(3)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series blade switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-376.1"
      },
      {
        "model": "jabber for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence profile series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1.0.0"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.28"
      },
      {
        "model": "edge digital media player 1.6rb5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "telepresence isdn gateway mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "wireless lan controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.3"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "telepresence mx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.23"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "tandberg codian isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.9"
      },
      {
        "model": "digital media manager 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.2"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.7"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone 10.3.1sr4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "webex meetings server multimedia platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.5"
      },
      {
        "model": "series stackable managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "aironet series access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27000"
      },
      {
        "model": "onepk all-in-one virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13006.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7.1"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11006.1"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "telepresence sx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5"
      },
      {
        "model": "nac appliance clean access server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.0.1"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime optical for service providers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart care",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player 1.2rb1.0.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "340"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "network performance analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.19"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82.8"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.7"
      },
      {
        "model": "telepresence integrator c series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "content security management appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.140"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "jabber client framework components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "telepresence server and mse",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087104.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "ucs series and series fabric interconnects",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "620063000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "netflow generation appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(1)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.9"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.8.15.7.15"
      },
      {
        "model": "prime infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103200"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.1"
      },
      {
        "model": "content security appliance update servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "videoscape anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.7.2"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.9"
      },
      {
        "model": "universal small cell iuh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1.1"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.4"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-326.1"
      },
      {
        "model": "unity express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.8"
      },
      {
        "model": "small business series managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10006.1"
      },
      {
        "model": "telepresence isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "series smart plus switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2200"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "telepresence system series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30006.1"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.13"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.9"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.9"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "mds series multilayer switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-3.0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.1"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tealeaf customer experience on cloud network capture add-on",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "16.1.01"
      },
      {
        "model": "smart net total care local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.12"
      },
      {
        "model": "project openssl 1.1.0a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.8.9"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "prime performance manager sp1611",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "unified ip phone 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "telepresence server and mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087100"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.19"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270015.5(3)"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.11"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "digital media manager 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified workforce optimization quality management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "cloud object storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47100"
      },
      {
        "model": "oss support tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.15.17.3.14"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "prime infrastructure plug and play standalone gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.6"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.19"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4.1"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.8"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5(1.89)"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.003(002)"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8204.4"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.3"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "prime network",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "431"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.26"
      },
      {
        "model": "network analysis module 6.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system ex series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mxe series media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "ip series phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2.0.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "unified meetingplace 8.6mr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.9"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "spa525g 5-line ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone for third-party call control 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.6"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.23"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client hosted t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1.30"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93152"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004993"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6307"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-596"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6307"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-596"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-6307",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6307",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6307",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6307",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201609-596",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-6307",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6307"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004993"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6307"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-596"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. Supplementary information : CWE Vulnerability type by CWE-400: Uncontrolled Resource Consumption ( Resource depletion ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. \nOpenSSL version 1.1.0 is vulnerable. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2.  OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6307"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004993"
      },
      {
        "db": "BID",
        "id": "93152"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6307"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6307",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "93152",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1036885",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-16",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-21",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-20",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU98667810",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004993",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-596",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6307",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169633",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6307"
      },
      {
        "db": "BID",
        "id": "93152"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004993"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6307"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-596"
      }
    ]
  },
  "id": "VAR-201609-0350",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.3797576935714285
  },
  "last_update_date": "2023-12-18T10:57:14.796000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160927-openssl",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "title": "1995039",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "title": "NV17-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html"
      },
      {
        "title": "OpenSSL 1.1.0 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.1.0-notes.html"
      },
      {
        "title": "Excessive allocation of memory in tls_get_message_header()",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650"
      },
      {
        "title": "Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "SA132",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "title": "TNS-2016-16",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=64374"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/09/26/openssl_patches_last_weeks_patch/"
      },
      {
        "title": "Red Hat: CVE-2016-6307",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-6307"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16"
      },
      {
        "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20"
      },
      {
        "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-6307 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/openssl-fixes-critical-bug-introduced-by-latest-update/120851/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6307"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004993"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-596"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004993"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6307"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "trust": 1.8,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/93152"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1036885"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-21"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-20"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650"
      },
      {
        "trust": 0.9,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6307"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98667810/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6307"
      },
      {
        "trust": 0.8,
        "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://git.openssl.org/?p=openssl.git;a=commitdiff;h=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21994534"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994861"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/400.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-6307"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/openssl-fixes-critical-bug-introduced-by-latest-update/120851/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49041"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://sweet32.info)"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6307"
      },
      {
        "db": "BID",
        "id": "93152"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004993"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6307"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-596"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6307"
      },
      {
        "db": "BID",
        "id": "93152"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004993"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6307"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-596"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6307"
      },
      {
        "date": "2016-09-21T00:00:00",
        "db": "BID",
        "id": "93152"
      },
      {
        "date": "2016-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004993"
      },
      {
        "date": "2016-09-22T12:12:12",
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "date": "2016-09-26T19:59:04.033000",
        "db": "NVD",
        "id": "CVE-2016-6307"
      },
      {
        "date": "2016-09-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-596"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6307"
      },
      {
        "date": "2017-05-02T02:06:00",
        "db": "BID",
        "id": "93152"
      },
      {
        "date": "2017-07-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004993"
      },
      {
        "date": "2023-11-07T02:33:57.377000",
        "db": "NVD",
        "id": "CVE-2016-6307"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-596"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-596"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Service disruption in the implementation of state machines  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004993"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-596"
      }
    ],
    "trust": 0.6
  }
}

var-201406-0117
Vulnerability from variot

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to a denial-of-service vulnerability. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. OpenSSL prior to 0.9.8za, 1.0.0m, and 1.0.1h are vulnerable. As long as all other products which SMH V7.3.3.1 for Linux x86 communicates with have been upgraded to the latest versions, it will not be vulnerable to the exploits described in CVE-2014-0224. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities

EMC Identifier: ESA-2014-079

CVE Identifier: See below for individual CVEs

Severity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE

Affected products:
\x95 All EMC Documentum Content Server versions of 7.1 prior to P07 \x95 All EMC Documentum Content Server versions of 7.0 \x95 All EMC Documentum Content Server versions of 6.7 SP2 prior to P16 \x95 All EMC Documentum Content Server versions of 6.7 SP1 \x95 All EMC Documentum Content Server versions prior to 6.7 SP1

Summary:
EMC Documentum Content Server contains fixes for multiple vulnerabilities which also include vulnerabilities disclosed by the OpenSSL project on June 5, 2014 in OpenSSL.

Details: EMC Documentum Content Server may be susceptible to the following vulnerabilities:

\x95 Arbitrary Code Execution (CVE-2014-4618): Authenticated non-privileged users can potentially execute Documentum methods with higher level privileges (up to and including superuser privileges) due to improper authorization checks being performed on user-created system objects. CVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)

\x95 DQL Injection (CVE-2014-2520): Certain DQL hints in EMC Documentum Content Server may be potentially exploited by an authenticated non-privileged malicious user to conduct DQL injection attacks and read the database contents. This issue only affects Content Server running on Oracle database. CVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)

\x95 Information Disclosure (CVE-2014-2521): Authenticated non-privileged users are allowed to retrieve meta-data of unauthorized system objects due to improper authorization checks being performed on certain RPC commands in Content Server. CVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)

\x95 Multiple OpenSSL vulnerabilities (See individual CVEs below and refer to NVD for each of their scores): SSL/TLS Man-in-the-middle (MITM) vulnerability (CVE-2014-0224) DTLS recursion flaw (CVE-2014-0221) DTLS invalid fragment vulnerability (CVE-2014-0195) SSL_MODE_RELEASE_BUFFERS NULL pointer deference (CVE-2014-0198) SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298) Anonymous ECDH denial of service (CVE-2014-3470) FLUSH + RELOAD cache side-channel attack (CVE-2014-0076) For more information about these vulnerabilities, please visit the original OpenSSL advisory https://www.openssl.org/news/secadv_20140605.txt

Resolution: The following versions contain the resolution for these issues: \x95 EMC Documentum Content Server version 7.1 P07 and later \x95 EMC Documentum Content Server version 7.0: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \x95 EMC Documentum Content Server version 6.7 SP2 P16 and later \x95 EMC Documentum Content Server version 6.7 SP1: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests.

EMC recommends all customers to upgrade to one of the above versions at the earliest opportunity.

Link to remedies: Registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/2732_Documentum-Server

For Hotfix, contact EMC Support.

Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867.

For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

[slackware-security] openssl (SSA:2014-156-03)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz: Upgraded. For more information, see: http://www.openssl.org/news/secadv_20140605.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 ( Security fix ) patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8za-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8za-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8za-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8za-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8za-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8za-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1h-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1h-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1h-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1h-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1h-i486-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1h-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1h-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 634b8ecc8abc6d3f249b73d0fefa5959 openssl-0.9.8za-i486-1_slack13.0.txz a2529f1243d42a3608f61b96236b5f60 openssl-solibs-0.9.8za-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: 2ddac651c5f2531f3a7f70d9f5823bd6 openssl-0.9.8za-x86_64-1_slack13.0.txz d7ffeb15713a587f642fbb3d5c310c75 openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 0b84a6a1edf76cba83d4c52c54196baa openssl-0.9.8za-i486-1_slack13.1.txz dfd5d241b0e1703ae9d70d6ccda06179 openssl-solibs-0.9.8za-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: bd749622577a5f76a59d90b95aa922fd openssl-0.9.8za-x86_64-1_slack13.1.txz 35cf911dd9f0cc13f7f0056d9e1f4520 openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 8f674defac9002c81265d284b1072f75 openssl-0.9.8za-i486-1_slack13.37.txz 48ce79e7714cb0c823d2b6ea4a88ba51 openssl-solibs-0.9.8za-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: efa09162c22782c15806bca99472c5be openssl-0.9.8za-x86_64-1_slack13.37.txz 8e3b8d1e3d3a740bd274fbe38dc10f96 openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz

Slackware 14.0 packages: 8e2698d19f54c7e0cac8f998df23b782 openssl-1.0.1h-i486-1_slack14.0.txz cf6233bc169cf6dd192bb7210f779fc1 openssl-solibs-1.0.1h-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 2b4f0610d5e46fa7bb27a0b39f0d6d33 openssl-1.0.1h-x86_64-1_slack14.0.txz 18fdd83dcf86204275508a689a017dea openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 49aea7da42eef41da894f29762971863 openssl-1.0.1h-i486-1_slack14.1.txz 6f19f4fdc3f018b4e821c519d7bb1e5c openssl-solibs-1.0.1h-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: ccf5ff2b107c665a4f3bf98176937749 openssl-1.0.1h-x86_64-1_slack14.1.txz ea1aaba38c98b096186ca94ca541a793 openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz

Slackware -current packages: db1ed7ded71ab503f567940fff39eb16 a/openssl-solibs-1.0.1h-i486-1.txz 0db4f91f9b568b2b2629950e5ab88b22 n/openssl-1.0.1h-i486-1.txz

Slackware x86_64 -current packages: d01aef33335bee27f36574241f54091f a/openssl-solibs-1.0.1h-x86_64-1.txz 95a743d21c58f39573845d6ec5270656 n/openssl-1.0.1h-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1h-i486-1_slack14.1.txz openssl-solibs-1.0.1h-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04355095

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04355095 Version: 1

HPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows running OpenSSL, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-08-08 Last Updated: 2014-08-08

Potential Security Impact: Remote denial of service (DoS), code execution, unauthorized access, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information.

HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. This bulletin provides the information needed to update the HP Insight Control server deployment solution.

Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware

References:

CVE-2010-5298 Remote Denial of Service CVE-2014-0076 Unauthorized Disclosure of Information CVE-2014-0195 Remote Unauthorized Access CVE-2014-0198 Remote Denial of Service CVE-2014-0221 Remote Denial of Service (DoS) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101628

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following updates to v7.3.1 of HP Insight Control server deployment to resolve this vulnerability. HP has provided manual update steps if a version upgrade is not possible; if users wish to remain at v7.1.2, v7.2.0, or v7.2.1.

Note: It is important to check your current running version of HP Insight Control server deployment and to follow the correct steps listed below. For HP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and follow the steps below to remove the vulnerability. The vulnerability known as Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server deployment v7.3.1. That Security Bulletin with instructions on how to upgrade to v7.3.1 can be found here:

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n a-c04267749

HP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should take the following steps to remove this vulnerability.

Delete the files smhamd64-.exe/smhx86-.exe" from Component Copy Location listed in the following table, rows 1 and 2. Delete the files "vcax86-.exe/vcaamd64-.exe from Component Copy Location listed in the following table, rows 3 and 4. Delete the files hpsmh-7.*.rpm" from Component Copy Location listed in row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location specified in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location

1 http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba smhamd64-ccp023716.exe \express\hpfeatures\hpagents-ws\components\Win2008

2 http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05 smhx86-cp023715.exe \express\hpfeatures\hpagents-ws\components\Win2008

3 http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13 vcax86-cp023742.exe \express\hpfeatures\hpagents-ws\components\Win2008

4 http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2 vcaamd64-cp023743.exe \express\hpfeatures\hpagents-ws\components\Win2008

5 http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components \express\hpfeatures\hpagents-sles10-x64\components \express\hpfeatures\hpagents-rhel5-x64\components \express\hpfeatures\hpagents-rhel6-x64\components

Download and extract the HPSUM 5.3.6 component from ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793

Copy all content from extracted ZIP folder and paste into \eXpress\hpfeatures\fw-proLiant\components Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 on targets running Windows.

HP Insight Control server deployment users with v7.2.2:

Please upgrade to Insight Control server deployment v7.3.1 and follow the steps below for v7.3.1.

HP Insight Control server deployment users with v7.3.1:

Perform steps 1 - 4 as outlined above for users with HP Insight Control server deployment v7.1.2, v7.2.0, and v7.2.1. Download the HP SUM ZIP file from http://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f

Extract the contents from the HP SUM ZIP file to \eXpress\hpfeatures\fw-proLiant\components location on the Insight Control server deployment server

Related security bulletins:

For System Management Homepage please see Security bulletin HPSBMU03051 https ://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04 345210

For HP Version Control Agent please see Security bulletin HPSBMU03057 https:/ /h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434 9897

HISTORY Version:1 (rev.1) - 8 August 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlPk9ewACgkQ4B86/C0qfVn1/gCfR2U/mZZXYwPms9ptZcBTua/5 MoQAn1qlQ3kmLRs7YFN5GzwBTRfSK5Go =r0qe -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2232-2 June 12, 2014

openssl regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 13.10
  • Ubuntu 12.04 LTS

Summary:

USN-2232-1 introduced a regression in OpenSSL.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use tls_session_secret_cb, such as wpa_supplicant. This update fixes the problem.

Original advisory details:

J=C3=BCri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. (CVE-2014-0221) KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224) Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.3

Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.5

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.15

After a standard system update you need to reboot your computer to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2232-2 http://www.ubuntu.com/usn/usn-2232-1 https://launchpad.net/bugs/1329297

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.3 https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.5 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.15 .

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://www.openssl.org/news/secadv_20140605.txt

Updated Packages:

Mandriva Enterprise Server 5: ef1687f8f4d68dd34149dbb04f3fccda mes5/i586/libopenssl0.9.8-0.9.8h-3.18mdvmes5.2.i586.rpm 3e46ee354bd0add0234eaf873f0a076c mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.18mdvmes5.2.i586.rpm 0cc60393474d11a3786965d780e39ebc mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.18mdvmes5.2.i586.rpm 16d367fe394b2f16b9f022ea7ba75a54 mes5/i586/openssl-0.9.8h-3.18mdvmes5.2.i586.rpm 223a4a6b80f1b2eb3cbfaf99473423f3 mes5/SRPMS/openssl-0.9.8h-3.18mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64: 85a51b41a45f6905ea778347d8b236c1 mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.18mdvmes5.2.x86_64.rpm d0bf9ef6c6e33d0c6158add14cbe04b8 mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.18mdvmes5.2.x86_64.rpm 707842b93162409157667f696996f4fc mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.18mdvmes5.2.x86_64.rpm 70f4de1608d99c970afa1786595a761d mes5/x86_64/openssl-0.9.8h-3.18mdvmes5.2.x86_64.rpm 223a4a6b80f1b2eb3cbfaf99473423f3 mes5/SRPMS/openssl-0.9.8h-3.18mdvmes5.2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201406-0117",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "storage",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8za"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "*"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "20"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.1"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "19"
      },
      {
        "model": "linux enterprise software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "mariadb",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mariadb",
        "version": "10.0.13"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "mariadb",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mariadb",
        "version": "10.0.0"
      },
      {
        "model": "linux enterprise workstation extension",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.2"
      },
      {
        "model": "bladecenter advanced management module 3.66e",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "3.0 (ibm pureapplication system and  xen)"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "3.0 (vmware)"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7 release 7.6.0 sp3"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7 release 7.7.0 sp3"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "patient hub 10.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "provider hub 10.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "standard/advanced edition 11.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "standard/advanced edition 11.3"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "patient hub 9.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "patient hub 9.7"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "provider hub 9.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "provider hub 9.7"
      },
      {
        "model": "mobile messaging \u0026 m2m",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "client pack (linux and  windows for platforms  eclipse paho mqtt c client library ) of  support pac ma9b"
      },
      {
        "model": "sdk,",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "for node.js 1.1.0.3"
      },
      {
        "model": "security access manager for mobile the appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "security access manager for web the appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security access manager for web the appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "smartcloud orchestrator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "smartcloud orchestrator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "2.3 fp1"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "2.1 for ibm provided software virtual appliance"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "2.3 fp1"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "4.1.1 (linux-ix86 and  linux-s390)"
      },
      {
        "model": "tivoli workload scheduler",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "distributed 8.4.0 fp07"
      },
      {
        "model": "tivoli workload scheduler",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "distributed 8.5.0 fp04"
      },
      {
        "model": "tivoli workload scheduler",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "distributed 8.5.1 fp05"
      },
      {
        "model": "tivoli workload scheduler",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "distributed 8.6.0 fp03"
      },
      {
        "model": "tivoli workload scheduler",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "distributed 9.1.0 fp01"
      },
      {
        "model": "tivoli workload scheduler",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "distributed 9.2.0 ga level"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.1 (linux and  windows for platforms  paho mqtt c client library )"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.5 (linux and  windows for platforms  paho mqtt c client library )"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "for hp nonstop server 5.3.1"
      },
      {
        "model": "tivoli composite application manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "for transactions 7.2"
      },
      {
        "model": "tivoli composite application manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "for transactions 7.3"
      },
      {
        "model": "tivoli composite application manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "for transactions 7.4"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8 thats all  0.9.8za"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0 thats all  1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1 thats all  1.0.1h"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.7.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9 to  10.9.4"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.7.5"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.63"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.71"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.0"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "3.2.24"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "4.0.26"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "4.1.34"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "4.2.26"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "4.3.14"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "storage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "l20/300",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "lto6 drive",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "lx/30a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "integrated system ha database ready",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "symfoware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "analytics server"
      },
      {
        "model": "symfoware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "server"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "chrome for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.141"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v210.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "arx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "cp1543-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.3"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "point software check point security gateway r71",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "9.1-release-p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "vpn client v100r001c02spc702",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.2"
      },
      {
        "model": "release-p4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "manageone v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "firepass",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "tivoli workload scheduler distributed ga level",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "10.0-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "prime access registrar appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "agile controller v100r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.1--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smart update manager for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3.5"
      },
      {
        "model": "mds switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.2"
      },
      {
        "model": "db2 workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "usg5000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "asg2000 v100r001c10sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "vsm v200r002c00spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.4"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "s5900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "watson explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0"
      },
      {
        "model": "documentum content server p05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "10.0-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.5"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6.1"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "9.2-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "advanced settings utility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "9.1-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "automation stratix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "590015.6.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "nexus series fabric extenders",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "intelligencecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.2"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "documentum content server p02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "big-iq cloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "communicator for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "enterprise manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.0"
      },
      {
        "model": "desktop collaboration experience dx650",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "automation stratix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "59000"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-iq security",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "communicator for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0.2"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.9"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "enterprise manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.1"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.21"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "telepresence ip gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open systems snapvault 3.0.1p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "key",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.2"
      },
      {
        "model": "worklight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "9.3-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7700"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.1"
      },
      {
        "model": "operations orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.05"
      },
      {
        "model": "firepass",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.6"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "ddos secure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.14.1-1"
      },
      {
        "model": "9.3-beta1-p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "vsm v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "powervu d9190 comditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "10.0-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "softco v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2700\u0026s3700 v100r006c05+v100r06h",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s6800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "telepresence mcu series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asg2000 v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "idp 5.1r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "nac manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "db2 connect unlimited advanced edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "smc2.0 v100r002c01b017sp17",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.6"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.4"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "usg2000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.6"
      },
      {
        "model": "ecns600 v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u19** v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.5"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.20"
      },
      {
        "model": "oceanstor s5600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.2"
      },
      {
        "model": "db2 connect enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "psb email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "10.00"
      },
      {
        "model": "toolscenter suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.53"
      },
      {
        "model": "unified communications series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "8.4-release-p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "netcool/system service monitor fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.014"
      },
      {
        "model": "bbm for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "0"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.6.0"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "security information and event management hf11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3.2"
      },
      {
        "model": "operations orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.02"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.1"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.12"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "communicator for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "svn2200 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "db2 connect application server advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "usg9500 v300r001c01spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "8.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "arx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "ecns610 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "9.2-release-p8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "protection service for email",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.5"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "oceanstor s5600t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace iad v300r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "db2 connect application server edition fp7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-2"
      },
      {
        "model": "big-ip wom",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6.1"
      },
      {
        "model": "oceanstor s5800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "oceanstor s5800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vdi communicator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0.2"
      },
      {
        "model": "operations orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.7.4"
      },
      {
        "model": "icewall sso dfw r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9900"
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.0-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.92743"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.59"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.1"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6"
      },
      {
        "model": "elog v100r003c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.0"
      },
      {
        "model": "ata series analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "flare experience for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.2.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "worklight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "9.2-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cms r17ac.h",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "db2 enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "db2 connect application server advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.10"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dynamic system analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "s7700\u0026s9700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.6"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "freedome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "0"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dsr-1000n 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "simatic wincc oa p002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.12"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      },
      {
        "model": "oceanstor s2200t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "icewall sso dfw r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "db2 advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "db2 express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "policy center v100r003c00spc305",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v19.7"
      },
      {
        "model": "solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.20.5.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "ios software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "10.0-release-p5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dsr-500n 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip camera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "spa510 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "idp 4.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.5"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "usg9500 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "enterprise linux server eus 6.5.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "prime performance manager for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "s7700\u0026s9700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "s3900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "collaboration services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "unified communications widgets click to call",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "softco v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence t series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.1"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v310.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "fastsetup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "flare experience for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.2"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "db2 connect unlimited edition for system i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-3"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "jabber for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "operations analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "manageone v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "s7700\u0026s9700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.2"
      },
      {
        "model": "point software check point security gateway r77",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "s6900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ucs b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.29"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "big-iq device",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9"
      },
      {
        "model": "documentum content server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77109.7"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.1"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "quantum policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.2-rc2-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "point software check point security gateway r70",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "telepresence mxp series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4"
      },
      {
        "model": "flare experience for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.2.2"
      },
      {
        "model": "communicator for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02spc800",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "infosphere balanced warehouse d5100",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cc v200r001c31",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s12700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "xenmobile app controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "2.10"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.10648"
      },
      {
        "model": "xenmobile app controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "2.9"
      },
      {
        "model": "oceanstor s5500t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "security information and event management hf3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1.4"
      },
      {
        "model": "documentum content server sp2 p13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "icewall sso dfw r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "messaging secure gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.1"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.2"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "point software check point security gateway r75",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "documentum content server sp2 p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "ecns600 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3"
      },
      {
        "model": "jabber voice for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.8"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.5"
      },
      {
        "model": "8.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "operations orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.03"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.2.0.9"
      },
      {
        "model": "puredata system for operational analytics a1791",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "dsm v100r002c05spc615",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vdi communicator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "icewall sso certd r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.5"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "ace application control engine module ace20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c09",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "agent desktop for cisco unified contact center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "ape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "hyperdp v200r001c91spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "unified attendant console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dsr-500 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "s3900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "ace application control engine module ace10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v110.1"
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "20"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "manageone v100r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463011.5"
      },
      {
        "model": "arx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "model": "esight-ewl v300r001c10spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ave2000 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "usg9300 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "anyoffice v200r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "big-ip wom",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.1"
      },
      {
        "model": "bbm for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rim",
        "version": "2.2.1.40"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "13.10"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.0.0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "usg9500 usg9500 v300r001c20",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u2990 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "one-x mobile ces for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "oceanstor s6800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "manageone v100r001c02 spc901",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2"
      },
      {
        "model": "oceanstor s2600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "11.00"
      },
      {
        "model": "psb email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "9.20"
      },
      {
        "model": "isoc v200r001c02spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "9.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ons series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154000"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webapp secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.1-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.1-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "policy center v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "colorqube ps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "88704.76.0"
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart update manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4.1"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "watson explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "jabber video for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ctpos 6.6r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "webex connect client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "cognos planning fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "10.00"
      },
      {
        "model": "softco v200r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.2"
      },
      {
        "model": "agile controller v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "nip2000\u00265000 v100r002c10hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smc2.0 v100r002c01b017sp16",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip wom",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "blackberry link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "1.2"
      },
      {
        "model": "one-x mobile ces for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "physical access gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "session border controller enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89410"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "isoc v200r001c01spc101",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "watson explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "10.0-beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "documentum content server p06",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "isoc v200r001c00spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "small business isa500 series integrated security appliances",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.28"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "9.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "idp 4.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "usg9500 usg9500 v300r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "uma v200r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "isoc v200r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "big-iq security",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "simatic wincc oa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.12"
      },
      {
        "model": "eupp v100r001c10spc002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "operations orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.0"
      },
      {
        "model": "db2 connect application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.0"
      },
      {
        "model": "9.1-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "stunnel",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.02"
      },
      {
        "model": "big-iq cloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.6"
      },
      {
        "model": "flex system fc5022",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "oceanstor s5500t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "documentum content server p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "wag310g wireless-g adsl2+ gateway with voip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified wireless ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "29200"
      },
      {
        "model": "one-x mobile for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "ida pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hex ray",
        "version": "6.5"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.2"
      },
      {
        "model": "9.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.5"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.02007"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "smart call home",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "big-ip wom",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "firepass",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7.0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.4"
      },
      {
        "model": "ecns610 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "documentum content server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025308"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.99"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.9"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "8.4-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "colorqube ps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "85704.76.0"
      },
      {
        "model": "oceanstor s6800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "manageone v100r002c10 spc320",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "svn2200 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "safe profile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "db2 advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.4"
      },
      {
        "model": "big-iq security",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "eupp v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.3"
      },
      {
        "model": "uma-db v2r1coospc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security information and event management hf6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2.2"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence exchange system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "usg9300 usg9300 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "oncommand unified manager core package 5.2.1p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7600-"
      },
      {
        "model": "espace u2990 v200r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "9.1-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "dsr-1000n rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "svn5500 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.2.0.1055"
      },
      {
        "model": "tivoli netcool/system service monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "jabber voice for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "idp 4.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "db2 developer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "8.4-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "isoc v200r001c02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "big-ip wom",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1"
      },
      {
        "model": "10.0-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "tivoli storage flashcopy manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "db2 enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.7"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "idp series 5.1r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "logcenter v200r003c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "dynamic system analysis",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "db2 express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "infosphere master data management server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "watson explorer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.4"
      },
      {
        "model": "s7700\u0026s9700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oceanstor s2600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "9.2-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.0"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.3"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.10"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0.2354"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.3"
      },
      {
        "model": "enterprise manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "db2 purescale feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "big-iq security",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "db2 express edition fp7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.3"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "point software check point security gateway r76",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "security information and event management ga",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "tsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-1"
      },
      {
        "model": "usg9500 v300r001c20sph102",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "asa cx context-aware security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified im and presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "wincc oa 3.12-p001-3.12-p008",
        "scope": null,
        "trust": 0.3,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "elog v100r003c01spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.6"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "big-ip wom",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "s5900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s6900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "fusionsphere v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tsm v100r002c07spc219",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "one-x mobile lite for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "arx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.1"
      },
      {
        "model": "espace iad v300r002c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "documentum content server sp1 p28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "big-iq cloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "9.2-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "hyperdp v200r001c09spc501",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "toolscenter suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13100"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "usg2000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "10.0-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.7"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "big-ip wom",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.3"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "8.4-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "operations analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip wom",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "db2 workgroup server edition fp7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "svn5500 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "9.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "agent desktop for cisco unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vdi communicator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0.3"
      },
      {
        "model": "oceanstor s5500t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.1"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "espace iad v300r001c07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "9.2-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "dsr-1000 rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "db2 connect unlimited advanced edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6.2"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "one-x mobile lite for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "documentum content server sp2 p16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ip video phone e20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mate products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.4"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.9"
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "db2 connect enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "56000"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "messaging secure gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.5"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "8.4-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77009.7"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u19** v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "uma v200r001c00spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oceanstor s6800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "vdi communicator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "espace usm v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "idp series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5"
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "nexus switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "31640"
      },
      {
        "model": "fusionsphere v100r003c10spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "smc2.0 v100r002c01b025sp07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2700\u0026s3700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "espace cc v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "protection service for email",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.1"
      },
      {
        "model": "isoc v200r001c01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.2"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "esight-ewl v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c91",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.1-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "simatic wincc oa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.8"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "oic v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "icewall sso dfw certd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.4"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ctpos 6.6r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber im for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "small cell factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0"
      },
      {
        "model": "enterprise manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "espace vtm v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0"
      },
      {
        "model": "spa525 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "cp1543-1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.1.25"
      },
      {
        "model": "advanced settings utility",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.0"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.1"
      },
      {
        "model": "espace u2980 v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.2-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "s12700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "8.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "oceanstor s2200t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.1"
      },
      {
        "model": "enterprise manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.1.1"
      },
      {
        "model": "s7-1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "s2900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v39.7"
      },
      {
        "model": "open source security information management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.10"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "usg5000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.9"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.1"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.00"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.4"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.8"
      },
      {
        "model": "s5900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight v2r3c10spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.4"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "s3900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyoffice emm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "2.6.0601.0090"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-iq device",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.21"
      },
      {
        "model": "usg9500 usg9500 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "11.16"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oic v100r001c00spc402",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.0"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "s7700\u0026s9700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "9.2-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "dsr-1000 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "tivoli storage flashcopy manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.4"
      },
      {
        "model": "vtm v100r001c30",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "oceanstor s5500t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "espace u2980 v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "watson explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "8.4-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x2.0.10"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.2"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0.1880"
      },
      {
        "model": "db2 connect unlimited edition for system i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "8.4-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence ip vcr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "db2 connect unlimited edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "documentum content server sp1 p26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0"
      },
      {
        "model": "9.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "eupp v100r001c01spc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "ecns600 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "oceanstor s2600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "communicator for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v29.7"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3"
      },
      {
        "model": "arx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "db2 connect application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "ave2000 v100r001c00sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "documentum content server sp2 p15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "arx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "model": "9.2-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.0-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.13"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.21"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.5"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vpn client v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "metro ethernet series access devices",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12000"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "prime infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ace application control engine appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.1-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.01"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.2"
      },
      {
        "model": "tivoli network manager ip edition fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.94"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "dsr-500n rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ios xr software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "nip2000\u00265000 v100r002c10spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.166"
      },
      {
        "model": "eupp v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "dsr-500 rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "oceanstor s5800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-iq cloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69000"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.6"
      },
      {
        "model": "oceanstor s5600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "db2 enterprise server edition fp7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "db2 connect unlimited edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.2"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "9.1-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security module for cisco network registar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "s6900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "db2 workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "dsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "css series content services switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "115000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "oceanstor s5800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.10"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "s7700\u0026s9700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "9.3-beta1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1"
      },
      {
        "model": "espace usm v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67898"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002767"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3470"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.0m",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.1h",
                "versionStartIncluding": "1.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.8za",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.13",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3470"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "127265"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2014-3470",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-3470",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3470",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201406-081",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3470",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3470"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002767"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3470"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to a denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application, resulting  in denial-of-service conditions. \nOpenSSL prior to 0.9.8za, 1.0.0m, and 1.0.1h are vulnerable. As long as all other products which SMH V7.3.3.1 for Linux\nx86 communicates with have been upgraded to the latest versions, it will not\nbe vulnerable to the exploits described in CVE-2014-0224. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities \n\nEMC Identifier: ESA-2014-079\n\nCVE Identifier:  See below for individual CVEs\n\nSeverity Rating: CVSS v2 Base Score:  See below for individual CVSS score for each CVE\n\nAffected products:  \n\\x95\tAll EMC Documentum Content Server versions of 7.1 prior to P07\n\\x95\tAll EMC Documentum Content Server versions of 7.0\n\\x95\tAll EMC Documentum Content Server versions of 6.7 SP2 prior to P16\n\\x95\tAll EMC Documentum Content Server versions of 6.7 SP1\n\\x95\tAll EMC Documentum Content Server versions prior to 6.7 SP1\n \nSummary:  \nEMC Documentum Content Server contains fixes for multiple vulnerabilities which also include vulnerabilities disclosed by the OpenSSL project on June 5, 2014 in OpenSSL. \n\nDetails: \nEMC Documentum Content Server may be susceptible to the following vulnerabilities:\n\n\\x95\tArbitrary Code Execution (CVE-2014-4618):\nAuthenticated non-privileged users can potentially execute Documentum methods with higher level privileges (up to and including superuser privileges) due to improper authorization checks being performed on user-created system objects. \nCVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)\n\n\\x95\tDQL Injection (CVE-2014-2520):\nCertain DQL hints in EMC Documentum Content Server may be potentially exploited by an authenticated non-privileged malicious user to conduct DQL injection attacks and read the database contents. This issue only affects Content Server running on Oracle database. \nCVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)\n\n\\x95\tInformation Disclosure (CVE-2014-2521):\nAuthenticated non-privileged users are allowed to retrieve meta-data of unauthorized system objects due to improper authorization checks being performed on certain RPC commands in Content Server. \nCVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)\n\n\\x95\tMultiple OpenSSL vulnerabilities (See individual CVEs below and refer to NVD for each of their scores):\n\tSSL/TLS Man-in-the-middle (MITM) vulnerability (CVE-2014-0224)\n\tDTLS recursion flaw  (CVE-2014-0221)\n\tDTLS invalid fragment vulnerability (CVE-2014-0195)\n\tSSL_MODE_RELEASE_BUFFERS NULL pointer deference  (CVE-2014-0198)\n\tSSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)\n\tAnonymous ECDH denial of service (CVE-2014-3470)\n\tFLUSH + RELOAD cache side-channel attack (CVE-2014-0076)\nFor more information about these vulnerabilities, please visit the original OpenSSL advisory https://www.openssl.org/news/secadv_20140605.txt   \n\nResolution: \nThe following versions contain the resolution for these issues: \n\\x95\tEMC Documentum Content Server version 7.1 P07 and later\n\\x95\tEMC Documentum Content Server version 7.0: Hotfixes are available for Windows \u0026 Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \n\\x95\tEMC Documentum Content Server version 6.7 SP2 P16 and later\n\\x95\tEMC Documentum Content Server version 6.7 SP1: Hotfixes are available for Windows \u0026 Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \n\nEMC recommends all customers to upgrade to one of the above versions at the earliest opportunity. \n\nLink to remedies:\nRegistered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/2732_Documentum-Server\n\nFor Hotfix, contact EMC Support. \n\n\n\nRead and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. \n\nFor an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\nEMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security]  openssl (SSA:2014-156-03)\n\nNew openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1h-i486-1_slack14.1.txz:  Upgraded. \n  For more information, see:\n    http://www.openssl.org/news/secadv_20140605.txt\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8za-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8za-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8za-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8za-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8za-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8za-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1h-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1h-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1h-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1h-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1h-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1h-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1h-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n634b8ecc8abc6d3f249b73d0fefa5959  openssl-0.9.8za-i486-1_slack13.0.txz\na2529f1243d42a3608f61b96236b5f60  openssl-solibs-0.9.8za-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n2ddac651c5f2531f3a7f70d9f5823bd6  openssl-0.9.8za-x86_64-1_slack13.0.txz\nd7ffeb15713a587f642fbb3d5c310c75  openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n0b84a6a1edf76cba83d4c52c54196baa  openssl-0.9.8za-i486-1_slack13.1.txz\ndfd5d241b0e1703ae9d70d6ccda06179  openssl-solibs-0.9.8za-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\nbd749622577a5f76a59d90b95aa922fd  openssl-0.9.8za-x86_64-1_slack13.1.txz\n35cf911dd9f0cc13f7f0056d9e1f4520  openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n8f674defac9002c81265d284b1072f75  openssl-0.9.8za-i486-1_slack13.37.txz\n48ce79e7714cb0c823d2b6ea4a88ba51  openssl-solibs-0.9.8za-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nefa09162c22782c15806bca99472c5be  openssl-0.9.8za-x86_64-1_slack13.37.txz\n8e3b8d1e3d3a740bd274fbe38dc10f96  openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n8e2698d19f54c7e0cac8f998df23b782  openssl-1.0.1h-i486-1_slack14.0.txz\ncf6233bc169cf6dd192bb7210f779fc1  openssl-solibs-1.0.1h-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2b4f0610d5e46fa7bb27a0b39f0d6d33  openssl-1.0.1h-x86_64-1_slack14.0.txz\n18fdd83dcf86204275508a689a017dea  openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n49aea7da42eef41da894f29762971863  openssl-1.0.1h-i486-1_slack14.1.txz\n6f19f4fdc3f018b4e821c519d7bb1e5c  openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nccf5ff2b107c665a4f3bf98176937749  openssl-1.0.1h-x86_64-1_slack14.1.txz\nea1aaba38c98b096186ca94ca541a793  openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\ndb1ed7ded71ab503f567940fff39eb16  a/openssl-solibs-1.0.1h-i486-1.txz\n0db4f91f9b568b2b2629950e5ab88b22  n/openssl-1.0.1h-i486-1.txz\n\nSlackware x86_64 -current packages:\nd01aef33335bee27f36574241f54091f  a/openssl-solibs-1.0.1h-x86_64-1.txz\n95a743d21c58f39573845d6ec5270656  n/openssl-1.0.1h-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1h-i486-1_slack14.1.txz openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04355095\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04355095\nVersion: 1\n\nHPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows\nrunning OpenSSL, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-08-08\nLast Updated: 2014-08-08\n\nPotential Security Impact: Remote denial of service (DoS), code execution,\nunauthorized access, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH), HP Smart Update Manager (SUM), and HP Version\nControl Agent (VCA) running on Linux and Windows. These components of HP\nInsight Control server deployment could be exploited remotely resulting in\ndenial of service (DoS), code execution, unauthorized access, or disclosure\nof information. \n\nHP Insight Control server deployment packages HP System Management Homepage\n(SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM)\nand deploys them through the following components. This bulletin provides the\ninformation needed to update the HP Insight Control server deployment\nsolution. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\nUpgrade Proliant Firmware\n\nReferences:\n\nCVE-2010-5298 Remote Denial of Service\nCVE-2014-0076 Unauthorized Disclosure of Information\nCVE-2014-0195 Remote Unauthorized Access\nCVE-2014-0198 Remote Denial of Service\nCVE-2014-0221 Remote Denial of Service (DoS)\nCVE-2014-0224 Remote Unauthorized Access or Disclosure of Information\nCVE-2014-3470 Remote Code Execution or Unauthorized Access\nSSRT101628\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5298    (AV:N/AC:H/Au:N/C:N/I:P/A:P)       4.0\nCVE-2014-0076    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-0195    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-0198    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0221    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0224    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-3470    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to v7.3.1 of HP Insight Control server\ndeployment to resolve this vulnerability. HP has provided manual update steps\nif a version upgrade is not possible; if users wish to remain at v7.1.2,\nv7.2.0, or v7.2.1. \n\nNote: It is important to check your current running version of HP Insight\nControl server deployment and to follow the correct steps listed below. For\nHP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and\nfollow the steps below to remove the vulnerability. The vulnerability known\nas Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server\ndeployment v7.3.1. That Security Bulletin with instructions on how to upgrade\nto v7.3.1 can be found here:\n\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n\na-c04267749\n\nHP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should\ntake the following steps to remove this vulnerability. \n\nDelete the files smhamd64-*.exe/smhx86-*.exe\" from Component Copy Location\nlisted in the following table, rows 1 and 2. \nDelete the files \"vcax86-*.exe/vcaamd64-*.exe from Component Copy Location\nlisted in the following table, rows 3 and 4. \nDelete the files hpsmh-7.*.rpm\" from Component Copy Location listed in row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nspecified in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba\n smhamd64-ccp023716.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n2\n http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05\n smhx86-cp023715.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n3\n http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13\n vcax86-cp023742.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2\n vcaamd64-cp023743.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\nDownload and extract the HPSUM 5.3.6 component from\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793\n\nCopy all content from extracted ZIP folder and paste into\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components\nInitiate Install HP Management Agents for SLES 11 x64 on targets running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on targets running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL\n6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL\n5 x64. \nInitiate Install HP Management Agents for Windows x86/x64 on targets running\nWindows. \n\nHP Insight Control server deployment users with v7.2.2:\n\nPlease upgrade to Insight Control server deployment v7.3.1 and follow the\nsteps below for v7.3.1. \n\nHP Insight Control server deployment users with v7.3.1:\n\nPerform steps 1 - 4 as outlined above for users with HP Insight Control\nserver deployment v7.1.2, v7.2.0, and v7.2.1. \nDownload the HP SUM ZIP file from\nhttp://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f\n\nExtract the contents from the HP SUM ZIP file to\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components location on the Insight Control\nserver deployment server\n\nRelated security bulletins:\n\nFor System Management Homepage please see Security bulletin HPSBMU03051 https\n://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04\n345210\n\nFor HP Version Control Agent please see Security bulletin HPSBMU03057 https:/\n/h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434\n9897\n\nHISTORY\nVersion:1 (rev.1) - 8 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlPk9ewACgkQ4B86/C0qfVn1/gCfR2U/mZZXYwPms9ptZcBTua/5\nMoQAn1qlQ3kmLRs7YFN5GzwBTRfSK5Go\n=r0qe\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2232-2\nJune 12, 2014\n\nopenssl regression\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 13.10\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-2232-1 introduced a regression in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nUSN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for\nCVE-2014-0224 caused a regression for certain applications that use\ntls_session_secret_cb, such as wpa_supplicant. This update fixes the\nproblem. \n\nOriginal advisory details:\n\n J=C3=BCri Aedla discovered that OpenSSL incorrectly handled invalid DTLS\n fragments. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\n Ubuntu 14.04 LTS. (CVE-2014-0195)\n  Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. (CVE-2014-0221)\n  KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain\n handshakes. A remote attacker could use this flaw to perform a\n man-in-the-middle attack and possibly decrypt and modify traffic. \n (CVE-2014-0224)\n  Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled\n anonymous ECDH ciphersuites. This issue only\n affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. \n (CVE-2014-3470)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.3\n\nUbuntu 13.10:\n  libssl1.0.0                     1.0.1e-3ubuntu1.5\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.15\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2232-2\n  http://www.ubuntu.com/usn/usn-2232-1\n  https://launchpad.net/bugs/1329297\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.3\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.5\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.15\n. \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://www.openssl.org/news/secadv_20140605.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n ef1687f8f4d68dd34149dbb04f3fccda  mes5/i586/libopenssl0.9.8-0.9.8h-3.18mdvmes5.2.i586.rpm\n 3e46ee354bd0add0234eaf873f0a076c  mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.18mdvmes5.2.i586.rpm\n 0cc60393474d11a3786965d780e39ebc  mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.18mdvmes5.2.i586.rpm\n 16d367fe394b2f16b9f022ea7ba75a54  mes5/i586/openssl-0.9.8h-3.18mdvmes5.2.i586.rpm \n 223a4a6b80f1b2eb3cbfaf99473423f3  mes5/SRPMS/openssl-0.9.8h-3.18mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 85a51b41a45f6905ea778347d8b236c1  mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.18mdvmes5.2.x86_64.rpm\n d0bf9ef6c6e33d0c6158add14cbe04b8  mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.18mdvmes5.2.x86_64.rpm\n 707842b93162409157667f696996f4fc  mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.18mdvmes5.2.x86_64.rpm\n 70f4de1608d99c970afa1786595a761d  mes5/x86_64/openssl-0.9.8h-3.18mdvmes5.2.x86_64.rpm \n 223a4a6b80f1b2eb3cbfaf99473423f3  mes5/SRPMS/openssl-0.9.8h-3.18mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3470"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002767"
      },
      {
        "db": "BID",
        "id": "67898"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3470"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "db": "PACKETSTORM",
        "id": "127923"
      },
      {
        "db": "PACKETSTORM",
        "id": "126976"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "127080"
      },
      {
        "db": "PACKETSTORM",
        "id": "127016"
      },
      {
        "db": "PACKETSTORM",
        "id": "127265"
      },
      {
        "db": "PACKETSTORM",
        "id": "126925"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3470",
        "trust": 3.8
      },
      {
        "db": "MCAFEE",
        "id": "SB10075",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "67898",
        "trust": 2.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10629",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "59916",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58742",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59659",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58977",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59310",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59191",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59483",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59189",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59721",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59431",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59282",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59362",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59491",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59300",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "60571",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59287",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58939",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58337",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59162",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59364",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59449",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59192",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59990",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59167",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58945",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59126",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58716",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "61254",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59175",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59442",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59655",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59459",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59445",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59451",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59264",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59306",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58579",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59518",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59490",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59440",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59120",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59666",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59514",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59784",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58615",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59460",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59284",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59495",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59413",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58713",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58714",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59365",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59438",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59223",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59441",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59525",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58797",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59301",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59450",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59340",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59895",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59342",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59669",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59437",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58667",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-234763",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU93868849",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002767",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-24443",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-081",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03G",
        "trust": 0.4
      },
      {
        "db": "DLINK",
        "id": "SAP10045",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-094-04",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03F",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03B",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03C",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03D",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3470",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127362",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127213",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127266",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127923",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126976",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127807",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127080",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127016",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127265",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126925",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3470"
      },
      {
        "db": "BID",
        "id": "67898"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002767"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "db": "PACKETSTORM",
        "id": "127923"
      },
      {
        "db": "PACKETSTORM",
        "id": "126976"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "127080"
      },
      {
        "db": "PACKETSTORM",
        "id": "127016"
      },
      {
        "db": "PACKETSTORM",
        "id": "127265"
      },
      {
        "db": "PACKETSTORM",
        "id": "126925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3470"
      }
    ]
  },
  "id": "VAR-201406-0117",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.41201043363636364
  },
  "last_update_date": "2024-06-13T23:00:33.950000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT6443",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht6443"
      },
      {
        "title": "HT6443",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht6443?viewlocale=ja_jp"
      },
      {
        "title": "KB36051",
        "trust": 0.8,
        "url": "http://www.blackberry.com/btsc/kb36051"
      },
      {
        "title": "cisco-sa-20140605-openssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl"
      },
      {
        "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "http://fedoraproject.org/ja/"
      },
      {
        "title": "HIRT-PUB14010",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/hirt/publications/hirt-pub14010/index.html"
      },
      {
        "title": "6060",
        "trust": 0.8,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6060\u0026myns=phmc\u0026mync=e"
      },
      {
        "title": "6061",
        "trust": 0.8,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6061\u0026myns=phmc\u0026mync=e"
      },
      {
        "title": "1676062",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
      },
      {
        "title": "4037761",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761"
      },
      {
        "title": "1676419",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
      },
      {
        "title": "1676128",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128"
      },
      {
        "title": "1676496",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496"
      },
      {
        "title": "1676655",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
      },
      {
        "title": "00001841",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
      },
      {
        "title": "1677695",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
      },
      {
        "title": "00001843",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
      },
      {
        "title": "1677828",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
      },
      {
        "title": "1673137",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
      },
      {
        "title": "1678167",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
      },
      {
        "title": "1676035",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
      },
      {
        "title": "1678289",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
      },
      {
        "title": "2079783",
        "trust": 0.8,
        "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_us\u0026cmd=displaykc\u0026externalid=2079783"
      },
      {
        "title": "7015264",
        "trust": 0.8,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
      },
      {
        "title": "7015300",
        "trust": 0.8,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
      },
      {
        "title": "SB10075",
        "trust": 0.8,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075"
      },
      {
        "title": "Fix CVE-2014-3470",
        "trust": 0.8,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8011cd56e39a433b1837465259a9bd24a38727fb"
      },
      {
        "title": "Anonymous ECDH denial of service (CVE-2014-3470)",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20140605.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2014",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html"
      },
      {
        "title": "Bug 1103600",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103600"
      },
      {
        "title": "SA80",
        "trust": 0.8,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80"
      },
      {
        "title": "Huawei-SA-20140613-OpenSSL",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
      },
      {
        "title": "January 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update"
      },
      {
        "title": "CVE-2014-3470 Denial of Service(DOS) vulnerability in OpenSSL",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3470_denial_of"
      },
      {
        "title": "Splunk Enterprise 6.1.2, 6.0.5 and 5.0.9 address two vulnerabilities - July 1, 2014",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaam2d"
      },
      {
        "title": "TLSA-2014-6",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2014/tlsa-2014-6j.html"
      },
      {
        "title": "VMSA-2014-0006",
        "trust": 0.8,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html"
      },
      {
        "title": "34549",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34549"
      },
      {
        "title": "OpenSSL\u306e\u8106\u5f31\u6027(CVE-2014-0224\u4ed6)\u306b\u3088\u308b\u30c6\u30fc\u30d7\u30e9\u30a4\u30d6\u30e9\u30ea\u88c5\u7f6e\u3078\u306e\u5f71\u97ff\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/openssl_cve20140224_tape_library.html"
      },
      {
        "title": "cisco-sa-20140605-openssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1122/1122700_cisco-sa-20140605-openssl-j.html"
      },
      {
        "title": "Symfoware Server: OpenSSL\u306e\u8106\u5f31\u6027(CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470)(2014\u5e747\u670815\u65e5)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201404.html"
      },
      {
        "title": "openssl-1.0.1h",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51081"
      },
      {
        "title": "openssl-1.0.0m",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51080"
      },
      {
        "title": "openssl-0.9.8za",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51079"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/07/10/fireeye_patches_os_torpedo_exploitdb_disclosure/"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b92b65104373bc8476811ff1b99cd369"
      },
      {
        "title": "Red Hat: CVE-2014-3470",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3470"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-3"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-4"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-2"
      },
      {
        "title": "Debian Security Advisories: DSA-2950-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=909292f2afe623fbec51f7ab6b32f790"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-349",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-349"
      },
      {
        "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60"
      },
      {
        "title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201"
      },
      {
        "title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2014-3470 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/potterxma/linux-deployment-standard "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/hrbrmstr/internetdb "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3470"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002767"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-081"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002767"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3470"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://support.citrix.com/article/ctx140876"
      },
      {
        "trust": 2.3,
        "url": "http://www.openssl.org/news/secadv_20140605.txt"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/67898"
      },
      {
        "trust": 2.3,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
      },
      {
        "trust": 2.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "trust": 2.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html"
      },
      {
        "trust": 2.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
      },
      {
        "trust": 2.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
      },
      {
        "trust": 2.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
      },
      {
        "trust": 2.0,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
      },
      {
        "trust": 2.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501"
      },
      {
        "trust": 2.0,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754"
      },
      {
        "trust": 2.0,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755"
      },
      {
        "trust": 2.0,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756"
      },
      {
        "trust": 2.0,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
      },
      {
        "trust": 2.0,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626"
      },
      {
        "trust": 2.0,
        "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
      },
      {
        "trust": 2.0,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15342.html"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103600"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58797"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59191"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58579"
      },
      {
        "trust": 1.7,
        "url": "http://www.blackberry.com/btsc/kb36051"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59438"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59301"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59450"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59491"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59721"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59655"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59659"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59162"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59120"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58939"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59666"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59126"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59490"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59442"
      },
      {
        "trust": 1.7,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
      },
      {
        "trust": 1.7,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6060\u0026myns=phmc\u0026mync=e"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59514"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59495"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59669"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59413"
      },
      {
        "trust": 1.7,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
      },
      {
        "trust": 1.7,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6061\u0026myns=phmc\u0026mync=e"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59300"
      },
      {
        "trust": 1.7,
        "url": "http://www.splunk.com/view/sp-caaam2d"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59895"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59459"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59451"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59342"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59916"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59990"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/60571"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59784"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht6443"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2014/dec/23"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
      },
      {
        "trust": 1.7,
        "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59365"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59364"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59362"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59340"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59310"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59306"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59287"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59284"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59282"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59264"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59223"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59192"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59189"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59175"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59167"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58977"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58945"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58742"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58716"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58714"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58713"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58667"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58615"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58337"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29195"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020163"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:106"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:105"
      },
      {
        "trust": 1.7,
        "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/61254"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59525"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59518"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59483"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59460"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59449"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59445"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59441"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59440"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59437"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59431"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=8011cd56e39a433b1837465259a9bd24a38727fb"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu93868849/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3470"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8011cd56e39a433b1837465259a9bd24a38727fb"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/solutions/len-24443"
      },
      {
        "trust": 0.5,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.5,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.5,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03g"
      },
      {
        "trust": 0.3,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3470_denial_of"
      },
      {
        "trust": 0.3,
        "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list\u0026showdraft=false"
      },
      {
        "trust": 0.3,
        "url": "http://www.cerberusftp.com/products/releasenotes.html"
      },
      {
        "trust": 0.3,
        "url": "http://googlechromereleases.blogspot.com/2014/06/chrome-for-android-update.html"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678123"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678073"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181245"
      },
      {
        "trust": 0.3,
        "url": "http://www8.hp.com/us/en/software-solutions/operations-analytics-operations-analysis/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685551"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096059"
      },
      {
        "trust": 0.3,
        "url": "http://www.marshut.com/ixwnpv/stunnel-5-02-released.html"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181099"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100180978"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03d"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
      },
      {
        "trust": 0.3,
        "url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04343424"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04363613"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368523"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04337774"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04336637"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21681494"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678413"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676673"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678660"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/33a01-5228bdf5d027e/cert_security_mini-_bulletin_xrx15ao_for_cq8570-cq8870_v1-0.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.checkpoint.com/defense/advisories/public/2014/cpai-10-jun3.html"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181079"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676276"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html"
      },
      {
        "trust": 0.3,
        "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676793"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676840"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020163"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682023"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682026"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682024"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690128"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678289"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03b"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03c"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03f"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
      },
      {
        "trust": 0.3,
        "url": "http://www.ubuntu.com/usn/usn-2232-4/"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://www.hp.com/swpublishing/mtx-bd9a1cf60e344c549c4888db93"
      },
      {
        "trust": 0.3,
        "url": "http://www.hp.com/swpublishing/mtx-3395d737d98f42149125b9bb05"
      },
      {
        "trust": 0.3,
        "url": "http://www.hp.com/swpublishing/mtx-e8076c2a35804685ad65b2b1ba"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-511c3e0b2f6f4f6bbc796fc619"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-3a7aa5e233904ebe847a5e1555"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-d775367b0a28449ca05660778b"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-c0d32bac154a4d93839d8cd1f2"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-8aefeaf490284a7691eca97d13"
      },
      {
        "trust": 0.2,
        "url": "http://www.ubuntu.com/usn/usn-2232-1"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/476.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34549"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2232-3/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-2c54f23c6dbc4d598e86fdef95"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-4480df0f6d544779b0143f5c3b"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2520"
      },
      {
        "trust": 0.1,
        "url": "https://support.emc.com/downloads/2732_documentum-server"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2521"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-f6c141a7feeb4a358bbb28300f"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.3"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2232-2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.15"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1329297"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.5"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-8208c3987b1b4a5093f3e8fcc3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.18"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.14"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3470"
      },
      {
        "db": "BID",
        "id": "67898"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002767"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "db": "PACKETSTORM",
        "id": "127923"
      },
      {
        "db": "PACKETSTORM",
        "id": "126976"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "127080"
      },
      {
        "db": "PACKETSTORM",
        "id": "127016"
      },
      {
        "db": "PACKETSTORM",
        "id": "127265"
      },
      {
        "db": "PACKETSTORM",
        "id": "126925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3470"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3470"
      },
      {
        "db": "BID",
        "id": "67898"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002767"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "db": "PACKETSTORM",
        "id": "127923"
      },
      {
        "db": "PACKETSTORM",
        "id": "126976"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "127080"
      },
      {
        "db": "PACKETSTORM",
        "id": "127016"
      },
      {
        "db": "PACKETSTORM",
        "id": "127265"
      },
      {
        "db": "PACKETSTORM",
        "id": "126925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3470"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-06-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3470"
      },
      {
        "date": "2014-06-05T00:00:00",
        "db": "BID",
        "id": "67898"
      },
      {
        "date": "2014-06-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002767"
      },
      {
        "date": "2014-07-06T18:53:39",
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "date": "2014-06-25T21:32:38",
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "date": "2014-06-27T18:43:56",
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "date": "2014-08-19T16:52:04",
        "db": "PACKETSTORM",
        "id": "127923"
      },
      {
        "date": "2014-06-06T23:46:36",
        "db": "PACKETSTORM",
        "id": "126976"
      },
      {
        "date": "2014-08-08T21:53:16",
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "date": "2014-06-13T00:11:12",
        "db": "PACKETSTORM",
        "id": "127080"
      },
      {
        "date": "2014-06-10T17:33:47",
        "db": "PACKETSTORM",
        "id": "127016"
      },
      {
        "date": "2014-06-27T18:43:23",
        "db": "PACKETSTORM",
        "id": "127265"
      },
      {
        "date": "2014-06-05T15:14:53",
        "db": "PACKETSTORM",
        "id": "126925"
      },
      {
        "date": "2014-06-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201406-081"
      },
      {
        "date": "2014-06-05T21:55:07.880000",
        "db": "NVD",
        "id": "CVE-2014-3470"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3470"
      },
      {
        "date": "2018-10-11T12:00:00",
        "db": "BID",
        "id": "67898"
      },
      {
        "date": "2015-12-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002767"
      },
      {
        "date": "2022-08-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201406-081"
      },
      {
        "date": "2023-11-07T02:20:08.380000",
        "db": "NVD",
        "id": "CVE-2014-3470"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127016"
      },
      {
        "db": "PACKETSTORM",
        "id": "126925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-081"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  s3_clnt.c of  ssl3_send_client_key_exchange Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002767"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-081"
      }
    ],
    "trust": 0.6
  }
}

var-201408-0095
Vulnerability from variot

d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values. OpenSSL is prone to a denial-of-service vulnerability. Attackers may exploit this issue to consume large amounts of memory, resulting in a denial-of-service condition. The following versions are vulnerable: OpenSSL 0.9.8 versions prior to 0.9.8zb. OpenSSL 1.0.0 versions prior to 1.0.0n. OpenSSL 1.0.1 versions prior to 1.0.1i. - The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. Corrected: 2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE) 2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8) 2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE) 2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1) 2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11) 2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18) 2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE) 2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15) CVE Name: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510, CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project.

II. [CVE-2014-5139]

III. Additionally, a remote attacker may be able to run arbitrary code on a vulnerable system if the application has been set up for SRP.

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.0]

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc

gpg --verify openssl-10.0.patch.asc

[FreeBSD 9.3]

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc

gpg --verify openssl-9.3.patch.asc

[FreeBSD 9.2, 9.1, 8.4]

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc

gpg --verify openssl-9.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

3) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r269687 releng/8.4/ r271305 stable/9/ r269687 releng/9.1/ r271305 releng/9.2/ r271305 releng/9.3/ r271305 stable/10/ r269686 releng/10.0/ r271304

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII.

Detailed descriptions of the vulnerabilities can be found at: https://www.openssl.org/news/secadv_20140806.txt

It's important that you upgrade the libssl1.0.0 package and not just the openssl package. Alternatively, you may reboot your system.

For the testing distribution (jessie), these problems will be fixed soon.

Release Date: 2014-08-14 Last Updated: 2014-08-14

Potential Security Impact: Remote Denial of Service (DoS), unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before 0.9.8zb

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-3505 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3506 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3507 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3510 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following updates to resolve these vulnerabilities. The updates are available from https://h20392.www2.hp.com/portal/swdepot/displayP roductInfo.do?productNumber=OPENSSL11I

HP-UX Release HP-UX OpenSSL version

B.11.11 (11i v1) OpenSSL_A.00.09.08zb.001_HP-UX_B.11.11_32_64.depot

B.11.23 (11i v2) OpenSSL_A.00.09.08zb.002_HP-UX_B.11.23_IA-PA.depot

B.11.31 (11i v3) OpenSSL_A.00.09.08zb.003_HP-UX_B.11.31_IA-PA.depot

MANUAL ACTIONS: Yes - Update

Install OpenSSL A.00.09.08zb or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.11

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zb.001 or subsequent

HP-UX B.11.23

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zb.002 or subsequent

HP-UX B.11.31

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zb.003 or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 15 August 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

The updated packages have been upgraded to the 1.0.0n version where these security flaws has been fixed.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510 http://www.openssl.org/news/secadv_20140806.txt

Updated Packages:

Mandriva Business Server 1/X86_64: 17007f558e739eb863c8507d520ffbc9 mbs1/x86_64/lib64openssl1.0.0-1.0.0n-1.mbs1.x86_64.rpm f810bbe20b2de26cb99d13ddaf0ac2fa mbs1/x86_64/lib64openssl-devel-1.0.0n-1.mbs1.x86_64.rpm 54d87a61ca0440dc5f344931de1ff43e mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0n-1.mbs1.x86_64.rpm 5b1748370e5a855cc31d3eec7673da5e mbs1/x86_64/lib64openssl-static-devel-1.0.0n-1.mbs1.x86_64.rpm 7e19a555629b4a2d3d4533be7786ce5e mbs1/x86_64/openssl-1.0.0n-1.mbs1.x86_64.rpm a9e74f2bab2878f601cfb44620c76dbb mbs1/SRPMS/openssl-1.0.0n-1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFT5HsDmqjQ0CJFipgRAhA5AJ0ZoDe2+SA7K7xk+NZLedQBVoFVvgCffPW9 5geoq7aMnxbnw5eTuuH+iIs= =CK7e -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2308-1 August 07, 2014

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain applications, an attacker may use this issue to possibly gain access to sensitive information. (CVE-2014-3508)

Gabor Tyukasz discovered that OpenSSL contained a race condition when processing serverhello messages. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.5

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.17

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.20

After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2014:1053-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1053.html Issue date: 2014-08-13 CVE Names: CVE-2014-0221 CVE-2014-3505 CVE-2014-3506 CVE-2014-3508 CVE-2014-3510 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.

It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3508)

Multiple flaws were discovered in the way OpenSSL handled DTLS packets. (CVE-2014-0221, CVE-2014-3505, CVE-2014-3506)

A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. (CVE-2014-3510)

Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original reporter of this issue.

All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake 1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions 1127499 - CVE-2014-3505 openssl: DTLS packet processing double free 1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion 1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source: openssl-0.9.8e-27.el5_10.4.src.rpm

i386: openssl-0.9.8e-27.el5_10.4.i386.rpm openssl-0.9.8e-27.el5_10.4.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm openssl-perl-0.9.8e-27.el5_10.4.i386.rpm

x86_64: openssl-0.9.8e-27.el5_10.4.i686.rpm openssl-0.9.8e-27.el5_10.4.x86_64.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm openssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm

Red Hat Enterprise Linux Desktop Workstation (v. 5 client):

Source: openssl-0.9.8e-27.el5_10.4.src.rpm

i386: openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm openssl-devel-0.9.8e-27.el5_10.4.i386.rpm

x86_64: openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm openssl-devel-0.9.8e-27.el5_10.4.i386.rpm openssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source: openssl-0.9.8e-27.el5_10.4.src.rpm

i386: openssl-0.9.8e-27.el5_10.4.i386.rpm openssl-0.9.8e-27.el5_10.4.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm openssl-devel-0.9.8e-27.el5_10.4.i386.rpm openssl-perl-0.9.8e-27.el5_10.4.i386.rpm

ia64: openssl-0.9.8e-27.el5_10.4.i686.rpm openssl-0.9.8e-27.el5_10.4.ia64.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.ia64.rpm openssl-devel-0.9.8e-27.el5_10.4.ia64.rpm openssl-perl-0.9.8e-27.el5_10.4.ia64.rpm

ppc: openssl-0.9.8e-27.el5_10.4.ppc.rpm openssl-0.9.8e-27.el5_10.4.ppc64.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.ppc.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.ppc64.rpm openssl-devel-0.9.8e-27.el5_10.4.ppc.rpm openssl-devel-0.9.8e-27.el5_10.4.ppc64.rpm openssl-perl-0.9.8e-27.el5_10.4.ppc.rpm

s390x: openssl-0.9.8e-27.el5_10.4.s390.rpm openssl-0.9.8e-27.el5_10.4.s390x.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.s390.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.s390x.rpm openssl-devel-0.9.8e-27.el5_10.4.s390.rpm openssl-devel-0.9.8e-27.el5_10.4.s390x.rpm openssl-perl-0.9.8e-27.el5_10.4.s390x.rpm

x86_64: openssl-0.9.8e-27.el5_10.4.i686.rpm openssl-0.9.8e-27.el5_10.4.x86_64.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm openssl-devel-0.9.8e-27.el5_10.4.i386.rpm openssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm openssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2014-0221.html https://www.redhat.com/security/data/cve/CVE-2014-3505.html https://www.redhat.com/security/data/cve/CVE-2014-3506.html https://www.redhat.com/security/data/cve/CVE-2014-3508.html https://www.redhat.com/security/data/cve/CVE-2014-3510.html https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20140605.txt https://www.openssl.org/news/secadv_20140806.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFT69sGXlSAg2UNWIIRAuZjAJ9R5VuNKxbsx8+T/WGZrkH1VheAqgCdHHXN vrHSSMIJuncazkJWPE/LOyQ= =/f7Y -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. Solution:

The References section of this erratum contains a download link (you must log in to download the update).

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz 3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: 3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz 075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz 92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: df5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz 582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz b80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz 0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz

Slackware 14.0 packages: d1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz ec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz 25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz 4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: f2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz 4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz

Slackware -current packages: 49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz 27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz

Slackware x86_64 -current packages: 8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz fd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014] ========================================

Information leak in pretty printing functions (CVE-2014-3508)

A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.

Thanks to Ivan Fratric (Google) for discovering this issue. This issue was reported to OpenSSL on 19th June 2014.

The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL development team.

Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)

The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This can be exploited through a Denial of Service attack.

OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. This issue was reported to OpenSSL on 2nd July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)

If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory.

OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. This issue was reported to OpenSSL on 8th July 2014.

The fix was developed by Gabor Tyukasz.

Double Free when processing DTLS packets (CVE-2014-3505)

An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack.

Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley. This can be exploited through a Denial of Service attack.

Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley.

DTLS memory leak from zero-length fragments (CVE-2014-3507)

By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack.

Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley.

OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages.

OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.

Thanks to Felix Gröbert (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 18th July 2014.

The fix was developed by Emilia Käsper of the OpenSSL development team.

OpenSSL TLS protocol downgrade attack (CVE-2014-3511)

A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records.

OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.

Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 21st July 2014.

The fix was developed by David Benjamin.

SRP buffer overrun (CVE-2014-3512)

A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.

Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC Group) for discovering this issue. This issue was reported to OpenSSL on 31st July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20140806.txt

Note: the online version of the advisory may be updated with additional details over time

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0095",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8u"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8t"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8y"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8za"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8w"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8 thats all  0.9.8zb"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0 thats all  1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1 thats all  1.0.1i"
      },
      {
        "model": "hp virtual connect",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "8gb 24 port fiber channel module  3.00   (vc ( virtual connect ) 4.40  )"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7835"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5855072.060.134.32804"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "8.4-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "10.0-beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7225"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "-release-p2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "8.4-release-p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.8"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "big-ip webaccelerator hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "one-x client enablement services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "8.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5745061.132.224.35203"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "9.2-release-p11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "vios fp-25 sp-02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.4"
      },
      {
        "model": "9.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.3-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "7.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.4-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip asm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "7.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge gateway hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "idatplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "jboss web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2407863"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "idatplex dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79180"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x35007383"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.2"
      },
      {
        "model": "release-p4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5855"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.0-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "9.1-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9303"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2207906"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "megaraid storage manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "15.03.01.00"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "hp-ux b.11.23 (11i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v2)"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip webaccelerator hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "-release/alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "8.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.1"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "model": "9.2-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5"
      },
      {
        "model": "2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "9.1--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "idatplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "6.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "9.3-beta3-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "9.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "-stablepre2001-07-20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "8.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "6.3-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "9.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.0"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x33007382"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "7.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "7.0-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "9.0-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "8700"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.3"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5845072.060.134.32804"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x638370"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "big-ip ltm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "9.1-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "7.1-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "7.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5740"
      },
      {
        "model": "9.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7955"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "nextscale nx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54550"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "7.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.2x"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "7.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.0-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "8.4-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2408738"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "8.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0.x"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.3-rc",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "9.3-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "8.4-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.0-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.7"
      },
      {
        "model": "big-ip edge gateway hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "-pre-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager utility services sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.16.1.0.9.8"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7845"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079150"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "8.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "8700072.161.134.32804"
      },
      {
        "model": "enterprise linux load balancer eus 6.5.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "9.2-rc2-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5735"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.2-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x35507914"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.1"
      },
      {
        "model": "8.3-release-p15",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "9.1-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "9.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.3"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.5"
      },
      {
        "model": "7.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.2-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.3x"
      },
      {
        "model": "9.3-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4.0.15"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "8.3-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7855"
      },
      {
        "model": "-stablepre2002-03-07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087330"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.2"
      },
      {
        "model": "8.3-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.6.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "7.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.3"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "8.3-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7830072.010.134.32804"
      },
      {
        "model": "9.2-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "7.3-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7845072.040.134.32804"
      },
      {
        "model": "6.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand workflow automation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "oncommand unified manager core package 5.2.1p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "8.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5845"
      },
      {
        "model": "-release-p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "7.4-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "big-ip edge gateway hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "8.3-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2202585"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "10.0-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "9.1-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "8900072.161.134.32804"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "9.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.21"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9302072.180.134.32804"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "open systems snapvault 3.0.1p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.1"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "3655072.060.134.32804"
      },
      {
        "model": "-release-p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "9.3-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge gateway hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.5.0.15"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5735061.132.224.35203"
      },
      {
        "model": "8-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2227916"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "-release-p6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "8.4-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "8.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "8.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "7.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "8.4-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7855072.040.134.32804"
      },
      {
        "model": "-release-p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "6655072.060.134.32804"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2-"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip wom hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "9.1-release-p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip analytics 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "10.0-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "7.3-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.4x"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0.x"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "7.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7220"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.3"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "10.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "hp-ux b.11.11 (11i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v1)"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5755061.132.224.35203"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.7"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.3"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.4"
      },
      {
        "model": "6.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x8804259"
      },
      {
        "model": "10.0-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge gateway hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.1-release-p15",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-493"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.21"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7225072.030.134.32804"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "7.0-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1.5.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x37508752"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.3"
      },
      {
        "model": "8.2-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.3-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "8.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "6.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "9.2-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5x"
      },
      {
        "model": "8.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "-release-p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release-p32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5740061.132.224.35203"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "7.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x36307158"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "campaign",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.0-release-p8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "puredata system for operational analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "8.1-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "bladecenter advanced management module 3.66g",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "8.4-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "contact optimization",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "9.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.1x"
      },
      {
        "model": "9.3-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2408737"
      },
      {
        "model": "9.0--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "9.2-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.2"
      },
      {
        "model": "7.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0.x"
      },
      {
        "model": "9.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "release -p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2-"
      },
      {
        "model": "8.4-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.1-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "9.3-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tivoli netcool system service monitor fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2x"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "7.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "9.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7830"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "8-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "7.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "8.2-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x32502583"
      },
      {
        "model": "9.2-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "-release-p38",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "8900"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.15"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.4"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.2"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "8.4-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x31002582"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "6.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1.5"
      },
      {
        "model": "9.2-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.4"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "10.0-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.6"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "8.4-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.21"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1x"
      },
      {
        "model": "9.3-release-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "8.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7970072.200.134.32804"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "8.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tssc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.16"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7220072.030.134.32804"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "8.1-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9303072.180.134.32804"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9302"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.5"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "big-ip psm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.7.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "9.1-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310054570"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x35307160"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.2"
      },
      {
        "model": "9.2-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9301072.180.134.32804"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6.1"
      },
      {
        "model": "7.2-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9301"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5755"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "9.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "7.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "flashsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8400"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "36550"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "release p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.3--"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "9.1-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.1-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.00"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release-p10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087180"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "66550"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.3-beta1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "cms r17ac.g",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "idatplex dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79190"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.3"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x638370"
      },
      {
        "model": "10.0-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5745"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "10.0-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "hp-ux b.11.31 (11i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v3)"
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2408956"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8731"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x8807903"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "9.2-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "8.4-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip analytics hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "system m4 hd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x36305466"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "-release-p17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "7.0-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "9.1-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.0.9.8"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "10.0-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x4407917"
      },
      {
        "model": "flashsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v8400"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system m4 hd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x36505460"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087220"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8734"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7835072.010.134.32804"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "model": "storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "79700"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "9.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "cms r17ac.h",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "contact optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "big-ip edge gateway hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "9.2-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "8.2-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325054580"
      },
      {
        "model": "-release-p42",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "big-ip edge gateway hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "6.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "6.4-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "69076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003810"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-128"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3506"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3506"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Adam Langley of Google",
    "sources": [
      {
        "db": "BID",
        "id": "69076"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-128"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2014-3506",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-3506",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3506",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201408-128",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3506",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3506"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003810"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-128"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3506"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values. OpenSSL is prone to a denial-of-service vulnerability. \nAttackers may exploit this issue to consume large amounts of memory, resulting in a denial-of-service condition. \nThe following versions are vulnerable:\nOpenSSL 0.9.8 versions prior to 0.9.8zb. \nOpenSSL 1.0.0 versions prior to 1.0.0n. \nOpenSSL 1.0.1 versions prior to 1.0.1i. \n  - The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely\nresulting in disclosure of information. \nCorrected:      2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE)\n                2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8)\n                2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE)\n                2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1)\n                2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11)\n                2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18)\n                2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE)\n                2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15)\nCVE Name:       CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510,\n                CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2014-5139]\n\nIII.  Additionally, a remote attacker may be able\nto run arbitrary code on a vulnerable system if the application has been\nset up for SRP. \n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 9.3]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 9.2, 9.1, 8.4]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc\n# gpg --verify openssl-9.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r269687\nreleng/8.4/                                                       r271305\nstable/9/                                                         r269687\nreleng/9.1/                                                       r271305\nreleng/9.2/                                                       r271305\nreleng/9.3/                                                       r271305\nstable/10/                                                        r269686\nreleng/10.0/                                                      r271304\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n\nDetailed descriptions of the vulnerabilities can be found at:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nIt\u0027s important that you upgrade the libssl1.0.0 package and not just\nthe openssl package. Alternatively, you may reboot your system. \n\nFor the testing distribution (jessie), these problems will be fixed\nsoon. \n\nRelease Date: 2014-08-14\nLast Updated: 2014-08-14\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized\naccess. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nOpenSSL. These vulnerabilities could be exploited remotely to create a Denial\nof Service (DoS), allow unauthorized access. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before 0.9.8zb\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3505    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3506    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3507    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3508    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-3510    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to resolve these vulnerabilities. The\nupdates are available from https://h20392.www2.hp.com/portal/swdepot/displayP\nroductInfo.do?productNumber=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL version\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08zb.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08zb.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08zb.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08zb or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zb.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zb.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zb.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 15 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n \n The updated packages have been upgraded to the 1.0.0n version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n http://www.openssl.org/news/secadv_20140806.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 17007f558e739eb863c8507d520ffbc9  mbs1/x86_64/lib64openssl1.0.0-1.0.0n-1.mbs1.x86_64.rpm\n f810bbe20b2de26cb99d13ddaf0ac2fa  mbs1/x86_64/lib64openssl-devel-1.0.0n-1.mbs1.x86_64.rpm\n 54d87a61ca0440dc5f344931de1ff43e  mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0n-1.mbs1.x86_64.rpm\n 5b1748370e5a855cc31d3eec7673da5e  mbs1/x86_64/lib64openssl-static-devel-1.0.0n-1.mbs1.x86_64.rpm\n 7e19a555629b4a2d3d4533be7786ce5e  mbs1/x86_64/openssl-1.0.0n-1.mbs1.x86_64.rpm \n a9e74f2bab2878f601cfb44620c76dbb  mbs1/SRPMS/openssl-1.0.0n-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFT5HsDmqjQ0CJFipgRAhA5AJ0ZoDe2+SA7K7xk+NZLedQBVoFVvgCffPW9\n5geoq7aMnxbnw5eTuuH+iIs=\n=CK7e\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2308-1\nAugust 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access to\nsensitive information. (CVE-2014-3508)\n\nGabor Tyukasz discovered that OpenSSL contained a race condition when\nprocessing serverhello messages. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-5139)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.17\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.20\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2014:1053-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-1053.html\nIssue date:        2014-08-13\nCVE Names:         CVE-2014-0221 CVE-2014-3505 CVE-2014-3506 \n                   CVE-2014-3508 CVE-2014-3510 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets. (CVE-2014-0221,\nCVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original\nreporter of this issue. \n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake\n1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions\n1127499 - CVE-2014-3505 openssl: DTLS packet processing double free\n1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion\n1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nopenssl-0.9.8e-27.el5_10.4.src.rpm\n\ni386:\nopenssl-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-perl-0.9.8e-27.el5_10.4.i386.rpm\n\nx86_64:\nopenssl-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-0.9.8e-27.el5_10.4.x86_64.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm\nopenssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Workstation (v. 5 client):\n\nSource:\nopenssl-0.9.8e-27.el5_10.4.src.rpm\n\ni386:\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.i386.rpm\n\nx86_64:\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nopenssl-0.9.8e-27.el5_10.4.src.rpm\n\ni386:\nopenssl-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-perl-0.9.8e-27.el5_10.4.i386.rpm\n\nia64:\nopenssl-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-0.9.8e-27.el5_10.4.ia64.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.ia64.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.ia64.rpm\nopenssl-perl-0.9.8e-27.el5_10.4.ia64.rpm\n\nppc:\nopenssl-0.9.8e-27.el5_10.4.ppc.rpm\nopenssl-0.9.8e-27.el5_10.4.ppc64.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.ppc.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.ppc64.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.ppc.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.ppc64.rpm\nopenssl-perl-0.9.8e-27.el5_10.4.ppc.rpm\n\ns390x:\nopenssl-0.9.8e-27.el5_10.4.s390.rpm\nopenssl-0.9.8e-27.el5_10.4.s390x.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.s390.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.s390x.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.s390.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.s390x.rpm\nopenssl-perl-0.9.8e-27.el5_10.4.s390x.rpm\n\nx86_64:\nopenssl-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-0.9.8e-27.el5_10.4.x86_64.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm\nopenssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-0221.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3505.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3506.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3508.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3510.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20140605.txt\nhttps://www.openssl.org/news/secadv_20140806.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFT69sGXlSAg2UNWIIRAuZjAJ9R5VuNKxbsx8+T/WGZrkH1VheAqgCdHHXN\nvrHSSMIJuncazkJWPE/LOyQ=\n=/f7Y\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz:  Upgraded. \n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd  openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200  openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413  openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544  openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb  openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d  openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c  openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da  openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620  openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691  openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023  openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843  openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180  openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231  openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58  openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c  openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7  openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7  openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d  openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250  openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269  a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f  n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc  a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8  n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014]\n========================================\n\nInformation leak in pretty printing functions (CVE-2014-3508)\n=============================================================\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information from the\nstack. Applications may be affected if they echo pretty printing output to the\nattacker. OpenSSL SSL/TLS clients and servers themselves are not affected. \n\nThanks to Ivan Fratric (Google) for discovering this issue. This issue\nwas reported to OpenSSL on 19th June 2014. \n\nThe fix was developed by Emilia K\u00e4sper and Stephen Henson of the OpenSSL\ndevelopment team. \n\n\nCrash with SRP ciphersuite in Server Hello message (CVE-2014-5139)\n==================================================================\n\nThe issue affects OpenSSL clients and allows a malicious server to crash\nthe client with a null pointer dereference (read) by specifying an SRP\nciphersuite even though it was not properly negotiated with the client. This can\nbe exploited through a Denial of Service attack. \n\nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Joonas Kuorilehto and Riku Hietam\u00e4ki (Codenomicon) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 2nd July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nRace condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)\n==============================================================\n\nIf a multithreaded client connects to a malicious server using a resumed session\nand the server sends an ec point format extension it could write up to 255 bytes\nto freed memory. \n\nOpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this\nissue. This issue was reported to OpenSSL on 8th July 2014. \n\nThe fix was developed by Gabor Tyukasz. \n\n\nDouble Free when processing DTLS packets (CVE-2014-3505)\n========================================================\n\nAn attacker can force an error condition which causes openssl to crash whilst\nprocessing DTLS packets due to memory being freed twice. This can be exploited\nthrough a Denial of Service attack. \n\nThanks to Adam Langley and Wan-Teh Chang (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 6th June\n2014. \n\nThe fix was developed by Adam Langley. This can be exploited through a Denial of\nService attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\n\nDTLS memory leak from zero-length fragments (CVE-2014-3507)\n===========================================================\n\nBy sending carefully crafted DTLS packets an attacker could cause openssl to\nleak memory. This can be exploited through a Denial of Service attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\nOpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n===============================================================\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a\ndenial of service attack. A malicious server can crash the client with a null\npointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and\nsending carefully crafted handshake messages. \n\nOpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i. \n\nThanks to Felix Gr\u00f6bert (Google) for discovering and researching this issue. \nThis issue was reported to OpenSSL on 18th July 2014. \n\nThe fix was developed by Emilia K\u00e4sper of the OpenSSL development team. \n\n\nOpenSSL TLS protocol downgrade attack (CVE-2014-3511)\n=====================================================\n\nA flaw in the OpenSSL SSL/TLS server code causes the server to negotiate\nTLS 1.0 instead of higher protocol versions when the ClientHello message is\nbadly fragmented. This allows a man-in-the-middle attacker to force a\ndowngrade to TLS 1.0 even if both the server and the client support a higher\nprotocol version, by modifying the client\u0027s TLS records. \n\nOpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i. \n\nThanks to David Benjamin and Adam Langley (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 21st July 2014. \n\nThe fix was developed by David Benjamin. \n\n\nSRP buffer overrun (CVE-2014-3512)\n==================================\n\nA malicious client or server can send invalid SRP parameters and overrun\nan internal buffer. Only applications which are explicitly set up for SRP\nuse are affected. \n\nThanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC\nGroup) for discovering this issue. This issue was reported to OpenSSL\non 31st July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3506"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003810"
      },
      {
        "db": "BID",
        "id": "69076"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3506"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "db": "PACKETSTORM",
        "id": "127940"
      },
      {
        "db": "PACKETSTORM",
        "id": "128387"
      },
      {
        "db": "PACKETSTORM",
        "id": "127799"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "127862"
      },
      {
        "db": "PACKETSTORM",
        "id": "128297"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3506",
        "trust": 3.9
      },
      {
        "db": "BID",
        "id": "69076",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "61250",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59710",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60687",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61184",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60938",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60684",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61775",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60493",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59221",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60221",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59743",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60778",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61017",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59756",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60921",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61959",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60917",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61040",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59700",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60803",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60824",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61100",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60022",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58962",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030693",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003810",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-24443",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-128",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3506",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130868",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128214",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127940",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128387",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127799",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127790",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127862",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128297",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127811",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169648",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3506"
      },
      {
        "db": "BID",
        "id": "69076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003810"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "db": "PACKETSTORM",
        "id": "127940"
      },
      {
        "db": "PACKETSTORM",
        "id": "128387"
      },
      {
        "db": "PACKETSTORM",
        "id": "127799"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "127862"
      },
      {
        "db": "PACKETSTORM",
        "id": "128297"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-128"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3506"
      }
    ]
  },
  "id": "VAR-201408-0095",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44401007833333334
  },
  "last_update_date": "2024-07-22T21:22:36.590000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBHF03293",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
      },
      {
        "title": "HPSBUX03095 SSRT101674",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04404655"
      },
      {
        "title": "HPSBOV03099 SSRT101686",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04426586"
      },
      {
        "title": "1682293",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "title": "1686997",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "title": "Fix DTLS handshake message size checks.",
        "trust": 0.8,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636"
      },
      {
        "title": "DTLS memory exhaustion (CVE-2014-3506)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20140806.txt"
      },
      {
        "title": "ELSA-2014-1053",
        "trust": 0.8,
        "url": "http://linux.oracle.com/errata/elsa-2014-1053.html"
      },
      {
        "title": "RHSA-2014:1297",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1297.html"
      },
      {
        "title": "RHSA-2014:1256",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1256.html"
      },
      {
        "title": "Huawei-SA-20141008-OpenSSL",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
      },
      {
        "title": "TLSA-2014-6",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2014/tlsa-2014-6j.html"
      },
      {
        "title": "openssl-0.9.8zb",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51694"
      },
      {
        "title": "openssl-1.0.1i",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51696"
      },
      {
        "title": "openssl-1.0.0n",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51695"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2308-1"
      },
      {
        "title": "Debian Security Advisories: DSA-2998-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=bfd576c692d8814b2a331baf29ad367c"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-391",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-391"
      },
      {
        "title": "Symantec Security Advisories: SA85 : OpenSSL Security Advisory 06-Aug-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=02a206cf2efb06aecdaf29aeca851b55"
      },
      {
        "title": "oval",
        "trust": 0.1,
        "url": "https://github.com/jumanjihouse/oval "
      },
      {
        "title": "wormhole",
        "trust": 0.1,
        "url": "https://github.com/jumanjihouse/wormhole "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/hrbrmstr/internetdb "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3506"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003810"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-128"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003810"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3506"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://www.openssl.org/news/secadv_20140806.txt"
      },
      {
        "trust": 1.5,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1256.html"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "trust": 1.4,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:18.openssl.asc"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1297.html"
      },
      {
        "trust": 1.1,
        "url": "http://linux.oracle.com/errata/elsa-2014-1053.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60687"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59221"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60824"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60917"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60938"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60921"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2014/dsa-2998"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61775"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61959"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59756"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127500"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030693"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/69076"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:158"
      },
      {
        "trust": 1.1,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61250"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61184"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61100"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61040"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61017"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60803"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60778"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60684"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60493"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60221"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60022"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59743"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59710"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59700"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58962"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
      },
      {
        "trust": 1.1,
        "url": "http://linux.oracle.com/errata/elsa-2014-1052.html"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95160"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=1250f12613b61758675848f6600ebd914ccd7636"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3506"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/solutions/len-24443"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684444"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684903"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004917"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004931"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004872"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/mar/84"
      },
      {
        "trust": 0.3,
        "url": "aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100182969"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04426586"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04404655"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684570"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2a20e-5105457a515cc/cert_security_mini-_bulletin_xrx15e_for_wc57xx_v1_0.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2deee-50da9c14daae3/cert_mini_security_bulletin_xrx15a_v1-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2df3c-51055b159fd50/cert_security_mini_bulletin_xrx15f_for_connectkey_1.5_v1-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685467"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098196"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097658"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100182784"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1052.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1054.html"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691014"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683389"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097903"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098585"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686182"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685967"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096510"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966557"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3508.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3510.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3505.html"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3506.html"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.2,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2308-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20140806.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.patch"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-14:18.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayp"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.3"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2308-1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20140605.txt"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0221.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1053.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.1.0"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3506"
      },
      {
        "db": "BID",
        "id": "69076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003810"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "db": "PACKETSTORM",
        "id": "127940"
      },
      {
        "db": "PACKETSTORM",
        "id": "128387"
      },
      {
        "db": "PACKETSTORM",
        "id": "127799"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "127862"
      },
      {
        "db": "PACKETSTORM",
        "id": "128297"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-128"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3506"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3506"
      },
      {
        "db": "BID",
        "id": "69076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003810"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "db": "PACKETSTORM",
        "id": "127940"
      },
      {
        "db": "PACKETSTORM",
        "id": "128387"
      },
      {
        "db": "PACKETSTORM",
        "id": "127799"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "127862"
      },
      {
        "db": "PACKETSTORM",
        "id": "128297"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-128"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3506"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-08-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3506"
      },
      {
        "date": "2014-08-06T00:00:00",
        "db": "BID",
        "id": "69076"
      },
      {
        "date": "2014-08-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003810"
      },
      {
        "date": "2015-03-18T00:44:34",
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "date": "2014-09-09T17:32:22",
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "date": "2014-08-08T21:50:05",
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "date": "2014-08-20T15:20:13",
        "db": "PACKETSTORM",
        "id": "127940"
      },
      {
        "date": "2014-09-25T00:05:16",
        "db": "PACKETSTORM",
        "id": "128387"
      },
      {
        "date": "2014-08-08T21:48:03",
        "db": "PACKETSTORM",
        "id": "127799"
      },
      {
        "date": "2014-08-08T21:44:17",
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "date": "2014-08-14T02:25:06",
        "db": "PACKETSTORM",
        "id": "127862"
      },
      {
        "date": "2014-09-17T20:46:27",
        "db": "PACKETSTORM",
        "id": "128297"
      },
      {
        "date": "2014-08-11T11:11:00",
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "date": "2014-08-06T12:12:12",
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "date": "2014-08-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201408-128"
      },
      {
        "date": "2014-08-13T23:55:07.403000",
        "db": "NVD",
        "id": "CVE-2014-3506"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3506"
      },
      {
        "date": "2016-07-27T01:00:00",
        "db": "BID",
        "id": "69076"
      },
      {
        "date": "2015-06-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003810"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201408-128"
      },
      {
        "date": "2023-11-07T02:20:09.810000",
        "db": "NVD",
        "id": "CVE-2014-3506"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "127862"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-128"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  DTLS Implementation of  d1_both.c Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003810"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-128"
      }
    ],
    "trust": 0.6
  }
}

var-200110-0190
Vulnerability from variot

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security/ http://www.openpkg.org openpkg-security@openpkg.org openpkg@openpkg.org OpenPKG-SA-2006.021 28-Sep-2006

Package: openssl Vulnerability: denial of service OpenPKG Specific: no

Affected Releases: Affected Packages: Corrected Packages: OpenPKG CURRENT <= openssl-0.9.8c-20060905 >= openssl-0.9.8d-20060928 OpenPKG 2-STABLE <= openssl-0.9.8c-2.20060906 >= openssl-0.9.8d-2.20060928 OpenPKG 2.5-RELEASE <= openssl-0.9.8a-2.5.2 >= openssl-0.9.8a-2.5.3

Description: According to a vendor security advisory [0], four security issues were discovered in the cryptography and SSL/TLS toolkit OpenSSL [1]:

  1. ASN.1 Denial of Service Attack (1/2)

    During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-2937 [2] to the problem.

  2. ASN.1 Denial of Service Attack (2/2)

    Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-2940 [3] to the problem.

  3. SSL_get_shared_ciphers() Buffer Overflow

    A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-3780 [4] to the problem.

  4. SSLv2 Client Crash

    A flaw in the SSLv2 client code was discovered. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-4343 [5] to the problem.

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory.

-----BEGIN PGP SIGNATURE----- Comment: OpenPKG openpkg@openpkg.org

iD8DBQFFG88pgHWT4GPEy58RAh8TAJ4/zpIxAmBkivnMe5QzGxHrJHhkbwCg15li sTSkwWgrJGLza3OQ/yQJSfs= =qyrR -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0190",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-26000"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.10"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.9"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "networks meridian option 61c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "systems management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.168"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "x8610.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux database server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "stonebeat fullcluster for gauntlet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1050"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "networks meridian option 51c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "aironet acs350 c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3502.6"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "6000"
      },
      {
        "model": "networks cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1000"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.5"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "fuji",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "networks meridian option 81c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.4"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "networks self-service mps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5000"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5.2"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "2700"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1740"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1010"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.1"
      },
      {
        "model": "networks communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1000"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0.0x64"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.50.3.45"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-45000"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-46000"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "17500"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5000"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "ciscosecure acs appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1111"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.6"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "networks ip address domain manager",
        "scope": null,
        "trust": 0.3,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "mds 9216i",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.3"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.10.2.65"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "networks meridian option 11c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0.1"
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1700"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "ciscosecure acs for windows and unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "stonebeat fullcluster for isa server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1100"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "networks wlan access point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "7250.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with the discovery of this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "20249"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-3738",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-3738",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nSuccessfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n________________________________________________________________________\n\nOpenPKG Security Advisory                            The OpenPKG Project\nhttp://www.openpkg.org/security/                  http://www.openpkg.org\nopenpkg-security@openpkg.org                         openpkg@openpkg.org\nOpenPKG-SA-2006.021                                          28-Sep-2006\n________________________________________________________________________\n\nPackage:             openssl\nVulnerability:       denial of service\nOpenPKG Specific:    no\n\nAffected Releases:   Affected Packages:           Corrected Packages:\nOpenPKG CURRENT      \u003c= openssl-0.9.8c-20060905   \u003e= openssl-0.9.8d-20060928\nOpenPKG 2-STABLE     \u003c= openssl-0.9.8c-2.20060906 \u003e= openssl-0.9.8d-2.20060928\nOpenPKG 2.5-RELEASE  \u003c= openssl-0.9.8a-2.5.2      \u003e= openssl-0.9.8a-2.5.3\n\nDescription:\n  According to a vendor security advisory [0], four security issues\n  were discovered in the cryptography and SSL/TLS toolkit OpenSSL [1]:\n\n  1. ASN.1 Denial of Service Attack (1/2)\n\n     During the parsing of certain invalid ASN.1 structures an error\n     condition is mishandled. This can result in an infinite loop which\n     consumes system memory. The Common Vulnerabilities and Exposures\n     (CVE) project assigned the id CVE-2006-2937 [2] to the problem. \n\n  2. ASN.1 Denial of Service Attack (2/2)\n\n     Certain types of public key can take disproportionate amounts of\n     time to process. This could be used by an attacker in a denial of\n     service attack. The Common Vulnerabilities and Exposures (CVE)\n     project assigned the id CVE-2006-2940 [3] to the problem. \n\n  3. SSL_get_shared_ciphers() Buffer Overflow\n\n     A buffer overflow was discovered in the SSL_get_shared_ciphers()\n     utility function. An attacker could send a list of ciphers to an\n     application that uses this function and overrun a buffer. The\n     Common Vulnerabilities and Exposures (CVE) project assigned the id\n     CVE-2006-3780 [4] to the problem. \n\n  4. SSLv2 Client Crash\n \n     A flaw in the SSLv2 client code was discovered. The\n     Common Vulnerabilities and Exposures (CVE) project assigned the id\n     CVE-2006-4343 [5] to the problem. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. \n________________________________________________________________________\n\n-----BEGIN PGP SIGNATURE-----\nComment: OpenPKG \u003copenpkg@openpkg.org\u003e\n\niD8DBQFFG88pgHWT4GPEy58RAh8TAJ4/zpIxAmBkivnMe5QzGxHrJHhkbwCg15li\nsTSkwWgrJGLza3OQ/yQJSfs=\n=qyrR\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      }
    ],
    "trust": 3.42
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 2.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22654",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22633",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30161",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4314",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4443",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29262",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "id": "VAR-200110-0190",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.346980685
  },
  "last_update_date": "2024-06-17T04:47:26.073000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.7,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/547300"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22633"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22654"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30161"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29262"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20249"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4314"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4443"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026documentoid=498093\u0026renditionid=\u0026poid=8881"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4256"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9370"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/en/support/security_advisories/2909_2006.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "/archive/1/481217"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www116.nortelnetworks.com/pub/repository/clarify/document/2006/44/021420-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20249"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2011-05-09T19:52:00",
        "db": "BID",
        "id": "20249"
      },
      {
        "date": "2018-10-17T21:29:08.090000",
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20249"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "20249"
      }
    ],
    "trust": 0.3
  }
}

var-201410-1418
Vulnerability from variot

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. SSL protocol is the abbreviation of Secure Socket Layer protocol (Secure Socket Layer) developed by Netscape, which provides security and data integrity guarantee for Internet communication. There is a security vulnerability in the SSL protocol 3.0 version used in OpenSSL 1.0.1i and earlier versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2014-10-16-4 OS X Server v3.2.2

OS X Server v3.2.2 is now available and addresses the following:

Server Available for: OS X Mavericks v10.9.5 or later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling SSL 3.0 support in Web Server, Calendar & Contacts Server, and Remote Administration. CVE-ID CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of Google Security Team

OS X Server v3.2.2 may be obtained from the Mac App Store. HP Storage Data Protector Cell Manager v8 before v8.13_206 and v9 before v9.03MMR running on HP-UX 11i, Windows Server 2008/2008R2/2012/2012R2, Redhat, CentOS, Oracle Linux, and SUSE Linux_x64. ============================================================================ Ubuntu Security Notice USN-2486-1 January 27, 2015

openjdk-6 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenJDK 6.

Software Description: - openjdk-6: Open Source Java implementation

Details:

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to expose sensitive data over the network. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6593)

A vulnerability was discovered in the OpenJDK JRE related to integrity and availability. (CVE-2015-0383)

A vulnerability was discovered in the OpenJDK JRE related to availability. (CVE-2015-0410)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b34-1.13.6-1ubuntu0.12.04.1 icedtea-6-jre-jamvm 6b34-1.13.6-1ubuntu0.12.04.1 openjdk-6-jre 6b34-1.13.6-1ubuntu0.12.04.1 openjdk-6-jre-headless 6b34-1.13.6-1ubuntu0.12.04.1 openjdk-6-jre-lib 6b34-1.13.6-1ubuntu0.12.04.1 openjdk-6-jre-zero 6b34-1.13.6-1ubuntu0.12.04.1

Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b34-1.13.6-1ubuntu0.10.04.1 openjdk-6-jre 6b34-1.13.6-1ubuntu0.10.04.1 openjdk-6-jre-headless 6b34-1.13.6-1ubuntu0.10.04.1 openjdk-6-jre-lib 6b34-1.13.6-1ubuntu0.10.04.1 openjdk-6-jre-zero 6b34-1.13.6-1ubuntu0.10.04.1

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2486-1 CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0400, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412

Package Information: https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.10.04.1 . A second vulnerability could be exploited remotely to cause a Denial of Service (DoS).

Contact vcemsdksupportteam@hp.com to request the HP Virtual Connect Enterprise Manager SDK v7.4.1 or later. The vulnerabilities may lead to remote disclosure of information.

The update is available from HPE Software Depot: https://h20392.www2.hpe.com/ portal/swdepot/displayProductInfo.do?productNumber=HPVPRhttps://www.hpe.com

Note: HPE recommends customers using OV4VC 7.8.1 and earlier should upgrade to OV4VC 7.8.2. This addresses all SSL security vulnerabilities reported through March 28, 2016.

SSLv3 is enabled by default in all version 5 HP Insight Remote Support Clients. HP recommends that customers, if possible, should migrate to Insight Remote Support Version 7.2 which has been updated with a preliminary resolution to the vulnerability. This bulletin will be revised when the final resolution update is available.

Please refer to the following Insight Remote Support Version 7.2 documents for recommendations on migrating to Insight Remote Support Version 7.2:

http://www.hp.com/go/insightremotesupport/docs

HP Insight Remote Support 7.2 Upgrade Guide
HP Insight Remote Support 7.2 Release Notes

HISTORY Version:1 (rev.1) - 5 December 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

============================================================================= FreeBSD-SA-14:23.openssl Security Advisory The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib Module: openssl Announced: 2014-10-21 Affects: All supported versions of FreeBSD. Corrected: 2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1) 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10) 2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE) 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3) 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13) 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20) 2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE) 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17) CVE Name: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. Problem Description

A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. [CVE-2014-3513].

When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. [CVE-2014-3567]. This protocol weakness makes it possible for an attacker to obtain clear text data through a padding-oracle attack.

Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE [CVE-2014-3566].

OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade.

When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. [CVE-2014-3568].

III. Impact

A remote attacker can cause Denial of Service with OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. [CVE-2014-3513]

By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. [CVE-2014-3567].

An active man-in-the-middle attacker can force a protocol downgrade to SSLv3 and exploit the weakness of SSLv3 to obtain clear text data from the connection. [CVE-2014-3566] [CVE-2014-3568]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.0]

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc

gpg --verify openssl-10.0.patch.asc

[FreeBSD 9.3]

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc

gpg --verify openssl-9.3.patch.asc

[FreeBSD 8.4, 9.1 and 9.2]

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc

gpg --verify openssl-8.4.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r273151 releng/8.4/ r273416 stable/9/ r273151 releng/9.1/ r273415 releng/9.2/ r273415 releng/9.3/ r273415 stable/10/ r273149 releng/10.0/ r273415 releng/10.1/ r273399

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIcBAEBAgAGBQJURsSwAAoJEO1n7NZdz2rn3ekQANG9DnAGJq/yAXXtX4wdeP08 Ep35L3dkxJsthoqJhn7fc/pra5SZ5iS7NCRHdh5Xn1dsxRiOsffYt9zanWyTOgj+ RQy9jiNp0oIWQEkxZVoHMIKn6VeQk1I2llSXyERANjeDtKX6GV2gV+Zd4tcExW4T Nn9jVHgkDL/doxJ3C1K0BrkdoEEwyPohAf8WLAg6ZKRm3Pys1Ewjm6fPBPtKUIEu zWFruP5xFz3rM6i/4zcihj7b4BuIKtUBgHf28rgf0I3TKZTr75Xr9h4q/8ZG4H0G Lk/1OoZTiMyjlBLufpTlCOdODjz7ORzDLif47Zyt52iZowq1hl4WO7Xo/C/kPUmG o631wsLmO9tPS2Z0TmIQm1fwjlTvIZefZAlMpa1lDwnwZx2hRsu9TzauACdSbuWx 9i+e8/CSMEsr0qJo8KXjltpV9siULhkvl9xr3PwxMfvHFjGUAuur2zHUoTQZTpy0 nKJJXSs3kIW/4ivLMDuDYijdVnf4hrih6GTKEND6aNXtyXitiFK8J4a/q0T4BBnh 89A2QUFVeeDPmf7jzMh824s8W2uoPFGJqHgdtqv1bLT29rqh5ya/5zi7sci6Q/Mk ov0U8X3Pwun7iwJDeYG6N38lUSdMqImHR12Ay7pOY04i4qau4Yf8B26lwcMk/HrU cZ84y1sCp0qHtTqKuak9 =ywze -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04720842

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04720842 Version: 1

HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-06-26 Last Updated: 2015-06-26

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information.

References:

CVE-2014-3566 (SSRT101114)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products.

Note: all product versions are impacted prior to the fixed versions listed.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION HP has provided firmware updates for impacted printers as in the table below. To obtain the updated firmware, go to www.hp.com and follow these steps:

Select "Drivers & Software". Enter the appropriate product name listed in the table below into the search field. Click on "Search". Click on the appropriate product. Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" Note: If the "Cross operating system ..." link is not present, select applicable Windows operating system from the list. Select the appropriate firmware update under "Firmware".

Firmware Updates Table

Product Name Model Number Firmware Revision

HP Color LaserJet CP5525 CE707A,CE708A,CE709A 2305081_000127 (or higher)

HP Color LaserJet Enterprise M552 B5L23A 2305076_518484 (or higher)

HP Color LaserJet Enterprise M553 B5L24A, B5L25A, B5L26A 2305076_518484 (or higher)

HP Color LaserJet Enterprise M651 CZ255A, CZ256A, CZ257A, CZ258A 2305076_518492 (or higher)

HP Color LaserJet Enterprise M750 D3L08A, D3L09A, D3L10A 2305081_000144 (or higher)

HP Color LaserJet M680 CZ250A, CA251A 2305076_518489 (or higher)

HP LaserJet Enterprise 500 color MFP M575dn CD644A, CD645A 2305076_518499 (or higher)

HP LaserJet Enterprise 500 MFP M525f CF116A, CF117A 2305076_518487 (or higher)

HP LaserJet Enterprise 600 M601 CE989A, CE990A 2305083_000199 (or higher)

HP LaserJet Enterprise 600 M602 CE991A, CE992A, CE993A 2305083_000199 (or higher)

HP LaserJet Enterprise 600 M603xh CE994A, CE995A, CE996A 2305083_000199 (or higher)

HP LaserJet Enterprise 700 color MFP M775 series CC522A, CC523A, CC524A 2305076_518498 (or higher)

HP LaserJet Enterprise 700 M712xh CF235A, CF236A, CF238A 2305083_000196 (or higher)

HP LaserJet Enterprise 800 color M855 A2W77A, A2W78A, A2W79A 2305076_518493 (or higher)

HP LaserJet Enterprise 800 color MFP M880 A2W76A, A2W75A, D7P70A, D7P71A 2305076_518488 (or higher)

HP LaserJet Enterprise Color 500 M551 Series CF081A,CF082A,CF083A 2305083_000200 (or higher)

HP LaserJet Enterprise Color flow MFP M575c CD646A 2305076_518499 (or higher)

HP LaserJet Enterprise flow M830z MFP CF367A 2305076_518490 (or higher)

HP LaserJet Enterprise flow MFP M525c CF118A 2305076_518487 (or higher)

HP LaserJet Enterprise Flow MFP M630z B3G85A 2305076_518483 (or higher)

HP LaserJet Enterprise M4555 MFP CE503A, CE504A, CE738A 2305083_000222 (or higher)

HP Color LaserJet CM4540 MFP CC419A, CC420A, CC421A 2305083_000206 (or higher)

HP LaserJet Enterprise M604 E6B67A, E6B68A 2305076_518485 (or higher)

HP LaserJet Enterprise M605 E6B69A, E6B70A. E6B71A 2305076_518485 (or higher)

HP LaserJet Enterprise M606 E6B72A, E6B73A 2305076_518485 (or higher)

HP LaserJet Enterprise M806 CZ244A, CZ245A 2305081_000143 (or higher)

HP LaserJet Enterprise MFP M630 J7X28A 2305076_518483 (or higher)

HP LaserJet Enterprise MFP M725 CF066A, CF067A, CF068A, CF069A 2305076_518496 (or higher)

HP Scanjet Enterprise 8500FN1 Document Capture Workstation L2717A 2305076_518479 (or higher)

HP OfficeJet Enterprise Color X555 C2S11A, C2S12A 2305076_518491 (or higher)

HP OfficeJet Enterprise Color MFP X585 B5L04A, B5L05A,B5L07A 2305076_518486 (or higher)

HP LaserJet P3005 Q7812A 02.190.3 (or higher)

HP Color LaserJet CP3505 CB442A 03.160.2 (or higher)

HP LaserJet 5200L Q7543A 08.241.0 (or higher)

HP LaserJet 5200N Q7543A 08.241.0 (or higher)

HP LaserJet 4240 Q7785A 08.250.2 (or higher)

HP LaserJet 4250 Q5400A 08.250.2 (or higher)

HP LaserJet 4350 Q5407A 08.250.2 (or higher)

HP LaserJet 9040 Q7697A 08.260.3 (or higher)

HP LaserJet 9050 Q7697A 08.260.3 (or higher)

HP LaserJet 9040 Multifunction Printer Q3721A 08.290.2 (or higher)

HP LaserJet 9050 Multifunction Printer Q3721A 08.290.2 (or higher)

HP 9200c Digital Sender Q5916A 09.271.3 (or higher)

HP LaserJet 4345 Multifunction Printer Q3942A 09.310.2 (or higher)

HP LaserJet P2055 Printer CE456A, CE457A, CE459A, CE460A, 20141201 (or higher)

HP Color LaserJet 3000 Q7534A 46.080.2 (or higher)

HP Color LaserJet 3800 Q5981A 46.080.8 (or higher)

HP Color LaserJet 4700 Q7492A 46.230.6 (or higher)

HP Color LaserJet CP4005 CB503A 46.230.6 (or higher)

HP Color LaserJet 4730 Multifunction Printer Q7517A 46.380.3 (or higher)

HP LaserJet Pro 200 color Printer M251n, nw CF146A, CF147A 20150112 (or higher)

HP LaserJet Pro 500 color MFP M570dn, dw CZ271A, CZ272A 20150112 (or higher)

HP LaserJet Pro M521dn, dw MFP A8P79A, A8P80A 20150112 (or higher)

HP Color LaserJet Pro MFP M476dn, dw, nw CF385A, CF386A, CF387A 20150112 (or higher)

HP LaserJet Pro 400 MFP M425dn, dw CF286A, CF28A 20150112 (or higher)

HP LaserJet Pro 200 color MFP M276n, nw CF144A, CF145A 20150112 (or higher)

HP LaserJet Pro 400 M401a, d, dn, dne, dw, n CF270A, CF274A, CF278A, CF399A, CF285A, CZ195A 20150112 (or higher)

HP LaserJet Pro P1566 Printer CE663A, CE749A 20150116 (or higher)

HP LaserJet Pro 300 Color MFP M375nw CE903A 20150126 (or higher)

HP LaserJet Pro 400 Color MFP M475dn, dw CE863A, CE864A 20150126 (or higher)

HP TopShot LaserJet Pro M275 MFP CF040A 20150126 (or higher)

HP LaserJet 300 color M351a CE955A 20150126 (or higher)

HP LaserJet 400 color M451dn, dw, nw CE956A, CE957A, CE958A 20150126 (or higher)

HP LaserJet Pro MFP M125a CZ172A 20150214 (or higher)

HP LaserJet Pro MFP M126a CZ174A 20150215 (or higher)

HP LaserJet Pro MFP M125nw CZ173A 20150228 (or higher)

HP LaserJet Pro MFP M126nw CZ175A 20150228 (or higher)

HP LaserJet Pro MFP M127fn, fw CZ181A, CZ183A 20150228 (or higher)

HP LaserJet Pro MFP M128fn, fp, fw CZ184A, CZ185A, CZ186A 20150228 (or higher)

HP Color LaserJet Pro MFP M176n, fw CF547A, CZ165A 20150228 (or higher)

HP LaserJet Pro P1102, w CE651A, CE657A 20150313 (or higher)

HP LaserJet Pro P1106 CE653A 20150313 (or higher)

HP LaserJet Pro P1108 CE655A 20150313 (or higher)

LaserJet Pro M435nw MFP A3E42A 20150316 (or higher)

HP LaserJet Pro M701a, n B6S00A, B6S01A 20150316 (or higher)

HP LaserJet Pro M706n B6S02A 20150316 (or higher)

HP LaserJet Professional M1212nf MFP CE841A 20150405 (or higher)

HP LaserJet Professional M1213nf MFP CE845A 20150405 (or higher)

HP LaserJet Professional M1214nfh MFP CE843A 20150405 (or higher)

HP LaserJet Professional M1216nfh MFP CE842A 20150405 (or higher)

HP LaserJet Professional M1217nfw MFP CE844A 20150405 (or higher)

HP HotSpot LaserJet Pro M1218nfs MFP B4K88A 20150405 (or higher)

HP LaserJet Professional M1219nf MFP CE846A 20150405 (or higher)

HP LaserJet Pro CP1025, nw CE913A, CE914A, CF346A, CF346A 20150413 (or higher)

HP Officejet Pro X451dn Printer CN459A BNP1CN1502AR (or higher)

HP Officejet Pro X451dw Printer CN463A BWP1CN1502AR (or higher)

HP Officejet Pro X551dw Printer CV037A BZP1CN1502AR (or higher)

HP Officejet Pro X476dn MFP CN460A LNP1CN1502BR (or higher)

HP Officejet Pro X476dw MFP CN461A LWP1CN1502BR (or higher)

HP Officejet Pro X576dw MFP CN598A LZP1CN1502BR (or higher)

HP Officejet Pro 276dw MFP CR770A FRP1CN1517AR (or higher)

HP Officejet Pro 8610/15/16 e-All-in-One Printer A7F64A, D7Z36A, J5T77A FDP1CN1502AR (or higher)

HP Officejet Pro 8620/25 e-All-in-One Printer A7F65A, D7Z37A FDP1CN1502AR (or higher)

HP Officejet Pro 8630 e-All-in-One Printer A7F66A FDP1CN1502AR (or higher)

HP Jetdirect 620n EIO Card J7934G V29.26 (or higher)

HP Jetdirect ew2500 802.11b/g Wireless Print Server J8021A V41.16 (or higher)

HP Jetdirect 690n EIO Card J8007A V41.16 (or higher)

HP Jetdirect 635n EIO Card J7961G V41.16 (or higher)

HP Jetdirect 695n EIO Card J8024A V41.16 (or higher)

HP Jetdirect 640n EIO Card J8025A V45.35 (or higher)

HISTORY Version:1 (rev.1) - 26 June 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201410-1418",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.1.6"
      },
      {
        "model": "enterprise linux server supplementary",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.2.0.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "6.0.5"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "20"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8w"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.1.7"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.1.5"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "6.0.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "5.1.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "5.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "6.0.6"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "12.3"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "6.1.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8s"
      },
      {
        "model": "enterprise linux desktop supplementary",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "5.1.4"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "6.1.4"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "19"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zb"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "suse linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "11.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "5.1.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "suse linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "12.0"
      },
      {
        "model": "suse linux enterprise desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "9.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "mageia",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mageia",
        "version": "3.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8z"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.2.3"
      },
      {
        "model": "enterprise linux server supplementary",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.1.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.2.2"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "5.2.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8y"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "suse linux enterprise desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "11.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "suse linux enterprise desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "suse linux enterprise desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "12.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "21"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8u"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "suse linux enterprise software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "11.0"
      },
      {
        "model": "enterprise linux workstation supplementary",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "6.1.5"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "6.0.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "6.0.4"
      },
      {
        "model": "mageia",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mageia",
        "version": "4.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "6.0.3"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "6.1.1"
      },
      {
        "model": "suse linux enterprise software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "12.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "6.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "6.1.2"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.0.2"
      },
      {
        "model": "enterprise linux server supplementary",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "5.2"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "5.1.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "enterprise linux workstation supplementary",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux desktop supplementary",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "5.2.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8t"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8za"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3566"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3566"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "129426"
      },
      {
        "db": "PACKETSTORM",
        "id": "133368"
      },
      {
        "db": "PACKETSTORM",
        "id": "130644"
      },
      {
        "db": "PACKETSTORM",
        "id": "131011"
      },
      {
        "db": "PACKETSTORM",
        "id": "130334"
      },
      {
        "db": "PACKETSTORM",
        "id": "130817"
      },
      {
        "db": "PACKETSTORM",
        "id": "136577"
      },
      {
        "db": "PACKETSTORM",
        "id": "129401"
      },
      {
        "db": "PACKETSTORM",
        "id": "132469"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2014-3566",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-71506",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.6,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3566",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-71506",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71506"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3566"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue. SSL protocol is the abbreviation of Secure Socket Layer protocol (Secure Socket Layer) developed by Netscape, which provides security and data integrity guarantee for Internet communication. There is a security vulnerability in the SSL protocol 3.0 version used in OpenSSL 1.0.1i and earlier versions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-10-16-4 OS X Server v3.2.2\n\nOS X Server v3.2.2 is now available and addresses the following:\n\nServer\nAvailable for:  OS X Mavericks v10.9.5 or later\nImpact:  An attacker may be able to decrypt data protected by SSL\nDescription:  There are known attacks on the confidentiality of SSL\n3.0 when a cipher suite uses a block cipher in CBC mode. An attacker\ncould force the use of SSL 3.0, even when the server would support a\nbetter TLS version, by blocking TLS 1.0 and higher connection\nattempts. This issue was addressed by disabling SSL 3.0 support in\nWeb Server, Calendar \u0026 Contacts Server, and Remote Administration. \nCVE-ID\nCVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of\nGoogle Security Team\n\n\nOS X Server v3.2.2 may be obtained from the Mac App Store. \nHP Storage Data Protector Cell Manager v8 before v8.13_206 and v9 before\nv9.03MMR running on HP-UX 11i, Windows Server 2008/2008R2/2012/2012R2,\nRedhat, CentOS, Oracle Linux, and SUSE Linux_x64. ============================================================================\nUbuntu Security Notice USN-2486-1\nJanuary 27, 2015\n\nopenjdk-6 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenJDK 6. \n\nSoftware Description:\n- openjdk-6: Open Source Java implementation\n\nDetails:\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker could exploit these to expose sensitive\ndata over the network. An attacker could exploit this to\nexpose sensitive data over the network. (CVE-2014-6593)\n\nA vulnerability was discovered in the OpenJDK JRE related to integrity and\navailability. \n(CVE-2015-0383)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. \n(CVE-2015-0410)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n  icedtea-6-jre-cacao             6b34-1.13.6-1ubuntu0.12.04.1\n  icedtea-6-jre-jamvm             6b34-1.13.6-1ubuntu0.12.04.1\n  openjdk-6-jre                   6b34-1.13.6-1ubuntu0.12.04.1\n  openjdk-6-jre-headless          6b34-1.13.6-1ubuntu0.12.04.1\n  openjdk-6-jre-lib               6b34-1.13.6-1ubuntu0.12.04.1\n  openjdk-6-jre-zero              6b34-1.13.6-1ubuntu0.12.04.1\n\nUbuntu 10.04 LTS:\n  icedtea-6-jre-cacao             6b34-1.13.6-1ubuntu0.10.04.1\n  openjdk-6-jre                   6b34-1.13.6-1ubuntu0.10.04.1\n  openjdk-6-jre-headless          6b34-1.13.6-1ubuntu0.10.04.1\n  openjdk-6-jre-lib               6b34-1.13.6-1ubuntu0.10.04.1\n  openjdk-6-jre-zero              6b34-1.13.6-1ubuntu0.10.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any Java\napplications or applets to make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2486-1\n  CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591,\n  CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395,\n  CVE-2015-0400, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410,\n  CVE-2015-0412\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.12.04.1\n  https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.10.04.1\n. A second vulnerability could be exploited remotely\nto cause a Denial of Service (DoS). \n\nContact vcemsdksupportteam@hp.com to request the HP Virtual Connect\nEnterprise Manager SDK v7.4.1 or later. The\nvulnerabilities may lead to remote disclosure of information. \n\nThe update is available from HPE Software Depot: https://h20392.www2.hpe.com/\nportal/swdepot/displayProductInfo.do?productNumber=HPVPRhttps://www.hpe.com\n\nNote: HPE recommends customers using OV4VC 7.8.1 and earlier should upgrade\nto OV4VC 7.8.2. This addresses all SSL security vulnerabilities reported\nthrough March 28, 2016. \n\nSSLv3 is enabled by default in all version 5 HP Insight Remote Support\nClients. HP recommends that customers, if possible, should\nmigrate to Insight Remote Support Version 7.2 which has been updated with a\npreliminary resolution to the vulnerability. This bulletin will be revised\nwhen the final resolution update is available. \n\n  Please refer to the following Insight Remote Support Version 7.2 documents\nfor recommendations on migrating to Insight Remote Support Version 7.2:\n\n    http://www.hp.com/go/insightremotesupport/docs\n\n    HP Insight Remote Support 7.2 Upgrade Guide\n    HP Insight Remote Support 7.2 Release Notes\n\nHISTORY\nVersion:1 (rev.1) - 5 December 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-14:23.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          OpenSSL multiple vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2014-10-21\nAffects:        All supported versions of FreeBSD. \nCorrected:      2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE)\n                2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3)\n                2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1)\n                2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1)\n                2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1)\n                2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)\n                2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE)\n                2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)\n                2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)\n                2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)\n                2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE)\n                2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17)\nCVE Name:       CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII.  Problem Description\n\nA flaw in the DTLS SRTP extension parsing code allows an attacker, who\nsends a carefully crafted handshake message, to cause OpenSSL to fail\nto free up to 64k of memory causing a memory leak.  [CVE-2014-3513]. \n\nWhen an OpenSSL SSL/TLS/DTLS server receives a session ticket the\nintegrity of that ticket is first verified. In the event of a session\nticket integrity check failing, OpenSSL will fail to free memory\ncausing a memory leak.  [CVE-2014-3567].  This\nprotocol weakness makes it possible for an attacker to obtain clear text\ndata through a padding-oracle attack. \n\nSome client applications (such as browsers) will reconnect using a\ndowngraded protocol to work around interoperability bugs in older\nservers. This could be exploited by an active man-in-the-middle to\ndowngrade connections to SSL 3.0 even if both sides of the connection\nsupport higher protocols. SSL 3.0 contains a number of weaknesses\nincluding POODLE [CVE-2014-3566]. \n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol downgrade. \n\nWhen OpenSSL is configured with \"no-ssl3\" as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them. [CVE-2014-3568]. \n\nIII. Impact\n\nA remote attacker can cause Denial of Service with OpenSSL 1.0.1\nserver implementations for both SSL/TLS and DTLS regardless of\nwhether SRTP is used or configured. [CVE-2014-3513]\n\nBy sending a large number of invalid session tickets an attacker\ncould exploit this issue in a Denial Of Service attack. \n[CVE-2014-3567]. \n\nAn active man-in-the-middle attacker can force a protocol downgrade\nto SSLv3 and exploit the weakness of SSLv3 to obtain clear text data\nfrom the connection. [CVE-2014-3566] [CVE-2014-3568]\n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 9.3]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 8.4, 9.1 and 9.2]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc\n# gpg --verify openssl-8.4.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r273151\nreleng/8.4/                                                       r273416\nstable/9/                                                         r273151\nreleng/9.1/                                                       r273415\nreleng/9.2/                                                       r273415\nreleng/9.3/                                                       r273415\nstable/10/                                                        r273149\nreleng/10.0/                                                      r273415\nreleng/10.1/                                                      r273399\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:23.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBAgAGBQJURsSwAAoJEO1n7NZdz2rn3ekQANG9DnAGJq/yAXXtX4wdeP08\nEp35L3dkxJsthoqJhn7fc/pra5SZ5iS7NCRHdh5Xn1dsxRiOsffYt9zanWyTOgj+\nRQy9jiNp0oIWQEkxZVoHMIKn6VeQk1I2llSXyERANjeDtKX6GV2gV+Zd4tcExW4T\nNn9jVHgkDL/doxJ3C1K0BrkdoEEwyPohAf8WLAg6ZKRm3Pys1Ewjm6fPBPtKUIEu\nzWFruP5xFz3rM6i/4zcihj7b4BuIKtUBgHf28rgf0I3TKZTr75Xr9h4q/8ZG4H0G\nLk/1OoZTiMyjlBLufpTlCOdODjz7ORzDLif47Zyt52iZowq1hl4WO7Xo/C/kPUmG\no631wsLmO9tPS2Z0TmIQm1fwjlTvIZefZAlMpa1lDwnwZx2hRsu9TzauACdSbuWx\n9i+e8/CSMEsr0qJo8KXjltpV9siULhkvl9xr3PwxMfvHFjGUAuur2zHUoTQZTpy0\nnKJJXSs3kIW/4ivLMDuDYijdVnf4hrih6GTKEND6aNXtyXitiFK8J4a/q0T4BBnh\n89A2QUFVeeDPmf7jzMh824s8W2uoPFGJqHgdtqv1bLT29rqh5ya/5zi7sci6Q/Mk\nov0U8X3Pwun7iwJDeYG6N38lUSdMqImHR12Ay7pOY04i4qau4Yf8B26lwcMk/HrU\ncZ84y1sCp0qHtTqKuak9\n=ywze\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04720842\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04720842\nVersion: 1\n\nHPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and\nMFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-06-26\nLast Updated: 2015-06-26\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with certain HP\nLaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and\ncertain HP JetDirect Networking cards using OpenSSL. This is the SSLv3\nvulnerability known as \"Padding Oracle on Downgraded Legacy Encryption\" or\n\"POODLE\", which could be exploited remotely to allow disclosure of\ninformation. \n\nReferences:\n\nCVE-2014-3566 (SSRT101114)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nPlease refer to the RESOLUTION\n below for a list of impacted products. \n\nNote: all product versions are impacted prior to the fixed versions listed. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3566    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\nHP has provided firmware updates for impacted printers as in the table below. \nTo obtain the updated firmware, go to www.hp.com and follow these steps:\n\nSelect \"Drivers \u0026 Software\". \nEnter the appropriate product name listed in the table below into the search\nfield. \nClick on \"Search\". \nClick on the appropriate product. \nUnder \"Select operating system\" click on \"Cross operating system (BIOS,\nFirmware, Diagnostics, etc.)\"\nNote: If the \"Cross operating system ...\" link is not present, select\napplicable Windows operating system from the list. \nSelect the appropriate firmware update under \"Firmware\". \n\nFirmware Updates Table\n\nProduct Name\n Model Number\n Firmware Revision\n\nHP Color LaserJet CP5525\n CE707A,CE708A,CE709A\n 2305081_000127 (or higher)\n\nHP Color LaserJet Enterprise M552\n B5L23A\n 2305076_518484 (or higher)\n\nHP Color LaserJet Enterprise M553\n B5L24A, B5L25A, B5L26A\n 2305076_518484 (or higher)\n\nHP Color LaserJet Enterprise M651\n CZ255A, CZ256A, CZ257A, CZ258A\n 2305076_518492 (or higher)\n\nHP Color LaserJet Enterprise M750\n D3L08A, D3L09A, D3L10A\n 2305081_000144 (or higher)\n\nHP Color LaserJet M680\n CZ250A, CA251A\n 2305076_518489 (or higher)\n\nHP LaserJet Enterprise 500 color MFP M575dn\n CD644A, CD645A\n 2305076_518499 (or higher)\n\nHP LaserJet Enterprise 500 MFP M525f\n CF116A, CF117A\n 2305076_518487 (or higher)\n\nHP LaserJet Enterprise 600 M601\n CE989A, CE990A\n 2305083_000199 (or higher)\n\nHP LaserJet Enterprise 600 M602\n CE991A, CE992A, CE993A\n 2305083_000199 (or higher)\n\nHP LaserJet Enterprise 600 M603xh\n CE994A, CE995A, CE996A\n 2305083_000199 (or higher)\n\nHP LaserJet Enterprise 700 color MFP M775 series\n CC522A, CC523A, CC524A\n 2305076_518498 (or higher)\n\nHP LaserJet Enterprise 700 M712xh\n CF235A, CF236A, CF238A\n 2305083_000196 (or higher)\n\nHP LaserJet Enterprise 800 color M855\n A2W77A, A2W78A, A2W79A\n 2305076_518493 (or higher)\n\nHP LaserJet Enterprise 800 color MFP M880\n A2W76A, A2W75A, D7P70A, D7P71A\n 2305076_518488 (or higher)\n\nHP LaserJet Enterprise Color 500 M551 Series\n CF081A,CF082A,CF083A\n 2305083_000200 (or higher)\n\nHP LaserJet Enterprise Color flow MFP M575c\n CD646A\n 2305076_518499 (or higher)\n\nHP LaserJet Enterprise flow M830z MFP\n CF367A\n 2305076_518490 (or higher)\n\nHP LaserJet Enterprise flow MFP M525c\n CF118A\n 2305076_518487 (or higher)\n\nHP LaserJet Enterprise Flow MFP M630z\n B3G85A\n 2305076_518483 (or higher)\n\nHP LaserJet Enterprise M4555 MFP\n CE503A, CE504A, CE738A\n 2305083_000222 (or higher)\n\nHP Color LaserJet CM4540 MFP\n CC419A, CC420A, CC421A\n 2305083_000206 (or higher)\n\nHP LaserJet Enterprise M604\n E6B67A, E6B68A\n 2305076_518485 (or higher)\n\nHP LaserJet Enterprise M605\n E6B69A, E6B70A. E6B71A\n 2305076_518485 (or higher)\n\nHP LaserJet Enterprise M606\n E6B72A, E6B73A\n 2305076_518485 (or higher)\n\nHP LaserJet Enterprise M806\n CZ244A, CZ245A\n 2305081_000143 (or higher)\n\nHP LaserJet Enterprise MFP M630\n J7X28A\n 2305076_518483 (or higher)\n\nHP LaserJet Enterprise MFP M725\n CF066A, CF067A, CF068A, CF069A\n 2305076_518496 (or higher)\n\nHP Scanjet Enterprise 8500FN1 Document Capture Workstation\n L2717A\n 2305076_518479 (or higher)\n\nHP OfficeJet Enterprise Color X555\n C2S11A, C2S12A\n 2305076_518491 (or higher)\n\nHP OfficeJet Enterprise Color MFP X585\n B5L04A, B5L05A,B5L07A\n 2305076_518486 (or higher)\n\nHP LaserJet P3005\n Q7812A\n 02.190.3 (or higher)\n\nHP Color LaserJet CP3505\n CB442A\n 03.160.2 (or higher)\n\nHP LaserJet 5200L\n Q7543A\n 08.241.0 (or higher)\n\nHP LaserJet 5200N\n Q7543A\n 08.241.0 (or higher)\n\nHP LaserJet 4240\n Q7785A\n 08.250.2 (or higher)\n\nHP LaserJet 4250\n Q5400A\n 08.250.2 (or higher)\n\nHP LaserJet 4350\n Q5407A\n 08.250.2 (or higher)\n\nHP LaserJet 9040\n Q7697A\n 08.260.3 (or higher)\n\nHP LaserJet 9050\n Q7697A\n 08.260.3 (or higher)\n\nHP LaserJet 9040 Multifunction Printer\n Q3721A\n 08.290.2 (or higher)\n\nHP LaserJet 9050 Multifunction Printer\n Q3721A\n 08.290.2 (or higher)\n\nHP 9200c Digital Sender\n Q5916A\n 09.271.3 (or higher)\n\nHP LaserJet 4345 Multifunction Printer\n Q3942A\n 09.310.2 (or higher)\n\nHP LaserJet P2055 Printer\n CE456A, CE457A, CE459A, CE460A,\n 20141201 (or higher)\n\nHP Color LaserJet 3000\n Q7534A\n 46.080.2 (or higher)\n\nHP Color LaserJet 3800\n Q5981A\n 46.080.8 (or higher)\n\nHP Color LaserJet 4700\n Q7492A\n 46.230.6 (or higher)\n\nHP Color LaserJet CP4005\n CB503A\n 46.230.6 (or higher)\n\nHP Color LaserJet 4730 Multifunction Printer\n Q7517A\n 46.380.3 (or higher)\n\nHP LaserJet Pro 200 color Printer M251n, nw\n CF146A, CF147A\n 20150112 (or higher)\n\nHP LaserJet Pro 500 color MFP M570dn, dw\n CZ271A, CZ272A\n 20150112 (or higher)\n\nHP LaserJet Pro M521dn, dw MFP\n A8P79A, A8P80A\n 20150112 (or higher)\n\nHP Color LaserJet Pro MFP M476dn, dw, nw\n CF385A, CF386A, CF387A\n 20150112 (or higher)\n\nHP LaserJet Pro 400 MFP M425dn, dw\n CF286A, CF28A\n 20150112 (or higher)\n\nHP LaserJet Pro 200 color MFP M276n, nw\n CF144A, CF145A\n 20150112 (or higher)\n\nHP LaserJet Pro 400 M401a, d, dn, dne, dw, n\n CF270A, CF274A, CF278A, CF399A, CF285A, CZ195A\n 20150112 (or higher)\n\nHP LaserJet Pro P1566 Printer\n CE663A, CE749A\n 20150116 (or higher)\n\nHP LaserJet Pro 300 Color MFP M375nw\n CE903A\n 20150126 (or higher)\n\nHP LaserJet Pro 400 Color MFP M475dn, dw\n CE863A, CE864A\n 20150126 (or higher)\n\nHP TopShot LaserJet Pro M275 MFP\n CF040A\n 20150126 (or higher)\n\nHP LaserJet 300 color M351a\n CE955A\n 20150126 (or higher)\n\nHP LaserJet 400 color M451dn, dw, nw\n CE956A, CE957A, CE958A\n 20150126 (or higher)\n\nHP LaserJet Pro MFP M125a\n CZ172A\n 20150214 (or higher)\n\nHP LaserJet Pro MFP M126a\n CZ174A\n 20150215 (or higher)\n\nHP LaserJet Pro MFP M125nw\n CZ173A\n 20150228 (or higher)\n\nHP LaserJet Pro MFP M126nw\n CZ175A\n 20150228 (or higher)\n\nHP LaserJet Pro MFP M127fn, fw\n CZ181A, CZ183A\n 20150228 (or higher)\n\nHP LaserJet Pro MFP M128fn, fp, fw\n CZ184A, CZ185A, CZ186A\n 20150228 (or higher)\n\nHP Color LaserJet Pro MFP M176n, fw\n CF547A, CZ165A\n 20150228 (or higher)\n\nHP LaserJet Pro P1102, w\n CE651A, CE657A\n 20150313 (or higher)\n\nHP LaserJet Pro P1106\n CE653A\n 20150313 (or higher)\n\nHP LaserJet Pro P1108\n CE655A\n 20150313 (or higher)\n\nLaserJet Pro M435nw MFP\n A3E42A\n 20150316 (or higher)\n\nHP LaserJet Pro M701a, n\n B6S00A, B6S01A\n 20150316 (or higher)\n\nHP LaserJet Pro M706n\n B6S02A\n 20150316 (or higher)\n\nHP LaserJet Professional M1212nf MFP\n CE841A\n 20150405 (or higher)\n\nHP LaserJet Professional M1213nf MFP\n CE845A\n 20150405 (or higher)\n\nHP LaserJet Professional M1214nfh MFP\n CE843A\n 20150405 (or higher)\n\nHP LaserJet Professional M1216nfh MFP\n CE842A\n 20150405 (or higher)\n\nHP LaserJet Professional M1217nfw MFP\n CE844A\n 20150405 (or higher)\n\nHP HotSpot LaserJet Pro M1218nfs MFP\n B4K88A\n 20150405 (or higher)\n\nHP LaserJet Professional M1219nf MFP\n CE846A\n 20150405 (or higher)\n\nHP LaserJet Pro CP1025, nw\n CE913A, CE914A, CF346A, CF346A\n 20150413 (or higher)\n\nHP Officejet Pro X451dn Printer\n CN459A\n BNP1CN1502AR (or higher)\n\nHP Officejet Pro X451dw Printer\n CN463A\n BWP1CN1502AR (or higher)\n\nHP Officejet Pro X551dw Printer\n CV037A\n BZP1CN1502AR (or higher)\n\nHP Officejet Pro X476dn MFP\n CN460A\n LNP1CN1502BR (or higher)\n\nHP Officejet Pro X476dw MFP\n CN461A\n LWP1CN1502BR (or higher)\n\nHP Officejet Pro X576dw MFP\n CN598A\n LZP1CN1502BR (or higher)\n\nHP Officejet Pro 276dw MFP\n CR770A\n FRP1CN1517AR (or higher)\n\nHP Officejet Pro 8610/15/16 e-All-in-One Printer\n A7F64A, D7Z36A, J5T77A\n FDP1CN1502AR (or higher)\n\nHP Officejet Pro 8620/25 e-All-in-One Printer\n A7F65A, D7Z37A\n FDP1CN1502AR (or higher)\n\nHP Officejet Pro 8630 e-All-in-One Printer\n A7F66A\n FDP1CN1502AR (or higher)\n\nHP Jetdirect 620n EIO Card\n J7934G\n V29.26 (or higher)\n\nHP Jetdirect ew2500 802.11b/g Wireless Print Server\n J8021A\n V41.16 (or higher)\n\nHP Jetdirect 690n EIO Card\n J8007A\n V41.16 (or higher)\n\nHP Jetdirect 635n EIO Card\n J7961G\n V41.16 (or higher)\n\nHP Jetdirect 695n EIO Card\n J8024A\n V41.16 (or higher)\n\nHP Jetdirect 640n EIO Card\n J8025A\n V45.35 (or higher)\n\nHISTORY\nVersion:1 (rev.1) - 26 June 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3566"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71506"
      },
      {
        "db": "PACKETSTORM",
        "id": "128732"
      },
      {
        "db": "PACKETSTORM",
        "id": "129426"
      },
      {
        "db": "PACKETSTORM",
        "id": "133368"
      },
      {
        "db": "PACKETSTORM",
        "id": "130644"
      },
      {
        "db": "PACKETSTORM",
        "id": "131011"
      },
      {
        "db": "PACKETSTORM",
        "id": "130125"
      },
      {
        "db": "PACKETSTORM",
        "id": "130334"
      },
      {
        "db": "PACKETSTORM",
        "id": "130817"
      },
      {
        "db": "PACKETSTORM",
        "id": "136577"
      },
      {
        "db": "PACKETSTORM",
        "id": "129401"
      },
      {
        "db": "PACKETSTORM",
        "id": "128808"
      },
      {
        "db": "PACKETSTORM",
        "id": "132469"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-71506",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71506"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3566",
        "trust": 2.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSMA-18-058-02",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61130",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61995",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60792",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61019",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61316",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61827",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61782",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60056",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61810",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61819",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61825",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60206",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61303",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61359",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61345",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59627",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60859",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61926",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031120",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031106",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031124",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031091",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031095",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031088",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031093",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031105",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031094",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031087",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031090",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031107",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031132",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031085",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031039",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031096",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031131",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031029",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031123",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031086",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031130",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031092",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031089",
        "trust": 1.1
      },
      {
        "db": "USCERT",
        "id": "TA14-290A",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10091",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10104",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10090",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#577193",
        "trust": 1.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10705",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "70574",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132469",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "131011",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "130125",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "128732",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "136577",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "129401",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "130334",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "133368",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "130817",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "129426",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "131009",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130184",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131051",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128838",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130217",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130296",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129150",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132084",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132573",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131354",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128969",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128669",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128866",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129265",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129217",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136599",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133640",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129263",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128921",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129614",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130759",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129065",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139063",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129266",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128863",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130332",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128730",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130298",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131690",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128770",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132641",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128733",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130816",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129528",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130052",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129294",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132470",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133836",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129242",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130304",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130549",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129427",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130085",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131008",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137652",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129071",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130046",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "135908",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130086",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128769",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130141",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130181",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132942",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130070",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129318",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132965",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131790",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130818",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128771",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130050",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133600",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130072",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129120",
        "trust": 0.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-267",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-92692",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-71506",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130644",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128808",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71506"
      },
      {
        "db": "PACKETSTORM",
        "id": "128732"
      },
      {
        "db": "PACKETSTORM",
        "id": "129426"
      },
      {
        "db": "PACKETSTORM",
        "id": "133368"
      },
      {
        "db": "PACKETSTORM",
        "id": "130644"
      },
      {
        "db": "PACKETSTORM",
        "id": "131011"
      },
      {
        "db": "PACKETSTORM",
        "id": "130125"
      },
      {
        "db": "PACKETSTORM",
        "id": "130334"
      },
      {
        "db": "PACKETSTORM",
        "id": "130817"
      },
      {
        "db": "PACKETSTORM",
        "id": "136577"
      },
      {
        "db": "PACKETSTORM",
        "id": "129401"
      },
      {
        "db": "PACKETSTORM",
        "id": "128808"
      },
      {
        "db": "PACKETSTORM",
        "id": "132469"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3566"
      }
    ]
  },
  "id": "VAR-201410-1418",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71506"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T20:21:29.859000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71506"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3566"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2486-1"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031029"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031039"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031085"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031086"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031087"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031088"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031089"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031090"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031091"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031092"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031093"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031094"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031095"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031096"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031105"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031106"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031107"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031120"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031123"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031124"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031130"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031131"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031132"
      },
      {
        "trust": 1.1,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141015-poodle"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59627"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60056"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60206"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60792"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60859"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61019"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61130"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61303"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61316"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61345"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61359"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61782"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61810"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61819"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61825"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61827"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61926"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61995"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/70574"
      },
      {
        "trust": 1.1,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
      },
      {
        "trust": 1.1,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/533724/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/533747"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/533746"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2014/dsa-3053"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3144"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3147"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3253"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2016/dsa-3489"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-november/142330.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-october/141158.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-october/141114.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-october/169374.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-october/169361.html"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/201507-14"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/201606-11"
      },
      {
        "trust": 1.1,
        "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04583581"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:203"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1652.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1653.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1692.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1876.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1877.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1880.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1881.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1882.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1920.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1948.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0068.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0079.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0080.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0085.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0086.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0264.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0698.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1545.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1546.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.us-cert.gov/ncas/alerts/ta14-290a"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2487-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.kb.cert.org/vuls/id/577193"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3ccommits.cxf.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3ccommits.cxf.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3ccommits.cxf.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3ccommits.cxf.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3ccommits.cxf.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3ccommits.cxf.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0416.html"
      },
      {
        "trust": 1.1,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
      },
      {
        "trust": 1.1,
        "url": "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566"
      },
      {
        "trust": 1.1,
        "url": "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html"
      },
      {
        "trust": 1.1,
        "url": "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/"
      },
      {
        "trust": 1.1,
        "url": "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx"
      },
      {
        "trust": 1.1,
        "url": "http://docs.ipswitch.com/moveit/dmz82/releasenotes/moveitreleasenotes82.pdf"
      },
      {
        "trust": 1.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2014-011.html"
      },
      {
        "trust": 1.1,
        "url": "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html"
      },
      {
        "trust": 1.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04779034"
      },
      {
        "trust": 1.1,
        "url": "http://people.canonical.com/~ubuntu-security/cve/2014/cve-2014-3566.html"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/ht204244"
      },
      {
        "trust": 1.1,
        "url": "http://support.citrix.com/article/ctx200238"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021431"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021439"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687172"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687611"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/security/advisories/vmsa-2015-0003.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
      },
      {
        "trust": 1.1,
        "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/articles/1232123"
      },
      {
        "trust": 1.1,
        "url": "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/"
      },
      {
        "trust": 1.1,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa83"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789"
      },
      {
        "trust": 1.1,
        "url": "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip"
      },
      {
        "trust": 1.1,
        "url": "https://github.com/mpgn/poodle-poc"
      },
      {
        "trust": 1.1,
        "url": "https://groups.google.com/forum/#%21topic/docker-user/oym0i3xshju"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04819635"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05068681"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-058-02"
      },
      {
        "trust": 1.1,
        "url": "https://puppet.com/security/cve/poodle-sslv3-vulnerability"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20141015-0001/"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht205217"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht6527"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht6529"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht6531"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht6535"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht6536"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht6541"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht6542"
      },
      {
        "trust": 1.1,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.1,
        "url": "https://support.lenovo.com/product_security/poodle"
      },
      {
        "trust": 1.1,
        "url": "https://support.lenovo.com/us/en/product_security/poodle"
      },
      {
        "trust": 1.1,
        "url": "https://technet.microsoft.com/library/security/3009008.aspx"
      },
      {
        "trust": 1.1,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21688165"
      },
      {
        "trust": 1.1,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7"
      },
      {
        "trust": 1.1,
        "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.elastic.co/blog/logstash-1-4-3-released"
      },
      {
        "trust": 1.1,
        "url": "https://www.imperialviolet.org/2014/10/14/poodle.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.openssl.org/news/secadv_20141015.txt"
      },
      {
        "trust": 1.1,
        "url": "https://www.openssl.org/~bodo/ssl-poodle.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://www.suse.com/support/kb/doc.php?id=7015773"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.0,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10705"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141450452204552\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141450973807288\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141577087123040\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141577350823734\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141620103726640\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141628688425177\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141694355519663\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141697638231025\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141697676231104\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141703183219781\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141715130023061\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141775427104070\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141813976718456\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142607790919348\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142962817202793\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290371927178\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143558137709884\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143558192010071\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143628269912142\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=144101915224472\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=144251162130364\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=144294141001552\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=openssl-dev\u0026m=141333049205629\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10090"
      },
      {
        "trust": 1.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10091"
      },
      {
        "trust": 1.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10104"
      },
      {
        "trust": 0.8,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.8,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.7,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141577350823734\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141576815022399\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141620103726640\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141697638231025\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141703183219781\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141697676231104\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141775427104070\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141814011518700\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141715130023061\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141813976718456\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142118135300698\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142296755107581\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142354438527235\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142350743917559\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142350196615714\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142350298616097\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142357976805598\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142962817202793\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143290371927178\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=144294141001552\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=145983526810210\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141450973807288\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142721887231400\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142804214608580\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141450452204552\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141628688425177\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141577087123040\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141694355519663\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141879378918327\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143290583027876\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143628269912142\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143039249603103\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142624619906067\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142495837901899\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143290522027658\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142624719706349\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143290437727362\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142624590206005\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142624679706236\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142740155824959\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142721830231196\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142791032306609\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=144101915224472\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142103967620673\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143558137709884\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143558192010071\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142805027510172\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142546741516006\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=144251162130364\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=141477196830952\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143101048219218\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142496355704097\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142624619906067"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142607790919348\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=openssl-dev\u0026amp;m=141333049205629\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10705"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10090"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10091"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10104"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hp.com/hpsc/swd/public/readindex?sp4ts.oid=5263732\u0026swlango"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6271"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hp.com/hpsc/swd/public/readindex?sp4ts.oid=5331223\u0026swlango"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-57ab6bb78b6e47a18718f44133"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-2557aa7dc1654cf6b547c1a9e4"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-7b23e47d5d9b420b94bd1323eb"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6585"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.10.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0407"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6587"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6591"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0408"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0400"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.12.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0383"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6593"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6601"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0395"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0410"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0800"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hpe.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/insightremotesupport/docs"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-8.4.patch"
      },
      {
        "trust": 0.1,
        "url": "http://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-9.3.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-10.0.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-14:23.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-9.3.patch"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-10.0.patch"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3568\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-8.4.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71506"
      },
      {
        "db": "PACKETSTORM",
        "id": "128732"
      },
      {
        "db": "PACKETSTORM",
        "id": "129426"
      },
      {
        "db": "PACKETSTORM",
        "id": "133368"
      },
      {
        "db": "PACKETSTORM",
        "id": "130644"
      },
      {
        "db": "PACKETSTORM",
        "id": "131011"
      },
      {
        "db": "PACKETSTORM",
        "id": "130125"
      },
      {
        "db": "PACKETSTORM",
        "id": "130334"
      },
      {
        "db": "PACKETSTORM",
        "id": "130817"
      },
      {
        "db": "PACKETSTORM",
        "id": "136577"
      },
      {
        "db": "PACKETSTORM",
        "id": "129401"
      },
      {
        "db": "PACKETSTORM",
        "id": "128808"
      },
      {
        "db": "PACKETSTORM",
        "id": "132469"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3566"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-71506"
      },
      {
        "db": "PACKETSTORM",
        "id": "128732"
      },
      {
        "db": "PACKETSTORM",
        "id": "129426"
      },
      {
        "db": "PACKETSTORM",
        "id": "133368"
      },
      {
        "db": "PACKETSTORM",
        "id": "130644"
      },
      {
        "db": "PACKETSTORM",
        "id": "131011"
      },
      {
        "db": "PACKETSTORM",
        "id": "130125"
      },
      {
        "db": "PACKETSTORM",
        "id": "130334"
      },
      {
        "db": "PACKETSTORM",
        "id": "130817"
      },
      {
        "db": "PACKETSTORM",
        "id": "136577"
      },
      {
        "db": "PACKETSTORM",
        "id": "129401"
      },
      {
        "db": "PACKETSTORM",
        "id": "128808"
      },
      {
        "db": "PACKETSTORM",
        "id": "132469"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3566"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-10-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71506"
      },
      {
        "date": "2014-10-17T15:10:30",
        "db": "PACKETSTORM",
        "id": "128732"
      },
      {
        "date": "2014-12-09T23:13:22",
        "db": "PACKETSTORM",
        "id": "129426"
      },
      {
        "date": "2015-08-28T19:02:22",
        "db": "PACKETSTORM",
        "id": "133368"
      },
      {
        "date": "2015-03-05T14:44:00",
        "db": "PACKETSTORM",
        "id": "130644"
      },
      {
        "date": "2015-03-25T00:41:42",
        "db": "PACKETSTORM",
        "id": "131011"
      },
      {
        "date": "2015-01-28T00:26:54",
        "db": "PACKETSTORM",
        "id": "130125"
      },
      {
        "date": "2015-02-10T17:43:07",
        "db": "PACKETSTORM",
        "id": "130334"
      },
      {
        "date": "2015-03-13T17:11:14",
        "db": "PACKETSTORM",
        "id": "130817"
      },
      {
        "date": "2016-04-06T13:28:14",
        "db": "PACKETSTORM",
        "id": "136577"
      },
      {
        "date": "2014-12-05T15:08:08",
        "db": "PACKETSTORM",
        "id": "129401"
      },
      {
        "date": "2014-10-22T19:54:29",
        "db": "PACKETSTORM",
        "id": "128808"
      },
      {
        "date": "2015-06-29T15:36:03",
        "db": "PACKETSTORM",
        "id": "132469"
      },
      {
        "date": "2014-10-15T00:55:02.137000",
        "db": "NVD",
        "id": "CVE-2014-3566"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71506"
      },
      {
        "date": "2023-09-12T14:55:31.563000",
        "db": "NVD",
        "id": "CVE-2014-3566"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "136577"
      },
      {
        "db": "PACKETSTORM",
        "id": "129401"
      }
    ],
    "trust": 0.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Security Advisory 2014-10-16-4",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "128732"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "info disclosure",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "130125"
      }
    ],
    "trust": 0.1
  }
}

var-201605-0079
Vulnerability from variot

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. OpenSSL is prone to a local denial-of-service vulnerability. An attacker may exploit this issue to crash the application or consume excessive amount of data, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03756en_us Version: 1

HPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-06-05 Last Updated: 2017-06-05

Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.

References:

  • CVE-2016-2105 - Remote Denial of Service (DoS)
  • CVE-2016-2106 - Remote Denial of Service (DoS)
  • CVE-2016-2107 - Remote disclosure of sensitive information
  • CVE-2016-2108 - Remote Denial of Service (DoS)
  • CVE-2016-2109 - Remote Denial of Service (DoS)
  • CVE-2016-2176 - Remote Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • HP Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2016-2105
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-2106
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-2107
  3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVE-2016-2108
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-2016-2109
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVE-2016-2176
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
  6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software updates available to resolve the vulnerabilities in the Comware 7, iMC and VCX products running OpenSSL.

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7377P02
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 10500 (Comware 7) - Version: R7184
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5900/5920 (Comware 7) - Version: R2422P02
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR1000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR2000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR3000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR4000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • VSR (Comware 7) - Version: E0324
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 7900 (Comware 7) - Version: R2152
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5130 (Comware 7) - Version: R3115
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 6125XLG - Version: R2422P02
    • HP Network Products
    • 711307-B21 HP 6125XLG Blade Switch
    • 737230-B21 HP 6125XLG Blade Switch with TAA
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 6127XLG - Version: R2422P02
    • HP Network Products
    • 787635-B21 HP 6127XLG Blade Switch Opt Kit
    • 787635-B22 HP 6127XLG Blade Switch with TAA
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • Moonshot - Version: R2432
    • HP Network Products
    • 786617-B21 - HP Moonshot-45Gc Switch Module
    • 704654-B21 - HP Moonshot-45XGc Switch Module
    • 786619-B21 - HP Moonshot-180XGc Switch Module
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5700 (Comware 7) - Version: R2422P02
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5930 (Comware 7) - Version: R2422P02
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 1950 (Comware 7) - Version: R3115
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 7500 (Comware 7) - Version: R7184
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5510HI (Comware 7) - Version: R1120P10
    • HP Network Products
    • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
    • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
    • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
    • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
    • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5130HI (Comware 7) - Version: R1120P10
    • HP Network Products
    • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
    • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
    • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
    • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5940 - Version: R2509
    • HP Network Products
    • JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
    • JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
    • JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
    • JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
    • JH396A HPE FlexFabric 5940 32QSFP+ Switch
    • JH397A HPE FlexFabric 5940 2-slot Switch
    • JH398A HPE FlexFabric 5940 4-slot Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5950 - Version: R6123
    • HP Network Products
    • JH321A HPE FlexFabric 5950 32QSFP28 Switch
    • JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch
    • JH404A HPE FlexFabric 5950 4-slot Switch
  • 12900E (Comware 7) - Version: R2609
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176

iMC Products

  • iNode PC 7.2 (E0410) - Version: 7.2 E0410
    • HP Network Products
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
    • CVEs
    • CVE-2016-2106
    • CVE-2016-2109
    • CVE-2016-2176
  • iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409
    • HP Network Products
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
    • CVEs
    • CVE-2016-2106
    • CVE-2016-2109
    • CVE-2016-2176

VCX Products

  • VCX - Version: 9.8.19
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 2 June 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Corrected: 2016-05-03 18:54:20 UTC (stable/10, 10.3-STABLE) 2016-05-04 15:25:47 UTC (releng/10.3, 10.3-RELEASE-p2) 2016-05-04 15:26:23 UTC (releng/10.2, 10.2-RELEASE-p16) 2016-05-04 15:27:09 UTC (releng/10.1, 10.1-RELEASE-p33) 2016-05-04 06:53:02 UTC (stable/9, 9.3-STABLE) 2016-05-04 15:27:09 UTC (releng/9.3, 9.3-RELEASE-p41) CVE Name: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project.

II. Problem Description

The padding check in AES-NI CBC MAC was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes. [CVE-2016-2107]

An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. [CVE-2016-2105]

An overflow can occur in the EVP_EncryptUpdate() function, however it is believed that there can be no overflows in internal code due to this problem. [CVE-2016-2109]

ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. [CVE-2016-2176] FreeBSD does not run on any EBCDIC systems and therefore is not affected.

III. [CVE-2016-2109] TLS applications are not affected.

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

Restart all daemons that use the library, or reboot the system.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

Restart all daemons that use the library, or reboot the system.

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.x]

fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch

fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch.asc

gpg --verify openssl-10.patch.asc

[FreeBSD 9.3]

fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patc

fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patch.asc

gpg --verify openssl-9.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all daemons that use the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/9/ r299053 releng/9.3/ r299068 stable/10/ r298999 releng/10.1/ r299068 releng/10.2/ r299067 releng/10.3/ r299066

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII.

Gentoo Linux Security Advisory GLSA 201612-16

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2j >= 1.0.2j

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"

References

[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201612-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1t-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1t-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1t-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2h-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2h-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 packages: 033bd9509aeb07712e6bb3adf89c18e4 openssl-1.0.1t-i486-1_slack14.0.txz 9e91d781e33f7af80cbad08b245e84ed openssl-solibs-1.0.1t-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: e5c77ec16e3f2fcb2f1d53d84a6ba951 openssl-1.0.1t-x86_64-1_slack14.0.txz 2de7b6196a905233036d7f38008984bd openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 96dcae05ae2f585c30de852a55eb870f openssl-1.0.1t-i486-1_slack14.1.txz 59618b061e62fd9d73ba17df7626b2e7 openssl-solibs-1.0.1t-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 3d5ebfce099917703d537ab603e58a9b openssl-1.0.1t-x86_64-1_slack14.1.txz bf3a6bbdbe835dd2ce73333822cc9f06 openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz

Slackware -current packages: 4889a10c5f3aa7104167c7d50eedf7ea a/openssl-solibs-1.0.2h-i586-1.txz 8e3439f35c3cb4e11ca64eebb238a52f n/openssl-1.0.2h-i586-1.txz

Slackware x86_64 -current packages: b4a852bb7e86389ec228288ccb7e79bb a/openssl-solibs-1.0.2h-x86_64-1.txz bcf9dc7bb04173f002644e3ce33ab4ab n/openssl-1.0.2h-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1t-i486-1_slack14.1.txz openssl-solibs-1.0.1t-i486-1_slack14.1.txz

Then, reboot the machine or restart any network services that use OpenSSL.

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0996-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0996.html Issue date: 2016-05-10 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)

  • Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)

  • It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)

  • Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)

  • A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-48.el6_8.1.src.rpm

i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-48.el6_8.1.src.rpm

x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-48.el6_8.1.src.rpm

i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm

ppc64: openssl-1.0.1e-48.el6_8.1.ppc.rpm openssl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc64.rpm

s390x: openssl-1.0.1e-48.el6_8.1.s390.rpm openssl-1.0.1e-48.el6_8.1.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-devel-1.0.1e-48.el6_8.1.s390.rpm openssl-devel-1.0.1e-48.el6_8.1.s390x.rpm

x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-static-1.0.1e-48.el6_8.1.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-perl-1.0.1e-48.el6_8.1.s390x.rpm openssl-static-1.0.1e-48.el6_8.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-48.el6_8.1.src.rpm

i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFXMXPXXlSAg2UNWIIRAmqpAJ4sxaxPc4fbLjR32h/PW1fxwOZG7ACgtaSz 6dbI0EemYRoHCDagPHSycq4= =g2Zb -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. This could lead to a heap corruption. This could lead to a heap corruption.

CVE-2016-2108

David Benjamin from Google discovered that two separate bugs in the
ASN.1 encoder, related to handling of negative zero integer values
and large universal tags, could lead to an out-of-bounds write. This could result in arbitrary stack data
being returned in the buffer.

Additional information about these issues can be found in the OpenSSL security advisory at https://www.openssl.org/news/secadv/20160503.txt

For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u5.

For the unstable distribution (sid), these problems have been fixed in version 1.0.2h-1.

We recommend that you upgrade your openssl packages.

References:

  • CVE-2016-2107 - OpenSSL, Unauthorized disclosure of information
  • CVE-2016-2106 - OpenSSL, Denial of Service (DoS)
  • CVE-2016-2109 - OpenSSL, Denial of Service (DoS)
  • CVE-2016-2105 - OpenSSL, Denial of Service (DoS)
  • CVE-2016-3739 - cURL and libcurl, Remote code execution
  • CVE-2016-5388 - "HTTPoxy", Apache Tomcat
  • CVE-2016-5387 - "HTTPoxy", Apache HTTP Server
  • CVE-2016-5385 - "HTTPoxy", PHP
  • CVE-2016-4543 - PHP, multiple impact
  • CVE-2016-4071 - PHP, multiple impact
  • CVE-2016-4072 - PHP, multiple impact
  • CVE-2016-4542 - PHP, multiple impact
  • CVE-2016-4541 - PHP, multiple impact
  • CVE-2016-4540 - PHP, multiple impact
  • CVE-2016-4539 - PHP, multiple impact
  • CVE-2016-4538 - PHP, multiple impact
  • CVE-2016-4537 - PHP, multiple impact
  • CVE-2016-4343 - PHP, multiple impact
  • CVE-2016-4342 - PHP, multiple impact
  • CVE-2016-4070 - PHP, Denial of Service (DoS)
  • CVE-2016-4393 - PSRT110263, XSS vulnerability
  • CVE-2016-4394 - PSRT110263, HSTS vulnerability
  • CVE-2016-4395 - ZDI-CAN-3722, PSRT110115, Buffer Overflow
  • CVE-2016-4396 - ZDI-CAN-3730, PSRT110116, Buffer Overflow
  • PSRT110145
  • PSRT110263
  • PSRT110115
  • PSRT110116

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004

OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following:

apache_mod_php Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36. CVE-2016-4650

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro

Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro

bsdiff Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher

CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc.

CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo

Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4634 : Stefan Esser of SektionEins

ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex

ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : an anonymous researcher

IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins

IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero

Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team

Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

libc++abi Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4621 : an anonymous researcher

libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-0718 : Gustavo Grieco

LibreSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand, Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck

libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to the compromise of user information Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a denial of service Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

OpenSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. CVE-2016-2105 : Guido Vranken CVE-2016-2106 : Guido Vranken CVE-2016-2107 : Juraj Somorovsky CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter CVE-2016-2176 : Guido Vranken

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted SGI file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab

Safari Login AutoFill Available for: OS X El Capitan v10.11 and later Impact: A user's password may be visible on screen Description: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields. CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD

Sandbox Profiles Available for: OS X El Capitan v10.11 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins

Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900

OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y +cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc 55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5 YozOGPQFmX0OviWCQsX6 =ng+m -----END PGP SIGNATURE----- . Description:

This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)

  • This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)

  • This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)

  • This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)

  • This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)

  • A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808)

  • A memory leak flaw was fixed in expat.

See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/):

JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

6

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0079",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2g"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions  (linux)"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "express"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional for plug-in"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "ip38x/3000",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- security enhancement"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- messaging"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "6.2"
      },
      {
        "model": "cosminexus application server version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "ip38x/3500",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus developer standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ip38x/fw120",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7.2)"
      },
      {
        "model": "ip38x/1200",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "01"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.4"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver6.1 to  v8.0"
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "netvisorpro 6.1"
      },
      {
        "model": "ip38x/810",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.3"
      },
      {
        "model": "ip38x/n500",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus developer light",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "ip38x/1210",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "cosminexus developer version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "cosminexus developer light version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "st ard-r"
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1t"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base version 6"
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "business connect v7.1.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7.2)"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 and later"
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "ip38x/5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7.2)"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "7.0"
      },
      {
        "model": "ip38x/sr100",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "cosminexus application server standard",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "ucosminexus application server standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "cosminexus developer standard version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer professional version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "paging server",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport encryption appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa51x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mate collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "network health framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.2.1"
      },
      {
        "model": "unified series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "780011.5.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(3.10000.9)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6(3)"
      },
      {
        "model": "10.2-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.40"
      },
      {
        "model": "emergency responder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.2"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.2"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.6.0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "nexus series blade switches 0.9.8zf",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "telepresence isdn link",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "telepresence sx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.6"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "85100"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.131"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.2"
      },
      {
        "model": "mediasense 9.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "cognos business intelligence interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.119"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "aspera shares",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.6"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "10.1-release-p26",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.8"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "prime collaboration assurance sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "tivoli netcool system service monitors fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "10.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5.4.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13-34"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "im and presence service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1879.2.5"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs central 1.5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5(2)"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.1"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-11.5.2"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 1.0.1t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p28",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "webex recording playback client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p38",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "9.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90008.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.16-37"
      },
      {
        "model": "10.2-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "opensuse evergreen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "prime infrastructure standalone plug and play gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa50x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.014-01"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.5.1"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "model": "tivoli netcool system service monitors fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.1"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4-23"
      },
      {
        "model": "10.2-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.25-57"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-109"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-43"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "workload deployer if12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus intercloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.5"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.0.0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4.2"
      },
      {
        "model": "unified workforce optimization quality management sr3 es5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "qradar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "meetingplace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0.1.7"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "webex messenger service ep1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "mediasense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8961"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.1"
      },
      {
        "model": "10.2-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified wireless ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.1-release-p27",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "spa122 ata with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "webex meeting center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "webex node for mcs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.12.9.8"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2.8"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "10.2-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack interix fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.11-28"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "qradar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.31"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1"
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.17"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.19"
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "aspera console",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.0.997"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.3"
      },
      {
        "model": "unified ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "connected analytics for collaboration 1.0.1q",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.20"
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(2)"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "mmp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.0-13"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6.7"
      },
      {
        "model": "prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.3.4.2-4"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.14"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.6.1"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.4"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.7.0"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.31"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agent for openflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0.7"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "cognos business intelligence interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.117"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(3)"
      },
      {
        "model": "globalprotect agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.0"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "webex meetings for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5.0"
      },
      {
        "model": "mds series multilayer switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "ios software and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "webex meeting center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.0.5"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.15-36"
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.10"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client hosted t31r1sp6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "9.3-release-p35",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.8"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3x000"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "unified sip proxy",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "10.2-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.3"
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.1"
      },
      {
        "model": "spa50x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.8"
      },
      {
        "model": "9.3-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.6"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions if03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "identity services engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.1"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "10.1-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.10000.5)"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.0"
      },
      {
        "model": "telepresence mx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.4"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "qradar siem/qrif/qrm/qvm patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.71"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "telepresence profile series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.41"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.6"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "jabber for android mr",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "connected grid router-cgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2919"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "telepresence server on virtual machine mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "unified ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60008.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.2-9"
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70008.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.2"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-110"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "ironport email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.2"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-113"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "spa30x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30-12"
      },
      {
        "model": "webex meetings client on premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "tivoli netcool system service monitors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.3"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.3(1)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "bm security identity governance and intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.12"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.2"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.131)"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.3"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1(1)"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "algo audit and compliance if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.32"
      },
      {
        "model": "spa525g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "9.3-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9971"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.29-9"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.1.1"
      },
      {
        "model": "telepresence server mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.2"
      },
      {
        "model": "webex messenger service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "10.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "connected grid router 15.6.2.15t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "telepresence server on multiparty media mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5:20"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "counter fraud management for safer payments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.0"
      },
      {
        "model": "telepresence server on multiparty media mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.2"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.17"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.0"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.1"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "packet tracer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3.1"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "unified wireless ip phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security access manager for web",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "virtual security gateway vsg2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.0"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "webex meetings client on premises",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-2.7"
      },
      {
        "model": "10.2-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "spa51x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.9.1"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.7"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(3.10000.9)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.16"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "telepresence sx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-108"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(2.1)"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1"
      },
      {
        "model": "physical access control gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wide area application services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.5.7"
      },
      {
        "model": "9.3-release-p24",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "10.1-release-p19",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.10"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.5.41"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "10.1-release-p30",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0.9.8"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "edge digital media player 1.6rb4 5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "mds series multilayer switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "9.3-release-p36",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.8"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "partner supporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.11"
      },
      {
        "model": "mobility services engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0"
      },
      {
        "model": "edge digital media player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3401.2.0.20"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "spa30x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "10.2-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "42000"
      },
      {
        "model": "security access manager for web",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.0"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "standalone rack server cimc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli netcool system service monitors fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "jabber for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.2"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.4.7"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.7"
      },
      {
        "model": "9.3-release-p33",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.5"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "84200"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.2"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.112"
      },
      {
        "model": "meetingplace",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa525g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.0.5"
      },
      {
        "model": "9.3-release-p41",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitors fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud object store",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.8"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "cognos business intelligence fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.12"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.1.5"
      },
      {
        "model": "registered envelope service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "mq appliance m2001",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "tivoli netcool system service monitors fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "telepresence content server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(4)"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.4"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "asa cx and prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.21"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1)"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50007.3.1"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(3)"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "10.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8945"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.18-49"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1.10000.12)"
      },
      {
        "model": "mq appliance m2000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "telepresence ex series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.3"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "mate design",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "10.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.13-41"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network admission control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "10.1-release-p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "telepresence conductor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified attendant console standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.115"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.1"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mate live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.13"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.6)"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization sr3 es5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "unified communications manager 10.5 su3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.4"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nac server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0(0.400)"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9-34"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "9.3-release-p31",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "security proventia network active bypass 0343c3c",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "unified ip phones 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0(0.98000.225)"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "websphere application server liberty profile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.4"
      },
      {
        "model": "unity connection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.8"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1.98991.13)"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "prime optical for sps",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "45000"
      },
      {
        "model": "telepresence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50008.3"
      },
      {
        "model": "10.1-release-p31",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.12-04"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.1"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.3"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.2"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-2.7"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.6"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1.10000.5)"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.6"
      },
      {
        "model": "tivoli composite application manager for transactions if37",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "tivoli network manager ip edition fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.94"
      },
      {
        "model": "prime license manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-42"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.8"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.8"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v vsg2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "connected grid router cgos 15.6.2.15t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.3"
      },
      {
        "model": "9.3-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.12-01"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.3-release-p39",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-114"
      },
      {
        "model": "telepresence mx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.5"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence profile series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.13"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.2"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.014-08"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.21"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "globalprotect agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.1"
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "19.0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "10.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1876"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "10.3-release-p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9951"
      },
      {
        "model": "local collector appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.12"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.32"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.0"
      },
      {
        "model": "content security appliance updater servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "connected analytics for collaboration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p23",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "telepresence ex series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "mac os security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016"
      },
      {
        "model": "10.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.17"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.4-12"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder 10.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.113"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "900012.0"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "9.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7(0)"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.3-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.3"
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "services analytic platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "unified ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79009.4(2)"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.17"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "tivoli netcool system service monitors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "unified series ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "video surveillance media server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9"
      },
      {
        "model": "unified communications manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "agent for openflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.5"
      },
      {
        "model": "10.2-release-p16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "policy suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "53000"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.4.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "9.3-release-p34",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1)"
      },
      {
        "model": "tivoli provisioning manager for images system edition build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.20290.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.10"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "webex meetings server mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.99.2"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "asa cx and cisco prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5.4.3"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "9.3-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.2"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.13900.9)"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(0.98000.88)"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "87940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.1s",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Brian Carpenter",
    "sources": [
      {
        "db": "BID",
        "id": "87940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-2109",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-2109",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-2109",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2109",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201605-083",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-2109",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2109"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. OpenSSL is prone to a local denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application or consume excessive amount of data, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03756en_us\nVersion: 1\n\nHPESBHF03756 rev.1 -  HPE Network Products including Comware 7, iMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-06-05\nLast Updated: 2017-06-05\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nnetwork products including Comware 7, iMC, and VCX. The vulnerabilities could\nbe remotely exploited resulting in Denial of Service (DoS) or disclosure of\nsensitive information. \n\nReferences:\n\n  - CVE-2016-2105 - Remote Denial of Service (DoS)\n  - CVE-2016-2106 - Remote Denial of Service (DoS)\n  - CVE-2016-2107 - Remote disclosure of sensitive information\n  - CVE-2016-2108 - Remote Denial of Service (DoS)\n  - CVE-2016-2109 - Remote Denial of Service (DoS)\n  - CVE-2016-2176 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n  - Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - HP Intelligent Management Center (iMC) All versions - Please refer to the\nRESOLUTION below for a list of updated products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2016-2105\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-2106\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-2107\n      3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\n      2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n    CVE-2016-2108\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-2109\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n    CVE-2016-2176\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\n      6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerabilities in the Comware 7, iMC and VCX products running OpenSSL. \n\n**COMWARE 7 Products**\n\n  + 12500 (Comware 7) - Version: R7377P02\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 10500 (Comware 7) - Version: R7184\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5900/5920 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR1000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR2000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR3000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR4000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + VSR (Comware 7) - Version: E0324\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 7900 (Comware 7) - Version: R2152\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5130 (Comware 7) - Version: R3115\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 6125XLG - Version: R2422P02\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 6127XLG - Version: R2422P02\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + Moonshot - Version: R2432\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5700 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5930 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 1950 (Comware 7) - Version: R3115\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 7500 (Comware 7) - Version: R7184\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5510HI (Comware 7) - Version: R1120P10\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5130HI (Comware 7) - Version: R1120P10\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5940 - Version: R2509\n    * HP Network Products\n      - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch\n      - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch\n      - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch\n      - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch\n      - JH396A HPE FlexFabric 5940 32QSFP+ Switch\n      - JH397A HPE FlexFabric 5940 2-slot Switch\n      - JH398A HPE FlexFabric 5940 4-slot Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5950 - Version: R6123\n    * HP Network Products\n      - JH321A HPE FlexFabric 5950 32QSFP28 Switch\n      - JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch\n      - JH404A HPE FlexFabric 5950 4-slot Switch\n  + 12900E (Comware 7) - Version: R2609\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n\n**iMC Products**\n\n  + iNode PC 7.2 (E0410) - Version: 7.2 E0410\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n    * CVEs\n      - CVE-2016-2106\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n    * CVEs\n      - CVE-2016-2106\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n\n**VCX Products**\n\n  + VCX - Version: 9.8.19\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 2 June 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \nCorrected:      2016-05-03 18:54:20 UTC (stable/10, 10.3-STABLE)\n                2016-05-04 15:25:47 UTC (releng/10.3, 10.3-RELEASE-p2)\n                2016-05-04 15:26:23 UTC (releng/10.2, 10.2-RELEASE-p16)\n                2016-05-04 15:27:09 UTC (releng/10.1, 10.1-RELEASE-p33)\n                2016-05-04 06:53:02 UTC (stable/9, 9.3-STABLE)\n                2016-05-04 15:27:09 UTC (releng/9.3, 9.3-RELEASE-p41)\nCVE Name:       CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109,\n                CVE-2016-2176\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII.  Problem Description\n\nThe padding check in AES-NI CBC MAC was rewritten to be in constant time\nby making sure that always the same bytes are read and compared against\neither the MAC or padding bytes. But it no longer checked that there was\nenough data to have both the MAC and padding bytes. [CVE-2016-2107]\n\nAn overflow can occur in the EVP_EncodeUpdate() function which is used for\nBase64 encoding of binary data. [CVE-2016-2105]\n\nAn overflow can occur in the EVP_EncryptUpdate() function, however it is\nbelieved that there can be no overflows in internal code due to this problem. \n[CVE-2016-2109]\n\nASN1 Strings that are over 1024 bytes can cause an overread in applications\nusing the X509_NAME_oneline() function on EBCDIC systems. [CVE-2016-2176]\nFreeBSD does not run on any EBCDIC systems and therefore is not affected. \n\nIII. [CVE-2016-2109]  TLS applications are not affected. \n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nRestart all daemons that use the library, or reboot the system. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nRestart all daemons that use the library, or reboot the system. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.x]\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch.asc\n# gpg --verify openssl-10.patch.asc\n\n[FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patc\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patch.asc\n# gpg --verify openssl-9.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all daemons that use the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/9/                                                         r299053\nreleng/9.3/                                                       r299068\nstable/10/                                                        r298999\nreleng/10.1/                                                      r299068\nreleng/10.2/                                                      r299067\nreleng/10.3/                                                      r299066\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 07, 2016\n     Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n           #592082, #594500, #595186\n       ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2j                  \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. Additionally, a time based side-channel\nattack may allow a local attacker to recover a private DSA key. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[  1 ] CVE-2016-2105\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[  2 ] CVE-2016-2106\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[  3 ] CVE-2016-2107\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[  4 ] CVE-2016-2108\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[  5 ] CVE-2016-2109\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[  6 ] CVE-2016-2176\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[  7 ] CVE-2016-2177\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[  8 ] CVE-2016-2178\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[  9 ] CVE-2016-2180\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n       http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1t-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1t-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1t-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1t-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2h-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2h-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\n033bd9509aeb07712e6bb3adf89c18e4  openssl-1.0.1t-i486-1_slack14.0.txz\n9e91d781e33f7af80cbad08b245e84ed  openssl-solibs-1.0.1t-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ne5c77ec16e3f2fcb2f1d53d84a6ba951  openssl-1.0.1t-x86_64-1_slack14.0.txz\n2de7b6196a905233036d7f38008984bd  openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n96dcae05ae2f585c30de852a55eb870f  openssl-1.0.1t-i486-1_slack14.1.txz\n59618b061e62fd9d73ba17df7626b2e7  openssl-solibs-1.0.1t-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n3d5ebfce099917703d537ab603e58a9b  openssl-1.0.1t-x86_64-1_slack14.1.txz\nbf3a6bbdbe835dd2ce73333822cc9f06  openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n4889a10c5f3aa7104167c7d50eedf7ea  a/openssl-solibs-1.0.2h-i586-1.txz\n8e3439f35c3cb4e11ca64eebb238a52f  n/openssl-1.0.2h-i586-1.txz\n\nSlackware x86_64 -current packages:\nb4a852bb7e86389ec228288ccb7e79bb  a/openssl-solibs-1.0.2h-x86_64-1.txz\nbcf9dc7bb04173f002644e3ce33ab4ab  n/openssl-1.0.2h-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1t-i486-1_slack14.1.txz openssl-solibs-1.0.1t-i486-1_slack14.1.txz \n\nThen, reboot the machine or restart any network services that use OpenSSL. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2016:0996-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0996.html\nIssue date:        2016-05-10\nCVE Names:         CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 \n                   CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 \n                   CVE-2016-2842 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. \n(CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in\nthe way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL\nparsed very large amounts of input data. A remote attacker could use these\nflaws to crash an application using OpenSSL or, possibly, execute arbitrary\ncode with the permissions of the user running that application. \n(CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application. \n(CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno B\u00f6ck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions\n1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0799\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2107\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-2842\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXMXPXXlSAg2UNWIIRAmqpAJ4sxaxPc4fbLjR32h/PW1fxwOZG7ACgtaSz\n6dbI0EemYRoHCDagPHSycq4=\n=g2Zb\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. This could lead to a heap corruption. \n    This could lead to a heap corruption. \n\nCVE-2016-2108\n\n    David Benjamin from Google discovered that two separate bugs in the\n    ASN.1 encoder, related to handling of negative zero integer values\n    and large universal tags, could lead to an out-of-bounds write. This could result in arbitrary stack data\n    being returned in the buffer. \n\nAdditional information about these issues can be found in the OpenSSL\nsecurity advisory at https://www.openssl.org/news/secadv/20160503.txt\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u5. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2h-1. \n\nWe recommend that you upgrade your openssl packages. \n\nReferences:\n\n  - CVE-2016-2107 - OpenSSL, Unauthorized disclosure of information\n  - CVE-2016-2106 - OpenSSL, Denial of Service (DoS)\n  - CVE-2016-2109 - OpenSSL, Denial of Service (DoS)\n  - CVE-2016-2105 - OpenSSL, Denial of Service (DoS)\n  - CVE-2016-3739 - cURL and libcurl, Remote code execution\n  - CVE-2016-5388 - \"HTTPoxy\", Apache Tomcat\n  - CVE-2016-5387 - \"HTTPoxy\", Apache HTTP Server\n  - CVE-2016-5385 - \"HTTPoxy\", PHP \n  - CVE-2016-4543 - PHP, multiple impact\n  - CVE-2016-4071 - PHP, multiple impact\n  - CVE-2016-4072 - PHP, multiple impact\n  - CVE-2016-4542 - PHP, multiple impact\n  - CVE-2016-4541 - PHP, multiple impact\n  - CVE-2016-4540 - PHP, multiple impact\n  - CVE-2016-4539 - PHP, multiple impact\n  - CVE-2016-4538 - PHP, multiple impact\n  - CVE-2016-4537 - PHP, multiple impact\n  - CVE-2016-4343 - PHP, multiple impact\n  - CVE-2016-4342 - PHP, multiple impact\n  - CVE-2016-4070 - PHP, Denial of Service (DoS)\n  - CVE-2016-4393 - PSRT110263, XSS vulnerability\n  - CVE-2016-4394 - PSRT110263, HSTS vulnerability\n  - CVE-2016-4395 - ZDI-CAN-3722, PSRT110115, Buffer Overflow\n  - CVE-2016-4396 - ZDI-CAN-3730, PSRT110116, Buffer Overflow\n  - PSRT110145\n  - PSRT110263\n  - PSRT110115\n  - PSRT110116\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update\n2016-004\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 is now\navailable and addresses the following:\n\napache_mod_php\nAvailable for:  \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple issues existed in PHP versions prior to\n5.5.36. These were addressed by updating PHP to version 5.5.36. \nCVE-2016-4650\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Parsing a maliciously crafted audio file may lead to the\ndisclosure of user information\nDescription:  An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend\nMicro\u0027s Zero Day Initiative\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nbsdiff\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription:  An integer overflow existed in bspatch. This issue was\naddressed through improved bounds checking. \nCVE-2014-9862 : an anonymous researcher\n\nCFNetwork\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to view sensitive user information\nDescription:  A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed through improved\nrestrictions. \nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc. \n\nCoreGraphics\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nCoreGraphics\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to elevate privileges\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nFaceTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription:  User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nGraphics Drivers\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4634 : Stefan Esser of SektionEins\n\nImageIO\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nImageIO\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nIntel Graphics Driver\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4633 : an anonymous researcher\n\nIOHIDFamily\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nIOSurface\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A use-after-free was addressed through improved memory\nmanagement. \nCVE-2016-4625 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibc++abi\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  An application may be able to execute arbitrary code with\nroot privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4621 : an anonymous researcher\n\nlibexpat\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-0718 : Gustavo Grieco\n\nLibreSSL\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple issues existed in LibreSSL before 2.2.7. These\nwere addressed by updating LibreSSL to version 2.2.7. \nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand,\nIan Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription:  An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Multiple vulnerabilities in libxml2\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxslt\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Multiple vulnerabilities in libxslt\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode leading to compromise of user information\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode leading to the compromise of user information\nDescription:  A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a denial of service\nDescription:  A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to gain root privileges\nDescription:  A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. \nCVE-2016-2105 : Guido Vranken\nCVE-2016-2106 : Guido Vranken\nCVE-2016-2107 : Juraj Somorovsky\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\nCVE-2016-2176 : Guido Vranken\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4596 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4597 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4600 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4602 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4598 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted SGI file may lead to\narbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4601 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4599 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nSafari Login AutoFill\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A user\u0027s password may be visible on screen\nDescription:  An issue existed in Safari\u0027s password auto-fill. This\nissue was addressed through improved matching of form fields. \nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\nSandbox Profiles\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local application may be able to access the process list\nDescription:  An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nNote: OS X El Capitan 10.11.6 includes the security content of Safari\n9.1.2. For further details see https://support.apple.com/kb/HT206900\n\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y\n+cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy\npSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV\nxj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u\nwevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN\nZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k\nah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk\nmmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC\nJM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc\n55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs\nxPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5\nYozOGPQFmX0OviWCQsX6\n=ng+m\n-----END PGP SIGNATURE-----\n. Description:\n\nThis release of Red Hat JBoss Core Services httpd 2.4.23 serves as a\nreplacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2109"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "db": "BID",
        "id": "87940"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2109"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "136919"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136912"
      },
      {
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2109",
        "trust": 3.8
      },
      {
        "db": "BID",
        "id": "87940",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "136912",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10160",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-18",
        "trust": 1.7
      },
      {
        "db": "PULSESECURE",
        "id": "SA40202",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1035721",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU93163809",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94844193",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2148",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2109",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "142803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136919",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140056",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136958",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136893",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139379",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143513",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137958",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140182",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2109"
      },
      {
        "db": "BID",
        "id": "87940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "136919"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136912"
      },
      {
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "id": "VAR-201605-0079",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.43052093714285716
  },
  "last_update_date": "2024-07-23T20:50:53.695000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
      },
      {
        "title": "HT206903",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206903"
      },
      {
        "title": "HT206903",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206903"
      },
      {
        "title": "HPSBMU03691",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
      },
      {
        "title": "SB10160",
        "trust": 0.8,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160"
      },
      {
        "title": "NV16-015",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv16-015.html"
      },
      {
        "title": "Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "Harden ASN.1 BIO handling of large amounts of data.",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807"
      },
      {
        "title": "ASN.1 BIO excessive memory allocation (CVE-2016-2109)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20160503.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Oracle Linux Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "title": "Oracle Linux Bulletin - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "title": "RHSA-2016:0722",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html"
      },
      {
        "title": "RHSA-2016:0996",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html"
      },
      {
        "title": "SA40202",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "title": "TLSA-2016-14",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-14j.html"
      },
      {
        "title": "HS16-023",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs16-023/index.html"
      },
      {
        "title": "OpenSSL ASN.1 BIO Fixes to implement a denial of service vulnerability",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=61408"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/05/03/openssl_patches/"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162073 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2016-2109",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2109"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2959-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3566-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=055972eb84483959232c972f757685e0"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-695",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-695"
      },
      {
        "title": "Tenable Security Advisories: [R5] OpenSSL \u002720160503\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-10"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-13"
      },
      {
        "title": "Symantec Security Advisories: SA123 : OpenSSL Vulnerabilities 3-May-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=5d65f6765e60e5fe9e6998a5bde1aadc"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2105, 2106, 2107, 2108, 2109, 2176 -- Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=01fd01e3d154696ffabfde89f4142310"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=83bbd91f8369c8f064e6d68dac68400f"
      },
      {
        "title": "Android Security Bulletins: Android Security Bulletin\u2014July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=8c840629bfabaea20b649ca3c4988587"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-18"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-2109 "
      },
      {
        "title": "alpine-cvecheck",
        "trust": 0.1,
        "url": "https://github.com/tomwillfixit/alpine-cvecheck "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      },
      {
        "title": "satellite-host-cve",
        "trust": 0.1,
        "url": "https://github.com/redhatsatellite/satellite-host-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2109"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://www.openssl.org/news/secadv/20160503.txt"
      },
      {
        "trust": 2.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201612-16"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht206903"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/87940"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-16:17.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.ubuntu.com/usn/usn-2959-1"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2073.html"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03765en_us"
      },
      {
        "trust": 1.7,
        "url": "https://source.android.com/security/bulletin/2017-07-01"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03756en_us"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-18"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa123"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2016/dsa-3566"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1035721"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=c62981390d6cf9e3d612c489b8b77c2913b25807"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2109"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu93163809/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94844193/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2109"
      },
      {
        "trust": 0.8,
        "url": "http://www.aratana.jp/security/detail.php?id=16"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330101"
      },
      {
        "trust": 0.3,
        "url": "https://git.openssl.org/?p=openssl.git;a=commitdiff;h=c62981390d6cf9e3d612c489b8b77c2913b25807"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2016/may/25"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023779"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023814"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024078"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024319"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000158"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021361"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021376"
      },
      {
        "trust": 0.3,
        "url": "https://securityadvisories.paloaltonetworks.com/home/detail/56?aspxautodetectcookiesupport=1"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987903"
      },
      {
        "trust": 0.3,
        "url": "https://support.asperasoft.com/hc/en-us/articles/229505687-security-bulletin-multiple-openssl-vulnerabilities-affect-ibm-aspera-shares-1-9-2-or-earlier-%20-ibm-aspera-console-3-0-6-or-earlier"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988007"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009147"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983158"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984323"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21984483"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984583"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984609"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984794"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984920"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984977"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985736"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986068"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986123"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986152"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986260"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986473"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986506"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986563"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986564"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986669"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987671"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987779"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987968"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988055"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988071"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988189"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988350"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988383"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988976"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989046"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992493"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000192"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.3,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.3,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2016:2073"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2959-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49332"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03756en_us"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-16:17/openssl-9.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-16:17/openssl-9.patc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-16:17/openssl-10.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2106\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2176\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20160503.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:17.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-16:17/openssl-10.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2109\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2107\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://eprint.iacr.org/2016/594.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4393"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4396"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4537"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3739"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4395"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4538"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5385"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4070"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/us/en/product-catalog/detail/pip.344313.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4072"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4071"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4394"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4539"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4342"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03765en_us"
      },
      {
        "trust": 0.1,
        "url": "http://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-a00006123en_"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4599"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4601"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4597"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4596"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4595"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9862"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4598"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4602"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht206900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-8612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5420"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5419"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7141"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2109"
      },
      {
        "db": "BID",
        "id": "87940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "136919"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136912"
      },
      {
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2109"
      },
      {
        "db": "BID",
        "id": "87940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "136919"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136912"
      },
      {
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2109"
      },
      {
        "date": "2016-04-26T00:00:00",
        "db": "BID",
        "id": "87940"
      },
      {
        "date": "2016-05-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "date": "2017-06-05T18:18:00",
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "date": "2016-05-05T16:11:49",
        "db": "PACKETSTORM",
        "id": "136919"
      },
      {
        "date": "2016-12-07T16:37:31",
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "date": "2016-05-04T14:53:10",
        "db": "PACKETSTORM",
        "id": "136912"
      },
      {
        "date": "2016-05-10T17:01:56",
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "date": "2016-05-03T22:55:47",
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "date": "2016-10-27T19:22:00",
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "date": "2017-07-26T17:44:00",
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "date": "2016-07-19T19:45:20",
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "date": "2016-12-16T16:34:49",
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "date": "2016-05-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      },
      {
        "date": "2016-05-05T01:59:05.357000",
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2109"
      },
      {
        "date": "2017-05-02T01:10:00",
        "db": "BID",
        "id": "87940"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      },
      {
        "date": "2023-11-07T02:30:56.300000",
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  ASN.1 BIO Implementation of  crypto/asn1/a_d2i_fp.c of  asn1_d2i_read_bio Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      }
    ],
    "trust": 0.6
  }
}

var-201011-0251
Vulnerability from variot

Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL is prone to a heap-based buffer-overflow vulnerability because the library fails to properly perform bounds-checks on user-supplied input before copying it to an insufficiently sized memory buffer. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users. OpenSSL 0.9.8f to 0.9.8o, 1.0.0, and 1.0.0a are vulnerable. NOTE: This issue affects servers which are multi-threaded and use OpenSSL's internal caching mechanism. Multi-processed servers or servers with disabled internal caching (like Apache HTTP server and Stunnel) are not affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

               VMware Security Advisory

Advisory ID: VMSA-2011-0003 Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Issue date: 2011-02-10 Updated on: 2011-02-10 (initial release of advisory) CVE numbers: --- Apache Tomcat --- CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 CVE-2009-3548 CVE-2010-2227 CVE-2010-1157 --- Apache Tomcat Manager --- CVE-2010-2928 --- cURL --- CVE-2010-0734 --- COS Kernel --- CVE-2010-1084 CVE-2010-2066 CVE-2010-2070 CVE-2010-2226 CVE-2010-2248 CVE-2010-2521 CVE-2010-2524 CVE-2010-0008 CVE-2010-0415 CVE-2010-0437 CVE-2009-4308 CVE-2010-0003 CVE-2010-0007 CVE-2010-0307 CVE-2010-1086 CVE-2010-0410 CVE-2010-0730 CVE-2010-1085 CVE-2010-0291 CVE-2010-0622 CVE-2010-1087 CVE-2010-1173 CVE-2010-1437 CVE-2010-1088 CVE-2010-1187 CVE-2010-1436 CVE-2010-1641 CVE-2010-3081 --- Microsoft SQL Express --- CVE-2008-5416 CVE-2008-0085 CVE-2008-0086 CVE-2008-0107 CVE-2008-0106 --- OpenSSL --- CVE-2010-0740 CVE-2010-0433 CVE-2010-3864 CVE-2010-2939 --- Oracle (Sun) JRE --- CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-0850 CVE-2010-0886 CVE-2010-3556 CVE-2010-3566 CVE-2010-3567 CVE-2010-3550 CVE-2010-3561 CVE-2010-3573 CVE-2010-3565 CVE-2010-3568 CVE-2010-3569 CVE-2010-1321 CVE-2010-3548 CVE-2010-3551 CVE-2010-3562 CVE-2010-3571 CVE-2010-3554 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3574 --- pam_krb5 --- CVE-2008-3825 CVE-2009-1384

  1. Summary

Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues.

  1. Relevant releases

vCenter Server 4.1 without Update 1,

vCenter Update Manager 4.1 without Update 1,

ESXi 4.1 without patch ESXi410-201101201-SG,

ESX 4.1 without patch ESX410-201101201-SG.

  1. Problem Description

a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3

Microsoft SQL Server 2005 Express Edition (SQL Express)
distributed with vCenter Server 4.1 Update 1 and vCenter Update
Manager 4.1 Update 1 is upgraded from  SQL Express Service Pack 2
to SQL Express Service Pack 3, to address multiple security
issues that exist in the earlier releases of Microsoft SQL Express.

Customers using other database solutions need not update for
these issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,
CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL
Express Service Pack 3.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  Update 1
vCenter        4.0       Windows  affected, patch pending
VirtualCenter  2.5       Windows  affected, no patch planned

Update Manager 4.1       Windows  Update 1
Update Manager 4.0       Windows  affected, patch pending
Update Manager 1.0       Windows  affected, no patch planned

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            any       ESX      not affected
  • Hosted products are VMware Workstation, Player, ACE, Fusion.

b. vCenter Apache Tomcat Management Application Credential Disclosure

The Apache Tomcat Manager application configuration file contains
logon credentials that can be read by unprivileged local users.

The issue is resolved by removing the Manager application in
vCenter 4.1 Update 1.

If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon
credentials are not present in the configuration file after the
update.

VMware would like to thank Claudio Criscione of Secure Networking
for reporting this issue to us.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-2928 to this issue.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  Update 1
vCenter        4.0       Windows  not affected
VirtualCenter  2.5       Windows  not affected

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            any       ESX      not affected
  • hosted products are VMware Workstation, Player, ACE, Fusion.

c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21

Oracle (Sun) JRE update to version 1.6.0_21, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082,
CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,
CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,
CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,
CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,
CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845,
CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849,
CVE-2010-0850.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following name to the security issue fixed in
Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  Update 1
vCenter        4.0       Windows  not applicable **
VirtualCenter  2.5       Windows  not applicable **

Update Manager 4.1       Windows  not applicable **
Update Manager 4.0       Windows  not applicable **
Update Manager 1.0       Windows  not applicable **


hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      ESX410-201101201-SG
ESX            4.0       ESX      not applicable **
ESX            3.5       ESX      not applicable **
ESX            3.0.3     ESX      not applicable **
  • hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.5.0 family

d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26

Oracle (Sun) JRE update to version 1.5.0_26, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566,
CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573,
CVE-2010-3565,CVE-2010-3568, CVE-2010-3569,  CVE-2009-3555,
CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562,
CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572,
CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541,
CVE-2010-3574.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  not applicable **
vCenter        4.0       Windows  affected, patch pending
VirtualCenter  2.5       Windows  affected, no patch planned

Update Manager 4.1       Windows  Update 1
Update Manager 4.0       Windows  affected, patch pending
Update Manager 1.0       Windows  affected, no patch planned

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      not applicable **
ESX            4.0       ESX      affected, patch pending
ESX            3.5       ESX      affected, no patch planned
ESX            3.0.3     ESX      affected, no patch planned
  • hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.6.0 family

e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28

Apache Tomcat updated to version 6.0.28, which addresses multiple
security issues that existed in earlier releases of Apache Tomcat

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i
and CVE-2009-3548.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  Update 1
vCenter        4.0       Windows  affected, patch pending
VirtualCenter  2.5       Windows  not applicable **

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      ESX410-201101201-SG
ESX            4.0       ESX      affected, patch pending
ESX            3.5       ESX      not applicable **
ESX            3.0.3     ESX      not applicable **
  • hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Apache Tomcat 5.5 family

f. vCenter Server third party component OpenSSL updated to version 0.9.8n

The version of the OpenSSL library in vCenter Server is updated to
0.9.8n.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-0740 and CVE-2010-0433 to the
issues addressed in this version of OpenSSL.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  Update 1
vCenter        4.0       Windows  affected, patch pending
VirtualCenter  2.5       Windows  affected, no patch planned

hosted *       any       any      not applicable

ESXi           any       ESXi     not applicable

ESX            any       ESX      not applicable
  • hosted products are VMware Workstation, Player, ACE, Fusion.

g. ESX third party component OpenSSL updated to version 0.9.8p

The version of the ESX OpenSSL library is updated to 0.9.8p.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3864 and CVE-2010-2939 to the
issues addressed in this update.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        any       Windows  not applicable

hosted *       any       any      not applicable
ESXi           4.1       ESXi     ESXi410-201101201-SG
ESXi           4.0       ESXi     affected, patch pending
ESXi           3.5       ESXi     affected, patch pending

ESX            4.1       ESX      ESX410-201101201-SG
ESX            4.0       ESX      affected, patch pending
ESX            3.5       ESX      affected, patch pending
ESX            3.0.3     ESX      affected, patch pending
  • hosted products are VMware Workstation, Player, ACE, Fusion.

h. ESXi third party component cURL updated

The version of cURL library in ESXi is updated.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-0734 to the issues addressed in
this update.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        any       Windows  not affected

hosted *       any       any      not affected

ESXi           4.1       ESXi     ESXi410-201101201-SG
ESXi           4.0       ESXi     affected, patch pending
ESXi           3.5       ESXi     affected, patch pending

ESX            any       ESX      not applicable
  • hosted products are VMware Workstation, Player, ACE, Fusion.

i. ESX third party component pam_krb5 updated

The version of pam_krb5 library is updated.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-3825 and CVE-2009-1384 to the
issues addressed in the update.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        any       Windows  not affected

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      ESX410-201101201-SG
ESX            4.0       ESX      not affected
ESX            3.5       ESX      not affected
ESX            3.0.3     ESX      not affected
  • hosted products are VMware Workstation, Player, ACE, Fusion.

j. ESX third party update for Service Console kernel

The Service Console kernel is updated to include kernel version
2.6.18-194.11.1.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,
CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,
CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,
CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,
CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,
CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,
CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and
CVE-2010-3081 to the issues addressed in the update.

Note: This update also addresses the 64-bit compatibility mode
stack pointer underflow issue identified by CVE-2010-3081. This
issue was patched in an ESX 4.1 patch prior to the release of
ESX 4.1 Update 1.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        any       Windows  not affected

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      ESX410-201101201-SG
ESX            4.0       ESX      affected, patch pending
ESX            3.5       ESX      not applicable
ESX            3.0.3     ESX      not applicable

  • hosted products are VMware Workstation, Player, ACE, Fusion.

  • Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

VMware vCenter Server 4.1 Update 1 and modules

http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html

File type: .iso md5sum: 729cf247aa5d33ceec431c86377eee1a sha1sum: c1e10a5fcbc1ae9d13348d43541d574c563d66f0

File type: .zip md5sum: fd1441bef48a153f2807f6823790e2f0 sha1sum: 31737a816ed1c08ab3a505fb6db2483f49ad7c19

VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4

ESXi 4.1 Installable Update 1

http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes:

http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html http://kb.vmware.com/kb/1027919

File type: .iso MD5SUM: d68d6c2e040a87cd04cd18c04c22c998 SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64

ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1) File type: .zip MD5SUM: 2f1e009c046b20042fae3b7ca42a840f SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1

ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0) File type: .zip MD5SUM: 67b924618d196dafaf268a7691bd1a0f SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516

ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5) File type: .zip MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4 SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488

VMware Tools CD image for Linux Guest OSes File type: .iso MD5SUM: dad66fa8ece1dd121c302f45444daa70 SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af

VMware vSphere Client File type: .exe MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4

ESXi Installable Update 1 contains the following security bulletins: ESXi410-201101201-SG.

ESX 4.1 Update 1

http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes:

http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html http://kb.vmware.com/kb/1029353

ESX 4.1 Update 1 (DVD ISO) File type: .iso md5sum: b9a275b419a20c7bedf31c0bf64f504e sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11

ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1) File type: .zip md5sum: 2d81a87e994aa2b329036f11d90b4c14 sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798

Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1 File type: .zip md5sum: 75f8cebfd55d8a81deb57c27def963c2 sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2

ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0) File type: .zip md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2 sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922

VMware Tools CD image for Linux Guest OSes File type: .iso md5sum: dad66fa8ece1dd121c302f45444daa70 sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af

VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4

ESX410-Update01 contains the following security bulletins: ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL, Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904 ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330

ESX410-Update01 also contains the following non-security bulletins ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG, ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG, ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG, ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG, ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG, ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG.

To install an individual bulletin use esxupdate with the -b option.

  1. References

CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0730 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1436 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574

  1. Change log

2011-02-10 VMSA-2011-0003 Initial security advisory in conjunction with the release of vCenter Server 4.1 Update 1, vCenter Update Manager 4.1 Update 1, ESXi 4.1 Update 1, and ESX 4.1 Update 1 on 2011-02-10.

  1. Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  • security-announce at lists.vmware.com
  • bugtraq at securityfocus.com
  • full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2011 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32)

iEYEARECAAYFAk1U1eoACgkQS2KysvBH1xm3swCfeh4sWvPOubDT1K7QlRj3SjW9 dxYAmwbNLMR9IG/rKZDYh9hqcf4IldCX =2pVj -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02824483 Version: 1

HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-05-05 Last Updated: 2011-05-05

Potential Security Impact: Remote Denial of Service (DoS), Unauthorized disclosure of information, unauthorized modification

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses.

References: CVE-2011-0014, CVE-2010-4180, CVE-2010-4252, CVE-2010-3864

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS v 1.4 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-4180 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2010-4252 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-3864 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

HP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers: http://h71000.www7.hp.com/openvms/products/ssl/ssl.html

HISTORY Version:1 (rev.1) - 5 May 2011 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-01

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 09, 2011 Bugs: #303739, #308011, #322575, #332027, #345767, #347623, #354139, #382069 ID: 201110-01

Synopsis

Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.0e >= 1.0.0e

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0e"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues.

References

[ 1 ] CVE-2009-3245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245 [ 2 ] CVE-2009-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355 [ 3 ] CVE-2010-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433 [ 4 ] CVE-2010-0740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740 [ 5 ] CVE-2010-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742 [ 6 ] CVE-2010-1633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633 [ 7 ] CVE-2010-2939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939 [ 8 ] CVE-2010-3864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864 [ 9 ] CVE-2010-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180 [ 10 ] CVE-2010-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252 [ 11 ] CVE-2011-0014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014 [ 12 ] CVE-2011-3207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207 [ 13 ] CVE-2011-3210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201110-01.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Debian Security Advisory DSA-2125-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch November 22, 2010 http://www.debian.org/security/faq

Package : openssl Vulnerability : buffer overflow Problem type : remote Debian-specific: no Debian Bug : 603709 CVE Id(s) : CVE-2010-3864

A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack.

This upgrade fixes this issue. After the upgrade, any services using the openssl libraries need to be restarted. The checkrestart script from the debian-goodies package or lsof can help to find out which services need to be restarted.

A note to users of the tor packages from the Debian backports or Debian volatile: This openssl update causes problems with some versions of tor. You need to update to tor 0.2.1.26-4~bpo50+1 or 0.2.1.26-1~lennyvolatile2, respectively. The tor package version 0.2.0.35-1~lenny2 from Debian stable is not affected by these problems.

For the stable distribution (lenny), the problem has been fixed in openssl version 0.9.8g-15+lenny9.

For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 0.9.8o-3.

We recommend that you upgrade your openssl packages.

Upgrade instructions

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny (stable)

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz Size/MD5 checksum: 3354792 acf70a16359bf3658bdfb74bda1c4419 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.dsc Size/MD5 checksum: 1973 1efb69f23999507bf2e74f5b848744af http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.diff.gz Size/MD5 checksum: 60451 9aba44ed40b0c9c8ec82bd6cd33c44b8

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_alpha.deb Size/MD5 checksum: 2583248 3b3f0cbec4ec28eb310466237648db8f http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_alpha.deb Size/MD5 checksum: 1028998 79fe8cdd601aecd9f956033a04fb8da5 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_alpha.udeb Size/MD5 checksum: 722114 a388304bf86381229c306e79a5e85bf8 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_alpha.deb Size/MD5 checksum: 2814160 e0f6fc697f5e9c87b44aa15eb58c3ea8 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_alpha.deb Size/MD5 checksum: 4369318 c3cf8c7ec27f86563c34f45e986e17c4

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_amd64.deb Size/MD5 checksum: 975850 778916e8b0df8e216121cd5185d7ca43 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_amd64.deb Size/MD5 checksum: 2243180 ff6a898ccd6fb49d5fbec9f4bd3cb6da http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_amd64.udeb Size/MD5 checksum: 638414 9ea111d66ac5f394d35fb69defa5dd27 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_amd64.deb Size/MD5 checksum: 1627632 9f08e1da5cf9279cee4700e89dc6ee6d http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_amd64.deb Size/MD5 checksum: 1043320 9ada82a7417c0d714a38c3a7184c2401

arm architecture (ARM)

http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_arm.udeb Size/MD5 checksum: 536038 a9c90bb3ad326fa43c1285c1768df046 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_arm.deb Size/MD5 checksum: 2087048 bded4e624fcf0791ae0885aa18d99123 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_arm.deb Size/MD5 checksum: 1028894 20784774078f02ef7e9db2ddbd7d5548 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_arm.deb Size/MD5 checksum: 1490666 700c80efddb108b3e2a65373cc10dcc8 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_arm.deb Size/MD5 checksum: 844426 4cad5651a6d37ab19fb80b05a423598d

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_armel.deb Size/MD5 checksum: 1029206 6c6c35731ecacfc0280520097ee183d4 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_armel.udeb Size/MD5 checksum: 540780 3b9ab48015bbd4dfc1ab205b42f1113d http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_armel.deb Size/MD5 checksum: 2100958 fbf2c222a504e09e30f73cb0740a73a5 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_armel.deb Size/MD5 checksum: 1504318 8eaa760844c1b81d0f8bd21bdc7ca1d0 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_armel.deb Size/MD5 checksum: 850286 3e656a0805eb31600f8e3e520a2a6e36

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_hppa.deb Size/MD5 checksum: 2268562 8cb4805915dfde8326fde4281c9aaa76 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_hppa.deb Size/MD5 checksum: 969104 805c95116706c82051a5d08efce729e5 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_hppa.deb Size/MD5 checksum: 1047026 2e06d411c0a8764db3504638d3b59ef9 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_hppa.deb Size/MD5 checksum: 1528456 de6a4129635ee4565696198ce3423674 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_hppa.udeb Size/MD5 checksum: 634504 bab8594389626190b71ee97bfb46fa71

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_i386.deb Size/MD5 checksum: 2108452 d75ba6c13fc77dd3eefddde480a05231 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_i386.deb Size/MD5 checksum: 5393290 14bf0f44b8c802e47834234be834d80b http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_i386.deb Size/MD5 checksum: 2977384 bf4c26767b006694843d036ebdca132a http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_i386.udeb Size/MD5 checksum: 591782 bf5007e22e4bd31445458a5379086103 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_i386.deb Size/MD5 checksum: 1035868 64085f2b106009533bda0309f08548af

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_ia64.deb Size/MD5 checksum: 2666530 42cdae406ce22e3e538f0d744f043a39 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_ia64.deb Size/MD5 checksum: 1465582 33c84255a9515a9a528cbf3df9398ef5 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_ia64.udeb Size/MD5 checksum: 865352 9cbc10e393eb3d30d34ea384c6f1f9f5 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_ia64.deb Size/MD5 checksum: 1105090 cc7485d310d4770c2b1e93c6d74dcc2b http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_ia64.deb Size/MD5 checksum: 1280654 fde186a4983ac6cafcd3d5ec7e1d6f98

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mips.deb Size/MD5 checksum: 1025868 8b7f565c4c0a15b15f20f2e074bb503a http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mips.deb Size/MD5 checksum: 900162 391ac436c8d7ed7b55a8ea9e90c7d8be http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mips.deb Size/MD5 checksum: 2307960 227ac5c7b409d061222b94bc40e8cd18 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mips.deb Size/MD5 checksum: 1622826 8a4f73d6cd497076490404a2dade26ba http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mips.udeb Size/MD5 checksum: 585108 d8447df55a530959b6cd9d5d3039c0da

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mipsel.deb Size/MD5 checksum: 1012186 4a154b5c4d864f7dcd0bf019dfb41c5d http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mipsel.deb Size/MD5 checksum: 1588308 1222eb6b1870602335ef0722b7047b6a http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mipsel.udeb Size/MD5 checksum: 572370 a2535f616be099e9361a55637c3375d3 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mipsel.deb Size/MD5 checksum: 2295070 7446121759684083870d5ae0d26969c0 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mipsel.deb Size/MD5 checksum: 885668 3745e7c578002628f78f02bd5afeb84f

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_powerpc.deb Size/MD5 checksum: 1643808 43814c865d098046bc1dca1920820354 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_powerpc.deb Size/MD5 checksum: 1047060 5c45e5a5d02f856cb9dc29029d0b5557 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_powerpc.udeb Size/MD5 checksum: 656166 309fdeebe15bbecbe8c55dbd5ddbdd3a http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_powerpc.deb Size/MD5 checksum: 997540 f4bf73493f3964b8a23bdd424694f079 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_powerpc.deb Size/MD5 checksum: 2251238 35f6f59b07e57eb538da19545a733d5f

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_s390.udeb Size/MD5 checksum: 693040 26cab41169c6b8f64ce7936a2ea65a7b http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_s390.deb Size/MD5 checksum: 1051130 f67b4fd152e1175f81022ffd345d6c78 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_s390.deb Size/MD5 checksum: 2231782 c7796fff8c97bbf0c5ab69440cbd50f9 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_s390.deb Size/MD5 checksum: 1602496 a9595ac98fc11015dd4bb2634416197b http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_s390.deb Size/MD5 checksum: 1024562 ff293933ef4eb5e952659fe7caf82c8b

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_sparc.deb Size/MD5 checksum: 2290536 e5c655fbcc524fe7bb56945cc8b2f5d1 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_sparc.deb Size/MD5 checksum: 3868850 b9cbaa2cbb2cfa4aa1dce984148dba4b http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_sparc.deb Size/MD5 checksum: 2146488 d0c17736c2b26a97491e34321ffff3f5 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_sparc.udeb Size/MD5 checksum: 580510 28ab74855c8a34bb002b44fd7ecb8997 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_sparc.deb Size/MD5 checksum: 1043044 d78ffaf44d1177b05fa0cfb02d76128a

These files will probably be moved into the stable distribution on its next update.

Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 http://openssl.org/news/secadv_20101116.txt

Updated Packages:

Mandriva Linux 2009.0: b32e4b6e6b901d72fe4aa24bd0f41f9b 2009.0/i586/libopenssl0.9.8-0.9.8h-3.8mdv2009.0.i586.rpm f55512826ad63a1c9c4b60fad54292ac 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.8mdv2009.0.i586.rpm eb005af48a71b807ef387f4c54eedd6f 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.8mdv2009.0.i586.rpm ed01c1d0ea3fdecc8ba3331541d18d9a 2009.0/i586/openssl-0.9.8h-3.8mdv2009.0.i586.rpm a5b43d482e633af8952e7e04f8d7b56e 2009.0/SRPMS/openssl-0.9.8h-3.8mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64: 007dedca099e812b7b461e720ef5e6f1 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.8mdv2009.0.x86_64.rpm 293194a028c940a27d11549ef84ff182 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.8mdv2009.0.x86_64.rpm 6b1c8ced8640b51bf25761c127b3ed20 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.8mdv2009.0.x86_64.rpm 76bbe5d36d9887cbc753b267b6d3a608 2009.0/x86_64/openssl-0.9.8h-3.8mdv2009.0.x86_64.rpm a5b43d482e633af8952e7e04f8d7b56e 2009.0/SRPMS/openssl-0.9.8h-3.8mdv2009.0.src.rpm

Mandriva Linux 2010.0: b92acd82153b8987f0bcdb0e277c6f0e 2010.0/i586/libopenssl0.9.8-0.9.8k-5.3mdv2010.0.i586.rpm d780ab4e0e80a66b105f72e41a4d5b54 2010.0/i586/libopenssl0.9.8-devel-0.9.8k-5.3mdv2010.0.i586.rpm 8faae39210b0c366f619cdb71b1a7321 2010.0/i586/libopenssl0.9.8-static-devel-0.9.8k-5.3mdv2010.0.i586.rpm 2247e3b7bff72998d841d650ba25960a 2010.0/i586/openssl-0.9.8k-5.3mdv2010.0.i586.rpm 2c2a297e1c568ef69502064578516f0f 2010.0/SRPMS/openssl-0.9.8k-5.3mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64: 331d3064412c7b73baed5d54e7262f51 2010.0/x86_64/lib64openssl0.9.8-0.9.8k-5.3mdv2010.0.x86_64.rpm 2e90f43a521e108a8adbde35a058d7b9 2010.0/x86_64/lib64openssl0.9.8-devel-0.9.8k-5.3mdv2010.0.x86_64.rpm 7d102f6bf8bb201654aa518e3b73a27f 2010.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-5.3mdv2010.0.x86_64.rpm 4b7ad813fd5fdd5785bd94eb3a951244 2010.0/x86_64/openssl-0.9.8k-5.3mdv2010.0.x86_64.rpm 2c2a297e1c568ef69502064578516f0f 2010.0/SRPMS/openssl-0.9.8k-5.3mdv2010.0.src.rpm

Mandriva Linux 2010.1: 8310ac6aa860087de6992e618460f279 2010.1/i586/libopenssl1.0.0-1.0.0a-1.5mdv2010.1.i586.rpm 7e7719b1b5c2f91a6eadfab9dd696b8f 2010.1/i586/libopenssl1.0.0-devel-1.0.0a-1.5mdv2010.1.i586.rpm 5b5aa8939c69c69c2ab49145aca37173 2010.1/i586/libopenssl1.0.0-static-devel-1.0.0a-1.5mdv2010.1.i586.rpm 0e6bd59c1d6b2c459acc5c4d0851246a 2010.1/i586/libopenssl-engines1.0.0-1.0.0a-1.5mdv2010.1.i586.rpm de46046e9b1e033cccd668b32b70972c 2010.1/i586/openssl-1.0.0a-1.5mdv2010.1.i586.rpm f6059c72297b6510fa4c816db6742a64 2010.1/SRPMS/openssl-1.0.0a-1.5mdv2010.1.src.rpm

Mandriva Linux 2010.1/X86_64: c792f3d19c1f9ff50c801feccd600319 2010.1/x86_64/lib64openssl1.0.0-1.0.0a-1.5mdv2010.1.x86_64.rpm 7f3a6b125fc145e17c140218f3b48a92 2010.1/x86_64/lib64openssl1.0.0-devel-1.0.0a-1.5mdv2010.1.x86_64.rpm e5f35fbeadb2f765607325f960de621e 2010.1/x86_64/lib64openssl1.0.0-static-devel-1.0.0a-1.5mdv2010.1.x86_64.rpm 27a8dee6459e0830be1e907f082d25a2 2010.1/x86_64/lib64openssl-engines1.0.0-1.0.0a-1.5mdv2010.1.x86_64.rpm 4b7863a6c8b883f385613bb7a49af128 2010.1/x86_64/openssl-1.0.0a-1.5mdv2010.1.x86_64.rpm f6059c72297b6510fa4c816db6742a64 2010.1/SRPMS/openssl-1.0.0a-1.5mdv2010.1.src.rpm

Mandriva Enterprise Server 5: fef62b69a582a93e821a2d802fb4faee mes5/i586/libopenssl0.9.8-0.9.8h-3.8mdvmes5.1.i586.rpm fe3c0cf3596d90cc3be37a944df1753b mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.8mdvmes5.1.i586.rpm d5a269adf63ee6d4ce21ea651e208180 mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.8mdvmes5.1.i586.rpm e410f94c6d8c08270aa1edd5aeb7c177 mes5/i586/openssl-0.9.8h-3.8mdvmes5.1.i586.rpm aaa38cecee165e165beace7e0b02ecdf mes5/SRPMS/openssl-0.9.8h-3.8mdvmes5.1.src.rpm

Mandriva Enterprise Server 5/X86_64: ebec7b3044ee3b3b0ab6c455741e5782 mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.8mdvmes5.1.x86_64.rpm 0c201edd531dd53a541739bf6db7f276 mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.8mdvmes5.1.x86_64.rpm 83a690e504f6470ffc4bce428ff09199 mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.8mdvmes5.1.x86_64.rpm fcef579e52e20393ffd2bbae00b602a8 mes5/x86_64/openssl-0.9.8h-3.8mdvmes5.1.x86_64.rpm aaa38cecee165e165beace7e0b02ecdf mes5/SRPMS/openssl-0.9.8h-3.8mdvmes5.1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM49pvmqjQ0CJFipgRAs5xAKDhGJdpzq9ZF6TvhezjZR8zmOQAngCggDa1 vAfiUtuiMqw0BDS3V2tLk/I= =hDGj -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it.

The fix was developed by Dr Stephen Henson of the OpenSSL core team.

This vulnerability is tracked as CVE-2010-3864

Who is affected?

All versions of OpenSSL supporting TLS extensions contain this vulnerability including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases.

Patch for OpenSSL 0.9.8 releases

Index: ssl/t1_lib.c

RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v retrieving revision 1.13.2.27 diff -u -r1.13.2.27 t1_lib.c --- ssl/t1_lib.c 12 Jun 2010 13:18:58 -0000 1.13.2.27 +++ ssl/t1_lib.c 15 Nov 2010 15:20:14 -0000 @@ -432,14 +432,23 @@ switch (servname_type) { case TLSEXT_NAMETYPE_host_name: - if (s->session->tlsext_hostname == NULL) + if (!s->hit) { - if (len > TLSEXT_MAXLEN_host_name || - ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) + if(s->session->tlsext_hostname) + { + al = SSL_AD_DECODE_ERROR; + return 0; + } + if (len > TLSEXT_MAXLEN_host_name) { al = TLS1_AD_UNRECOGNIZED_NAME; return 0; } + if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) + { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } memcpy(s->session->tlsext_hostname, sdata, len); s->session->tlsext_hostname[len]='\0'; if (strlen(s->session->tlsext_hostname) != len) { @@ -452,7 +461,8 @@

                    }
                else
  • s->servername_done = strlen(s->session->tlsext_hostname) == len
  • s->servername_done = s->session->tlsext_hostname
  • && strlen(s->session->tlsext_hostname) == len && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
                break;

Patch for OpenSSL 1.0.0 releases

Index: ssl/t1_lib.c

RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v retrieving revision 1.64.2.14 diff -u -r1.64.2.14 t1_lib.c --- ssl/t1_lib.c 15 Jun 2010 17:25:15 -0000 1.64.2.14 +++ ssl/t1_lib.c 15 Nov 2010 15:26:19 -0000 @@ -714,14 +714,23 @@ switch (servname_type) { case TLSEXT_NAMETYPE_host_name: - if (s->session->tlsext_hostname == NULL) + if (!s->hit) { - if (len > TLSEXT_MAXLEN_host_name || - ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) + if(s->session->tlsext_hostname) + { + al = SSL_AD_DECODE_ERROR; + return 0; + } + if (len > TLSEXT_MAXLEN_host_name) { al = TLS1_AD_UNRECOGNIZED_NAME; return 0; } + if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) + { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } memcpy(s->session->tlsext_hostname, sdata, len); s->session->tlsext_hostname[len]='\0'; if (strlen(s->session->tlsext_hostname) != len) { @@ -734,7 +743,8 @@

                    }
                else
  • s->servername_done = strlen(s->session->tlsext_hostname) == len
  • s->servername_done = s->session->tlsext_hostname
  • && strlen(s->session->tlsext_hostname) == len && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
                break;

    @@ -765,15 +775,22 @@ al = TLS1_AD_DECODE_ERROR; return 0; } - s->session->tlsext_ecpointformatlist_length = 0; - if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); - if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) + if (!s->hit) { - al = TLS1_AD_INTERNAL_ERROR; - return 0; + if(s->session->tlsext_ecpointformatlist) + { + al = TLS1_AD_DECODE_ERROR; + return 0; + } + s->session->tlsext_ecpointformatlist_length = 0; + if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) + { + al = TLS1_AD_INTERNAL_ERROR; + return 0; + } + s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; + memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); } - s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; - memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); #if 0 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length); sdata = s->session->tlsext_ecpointformatlist; @@ -794,15 +811,22 @@ al = TLS1_AD_DECODE_ERROR; return 0; } - s->session->tlsext_ellipticcurvelist_length = 0; - if (s->session->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->session->tlsext_ellipticcurvelist); - if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) + if (!s->hit) { - al = TLS1_AD_INTERNAL_ERROR; - return 0; + if(s->session->tlsext_ellipticcurvelist) + { + al = TLS1_AD_DECODE_ERROR; + return 0; + } + s->session->tlsext_ellipticcurvelist_length = 0; + if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) + { + al = TLS1_AD_INTERNAL_ERROR; + return 0; + } + s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length; + memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); } - s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length; - memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); #if 0 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length); sdata = s->session->tlsext_ellipticcurvelist;

References

URL for this Security Advisory: http://www.openssl.org/news/secadv_20101116.txt

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

============================================================================= FreeBSD-SA-10:10.openssl Security Advisory The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib Module: openssl Announced: 2010-11-29 Credits: Georgi Guninski, Rob Hulswit Affects: FreeBSD 7.0 and later Corrected: 2010-11-26 22:50:58 UTC (RELENG_8, 8.1-STABLE) 2010-11-29 20:43:06 UTC (RELENG_8_1, 8.1-RELEASE-p2) 2010-11-29 20:43:06 UTC (RELENG_8_0, 8.0-RELEASE-p6) 2010-11-28 13:45:51 UTC (RELENG_7, 7.3-STABLE) 2010-11-29 20:43:06 UTC (RELENG_7_3, 7.3-RELEASE-p4) 2010-11-29 20:43:06 UTC (RELENG_7_1, 7.1-RELEASE-p16) CVE Name: CVE-2010-2939, CVE-2010-3864

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. The race condition can lead to a buffer overflow. [CVE-2010-3864]

A double free exists in the SSL client ECDH handling code, when processing specially crafted public keys with invalid prime numbers. [CVE-2010-2939]

III. [CVE-2010-3864].

It may be possible to cause a DoS or potentially execute arbitrary in the context of the user connection to a malicious SSL server. [CVE-2010-2939]

IV. Workaround

No workaround is available, but CVE-2010-3864 only affects FreeBSD 8.0 and later. Solution

Perform one of the following:

1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the RELENG_8_1, RELENG_8_0, RELENG_7_3, or RELENG_7_1 security branch dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to FreeBSD 7.1, 7.3, 8.0 and 8.1 systems.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 7.x]

fetch http://security.FreeBSD.org/patches/SA-10:10/openssl7.patch

fetch http://security.FreeBSD.org/patches/SA-10:10/openssl7.patch.asc

[FreeBSD 8.x]

fetch http://security.FreeBSD.org/patches/SA-10:10/openssl.patch

fetch http://security.FreeBSD.org/patches/SA-10:10/openssl.patch.asc

b) Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

cd /usr/src/secure/lib/libssl

make obj && make depend && make && make install

NOTE: On the amd64 platform, the above procedure will not update the lib32 (i386 compatibility) libraries. On amd64 systems where the i386 compatibility libraries are used, the operating system should instead be recompiled as described in

3) To update your vulnerable system via a binary patch:

Systems running 7.1-RELEASE, 7.3-RELEASE, 8.0-RELEASE or 8.1-RELEASE on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

VI. Correction details

The following list contains the revision numbers of each file that was corrected in FreeBSD.

CVS:

Branch Revision Path

RELENG_7_3 src/UPDATING 1.507.2.34.2.6 src/sys/conf/newvers.sh 1.72.2.16.2.8 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.2.1.4.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.19 src/sys/conf/newvers.sh 1.72.2.9.2.20 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.6.2 RELENG_8_1 src/UPDATING 1.632.2.14.2.5 src/sys/conf/newvers.sh 1.83.2.10.2.6 src/crypto/openssl/ssl/s3_clnt.c 1.3.2.1.2.1 src/crypto/openssl/ssl/t1_lib.c 1.2.2.1.2.1 RELENG_8_0 src/UPDATING 1.632.2.7.2.9 src/sys/conf/newvers.sh 1.83.2.6.2.9 src/crypto/openssl/ssl/s3_clnt.c 1.3.4.1 src/crypto/openssl/ssl/t1_lib.c 1.2.4.1

Subversion:

Branch/path Revision

stable/7/ r215997 releng/7.3/ r216063 releng/7.1/ r216063 stable/8/ r215912 releng/8.0/ r216063 releng/8.1/ r216063

VII

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0251",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "efi",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "ace",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "3.0.3"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "fusion",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "player",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "vcenter",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "workstation",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6 to  v10.6.7"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6 to  v10.6.7"
      },
      {
        "model": "flash media server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "3.5.5 before"
      },
      {
        "model": "flash media server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "4.0.1 before"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.31"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "opensolaris build snv 134",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux armel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "opensolaris build snv 41",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 104",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 83",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8.3.4"
      },
      {
        "model": "opensolaris build snv 106",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 131",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 56",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "opensolaris build snv 95",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "opensolaris build snv 38",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.3"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "opensolaris build snv 126",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8"
      },
      {
        "model": "opensolaris build snv 125",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.0"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "esxi server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "opensolaris build snv 133",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensolaris build snv 54",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 129",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 93",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "9.1.2"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0.4"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.20"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "4.0.1"
      },
      {
        "model": "opensolaris build snv 35",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "flash media server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "4.0.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "opensolaris build snv 92",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.2"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "4.0"
      },
      {
        "model": "opensolaris build snv 134a",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "esx server esx410-201101201",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "service health reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "flash media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "4.0.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.2"
      },
      {
        "model": "flash media server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "3.5.6"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5300-06"
      },
      {
        "model": "flash media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "4.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.7"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.1"
      },
      {
        "model": "opensolaris build snv 76",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "opensolaris build snv 130",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "opensolaris build snv 121",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4"
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "9.3.2.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "opensolaris build snv 84",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.12"
      },
      {
        "model": "opensolaris build snv 101a",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "11.0"
      },
      {
        "model": "opensolaris build snv 105",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 99",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "opensolaris build snv 111a",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "service health optimizer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "4.0.2"
      },
      {
        "model": "opensolaris build snv 87",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "flash media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "3.5.4"
      },
      {
        "model": "aix l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "opensolaris build snv 88",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.21"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.7"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5200-10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "opensolaris build snv 98",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "hat enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "esxi server esxi410-20110120",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "opensolaris build snv 117",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.0"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "5.0"
      },
      {
        "model": "opensolaris build snv 58",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "opensolaris build snv 111",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.3"
      },
      {
        "model": "opensolaris build snv 151a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "opensolaris build snv 113",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.5"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "opensolaris build snv 100",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "opensolaris build snv 124",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 118",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.60.5"
      },
      {
        "model": "stonegate ssl vpn engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.4.5"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "opensolaris build snv 123",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8.3.5"
      },
      {
        "model": "opensolaris build snv 59",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 49",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "opensolaris build snv 57",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "9.1.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "opensolaris build snv 22",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.1"
      },
      {
        "model": "linux lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "opensolaris build snv 114",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "opensolaris build snv 112",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8.3.2"
      },
      {
        "model": "opensolaris build snv 81",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "9.2.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.60"
      },
      {
        "model": "opensolaris build snv 119",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 128",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 103",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "opensolaris build snv 85",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 19",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "9.1.1"
      },
      {
        "model": "esxi server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "opensolaris build snv 107",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux enterprise sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "flash media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "3.5.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "opensolaris build snv 45",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8.3.1"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "linux enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.4"
      },
      {
        "model": "operations manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.60"
      },
      {
        "model": "opensolaris build snv 96",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 110",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "hat enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "opensolaris build snv 71",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "stonegate ssl vpn engine build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.4.51519"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.11"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8.3.3"
      },
      {
        "model": "opensolaris build snv 78",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "opensolaris build snv 108",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "flash media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "3.5.3"
      },
      {
        "model": "opensolaris build snv 28",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8.3.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "opensolaris build snv 13",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "flash media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "3.5.1"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "opensolaris build snv 132",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "opensolaris build snv 91",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "opensolaris build snv 36",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 89",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.8"
      },
      {
        "model": "opensolaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "0"
      },
      {
        "model": "opensolaris build snv 47",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "11"
      },
      {
        "model": "opensolaris build snv 48",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 39",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 64",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 137",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.3"
      },
      {
        "model": "aix l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.10"
      },
      {
        "model": "operations manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "flash media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "3.5"
      },
      {
        "model": "opensolaris build snv 94",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.01"
      },
      {
        "model": "opensolaris build snv 37",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "opensolaris build snv 101",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "flash media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "3.5.5"
      },
      {
        "model": "opensolaris build snv 122",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 115",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "opensolaris build snv 90",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 68",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "opensolaris build snv 109",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "esxi server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensolaris build snv 74",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 67",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 120",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris svn 126",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 51",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 50",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 136",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.2"
      },
      {
        "model": "opensolaris build snv 102",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.10"
      },
      {
        "model": "performance agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "opensolaris build snv 02",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.0"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "opensolaris build snv 77",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aix l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "opensolaris build snv 61",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 111b",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "hat enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "opensolaris snv 111b",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 116",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 127",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.9"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.3"
      },
      {
        "model": "opensolaris build snv 80",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 82",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 135",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "opensolaris build snv 01",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "rc3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "5.0"
      },
      {
        "model": "opensolaris build snv 86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 29",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "BID",
        "id": "44884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002486"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3864"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-3864"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rob Hulswit.",
    "sources": [
      {
        "db": "BID",
        "id": "44884"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-3864",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CVE-2010-3864",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.9,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-3864",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2010-3864",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-3864"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002486"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3864"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL is prone to a heap-based buffer-overflow vulnerability because  the library fails to properly perform bounds-checks on user-supplied  input before copying it to an insufficiently sized memory buffer. \nSuccessfully exploiting this issue may allow attackers to execute arbitrary code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users. \nOpenSSL 0.9.8f to 0.9.8o, 1.0.0, and 1.0.0a are vulnerable. \nNOTE: This issue affects servers which are multi-threaded and use OpenSSL\u0027s internal caching  mechanism. Multi-processed servers or servers with disabled  internal caching (like Apache HTTP server and Stunnel) are not  affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2011-0003\nSynopsis:          Third party component updates for VMware vCenter\n                   Server, vCenter Update Manager, ESXi and ESX\nIssue date:        2011-02-10\nUpdated on:        2011-02-10 (initial release of advisory)\nCVE numbers:       --- Apache Tomcat ---\n                   CVE-2009-2693 CVE-2009-2901 CVE-2009-2902\n                   CVE-2009-3548 CVE-2010-2227 CVE-2010-1157\n                   --- Apache Tomcat Manager ---\n                   CVE-2010-2928\n                   --- cURL ---\n                   CVE-2010-0734\n                   --- COS Kernel ---\n                   CVE-2010-1084 CVE-2010-2066 CVE-2010-2070\n                   CVE-2010-2226 CVE-2010-2248 CVE-2010-2521\n                   CVE-2010-2524 CVE-2010-0008 CVE-2010-0415\n                   CVE-2010-0437 CVE-2009-4308 CVE-2010-0003\n                   CVE-2010-0007 CVE-2010-0307 CVE-2010-1086\n                   CVE-2010-0410 CVE-2010-0730 CVE-2010-1085\n                   CVE-2010-0291 CVE-2010-0622 CVE-2010-1087\n                   CVE-2010-1173 CVE-2010-1437 CVE-2010-1088\n                   CVE-2010-1187 CVE-2010-1436 CVE-2010-1641\n                   CVE-2010-3081\n                   --- Microsoft SQL Express ---\n                   CVE-2008-5416 CVE-2008-0085 CVE-2008-0086\n                   CVE-2008-0107 CVE-2008-0106\n                   --- OpenSSL ---\n                   CVE-2010-0740 CVE-2010-0433\n                   CVE-2010-3864 CVE-2010-2939\n                   --- Oracle (Sun) JRE ---\n                   CVE-2009-3555 CVE-2010-0082 CVE-2010-0084\n                   CVE-2010-0085 CVE-2010-0087 CVE-2010-0088\n                   CVE-2010-0089 CVE-2010-0090 CVE-2010-0091\n                   CVE-2010-0092 CVE-2010-0093 CVE-2010-0094\n                   CVE-2010-0095 CVE-2010-0837 CVE-2010-0838\n                   CVE-2010-0839 CVE-2010-0840 CVE-2010-0841\n                   CVE-2010-0842 CVE-2010-0843 CVE-2010-0844\n                   CVE-2010-0845 CVE-2010-0846 CVE-2010-0847\n                   CVE-2010-0848 CVE-2010-0849 CVE-2010-0850\n                   CVE-2010-0886 CVE-2010-3556 CVE-2010-3566\n                   CVE-2010-3567 CVE-2010-3550 CVE-2010-3561\n                   CVE-2010-3573 CVE-2010-3565 CVE-2010-3568\n                   CVE-2010-3569 CVE-2010-1321 CVE-2010-3548\n                   CVE-2010-3551 CVE-2010-3562 CVE-2010-3571\n                   CVE-2010-3554 CVE-2010-3559 CVE-2010-3572\n                   CVE-2010-3553 CVE-2010-3549 CVE-2010-3557\n                   CVE-2010-3541 CVE-2010-3574\n                   --- pam_krb5 ---\n                   CVE-2008-3825 CVE-2009-1384\n- ------------------------------------------------------------------------\n\n1. Summary\n\n   Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere\n   Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues. \n\n\n2. Relevant releases\n\n   vCenter Server 4.1 without Update 1,\n\n   vCenter Update Manager 4.1 without Update 1,\n\n   ESXi 4.1 without patch ESXi410-201101201-SG,\n\n   ESX 4.1 without patch ESX410-201101201-SG. \n\n\n3. Problem Description\n\n a. vCenter Server and vCenter Update Manager update Microsoft\n    SQL Server 2005 Express Edition to Service Pack 3\n\n    Microsoft SQL Server 2005 Express Edition (SQL Express)\n    distributed with vCenter Server 4.1 Update 1 and vCenter Update\n    Manager 4.1 Update 1 is upgraded from  SQL Express Service Pack 2\n    to SQL Express Service Pack 3, to address multiple security\n    issues that exist in the earlier releases of Microsoft SQL Express. \n\n    Customers using other database solutions need not update for\n    these issues. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,\n    CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL\n    Express Service Pack 3. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  Update 1\n    vCenter        4.0       Windows  affected, patch pending\n    VirtualCenter  2.5       Windows  affected, no patch planned\n\n    Update Manager 4.1       Windows  Update 1\n    Update Manager 4.0       Windows  affected, patch pending\n    Update Manager 1.0       Windows  affected, no patch planned\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            any       ESX      not affected\n\n  * Hosted products are VMware Workstation, Player, ACE, Fusion. \n\n b. vCenter Apache Tomcat Management Application Credential Disclosure\n\n    The Apache Tomcat Manager application configuration file contains\n    logon credentials that can be read by unprivileged local users. \n\n    The issue is resolved by removing the Manager application in\n    vCenter 4.1 Update 1. \n\n    If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon\n    credentials are not present in the configuration file after the\n    update. \n\n    VMware would like to thank Claudio Criscione of Secure Networking\n    for reporting this issue to us. \n\n    The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n    has assigned the name CVE-2010-2928 to this issue. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  Update 1\n    vCenter        4.0       Windows  not affected\n    VirtualCenter  2.5       Windows  not affected\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            any       ESX      not affected\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version\n    1.6.0_21\n\n    Oracle (Sun) JRE update to version 1.6.0_21, which addresses\n    multiple security issues that existed in earlier releases of\n    Oracle (Sun) JRE. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following names to the security issues fixed in\n    Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082,\n    CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,\n    CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,\n    CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,\n    CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,\n    CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845,\n    CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849,\n    CVE-2010-0850. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following name to the security issue fixed in\n    Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  Update 1\n    vCenter        4.0       Windows  not applicable **\n    VirtualCenter  2.5       Windows  not applicable **\n\n    Update Manager 4.1       Windows  not applicable **\n    Update Manager 4.0       Windows  not applicable **\n    Update Manager 1.0       Windows  not applicable **\n\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      ESX410-201101201-SG\n    ESX            4.0       ESX      not applicable **\n    ESX            3.5       ESX      not applicable **\n    ESX            3.0.3     ESX      not applicable **\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.5.0 family\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version\n   1.5.0_26\n\n    Oracle (Sun) JRE update to version 1.5.0_26, which addresses\n    multiple security issues that existed in earlier releases of\n    Oracle (Sun) JRE. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following names to the security issues fixed in\n    Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566,\n    CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573,\n    CVE-2010-3565,CVE-2010-3568, CVE-2010-3569,  CVE-2009-3555,\n    CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562,\n    CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572,\n    CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541,\n    CVE-2010-3574. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  not applicable **\n    vCenter        4.0       Windows  affected, patch pending\n    VirtualCenter  2.5       Windows  affected, no patch planned\n\n    Update Manager 4.1       Windows  Update 1\n    Update Manager 4.0       Windows  affected, patch pending\n    Update Manager 1.0       Windows  affected, no patch planned\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      not applicable **\n    ESX            4.0       ESX      affected, patch pending\n    ESX            3.5       ESX      affected, no patch planned\n    ESX            3.0.3     ESX      affected, no patch planned\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.6.0 family\n\n e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n    Apache Tomcat updated to version 6.0.28, which addresses multiple\n    security issues that existed in earlier releases of Apache Tomcat\n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following names to the security issues fixed in\n    Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i\n    and CVE-2009-3548. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following names to the security issues fixed in\n    Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  Update 1\n    vCenter        4.0       Windows  affected, patch pending\n    VirtualCenter  2.5       Windows  not applicable **\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      ESX410-201101201-SG\n    ESX            4.0       ESX      affected, patch pending\n    ESX            3.5       ESX      not applicable **\n    ESX            3.0.3     ESX      not applicable **\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Apache Tomcat 5.5 family\n\n f. vCenter Server third party component OpenSSL updated to version\n    0.9.8n\n\n    The version of the OpenSSL library in vCenter Server is updated to\n    0.9.8n. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2010-0740 and CVE-2010-0433 to the\n    issues addressed in this version of OpenSSL. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  Update 1\n    vCenter        4.0       Windows  affected, patch pending\n    VirtualCenter  2.5       Windows  affected, no patch planned\n\n    hosted *       any       any      not applicable\n\n    ESXi           any       ESXi     not applicable\n\n    ESX            any       ESX      not applicable\n\n  * hosted products are VMware Workstation, Player, ACE,  Fusion. \n\n g. ESX third party component OpenSSL updated to version 0.9.8p\n\n    The version of the ESX OpenSSL library is updated to 0.9.8p. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2010-3864 and CVE-2010-2939 to the\n    issues addressed in this update. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        any       Windows  not applicable\n\n    hosted *       any       any      not applicable\n    ESXi           4.1       ESXi     ESXi410-201101201-SG\n    ESXi           4.0       ESXi     affected, patch pending\n    ESXi           3.5       ESXi     affected, patch pending\n\n    ESX            4.1       ESX      ESX410-201101201-SG\n    ESX            4.0       ESX      affected, patch pending\n    ESX            3.5       ESX      affected, patch pending\n    ESX            3.0.3     ESX      affected, patch pending\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n h. ESXi third party component cURL updated\n\n    The version of cURL library in ESXi is updated. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2010-0734 to the issues addressed in\n    this update. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        any       Windows  not affected\n\n    hosted *       any       any      not affected\n\n    ESXi           4.1       ESXi     ESXi410-201101201-SG\n    ESXi           4.0       ESXi     affected, patch pending\n    ESXi           3.5       ESXi     affected, patch pending\n\n    ESX            any       ESX      not applicable\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n i. ESX third party component pam_krb5 updated\n\n    The version of pam_krb5 library is updated. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2008-3825 and CVE-2009-1384 to the\n    issues addressed in the update. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        any       Windows  not affected\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      ESX410-201101201-SG\n    ESX            4.0       ESX      not affected\n    ESX            3.5       ESX      not affected\n    ESX            3.0.3     ESX      not affected\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n j. ESX third party update for Service Console kernel\n\n    The Service Console kernel is updated to include kernel version\n    2.6.18-194.11.1. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,\n    CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,\n    CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,\n    CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,\n    CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,\n    CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,\n    CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and\n    CVE-2010-3081 to the issues addressed in the update. \n\n    Note: This update also addresses the 64-bit compatibility mode\n    stack pointer underflow issue identified by CVE-2010-3081. This\n    issue was patched in an ESX 4.1 patch prior to the release of\n    ESX 4.1 Update 1. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        any       Windows  not affected\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      ESX410-201101201-SG\n    ESX            4.0       ESX      affected, patch pending\n    ESX            3.5       ESX      not applicable\n    ESX            3.0.3     ESX      not applicable\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n\n4. Solution\n\n   Please review the patch/release notes for your product and version\n   and verify the checksum of your downloaded file. \n\n   VMware vCenter Server 4.1 Update 1 and modules\n   ----------------------------------------------\n\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0\n   Release Notes:\n   http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html\n\n   File type: .iso\n   md5sum: 729cf247aa5d33ceec431c86377eee1a\n   sha1sum: c1e10a5fcbc1ae9d13348d43541d574c563d66f0\n\n   File type: .zip\n   md5sum: fd1441bef48a153f2807f6823790e2f0\n   sha1sum: 31737a816ed1c08ab3a505fb6db2483f49ad7c19\n\n   VMware vSphere Client\n   File type: .exe\n   md5sum: cb6aa91ada1289575355d79e8c2a9f8e\n   sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\n\n   ESXi 4.1 Installable Update 1\n   -----------------------------\n\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0\n   Release Notes:\n\nhttp://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html\n   http://kb.vmware.com/kb/1027919\n\n   File type: .iso\n   MD5SUM: d68d6c2e040a87cd04cd18c04c22c998\n   SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64\n\n   ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1)\n   File type: .zip\n   MD5SUM: 2f1e009c046b20042fae3b7ca42a840f\n   SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1\n\n   ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0)\n   File type: .zip\n   MD5SUM: 67b924618d196dafaf268a7691bd1a0f\n   SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516 \t\n\n   ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5)\n   File type: .zip\n   MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4\n   SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488 \t\n\n   VMware Tools CD image for Linux Guest OSes\n   File type: .iso\n   MD5SUM: dad66fa8ece1dd121c302f45444daa70\n   SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af \t\n\n   VMware vSphere Client\n   File type: .exe\n   MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e\n   SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\n\n   ESXi Installable Update 1 contains the following security bulletins:\n   ESXi410-201101201-SG. \n\n   ESX 4.1 Update 1\n   ----------------\n\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0\n   Release Notes:\n\nhttp://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html\n   http://kb.vmware.com/kb/1029353\n\n   ESX 4.1 Update 1 (DVD ISO)\n   File type: .iso\n   md5sum: b9a275b419a20c7bedf31c0bf64f504e\n   sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11 \t\n\n   ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1)\n   File type: .zip\n   md5sum: 2d81a87e994aa2b329036f11d90b4c14\n   sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798 \t\n\n   Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1\n   File type: .zip\n   md5sum: 75f8cebfd55d8a81deb57c27def963c2\n   sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2 \t\n\n   ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0)\n   File type: .zip\n   md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2\n   sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922 \t\n\n   VMware Tools CD image for Linux Guest OSes\n   File type: .iso\n   md5sum: dad66fa8ece1dd121c302f45444daa70\n   sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af \t\n\n   VMware vSphere Client\n   File type: .exe\n   md5sum: cb6aa91ada1289575355d79e8c2a9f8e\n   sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\n\n   ESX410-Update01 contains the following security bulletins:\n   ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL,\n   Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904\n   ESX410-201101226-SG (glibc)      | http://kb.vmware.com/kb/1031330\n\n   ESX410-Update01 also contains the following non-security bulletins\n   ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG,\n   ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG,\n   ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG,\n   ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG,\n   ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG,\n   ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG. \n\n   To install an individual bulletin use esxupdate with the -b option. \n\n\n5. References\n\n   CVE numbers\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0085\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2928\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0415\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0437\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0003\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0007\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0307\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0410\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0730\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1085\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0291\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1087\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1088\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1187\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1436\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1641\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2011-02-10  VMSA-2011-0003\nInitial security advisory in conjunction with the release of vCenter\nServer 4.1 Update 1, vCenter Update Manager 4.1 Update 1, ESXi 4.1\nUpdate 1, and ESX 4.1 Update 1 on 2011-02-10. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n  * security-announce at lists.vmware.com\n  * bugtraq at securityfocus.com\n  * full-disclosure at lists.grok.org.uk\n\nE-mail:  security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Advisories\nhttp://www.vmware.com/security/advisories\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2011 VMware Inc.  All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (MingW32)\n\niEYEARECAAYFAk1U1eoACgkQS2KysvBH1xm3swCfeh4sWvPOubDT1K7QlRj3SjW9\ndxYAmwbNLMR9IG/rKZDYh9hqcf4IldCX\n=2pVj\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02824483\nVersion: 1\n\nHPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-05-05\nLast Updated: 2011-05-05\n\nPotential Security Impact: Remote Denial of Service (DoS), Unauthorized disclosure of information, unauthorized modification\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses. \n\nReferences: CVE-2011-0014, CVE-2010-4180, CVE-2010-4252, CVE-2010-3864\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL for OpenVMS v 1.4 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2011-0014    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2010-4180    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2010-4252    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2010-3864    (AV:N/AC:H/Au:N/C:C/I:C/A:C)       7.6\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nHP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers:\nhttp://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\nHISTORY\nVersion:1 (rev.1) - 5 May 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n    -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n    -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201110-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: October 09, 2011\n     Bugs: #303739, #308011, #322575, #332027, #345767, #347623,\n           #354139, #382069\n       ID: 201110-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in OpenSSL, allowing for the\nexecution of arbitrary code and other attacks. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.0e                  \u003e= 1.0.0e\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA context-dependent attacker could cause a Denial of Service, possibly\nexecute arbitrary code, bypass intended key requirements, force the\ndowngrade to unintended ciphers, bypass the need for knowledge of\nshared secrets and successfully authenticate, bypass CRL validation, or\nobtain sensitive information in applications that use OpenSSL. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0e\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since September 17, 2011. It is likely that your system is\nalready no longer affected by most of these issues. \n\nReferences\n==========\n\n[  1 ] CVE-2009-3245\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245\n[  2 ] CVE-2009-4355\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355\n[  3 ] CVE-2010-0433\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433\n[  4 ] CVE-2010-0740\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740\n[  5 ] CVE-2010-0742\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742\n[  6 ] CVE-2010-1633\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633\n[  7 ] CVE-2010-2939\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939\n[  8 ] CVE-2010-3864\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864\n[  9 ] CVE-2010-4180\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180\n[ 10 ] CVE-2010-4252\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252\n[ 11 ] CVE-2011-0014\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014\n[ 12 ] CVE-2011-3207\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207\n[ 13 ] CVE-2011-3210\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2125-1                  security@debian.org\nhttp://www.debian.org/security/                           Stefan Fritsch\nNovember 22, 2010                     http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage        : openssl\nVulnerability  : buffer overflow\nProblem type   : remote\nDebian-specific: no\nDebian Bug     : 603709\nCVE Id(s)      : CVE-2010-3864\n\nA flaw has been found in the OpenSSL TLS server extension code parsing\nwhich on affected servers can be exploited in a buffer overrun attack. \n\nThis upgrade fixes this issue. After the upgrade, any services using the\nopenssl libraries need to be restarted. The checkrestart script from the\ndebian-goodies package or lsof can help to find out which services need\nto be restarted. \n\nA note to users of the tor packages from the Debian backports or Debian\nvolatile: This openssl update causes problems with some versions of tor. \nYou need to update to tor 0.2.1.26-4~bpo50+1 or 0.2.1.26-1~lennyvolatile2,\nrespectively. The tor package version 0.2.0.35-1~lenny2 from Debian stable\nis not affected by these problems. \n\nFor the stable distribution (lenny), the problem has been fixed in\nopenssl version 0.9.8g-15+lenny9. \n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 0.9.8o-3. \n\nWe recommend that you upgrade your openssl packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n        will fetch the file for you\ndpkg -i file.deb\n        will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n        will update the internal database\napt-get upgrade\n        will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\nDebian GNU/Linux 5.0 alias lenny (stable)\n- -----------------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz\n    Size/MD5 checksum:  3354792 acf70a16359bf3658bdfb74bda1c4419\n  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.dsc\n    Size/MD5 checksum:     1973 1efb69f23999507bf2e74f5b848744af\n  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.diff.gz\n    Size/MD5 checksum:    60451 9aba44ed40b0c9c8ec82bd6cd33c44b8\n\nalpha architecture (DEC Alpha)\n\n  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_alpha.deb\n    Size/MD5 checksum:  2583248 3b3f0cbec4ec28eb310466237648db8f\n  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_alpha.deb\n    Size/MD5 checksum:  1028998 79fe8cdd601aecd9f956033a04fb8da5\n  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_alpha.udeb\n    Size/MD5 checksum:   722114 a388304bf86381229c306e79a5e85bf8\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_alpha.deb\n    Size/MD5 checksum:  2814160 e0f6fc697f5e9c87b44aa15eb58c3ea8\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_alpha.deb\n    Size/MD5 checksum:  4369318 c3cf8c7ec27f86563c34f45e986e17c4\n\namd64 architecture (AMD x86_64 (AMD64))\n\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_amd64.deb\n    Size/MD5 checksum:   975850 778916e8b0df8e216121cd5185d7ca43\n  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_amd64.deb\n    Size/MD5 checksum:  2243180 ff6a898ccd6fb49d5fbec9f4bd3cb6da\n  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_amd64.udeb\n    Size/MD5 checksum:   638414 9ea111d66ac5f394d35fb69defa5dd27\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_amd64.deb\n    Size/MD5 checksum:  1627632 9f08e1da5cf9279cee4700e89dc6ee6d\n  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_amd64.deb\n    Size/MD5 checksum:  1043320 9ada82a7417c0d714a38c3a7184c2401\n\narm architecture (ARM)\n\n  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_arm.udeb\n    Size/MD5 checksum:   536038 a9c90bb3ad326fa43c1285c1768df046\n  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_arm.deb\n    Size/MD5 checksum:  2087048 bded4e624fcf0791ae0885aa18d99123\n  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_arm.deb\n    Size/MD5 checksum:  1028894 20784774078f02ef7e9db2ddbd7d5548\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_arm.deb\n    Size/MD5 checksum:  1490666 700c80efddb108b3e2a65373cc10dcc8\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_arm.deb\n    Size/MD5 checksum:   844426 4cad5651a6d37ab19fb80b05a423598d\n\narmel architecture (ARM EABI)\n\n  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_armel.deb\n    Size/MD5 checksum:  1029206 6c6c35731ecacfc0280520097ee183d4\n  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_armel.udeb\n    Size/MD5 checksum:   540780 3b9ab48015bbd4dfc1ab205b42f1113d\n  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_armel.deb\n    Size/MD5 checksum:  2100958 fbf2c222a504e09e30f73cb0740a73a5\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_armel.deb\n    Size/MD5 checksum:  1504318 8eaa760844c1b81d0f8bd21bdc7ca1d0\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_armel.deb\n    Size/MD5 checksum:   850286 3e656a0805eb31600f8e3e520a2a6e36\n\nhppa architecture (HP PA RISC)\n\n  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_hppa.deb\n    Size/MD5 checksum:  2268562 8cb4805915dfde8326fde4281c9aaa76\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_hppa.deb\n    Size/MD5 checksum:   969104 805c95116706c82051a5d08efce729e5\n  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_hppa.deb\n    Size/MD5 checksum:  1047026 2e06d411c0a8764db3504638d3b59ef9\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_hppa.deb\n    Size/MD5 checksum:  1528456 de6a4129635ee4565696198ce3423674\n  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_hppa.udeb\n    Size/MD5 checksum:   634504 bab8594389626190b71ee97bfb46fa71\n\ni386 architecture (Intel ia32)\n\n  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_i386.deb\n    Size/MD5 checksum:  2108452 d75ba6c13fc77dd3eefddde480a05231\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_i386.deb\n    Size/MD5 checksum:  5393290 14bf0f44b8c802e47834234be834d80b\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_i386.deb\n    Size/MD5 checksum:  2977384 bf4c26767b006694843d036ebdca132a\n  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_i386.udeb\n    Size/MD5 checksum:   591782 bf5007e22e4bd31445458a5379086103\n  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_i386.deb\n    Size/MD5 checksum:  1035868 64085f2b106009533bda0309f08548af\n\nia64 architecture (Intel ia64)\n\n  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_ia64.deb\n    Size/MD5 checksum:  2666530 42cdae406ce22e3e538f0d744f043a39\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_ia64.deb\n    Size/MD5 checksum:  1465582 33c84255a9515a9a528cbf3df9398ef5\n  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_ia64.udeb\n    Size/MD5 checksum:   865352 9cbc10e393eb3d30d34ea384c6f1f9f5\n  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_ia64.deb\n    Size/MD5 checksum:  1105090 cc7485d310d4770c2b1e93c6d74dcc2b\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_ia64.deb\n    Size/MD5 checksum:  1280654 fde186a4983ac6cafcd3d5ec7e1d6f98\n\nmips architecture (MIPS (Big Endian))\n\n  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mips.deb\n    Size/MD5 checksum:  1025868 8b7f565c4c0a15b15f20f2e074bb503a\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mips.deb\n    Size/MD5 checksum:   900162 391ac436c8d7ed7b55a8ea9e90c7d8be\n  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mips.deb\n    Size/MD5 checksum:  2307960 227ac5c7b409d061222b94bc40e8cd18\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mips.deb\n    Size/MD5 checksum:  1622826 8a4f73d6cd497076490404a2dade26ba\n  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mips.udeb\n    Size/MD5 checksum:   585108 d8447df55a530959b6cd9d5d3039c0da\n\nmipsel architecture (MIPS (Little Endian))\n\n  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mipsel.deb\n    Size/MD5 checksum:  1012186 4a154b5c4d864f7dcd0bf019dfb41c5d\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mipsel.deb\n    Size/MD5 checksum:  1588308 1222eb6b1870602335ef0722b7047b6a\n  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mipsel.udeb\n    Size/MD5 checksum:   572370 a2535f616be099e9361a55637c3375d3\n  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mipsel.deb\n    Size/MD5 checksum:  2295070 7446121759684083870d5ae0d26969c0\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mipsel.deb\n    Size/MD5 checksum:   885668 3745e7c578002628f78f02bd5afeb84f\n\npowerpc architecture (PowerPC)\n\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_powerpc.deb\n    Size/MD5 checksum:  1643808 43814c865d098046bc1dca1920820354\n  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_powerpc.deb\n    Size/MD5 checksum:  1047060 5c45e5a5d02f856cb9dc29029d0b5557\n  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_powerpc.udeb\n    Size/MD5 checksum:   656166 309fdeebe15bbecbe8c55dbd5ddbdd3a\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_powerpc.deb\n    Size/MD5 checksum:   997540 f4bf73493f3964b8a23bdd424694f079\n  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_powerpc.deb\n    Size/MD5 checksum:  2251238 35f6f59b07e57eb538da19545a733d5f\n\ns390 architecture (IBM S/390)\n\n  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_s390.udeb\n    Size/MD5 checksum:   693040 26cab41169c6b8f64ce7936a2ea65a7b\n  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_s390.deb\n    Size/MD5 checksum:  1051130 f67b4fd152e1175f81022ffd345d6c78\n  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_s390.deb\n    Size/MD5 checksum:  2231782 c7796fff8c97bbf0c5ab69440cbd50f9\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_s390.deb\n    Size/MD5 checksum:  1602496 a9595ac98fc11015dd4bb2634416197b\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_s390.deb\n    Size/MD5 checksum:  1024562 ff293933ef4eb5e952659fe7caf82c8b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_sparc.deb\n    Size/MD5 checksum:  2290536 e5c655fbcc524fe7bb56945cc8b2f5d1\n  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_sparc.deb\n    Size/MD5 checksum:  3868850 b9cbaa2cbb2cfa4aa1dce984148dba4b\n  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_sparc.deb\n    Size/MD5 checksum:  2146488 d0c17736c2b26a97491e34321ffff3f5\n  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_sparc.udeb\n    Size/MD5 checksum:   580510 28ab74855c8a34bb002b44fd7ecb8997\n  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_sparc.deb\n    Size/MD5 checksum:  1043044 d78ffaf44d1177b05fa0cfb02d76128a\n\n\n  These files will probably be moved into the stable distribution on\n  its next update. \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026products_id=490\n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864\n http://openssl.org/news/secadv_20101116.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n b32e4b6e6b901d72fe4aa24bd0f41f9b  2009.0/i586/libopenssl0.9.8-0.9.8h-3.8mdv2009.0.i586.rpm\n f55512826ad63a1c9c4b60fad54292ac  2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.8mdv2009.0.i586.rpm\n eb005af48a71b807ef387f4c54eedd6f  2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.8mdv2009.0.i586.rpm\n ed01c1d0ea3fdecc8ba3331541d18d9a  2009.0/i586/openssl-0.9.8h-3.8mdv2009.0.i586.rpm \n a5b43d482e633af8952e7e04f8d7b56e  2009.0/SRPMS/openssl-0.9.8h-3.8mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 007dedca099e812b7b461e720ef5e6f1  2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.8mdv2009.0.x86_64.rpm\n 293194a028c940a27d11549ef84ff182  2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.8mdv2009.0.x86_64.rpm\n 6b1c8ced8640b51bf25761c127b3ed20  2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.8mdv2009.0.x86_64.rpm\n 76bbe5d36d9887cbc753b267b6d3a608  2009.0/x86_64/openssl-0.9.8h-3.8mdv2009.0.x86_64.rpm \n a5b43d482e633af8952e7e04f8d7b56e  2009.0/SRPMS/openssl-0.9.8h-3.8mdv2009.0.src.rpm\n\n Mandriva Linux 2010.0:\n b92acd82153b8987f0bcdb0e277c6f0e  2010.0/i586/libopenssl0.9.8-0.9.8k-5.3mdv2010.0.i586.rpm\n d780ab4e0e80a66b105f72e41a4d5b54  2010.0/i586/libopenssl0.9.8-devel-0.9.8k-5.3mdv2010.0.i586.rpm\n 8faae39210b0c366f619cdb71b1a7321  2010.0/i586/libopenssl0.9.8-static-devel-0.9.8k-5.3mdv2010.0.i586.rpm\n 2247e3b7bff72998d841d650ba25960a  2010.0/i586/openssl-0.9.8k-5.3mdv2010.0.i586.rpm \n 2c2a297e1c568ef69502064578516f0f  2010.0/SRPMS/openssl-0.9.8k-5.3mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 331d3064412c7b73baed5d54e7262f51  2010.0/x86_64/lib64openssl0.9.8-0.9.8k-5.3mdv2010.0.x86_64.rpm\n 2e90f43a521e108a8adbde35a058d7b9  2010.0/x86_64/lib64openssl0.9.8-devel-0.9.8k-5.3mdv2010.0.x86_64.rpm\n 7d102f6bf8bb201654aa518e3b73a27f  2010.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-5.3mdv2010.0.x86_64.rpm\n 4b7ad813fd5fdd5785bd94eb3a951244  2010.0/x86_64/openssl-0.9.8k-5.3mdv2010.0.x86_64.rpm \n 2c2a297e1c568ef69502064578516f0f  2010.0/SRPMS/openssl-0.9.8k-5.3mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n 8310ac6aa860087de6992e618460f279  2010.1/i586/libopenssl1.0.0-1.0.0a-1.5mdv2010.1.i586.rpm\n 7e7719b1b5c2f91a6eadfab9dd696b8f  2010.1/i586/libopenssl1.0.0-devel-1.0.0a-1.5mdv2010.1.i586.rpm\n 5b5aa8939c69c69c2ab49145aca37173  2010.1/i586/libopenssl1.0.0-static-devel-1.0.0a-1.5mdv2010.1.i586.rpm\n 0e6bd59c1d6b2c459acc5c4d0851246a  2010.1/i586/libopenssl-engines1.0.0-1.0.0a-1.5mdv2010.1.i586.rpm\n de46046e9b1e033cccd668b32b70972c  2010.1/i586/openssl-1.0.0a-1.5mdv2010.1.i586.rpm \n f6059c72297b6510fa4c816db6742a64  2010.1/SRPMS/openssl-1.0.0a-1.5mdv2010.1.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n c792f3d19c1f9ff50c801feccd600319  2010.1/x86_64/lib64openssl1.0.0-1.0.0a-1.5mdv2010.1.x86_64.rpm\n 7f3a6b125fc145e17c140218f3b48a92  2010.1/x86_64/lib64openssl1.0.0-devel-1.0.0a-1.5mdv2010.1.x86_64.rpm\n e5f35fbeadb2f765607325f960de621e  2010.1/x86_64/lib64openssl1.0.0-static-devel-1.0.0a-1.5mdv2010.1.x86_64.rpm\n 27a8dee6459e0830be1e907f082d25a2  2010.1/x86_64/lib64openssl-engines1.0.0-1.0.0a-1.5mdv2010.1.x86_64.rpm\n 4b7863a6c8b883f385613bb7a49af128  2010.1/x86_64/openssl-1.0.0a-1.5mdv2010.1.x86_64.rpm \n f6059c72297b6510fa4c816db6742a64  2010.1/SRPMS/openssl-1.0.0a-1.5mdv2010.1.src.rpm\n\n Mandriva Enterprise Server 5:\n fef62b69a582a93e821a2d802fb4faee  mes5/i586/libopenssl0.9.8-0.9.8h-3.8mdvmes5.1.i586.rpm\n fe3c0cf3596d90cc3be37a944df1753b  mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.8mdvmes5.1.i586.rpm\n d5a269adf63ee6d4ce21ea651e208180  mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.8mdvmes5.1.i586.rpm\n e410f94c6d8c08270aa1edd5aeb7c177  mes5/i586/openssl-0.9.8h-3.8mdvmes5.1.i586.rpm \n aaa38cecee165e165beace7e0b02ecdf  mes5/SRPMS/openssl-0.9.8h-3.8mdvmes5.1.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n ebec7b3044ee3b3b0ab6c455741e5782  mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.8mdvmes5.1.x86_64.rpm\n 0c201edd531dd53a541739bf6db7f276  mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.8mdvmes5.1.x86_64.rpm\n 83a690e504f6470ffc4bce428ff09199  mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.8mdvmes5.1.x86_64.rpm\n fcef579e52e20393ffd2bbae00b602a8  mes5/x86_64/openssl-0.9.8h-3.8mdvmes5.1.x86_64.rpm \n aaa38cecee165e165beace7e0b02ecdf  mes5/SRPMS/openssl-0.9.8h-3.8mdvmes5.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFM49pvmqjQ0CJFipgRAs5xAKDhGJdpzq9ZF6TvhezjZR8zmOQAngCggDa1\nvAfiUtuiMqw0BDS3V2tLk/I=\n=hDGj\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\nThe fix was developed by Dr Stephen Henson of the OpenSSL core team. \n\nThis vulnerability is tracked as CVE-2010-3864\n\nWho is affected?\n=================\n\nAll versions of OpenSSL supporting TLS extensions contain this vulnerability\nincluding OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases. \n\nPatch for OpenSSL 0.9.8 releases\n================================\n\nIndex: ssl/t1_lib.c\n===================================================================\nRCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v\nretrieving revision 1.13.2.27\ndiff -u -r1.13.2.27 t1_lib.c\n--- ssl/t1_lib.c\t12 Jun 2010 13:18:58 -0000\t1.13.2.27\n+++ ssl/t1_lib.c\t15 Nov 2010 15:20:14 -0000\n@@ -432,14 +432,23 @@\n \t\t\t\tswitch (servname_type)\n \t\t\t\t\t{\n \t\t\t\tcase TLSEXT_NAMETYPE_host_name:\n-\t\t\t\t\tif (s-\u003esession-\u003etlsext_hostname == NULL)\n+\t\t\t\t\tif (!s-\u003ehit)\n \t\t\t\t\t\t{\n-\t\t\t\t\t\tif (len \u003e TLSEXT_MAXLEN_host_name || \n-\t\t\t\t\t\t\t((s-\u003esession-\u003etlsext_hostname = OPENSSL_malloc(len+1)) == NULL))\n+\t\t\t\t\t\tif(s-\u003esession-\u003etlsext_hostname)\n+\t\t\t\t\t\t\t{\n+\t\t\t\t\t\t\t*al = SSL_AD_DECODE_ERROR;\n+\t\t\t\t\t\t\treturn 0;\n+\t\t\t\t\t\t\t}\n+\t\t\t\t\t\tif (len \u003e TLSEXT_MAXLEN_host_name)\n \t\t\t\t\t\t\t{\n \t\t\t\t\t\t\t*al = TLS1_AD_UNRECOGNIZED_NAME;\n \t\t\t\t\t\t\treturn 0;\n \t\t\t\t\t\t\t}\n+\t\t\t\t\t\tif ((s-\u003esession-\u003etlsext_hostname = OPENSSL_malloc(len+1)) == NULL)\n+\t\t\t\t\t\t\t{\n+\t\t\t\t\t\t\t*al = TLS1_AD_INTERNAL_ERROR;\n+\t\t\t\t\t\t\treturn 0;\n+\t\t\t\t\t\t\t}\n \t\t\t\t\t\tmemcpy(s-\u003esession-\u003etlsext_hostname, sdata, len);\n \t\t\t\t\t\ts-\u003esession-\u003etlsext_hostname[len]=\u0027\\0\u0027;\n \t\t\t\t\t\tif (strlen(s-\u003esession-\u003etlsext_hostname) != len) {\n@@ -452,7 +461,8 @@\n \n \t\t\t\t\t\t}\n \t\t\t\t\telse \n-\t\t\t\t\t\ts-\u003eservername_done = strlen(s-\u003esession-\u003etlsext_hostname) == len \n+\t\t\t\t\t\ts-\u003eservername_done = s-\u003esession-\u003etlsext_hostname\n+\t\t\t\t\t\t\t\u0026\u0026 strlen(s-\u003esession-\u003etlsext_hostname) == len \n \t\t\t\t\t\t\t\u0026\u0026 strncmp(s-\u003esession-\u003etlsext_hostname, (char *)sdata, len) == 0;\n \t\t\t\t\t\n \t\t\t\t\tbreak;\n\nPatch for OpenSSL 1.0.0 releases\n================================\n\nIndex: ssl/t1_lib.c\n===================================================================\nRCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v\nretrieving revision 1.64.2.14\ndiff -u -r1.64.2.14 t1_lib.c\n--- ssl/t1_lib.c\t15 Jun 2010 17:25:15 -0000\t1.64.2.14\n+++ ssl/t1_lib.c\t15 Nov 2010 15:26:19 -0000\n@@ -714,14 +714,23 @@\n \t\t\t\tswitch (servname_type)\n \t\t\t\t\t{\n \t\t\t\tcase TLSEXT_NAMETYPE_host_name:\n-\t\t\t\t\tif (s-\u003esession-\u003etlsext_hostname == NULL)\n+\t\t\t\t\tif (!s-\u003ehit)\n \t\t\t\t\t\t{\n-\t\t\t\t\t\tif (len \u003e TLSEXT_MAXLEN_host_name || \n-\t\t\t\t\t\t\t((s-\u003esession-\u003etlsext_hostname = OPENSSL_malloc(len+1)) == NULL))\n+\t\t\t\t\t\tif(s-\u003esession-\u003etlsext_hostname)\n+\t\t\t\t\t\t\t{\n+\t\t\t\t\t\t\t*al = SSL_AD_DECODE_ERROR;\n+\t\t\t\t\t\t\treturn 0;\n+\t\t\t\t\t\t\t}\n+\t\t\t\t\t\tif (len \u003e TLSEXT_MAXLEN_host_name)\n \t\t\t\t\t\t\t{\n \t\t\t\t\t\t\t*al = TLS1_AD_UNRECOGNIZED_NAME;\n \t\t\t\t\t\t\treturn 0;\n \t\t\t\t\t\t\t}\n+\t\t\t\t\t\tif ((s-\u003esession-\u003etlsext_hostname = OPENSSL_malloc(len+1)) == NULL)\n+\t\t\t\t\t\t\t{\n+\t\t\t\t\t\t\t*al = TLS1_AD_INTERNAL_ERROR;\n+\t\t\t\t\t\t\treturn 0;\n+\t\t\t\t\t\t\t}\n \t\t\t\t\t\tmemcpy(s-\u003esession-\u003etlsext_hostname, sdata, len);\n \t\t\t\t\t\ts-\u003esession-\u003etlsext_hostname[len]=\u0027\\0\u0027;\n \t\t\t\t\t\tif (strlen(s-\u003esession-\u003etlsext_hostname) != len) {\n@@ -734,7 +743,8 @@\n \n \t\t\t\t\t\t}\n \t\t\t\t\telse \n-\t\t\t\t\t\ts-\u003eservername_done = strlen(s-\u003esession-\u003etlsext_hostname) == len \n+\t\t\t\t\t\ts-\u003eservername_done = s-\u003esession-\u003etlsext_hostname\n+\t\t\t\t\t\t\t\u0026\u0026 strlen(s-\u003esession-\u003etlsext_hostname) == len \n \t\t\t\t\t\t\t\u0026\u0026 strncmp(s-\u003esession-\u003etlsext_hostname, (char *)sdata, len) == 0;\n \t\t\t\t\t\n \t\t\t\t\tbreak;\n@@ -765,15 +775,22 @@\n \t\t\t\t*al = TLS1_AD_DECODE_ERROR;\n \t\t\t\treturn 0;\n \t\t\t\t}\n-\t\t\ts-\u003esession-\u003etlsext_ecpointformatlist_length = 0;\n-\t\t\tif (s-\u003esession-\u003etlsext_ecpointformatlist != NULL) OPENSSL_free(s-\u003esession-\u003etlsext_ecpointformatlist);\n-\t\t\tif ((s-\u003esession-\u003etlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)\n+\t\t\tif (!s-\u003ehit)\n \t\t\t\t{\n-\t\t\t\t*al = TLS1_AD_INTERNAL_ERROR;\n-\t\t\t\treturn 0;\n+\t\t\t\tif(s-\u003esession-\u003etlsext_ecpointformatlist)\n+\t\t\t\t\t{\n+\t\t\t\t\t*al = TLS1_AD_DECODE_ERROR;\n+\t\t\t\t\treturn 0;\n+\t\t\t\t\t}\n+\t\t\t\ts-\u003esession-\u003etlsext_ecpointformatlist_length = 0;\n+\t\t\t\tif ((s-\u003esession-\u003etlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)\n+\t\t\t\t\t{\n+\t\t\t\t\t*al = TLS1_AD_INTERNAL_ERROR;\n+\t\t\t\t\treturn 0;\n+\t\t\t\t\t}\n+\t\t\t\ts-\u003esession-\u003etlsext_ecpointformatlist_length = ecpointformatlist_length;\n+\t\t\t\tmemcpy(s-\u003esession-\u003etlsext_ecpointformatlist, sdata, ecpointformatlist_length);\n \t\t\t\t}\n-\t\t\ts-\u003esession-\u003etlsext_ecpointformatlist_length = ecpointformatlist_length;\n-\t\t\tmemcpy(s-\u003esession-\u003etlsext_ecpointformatlist, sdata, ecpointformatlist_length);\n #if 0\n \t\t\tfprintf(stderr,\"ssl_parse_clienthello_tlsext s-\u003esession-\u003etlsext_ecpointformatlist (length=%i) \", s-\u003esession-\u003etlsext_ecpointformatlist_length);\n \t\t\tsdata = s-\u003esession-\u003etlsext_ecpointformatlist;\n@@ -794,15 +811,22 @@\n \t\t\t\t*al = TLS1_AD_DECODE_ERROR;\n \t\t\t\treturn 0;\n \t\t\t\t}\n-\t\t\ts-\u003esession-\u003etlsext_ellipticcurvelist_length = 0;\n-\t\t\tif (s-\u003esession-\u003etlsext_ellipticcurvelist != NULL) OPENSSL_free(s-\u003esession-\u003etlsext_ellipticcurvelist);\n-\t\t\tif ((s-\u003esession-\u003etlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)\n+\t\t\tif (!s-\u003ehit)\n \t\t\t\t{\n-\t\t\t\t*al = TLS1_AD_INTERNAL_ERROR;\n-\t\t\t\treturn 0;\n+\t\t\t\tif(s-\u003esession-\u003etlsext_ellipticcurvelist)\n+\t\t\t\t\t{\n+\t\t\t\t\t*al = TLS1_AD_DECODE_ERROR;\n+\t\t\t\t\treturn 0;\n+\t\t\t\t\t}\n+\t\t\t\ts-\u003esession-\u003etlsext_ellipticcurvelist_length = 0;\n+\t\t\t\tif ((s-\u003esession-\u003etlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)\n+\t\t\t\t\t{\n+\t\t\t\t\t*al = TLS1_AD_INTERNAL_ERROR;\n+\t\t\t\t\treturn 0;\n+\t\t\t\t\t}\n+\t\t\t\ts-\u003esession-\u003etlsext_ellipticcurvelist_length = ellipticcurvelist_length;\n+\t\t\t\tmemcpy(s-\u003esession-\u003etlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);\n \t\t\t\t}\n-\t\t\ts-\u003esession-\u003etlsext_ellipticcurvelist_length = ellipticcurvelist_length;\n-\t\t\tmemcpy(s-\u003esession-\u003etlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);\n #if 0\n \t\t\tfprintf(stderr,\"ssl_parse_clienthello_tlsext s-\u003esession-\u003etlsext_ellipticcurvelist (length=%i) \", s-\u003esession-\u003etlsext_ellipticcurvelist_length);\n \t\t\tsdata = s-\u003esession-\u003etlsext_ellipticcurvelist;\n\n\nReferences\n===========\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20101116.txt\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-10:10.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          OpenSSL multiple vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2010-11-29\nCredits:        Georgi Guninski, Rob Hulswit\nAffects:        FreeBSD 7.0 and later\nCorrected:      2010-11-26 22:50:58 UTC (RELENG_8, 8.1-STABLE)\n                2010-11-29 20:43:06 UTC (RELENG_8_1, 8.1-RELEASE-p2)\n                2010-11-29 20:43:06 UTC (RELENG_8_0, 8.0-RELEASE-p6)\n                2010-11-28 13:45:51 UTC (RELENG_7, 7.3-STABLE)\n                2010-11-29 20:43:06 UTC (RELENG_7_3, 7.3-RELEASE-p4)\n                2010-11-29 20:43:06 UTC (RELENG_7_1, 7.1-RELEASE-p16)\nCVE Name:       CVE-2010-2939, CVE-2010-3864\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII.  The race condition can lead to\na buffer overflow. [CVE-2010-3864]\n\nA double free exists in the SSL client ECDH handling code, when\nprocessing specially crafted public keys with invalid prime\nnumbers. [CVE-2010-2939]\n\nIII. [CVE-2010-3864]. \n\nIt may be possible to cause a DoS or potentially execute arbitrary in\nthe context of the user connection to a malicious SSL server. \n[CVE-2010-2939]\n\nIV.  Workaround\n\nNo workaround is available, but CVE-2010-3864 only affects FreeBSD 8.0\nand later.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the\nRELENG_8_1, RELENG_8_0, RELENG_7_3, or RELENG_7_1 security branch\ndated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to FreeBSD 7.1, 7.3,\n8.0 and 8.1 systems. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 7.x]\n# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl7.patch\n# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl7.patch.asc\n\n[FreeBSD 8.x]\n# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl.patch\n# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# cd /usr/src/secure/lib/libssl\n# make obj \u0026\u0026 make depend \u0026\u0026 make \u0026\u0026 make install\n\nNOTE: On the amd64 platform, the above procedure will not update the\nlib32 (i386 compatibility) libraries.  On amd64 systems where the i386\ncompatibility libraries are used, the operating system should instead\nbe recompiled as described in\n\u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e\n\n3) To update your vulnerable system via a binary patch:\n\nSystems running 7.1-RELEASE, 7.3-RELEASE, 8.0-RELEASE or 8.1-RELEASE\non the i386 or amd64 platforms can be updated via the\nfreebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI.  Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nCVS:\n\nBranch                                                           Revision\n  Path\n- -------------------------------------------------------------------------\nRELENG_7_3\n  src/UPDATING                                             1.507.2.34.2.6\n  src/sys/conf/newvers.sh                                   1.72.2.16.2.8\n  src/crypto/openssl/ssl/s3_clnt.c                       1.1.1.14.2.1.4.1\nRELENG_7_1\n  src/UPDATING                                            1.507.2.13.2.19\n  src/sys/conf/newvers.sh                                   1.72.2.9.2.20\n  src/crypto/openssl/ssl/s3_clnt.c                           1.1.1.14.6.2\nRELENG_8_1\n  src/UPDATING                                             1.632.2.14.2.5\n  src/sys/conf/newvers.sh                                   1.83.2.10.2.6\n  src/crypto/openssl/ssl/s3_clnt.c                            1.3.2.1.2.1\n  src/crypto/openssl/ssl/t1_lib.c                             1.2.2.1.2.1\nRELENG_8_0\n  src/UPDATING                                              1.632.2.7.2.9\n  src/sys/conf/newvers.sh                                    1.83.2.6.2.9\n  src/crypto/openssl/ssl/s3_clnt.c                                1.3.4.1\n  src/crypto/openssl/ssl/t1_lib.c                                 1.2.4.1\n- -------------------------------------------------------------------------\n\nSubversion:\n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/7/                                                         r215997\nreleng/7.3/                                                       r216063\nreleng/7.1/                                                       r216063\nstable/8/                                                         r215912\nreleng/8.0/                                                       r216063\nreleng/8.1/                                                       r216063\n- -------------------------------------------------------------------------\n\nVII",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-3864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002486"
      },
      {
        "db": "BID",
        "id": "44884"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-3864"
      },
      {
        "db": "PACKETSTORM",
        "id": "98419"
      },
      {
        "db": "PACKETSTORM",
        "id": "101256"
      },
      {
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "db": "PACKETSTORM",
        "id": "96068"
      },
      {
        "db": "PACKETSTORM",
        "id": "95943"
      },
      {
        "db": "PACKETSTORM",
        "id": "95934"
      },
      {
        "db": "PACKETSTORM",
        "id": "96248"
      }
    ],
    "trust": 3.33
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-3864",
        "trust": 2.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#737740",
        "trust": 2.2
      },
      {
        "db": "SECUNIA",
        "id": "42243",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1024743",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "42309",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "43312",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "44269",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42336",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42413",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57353",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42241",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42397",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42352",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "44884",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3077",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3097",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3121",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3041",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3001",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91284469",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002486",
        "trust": 0.8
      },
      {
        "db": "VUPEN",
        "id": "2010/3097",
        "trust": 0.1
      },
      {
        "db": "VUPEN",
        "id": "2010/3121",
        "trust": 0.1
      },
      {
        "db": "VUPEN",
        "id": "2010/3041",
        "trust": 0.1
      },
      {
        "db": "VUPEN",
        "id": "2010/3077",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-3864",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "98419",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101256",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "105638",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "96068",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "95943",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "95934",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "96248",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-3864"
      },
      {
        "db": "BID",
        "id": "44884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002486"
      },
      {
        "db": "PACKETSTORM",
        "id": "98419"
      },
      {
        "db": "PACKETSTORM",
        "id": "101256"
      },
      {
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "db": "PACKETSTORM",
        "id": "96068"
      },
      {
        "db": "PACKETSTORM",
        "id": "95943"
      },
      {
        "db": "PACKETSTORM",
        "id": "95934"
      },
      {
        "db": "PACKETSTORM",
        "id": "96248"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3864"
      }
    ]
  },
  "id": "VAR-201011-0251",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.11111111
  },
  "last_update_date": "2022-06-28T21:16:16.795000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APSB11-11",
        "trust": 0.8,
        "url": "http://www.adobe.com/support/security/bulletins/apsb11-11.html"
      },
      {
        "title": "APSB11-11",
        "trust": 0.8,
        "url": "http://www.adobe.com/jp/support/security/bulletins/apsb11-11.html"
      },
      {
        "title": "HT4723",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4723"
      },
      {
        "title": "HPSBUX02638",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c02737002"
      },
      {
        "title": "secadv_20101116",
        "trust": 0.8,
        "url": "http://openssl.org/news/secadv_20101116.txt"
      },
      {
        "title": "RHSA-2010:0888",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2010-0888.html"
      },
      {
        "title": "VMSA-2011-0003",
        "trust": 0.8,
        "url": "http://www.vmware.com/security/advisories/vmsa-2011-0003.html"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1018-1"
      },
      {
        "title": "Debian Security Advisories: DSA-2125-1 openssl -- buffer overflow",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=23cb8e933fce5e73fcc12f7bd731374b"
      },
      {
        "title": "Symantec Security Advisories: SA68 : Multiple SSL/TLS vulnerabilities in Reporter",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=79f3486c7600ac3aeeb5401f9ee75fd3"
      },
      {
        "title": "Splunk Security Announcements: Splunk 4.1.6 updates OpenSSL to 0.9.8p address CVE-2010-3864 - December 1st, 2010",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=a480dd0eb83fa64bb2d868edfd9943df"
      },
      {
        "title": "VMware Security Advisories: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=ea953b0a91a1816979ec1d304d5e3d93"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-3864"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002486"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002486"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3864"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://secunia.com/advisories/42243"
      },
      {
        "trust": 1.9,
        "url": "http://securitytracker.com/id?1024743"
      },
      {
        "trust": 1.5,
        "url": "http://www.kb.cert.org/vuls/id/737740"
      },
      {
        "trust": 1.4,
        "url": "https://rhn.redhat.com/errata/rhsa-2010-0888.html"
      },
      {
        "trust": 1.4,
        "url": "http://blogs.sun.com/security/entry/cve_2010_3864_race_condition"
      },
      {
        "trust": 1.4,
        "url": "http://www.adobe.com/support/security/bulletins/apsb11-11.html"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564"
      },
      {
        "trust": 1.2,
        "url": "http://openssl.org/news/secadv_20101116.txt"
      },
      {
        "trust": 1.2,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=649304"
      },
      {
        "trust": 1.2,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-10:10.openssl.asc"
      },
      {
        "trust": 1.1,
        "url": "http://w3.efi.com/fiery"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-november/051255.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42336"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42352"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42397"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-november/051237.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-november/051170.html"
      },
      {
        "trust": 1.1,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668793"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42309"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2010/dsa-2125"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/3121"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/3041"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42413"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42241"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/3097"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/3077"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/security/advisories/vmsa-2011-0003.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-january/000101.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-january/000102.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/43312"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/44269"
      },
      {
        "trust": 1.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02794777"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4723"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=132828103218869\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57353"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3864"
      },
      {
        "trust": 0.8,
        "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64"
      },
      {
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu976710"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu91284469/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3864"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/44884"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2010/3001"
      },
      {
        "trust": 0.5,
        "url": "http://www.openssl.org/news/secadv_20101116.txt"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3864"
      },
      {
        "trust": 0.3,
        "url": "https://my.stonesoft.com/support/attachment.do?docid=6410\u0026file=ssl-vpn_1.4.5-rlnt.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03179825"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg400001530"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg400001529"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us"
      },
      {
        "trust": 0.3,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa68"
      },
      {
        "trust": 0.3,
        "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2010-012.txt.asc"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21637929"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/516801"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100131810"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643698"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e"
      },
      {
        "trust": 0.3,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02794777"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638022"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/support/docview.wss?uid=swg21619837"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory2.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001560"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24030251"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033501"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643442"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21627934"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21633107"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635888"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638669"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638670"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643439"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643437"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643316"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2939"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/362.html"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/1018-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3556"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0086"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0085"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1086"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0730"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1088"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1027919"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0095"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0307"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0092"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0093"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3548"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1031330"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3554"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3562"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0088"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0084"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0091"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0089"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3557"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3550"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0085"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1384"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3567"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0086"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0003"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0837"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3553"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0106"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2227"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0107"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2902"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2901"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1085"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0091"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0841"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0840"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0291"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2248"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0415"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3561"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3541"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3559"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3565"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1027904"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0093"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0433"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0842"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0082"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3574"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0886"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0734"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1157"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0094"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0007"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0850"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2524"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0839"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1087"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0622"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0090"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3825"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3573"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1084"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5416"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1384"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0008"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0088"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0849"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2070"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4308"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3549"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3548"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2693"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0007"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3568"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0084"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5416"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3825"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0410"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1321"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0092"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1437"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0003"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0094"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0847"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0740"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0082"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0437"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0844"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2066"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0089"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0087"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0087"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1436"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1029353"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0085"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0846"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2226"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1173"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0008"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1641"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2928"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0106"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0845"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0848"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0095"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1187"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2521"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3569"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0085"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0090"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3081"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3551"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0843"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4180"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0014"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4252"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0742"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4355"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3207"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3864"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2939"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1633"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3210"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0740"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201110-01.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3245"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0433"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0014"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4355"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4252"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_amd64.udeb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_sparc.udeb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mipsel.udeb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_ia64.udeb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_s390.udeb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_i386.udeb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_hppa.udeb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_armel.udeb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_arm.udeb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_powerpc.udeb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_alpha.udeb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://packages.debian.org/\u003cpkg\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mips.udeb"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://store.mandriva.com/product_info.php?cpath=149\u0026products_id=490"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-10:10/openssl.patch"
      },
      {
        "trust": 0.1,
        "url": "http://www.freebsd.org/handbook/makeworld.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.mail-archive.com/openssl-dev@openssl.org/msg28043.html"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-10:10/openssl7.patch"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-10:10/openssl7.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2939"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-10:10/openssl.patch.asc"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-3864"
      },
      {
        "db": "BID",
        "id": "44884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002486"
      },
      {
        "db": "PACKETSTORM",
        "id": "98419"
      },
      {
        "db": "PACKETSTORM",
        "id": "101256"
      },
      {
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "db": "PACKETSTORM",
        "id": "96068"
      },
      {
        "db": "PACKETSTORM",
        "id": "95943"
      },
      {
        "db": "PACKETSTORM",
        "id": "95934"
      },
      {
        "db": "PACKETSTORM",
        "id": "96248"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3864"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-3864"
      },
      {
        "db": "BID",
        "id": "44884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002486"
      },
      {
        "db": "PACKETSTORM",
        "id": "98419"
      },
      {
        "db": "PACKETSTORM",
        "id": "101256"
      },
      {
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "db": "PACKETSTORM",
        "id": "96068"
      },
      {
        "db": "PACKETSTORM",
        "id": "95943"
      },
      {
        "db": "PACKETSTORM",
        "id": "95934"
      },
      {
        "db": "PACKETSTORM",
        "id": "96248"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3864"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-03-18T00:00:00",
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "date": "2010-11-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-3864"
      },
      {
        "date": "2010-11-16T00:00:00",
        "db": "BID",
        "id": "44884"
      },
      {
        "date": "2010-12-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002486"
      },
      {
        "date": "2011-02-11T13:13:00",
        "db": "PACKETSTORM",
        "id": "98419"
      },
      {
        "date": "2011-05-10T00:44:30",
        "db": "PACKETSTORM",
        "id": "101256"
      },
      {
        "date": "2011-10-09T16:42:00",
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "date": "2010-11-23T19:08:44",
        "db": "PACKETSTORM",
        "id": "96068"
      },
      {
        "date": "2010-11-18T01:04:10",
        "db": "PACKETSTORM",
        "id": "95943"
      },
      {
        "date": "2010-11-18T00:30:27",
        "db": "PACKETSTORM",
        "id": "95934"
      },
      {
        "date": "2010-12-01T04:32:28",
        "db": "PACKETSTORM",
        "id": "96248"
      },
      {
        "date": "2010-11-17T16:00:00",
        "db": "NVD",
        "id": "CVE-2010-3864"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-05-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-3864"
      },
      {
        "date": "2015-04-13T20:36:00",
        "db": "BID",
        "id": "44884"
      },
      {
        "date": "2012-06-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002486"
      },
      {
        "date": "2018-10-10T20:05:00",
        "db": "NVD",
        "id": "CVE-2010-3864"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "44884"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "44884"
      }
    ],
    "trust": 0.3
  }
}

var-200901-0714
Vulnerability from variot

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. F5's FirePass server is a powerful network device that can provide users with secure access to the company's network through any standard web browser. F5 FirePass products have unidentified security vulnerabilities, allowing malicious users to conduct fraud and forgery attacks. OpenSSL is prone to a signature-verification vulnerability. An attacker would likely leverage this issue to conduct phishing attacks or impersonate legitimate sites. Other attacks are also possible. Releases prior to OpenSSL 0.9.8j are affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

============================================================================= FreeBSD-SA-09:02.openssl Security Advisory The FreeBSD Project

Topic: OpenSSL incorrectly checks for malformed signatures

Category: contrib Module: openssl Announced: 2009-01-07 Credits: Google Security Team Affects: All FreeBSD releases Corrected: 2009-01-07 21:03:41 UTC (RELENG_7, 7.1-STABLE) 2009-01-07 20:17:55 UTC (RELENG_7_1, 7.1-RELEASE-p1) 2009-01-07 20:17:55 UTC (RELENG_7_0, 7.0-RELEASE-p8) 2009-01-07 20:17:55 UTC (RELENG_6, 6.4-STABLE) 2009-01-07 20:17:55 UTC (RELENG_6_4, 6.4-RELEASE-p2) 2009-01-07 20:17:55 UTC (RELENG_6_3, 6.3-RELEASE-p8) CVE Name: CVE-2008-5077

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. Problem Description

The EVP_VerifyFinal() function from OpenSSL is used to determine if a digital signature is valid. This is only a problem for DSA and ECDSA keys.

III. Impact

For applications using OpenSSL for SSL connections, an invalid SSL certificate may be interpreted as valid. This could for example be used by an attacker to perform a man-in-the-middle attack.

Other applications which use the OpenSSL EVP API may similarly be affected.

IV. Workaround

For a server an RSA signed certificate may be used instead of DSA or ECDSA based certificate.

Note that Mozilla Firefox does not use OpenSSL and thus is not affected. Solution

Perform one of the following:

1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date.

2) To patch your present system:

The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.0, and 7.1 systems.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 7.x]

fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch

fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch.asc

[FreeBSD 6.x]

fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch

fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch.asc

b) Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

cd /usr/src/secure/lib/libssl

make obj && make depend && make && make install

cd /usr/src/secure/usr.bin/openssl

make obj && make depend && make && make install

NOTE: On the amd64 platform, the above procedure will not update the lib32 (i386 compatibility) libraries. On amd64 systems where the i386 compatibility libraries are used, the operating system should instead be recompiled as described in

VI. Correction details

The following list contains the revision numbers of each file that was corrected in FreeBSD.

CVS:

Branch Revision Path

RELENG_6 src/crypto/openssl/apps/speed.c 1.13.2.1 src/crypto/openssl/apps/verify.c 1.1.1.5.12.1 src/crypto/openssl/apps/x509.c 1.1.1.10.2.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.12.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.2.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.2 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.2 RELENG_6_4 src/UPDATING 1.416.2.40.2.5 src/sys/conf/newvers.sh 1.69.2.18.2.8 src/crypto/openssl/apps/speed.c 1.13.12.1 src/crypto/openssl/apps/verify.c 1.1.1.5.24.1 src/crypto/openssl/apps/x509.c 1.1.1.10.12.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.24.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.12.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.12.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.6.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1.6.1 RELENG_6_3 src/UPDATING 1.416.2.37.2.13 src/sys/conf/newvers.sh 1.69.2.15.2.12 src/crypto/openssl/apps/speed.c 1.13.10.1 src/crypto/openssl/apps/verify.c 1.1.1.5.22.1 src/crypto/openssl/apps/x509.c 1.1.1.10.10.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.22.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.10.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.10.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.4.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1.4.1 RELENG_7 src/crypto/openssl/apps/speed.c 1.15.2.1 src/crypto/openssl/apps/verify.c 1.1.1.6.2.1 src/crypto/openssl/apps/x509.c 1.1.1.11.2.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.2.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.2.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.2.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.2.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.4 src/sys/conf/newvers.sh 1.72.2.9.2.5 src/crypto/openssl/apps/speed.c 1.15.6.1 src/crypto/openssl/apps/verify.c 1.1.1.6.6.1 src/crypto/openssl/apps/x509.c 1.1.1.11.6.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.6.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.6.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.6.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.6.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.6.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.6.1 RELENG_7_0 src/UPDATING 1.507.2.3.2.12 src/sys/conf/newvers.sh 1.72.2.5.2.12 src/crypto/openssl/apps/speed.c 1.15.4.1 src/crypto/openssl/apps/verify.c 1.1.1.6.4.1 src/crypto/openssl/apps/x509.c 1.1.1.11.4.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.4.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.4.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.4.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.4.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.4.1

Subversion:

Branch/path Revision

stable/6/ r186873 releng/6.4/ r186872 releng/6.3/ r186872 stable/7/ r186872 releng/7.1/ r186872 releng/7.0/ r186872

VII.

Release Date: 2009-05-14 Last Updated: 2009-05-14

Potential Security Impact: Remote cross site scripting (XSS), unauthorized access

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows running PHP and OpenSSL. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS) and unauthorized access.

References: CVE-2008-5077, CVE-2008-5814

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v3.0.1.73 running on Linux and Windows 2003, 2008.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2008-5077 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-5814 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.

RESOLUTION

HP has provided System Management Homepage (SMH) v3.0.1.73 or subsequent to resolve these vulnerabilities. SMH vv3.0.1.73 is available from the following web sites:

HP System Management Homepage for Linux (x86) v3.0.1.73) can be downloaded from http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-b35b8e125d17427fa8a74e9ef6

HP System Management Homepage for Linux (AMD64/EM64T) v3.0.1.73 can be downloaded from http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-d7bcce2dc82d43daaec308eb40

HP System Management Homepage for Windows v3.0.1.73 can be downloaded from http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-8300d57bb5424791b0e61652e8

PRODUCT SPECIFIC INFORMATION None

HISTORY Version:1 (rev.1) - 14 May 2009 Initial Release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2009 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

               VMware Security Advisory

Advisory ID: VMSA-2009-0004 Synopsis: ESX Service Console updates for openssl, bind, and vim Issue date: 2009-03-31 Updated on: 2009-03-31 (initial release of advisory) CVE numbers: CVE-2008-5077 CVE-2009-0025 CVE-2008-4101 CVE-2008-3432 CVE-2008-2712 CVE-2007-2953

  1. Summary

ESX patches for OpenSSL, vim and bind resolve several security issues.

  1. Relevant releases

VMware ESX 3.0.3 without patches ESX303-200903406-SG, ESX303-200903405-SG, ESX303-200903403-SG

VMware ESX 3.0.2 without patches ESX-1008409, ESX-1008408, ESX-1008406

Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available.

  1. Problem Description

a. Updated OpenSSL package for the Service Console fixes a security issue. 

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-5077 to this issue.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
VirtualCenter  any       Windows  not affected

hosted *       any       any      not affected

ESXi           3.5       ESXi     not affected

ESX            3.5       ESX      affected, patch pending
ESX            3.0.3     ESX      ESX303-200903406-SG
ESX            3.0.2     ESX      ESX-1008409
ESX            2.5.5     ESX      affected, patch pending
  • hosted products are VMware Workstation, Player, ACE, Server, Fusion.

b. Update bind package for the Service Console fixes a security issue. 

A flaw was discovered in the way Berkeley Internet Name Domain
(BIND) checked the return value of the OpenSSL DSA_do_verify
function.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0025 to this issue.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
VirtualCenter  any       Windows  not affected

hosted *       any       any      not affected

ESXi           3.5       ESXi     not affected

ESX            3.5       ESX      affected, patch pending
ESX            3.0.3     ESX      ESX303-200903405-SG
ESX            3.0.2     ESX      ESX-1008408
ESX            2.5.5     ESX      affected, patch pending
  • hosted products are VMware Workstation, Player, ACE, Server, Fusion.

c. Updated vim package for the Service Console addresses several security issues. 

Several input flaws were found in Visual editor IMproved's (Vim)
keyword and tag handling. If Vim looked up a document's maliciously
crafted tag or keyword, it was possible to execute arbitrary code as
the user running Vim.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-4101 to this issue.

A heap-based overflow flaw was discovered in Vim's expansion of file
name patterns with shell wildcards. An attacker could create a
specially crafted file or directory name, when opened by Vim causes
the application to stop responding or execute arbitrary code.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-3432 to this issue.

Several input flaws were found in various Vim system functions. If a
user opened a specially crafted file, it was possible to execute
arbitrary code as the user running Vim.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-2712 to this issue.

A format string flaw was discovered in Vim's help tag processor. If
a user was tricked into executing the "helptags" command on
malicious data, arbitrary code could be executed with the
permissions of the user running VIM.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-2953 to this issue.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
VirtualCenter  any       Windows  not affected

hosted *       any       any      not affected

ESXi           3.5       ESXi     not affected

ESX            3.5       ESX      affected, patch pending
ESX            3.0.3     ESX      ESX303-200903403-SG
ESX            3.0.2     ESX      ESX-1008406
ESX            2.5.5     ESX      affected, patch pending

  • hosted products are VMware Workstation, Player, ACE, Server, Fusion.

  • Solution

Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.

ESX

ESX 3.0.2 ESX-1008409 (openssl) http://download3.vmware.com/software/vi/ESX-1008409.tgz md5sum: cb25fd47bc0713b968d8778c033bc846 http://kb.vmware.com/kb/1008409

ESX 3.0.2 ESX-1008408 (bind) http://download3.vmware.com/software/vi/ESX-1008408.tgz md5sum: b6bd9193892a9c89b9b7a1e0456d2a9a http://kb.vmware.com/kb/1008408

ESX 3.0.2 ESX-1008406 (vim) http://download3.vmware.com/software/vi/ESX-1008406.tgz md5sum: f069daa58190b39e431cedbd26ce25ef http://kb.vmware.com/kb/1008406

ESX 3.0.3 ESX303-200903406-SG (openssl) http://download3.vmware.com/software/vi/ESX303-200903406-SG.zip md5sum: 45a2d32f9267deb5e743366c38652c92 http://kb.vmware.com/kb/1008416

ESX 3.0.3 ESX303-200903405-SG (bind) http://download3.vmware.com/software/vi/ESX303-200903405-SG.zip md5sum: 34d00fd9cca7f3e08c0857b4cc254710 http://kb.vmware.com/kb/1008415

ESX 3.0.3 ESX303-200903403-SG (vim) http://download3.vmware.com/software/vi/ESX303-200903403-SG.zip md5sum: 9790c9512aef18beaf0d1c7d405bed1a http://kb.vmware.com/kb/1008413

  1. References

CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3432 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953

  1. Change log

2009-03-31 VMSA-2009-0004 Initial security advisory after release of patches for ESX 3.0.2 and 3.0.3 on 2009-03-31.

  1. Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  • security-announce at lists.vmware.com
  • bugtraq at securityfocus.com
  • full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2009 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32)

iD8DBQFJ0tgoS2KysvBH1xkRAiAbAJ4uG0NGavdQLzfxFyXnrxBQLqHl1QCdEf4q LA8+0sLvaS37smj8BQPdm0g= =ZVXY -----END PGP SIGNATURE----- .

This bug allows a malformed signature to be treated as a good signature rather than as an error.

A patch fixing the issue with proper return code checking and further important recommendations are described in the original OpenSSL Team advisory.

At the request of the OpenSSL team, oCERT has aided in the remediation coordination for other projects with similar API misuse vulnerabilities. In addition to EVP_VerifyFinal, the return codes from DSA_verify and DSA_do_verify functions were being incorrectly validated, and packages doing so are affected in a similar fashion as OpenSSL.

NTP <= 4.2.4p5 (production), <= 4.2.5p150 (development)

Sun GridEngine <= 5.3

Gale <= 0.99

OpenEvidence <= 1.0.6

Belgian eID middleware - eidlib <= 2.6.0 [2]

Freedom Network Server <= 2.x

The following packages were identified as affected by a vulnerability similar to the OpenSSL one, as they use OpenSSL DSA_verify function and incorrectly check the return code.

BIND <= 9.4.3

Lasso <= 2.2.1

ZXID <= 0.29

1 - use of OpenSSL as an SSL/TLS client when connecting to a server whose certificate uses an RSA key is NOT affected. Verification of client certificates by OpenSSL servers for any key type is NOT affected.

2 - Belgian eID middleware latest versions are not available in source form, therefore we cannot confirm if they are affected

Fixed version:

OpenSSL >= 0.9.8j

NTP >= 4.2.4p6 (production), >= 4.2.5p153 (development)

Sun GridEngine >= 6.0

Gale N/A

OpenEvidence N/A

Belgian eID middleware - eidlib N/A

Freedom Network Server N/A

BIND >= 9.3.6-P1, 9.4.3-P1, 9.5.1-P1, 9.6.0-P1

Lasso >= 2.2.2

ZXID N/A

Credit: Google Security Team (for the original OpenSSL issue).

CVE: CVE-2008-5077 (OpenSSL), CVE-2009-0021 (NTP), CVE-2009-0025 (BIND)

Timeline: 2008-12-16: OpenSSL Security Team requests coordination aid from oCERT 2008-12-16: oCERT investigates packages affected by similar issues 2008-12-16: contacted affected vendors 2008-12-17: investigation expanded to DSA verification 2008-12-17: BIND, Lasso and ZXID added to affected packages 2008-12-18: contacted additional affected vendors 2009-01-05: status updates and patch dissemination to affected vendors 2009-01-05: confirmation from BIND of issue and fix 2009-01-06: requested CVE assignment for BIND 2009-01-07: advisory published

References: http://openssl.org/news/secadv_20090107.txt

Links: http://openssl.org/ http://www.ntp.org/ http://gridengine.sunsource.net/ http://gale.org/ http://www.openevidence.org/ http://eid.belgium.be/ http://www.google.com/codesearch/p?#1vGzyQX--LU/achilles/remailer/zero-knowledge/freedomserver-2.x.tgz/ https://www.isc.org/products/BIND http://lasso.entrouvert.org/ http://www.zxid.org/

Permalink: http://www.ocert.org/advisories/ocert-2008-016.html

-- Will Drewry redpig@ocert.org oCERT Team :: http://ocert.org .

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077

Updated Packages:

Mandriva Linux 2008.0: 6585e08eab279e6a249630385683bf43 2008.0/i586/libopenssl0.9.8-0.9.8e-8.2mdv2008.0.i586.rpm b5955c2c0a2cc24abd9f5f3ebc7d0148 2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.2mdv2008.0.i586.rpm 7c92323d7aa583b936ef908f3f6ac867 2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.i586.rpm 2b791168311c3ecba4f8b7acd24e64ab 2008.0/i586/openssl-0.9.8e-8.2mdv2008.0.i586.rpm cf51c48e4c05ac5357f6076fbaeff0a5 2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64: 6259ac00622227eee59f888bc516bc3a 2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.2mdv2008.0.x86_64.rpm fe745327c1bbb599e025a5b90bb05817 2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm bdb7113b06aab0c4d77cbf86bcf208c2 2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm d4fda198a80b88c7caaf947af0866df8 2008.0/x86_64/openssl-0.9.8e-8.2mdv2008.0.x86_64.rpm cf51c48e4c05ac5357f6076fbaeff0a5 2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm

Mandriva Linux 2008.1: 4a0be98cd3fb82a22e3836c5ae81ed37 2008.1/i586/libopenssl0.9.8-0.9.8g-4.2mdv2008.1.i586.rpm 277058ecc1d26d24bf4da5ea27d4a31f 2008.1/i586/libopenssl0.9.8-devel-0.9.8g-4.2mdv2008.1.i586.rpm 29b08a5a233f1987c4ca98aaa4e97ac5 2008.1/i586/libopenssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.i586.rpm e47be879abc0c089a8f380469a6a62c8 2008.1/i586/openssl-0.9.8g-4.2mdv2008.1.i586.rpm 7395d0e10c1938be16261baba05da55c 2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64: 71a69804b928a9f7856f65fee332c5ab 2008.1/x86_64/lib64openssl0.9.8-0.9.8g-4.2mdv2008.1.x86_64.rpm e9c5d1d4895a5a679945bde62df6f988 2008.1/x86_64/lib64openssl0.9.8-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm 7f2d66839f93e2083dcd1b1f27ca4ddf 2008.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm 40408ffdf13faa6c79b28c764bb88b22 2008.1/x86_64/openssl-0.9.8g-4.2mdv2008.1.x86_64.rpm 7395d0e10c1938be16261baba05da55c 2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm

Mandriva Linux 2009.0: 2512f6a41e9a8e7bcff53e5737029689 2009.0/i586/libopenssl0.9.8-0.9.8h-3.1mdv2009.0.i586.rpm d7774faaed2866da5bb05cbcf07604da 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.1mdv2009.0.i586.rpm ed99160bdf1ce33fa81dc47c71915318 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.i586.rpm 6116fafed014596ee1e6ec43db93133f 2009.0/i586/openssl-0.9.8h-3.1mdv2009.0.i586.rpm 8ad6b0d8aff3bb992d716668450aef3a 2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64: d2cc04fc0bdaeea8e4cc5d7ab4e997fd 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.1mdv2009.0.x86_64.rpm b537da3113c75f87c4fa8d66be2d6797 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm ef9add2bec302b324b9c0690cf79b57c 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm 16b8c11f4d6dedf2e4176bfc55607c15 2009.0/x86_64/openssl-0.9.8h-3.1mdv2009.0.x86_64.rpm 8ad6b0d8aff3bb992d716668450aef3a 2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm

Corporate 3.0: 5e8f4b7c1e646d0e16af2d83238a011b corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm 5115d911b9a6842fd0c3495429c7c2f2 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.9.C30mdk.i586.rpm b934b4f9686deef6cb1eba750ab36288 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.i586.rpm 11ec8a4df261d4d4fa9957d33be08604 corporate/3.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm dcd1a4feb1a04302c54465dce7c7c506 corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm

Corporate 3.0/X86_64: 64521521330df90b42c9c37cafe50b54 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.9.C30mdk.x86_64.rpm 3a85c30c0511e42ec76c80e08efe5192 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.9.C30mdk.x86_64.rpm 12af66f30c5022d8d29b57a9131458c3 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.x86_64.rpm 62f5c54be99ddc9458670ae04b24d3f0 corporate/3.0/x86_64/openssl-0.9.7c-3.9.C30mdk.x86_64.rpm dcd1a4feb1a04302c54465dce7c7c506 corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm

Corporate 4.0: 60c64d9ead2b01fb39058a705fcb95dc corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.7.20060mlcs4.i586.rpm fb4d5555c211b375707bf7d194e74776 corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.i586.rpm c13ff967b4310e5a790e85595f940b7e corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.i586.rpm e9a96a389c00ee674d689e3747c3e501 corporate/4.0/i586/openssl-0.9.7g-2.7.20060mlcs4.i586.rpm 4df38ebd98b467bdee0d4a24d3b0158f corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm

Corporate 4.0/X86_64: de71d0bbc98589afdf03b7a99aad7103 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.7.20060mlcs4.x86_64.rpm 0c330148b55987e50f491c7e4d3b65a5 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm ce64720b2685fada3e88a5725c43b532 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm 29f0f40602184d7f366e1d1d8e5c03e4 corporate/4.0/x86_64/openssl-0.9.7g-2.7.20060mlcs4.x86_64.rpm 4df38ebd98b467bdee0d4a24d3b0158f corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm

Multi Network Firewall 2.0: 74a4beac1c01f9fd888dd5eea356f7be mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm c809a08f26051c7a3931ccda00c94429 mnf/2.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm 8ae9f7004b77dca2317980ba4215dc92 mnf/2.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJZqIYmqjQ0CJFipgRAqRNAKDNNvWgsIk0/eh5f8539zOJ7dtnnQCeJezP ZE8i9Ju80WcdhXe9yIoPevE= =9n1t -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP SSL v1.3 for OpenVMS Alpha (v 8.2 or higher) and Integrity (v 8.2-1 or higher)

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200901-0714",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.6,
        "vendor": "no",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.5"
      },
      {
        "model": "bigip application security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.1"
      },
      {
        "model": "opensolaris build snv 95",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "opensolaris build snv 93",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "email and web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.6"
      },
      {
        "model": "networks enterprise voip tm-cs1000",
        "scope": null,
        "trust": 0.3,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-26000"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "pfsense 1.2-rc4",
        "scope": null,
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": null
      },
      {
        "model": "networks switched firewall series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5700"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.1"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "linux enterprise sp2 debuginfo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7.0"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.9"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "opensolaris build snv 99",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind b3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.6.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind b4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.1.3"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4.3"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.1"
      },
      {
        "model": "bigip global traffic manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.3.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "opensolaris build snv 100",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "wanjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "2210"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "bigip application security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "sparc enterprise m3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.1.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0.2.3"
      },
      {
        "model": "linux enterprise server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.6"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.1.1"
      },
      {
        "model": "opensolaris build snv 85",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 19",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "opensolaris build snv 45",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.0.52"
      },
      {
        "model": "sparc enterprise m9000",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 78",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "bind 9.5.0a7",
        "scope": null,
        "trust": 0.3,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "communication manager server definity server si/cs",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0.3"
      },
      {
        "model": "bigip application security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.3.1"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "opensolaris build snv 89",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 39",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "message networking mn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "wizpy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "0"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "bigip global traffic manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.4.8"
      },
      {
        "model": "opensolaris build snv 90",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 68",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.3.1"
      },
      {
        "model": "bind 9.5.0a6",
        "scope": null,
        "trust": 0.3,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "opensolaris build snv 67",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1050"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "7.10"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "networks ssl vpn module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "10000"
      },
      {
        "model": "client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2008"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.4"
      },
      {
        "model": "p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "opensolaris build snv 77",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 61",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.4"
      },
      {
        "model": "circle",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "voodoo",
        "version": "1.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "opensolaris build snv 82",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind 9.5.0-p2-w1",
        "scope": null,
        "trust": 0.3,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "7.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "opensolaris build snv 29",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.7.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.3"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "7.0-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "bigip application security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.4.8"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "bigip global traffic manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.3"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.4"
      },
      {
        "model": "bind 9.4.2-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "circle",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "voodoo",
        "version": "1.1.34"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.2"
      },
      {
        "model": "networks switched firewall series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5400"
      },
      {
        "model": "pfsense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "1.2.2"
      },
      {
        "model": "pfsense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "1.2.1"
      },
      {
        "model": "networks switched firewall series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "6600"
      },
      {
        "model": "bind 9.4.2-p2-w2",
        "scope": null,
        "trust": 0.3,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.6.4"
      },
      {
        "model": "email and web security appliance patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.65"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1.73"
      },
      {
        "model": "communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.4.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "7.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "networks cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1000"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.4.8"
      },
      {
        "model": "opensolaris build snv 105",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "-pre-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "linux enterprise sdk sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bigip sam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "8.0"
      },
      {
        "model": "opensolaris build snv 88",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "sparc t3-1b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "sparc enterprise m5000",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.7.1"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "opensolaris build snv 59",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "8.1"
      },
      {
        "model": "fuji",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "0"
      },
      {
        "model": "communication manager server s8300",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.6.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.4.8"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "radio relay league tqsllib",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "american",
        "version": "2.0"
      },
      {
        "model": "bind 9.5.0a3",
        "scope": null,
        "trust": 0.3,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "7.10"
      },
      {
        "model": "sparc t3-2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 96",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "7.10"
      },
      {
        "model": "appliance platform linux service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "netra sparc t3-1b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "networks self-service mps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5000"
      },
      {
        "model": "linux enterprise server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "bind 9.5.0b2",
        "scope": null,
        "trust": 0.3,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "communication manager server s8700",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "gale",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gale",
        "version": "0.99"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "opensolaris build snv 36",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.3"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "-release-p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "opensolaris build snv 94",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1.3"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "7.10"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "5.5"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.6"
      },
      {
        "model": "-release-p6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "bind 9.4.3-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "wanjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "5.0.2"
      },
      {
        "model": "opensolaris build snv 50",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "2700"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1740"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1010"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1.6"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1.4"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "communication manager server s8500",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0.0x64"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "bind 9.5.1b1",
        "scope": null,
        "trust": 0.3,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "opensolaris build snv 01",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "opensolaris build snv 92",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1.5"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.4.8"
      },
      {
        "model": "opensolaris build snv 83",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "opensolaris build snv 106",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-45000"
      },
      {
        "model": "networks switched firewall series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5300"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "6.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "11x64"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-46000"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "bind 9.5.0-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "bind 9.6.0-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0.2"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "17500"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0.2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20080"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "networks self-service peri application",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "0"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "3.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "communication manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.1"
      },
      {
        "model": "opensolaris build snv 76",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "7.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "opensolaris build snv 101a",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "communication manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "opensolaris build snv 87",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.8"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.6.1"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5000"
      },
      {
        "model": "wanjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "5.5.2"
      },
      {
        "model": "bind 9.5.0b1",
        "scope": null,
        "trust": 0.3,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "linux lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "7.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "bind p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.6"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.4.5"
      },
      {
        "model": "bind 9.5.0a5",
        "scope": null,
        "trust": 0.3,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "networks vpn router",
        "scope": null,
        "trust": 0.3,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": "opensolaris build snv 57",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux enterprise desktop sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "appliance platform linux service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "2"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.0"
      },
      {
        "model": "meeting exchange enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "eid middleware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "belgium",
        "version": "2.6"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1.1"
      },
      {
        "model": "sparc enterprise m8000",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind rc3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "networks vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "30500"
      },
      {
        "model": "bigip application security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.3"
      },
      {
        "model": "sparc t3-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "0"
      },
      {
        "model": "wanjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "5.0"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "3.0.1"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "2510"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "bind 9.4.2-p2-w1",
        "scope": null,
        "trust": 0.3,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.3"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "4.4"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.5"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4.1"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "networks self-service mps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "10000"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.8"
      },
      {
        "model": "bigip global traffic manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "networks vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "30700"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "opensolaris build snv 102",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "opensolaris build snv 02",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.4.1"
      },
      {
        "model": "linux enterprise teradata sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "pfsense 1.2-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "opensolaris build snv 80",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "communication manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1.4"
      },
      {
        "model": "p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.4"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.6.1"
      },
      {
        "model": "opensolaris build snv 104",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "communication manager server s8100",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "big-ip wan optimization module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "netra sparc t3-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "p153",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.5"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "opensolaris build snv 107",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.0"
      },
      {
        "model": "wanjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2.16"
      },
      {
        "model": "sparc t3-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.1"
      },
      {
        "model": "beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "11"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "bigip global traffic manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "intuity audix lx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "opensolaris build snv 84",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "11.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux enterprise server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "p150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.5"
      },
      {
        "model": "communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.3.1"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1700"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "linux enterprise desktop sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "pfsense 1.2-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": null
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "big-ip wan optimization module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "bind p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.5.1"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.5"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "opensolaris build snv 22",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind 9.5.0a4",
        "scope": null,
        "trust": 0.3,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "opensolaris build snv 81",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bigip application security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.4"
      },
      {
        "model": "opensolaris build snv 103",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.6"
      },
      {
        "model": "communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.2"
      },
      {
        "model": "pfsense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "1.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.1.2"
      },
      {
        "model": "communication manager server definity server r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "pfsense 1.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": null
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "sparc enterprise m4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.10"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "bind 9.5.0-p2-w2",
        "scope": null,
        "trust": 0.3,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "opensolaris build snv 13",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "4.3"
      },
      {
        "model": "opensolaris build snv 91",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "bigip global traffic manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.1"
      },
      {
        "model": "opensolaris build snv 47",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "bind -p2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "opensolaris build snv 64",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "opensolaris build snv 101",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "communication manager server definity server r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux armel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.3.1"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "enterprise manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "linux lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1100"
      },
      {
        "model": "linux enterprise desktop sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "intuity audix lx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "9.4"
      },
      {
        "model": "communication manager server definity server r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "networks switched firewall series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "6400"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "opensolaris build snv 86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-0376"
      },
      {
        "db": "BID",
        "id": "33150"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-055"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5077"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8h",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-5077"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Google Security Team",
    "sources": [
      {
        "db": "BID",
        "id": "33150"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-055"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2008-5077",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-5077",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200901-055",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-055"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5077"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. F5\u0027s FirePass server is a powerful network device that can provide users with secure access to the company\u0027s network through any standard web browser. F5 FirePass products have unidentified security vulnerabilities, allowing malicious users to conduct fraud and forgery attacks. OpenSSL is prone to a signature-verification vulnerability. \nAn attacker would likely leverage this issue to conduct phishing attacks or impersonate legitimate sites.  Other attacks are also possible. \nReleases prior to OpenSSL 0.9.8j are affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-09:02.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          OpenSSL incorrectly checks for malformed signatures\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2009-01-07\nCredits:        Google Security Team\nAffects:        All FreeBSD releases\nCorrected:      2009-01-07 21:03:41 UTC (RELENG_7, 7.1-STABLE)\n                2009-01-07 20:17:55 UTC (RELENG_7_1, 7.1-RELEASE-p1)\n                2009-01-07 20:17:55 UTC (RELENG_7_0, 7.0-RELEASE-p8)\n                2009-01-07 20:17:55 UTC (RELENG_6, 6.4-STABLE)\n                2009-01-07 20:17:55 UTC (RELENG_6_4, 6.4-RELEASE-p2)\n                2009-01-07 20:17:55 UTC (RELENG_6_3, 6.3-RELEASE-p8)\nCVE Name:       CVE-2008-5077\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII.  Problem Description\n\nThe EVP_VerifyFinal() function from OpenSSL is used to determine if a\ndigital signature is valid.  This\nis only a problem for DSA and ECDSA keys. \n\nIII. Impact\n\nFor applications using OpenSSL for SSL connections, an invalid SSL\ncertificate may be interpreted as valid.  This could for example be\nused by an attacker to perform a man-in-the-middle attack. \n\nOther applications which use the OpenSSL EVP API may similarly be\naffected. \n\nIV.  Workaround\n\nFor a server an RSA signed certificate may be used instead of DSA or\nECDSA based certificate. \n\nNote that Mozilla Firefox does not use OpenSSL and thus is not\naffected.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the\nRELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch\ndated after the correction date. \n\n2) To patch your present system:\n\nThe following patches have been verified to apply to FreeBSD 6.3, 6.4,\n7.0, and 7.1 systems. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 7.x]\n# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch\n# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch.asc\n\n[FreeBSD 6.x]\n# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch\n# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# cd /usr/src/secure/lib/libssl\n# make obj \u0026\u0026 make depend \u0026\u0026 make \u0026\u0026 make install\n# cd /usr/src/secure/usr.bin/openssl\n# make obj \u0026\u0026 make depend \u0026\u0026 make \u0026\u0026 make install\n\nNOTE: On the amd64 platform, the above procedure will not update the\nlib32 (i386 compatibility) libraries.  On amd64 systems where the i386\ncompatibility libraries are used, the operating system should instead\nbe recompiled as described in\n\u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e\n\nVI.  Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nCVS:\n\nBranch                                                           Revision\n  Path\n- -------------------------------------------------------------------------\nRELENG_6\n  src/crypto/openssl/apps/speed.c                                1.13.2.1\n  src/crypto/openssl/apps/verify.c                           1.1.1.5.12.1\n  src/crypto/openssl/apps/x509.c                             1.1.1.10.2.1\n  src/crypto/openssl/apps/spkac.c                            1.1.1.4.12.1\n  src/crypto/openssl/ssl/s2_srvr.c                               1.12.2.1\n  src/crypto/openssl/ssl/s3_clnt.c                           1.1.1.12.2.1\n  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.14.2.2\n  src/crypto/openssl/ssl/s2_clnt.c                               1.13.2.2\nRELENG_6_4\n  src/UPDATING                                             1.416.2.40.2.5\n  src/sys/conf/newvers.sh                                   1.69.2.18.2.8\n  src/crypto/openssl/apps/speed.c                               1.13.12.1\n  src/crypto/openssl/apps/verify.c                           1.1.1.5.24.1\n  src/crypto/openssl/apps/x509.c                            1.1.1.10.12.1\n  src/crypto/openssl/apps/spkac.c                            1.1.1.4.24.1\n  src/crypto/openssl/ssl/s2_srvr.c                              1.12.12.1\n  src/crypto/openssl/ssl/s3_clnt.c                          1.1.1.12.12.1\n  src/crypto/openssl/ssl/s3_srvr.c                       1.1.1.14.2.1.6.1\n  src/crypto/openssl/ssl/s2_clnt.c                           1.13.2.1.6.1\nRELENG_6_3\n  src/UPDATING                                            1.416.2.37.2.13\n  src/sys/conf/newvers.sh                                  1.69.2.15.2.12\n  src/crypto/openssl/apps/speed.c                               1.13.10.1\n  src/crypto/openssl/apps/verify.c                           1.1.1.5.22.1\n  src/crypto/openssl/apps/x509.c                            1.1.1.10.10.1\n  src/crypto/openssl/apps/spkac.c                            1.1.1.4.22.1\n  src/crypto/openssl/ssl/s2_srvr.c                              1.12.10.1\n  src/crypto/openssl/ssl/s3_clnt.c                          1.1.1.12.10.1\n  src/crypto/openssl/ssl/s3_srvr.c                       1.1.1.14.2.1.4.1\n  src/crypto/openssl/ssl/s2_clnt.c                           1.13.2.1.4.1\nRELENG_7\n  src/crypto/openssl/apps/speed.c                                1.15.2.1\n  src/crypto/openssl/apps/verify.c                            1.1.1.6.2.1\n  src/crypto/openssl/apps/x509.c                             1.1.1.11.2.1\n  src/crypto/openssl/apps/spkac.c                             1.1.1.5.2.1\n  src/crypto/openssl/ssl/s2_srvr.c                               1.13.2.1\n  src/crypto/openssl/ssl/s3_clnt.c                           1.1.1.14.2.1\n  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.17.2.1\n  src/crypto/openssl/ssl/ssltest.c                           1.1.1.10.2.1\n  src/crypto/openssl/ssl/s2_clnt.c                               1.15.2.1\nRELENG_7_1\n  src/UPDATING                                             1.507.2.13.2.4\n  src/sys/conf/newvers.sh                                    1.72.2.9.2.5\n  src/crypto/openssl/apps/speed.c                                1.15.6.1\n  src/crypto/openssl/apps/verify.c                            1.1.1.6.6.1\n  src/crypto/openssl/apps/x509.c                             1.1.1.11.6.1\n  src/crypto/openssl/apps/spkac.c                             1.1.1.5.6.1\n  src/crypto/openssl/ssl/s2_srvr.c                               1.13.6.1\n  src/crypto/openssl/ssl/s3_clnt.c                           1.1.1.14.6.1\n  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.17.6.1\n  src/crypto/openssl/ssl/ssltest.c                           1.1.1.10.6.1\n  src/crypto/openssl/ssl/s2_clnt.c                               1.15.6.1\nRELENG_7_0\n  src/UPDATING                                             1.507.2.3.2.12\n  src/sys/conf/newvers.sh                                   1.72.2.5.2.12\n  src/crypto/openssl/apps/speed.c                                1.15.4.1\n  src/crypto/openssl/apps/verify.c                            1.1.1.6.4.1\n  src/crypto/openssl/apps/x509.c                             1.1.1.11.4.1\n  src/crypto/openssl/apps/spkac.c                             1.1.1.5.4.1\n  src/crypto/openssl/ssl/s2_srvr.c                               1.13.4.1\n  src/crypto/openssl/ssl/s3_clnt.c                           1.1.1.14.4.1\n  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.17.4.1\n  src/crypto/openssl/ssl/ssltest.c                           1.1.1.10.4.1\n  src/crypto/openssl/ssl/s2_clnt.c                               1.15.4.1\n- -------------------------------------------------------------------------\n\nSubversion:\n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/6/                                                         r186873\nreleng/6.4/                                                       r186872\nreleng/6.3/                                                       r186872\nstable/7/                                                         r186872\nreleng/7.1/                                                       r186872\nreleng/7.0/                                                       r186872\n- -------------------------------------------------------------------------\n\nVII. \n\nRelease Date: 2009-05-14\nLast Updated: 2009-05-14\n\nPotential Security Impact: Remote cross site scripting (XSS), unauthorized access \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows running PHP and OpenSSL. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS) and unauthorized access. \n\nReferences: CVE-2008-5077, CVE-2008-5814\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) before v3.0.1.73 running on Linux and Windows 2003, 2008. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics \n===============================================\nReference                         Base Vector               Base Score \nCVE-2008-5077     (AV:N/AC:L/Au:N/C:P/I:N/A:N)      5.0\nCVE-2008-5814     (AV:N/AC:H/Au:N/C:N/I:P/A:N)      2.6\n===============================================\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n \nRESOLUTION\n\nHP has provided System Management Homepage (SMH) v3.0.1.73 or subsequent to resolve these vulnerabilities. \nSMH vv3.0.1.73 is available from the following web sites:\n\nHP System Management Homepage for Linux (x86) v3.0.1.73) can be downloaded from \nhttp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-b35b8e125d17427fa8a74e9ef6 \n \nHP System Management Homepage for Linux (AMD64/EM64T) v3.0.1.73 can be downloaded from \nhttp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-d7bcce2dc82d43daaec308eb40 \n \nHP System Management Homepage for Windows v3.0.1.73 can be downloaded from \nhttp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-8300d57bb5424791b0e61652e8 \n \n\nPRODUCT SPECIFIC INFORMATION \nNone \n\nHISTORY \nVersion:1 (rev.1) - 14 May 2009 Initial Release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2009-0004\nSynopsis:          ESX Service Console updates for openssl, bind, and\n                   vim\nIssue date:        2009-03-31\nUpdated on:        2009-03-31 (initial release of advisory)\nCVE numbers:       CVE-2008-5077 CVE-2009-0025 CVE-2008-4101\n                   CVE-2008-3432 CVE-2008-2712 CVE-2007-2953\n- ------------------------------------------------------------------------\n\n1. Summary\n\n   ESX patches for OpenSSL, vim and bind resolve several security\n   issues. \n\n2. Relevant releases\n\n   VMware ESX 3.0.3 without patches ESX303-200903406-SG,\n                                    ESX303-200903405-SG,\n                                    ESX303-200903403-SG\n\n   VMware ESX 3.0.2 without patches ESX-1008409, ESX-1008408,\n                                    ESX-1008406\n\n   Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. \n   Users should plan to upgrade to ESX 3.0.3 and preferably to\n   the newest release available. \n\n3. Problem Description\n\n a. Updated OpenSSL package for the Service Console fixes a\n    security issue. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2008-5077 to this issue. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    VirtualCenter  any       Windows  not affected\n\n    hosted *       any       any      not affected\n\n    ESXi           3.5       ESXi     not affected\n\n    ESX            3.5       ESX      affected, patch pending\n    ESX            3.0.3     ESX      ESX303-200903406-SG\n    ESX            3.0.2     ESX      ESX-1008409\n    ESX            2.5.5     ESX      affected, patch pending\n\n  * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n b. Update bind package for the Service Console fixes a security issue. \n\n    A flaw was discovered in the way Berkeley Internet Name Domain\n    (BIND) checked the return value of the OpenSSL DSA_do_verify\n    function. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2009-0025 to this issue. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    VirtualCenter  any       Windows  not affected\n\n    hosted *       any       any      not affected\n\n    ESXi           3.5       ESXi     not affected\n\n    ESX            3.5       ESX      affected, patch pending\n    ESX            3.0.3     ESX      ESX303-200903405-SG\n    ESX            3.0.2     ESX      ESX-1008408\n    ESX            2.5.5     ESX      affected, patch pending\n\n  * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n c. Updated vim package for the Service Console addresses several\n    security issues. \n\n    Several input flaws were found in Visual editor IMproved\u0027s (Vim)\n    keyword and tag handling. If Vim looked up a document\u0027s maliciously\n    crafted tag or keyword, it was possible to execute arbitrary code as\n    the user running Vim. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2008-4101 to this issue. \n\n    A heap-based overflow flaw was discovered in Vim\u0027s expansion of file\n    name patterns with shell wildcards. An attacker could create a\n    specially crafted file or directory name, when opened by Vim causes\n    the application to stop responding or execute arbitrary code. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2008-3432 to this issue. \n\n    Several input flaws were found in various Vim system functions. If a\n    user opened a specially crafted file, it was possible to execute\n    arbitrary code as the user running Vim. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2008-2712 to this issue. \n\n    A format string flaw was discovered in Vim\u0027s help tag processor. If\n    a user was tricked into executing the \"helptags\" command on\n    malicious data, arbitrary code could be executed with the\n    permissions of the user running VIM. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2007-2953 to this issue. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    VirtualCenter  any       Windows  not affected\n\n    hosted *       any       any      not affected\n\n    ESXi           3.5       ESXi     not affected\n\n    ESX            3.5       ESX      affected, patch pending\n    ESX            3.0.3     ESX      ESX303-200903403-SG\n    ESX            3.0.2     ESX      ESX-1008406\n    ESX            2.5.5     ESX      affected, patch pending\n\n  * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n4. Solution\n\n   Please review the patch/release notes for your product and version\n   and verify the md5sum of your downloaded file. \n\n   ESX\n   ---\n   ESX 3.0.2 ESX-1008409 (openssl)\n   http://download3.vmware.com/software/vi/ESX-1008409.tgz\n   md5sum: cb25fd47bc0713b968d8778c033bc846\n   http://kb.vmware.com/kb/1008409\n\n   ESX 3.0.2 ESX-1008408 (bind)\n   http://download3.vmware.com/software/vi/ESX-1008408.tgz\n   md5sum: b6bd9193892a9c89b9b7a1e0456d2a9a\n   http://kb.vmware.com/kb/1008408\n\n   ESX 3.0.2 ESX-1008406 (vim)\n   http://download3.vmware.com/software/vi/ESX-1008406.tgz\n   md5sum: f069daa58190b39e431cedbd26ce25ef\n   http://kb.vmware.com/kb/1008406\n\n   ESX 3.0.3 ESX303-200903406-SG (openssl)\n   http://download3.vmware.com/software/vi/ESX303-200903406-SG.zip\n   md5sum: 45a2d32f9267deb5e743366c38652c92\n   http://kb.vmware.com/kb/1008416\n\n   ESX 3.0.3 ESX303-200903405-SG (bind)\n   http://download3.vmware.com/software/vi/ESX303-200903405-SG.zip\n   md5sum: 34d00fd9cca7f3e08c0857b4cc254710\n   http://kb.vmware.com/kb/1008415\n\n   ESX 3.0.3 ESX303-200903403-SG (vim)\n   http://download3.vmware.com/software/vi/ESX303-200903403-SG.zip\n   md5sum: 9790c9512aef18beaf0d1c7d405bed1a\n   http://kb.vmware.com/kb/1008413\n\n5. References\n\n   CVE numbers\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3432\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-03-31  VMSA-2009-0004\nInitial security advisory after release of patches for ESX 3.0.2 and\n3.0.3 on 2009-03-31. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n  * security-announce at lists.vmware.com\n  * bugtraq at securityfocus.com\n  * full-disclosure at lists.grok.org.uk\n\nE-mail:  security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2009 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (MingW32)\n\niD8DBQFJ0tgoS2KysvBH1xkRAiAbAJ4uG0NGavdQLzfxFyXnrxBQLqHl1QCdEf4q\nLA8+0sLvaS37smj8BQPdm0g=\n=ZVXY\n-----END PGP SIGNATURE-----\n. \n\nThis bug allows a malformed signature to be treated as a good signature\nrather than as an error. \n\nA patch fixing the issue with proper return code checking and further\nimportant recommendations are described in the original OpenSSL Team\nadvisory. \n\nAt the request of the OpenSSL team, oCERT has aided in the remediation\ncoordination for other projects with similar API misuse vulnerabilities. \nIn addition to EVP_VerifyFinal, the return codes from DSA_verify and\nDSA_do_verify functions were being incorrectly validated, and packages\ndoing so are affected in a similar fashion as OpenSSL. \n\nNTP \u003c= 4.2.4p5 (production), \u003c= 4.2.5p150 (development)\n\nSun GridEngine \u003c= 5.3\n\nGale \u003c= 0.99\n\nOpenEvidence \u003c= 1.0.6\n\nBelgian eID middleware - eidlib \u003c= 2.6.0 [2]\n\nFreedom Network Server \u003c= 2.x\n\nThe following packages were identified as affected by a vulnerability\nsimilar to the OpenSSL one, as they use OpenSSL DSA_verify function and\nincorrectly check the return code. \n\nBIND \u003c= 9.4.3\n\nLasso \u003c= 2.2.1\n\nZXID \u003c= 0.29\n\n1 - use of OpenSSL as an SSL/TLS client when connecting to a server whose\ncertificate uses an RSA key is NOT affected. Verification of client\ncertificates by OpenSSL servers for any key type is NOT affected. \n\n2 - Belgian eID middleware latest versions are not available in source\nform, therefore we cannot confirm if they are affected\n\n\nFixed version:\n\nOpenSSL \u003e= 0.9.8j\n\nNTP \u003e= 4.2.4p6 (production), \u003e= 4.2.5p153 (development)\n\nSun GridEngine \u003e= 6.0\n\nGale N/A\n\nOpenEvidence N/A\n\nBelgian eID middleware - eidlib N/A\n\nFreedom Network Server N/A\n\nBIND \u003e= 9.3.6-P1, 9.4.3-P1, 9.5.1-P1, 9.6.0-P1\n\nLasso \u003e= 2.2.2\n\nZXID N/A\n\n\nCredit: Google Security Team (for the original OpenSSL issue). \n\n\nCVE: CVE-2008-5077 (OpenSSL),\n        CVE-2009-0021 (NTP),\n        CVE-2009-0025 (BIND)\n\n\nTimeline:\n2008-12-16: OpenSSL Security Team requests coordination aid from oCERT\n2008-12-16: oCERT investigates packages affected by similar issues\n2008-12-16: contacted affected vendors\n2008-12-17: investigation expanded to DSA verification\n2008-12-17: BIND, Lasso and ZXID added to affected packages\n2008-12-18: contacted additional affected vendors\n2009-01-05: status updates and patch dissemination to affected vendors\n2009-01-05: confirmation from BIND of issue and fix\n2009-01-06: requested CVE assignment for BIND\n2009-01-07: advisory published\n\n\nReferences:\nhttp://openssl.org/news/secadv_20090107.txt\n\n\nLinks:\nhttp://openssl.org/\nhttp://www.ntp.org/\nhttp://gridengine.sunsource.net/\nhttp://gale.org/\nhttp://www.openevidence.org/\nhttp://eid.belgium.be/\nhttp://www.google.com/codesearch/p?#1vGzyQX--LU/achilles/remailer/zero-knowledge/freedomserver-2.x.tgz/\nhttps://www.isc.org/products/BIND\nhttp://lasso.entrouvert.org/\nhttp://www.zxid.org/\n\n\nPermalink:\nhttp://www.ocert.org/advisories/ocert-2008-016.html\n\n\n--\nWill Drewry \u003credpig@ocert.org\u003e\noCERT Team :: http://ocert.org\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n 6585e08eab279e6a249630385683bf43  2008.0/i586/libopenssl0.9.8-0.9.8e-8.2mdv2008.0.i586.rpm\n b5955c2c0a2cc24abd9f5f3ebc7d0148  2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.2mdv2008.0.i586.rpm\n 7c92323d7aa583b936ef908f3f6ac867  2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.i586.rpm\n 2b791168311c3ecba4f8b7acd24e64ab  2008.0/i586/openssl-0.9.8e-8.2mdv2008.0.i586.rpm \n cf51c48e4c05ac5357f6076fbaeff0a5  2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 6259ac00622227eee59f888bc516bc3a  2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.2mdv2008.0.x86_64.rpm\n fe745327c1bbb599e025a5b90bb05817  2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm\n bdb7113b06aab0c4d77cbf86bcf208c2  2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm\n d4fda198a80b88c7caaf947af0866df8  2008.0/x86_64/openssl-0.9.8e-8.2mdv2008.0.x86_64.rpm \n cf51c48e4c05ac5357f6076fbaeff0a5  2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.1:\n 4a0be98cd3fb82a22e3836c5ae81ed37  2008.1/i586/libopenssl0.9.8-0.9.8g-4.2mdv2008.1.i586.rpm\n 277058ecc1d26d24bf4da5ea27d4a31f  2008.1/i586/libopenssl0.9.8-devel-0.9.8g-4.2mdv2008.1.i586.rpm\n 29b08a5a233f1987c4ca98aaa4e97ac5  2008.1/i586/libopenssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.i586.rpm\n e47be879abc0c089a8f380469a6a62c8  2008.1/i586/openssl-0.9.8g-4.2mdv2008.1.i586.rpm \n 7395d0e10c1938be16261baba05da55c  2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm\n\n Mandriva Linux 2008.1/X86_64:\n 71a69804b928a9f7856f65fee332c5ab  2008.1/x86_64/lib64openssl0.9.8-0.9.8g-4.2mdv2008.1.x86_64.rpm\n e9c5d1d4895a5a679945bde62df6f988  2008.1/x86_64/lib64openssl0.9.8-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm\n 7f2d66839f93e2083dcd1b1f27ca4ddf  2008.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm\n 40408ffdf13faa6c79b28c764bb88b22  2008.1/x86_64/openssl-0.9.8g-4.2mdv2008.1.x86_64.rpm \n 7395d0e10c1938be16261baba05da55c  2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm\n\n Mandriva Linux 2009.0:\n 2512f6a41e9a8e7bcff53e5737029689  2009.0/i586/libopenssl0.9.8-0.9.8h-3.1mdv2009.0.i586.rpm\n d7774faaed2866da5bb05cbcf07604da  2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.1mdv2009.0.i586.rpm\n ed99160bdf1ce33fa81dc47c71915318  2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.i586.rpm\n 6116fafed014596ee1e6ec43db93133f  2009.0/i586/openssl-0.9.8h-3.1mdv2009.0.i586.rpm \n 8ad6b0d8aff3bb992d716668450aef3a  2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n d2cc04fc0bdaeea8e4cc5d7ab4e997fd  2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.1mdv2009.0.x86_64.rpm\n b537da3113c75f87c4fa8d66be2d6797  2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm\n ef9add2bec302b324b9c0690cf79b57c  2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm\n 16b8c11f4d6dedf2e4176bfc55607c15  2009.0/x86_64/openssl-0.9.8h-3.1mdv2009.0.x86_64.rpm \n 8ad6b0d8aff3bb992d716668450aef3a  2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm\n\n Corporate 3.0:\n 5e8f4b7c1e646d0e16af2d83238a011b  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm\n 5115d911b9a6842fd0c3495429c7c2f2  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.9.C30mdk.i586.rpm\n b934b4f9686deef6cb1eba750ab36288  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.i586.rpm\n 11ec8a4df261d4d4fa9957d33be08604  corporate/3.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm \n dcd1a4feb1a04302c54465dce7c7c506  corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 64521521330df90b42c9c37cafe50b54  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.9.C30mdk.x86_64.rpm\n 3a85c30c0511e42ec76c80e08efe5192  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.9.C30mdk.x86_64.rpm\n 12af66f30c5022d8d29b57a9131458c3  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.x86_64.rpm\n 62f5c54be99ddc9458670ae04b24d3f0  corporate/3.0/x86_64/openssl-0.9.7c-3.9.C30mdk.x86_64.rpm \n dcd1a4feb1a04302c54465dce7c7c506  corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm\n\n Corporate 4.0:\n 60c64d9ead2b01fb39058a705fcb95dc  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.7.20060mlcs4.i586.rpm\n fb4d5555c211b375707bf7d194e74776  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.i586.rpm\n c13ff967b4310e5a790e85595f940b7e  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.i586.rpm\n e9a96a389c00ee674d689e3747c3e501  corporate/4.0/i586/openssl-0.9.7g-2.7.20060mlcs4.i586.rpm \n 4df38ebd98b467bdee0d4a24d3b0158f  corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n de71d0bbc98589afdf03b7a99aad7103  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.7.20060mlcs4.x86_64.rpm\n 0c330148b55987e50f491c7e4d3b65a5  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm\n ce64720b2685fada3e88a5725c43b532  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm\n 29f0f40602184d7f366e1d1d8e5c03e4  corporate/4.0/x86_64/openssl-0.9.7g-2.7.20060mlcs4.x86_64.rpm \n 4df38ebd98b467bdee0d4a24d3b0158f  corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 74a4beac1c01f9fd888dd5eea356f7be  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm\n c809a08f26051c7a3931ccda00c94429  mnf/2.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm \n 8ae9f7004b77dca2317980ba4215dc92  mnf/2.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFJZqIYmqjQ0CJFipgRAqRNAKDNNvWgsIk0/eh5f8539zOJ7dtnnQCeJezP\nZE8i9Ju80WcdhXe9yIoPevE=\n=9n1t\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nHP SSL v1.3 for OpenVMS Alpha (v 8.2 or higher) and Integrity (v 8.2-1 or higher)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-5077"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-0376"
      },
      {
        "db": "BID",
        "id": "33150"
      },
      {
        "db": "PACKETSTORM",
        "id": "73670"
      },
      {
        "db": "PACKETSTORM",
        "id": "77647"
      },
      {
        "db": "PACKETSTORM",
        "id": "76261"
      },
      {
        "db": "PACKETSTORM",
        "id": "73658"
      },
      {
        "db": "PACKETSTORM",
        "id": "73698"
      },
      {
        "db": "PACKETSTORM",
        "id": "90746"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-5077",
        "trust": 3.1
      },
      {
        "db": "OCERT",
        "id": "OCERT-2008-016",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "33150",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "35108",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "39005",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "33338",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "33557",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "33673",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "33394",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "33436",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "34211",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "35074",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "33765",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA09-133A",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-0289",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-0362",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-0913",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1297",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-0558",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-0904",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-0040",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1338",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1021523",
        "trust": 1.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-0376",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-24443",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-055",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "73670",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "77647",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "76261",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "73658",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "73698",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "90746",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-0376"
      },
      {
        "db": "BID",
        "id": "33150"
      },
      {
        "db": "PACKETSTORM",
        "id": "73670"
      },
      {
        "db": "PACKETSTORM",
        "id": "77647"
      },
      {
        "db": "PACKETSTORM",
        "id": "76261"
      },
      {
        "db": "PACKETSTORM",
        "id": "73658"
      },
      {
        "db": "PACKETSTORM",
        "id": "73698"
      },
      {
        "db": "PACKETSTORM",
        "id": "90746"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-055"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5077"
      }
    ]
  },
  "id": "VAR-200901-0714",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-0376"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-0376"
      }
    ]
  },
  "last_update_date": "2024-07-23T20:15:05.042000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "F5 FirePass OpenSSL \\\"EVP_VerifyFinal()\\\" Spoofing Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/230"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-0376"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-5077"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.4,
        "url": "http://www.ocert.org/advisories/ocert-2008-016.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.nortel.com/go/main.jsp?cscat=bltndetail\u0026id=837653"
      },
      {
        "trust": 1.3,
        "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2009-038.htm"
      },
      {
        "trust": 1.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.openssl.org/news/secadv_20090107.txt"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2009/may/msg00002.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=123859864430555\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=124277349419254\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/33338"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/33394"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/33436"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/33557"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/33673"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/33765"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/34211"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/35074"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/35108"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/39005"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200902-02.xml"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.544796"
      },
      {
        "trust": 1.0,
        "url": "http://support.apple.com/kb/ht3549"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2009-0004.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/33150"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id?1021523"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta09-133a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2009-0004.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2009/0040"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2009/0289"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2009/0362"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2009/0558"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2009/0904"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2009/0913"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2009/1297"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2009/1338"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6380"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9155"
      },
      {
        "trust": 1.0,
        "url": "https://usn.ubuntu.com/704-1/"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/502322/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5077"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/solutions/len-24443"
      },
      {
        "trust": 0.3,
        "url": "http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_615_en.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.openbsd.org/errata43.html#007_openssl"
      },
      {
        "trust": 0.3,
        "url": "http://eid.belgium.be"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=kb76646"
      },
      {
        "trust": 0.3,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_openssl_vulnerabilities_in_sun"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_network_time"
      },
      {
        "trust": 0.3,
        "url": "http://blog.pfsense.org/?p=351"
      },
      {
        "trust": 0.3,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=654656"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote.php?ver=471"
      },
      {
        "trust": 0.3,
        "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479650"
      },
      {
        "trust": 0.3,
        "url": "http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_516_en.pdf"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/499827"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/499855"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/11000/500/sol11503.html?sr=10949137"
      },
      {
        "trust": 0.3,
        "url": "http://www.openbsd.org/errata44.html#007_openssl"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2009-057.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2009-116.htm"
      },
      {
        "trust": 0.3,
        "url": "https://www.isc.org/node/373"
      },
      {
        "trust": 0.3,
        "url": "https://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c01743291"
      },
      {
        "trust": 0.3,
        "url": "http://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02227287\u0026admit=109447627+1276778491548+28353475"
      },
      {
        "trust": 0.3,
        "url": "http://www.mail-archive.com/openssl-users@openssl.org/msg55534.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2009-0046.html"
      },
      {
        "trust": 0.3,
        "url": "https://support.f5.com/kb/en-us/solutions/public/9000/700/sol9762.html"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5077"
      },
      {
        "trust": 0.2,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-09:02.openssl.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-09:02/openssl6.patch"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-09:02/openssl.patch"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.freebsd.org/handbook/makeworld.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-09:02/openssl.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-09:02/openssl6.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-8300d57bb5424791b0e61652e8"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-b35b8e125d17427fa8a74e9ef6"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-d7bcce2dc82d43daaec308eb40"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5814"
      },
      {
        "trust": 0.1,
        "url": "http://download3.vmware.com/software/vi/esx-1008408.tgz"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0025"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1008409"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1008413"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2712"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2712"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4101"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1008415"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3432"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1008416"
      },
      {
        "trust": 0.1,
        "url": "http://download3.vmware.com/software/vi/esx303-200903403-sg.zip"
      },
      {
        "trust": 0.1,
        "url": "http://download3.vmware.com/software/vi/esx303-200903406-sg.zip"
      },
      {
        "trust": 0.1,
        "url": "http://download3.vmware.com/software/vi/esx303-200903405-sg.zip"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1008408"
      },
      {
        "trust": 0.1,
        "url": "http://download3.vmware.com/software/vi/esx-1008409.tgz"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4101"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1008406"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3432"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0025"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2953"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2953"
      },
      {
        "trust": 0.1,
        "url": "http://download3.vmware.com/software/vi/esx-1008406.tgz"
      },
      {
        "trust": 0.1,
        "url": "http://gridengine.sunsource.net/"
      },
      {
        "trust": 0.1,
        "url": "https://www.isc.org/products/bind"
      },
      {
        "trust": 0.1,
        "url": "http://www.openevidence.org/"
      },
      {
        "trust": 0.1,
        "url": "http://eid.belgium.be/"
      },
      {
        "trust": 0.1,
        "url": "http://ocert.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0021"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0025"
      },
      {
        "trust": 0.1,
        "url": "http://gale.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.zxid.org/"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20090107.txt"
      },
      {
        "trust": 0.1,
        "url": "http://lasso.entrouvert.org/"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.google.com/codesearch/p?#1vgzyqx--lu/achilles/remailer/zero-knowledge/freedomserver-2.x.tgz/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ntp.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0789"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0591"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0590"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-0376"
      },
      {
        "db": "BID",
        "id": "33150"
      },
      {
        "db": "PACKETSTORM",
        "id": "73670"
      },
      {
        "db": "PACKETSTORM",
        "id": "77647"
      },
      {
        "db": "PACKETSTORM",
        "id": "76261"
      },
      {
        "db": "PACKETSTORM",
        "id": "73658"
      },
      {
        "db": "PACKETSTORM",
        "id": "73698"
      },
      {
        "db": "PACKETSTORM",
        "id": "90746"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-055"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5077"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-0376"
      },
      {
        "db": "BID",
        "id": "33150"
      },
      {
        "db": "PACKETSTORM",
        "id": "73670"
      },
      {
        "db": "PACKETSTORM",
        "id": "77647"
      },
      {
        "db": "PACKETSTORM",
        "id": "76261"
      },
      {
        "db": "PACKETSTORM",
        "id": "73658"
      },
      {
        "db": "PACKETSTORM",
        "id": "73698"
      },
      {
        "db": "PACKETSTORM",
        "id": "90746"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-055"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5077"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-03-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2010-0376"
      },
      {
        "date": "2009-01-07T00:00:00",
        "db": "BID",
        "id": "33150"
      },
      {
        "date": "2009-01-07T22:43:21",
        "db": "PACKETSTORM",
        "id": "73670"
      },
      {
        "date": "2009-05-19T23:02:50",
        "db": "PACKETSTORM",
        "id": "77647"
      },
      {
        "date": "2009-04-01T22:24:06",
        "db": "PACKETSTORM",
        "id": "76261"
      },
      {
        "date": "2009-01-07T20:17:20",
        "db": "PACKETSTORM",
        "id": "73658"
      },
      {
        "date": "2009-01-09T20:52:12",
        "db": "PACKETSTORM",
        "id": "73698"
      },
      {
        "date": "2010-06-18T02:05:35",
        "db": "PACKETSTORM",
        "id": "90746"
      },
      {
        "date": "2009-01-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200901-055"
      },
      {
        "date": "2009-01-07T17:30:00.327000",
        "db": "NVD",
        "id": "CVE-2008-5077"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-03-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2010-0376"
      },
      {
        "date": "2015-04-13T22:13:00",
        "db": "BID",
        "id": "33150"
      },
      {
        "date": "2022-03-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200901-055"
      },
      {
        "date": "2018-10-11T20:53:40.550000",
        "db": "NVD",
        "id": "CVE-2008-5077"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "76261"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-055"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "F5 FirePass OpenSSL has an unknown vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-0376"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-055"
      }
    ],
    "trust": 0.6
  }
}

var-200411-0173
Vulnerability from variot

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. This vulnerability was addressed in OpenSSL 0.9.6d and 0.9.7. The vulnerability is OpenSSL Applications and systems that use the library may also be affected. For more detailed information about other systems NISCC-224012 (JVN) , NISCC Advisory 224012 (CPNI Advisory 00389) Please check also.OpenSSL An application that uses the service disrupts service operation (DoS) It may be in a state. For the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. The CVE candidate name for this vulnerability is CAN-2004-0079. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. The second issue is also exploited during the SSL/TLS handshake, but only when Kerberos ciphersuites are in use. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. The CVE candidate name for this vulnerability is CAN-2004-0112. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected. This entry will be retired when individual BID records are created for each issue. *Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. The CVE candidate name for this vulnerability is CAN-2004-0081. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. Oracle has released a Critical Patch Update to address these issues in various supported applications and platforms. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. This BID will be divided and updated into separate BIDs when more information is available. An attacker could exploit these vulnerabilities to take complete control of an affected database.

TITLE: Fedora update for openssl096b

SECUNIA ADVISORY ID: SA17381

VERIFY ADVISORY: http://secunia.com/advisories/17381/

CRITICAL: Moderately critical

IMPACT: DoS

WHERE:

From remote

OPERATING SYSTEM: Fedora Core 3 http://secunia.com/product/4222/

DESCRIPTION: Fedora has issued an update for openssl096b. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

For more information: SA10133 SA11139

SOLUTION: Apply updated packages.

Fedora Core 3: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

8d68e4b430aa7c5ca067c12866ae694e SRPMS/openssl096b-0.9.6b-21.42.src.rpm 54a9e78a2fdd625b9dc9121e09eb4398 x86_64/openssl096b-0.9.6b-21.42.x86_64.rpm c5c6174e23eba8d038889d08f49231b8 x86_64/debug/openssl096b-debuginfo-0.9.6b-21.42.x86_64.rpm 56b63fc150d0c099b2e4f0950e21005b x86_64/openssl096b-0.9.6b-21.42.i386.rpm 56b63fc150d0c099b2e4f0950e21005b i386/openssl096b-0.9.6b-21.42.i386.rpm 93195495585c7e9789041c75b1ed5380 i386/debug/openssl096b-debuginfo-0.9.6b-21.42.i386.rpm

OTHER REFERENCES: SA10133: http://secunia.com/advisories/10133/

SA11139: http://secunia.com/advisories/11139/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200411-0173",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "propack",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "sgi",
        "version": "2.4"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "sgi",
        "version": "2.3"
      },
      {
        "model": "sg5",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "avaya",
        "version": "4.4"
      },
      {
        "model": "sg5",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "avaya",
        "version": "4.3"
      },
      {
        "model": "sg5",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "sg208",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "avaya",
        "version": "4.4"
      },
      {
        "model": "sg203",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "avaya",
        "version": "4.31.29"
      },
      {
        "model": "sg203",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "avaya",
        "version": "4.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "gsx server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "2.5.1"
      },
      {
        "model": "gsx server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.9"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.7"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.7.2"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.2.4"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.2.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.9"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.6"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.5"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.4"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.7.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.7.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.6.3"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.6.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.5.18"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "1.5.17"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.5.2"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "openbsd",
        "version": "3.4"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "openbsd",
        "version": "3.3"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "2.0"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "1.5"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.7"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.6.2"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.5.27"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.5"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.0"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "hp",
        "version": "11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "apache-based web server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "hp",
        "version": "2.0.43.04"
      },
      {
        "model": "apache-based web server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "hp",
        "version": "2.0.43.00"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "6.10"
      },
      {
        "model": "secure content accelerator",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "okena stormwatch",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "1.1.3"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "1.1.2"
      },
      {
        "model": "css secure content accelerator",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "css secure content accelerator",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "sg200",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.31.29"
      },
      {
        "model": "sg200",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.3.1"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.3"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.2.4"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.2.3"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.2.2"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.2.1"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.2"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "4.0"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.0.03"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "neoteris",
        "version": "3.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "10000_r2.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.3_rc3"
      },
      {
        "model": "provider-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "4.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2.2_.111"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.1_0.1.02"
      },
      {
        "model": "wbem",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "a.02.00.00"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "2000_r2.0.1"
      },
      {
        "model": "stonebeat fullcluster",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "stonesoft",
        "version": "1_3.0"
      },
      {
        "model": "bsafe ssl-j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "3.0.1"
      },
      {
        "model": "s8300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(3\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(1\\)"
      },
      {
        "model": "application and content networking software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "css11000 content services switch",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "bluecoat",
        "version": "*"
      },
      {
        "model": "wbem",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "a.01.05.08"
      },
      {
        "model": "cacheos ca sa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "bluecoat",
        "version": "4.1.10"
      },
      {
        "model": "firewall-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp0"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "8.5.12a"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.0.02"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11b\\)e"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3\\(1\\)"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.2.1"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(3\\)"
      },
      {
        "model": "sg208",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "*"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3\\(3.109\\)"
      },
      {
        "model": "clientless vpn gateway 4400",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "5.0"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(4.101\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(1\\)"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "neoteris",
        "version": "3.3"
      },
      {
        "model": "intuity audix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "*"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "100_r2.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "neoteris",
        "version": "3.3.1"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.1"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.10_.0.06s"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "s8700",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.0"
      },
      {
        "model": "gsx server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "3.0_build_7592"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.0.01"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tarantella",
        "version": "3.30"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.2.2"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(3\\)"
      },
      {
        "model": "stonebeat fullcluster",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "stonesoft",
        "version": "1_2.0"
      },
      {
        "model": "gsx server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "2.0.1_build_2129"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "intuity audix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "s3210"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "neoteris",
        "version": "3.0"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.2_0.0.03"
      },
      {
        "model": "content services switch 11500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(2\\)"
      },
      {
        "model": "crypto accelerator 4000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.0"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "8.05"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "intuity audix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "5.1.46"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "500"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3\\(2\\)"
      },
      {
        "model": "gsx server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "2.5.1_build_5336"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.0"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.3.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "vpn-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp0"
      },
      {
        "model": "bsafe ssl-j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "3.0"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.0.04"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11b\\)e12"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11\\)e"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(19\\)e1"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "aaa server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "gss 4480 global site selector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "5000_r2.0.1"
      },
      {
        "model": "s8300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.1"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.1_\\(0.208\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11b\\)e14"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.3_rc1"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.1"
      },
      {
        "model": "firewall-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.2za"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.3_rc2"
      },
      {
        "model": "wbem",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "a.02.00.01"
      },
      {
        "model": "bsafe ssl-j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "3.1"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.0.2"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.2_rc1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "cacheos ca sa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "bluecoat",
        "version": "4.1.12"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.0.3"
      },
      {
        "model": "openserver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sco",
        "version": "5.0.7"
      },
      {
        "model": "firewall-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "*"
      },
      {
        "model": "firewall-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp1"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "11.00"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(4\\)"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "7500_r2.0.1"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tarantella",
        "version": "3.40"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "5x"
      },
      {
        "model": "stonebeat fullcluster",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.1_\\(3.005\\)"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.3"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(5\\)"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.10_b4"
      },
      {
        "model": "s8700",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.2\\(14\\)sy"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3\\(3.102\\)"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.1.1"
      },
      {
        "model": "firewall-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "2.0"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tarantella",
        "version": "3.20"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(1\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "neoteris",
        "version": "3.1"
      },
      {
        "model": "access registrar",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(3.100\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.2\\(14\\)sy1"
      },
      {
        "model": "gss 4490 global site selector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "stonebeat fullcluster",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)e9"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.2sy"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "0.9.6b-3"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "model": "speed technologies litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lite",
        "version": "1.2_rc2"
      },
      {
        "model": "stonebeat fullcluster",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "intuity audix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "s3400"
      },
      {
        "model": "mds 9000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.1.02"
      },
      {
        "model": "threat response",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "0.9.6-15"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "vpn-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp1"
      },
      {
        "model": "vpn-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "vsx_ng_with_application_intelligence"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "vpn-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(2\\)"
      },
      {
        "model": "openserver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sco",
        "version": "5.0.6"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.1_0.2.06"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(2\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "0.9.7a-2"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(4\\)"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "guardian digital",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "netscreen",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": "vine linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vine linux",
        "version": "2.5"
      },
      {
        "model": "vine linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vine linux",
        "version": "2.6"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "crypto accelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "1000 v1.0"
      },
      {
        "model": "crypto accelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "1000 v1.1"
      },
      {
        "model": "crypto accelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "4000 v1.0"
      },
      {
        "model": "crypto accelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "500"
      },
      {
        "model": "netscreen idp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "2.0 - 2.1r6"
      },
      {
        "model": "netscreen ive",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "turbolinux advanced server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.1"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.5"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.0"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "firewall-1 gx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "v2.0"
      },
      {
        "model": "provider-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "ng and later"
      },
      {
        "model": "vpn-1/firewall-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "ng and later"
      },
      {
        "model": "vpn-1/firewall-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "vsx ng with application intelligence"
      },
      {
        "model": "trendmicro interscan viruswall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "3.81"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.00"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "hp-ux aaa server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "a.06.01.02.04"
      },
      {
        "model": "hp-ux aaa server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "a.06.01.02.06"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "9"
      },
      {
        "model": "ipcom series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "( for details"
      },
      {
        "model": "ipcom series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "check the information provided by the vendor. )"
      },
      {
        "model": "netshelter series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "( for details"
      },
      {
        "model": "netshelter series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "check the information provided by the vendor. )"
      },
      {
        "model": "netwatcher",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "( sensor device )"
      },
      {
        "model": "primergy sslaccelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "7110"
      },
      {
        "model": "primergy sslaccelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "7115"
      },
      {
        "model": "primergy sslaccelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "7117"
      },
      {
        "model": "ios 12.1 e",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sg208",
        "scope": null,
        "trust": 0.6,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "gsx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.07592"
      },
      {
        "model": "gsx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.15336"
      },
      {
        "model": "gsx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.12129"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.40"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.30"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.200"
      },
      {
        "model": "clientless vpn gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "44005.0"
      },
      {
        "model": "crypto accelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "40001.0"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat fullcluster for isa server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "stonebeat fullcluster for gauntlet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.24"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.23"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.22"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.1.02"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.1"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.0.04"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.0.03"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.0.02"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.0.01"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2"
      },
      {
        "model": "unixware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "7.1.3"
      },
      {
        "model": "unixware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "7.1.1"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.7"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.6"
      },
      {
        "model": "security bsafe ssl-j sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "3.1"
      },
      {
        "model": "security bsafe ssl-j sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "3.0.1"
      },
      {
        "model": "security bsafe ssl-j sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "3.0"
      },
      {
        "model": "openssl096b-0.9.6b-3.i386.rpm",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openssl096-0.9.6-15.i386.rpm",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openssl-perl-0.9.7a-2.i386.rpm",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openssl-devel-0.9.7a-2.i386.rpm",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openssl-0.9.7a-2.i386.rpm",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "hat fedora core3",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "hat fedora core2",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "hat fedora core1",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "edirectory su1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "edirectory a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.5.12"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "3.3.1"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "3.3"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "3.2"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "3.1"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "3.0"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3.1"
      },
      {
        "model": "litespeed web server rc3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3"
      },
      {
        "model": "litespeed web server rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3"
      },
      {
        "model": "litespeed web server rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.2.2"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.2.1"
      },
      {
        "model": "litespeed web server rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.2"
      },
      {
        "model": "litespeed web server rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.2"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.1.1"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.1"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.0.3"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.0.2"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.0.1"
      },
      {
        "model": "wbem a.02.00.01",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "wbem a.02.00.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "wbem a.01.05.08",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.5"
      },
      {
        "model": "aaa server",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "associates etrust security command center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "secure gateway for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "1.13"
      },
      {
        "model": "secure gateway for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "1.12"
      },
      {
        "model": "secure gateway for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "1.1"
      },
      {
        "model": "webns .0.06s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.20.0.03"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10.2.06"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10.1.02"
      },
      {
        "model": "webns b4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.10"
      },
      {
        "model": "threat response",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3(3.109)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3(3.102)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.3"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.2.111"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(3.100)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(3)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.5"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.4"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.3"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(5)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(4)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(3)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(2)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.4"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.3"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(4.101)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(4)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(2)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "ios 12.2za",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sy",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sy1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sy",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e9",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e14",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e12",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ec",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1(0.208)"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(3.005)"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11000 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "call manager",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "point software vpn-1 vsx ng with application intelligence",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 next generation fp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 next generation fp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 next generation fp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software providor-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 vsx ng with application intelligence",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 next generation fp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 next generation fp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 next generation fp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 gx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "2.0"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "0"
      },
      {
        "model": "coat systems cacheos ca/sa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.1.12"
      },
      {
        "model": "coat systems cacheos ca/sa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.1.10"
      },
      {
        "model": "vsu r2.0.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7500"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5x0"
      },
      {
        "model": "vsu r2.0.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5000"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5000"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "50"
      },
      {
        "model": "vsu r2.0.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2000"
      },
      {
        "model": "vsu r2.0.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "10000"
      },
      {
        "model": "vsu r2.0.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "100"
      },
      {
        "model": "sg5x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.4"
      },
      {
        "model": "sg5x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.3"
      },
      {
        "model": "sg5x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "sg208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity r5 r5.1.46",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity audix r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "intuity s3400",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity s3210",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "gsx server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.2"
      },
      {
        "model": "stonegate sparc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2.12"
      },
      {
        "model": "stonegate",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2.5x86"
      },
      {
        "model": "stonegate ibm zseries",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2.5"
      },
      {
        "model": "computing sidewinder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.1.10"
      },
      {
        "model": "security bsafe ssl-j sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "4.1"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "litespeed web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3.2"
      },
      {
        "model": "litespeed web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.0.2"
      },
      {
        "model": "secure gateway for solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "1.14"
      },
      {
        "model": "threat response",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0.3"
      },
      {
        "model": "mds",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "mds",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "point software vpn-1 sp6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp5a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp5a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "webstar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "4d",
        "version": "5.3.2"
      },
      {
        "model": "oneworld xe/erp8 applications sp22",
        "scope": null,
        "trust": 0.3,
        "vendor": "peoplesoft",
        "version": null
      },
      {
        "model": "enterpriseone applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "peoplesoft",
        "version": "8.93"
      },
      {
        "model": "enterpriseone applications sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "peoplesoft",
        "version": "8.9"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "oracle8i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "oracle8i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4.0"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.0"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.0"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.9"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.8"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.7"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.6"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.5"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.4"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.3"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.2"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.1"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "collaboration suite release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.4.2"
      },
      {
        "model": "collaboration suite release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.4.1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#465542"
      },
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000087"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-078"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.6.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.5.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.5.18:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0081"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Litchfield\u203b david@nextgenss.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-078"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2004-0081",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2004-0081",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-8511",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2004-0081",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#465542",
            "trust": 0.8,
            "value": "5.16"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200411-078",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-8511",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#465542"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8511"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000087"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-078"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.  This vulnerability was addressed in OpenSSL 0.9.6d and 0.9.7. The vulnerability is OpenSSL Applications and systems that use the library may also be affected. For more detailed information about other systems NISCC-224012 (JVN) , NISCC Advisory 224012 (CPNI Advisory 00389) Please check also.OpenSSL An application that uses the service disrupts service operation (DoS) It may be in a state. \nFor the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. The CVE candidate name for this vulnerability is CAN-2004-0079. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. \nThe second issue is also exploited during the SSL/TLS handshake, but only when Kerberos ciphersuites are in use. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. The CVE candidate name for this vulnerability is CAN-2004-0112. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected. \nThis entry will be retired when individual BID records are created for each issue. \n*Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. The CVE candidate name for this vulnerability is CAN-2004-0081. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. \nOracle has released a Critical Patch Update to address these issues in various supported applications and platforms. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. \nThis BID will be divided and updated into separate BIDs when more information is available. An attacker could exploit these vulnerabilities to take complete control of an affected database. \n\nTITLE:\nFedora update for openssl096b\n\nSECUNIA ADVISORY ID:\nSA17381\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17381/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nFedora Core 3\nhttp://secunia.com/product/4222/\n\nDESCRIPTION:\nFedora has issued an update for openssl096b. This fixes some\nvulnerabilities, which can be exploited by malicious people to cause\na DoS (Denial of Service). \n\nFor more information:\nSA10133\nSA11139\n\nSOLUTION:\nApply updated packages. \n\nFedora Core 3:\nhttp://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/\n\n8d68e4b430aa7c5ca067c12866ae694e\nSRPMS/openssl096b-0.9.6b-21.42.src.rpm\n54a9e78a2fdd625b9dc9121e09eb4398\nx86_64/openssl096b-0.9.6b-21.42.x86_64.rpm\nc5c6174e23eba8d038889d08f49231b8\nx86_64/debug/openssl096b-debuginfo-0.9.6b-21.42.x86_64.rpm\n56b63fc150d0c099b2e4f0950e21005b\nx86_64/openssl096b-0.9.6b-21.42.i386.rpm\n56b63fc150d0c099b2e4f0950e21005b\ni386/openssl096b-0.9.6b-21.42.i386.rpm\n93195495585c7e9789041c75b1ed5380\ni386/debug/openssl096b-debuginfo-0.9.6b-21.42.i386.rpm\n\nOTHER REFERENCES:\nSA10133:\nhttp://secunia.com/advisories/10133/\n\nSA11139:\nhttp://secunia.com/advisories/11139/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0081"
      },
      {
        "db": "CERT/CC",
        "id": "VU#465542"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000087"
      },
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8511"
      },
      {
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "db": "PACKETSTORM",
        "id": "41105"
      }
    ],
    "trust": 3.15
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#465542",
        "trust": 3.3
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0081",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "9899",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA04-078A",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "11139",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1009458",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "15509",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000087",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-078",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "13139",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-8511",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "17398",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41200",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "17381",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41105",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#465542"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8511"
      },
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000087"
      },
      {
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "db": "PACKETSTORM",
        "id": "41105"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-078"
      }
    ]
  },
  "id": "VAR-200411-0173",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-8511"
      }
    ],
    "trust": 0.52271296
  },
  "last_update_date": "2023-12-18T11:48:29.371000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "OpenSSL Vulnerability",
        "trust": 0.8,
        "url": "http://www.checkpoint.com/services/techsupport/alerts/openssl.html"
      },
      {
        "title": "HPSBUX01011",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00897351"
      },
      {
        "title": "HPSBUX01011",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux01011.html"
      },
      {
        "title": "NetScreen Advisory 58466",
        "trust": 0.8,
        "url": "http://www.juniper.net/support/security/alerts/adv58466-2.txt"
      },
      {
        "title": "openssl096",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=155"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.openssl.org/"
      },
      {
        "title": "RHSA-2004:119",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2004-119.html"
      },
      {
        "title": "RHSA-2004:121",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2004-121.html"
      },
      {
        "title": "RHSA-2004:120",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2004-120.html"
      },
      {
        "title": "20040304-01-U",
        "trust": 0.8,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-u.asc"
      },
      {
        "title": "57571",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57571-1"
      },
      {
        "title": "57524",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57524-1"
      },
      {
        "title": "57571",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57571-3"
      },
      {
        "title": "57524",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57524-3"
      },
      {
        "title": "19387",
        "trust": 0.8,
        "url": "http://kb.trendmicro.com/solutions/solutiondetail.asp?solutionid=19387"
      },
      {
        "title": "TLSA-2004-9",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2004/tlsa-2004-9.txt"
      },
      {
        "title": "OpenSSL \u306b\u95a2\u3059\u308b\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "http://www.checkpoint.co.jp/techsupport/alerts/openssl.html"
      },
      {
        "title": "RHSA-2004:120",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-120j.html"
      },
      {
        "title": "RHSA-2004:119",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-119j.html"
      },
      {
        "title": "openssl \u306b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30db\u30fc\u30eb",
        "trust": 0.8,
        "url": "http://vinelinux.org/errata/25x/20040319-1.html"
      },
      {
        "title": "TLSA-2004-9",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2004/tlsa-2004-9j.txt"
      },
      {
        "title": "IPCOM\u30b7\u30ea\u30fc\u30ba\u306eOpenSSL\u8106\u5f31\u6027\u3078\u306e\u5bfe\u5fdc\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://primeserver.fujitsu.com/ipcom/support/security20040325/"
      },
      {
        "title": "[\u91cd\u8981] OpenSSL\u8106\u5f31\u6027\u3078\u306e\u5bfe\u5fdc\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://jp.fujitsu.com/support/security/backnumber/2004/0325/"
      },
      {
        "title": "224012",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/cert/niscc.html#224012-openssl"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=169015"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000087"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-078"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0081"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/9899"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta04-078a.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/465542"
      },
      {
        "trust": 2.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-119.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2004/dsa-465"
      },
      {
        "trust": 1.7,
        "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
      },
      {
        "trust": 1.7,
        "url": "http://fedoranews.org/updates/fedora-2004-095.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11755"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a871"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a902"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2004-120.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2004-121.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2004-139.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/11139"
      },
      {
        "trust": 1.7,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
      },
      {
        "trust": 1.7,
        "url": "http://www.trustix.org/errata/2004/0012"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
      },
      {
        "trust": 1.6,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.sco.com/pub/updates/openserver/scosa-2004.10/scosa-2004.10.txt"
      },
      {
        "trust": 1.1,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-u.asc"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.8,
        "url": "http://cvs.openssl.org/chngview?cn=5721"
      },
      {
        "trust": 0.8,
        "url": "http://cvs.openssl.org/chngview?cn=5722"
      },
      {
        "trust": 0.8,
        "url": "http://cvs.openssl.org/getfile?v=1.618.2.137\u0026f=openssl/changes"
      },
      {
        "trust": 0.8,
        "url": "http://cvs.openssl.org/getfile?v=1.954\u0026f=openssl/changes"
      },
      {
        "trust": 0.8,
        "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0081"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20040317-00389.xml"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/15509"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr041201.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr041301.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr041701.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr041801.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/niscc/niscc-224012"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta04-078a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta04-078a"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0081"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20040317-00389.pdf?lang=en"
      },
      {
        "trust": 0.8,
        "url": "http://www.securitytracker.com/alerts/2004/mar/1009458.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/20040318_082932.html"
      },
      {
        "trust": 0.6,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57524"
      },
      {
        "trust": 0.3,
        "url": "http://www.4d.com/products/4dwsv.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/japple/css/japple?page=avaya.css.openpage\u0026temp.template.name=securityadvisory"
      },
      {
        "trust": 0.3,
        "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000827"
      },
      {
        "trust": 0.3,
        "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000834"
      },
      {
        "trust": 0.3,
        "url": "ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf1-readme.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1256"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1257"
      },
      {
        "trust": 0.3,
        "url": "http://www.netscreen.com/services/security/alerts/adv58466-signed.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/document/art/3123.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2005-239.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.checkpoint.com/techsupport/alerts/openssl.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-120.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-139.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2005-830.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com/support/knowledge/advisory_openssl_can-2004-0079.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/support/downloads/securityupdate_2004-04-05_(10_3_3).html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.securecomputing.com/pdf/52110relnotes.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57571"
      },
      {
        "trust": 0.3,
        "url": "http://www.tarantella.com/security/bulletin-10.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.adiscon.com/common/en/advisory/2004-03-18.asp"
      },
      {
        "trust": 0.3,
        "url": "http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.litespeedtech.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/357672"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.peoplesoft.com:80/corp/en/support/security_index.jsp"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/395699"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/11139/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=107955049331965\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=108403850228012\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000834"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/48/"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2005-829.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1326/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1306/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/17398/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1044/"
      },
      {
        "trust": 0.1,
        "url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4222/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/17381/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/10133/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#465542"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8511"
      },
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000087"
      },
      {
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "db": "PACKETSTORM",
        "id": "41105"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-078"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#465542"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8511"
      },
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000087"
      },
      {
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "db": "PACKETSTORM",
        "id": "41105"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-078"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-03-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#465542"
      },
      {
        "date": "2004-11-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-8511"
      },
      {
        "date": "2004-03-17T00:00:00",
        "db": "BID",
        "id": "9899"
      },
      {
        "date": "2005-04-12T00:00:00",
        "db": "BID",
        "id": "13139"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000087"
      },
      {
        "date": "2005-11-03T01:02:14",
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "date": "2005-11-02T01:11:22",
        "db": "PACKETSTORM",
        "id": "41105"
      },
      {
        "date": "2004-11-23T05:00:00",
        "db": "NVD",
        "id": "CVE-2004-0081"
      },
      {
        "date": "2003-07-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200411-078"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-05-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#465542"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-8511"
      },
      {
        "date": "2015-03-19T08:20:00",
        "db": "BID",
        "id": "9899"
      },
      {
        "date": "2006-05-05T23:30:00",
        "db": "BID",
        "id": "13139"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000087"
      },
      {
        "date": "2021-11-08T15:48:31.743000",
        "db": "NVD",
        "id": "CVE-2004-0081"
      },
      {
        "date": "2021-11-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200411-078"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "13139"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL does not properly handle unknown message types",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#465542"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "13139"
      }
    ],
    "trust": 0.6
  }
}

var-200609-1114
Vulnerability from variot

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

============================================================================= FreeBSD-SA-07:08.openssl Security Advisory The FreeBSD Project

Topic: Buffer overflow in OpenSSL SSL_get_shared_ciphers()

Category: contrib Module: openssl Announced: 2007-10-03 Credits: Moritz Jodeit Affects: All FreeBSD releases. Corrected: 2007-10-03 21:39:43 UTC (RELENG_6, 6.2-STABLE) 2007-10-03 21:40:35 UTC (RELENG_6_2, 6.2-RELEASE-p8) 2007-10-03 21:41:22 UTC (RELENG_6_1, 6.1-RELEASE-p20) 2007-10-03 21:42:00 UTC (RELENG_5, 5.5-STABLE) 2007-10-03 21:42:32 UTC (RELENG_5_5, 5.5-RELEASE-p16) CVE Name: CVE-2007-5135

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. Problem Description

A buffer overflow addressed in FreeBSD-SA-06:23.openssl has been found to be incorrectly fixed.

III.

IV. Workaround

No workaround is available, but only applications using the SSL_get_shared_ciphers() function are affected. Solution

Perform one of the following:

1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the correction date.

2) To patch your present system:

The following patch have been verified to apply to FreeBSD 5.5, 6.1, and 6.2 systems.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch

fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc

b) Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

cd /usr/src/secure/lib/libssl

make obj && make depend && make && make install

VI. Correction details

The following list contains the revision numbers of each file that was corrected in FreeBSD.

Branch Revision Path

RELENG_5 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.3 RELENG_5_5 src/UPDATING 1.342.2.35.2.16 src/sys/conf/newvers.sh 1.62.2.21.2.18 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.4.2 RELENG_6 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.2 RELENG_6_2 src/UPDATING 1.416.2.29.2.11 src/sys/conf/newvers.sh 1.69.2.13.2.11 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.1.2.1 RELENG_6_1 src/UPDATING 1.416.2.22.2.22 src/sys/conf/newvers.sh 1.69.2.11.2.22 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.6.2

VII. References

http://marc.info/?l=bugtraq&m=119091888624735 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135

The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-07:08.openssl.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD)

iD8DBQFHBA+HFdaIBMps37IRAtTQAJ0bFBZt7DVJzhQkUcu7VdNS7Kj8cwCeMQaS cNFjW3j2eolZhlee83l3blo= =zwC2 -----END PGP SIGNATURE----- . --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code. Additionally Dr.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. OpenSSL Security Advisory [28th September 2006]

New OpenSSL releases are now available to correct four security issues.

ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)

Vulnerability

Dr. S. N. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940).

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. N. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

Acknowledgements

The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Acknowledgements

The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20060928.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1114",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-26000"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.10"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.9"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "networks meridian option 61c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "systems management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.168"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "x8610.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux database server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "stonebeat fullcluster for gauntlet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1050"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "networks meridian option 51c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "aironet acs350 c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3502.6"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "6000"
      },
      {
        "model": "networks cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1000"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.5"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "fuji",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "networks meridian option 81c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.4"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "networks self-service mps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5000"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5.2"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "2700"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1740"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1010"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.1"
      },
      {
        "model": "networks communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1000"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0.0x64"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.50.3.45"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-45000"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-46000"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "17500"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5000"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "ciscosecure acs appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1111"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.6"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "networks ip address domain manager",
        "scope": null,
        "trust": 0.3,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "mds 9216i",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.3"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.10.2.65"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "networks meridian option 11c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0.1"
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1700"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "ciscosecure acs for windows and unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "stonebeat fullcluster for isa server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1100"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "networks wlan access point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "7250.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with the discovery of this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "20249"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-3738",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-3738",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nSuccessfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-07:08.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          Buffer overflow in OpenSSL SSL_get_shared_ciphers()\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2007-10-03\nCredits:        Moritz Jodeit\nAffects:        All FreeBSD releases. \nCorrected:      2007-10-03 21:39:43 UTC (RELENG_6, 6.2-STABLE)\n                2007-10-03 21:40:35 UTC (RELENG_6_2, 6.2-RELEASE-p8)\n                2007-10-03 21:41:22 UTC (RELENG_6_1, 6.1-RELEASE-p20)\n                2007-10-03 21:42:00 UTC (RELENG_5, 5.5-STABLE)\n                2007-10-03 21:42:32 UTC (RELENG_5_5, 5.5-RELEASE-p16)\nCVE Name:       CVE-2007-5135\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured,\nand Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII.  Problem Description\n\nA buffer overflow addressed in FreeBSD-SA-06:23.openssl has been found\nto be incorrectly fixed. \n\nIII. \n\nIV.  Workaround\n\nNo workaround is available, but only applications using the\nSSL_get_shared_ciphers() function are affected.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the\nRELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the\ncorrection date. \n\n2) To patch your present system:\n\nThe following patch have been verified to apply to FreeBSD 5.5, 6.1,\nand 6.2 systems. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch\n# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# cd /usr/src/secure/lib/libssl\n# make obj \u0026\u0026 make depend \u0026\u0026 make \u0026\u0026 make install\n\nVI.  Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nBranch                                                           Revision\n  Path\n- -------------------------------------------------------------------------\nRELENG_5\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.11.2.3\nRELENG_5_5\n  src/UPDATING                                            1.342.2.35.2.16\n  src/sys/conf/newvers.sh                                  1.62.2.21.2.18\n  src/crypto/openssl/ssl/ssl_lib.c                       1.1.1.11.2.1.4.2\nRELENG_6\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.2.2\nRELENG_6_2\n  src/UPDATING                                            1.416.2.29.2.11\n  src/sys/conf/newvers.sh                                  1.69.2.13.2.11\n  src/crypto/openssl/ssl/ssl_lib.c                       1.1.1.12.2.1.2.1\nRELENG_6_1\n  src/UPDATING                                            1.416.2.22.2.22\n  src/sys/conf/newvers.sh                                  1.69.2.11.2.22\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.6.2\n- -------------------------------------------------------------------------\n\nVII. References\n\nhttp://marc.info/?l=bugtraq\u0026m=119091888624735\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135\n\nThe latest revision of this advisory is available at\nhttp://security.FreeBSD.org/advisories/FreeBSD-SA-07:08.openssl.asc\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (FreeBSD)\n\niD8DBQFHBA+HFdaIBMps37IRAtTQAJ0bFBZt7DVJzhQkUcu7VdNS7Kj8cwCeMQaS\ncNFjW3j2eolZhlee83l3blo=\n=zwC2\n-----END PGP SIGNATURE-----\n. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. Additionally Dr. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. OpenSSL Security Advisory [28th September 2006]\n\nNew OpenSSL releases are now available to correct four security\nissues. \n\n\nASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)\n==============================================================\n\nVulnerability\n-------------\n\nDr. S. N. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  This can result in an infinite loop which\nconsumes system memory (CVE-2006-2937).  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. This could be used by an attacker in a denial of\nservice attack (CVE-2006-2940). \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. N. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20060928.txt\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "59797"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      }
    ],
    "trust": 3.69
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 2.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22654",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22633",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30161",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4314",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4443",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29262",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "59797",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "59797"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "id": "VAR-200609-1114",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.346980685
  },
  "last_update_date": "2024-05-25T22:24:46.235000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.7,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/547300"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22633"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22654"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30161"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29262"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20249"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4314"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4443"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026documentoid=498093\u0026renditionid=\u0026poid=8881"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4256"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9370"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/en/support/security_advisories/2909_2006.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "/archive/1/481217"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www116.nortelnetworks.com/pub/repository/clarify/document/2006/44/021420-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5135"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-07:08/openssl.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3738"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5135"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-07:08.openssl.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-07:08/openssl.patch"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=119091888624735"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "59797"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "59797"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20249"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2007-10-05T05:29:31",
        "db": "PACKETSTORM",
        "id": "59797"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2011-05-09T19:52:00",
        "db": "BID",
        "id": "20249"
      },
      {
        "date": "2018-10-17T21:29:08.090000",
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20249"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "20249"
      }
    ],
    "trust": 0.3
  }
}

var-201506-0231
Vulnerability from variot

The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1o >= 0.9.8z_p7 >= 1.0.1o

Description

Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details.

Resolution

All OpenSSL 1.0.1 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1o"

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p7"

References

[ 1 ] CVE-2014-8176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176 [ 2 ] CVE-2015-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788 [ 3 ] CVE-2015-1789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789 [ 4 ] CVE-2015-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790 [ 5 ] CVE-2015-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791 [ 6 ] CVE-2015-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792 [ 7 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201506-02

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code. This could allow remote attackers to cause a denial of service. This could allow remote attackers to cause a denial of service (crash) via crafted ASN.1-encoded PKCS#7 blobs. This could allow remote attackers to cause a denial of service (crash). This could allow remote attackers to cause a denial of service.

For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u17.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u1.

For the testing distribution (stretch), these problems have been fixed in version 1.0.2b-1.

For the unstable distribution (sid), these problems have been fixed in version 1.0.2b-1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05184351

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05184351 Version: 1

HPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2016-07-05 Last Updated: 2016-07-05

Potential Security Impact: Remote Denial of Service (DoS), Unauthorized Access

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities in OpenSSL have been addressed with HPE network products including iMC, VCX, Comware 5 and Comware 7. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS) or unauthorized access.

Please refer to the RESOLUTION below for a list of impacted products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2014-8176
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-1788
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2015-1789
  3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2015-1790
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-1791
  5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2015-1792
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-1793
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

  https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI

d=emr_na-c01345499

RESOLUTION HPE has released the following software updates to resolve the vulnerabilities in the HP network products including iMC, VCX, Comware 5 and Comware 7.

COMWARE 5 Products

  • A6600 (Comware 5) - Version: R3303P23
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • HSR6602 (Comware 5) - Version: R3303P23
    • HP Network Products
    • JC176A HP 6602 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 (Comware 5) - Version: R3303P23
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • MSR20 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD432A HP A-MSR20-21 Router
    • JD662A HP MSR20-20 Router
    • JD663A HP A-MSR20-21 Router
    • JD663B HP MSR20-21 Router
    • JD664A HP MSR20-40 Router
    • JF228A HP MSR20-40 Router
    • JF283A HP MSR20-20 Router
  • MSR20-1X (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD431A HP MSR20-10 Router
    • JD667A HP MSR20-15 IW Multi-Service Router
    • JD668A HP MSR20-13 Multi-Service Router
    • JD669A HP MSR20-13 W Multi-Service Router
    • JD670A HP MSR20-15 A Multi-Service Router
    • JD671A HP MSR20-15 AW Multi-Service Router
    • JD672A HP MSR20-15 I Multi-Service Router
    • JD673A HP MSR20-11 Multi-Service Router
    • JD674A HP MSR20-12 Multi-Service Router
    • JD675A HP MSR20-12 W Multi-Service Router
    • JD676A HP MSR20-12 T1 Multi-Service Router
    • JF236A HP MSR20-15-I Router
    • JF237A HP MSR20-15-A Router
    • JF238A HP MSR20-15-I-W Router
    • JF239A HP MSR20-11 Router
    • JF240A HP MSR20-13 Router
    • JF241A HP MSR20-12 Router
    • JF806A HP MSR20-12-T Router
    • JF807A HP MSR20-12-W Router
    • JF808A HP MSR20-13-W Router
    • JF809A HP MSR20-15-A-W Router
    • JF817A HP MSR20-15 Router
    • JG209A HP MSR20-12-T-W Router (NA)
    • JG210A HP MSR20-13-W Router (NA)
  • MSR 30 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD654A HP MSR30-60 POE Multi-Service Router
    • JD657A HP MSR30-40 Multi-Service Router
    • JD658A HP MSR30-60 Multi-Service Router
    • JD660A HP MSR30-20 POE Multi-Service Router
    • JD661A HP MSR30-40 POE Multi-Service Router
    • JD666A HP MSR30-20 Multi-Service Router
    • JF229A HP MSR30-40 Router
    • JF230A HP MSR30-60 Router
    • JF232A HP RTMSR3040-AC-OVSAS-H3
    • JF235A HP MSR30-20 DC Router
    • JF284A HP MSR30-20 Router
    • JF287A HP MSR30-40 DC Router
    • JF801A HP MSR30-60 DC Router
    • JF802A HP MSR30-20 PoE Router
    • JF803A HP MSR30-40 PoE Router
    • JF804A HP MSR30-60 PoE Router
    • JG728A HP MSR30-20 TAA-compliant DC Router
    • JG729A HP MSR30-20 TAA-compliant Router
  • MSR 30-16 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD659A HP MSR30-16 POE Multi-Service Router
    • JD665A HP MSR30-16 Multi-Service Router
    • JF233A HP MSR30-16 Router
    • JF234A HP MSR30-16 PoE Router
  • MSR 30-1X (Comware 5) - Version: R2514P10
    • HP Network Products
    • JF800A HP MSR30-11 Router
    • JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
    • JG182A HP MSR30-11E Router
    • JG183A HP MSR30-11F Router
    • JG184A HP MSR30-10 DC Router
  • MSR 50 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD433A HP MSR50-40 Router
    • JD653A HP MSR50 Processor Module
    • JD655A HP MSR50-40 Multi-Service Router
    • JD656A HP MSR50-60 Multi-Service Router
    • JF231A HP MSR50-60 Router
    • JF285A HP MSR50-40 DC Router
    • JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
  • MSR 50-G2 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD429A HP MSR50 G2 Processor Module
    • JD429B HP MSR50 G2 Processor Module
  • MSR 9XX (Comware 5) - Version: R2514P10
    • HP Network Products
    • JF812A HP MSR900 Router
    • JF813A HP MSR920 Router
    • JF814A HP MSR900-W Router
    • JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
    • JG207A HP MSR900-W Router (NA)
    • JG208A HP MSR920-W Router (NA)
  • MSR 93X (Comware 5) - Version: R2514P10
    • HP Network Products
    • JG511A HP MSR930 Router
    • JG511B HP MSR930 Router
    • JG512A HP MSR930 Wireless Router
    • JG513A HP MSR930 3G Router
    • JG513B HP MSR930 3G Router
    • JG514A HP MSR931 Router
    • JG514B HP MSR931 Router
    • JG515A HP MSR931 3G Router
    • JG516A HP MSR933 Router
    • JG517A HP MSR933 3G Router
    • JG518A HP MSR935 Router
    • JG518B HP MSR935 Router
    • JG519A HP MSR935 Wireless Router
    • JG520A HP MSR935 3G Router
    • JG531A HP MSR931 Dual 3G Router
    • JG531B HP MSR931 Dual 3G Router
    • JG596A HP MSR930 4G LTE/3G CDMA Router
    • JG597A HP MSR936 Wireless Router
    • JG665A HP MSR930 4G LTE/3G WCDMA Global Router
    • JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
    • JH009A HP MSR931 Serial (TI) Router
    • JH010A HP MSR933 G.SHDSL (TI) Router
    • JH011A HP MSR935 ADSL2+ (TI) Router
    • JH012A HP MSR930 Wireless 802.11n (NA) Router
    • JH012B HP MSR930 Wireless 802.11n (NA) Router
    • JH013A HP MSR935 Wireless 802.11n (NA) Router
  • MSR1000 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JG732A HP MSR1003-8 AC Router
  • 12500 (Comware 5) - Version: R1829P01
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JC808A HP 12500 TAA Main Processing Unit
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
  • 9500E (Comware 5) - Version: R1829P01
    • HP Network Products
    • JC124A HP A9508 Switch Chassis
    • JC124B HP 9505 Switch Chassis
    • JC125A HP A9512 Switch Chassis
    • JC125B HP 9512 Switch Chassis
    • JC474A HP A9508-V Switch Chassis
    • JC474B HP 9508-V Switch Chassis
  • 10500 (Comware 5) - Version: R1210P01
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC614A HP 10500 Main Processing Unit
    • JC748A HP 10512 Switch Chassis
    • JG375A HP 10500 TAA-compliant Main Processing Unit
    • JG820A HP 10504 TAA-compliant Switch Chassis
    • JG821A HP 10508 TAA-compliant Switch Chassis
    • JG822A HP 10508-V TAA-compliant Switch Chassis
    • JG823A HP 10512 TAA-compliant Switch Chassis
  • 7500 (Comware 5) - Version: R6710P01
    • HP Network Products
    • JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
    • JC697A HP 7502 TAA-compliant Main Processing Unit
    • JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
    • JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
    • JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
    • JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
    • JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD194A HP 7500 384Gbps Fabric Module
    • JD194B HP 7500 384Gbps Fabric Module
    • JD195A HP 7500 384Gbps Advanced Fabric Module
    • JD196A HP 7502 Fabric Module
    • JD220A HP 7500 768Gbps Fabric Module
    • JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
    • JD238A HP 7510 Switch Chassis
    • JD238B HP 7510 Switch Chassis
    • JD239A HP 7506 Switch Chassis
    • JD239B HP 7506 Switch Chassis
    • JD240A HP 7503 Switch Chassis
    • JD240B HP 7503 Switch Chassis
    • JD241A HP 7506-V Switch Chassis
    • JD241B HP 7506-V Switch Chassis
    • JD242A HP 7502 Switch Chassis
    • JD242B HP 7502 Switch Chassis
    • JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
    • JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
    • JE164A HP E7902 Switch Chassis
    • JE165A HP E7903 Switch Chassis
    • JE166A HP E7903 1 Fabric Slot Switch Chassis
    • JE167A HP E7906 Switch Chassis
    • JE168A HP E7906 Vertical Switch Chassis
    • JE169A HP E7910 Switch Chassis
  • 5830 (Comware 5) - Version: R1118P13
    • HP Network Products
    • JC691A HP 5830AF-48G Switch with 1 Interface Slot
    • JC694A HP 5830AF-96G Switch
    • JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
    • JG374A HP 5830AF-96G TAA-compliant Switch
  • 5800 (Comware 5) - Version: R1809P11
    • HP Network Products
    • JC099A HP 5800-24G-PoE Switch
    • JC099B HP 5800-24G-PoE+ Switch
    • JC100A HP 5800-24G Switch
    • JC100B HP 5800-24G Switch
    • JC101A HP 5800-48G Switch with 2 Slots
    • JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
    • JC103A HP 5800-24G-SFP Switch
    • JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
    • JC104A HP 5800-48G-PoE Switch
    • JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
    • JC105A HP 5800-48G Switch
    • JC105B HP 5800-48G Switch with 1 Interface Slot
    • JG254A HP 5800-24G-PoE+ TAA-compliant Switch
    • JG254B HP 5800-24G-PoE+ TAA-compliant Switch
    • JG255A HP 5800-24G TAA-compliant Switch
    • JG255B HP 5800-24G TAA-compliant Switch
    • JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG225A HP 5800AF-48G Switch
    • JG225B HP 5800AF-48G Switch
    • JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
    • JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
    • JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
    • JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
    • JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
    • JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
    • JG219A HP 5820AF-24XG Switch
    • JG219B HP 5820AF-24XG Switch
    • JC102A HP 5820-24XG-SFP+ Switch
    • JC102B HP 5820-24XG-SFP+ Switch
  • 5500 HI (Comware 5) - Version: R5501P17
    • HP Network Products
    • JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
    • JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
    • JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
    • JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
  • 5500 EI (Comware 5) - Version: R2221P19
    • HP Network Products
    • JD373A HP 5500-24G DC EI Switch
    • JD374A HP 5500-24G-SFP EI Switch
    • JD375A HP 5500-48G EI Switch
    • JD376A HP 5500-48G-PoE EI Switch
    • JD377A HP 5500-24G EI Switch
    • JD378A HP 5500-24G-PoE EI Switch
    • JD379A HP 5500-24G-SFP DC EI Switch
    • JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
    • JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
    • JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
    • JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
    • JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
  • 4800G (Comware 5) - Version: R2221P19
    • HP Network Products
    • JD007A HP 4800-24G Switch
    • JD008A HP 4800-24G-PoE Switch
    • JD009A HP 4800-24G-SFP Switch
    • JD010A HP 4800-48G Switch
    • JD011A HP 4800-48G-PoE Switch
  • 5500SI (Comware 5) - Version: R2221P20
    • HP Network Products
    • JD369A HP 5500-24G SI Switch
    • JD370A HP 5500-48G SI Switch
    • JD371A HP 5500-24G-PoE SI Switch
    • JD372A HP 5500-48G-PoE SI Switch
    • JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
    • JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
  • 4500G (Comware 5) - Version: R2221P20
    • HP Network Products
    • JF428A HP 4510-48G Switch
    • JF847A HP 4510-24G Switch
  • 5120 EI (Comware 5) - Version: R2221P20
    • HP Network Products
    • JE066A HP 5120-24G EI Switch
    • JE067A HP 5120-48G EI Switch
    • JE068A HP 5120-24G EI Switch with 2 Interface Slots
    • JE069A HP 5120-48G EI Switch with 2 Interface Slots
    • JE070A HP 5120-24G-PoE EI 2-slot Switch
    • JE071A HP 5120-48G-PoE EI 2-slot Switch
    • JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
    • JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
    • JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
    • JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
  • 4210G (Comware 5) - Version: R2221P20
    • HP Network Products
    • JF844A HP 4210-24G Switch
    • JF845A HP 4210-48G Switch
    • JF846A HP 4210-24G-PoE Switch
  • 5120 SI (Comware 5) - Version: R1516
    • HP Network Products
    • JE072A HP 5120-48G SI Switch
    • JE072B HPE 5120 48G SI Switch
    • JE073A HP 5120-16G SI Switch
    • JE073B HPE 5120 16G SI Switch
    • JE074A HP 5120-24G SI Switch
    • JE074B HPE 5120 24G SI Switch
    • JG091A HP 5120-24G-PoE+ (370W) SI Switch
    • JG091B HPE 5120 24G PoE+ (370W) SI Switch
    • JG092A HP 5120-24G-PoE+ (170W) SI Switch
    • JG309B HPE 5120 8G PoE+ (180W) SI Switch
    • JG310B HPE 5120 8G PoE+ (65W) SI Switch
  • 3610 (Comware 5) - Version: R5319P14
    • HP Network Products
    • JD335A HP 3610-48 Switch
    • JD336A HP 3610-24-4G-SFP Switch
    • JD337A HP 3610-24-2G-2G-SFP Switch
    • JD338A HP 3610-24-SFP Switch
  • 3600V2 (Comware 5) - Version: R2110P06
    • HP Network Products
    • JG299A HP 3600-24 v2 EI Switch
    • JG299B HP 3600-24 v2 EI Switch
    • JG300A HP 3600-48 v2 EI Switch
    • JG300B HP 3600-48 v2 EI Switch
    • JG301A HP 3600-24-PoE+ v2 EI Switch
    • JG301B HP 3600-24-PoE+ v2 EI Switch
    • JG301C HP 3600-24-PoE+ v2 EI Switch
    • JG302A HP 3600-48-PoE+ v2 EI Switch
    • JG302B HP 3600-48-PoE+ v2 EI Switch
    • JG302C HP 3600-48-PoE+ v2 EI Switch
    • JG303A HP 3600-24-SFP v2 EI Switch
    • JG303B HP 3600-24-SFP v2 EI Switch
    • JG304A HP 3600-24 v2 SI Switch
    • JG304B HP 3600-24 v2 SI Switch
    • JG305A HP 3600-48 v2 SI Switch
    • JG305B HP 3600-48 v2 SI Switch
    • JG306A HP 3600-24-PoE+ v2 SI Switch
    • JG306B HP 3600-24-PoE+ v2 SI Switch
    • JG306C HP 3600-24-PoE+ v2 SI Switch
    • JG307A HP 3600-48-PoE+ v2 SI Switch
    • JG307B HP 3600-48-PoE+ v2 SI Switch
    • JG307C HP 3600-48-PoE+ v2 SI Switch
  • 3100V2-48 (Comware 5) - Version: R2110P06
    • HP Network Products
    • JG315A HP 3100-48 v2 Switch
    • JG315B HP 3100-48 v2 Switch
  • HP870 (Comware 5) - Version: R2607P46
    • HP Network Products
    • JG723A HP 870 Unified Wired-WLAN Appliance
    • JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
  • HP850 (Comware 5) - Version: R2607P46
    • HP Network Products
    • JG722A HP 850 Unified Wired-WLAN Appliance
    • JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
  • HP830 (Comware 5) - Version: R3507P46
    • HP Network Products
    • JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
    • JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
    • JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
    • JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
  • HP6000 (Comware 5) - Version: R2507P46
    • HP Network Products
    • JG639A HP 10500/7500 20G Unified Wired-WLAN Module
    • JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
  • WX5004-EI (Comware 5) - Version: R2507P46
    • HP Network Products
    • JD447B HP WX5002 Access Controller
    • JD448A HP WX5004 Access Controller
    • JD448B HP WX5004 Access Controller
    • JD469A HP WX5004 Access Controller
  • SecBlade FW (Comware 5) - Version: R3181P07
    • HP Network Products
    • JC635A HP 12500 VPN Firewall Module
    • JD245A HP 9500 VPN Firewall Module
    • JD249A HP 10500/7500 Advanced VPN Firewall Module
    • JD250A HP 6600 Firewall Processing Router Module
    • JD251A HP 8800 Firewall Processing Module
    • JD255A HP 5820 VPN Firewall Module
  • F1000-E (Comware 5) - Version: R3181P07
    • HP Network Products
    • JD272A HP F1000-E VPN Firewall Appliance
  • F1000-A-EI (Comware 5) - Version: R3734P08
    • HP Network Products
    • JG214A HP F1000-A-EI VPN Firewall Appliance
  • F1000-S-EI (Comware 5) - Version: R3734P08
    • HP Network Products
    • JG213A HP F1000-S-EI VPN Firewall Appliance
  • F5000-A (Comware 5) - Version: F3210P26
    • HP Network Products
    • JD259A HP A5000-A5 VPN Firewall Chassis
    • JG215A HP F5000 Firewall Main Processing Unit
    • JG216A HP F5000 Firewall Standalone Chassis
  • U200S and CS (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD273A HP U200-S UTM Appliance
  • U200A and M (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD275A HP U200-A UTM Appliance
  • F5000-C/S (Comware 5) - Version: R3811P05
    • HP Network Products
    • JG650A HP F5000-C VPN Firewall Appliance
    • JG370A HP F5000-S VPN Firewall Appliance
  • SecBlade III (Comware 5) - Version: R3820P06
    • HP Network Products
    • JG371A HP 12500 20Gbps VPN Firewall Module
    • JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
  • 6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
  • 6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC165A) HP 6600 RPE-X1 Router Module
    • JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • 6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC176A) HP 6602 Router Chassis
  • HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • SMB1910 (Comware 5) - Version: R1111
    • HP Network Products
    • JG540A HP 1910-48 Switch
    • JG539A HP 1910-24-PoE+ Switch
    • JG538A HP 1910-24 Switch
    • JG537A HP 1910-8 -PoE+ Switch
    • JG536A HP 1910-8 Switch
  • SMB1920 (Comware 5) - Version: R1109
    • HP Network Products
    • JG928A HP 1920-48G-PoE+ (370W) Switch
    • JG927A HP 1920-48G Switch
    • JG926A HP 1920-24G-PoE+ (370W) Switch
    • JG925A HP 1920-24G-PoE+ (180W) Switch
    • JG924A HP 1920-24G Switch
    • JG923A HP 1920-16G Switch
    • JG922A HP 1920-8G-PoE+ (180W) Switch
    • JG921A HP 1920-8G-PoE+ (65W) Switch
    • JG920A HP 1920-8G Switch
  • V1910 (Comware 5) - Version: R1516
    • HP Network Products
    • JE005A HP 1910-16G Switch
    • JE006A HP 1910-24G Switch
    • JE007A HP 1910-24G-PoE (365W) Switch
    • JE008A HP 1910-24G-PoE(170W) Switch
    • JE009A HP 1910-48G Switch
    • JG348A HP 1910-8G Switch
    • JG349A HP 1910-8G-PoE+ (65W) Switch
    • JG350A HP 1910-8G-PoE+ (180W) Switch
  • SMB 1620 (Comware 5) - Version: R1108
    • HP Network Products
    • JG914A HP 1620-48G Switch
    • JG913A HP 1620-24G Switch
    • JG912A HP 1620-8G Switch

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7376
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
  • 10500 (Comware 7) - Version: R7170
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
  • 12900 (Comware 7) - Version: R1138P01
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
  • 5900 (Comware 7) - Version: R2422P01
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
  • MSR1000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
  • MSR2000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
  • MSR3000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
  • MSR4000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
  • VSR (Comware 7) - Version: E0321P01
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
  • 7900 (Comware 7) - Version: R2138P01
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
  • 5130 (Comware 7) - Version: R3109P16
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
  • 5700 (Comware 7) - Version: R2422P01
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
  • 5930 (Comware 7) - Version: R2422P01
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
  • HSR6600 (Comware 7) - Version: R7103P05
    • HP Network Products
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
  • HSR6800 (Comware 7) - Version: R7103P05
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
    • JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
  • 1950 (Comware 7) - Version: R3109P16
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
  • 7500 (Comware 7) - Version: R7170
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit

iMC Products

  • iMC Plat - Version: iMC Plat 7.1 E0303P16
    • HP Network Products
    • JD125A HP IMC Std S/W Platform w/100-node
    • JD126A HP IMC Ent S/W Platform w/100-node
    • JD808A HP IMC Ent Platform w/100-node License
    • JD814A HP A-IMC Enterprise Edition Software DVD Media
    • JD815A HP IMC Std Platform w/100-node License
    • JD816A HP A-IMC Standard Edition Software DVD Media
    • JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
    • JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
    • JF377A HP IMC Std S/W Platform w/100-node Lic
    • JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
    • JF378A HP IMC Ent S/W Platform w/200-node Lic
    • JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
    • JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
    • JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
    • JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
    • JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
    • JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
    • JG659AAE HP IMC Smart Connect VAE E-LTU
    • JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
    • JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
    • JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
    • JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
    • JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
    • JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
  • iMC iNode - Version: iNode PC 7.1 E0313, or, iNode PC 7.2 (E0401)
    • HP Network Products
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
  • iMC TAM_UAM - Version: iMC UAM_TAM 7.1 (E0307)
    • HP Network Products
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
  • iMC NSM - Version: iMC WSM 7.1 E0303P10
    • HP Network Products
    • JD456A HP IMC WSM Software Module with 50-Access Point License
    • JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
    • JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
    • JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
    • JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
    • JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU

VCX Products

  • VCX - Version: 9.8.18
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0

HISTORY Version:1 (rev.1) - 5 July 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-15:10.openssl Security Advisory The FreeBSD Project

Topic: Multiple OpenSSL vulnerabilities

Category: contrib Module: openssl Announced: 2015-06-12 Affects: All supported versions of FreeBSD. Corrected: 2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE) 2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12) 2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE) 2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16) 2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE) 2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30) CVE Name: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 CVE-2015-1792, CVE-2015-4000

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. [CVE-2015-1791]

The OpenSSL advisory also describes a problem that is identified as CVE-2014-8176, which is already fixed by an earlier FreeBSD Errata Notice, FreeBSD-EN-15:02.openssl.

III. [CVE-2015-4000]. [CVE-2015-1788]. This affects FreeBSD 10.1 only, as the problem was no longer exist in OpenSSL 0.9.8 series since July 2012. [CVE-2015-1790]. [CVE-2015-1792]

An attacker may be able to crash multi-thread applications that supports resumed TLS handshakes. [CVE-2015-1791]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.1]

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc

gpg --verify openssl-10.1.patch.asc

[FreeBSD 9.3 and 8.4]

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc

gpg --verify openssl-8.4.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r284286 releng/8.4/ r284295 stable/9/ r284286 releng/9.3/ r284295 stable/10/ r284285 releng/10.1/ r284295

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.4 (FreeBSD)

iQIcBAEBCgAGBQJVeopGAAoJEO1n7NZdz2rnzhQP/Ak6el188Y+7QbEYVfCZ7eG8 BQLj5TMGHV5swSKVlPcEuBlMwTjpgB5Gqhc8luDS0eIAuJGdcMPSrZDdXxWQFtPf pbfIwp/ElFc7d6ut0Y8t6fFLJbhTOoHJpzTGkFRfJkjinGOx7OZQPeLJsxSubbnL JKugZ3diH6yk6IPMf9SvhO/kYXUF1VbXQvHNTnqgdhFVkgF6tK22Pkl2XoJ9EHbh vBXft1yJwiYlZ//DxZuScTUj1pHYzK3bOpg//REJMWCMj1RVwQr2EyDa0Q2cT02d eRnSZykXD69eybyzEck+BvwnUYYJICimnHuE5t78UIr0D/NWyOAZTQ99z5TID5aV HXkcil+1E/Q+xBB4+5UOOnESf6cmiWwewQOVvD26ZY39E6oJXvsrWnyxIuCG6DL9 sLtxB6iTYlTX5Civ/VJX8H7rFiw4UwMembthvGzck22026iHjplWM3GCWz0E8O3R PrXBHjAzNFawK3owNMxFSUFTuFw/qY7EEwJ3SKCEC+hoxcLOl26NMxrQKRIAUk+I MMOaZfvOh2uM19y9SJZz8+sqU8gIm7ihDm5fuSkO8kY0jdvLwyS9bXAejN/lZ6oJ TyfTDDyXDOdaPpnpQehh6vQV0NiaJ+WXfGhfiE8/G/t6b1E0LlCaaGJTpYkildGe vVCM4Nyx4S9WDFOi76ug =dyhg -----END PGP SIGNATURE----- .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz: Upgraded. Fixes several bugs and security issues: o Malformed ECParameters causes infinite loop (CVE-2015-1788) o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) o CMS verify infinite loop with unknown hash function (CVE-2015-1792) o Race condition handling NewSessionTicket (CVE-2015-1791) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791 ( Security fix ) patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 383ecfed6bfef1440a44d7082745848a openssl-0.9.8zg-i486-1_slack13.0.txz fb186187ffa200e22d9450a9d0e321f6 openssl-solibs-0.9.8zg-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: eb52318ed52fef726402f0b2a74745c5 openssl-0.9.8zg-x86_64-1_slack13.0.txz 9447927b960a01b21149e28a9783021f openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 37f46f6b4fe2acbe217eaf7c0b33b704 openssl-0.9.8zg-i486-1_slack13.1.txz 986de2e71676f61d788a59a1e0c8de1f openssl-solibs-0.9.8zg-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 6b160ce817dcde3ae5b3a861b284387b openssl-0.9.8zg-x86_64-1_slack13.1.txz 503d891680c711162386ea7e3daadca8 openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 5e7501b1d73d01d3d87704c3cfd3a888 openssl-0.9.8zg-i486-1_slack13.37.txz 874f0b59870dd3f259640c9930a02f99 openssl-solibs-0.9.8zg-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: b6d91614458040d461dff3c3eab45206 openssl-0.9.8zg-x86_64-1_slack13.37.txz be106df5e59c2be7fa442df8ba85ad0b openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz

Slackware 14.0 packages: ee7c3937e6a6d7ac7537f751af7da7b9 openssl-1.0.1n-i486-1_slack14.0.txz 758662437d33f99ec0a686cedeb1919e openssl-solibs-1.0.1n-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 2dfdc4729e93cf460018e9e30a6223dc openssl-1.0.1n-x86_64-1_slack14.0.txz 9cb4b34e97e60f6bfe4c843aabeae954 openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 5a9bf08d55615cfc097109c2e3786f7b openssl-1.0.1n-i486-1_slack14.1.txz fb1c05468e5c38d51a8ff6ac435e3a20 openssl-solibs-1.0.1n-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 1ef5cede3f954c3e4741012ffa76b750 openssl-1.0.1n-x86_64-1_slack14.1.txz ea22c288c60ae1d7ea8c5b3a1608462b openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz

Slackware -current packages: 56db8712d653c060f910e8915a8f8656 a/openssl-solibs-1.0.1n-i586-1.txz 6d6264c9943e27240db5c8f5ec342e27 n/openssl-1.0.1n-i586-1.txz

Slackware x86_64 -current packages: e73f7aff5aa0ad14bc06428544f99ae2 a/openssl-solibs-1.0.1n-x86_64-1.txz 91b550b9eb0ac0c580e158375a93c0e4 n/openssl-1.0.1n-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.

Please download the latest version of HPE Version Control Repository Manager (VCRM) (7.5.1) from the following location:

VCRM for Windows:

https://www.hp.com/swpublishing/MTX-b59b11be53744759a650eadeb4

VCRM for Linux is only available only with HPE Systems Insight Manager (HPE SIM):

https://www.hp.com/go/sim

HISTORY Version:1 (rev.1) - 12 May 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. OpenSSL Security Advisory [11 Jun 2015] =======================================

DHE man-in-the-middle protection (Logjam)

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000).

OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n

Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx of the OpenSSL development team.

This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled.

This issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent 1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The fix was developed by Andy Polyakov of the OpenSSL development team.

Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)

Severity: Moderate

X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string.

An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki (Google), and independently on 11th April 2015 by Hanno Böck. The fix was developed by Emilia Käsper of the OpenSSL development team.

PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)

Severity: Moderate

The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.

Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 18th April 2015 by Michal Zalewski (Google). The fix was developed by Emilia Käsper of the OpenSSL development team.

CMS verify infinite loop with unknown hash function (CVE-2015-1792)

Severity: Moderate

When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID.

This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Race condition handling NewSessionTicket (CVE-2015-1791)

Severity: Low

If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was discovered by Emilia Käsper of the OpenSSL development team. The fix was developed by Matt Caswell of the OpenSSL development team.

Invalid free in DTLS (CVE-2014-8176)

Severity: Moderate

This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014.

If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption.

This issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

This issue was originally reported on March 28th 2014 in https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google). A fix was developed by zhu qun-ying.

The fix for this issue can be identified by commits bcc31166 (1.0.1), b79e6e3a (1.0.0) and 4b258e73 (0.9.8).

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150611.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0231",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zf"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.9,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "hs series all versions"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.2"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "hpe systems insight manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator probe option ver3.1.0.x to  ver4.1.0.x"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1 to  v8.1"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c cmm"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.63"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator agent ver3.3 to  ver4.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v4.2 to  v6.5"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.71"
      },
      {
        "model": "hpe server migration pack",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver8.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.2"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.54"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c ucm"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v7.1"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "none"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v7.1 to  v8.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "systemmanager ver5.5.2 to  ver6.2.1"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.53"
      },
      {
        "model": "hpe version control repository manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v4.1 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.2"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "jobcenter r14.1"
      },
      {
        "model": "hpe matrix operating environment",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7500/nv5500/nv3500 series"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.4 to  v9.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v4.1 to  v6.5"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7400/nv5400/nv3400 series"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator manager ver3.2.2 to  ver4.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v4.2 to  v6.5"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "mcoperations ver3.6.2 to  ver4.2"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v7.1 to  v8.1"
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "server provisioning"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle exalogic infrastructure eecs 2.0.6.2.3"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "uddi registry v1.1 to  v7.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0 manager component"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.1"
      },
      {
        "model": "db2 advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.10"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.14"
      },
      {
        "model": "db2 express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.11"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "db2 workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system z\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "db2 connect unlimited edition for system i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "junos 12.1x44-d33",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.0.0"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.15"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "db2 connect unlimited edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "hp-ux b.11.22",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.18"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "db2\u00ae express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.3"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 14.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.13"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.6"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.12"
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.14"
      },
      {
        "model": "junos 13.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "db2\u00ae connect? application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "db2 luw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5.0.6"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.04"
      },
      {
        "model": "db2 connect enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.2"
      },
      {
        "model": "ascenlink",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.2.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.19"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sterling integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "hp-ux b.11.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d51",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system i\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "imc products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37001.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.9"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4"
      },
      {
        "model": "websphere transformation extender secure adapter collection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1.3"
      },
      {
        "model": "junos 12.1x44-d50",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "junos 14.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flashsystem 9843-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.8"
      },
      {
        "model": "linux enterprise server sp2 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "communications security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "db2 connect application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.13"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "tivoli endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50001.1"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "elastic storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.8"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system z\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.3"
      },
      {
        "model": "db2\u00ae connect? enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.10.38"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.8"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "db2 advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational developer for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.3"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.2"
      },
      {
        "model": "junos 12.3x48-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "websphere transformation extender secure adapter collection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1.1"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.33"
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational developer for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.11"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v310.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "sametime unified telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.9"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "rational requisitepro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "db2 workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.19"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.6"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.10"
      },
      {
        "model": "db2 connect unlimited edition for system i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.03"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "db2 connect? application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 15.1r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.6"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "junos 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.1.8"
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "smartcloud provisioning for software virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1.8"
      },
      {
        "model": "rational policy tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "db2\u00ae enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "junos 14.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.10"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.12"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.9"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.4"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "sterling connect:enterprise for unix ifix03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.1"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "tivoli netcool system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.11.0"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.1"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "db2\u00ae workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "general parallel file system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.28"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "junos 12.1x44-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x44-d30.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "db2\u00ae connect? enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "junos 15.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.8"
      },
      {
        "model": "db2\u00ae advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos d20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "exalogic infrastructure eecs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.6.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.38"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.07"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "websphere transformation extender secure adapter collection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.6"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "hp-ux b.11.11.16.09",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.5"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "db2 advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "db2 enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.07"
      },
      {
        "model": "junos 12.3x48-d30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.413"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.0"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "elastic storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.38"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "db2\u00ae enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "db2 enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "hp-ux b.11.11.13.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "junos 14.1r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.7"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.16"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.3"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.0"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.10"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "db2 express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.4"
      },
      {
        "model": "tivoli endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.11"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.12"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.7"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v39.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "hp-ux b.11.23.1.007",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "db2\u00ae express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.5"
      },
      {
        "model": "smartcloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.7"
      },
      {
        "model": "db2 developer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "forticlient windows/mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "smartcloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.31"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "db2 connect enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "flashsystem 9848-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "flashsystem 9840-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "security directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.34"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "db2 luw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0.5"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.9"
      },
      {
        "model": "db2\u00ae workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "tivoli endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system i\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "db2\u00ae advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.2.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.411"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.12.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.5"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.3.0"
      },
      {
        "model": "db2\u00ae connect? application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.16"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.0.4.0"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.10"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.1"
      },
      {
        "model": "junos 13.2x51-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "secure backup",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.3"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.6"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "junos 14.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.3"
      },
      {
        "model": "rational developer for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "fortivoice enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.6"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "flashsystem 9846-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "db2 enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "db2 connect application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.19"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.1"
      },
      {
        "model": "hp-ux b.11.11.02.008",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.11"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.16"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.21"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "junos 12.1x46-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "db2 connect unlimited advanced edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "netinsight",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.14"
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tivoli directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.35"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.21.0"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "rational developer for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.12"
      },
      {
        "model": "db2 express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.9"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.19"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "db2\u00ae advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 0.9.8zg",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 14.2r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.13"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "mobile connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.5"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.6"
      },
      {
        "model": "junos 13.2x51-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "powerkvm build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.157"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "junos 13.2x51-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.26"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.17"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "insight orchestration",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "db2\u00ae express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.12"
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "db2 connect enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "vcx products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "db2 connect unlimited edition for system i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "junos 12.1x47-d45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "spectrum scale",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.10"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "db2 connect unlimited edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "db2 purescale feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "elastic storage server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.37"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "spectrum scale",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.0"
      },
      {
        "model": "elastic storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tivoli netcool system service monitor fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "flashsystem 9843-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system i\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.6"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "elastic storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "hp-ux b.11.11.17.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "general parallel file system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.1.5"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.2"
      },
      {
        "model": "linux enterprise server sp4 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.16"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "db2 connect application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.13"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.03"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.41"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.19"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "db2 connect application server advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.19"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.1.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "hp-ux b.11.23.07.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.7"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.6"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.1"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "security directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1"
      },
      {
        "model": "elastic storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "db2 advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 12.1x46-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.2"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.3"
      },
      {
        "model": "junos 12.3r11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "elastic storage server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "tivoli monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.32"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system z\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "linux enterprise server sp1 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.1"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.13"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.07"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "db2 advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos 13.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.3"
      },
      {
        "model": "tivoli monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.1"
      },
      {
        "model": "rational developer for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "junos 15.1x49-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "tivoli endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.41"
      },
      {
        "model": "db2\u00ae advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "db2 advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "junos 14.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.3"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "workload deployer if9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.12"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "flashsystem 9848-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "junos 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.16"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.33"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.37"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35001.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "db2 purescale feature for enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.212"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "flashsystem 9846-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.2"
      },
      {
        "model": "db2\u00ae connect? application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "fsso build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "235"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "db2 connect unlimited edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "hp-ux b.11.11.14.15",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "junos 12.1x44-d35.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "sametime unified telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "db2\u00ae workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.20.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.3"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.3"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "db2\u00ae connect? enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.5"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "db2\u00ae advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.12"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.7"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "gpfs storage server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.15"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "junos 13.2x51-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "db2 workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.12"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "hp-ux b.11.11.15.13",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "db2 connect? application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.8"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "db2 enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "db2 connect application server advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "junos 15.1x49-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "db2\u00ae advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.6"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.6"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.32"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.8"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5"
      },
      {
        "model": "db2\u00ae enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.3"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.12"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "db2 connect unlimited advanced edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "spectrum scale",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.1"
      },
      {
        "model": "junos 12.3r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.214"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75158"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zf",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Joseph Birr-Pixton",
    "sources": [
      {
        "db": "BID",
        "id": "75158"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-1788",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-1788",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1788",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-1788",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.1o               \u003e= 0.9.8z_p7\n                                                            \u003e= 1.0.1o\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1o\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-8176\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176\n[ 2 ] CVE-2015-1788\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788\n[ 3 ] CVE-2015-1789\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789\n[ 4 ] CVE-2015-1790\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790\n[ 5 ] CVE-2015-1791\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791\n[ 6 ] CVE-2015-1792\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792\n[ 7 ] CVE-2015-4000\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201506-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. This could allow remote attackers to cause a denial of service\n    (crash) or potentially execute arbitrary code. This\n    could allow remote attackers to cause a denial of service. This could allow remote attackers to cause a denial of\n    service (crash) via crafted ASN.1-encoded PKCS#7 blobs. This could allow remote attackers to cause\n    a denial of service (crash). This could allow remote attackers to cause\n    a denial of service. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u17. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.0.2b-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2b-1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c05184351\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05184351\nVersion: 1\n\nHPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware\nusing OpenSSL, Remote Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-07-05\nLast Updated: 2016-07-05\n\nPotential Security Impact: Remote Denial of Service (DoS), Unauthorized\nAccess\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities in OpenSSL have been addressed with HPE\nnetwork products including iMC, VCX, Comware 5 and Comware 7. The\nvulnerabilities could be exploited remotely resulting in Denial of Service\n(DoS) or unauthorized access. \n\nPlease refer to the RESOLUTION\n below for a list of impacted products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2014-8176\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-1788\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-1789\n      3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-1790\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-1791\n      5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-1792\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-1793\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\n      6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\n      https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI\nd=emr_na-c01345499\n\nRESOLUTION\nHPE has released the following software updates to resolve the\nvulnerabilities in the HP network products including iMC, VCX, Comware 5 and\nComware 7. \n\n**COMWARE 5 Products**\n\n  + **A6600 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **HSR6602 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **MSR20 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD432A HP A-MSR20-21 Router\n      - JD662A HP MSR20-20 Router\n      - JD663A HP A-MSR20-21 Router\n      - JD663B HP MSR20-21 Router\n      - JD664A HP MSR20-40 Router\n      - JF228A HP MSR20-40 Router\n      - JF283A HP MSR20-20 Router\n  + **MSR20-1X  (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD431A HP MSR20-10 Router\n      - JD667A HP MSR20-15 IW Multi-Service Router\n      - JD668A HP MSR20-13 Multi-Service Router\n      - JD669A HP MSR20-13 W Multi-Service Router\n      - JD670A HP MSR20-15 A Multi-Service Router\n      - JD671A HP MSR20-15 AW Multi-Service Router\n      - JD672A HP MSR20-15 I Multi-Service Router\n      - JD673A HP MSR20-11 Multi-Service Router\n      - JD674A HP MSR20-12 Multi-Service Router\n      - JD675A HP MSR20-12 W Multi-Service Router\n      - JD676A HP MSR20-12 T1 Multi-Service Router\n      - JF236A HP MSR20-15-I Router\n      - JF237A HP MSR20-15-A Router\n      - JF238A HP MSR20-15-I-W Router\n      - JF239A HP MSR20-11 Router\n      - JF240A HP MSR20-13 Router\n      - JF241A HP MSR20-12 Router\n      - JF806A HP MSR20-12-T Router\n      - JF807A HP MSR20-12-W Router\n      - JF808A HP MSR20-13-W Router\n      - JF809A HP MSR20-15-A-W Router\n      - JF817A HP MSR20-15 Router\n      - JG209A HP MSR20-12-T-W Router (NA)\n      - JG210A HP MSR20-13-W Router (NA)\n  + **MSR 30 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD654A HP MSR30-60 POE Multi-Service Router\n      - JD657A HP MSR30-40 Multi-Service Router\n      - JD658A HP MSR30-60 Multi-Service Router\n      - JD660A HP MSR30-20 POE Multi-Service Router\n      - JD661A HP MSR30-40 POE Multi-Service Router\n      - JD666A HP MSR30-20 Multi-Service Router\n      - JF229A HP MSR30-40 Router\n      - JF230A HP MSR30-60 Router\n      - JF232A HP RTMSR3040-AC-OVSAS-H3\n      - JF235A HP MSR30-20 DC Router\n      - JF284A HP MSR30-20 Router\n      - JF287A HP MSR30-40 DC Router\n      - JF801A HP MSR30-60 DC Router\n      - JF802A HP MSR30-20 PoE Router\n      - JF803A HP MSR30-40 PoE Router\n      - JF804A HP MSR30-60 PoE Router\n      - JG728A HP MSR30-20 TAA-compliant DC Router\n      - JG729A HP MSR30-20 TAA-compliant Router\n  + **MSR 30-16 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD659A HP MSR30-16 POE Multi-Service Router\n      - JD665A HP MSR30-16 Multi-Service Router\n      - JF233A HP MSR30-16 Router\n      - JF234A HP MSR30-16 PoE Router\n  + **MSR 30-1X (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JF800A HP MSR30-11 Router\n      - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n      - JG182A HP MSR30-11E Router\n      - JG183A HP MSR30-11F Router\n      - JG184A HP MSR30-10 DC Router\n  + **MSR 50 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD433A HP MSR50-40 Router\n      - JD653A HP MSR50 Processor Module\n      - JD655A HP MSR50-40 Multi-Service Router\n      - JD656A HP MSR50-60 Multi-Service Router\n      - JF231A HP MSR50-60 Router\n      - JF285A HP MSR50-40 DC Router\n      - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n  + **MSR 50-G2 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD429A HP MSR50 G2 Processor Module\n      - JD429B HP MSR50 G2 Processor Module\n  + **MSR 9XX (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JF812A HP MSR900 Router\n      - JF813A HP MSR920 Router\n      - JF814A HP MSR900-W Router\n      - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n      - JG207A HP MSR900-W Router (NA)\n      - JG208A HP MSR920-W Router (NA)\n  + **MSR 93X (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JG511A HP MSR930 Router\n      - JG511B HP MSR930 Router\n      - JG512A HP MSR930 Wireless Router\n      - JG513A HP MSR930 3G Router\n      - JG513B HP MSR930 3G Router\n      - JG514A HP MSR931 Router\n      - JG514B HP MSR931 Router\n      - JG515A HP MSR931 3G Router\n      - JG516A HP MSR933 Router\n      - JG517A HP MSR933 3G Router\n      - JG518A HP MSR935 Router\n      - JG518B HP MSR935 Router\n      - JG519A HP MSR935 Wireless Router\n      - JG520A HP MSR935 3G Router\n      - JG531A HP MSR931 Dual 3G Router\n      - JG531B HP MSR931 Dual 3G Router\n      - JG596A HP MSR930 4G LTE/3G CDMA Router\n      - JG597A HP MSR936 Wireless Router\n      - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n      - JG704A HP MSR930 4G LTE/3G WCDMA  ATT Router\n      - JH009A HP MSR931 Serial (TI) Router\n      - JH010A HP MSR933 G.SHDSL (TI) Router\n      - JH011A HP MSR935 ADSL2+ (TI) Router\n      - JH012A HP MSR930 Wireless 802.11n (NA) Router\n      - JH012B HP MSR930 Wireless 802.11n (NA) Router\n      - JH013A HP MSR935 Wireless 802.11n (NA) Router\n  + **MSR1000 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JG732A HP MSR1003-8 AC Router\n  + **12500 (Comware 5) - Version: R1829P01**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JC808A HP 12500 TAA Main Processing Unit\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n  + **9500E (Comware 5) - Version: R1829P01**\n    * HP Network Products\n      - JC124A HP A9508 Switch Chassis\n      - JC124B HP 9505 Switch Chassis\n      - JC125A HP A9512 Switch Chassis\n      - JC125B HP 9512 Switch Chassis\n      - JC474A HP A9508-V Switch Chassis\n      - JC474B HP 9508-V Switch Chassis\n  + **10500 (Comware 5) - Version: R1210P01**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC614A HP 10500 Main Processing Unit\n      - JC748A HP 10512 Switch Chassis\n      - JG375A HP 10500 TAA-compliant Main Processing Unit\n      - JG820A HP 10504 TAA-compliant Switch Chassis\n      - JG821A HP 10508 TAA-compliant Switch Chassis\n      - JG822A HP 10508-V TAA-compliant Switch Chassis\n      - JG823A HP 10512 TAA-compliant Switch Chassis\n  + **7500 (Comware 5) - Version: R6710P01**\n    * HP Network Products\n      - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n      - JC697A HP 7502 TAA-compliant Main Processing Unit\n      - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n      - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n      - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n      - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n      - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD194A HP 7500 384Gbps Fabric Module\n      - JD194B HP 7500 384Gbps Fabric Module\n      - JD195A HP 7500 384Gbps Advanced Fabric Module\n      - JD196A HP 7502 Fabric Module\n      - JD220A HP 7500 768Gbps Fabric Module\n      - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n      - JD238A HP 7510 Switch Chassis\n      - JD238B HP 7510 Switch Chassis\n      - JD239A HP 7506 Switch Chassis\n      - JD239B HP 7506 Switch Chassis\n      - JD240A HP 7503 Switch Chassis\n      - JD240B HP 7503 Switch Chassis\n      - JD241A HP 7506-V Switch Chassis\n      - JD241B HP 7506-V Switch Chassis\n      - JD242A HP 7502 Switch Chassis\n      - JD242B HP 7502 Switch Chassis\n      - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JE164A HP E7902 Switch Chassis\n      - JE165A HP E7903 Switch Chassis\n      - JE166A HP E7903 1 Fabric Slot Switch Chassis\n      - JE167A HP E7906 Switch Chassis\n      - JE168A HP E7906 Vertical Switch Chassis\n      - JE169A HP E7910 Switch Chassis\n  + **5830 (Comware 5) - Version: R1118P13**\n    * HP Network Products\n      - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n      - JC694A HP 5830AF-96G Switch\n      - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n      - JG374A HP 5830AF-96G TAA-compliant Switch\n  + **5800 (Comware 5) - Version: R1809P11**\n    * HP Network Products\n      - JC099A HP 5800-24G-PoE Switch\n      - JC099B HP 5800-24G-PoE+ Switch\n      - JC100A HP 5800-24G Switch\n      - JC100B HP 5800-24G Switch\n      - JC101A HP 5800-48G Switch with 2 Slots\n      - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n      - JC103A HP 5800-24G-SFP Switch\n      - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n      - JC104A HP 5800-48G-PoE Switch\n      - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n      - JC105A HP 5800-48G Switch\n      - JC105B HP 5800-48G Switch with 1 Interface Slot\n      - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG255A HP 5800-24G TAA-compliant Switch\n      - JG255B HP 5800-24G TAA-compliant Switch\n      - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG225A HP 5800AF-48G Switch\n      - JG225B HP 5800AF-48G Switch\n      - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n      - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n      - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n      - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n      - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n      - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n      - JG219A HP 5820AF-24XG Switch\n      - JG219B HP 5820AF-24XG Switch\n      - JC102A HP 5820-24XG-SFP+ Switch\n      - JC102B HP 5820-24XG-SFP+ Switch\n  + **5500 HI (Comware 5) - Version: R5501P17**\n    * HP Network Products\n      - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n      - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n      - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n      - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n  + **5500 EI (Comware 5) - Version: R2221P19**\n    * HP Network Products\n      - JD373A HP 5500-24G DC EI Switch\n      - JD374A HP 5500-24G-SFP EI Switch\n      - JD375A HP 5500-48G EI Switch\n      - JD376A HP 5500-48G-PoE EI Switch\n      - JD377A HP 5500-24G EI Switch\n      - JD378A HP 5500-24G-PoE EI Switch\n      - JD379A HP 5500-24G-SFP DC EI Switch\n      - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n      - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n      - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n  + **4800G (Comware 5) - Version: R2221P19**\n    * HP Network Products\n      - JD007A HP 4800-24G Switch\n      - JD008A HP 4800-24G-PoE Switch\n      - JD009A HP 4800-24G-SFP Switch\n      - JD010A HP 4800-48G Switch\n      - JD011A HP 4800-48G-PoE Switch\n  + **5500SI (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JD369A HP 5500-24G SI Switch\n      - JD370A HP 5500-48G SI Switch\n      - JD371A HP 5500-24G-PoE SI Switch\n      - JD372A HP 5500-48G-PoE SI Switch\n      - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n      - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n  + **4500G (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JF428A HP 4510-48G Switch\n      - JF847A HP 4510-24G Switch\n  + **5120 EI (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JE066A HP 5120-24G EI Switch\n      - JE067A HP 5120-48G EI Switch\n      - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n      - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n      - JE070A HP 5120-24G-PoE EI 2-slot Switch\n      - JE071A HP 5120-48G-PoE EI 2-slot Switch\n      - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n      - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n  + **4210G (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JF844A HP 4210-24G Switch\n      - JF845A HP 4210-48G Switch\n      - JF846A HP 4210-24G-PoE Switch\n  + **5120 SI (Comware 5) - Version: R1516**\n    * HP Network Products\n      - JE072A HP 5120-48G SI Switch\n      - JE072B HPE 5120 48G SI Switch\n      - JE073A HP 5120-16G SI Switch\n      - JE073B HPE 5120 16G SI Switch\n      - JE074A HP 5120-24G SI Switch\n      - JE074B HPE 5120 24G SI Switch\n      - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n      - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n      - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n      - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n      - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n  + **3610 (Comware 5) - Version: R5319P14**\n    * HP Network Products\n      - JD335A HP 3610-48 Switch\n      - JD336A HP 3610-24-4G-SFP Switch\n      - JD337A HP 3610-24-2G-2G-SFP Switch\n      - JD338A HP 3610-24-SFP Switch\n  + **3600V2 (Comware 5) - Version: R2110P06**\n    * HP Network Products\n      - JG299A HP 3600-24 v2 EI Switch\n      - JG299B HP 3600-24 v2 EI Switch\n      - JG300A HP 3600-48 v2 EI Switch\n      - JG300B HP 3600-48 v2 EI Switch\n      - JG301A HP 3600-24-PoE+ v2 EI Switch\n      - JG301B HP 3600-24-PoE+ v2 EI Switch\n      - JG301C HP 3600-24-PoE+ v2 EI Switch\n      - JG302A HP 3600-48-PoE+ v2 EI Switch\n      - JG302B HP 3600-48-PoE+ v2 EI Switch\n      - JG302C HP 3600-48-PoE+ v2 EI Switch\n      - JG303A HP 3600-24-SFP v2 EI Switch\n      - JG303B HP 3600-24-SFP v2 EI Switch\n      - JG304A HP 3600-24 v2 SI Switch\n      - JG304B HP 3600-24 v2 SI Switch\n      - JG305A HP 3600-48 v2 SI Switch\n      - JG305B HP 3600-48 v2 SI Switch\n      - JG306A HP 3600-24-PoE+ v2 SI Switch\n      - JG306B HP 3600-24-PoE+ v2 SI Switch\n      - JG306C HP 3600-24-PoE+ v2 SI Switch\n      - JG307A HP 3600-48-PoE+ v2 SI Switch\n      - JG307B HP 3600-48-PoE+ v2 SI Switch\n      - JG307C HP 3600-48-PoE+ v2 SI Switch\n  + **3100V2-48 (Comware 5) - Version: R2110P06**\n    * HP Network Products\n      - JG315A HP 3100-48 v2 Switch\n      - JG315B HP 3100-48 v2 Switch\n  + **HP870 (Comware 5) - Version: R2607P46**\n    * HP Network Products\n      - JG723A HP 870 Unified Wired-WLAN Appliance\n      - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP850 (Comware 5) - Version: R2607P46**\n    * HP Network Products\n      - JG722A HP 850 Unified Wired-WLAN Appliance\n      - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP830 (Comware 5) - Version: R3507P46**\n    * HP Network Products\n      - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n      - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n      - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n      - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n  + **HP6000 (Comware 5) - Version: R2507P46**\n    * HP Network Products\n      - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n      - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n  + **WX5004-EI (Comware 5) - Version: R2507P46**\n    * HP Network Products\n      - JD447B HP WX5002 Access Controller\n      - JD448A HP WX5004 Access Controller\n      - JD448B HP WX5004 Access Controller\n      - JD469A HP WX5004 Access Controller\n  + **SecBlade FW (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JC635A HP 12500 VPN Firewall Module\n      - JD245A HP 9500 VPN Firewall Module\n      - JD249A HP 10500/7500 Advanced VPN Firewall Module\n      - JD250A HP 6600 Firewall Processing Router Module\n      - JD251A HP 8800 Firewall Processing Module\n      - JD255A HP 5820 VPN Firewall Module\n  + **F1000-E (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JD272A HP F1000-E VPN Firewall Appliance\n  + **F1000-A-EI (Comware 5) - Version: R3734P08**\n    * HP Network Products\n      - JG214A HP F1000-A-EI VPN Firewall Appliance\n  + **F1000-S-EI (Comware 5) - Version: R3734P08**\n    * HP Network Products\n      - JG213A HP F1000-S-EI VPN Firewall Appliance\n  + **F5000-A (Comware 5) - Version: F3210P26**\n    * HP Network Products\n      - JD259A HP A5000-A5 VPN Firewall Chassis\n      - JG215A HP F5000 Firewall Main Processing Unit\n      - JG216A HP F5000 Firewall Standalone Chassis\n  + **U200S and CS (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD273A HP U200-S UTM Appliance\n  + **U200A and M (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD275A HP U200-A UTM Appliance\n  + **F5000-C/S (Comware 5) - Version: R3811P05**\n    * HP Network Products\n      - JG650A HP F5000-C VPN Firewall Appliance\n      - JG370A HP F5000-S VPN Firewall Appliance\n  + **SecBlade III (Comware 5) - Version: R3820P06**\n    * HP Network Products\n      - JG371A HP 12500 20Gbps VPN Firewall Module\n      - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n  + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n  + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC165A) HP 6600 RPE-X1 Router Module\n      - JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC176A) HP 6602 Router Chassis\n  + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **SMB1910 (Comware 5) - Version: R1111**\n    * HP Network Products\n      - JG540A HP 1910-48 Switch\n      - JG539A HP 1910-24-PoE+ Switch\n      - JG538A HP 1910-24 Switch\n      - JG537A HP 1910-8 -PoE+ Switch\n      - JG536A HP 1910-8 Switch\n  + **SMB1920 (Comware 5) - Version: R1109**\n    * HP Network Products\n      - JG928A HP 1920-48G-PoE+ (370W) Switch\n      - JG927A HP 1920-48G Switch\n      - JG926A HP 1920-24G-PoE+ (370W) Switch\n      - JG925A HP 1920-24G-PoE+ (180W) Switch\n      - JG924A HP 1920-24G Switch\n      - JG923A HP 1920-16G Switch\n      - JG922A HP 1920-8G-PoE+ (180W) Switch\n      - JG921A HP 1920-8G-PoE+ (65W) Switch\n      - JG920A HP 1920-8G Switch\n  + **V1910 (Comware 5) - Version: R1516**\n    * HP Network Products\n      - JE005A HP 1910-16G Switch\n      - JE006A HP 1910-24G Switch\n      - JE007A HP 1910-24G-PoE (365W) Switch\n      - JE008A HP 1910-24G-PoE(170W) Switch\n      - JE009A HP 1910-48G Switch\n      - JG348A HP 1910-8G Switch\n      - JG349A HP 1910-8G-PoE+ (65W) Switch\n      - JG350A HP 1910-8G-PoE+ (180W) Switch\n  + **SMB 1620 (Comware 5) - Version: R1108**\n    * HP Network Products\n      - JG914A HP 1620-48G Switch\n      - JG913A HP 1620-24G Switch\n      - JG912A HP 1620-8G Switch\n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7376**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7170**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1138P01**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0321P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2138P01**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3109P16**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **5700 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P05**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P05**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3109P16**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7170**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n\n**iMC Products**\n\n  + **iMC Plat - Version: iMC Plat 7.1 E0303P16**\n    * HP Network Products\n      - JD125A  HP IMC Std S/W Platform w/100-node\n      - JD126A  HP IMC Ent S/W Platform w/100-node\n      - JD808A  HP IMC Ent Platform w/100-node License\n      - JD814A   HP A-IMC Enterprise Edition Software DVD Media\n      - JD815A  HP IMC Std Platform w/100-node License\n      - JD816A  HP A-IMC Standard Edition Software DVD Media\n      - JF288AAE  HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n      - JF289AAE  HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n      - JF377A  HP IMC Std S/W Platform w/100-node Lic\n      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU\n      - JF378A  HP IMC Ent S/W Platform w/200-node Lic\n      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU\n      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU\n      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU\n      - JG550AAE  HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\n      - JG590AAE  HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\n      - JG659AAE  HP IMC Smart Connect VAE E-LTU\n      - JG660AAE  HP IMC Smart Connect w/WLM VAE E-LTU\n      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU\n      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n      - JG766AAE  HP IMC SmCnct Vrtl Applnc SW E-LTU\n      - JG767AAE  HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\n      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n  + **iMC iNode - Version: iNode PC 7.1 E0313, or, iNode PC 7.2 (E0401)**\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n  + **iMC TAM_UAM - Version: iMC UAM_TAM 7.1 (E0307)**\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n  + **iMC NSM - Version: iMC WSM 7.1 E0303P10**\n    * HP Network Products\n      - JD456A HP IMC WSM Software Module with 50-Access Point License\n      - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n      - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n      - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n      - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n      - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n  + **VCX - Version: 9.8.18**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n\nHISTORY\nVersion:1 (rev.1) - 5 July 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:10.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          Multiple OpenSSL vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2015-06-12\nAffects:        All supported versions of FreeBSD. \nCorrected:      2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE)\n                2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12)\n                2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE)\n                2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16)\n                2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE)\n                2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30)\nCVE Name:       CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791\n                CVE-2015-1792, CVE-2015-4000\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. [CVE-2015-1791]\n\nThe OpenSSL advisory also describes a problem that is identified as\nCVE-2014-8176, which is already fixed by an earlier FreeBSD Errata\nNotice, FreeBSD-EN-15:02.openssl. \n\nIII. [CVE-2015-4000]. \n[CVE-2015-1788].  This affects FreeBSD 10.1 only, as the problem\nwas no longer exist in OpenSSL 0.9.8 series since July 2012. [CVE-2015-1790]. [CVE-2015-1792]\n\nAn attacker may be able to crash multi-thread applications that\nsupports resumed TLS handshakes. [CVE-2015-1791]\n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\n[FreeBSD 9.3 and 8.4]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc\n# gpg --verify openssl-8.4.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r284286\nreleng/8.4/                                                       r284295\nstable/9/                                                         r284286\nreleng/9.3/                                                       r284295\nstable/10/                                                        r284285\nreleng/10.1/                                                      r284295\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20150611.txt\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\u003e \n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:10.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.4 (FreeBSD)\n\niQIcBAEBCgAGBQJVeopGAAoJEO1n7NZdz2rnzhQP/Ak6el188Y+7QbEYVfCZ7eG8\nBQLj5TMGHV5swSKVlPcEuBlMwTjpgB5Gqhc8luDS0eIAuJGdcMPSrZDdXxWQFtPf\npbfIwp/ElFc7d6ut0Y8t6fFLJbhTOoHJpzTGkFRfJkjinGOx7OZQPeLJsxSubbnL\nJKugZ3diH6yk6IPMf9SvhO/kYXUF1VbXQvHNTnqgdhFVkgF6tK22Pkl2XoJ9EHbh\nvBXft1yJwiYlZ//DxZuScTUj1pHYzK3bOpg//REJMWCMj1RVwQr2EyDa0Q2cT02d\neRnSZykXD69eybyzEck+BvwnUYYJICimnHuE5t78UIr0D/NWyOAZTQ99z5TID5aV\nHXkcil+1E/Q+xBB4+5UOOnESf6cmiWwewQOVvD26ZY39E6oJXvsrWnyxIuCG6DL9\nsLtxB6iTYlTX5Civ/VJX8H7rFiw4UwMembthvGzck22026iHjplWM3GCWz0E8O3R\nPrXBHjAzNFawK3owNMxFSUFTuFw/qY7EEwJ3SKCEC+hoxcLOl26NMxrQKRIAUk+I\nMMOaZfvOh2uM19y9SJZz8+sqU8gIm7ihDm5fuSkO8kY0jdvLwyS9bXAejN/lZ6oJ\nTyfTDDyXDOdaPpnpQehh6vQV0NiaJ+WXfGhfiE8/G/t6b1E0LlCaaGJTpYkildGe\nvVCM4Nyx4S9WDFOi76ug\n=dyhg\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1n-i486-1_slack14.1.txz:  Upgraded. \n  Fixes several bugs and security issues:\n   o Malformed ECParameters causes infinite loop (CVE-2015-1788)\n   o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n   o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n   o CMS verify infinite loop with unknown hash function (CVE-2015-1792)\n   o Race condition handling NewSessionTicket (CVE-2015-1791)\n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n383ecfed6bfef1440a44d7082745848a  openssl-0.9.8zg-i486-1_slack13.0.txz\nfb186187ffa200e22d9450a9d0e321f6  openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\neb52318ed52fef726402f0b2a74745c5  openssl-0.9.8zg-x86_64-1_slack13.0.txz\n9447927b960a01b21149e28a9783021f  openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n37f46f6b4fe2acbe217eaf7c0b33b704  openssl-0.9.8zg-i486-1_slack13.1.txz\n986de2e71676f61d788a59a1e0c8de1f  openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n6b160ce817dcde3ae5b3a861b284387b  openssl-0.9.8zg-x86_64-1_slack13.1.txz\n503d891680c711162386ea7e3daadca8  openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n5e7501b1d73d01d3d87704c3cfd3a888  openssl-0.9.8zg-i486-1_slack13.37.txz\n874f0b59870dd3f259640c9930a02f99  openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nb6d91614458040d461dff3c3eab45206  openssl-0.9.8zg-x86_64-1_slack13.37.txz\nbe106df5e59c2be7fa442df8ba85ad0b  openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nee7c3937e6a6d7ac7537f751af7da7b9  openssl-1.0.1n-i486-1_slack14.0.txz\n758662437d33f99ec0a686cedeb1919e  openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2dfdc4729e93cf460018e9e30a6223dc  openssl-1.0.1n-x86_64-1_slack14.0.txz\n9cb4b34e97e60f6bfe4c843aabeae954  openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n5a9bf08d55615cfc097109c2e3786f7b  openssl-1.0.1n-i486-1_slack14.1.txz\nfb1c05468e5c38d51a8ff6ac435e3a20  openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1ef5cede3f954c3e4741012ffa76b750  openssl-1.0.1n-x86_64-1_slack14.1.txz\nea22c288c60ae1d7ea8c5b3a1608462b  openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n56db8712d653c060f910e8915a8f8656  a/openssl-solibs-1.0.1n-i586-1.txz\n6d6264c9943e27240db5c8f5ec342e27  n/openssl-1.0.1n-i586-1.txz\n\nSlackware x86_64 -current packages:\ne73f7aff5aa0ad14bc06428544f99ae2  a/openssl-solibs-1.0.1n-x86_64-1.txz\n91b550b9eb0ac0c580e158375a93c0e4  n/openssl-1.0.1n-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \n\nPlease download the latest version of HPE Version Control Repository Manager\n(VCRM) (7.5.1) from the following location:\n\nVCRM for Windows:\n\nhttps://www.hp.com/swpublishing/MTX-b59b11be53744759a650eadeb4\n\nVCRM for Linux is only available only with HPE Systems Insight Manager (HPE\nSIM):\n\nhttps://www.hp.com/go/sim\n\nHISTORY\nVersion:1 (rev.1) - 12 May 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. OpenSSL Security Advisory [11 Jun 2015]\n=======================================\n\nDHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA vulnerability in the TLS protocol allows a man-in-the-middle\nattacker to downgrade vulnerable TLS connections using ephemeral\nDiffie-Hellman key exchange to 512-bit export-grade cryptography. This\nvulnerability is known as Logjam (CVE-2015-4000). \n\nOpenSSL has added protection for TLS clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. This limit will be increased\nto 1024 bits in a future release. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\n\nFixes for this issue were developed by Emilia K\u00e4sper and Kurt Roeckx\nof the OpenSSL development team. \n\nThis can be used to perform denial of service against any\nsystem which processes public keys, certificate requests or\ncertificates.  This includes TLS clients and TLS servers with\nclient authentication enabled. \n\nThis issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent\n1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s\nOpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The\nfix was developed by Andy Polyakov of the OpenSSL development team. \n\nExploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n===============================================================\n\nSeverity: Moderate\n\nX509_cmp_time does not properly check the length of the ASN1_TIME\nstring and can read a few bytes out of bounds. In addition,\nX509_cmp_time accepts an arbitrary number of fractional seconds in the\ntime string. \n\nAn attacker can use this to craft malformed certificates and CRLs of\nvarious sizes and potentially cause a segmentation fault, resulting in\na DoS on applications that verify certificates or CRLs. TLS clients\nthat verify CRLs are affected. TLS clients and servers with client\nauthentication enabled may be affected if they use custom verification\ncallbacks. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki\n(Google), and independently on 11th April 2015 by Hanno B\u00f6ck. The fix\nwas developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n=========================================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\nwith missing content and trigger a NULL pointer dereference on parsing. \n\nApplications that decrypt PKCS#7 data or otherwise parse PKCS#7\nstructures from untrusted sources are affected. OpenSSL clients and\nservers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 18th April 2015 by  Michal\nZalewski (Google). The fix was developed by Emilia K\u00e4sper of the\nOpenSSL development team. \n\nCMS verify infinite loop with unknown hash function (CVE-2015-1792)\n===================================================================\n\nSeverity: Moderate\n\nWhen verifying a signedData message the CMS code can enter an infinite loop\nif presented with an unknown hash function OID. \n\nThis can be used to perform denial of service against any system which\nverifies signedData messages using the CMS code. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The\nfix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nRace condition handling NewSessionTicket (CVE-2015-1791)\n========================================================\n\nSeverity: Low\n\nIf a NewSessionTicket is received by a multi-threaded client when attempting to\nreuse a previous ticket then a race condition can occur potentially leading to\na double free of the ticket data. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was discovered by Emilia K\u00e4sper of the OpenSSL development team. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nInvalid free in DTLS (CVE-2014-8176)\n====================================\n\nSeverity: Moderate\n\nThis vulnerability does not affect current versions of OpenSSL. It\nexisted in previous OpenSSL versions and was fixed in June 2014. \n\nIf a DTLS peer receives application data between the ChangeCipherSpec\nand Finished messages, buffering of such data may cause an invalid\nfree, resulting in a segmentation fault or potentially, memory\ncorruption. \n\nThis issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThis issue was originally reported on March 28th 2014 in\nhttps://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen\nKariyanahalli, and subsequently by Ivan Fratric and Felix Groebert\n(Google). A fix was developed by zhu qun-ying. \n\nThe fix for this issue can be identified by commits bcc31166 (1.0.1),\nb79e6e3a (1.0.0) and 4b258e73 (0.9.8). \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150611.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "BID",
        "id": "75158"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132291"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1788",
        "trust": 2.9
      },
      {
        "db": "JUNIPER",
        "id": "JSA10694",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "75158",
        "trust": 1.4
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1032564",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10122",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU91445763",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1788",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132398",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132291",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137772",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132288",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132285",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136989",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169629",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "BID",
        "id": "75158"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132291"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "id": "VAR-201506-0231",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2242063475
  },
  "last_update_date": "2024-07-23T20:32:53.570000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "title": "bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932"
      },
      {
        "title": "HPSBUX03388",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2"
      },
      {
        "title": "HPSBMU03546",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05045763"
      },
      {
        "title": "HPSBMU03611",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "title": "HPSBMU03612",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "title": "HPSBHF03613",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/522154/index.html"
      },
      {
        "title": "NV15-010",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-010.html"
      },
      {
        "title": "OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "title": "Tarballs",
        "trust": 0.8,
        "url": "https://www.openssl.org/source/"
      },
      {
        "title": "[11 Jun 2015] DHE man-in-the-middle protection (Logjam)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "JSA10694",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1129/1129443_cisco-sa-20150612-openssl-j.html"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/07/06/hpe_rushes_out_patch_for_more_than_a_year_of_openssl_vulns/"
      },
      {
        "title": "Red Hat: CVE-2015-1788",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1788"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2639-1"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150611\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-07"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150612-openssl"
      },
      {
        "title": "Symantec Security Advisories: SA98 : OpenSSL Security Advisory 11-June-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a7350b0751124b5a44ba8dbd2df71f9f"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/aravindb26/new.txt "
      },
      {
        "title": "afl-cve",
        "trust": 0.1,
        "url": "https://github.com/mrash/afl-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "trust": 1.4,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/75158"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201506-02"
      },
      {
        "trust": 1.1,
        "url": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131044"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.1,
        "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "https://openssl.org/news/secadv/20150611.txt"
      },
      {
        "trust": 1.1,
        "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.1,
        "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.1,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa98"
      },
      {
        "trust": 1.1,
        "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.1,
        "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2639-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032564"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3287"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1788"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963362"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022444"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962775"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965845"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/13"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/135"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022527"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005376"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962520"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963954"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966723"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022655"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022797"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098801"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-014/"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962047"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962550"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964241"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962039"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962833"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020862"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022647"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961800"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960633"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963096"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961111"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960713"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964033"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964441"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903425"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960157"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959518"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961569"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005373"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005434"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960041"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960045"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961565"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962714"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962890"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964686"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964766"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966356"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966484"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966847"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966873"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967146"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968871"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969177"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969271"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970020"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970103"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970667"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971238"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972125"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974116"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000137"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978471"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966381"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022618"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005364"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965643"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2639-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=43094"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1793"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?doci"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20150611.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4000\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-15:10.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/swpublishing/mtx-b59b11be53744759a650eadeb4"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/sim"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://rt.openssl.org/ticket/display.html?id=3286"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "BID",
        "id": "75158"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132291"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "BID",
        "id": "75158"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132291"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "date": "2015-06-11T00:00:00",
        "db": "BID",
        "id": "75158"
      },
      {
        "date": "2015-06-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "date": "2015-06-22T14:14:00",
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "date": "2015-06-15T15:43:16",
        "db": "PACKETSTORM",
        "id": "132291"
      },
      {
        "date": "2016-07-05T18:18:00",
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "date": "2015-06-12T13:25:28",
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "date": "2015-06-12T13:17:58",
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "date": "2016-05-13T16:14:13",
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "date": "2015-06-11T12:12:12",
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "date": "2015-06-12T19:59:01.600000",
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "date": "2018-10-08T08:00:00",
        "db": "BID",
        "id": "75158"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "date": "2022-12-13T12:15:14.860000",
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "75158"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/bn/bn_gf2m.c of  BN_GF2m_mod_inv Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "75158"
      }
    ],
    "trust": 0.3
  }
}

var-201810-0932
Vulnerability from variot

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text.

Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 ( Security fix ) patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz

Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz

Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 packages: e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz

Slackware 14.2 packages: d5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz 594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz

Slackware x86_64 14.2 packages: 943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz 0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz

Slackware -current packages: 6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz 6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz

Slackware x86_64 -current packages: eb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz 12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Description:

This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):

1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service

For the stable distribution (stretch), these problems have been fixed in version 1.1.0j-1~deb9u1. Going forward, openssl security updates for stretch will be based on the 1.1.0x upstream releases.

For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8 TjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6 Udto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj 45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ VXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2 Dwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx /qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn q+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/ u8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM 9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT 7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61 P2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Low: openssl security, bug fix, and enhancement update Advisory ID: RHSA-2019:3700-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3700 Issue date: 2019-11-05 CVE Names: CVE-2018-0734 CVE-2018-0735 CVE-2019-1543 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

The following packages have been upgraded to a later upstream version: openssl (1.1.1c).

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1644356 - CVE-2018-0735 openssl: timing side channel attack in the ECDSA signature generation 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1668880 - ec man page lists -modulus but the tool doesn't support it 1686058 - specifying digest for signing time-stamping responses is mandatory 1686548 - Incorrect handling of fragmented KeyUpdate messages 1695954 - CVE-2019-1543 openssl: ChaCha20-Poly1305 with long nonces 1697915 - Race/segmentation fault on process shutdown in OpenSSL 1706104 - openssl asn1parse crashes with double free or corruption (!prev) 1706915 - OpenSSL should implement continuous random test or use the kernel AF_ALG interface for random 1712023 - openssl pkcs12 uses certpbe algorithm not compliant with FIPS by default 1714245 - DSA ciphers in TLS don't work with SHA-1 signatures even in LEGACY level

  1. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source: openssl-1.1.1c-2.el8.src.rpm

aarch64: openssl-1.1.1c-2.el8.aarch64.rpm openssl-debuginfo-1.1.1c-2.el8.aarch64.rpm openssl-debugsource-1.1.1c-2.el8.aarch64.rpm openssl-devel-1.1.1c-2.el8.aarch64.rpm openssl-libs-1.1.1c-2.el8.aarch64.rpm openssl-libs-debuginfo-1.1.1c-2.el8.aarch64.rpm openssl-perl-1.1.1c-2.el8.aarch64.rpm

ppc64le: openssl-1.1.1c-2.el8.ppc64le.rpm openssl-debuginfo-1.1.1c-2.el8.ppc64le.rpm openssl-debugsource-1.1.1c-2.el8.ppc64le.rpm openssl-devel-1.1.1c-2.el8.ppc64le.rpm openssl-libs-1.1.1c-2.el8.ppc64le.rpm openssl-libs-debuginfo-1.1.1c-2.el8.ppc64le.rpm openssl-perl-1.1.1c-2.el8.ppc64le.rpm

s390x: openssl-1.1.1c-2.el8.s390x.rpm openssl-debuginfo-1.1.1c-2.el8.s390x.rpm openssl-debugsource-1.1.1c-2.el8.s390x.rpm openssl-devel-1.1.1c-2.el8.s390x.rpm openssl-libs-1.1.1c-2.el8.s390x.rpm openssl-libs-debuginfo-1.1.1c-2.el8.s390x.rpm openssl-perl-1.1.1c-2.el8.s390x.rpm

x86_64: openssl-1.1.1c-2.el8.x86_64.rpm openssl-debuginfo-1.1.1c-2.el8.i686.rpm openssl-debuginfo-1.1.1c-2.el8.x86_64.rpm openssl-debugsource-1.1.1c-2.el8.i686.rpm openssl-debugsource-1.1.1c-2.el8.x86_64.rpm openssl-devel-1.1.1c-2.el8.i686.rpm openssl-devel-1.1.1c-2.el8.x86_64.rpm openssl-libs-1.1.1c-2.el8.i686.rpm openssl-libs-1.1.1c-2.el8.x86_64.rpm openssl-libs-debuginfo-1.1.1c-2.el8.i686.rpm openssl-libs-debuginfo-1.1.1c-2.el8.x86_64.rpm openssl-perl-1.1.1c-2.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2018-0734 https://access.redhat.com/security/cve/CVE-2018-0735 https://access.redhat.com/security/cve/CVE-2019-1543 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXcHzTdzjgjWX9erEAQjP6w/8D4eIfwgPbpKXdy3Y2kjmKhb9faqBJvHm eqpG5tewJQBtRAPm/R7SesrMVKGUEDAuiSKydQlQn8nuRIWDsKw14+uLRN7AyTQ3 jXy0pnp+C7O1hyJnwNEiXo9ZgUaXMMXLGyTk8v9gnzA/HYpZX1c4g4FXHf0ycBi/ thxllEiJx6CrEO3pszYzu1Lt9GFMOAJPvwbiW0S7mVmsNCI4n+5OfeNzmURXdObs 89/XCFrQO3CDAh3SXCZa08Ie8px7Aq8slmNWOswhlqIYkUWGUbICIpqW1+4XyAqz hVP8iqTY7TRwBPB0zoqmO5cxMY+jqMk/LphG+oTOF+ZA7YZH3bjDxJisCOr+ys+i WnTYAl1KFBqo5uhH4dBzNH2EE5PeiwKNKqu6Wws1qOblTFXb3AYSHsqLv6VB0m1B MXcUXrjSMwelSVAgK1eekJsYqCr3lT1+N8cA8P/sgT/DzGTNJhcoCE/OeJCUVBZL uGhke48CUs3GvXCKP0+PDpINRRllGwVqkkCQ7LtsXoB0hGaaGt+CNCd3aQj8rf02 mPi2Vab7CjBLUn1QGiNigLF4X4rKZlxiBcHDByyHdeCW+zHvGod7ksmJKXmHujvY pdg6toj/our0hhQp2dPTXFPKFtkO7GIIe19i+OZ6Rn0niVxSQbshiXyFFsvgZN0F 82vSbeKouJA= =mdzd -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3840-1 December 06, 2018

openssl, openssl1.0 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in OpenSSL. (CVE-2018-0734)

Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)

Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading (SMT) architectures are vulnerable to side-channel leakage. This issue is known as "PortSmash". (CVE-2018-5407)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10: libssl1.0.0 1.0.2n-1ubuntu6.1 libssl1.1 1.1.1-1ubuntu2.1

Ubuntu 18.04 LTS: libssl1.0.0 1.0.2n-1ubuntu5.2 libssl1.1 1.1.0g-2ubuntu4.3

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.14

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.27

After a standard system update you need to reboot your computer to make all the necessary changes.

Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.1, 1.1.0 or 1.0.2 at this time. The fix is also available in commit 8abfe72e8c (for 1.1.1), ef11e19d13 (for 1.1.0) and commit 43e6a58d49 (for 1.0.2) in the OpenSSL git repository.

As a result of the changes made to mitigate this vulnerability, a new side channel attack was created. The mitigation for this new vulnerability can be found in these commits: 6039651c43 (for 1.1.1), 26d7fce13d (for 1.1.0) and 880d1c76ed (for 1.0.2)

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20181030.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0932",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.3.3"
      },
      {
        "model": "e-business suite technology stack",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "0.9.8"
      },
      {
        "model": "santricity smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0i"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.9.0"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.12.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.14.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.9.0"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.12.3"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.0.0"
      },
      {
        "model": "e-business suite technology stack",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.0.5.0"
      },
      {
        "model": "cloud backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "e-business suite technology stack",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.0.0"
      },
      {
        "model": "tuxedo",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.1.0.0"
      },
      {
        "model": "primavera p6 professional project management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.8"
      },
      {
        "model": "cn1610",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "11.0.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.10"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "11.3.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.0.0"
      },
      {
        "model": "snapcenter",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.57"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.2.0.0.0"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.1.2"
      },
      {
        "model": "primavera p6 professional project management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "oncommand unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "*"
      },
      {
        "model": "primavera p6 professional project management",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.7"
      },
      {
        "model": "primavera p6 professional project management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.1"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "storage automation store",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "primavera p6 professional project management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.2"
      },
      {
        "model": "primavera p6 professional project management",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "steelstore",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.8.1"
      },
      {
        "model": "node.js",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.13.0"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2p"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.15.0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "primavera p6 professional project management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3.0.0.0"
      },
      {
        "model": "primavera p6 professional project management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.0.0"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.8.1"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.56"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0734"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.2p",
                "versionStartIncluding": "1.0.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.1.0i",
                "versionStartIncluding": "1.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.8.1",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.8.1",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.12.0",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.15.0",
                "versionStartIncluding": "6.9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.14.0",
                "versionStartIncluding": "8.9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:10.13.0:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3.0",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.12.3",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:18.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:e-business_suite_technology_stack:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "17.12",
                "versionStartIncluding": "17.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0734"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat,Samuel Weiser.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1435"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2018-0734",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-118936",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-0734",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-0734",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201810-1435",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118936",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-0734",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118936"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0734"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1435"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0734"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.2q-i586-1_slack14.2.txz:  Upgraded. \n  For more information, see:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\ne6d4b3a76383f9f253da4128ba23f269  openssl-1.0.1u-i486-1_slack14.0.txz\nc61d31a1751ae39af89d3fee0b54f0d8  openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n96be19e6a96c9beb5d3bbc55348fb483  openssl-1.0.1u-x86_64-1_slack14.0.txz\nb7a8fa2ebd16c8ae106fc1267bc29eca  openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n099b960e62eaea5d1a639a61a2fabca7  openssl-1.0.1u-i486-1_slack14.1.txz\nb5d5219e05db97f63c4d6c389d6884fb  openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nfc96c87d76c9d1efd1290ac847fa7c7c  openssl-1.0.1u-x86_64-1_slack14.1.txz\ne873b66f84f45ea34d028a3d524ce573  openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nSlackware 14.2 packages:\nd5f0cc19451e9c7e3967820cf02a20c6  openssl-1.0.2q-i586-1_slack14.2.txz\n594ca80447baecd608a51083b12a26d9  openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n943bb2f3259ccf97a1b8b25f5f511c30  openssl-1.0.2q-x86_64-1_slack14.2.txz\n0d45afe2487c47b283c06902c56e4559  openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n6f01f6dd0f40a12e473320386cfc8536  a/openssl-solibs-1.1.1a-i586-1.txz\n6e5a2ab2475a0d851376d12911b3c6b7  n/openssl-1.1.1a-i586-1.txz\n\nSlackware x86_64 -current packages:\neb4697703f1f4b81ad38e9247ab70dac  a/openssl-solibs-1.1.1a-x86_64-1.txz\n12a10fd6bd2344b3e73106c8d5b9828c  n/openssl-1.1.1a-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. After installing the updated\npackages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys\n1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm\n1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)\n1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time\n1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies\n1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition\n1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare\n1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n\n6. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.0j-1~deb9u1. Going forward, openssl security updates for\nstretch will be based on the 1.1.0x upstream releases. \n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8\nTjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6\nUdto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj\n45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ\nVXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2\nDwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx\n/qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn\nq+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/\nu8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM\n9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT\n7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61\nP2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Low: openssl security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2019:3700-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:3700\nIssue date:        2019-11-05\nCVE Names:         CVE-2018-0734 CVE-2018-0735 CVE-2019-1543 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nThe following packages have been upgraded to a later upstream version:\nopenssl (1.1.1c). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1644356 - CVE-2018-0735 openssl: timing side channel attack in the ECDSA signature generation\n1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm\n1668880 - ec man page lists -modulus but the tool doesn\u0027t support it\n1686058 - specifying digest for signing time-stamping responses is mandatory\n1686548 - Incorrect handling of fragmented KeyUpdate messages\n1695954 - CVE-2019-1543 openssl: ChaCha20-Poly1305 with long nonces\n1697915 - Race/segmentation fault on process shutdown in OpenSSL\n1706104 - openssl asn1parse crashes with double free or corruption (!prev)\n1706915 - OpenSSL should implement continuous random test or use the kernel AF_ALG interface for random\n1712023 - openssl pkcs12 uses certpbe algorithm not compliant with FIPS by default\n1714245 - DSA ciphers in TLS don\u0027t work with SHA-1 signatures even in LEGACY level\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nopenssl-1.1.1c-2.el8.src.rpm\n\naarch64:\nopenssl-1.1.1c-2.el8.aarch64.rpm\nopenssl-debuginfo-1.1.1c-2.el8.aarch64.rpm\nopenssl-debugsource-1.1.1c-2.el8.aarch64.rpm\nopenssl-devel-1.1.1c-2.el8.aarch64.rpm\nopenssl-libs-1.1.1c-2.el8.aarch64.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.aarch64.rpm\nopenssl-perl-1.1.1c-2.el8.aarch64.rpm\n\nppc64le:\nopenssl-1.1.1c-2.el8.ppc64le.rpm\nopenssl-debuginfo-1.1.1c-2.el8.ppc64le.rpm\nopenssl-debugsource-1.1.1c-2.el8.ppc64le.rpm\nopenssl-devel-1.1.1c-2.el8.ppc64le.rpm\nopenssl-libs-1.1.1c-2.el8.ppc64le.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.ppc64le.rpm\nopenssl-perl-1.1.1c-2.el8.ppc64le.rpm\n\ns390x:\nopenssl-1.1.1c-2.el8.s390x.rpm\nopenssl-debuginfo-1.1.1c-2.el8.s390x.rpm\nopenssl-debugsource-1.1.1c-2.el8.s390x.rpm\nopenssl-devel-1.1.1c-2.el8.s390x.rpm\nopenssl-libs-1.1.1c-2.el8.s390x.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.s390x.rpm\nopenssl-perl-1.1.1c-2.el8.s390x.rpm\n\nx86_64:\nopenssl-1.1.1c-2.el8.x86_64.rpm\nopenssl-debuginfo-1.1.1c-2.el8.i686.rpm\nopenssl-debuginfo-1.1.1c-2.el8.x86_64.rpm\nopenssl-debugsource-1.1.1c-2.el8.i686.rpm\nopenssl-debugsource-1.1.1c-2.el8.x86_64.rpm\nopenssl-devel-1.1.1c-2.el8.i686.rpm\nopenssl-devel-1.1.1c-2.el8.x86_64.rpm\nopenssl-libs-1.1.1c-2.el8.i686.rpm\nopenssl-libs-1.1.1c-2.el8.x86_64.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.i686.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.x86_64.rpm\nopenssl-perl-1.1.1c-2.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0734\nhttps://access.redhat.com/security/cve/CVE-2018-0735\nhttps://access.redhat.com/security/cve/CVE-2019-1543\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXcHzTdzjgjWX9erEAQjP6w/8D4eIfwgPbpKXdy3Y2kjmKhb9faqBJvHm\neqpG5tewJQBtRAPm/R7SesrMVKGUEDAuiSKydQlQn8nuRIWDsKw14+uLRN7AyTQ3\njXy0pnp+C7O1hyJnwNEiXo9ZgUaXMMXLGyTk8v9gnzA/HYpZX1c4g4FXHf0ycBi/\nthxllEiJx6CrEO3pszYzu1Lt9GFMOAJPvwbiW0S7mVmsNCI4n+5OfeNzmURXdObs\n89/XCFrQO3CDAh3SXCZa08Ie8px7Aq8slmNWOswhlqIYkUWGUbICIpqW1+4XyAqz\nhVP8iqTY7TRwBPB0zoqmO5cxMY+jqMk/LphG+oTOF+ZA7YZH3bjDxJisCOr+ys+i\nWnTYAl1KFBqo5uhH4dBzNH2EE5PeiwKNKqu6Wws1qOblTFXb3AYSHsqLv6VB0m1B\nMXcUXrjSMwelSVAgK1eekJsYqCr3lT1+N8cA8P/sgT/DzGTNJhcoCE/OeJCUVBZL\nuGhke48CUs3GvXCKP0+PDpINRRllGwVqkkCQ7LtsXoB0hGaaGt+CNCd3aQj8rf02\nmPi2Vab7CjBLUn1QGiNigLF4X4rKZlxiBcHDByyHdeCW+zHvGod7ksmJKXmHujvY\npdg6toj/our0hhQp2dPTXFPKFtkO7GIIe19i+OZ6Rn0niVxSQbshiXyFFsvgZN0F\n82vSbeKouJA=\n=mdzd\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-3840-1\nDecember 06, 2018\n\nopenssl, openssl1.0 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. This issue only affected Ubuntu\n18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)\n\nBilly Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri,\nand Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading\n(SMT) architectures are vulnerable to side-channel leakage. This issue is\nknown as \"PortSmash\". (CVE-2018-5407)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n  libssl1.0.0                     1.0.2n-1ubuntu6.1\n  libssl1.1                       1.1.1-1ubuntu2.1\n\nUbuntu 18.04 LTS:\n  libssl1.0.0                     1.0.2n-1ubuntu5.2\n  libssl1.1                       1.1.0g-2ubuntu4.3\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.14\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.27\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nDue to the low severity of this issue we are not issuing a new release\nof OpenSSL 1.1.1, 1.1.0 or 1.0.2 at this time. The fix is also available in commit 8abfe72e8c (for 1.1.1),\nef11e19d13 (for 1.1.0) and commit 43e6a58d49 (for 1.0.2) in the OpenSSL\ngit repository. \n\nAs a result of the changes made to mitigate this vulnerability, a new\nside channel attack was created.  The mitigation for this new vulnerability\ncan be found in these commits: 6039651c43 (for 1.1.1), 26d7fce13d (for 1.1.0)\nand 880d1c76ed (for 1.0.2)\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20181030.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0734"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118936"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0734"
      },
      {
        "db": "PACKETSTORM",
        "id": "150437"
      },
      {
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155160"
      },
      {
        "db": "PACKETSTORM",
        "id": "150683"
      },
      {
        "db": "PACKETSTORM",
        "id": "169667"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0734",
        "trust": 2.5
      },
      {
        "db": "TENABLE",
        "id": "TNS-2018-17",
        "trust": 1.8
      },
      {
        "db": "TENABLE",
        "id": "TNS-2018-16",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "105758",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "155414",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1435",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0660",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0960",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0481",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0514",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3390.4",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4251",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4403",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0644.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0491",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4479.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4753",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4479",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0102",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0529",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "150683",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "155160",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "155417",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "150437",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "153932",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155416",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-118936",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0734",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150561",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169667",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118936"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0734"
      },
      {
        "db": "PACKETSTORM",
        "id": "150437"
      },
      {
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155160"
      },
      {
        "db": "PACKETSTORM",
        "id": "150683"
      },
      {
        "db": "PACKETSTORM",
        "id": "169667"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1435"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0734"
      }
    ]
  },
  "id": "VAR-201810-0932",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118936"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:55:35.727000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86419"
      },
      {
        "title": "Red Hat: Moderate: openssl security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192304 - security advisory"
      },
      {
        "title": "Red Hat: Low: openssl security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193700 - security advisory"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2019-1153",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1153"
      },
      {
        "title": "Ubuntu Security Notice: openssl, openssl1.0 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3840-1"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2019-1153",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1153"
      },
      {
        "title": "Red Hat: CVE-2018-0734",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-0734"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2018-0734"
      },
      {
        "title": "Debian Security Advisories: DSA-4355-1 openssl1.0 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=7cc6b04edacd67d6e5bf27bd36f54217"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2019-1362",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1362"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201812-7] lib32-openssl-1.0: private key recovery",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201812-7"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201812-6] lib32-openssl: private key recovery",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201812-6"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201812-5] openssl: private key recovery",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201812-5"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201812-8] openssl-1.0: private key recovery",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201812-8"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193935 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193932 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193933 - security advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-4348-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=322bd50b7b929759e38c99b73122a852"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by vulnerability in OpenSSL (CVE-2018-0734)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=089729287496a632fa4c42658b60b635"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM MQ Appliance is affected by an OpenSSL vulnerability (CVE-2018-0734)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3b0880c0fe7c1c2995382c68ba0fd928"
      },
      {
        "title": "IBM: IBM Security Bulletin: OpenSSL DSA signature algorithm security vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-0734)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=bf4a61aab0614bc21bae17e61513abdc"
      },
      {
        "title": "IBM: IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-0734)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9f92a5713223095107b36bb14efd3013"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2018-0734, CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c36f1dd66164e22918d817553be91620"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1b873a45dce8bb56ff011908a9402b67"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by openssl vulnerabilities (CVE-2019-1559, CVE-2018-0734)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7ceb7cf440b088f91358d1c597d5a414"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0734)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=bcd3c8de23a34fb577cecdb0096912bf"
      },
      {
        "title": "IBM: IBM Security Bulletin: OpenSSL vunerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f89f8f6307af3f9e5b1f4d0ffb1a9677"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0734)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4f65fc12e5864fd96d0965bd485769d5"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM RackSwitch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0734)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=96f2e72442af5a4308e4a45305db78b4"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e4ca493bfda92c5355c98328872a84e5"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Event Streams is affected by OpenSSL vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=efdce9b94f89918f3f2b2dfc69780ccd"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0734, CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ddeebd7237369bd2318e4087834121a5"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2018-16"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-0732, CVE-2018-0734, CVE-2018-0737)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4f5f12bea67642140a5af636a3850c79"
      },
      {
        "title": "IBM: IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e59d7f075c856823d6f7370dea35e662"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analytics",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ac5ccbde4e4ddbcabd10cacf82487a11"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2018-0734 and CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=fda6d001f041b9b0a29d906059d798b4"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM DataPower Gateway is affected by vulnerabilities in OpenSSL",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c7313d7a6ba5364a603c214269588feb"
      },
      {
        "title": "IBM: Security Bulletin: Vulnerabities in SSL in IBM DataPower Gateway",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5fc1433ca504461e3bbb1d30e408592c"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c829d56f5888779e791387897875c4b4"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-0732, CVE-2018-0734, CVE-2018-0737)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=35f40c202a57607f29c0bb486da6ea8a"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2018-17"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 \u0026 GCM32 KVM Switch Firmware (CVE-2018-0734, CVE-2018-0737, CVE-2018-0739)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d3d3f316d14423d9850192f1d5f20a1b"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d04b79d120c8d1de061ffc3f57258fcb"
      },
      {
        "title": "IBM: IBM Security Bulletin:IBM Security Identity Adapters has released a fix in response to the OpenSSL vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=00b8bc7d11e5484e8721f3f62ec2ce87"
      },
      {
        "title": "IBM: Security Bulletin: Vulnerabilities have been identified in OpenSSL and the Kernel shipped with the DS8000 Hardware Management Console (HMC)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=423d1da688755122eb2591196e4cc160"
      },
      {
        "title": "Debian CVElist Bug Report Logs: mysql-5.7: Security fixes from the January 2019 CPU",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=996600102cb3180bfad1fcc5c68a4d77"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=4ee609eeae78bbbd0d0c827f33a7f87f"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private \u2013 Node.js",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2e571e7bc5566212c3e69e37ecfa5ad4"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2bd72b857f21f300d83d07a791be44cf"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2018-0734 and CVE-2019-1559 (OpenSSL)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=b508c983da563a8786bf80c360afb887"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=26f585287da19915b94b6cae2d1b864f"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=dce787e9d669a768893a91801bf5eea4"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=800337bc69aa7ad92ac88a2adcc7d426"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private \u2013 fluentd",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=60de0933c28b353f38df30120aa2a908"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Releases 1801-w and 1801-y",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=bf3f2299a8658b7cd3984c40e7060666"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=aea3fcafd82c179d3a5dfa015e920864"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Release 1801-v",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=413b5f9466c1ebf3ab090a45e189b43e"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u2019s dependencies \u2013 Cumulative list from June 28, 2018 to December 13, 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2018-0734 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/qi-zhan/ps3 "
      },
      {
        "title": "vyger",
        "trust": 0.1,
        "url": "https://github.com/mrodden/vyger "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-0734"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1435"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-327",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-320",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118936"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0734"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "http://www.securityfocus.com/bid/105758"
      },
      {
        "trust": 2.5,
        "url": "https://access.redhat.com/errata/rhsa-2019:3932"
      },
      {
        "trust": 2.5,
        "url": "https://access.redhat.com/errata/rhsa-2019:3935"
      },
      {
        "trust": 2.4,
        "url": "https://access.redhat.com/errata/rhsa-2019:3933"
      },
      {
        "trust": 1.9,
        "url": "https://www.openssl.org/news/secadv/20181030.txt"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/errata/rhsa-2019:2304"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/errata/rhsa-2019:3700"
      },
      {
        "trust": 1.9,
        "url": "https://usn.ubuntu.com/3840-1/"
      },
      {
        "trust": 1.8,
        "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.tenable.com/security/tns-2018-16"
      },
      {
        "trust": 1.8,
        "url": "https://www.tenable.com/security/tns-2018-17"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2018/dsa-4348"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2018/dsa-4355"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=43e6a58d4991a451daf4891ff05a48735df871ac"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
      },
      {
        "trust": 0.6,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc"
      },
      {
        "trust": 0.6,
        "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2019-5251593.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2019-5462008.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "trust": 0.6,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.6,
        "url": "https://www.openssl.org/news/cl102.txt"
      },
      {
        "trust": 0.6,
        "url": "https://github.com/openssl/openssl/commit/ef11e19d1365eea2b1851e6f540a0bf365d303e7"
      },
      {
        "trust": 0.6,
        "url": "https://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
      },
      {
        "trust": 0.6,
        "url": "https://github.com/openssl/openssl/commit/43e6a58d4991a451daf4891ff05a48735df871ac"
      },
      {
        "trust": 0.6,
        "url": "https://support.symantec.com/us/en/article.symsa1490.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1284802"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1115655"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1115643"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170328"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170340"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170334"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170322"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170352"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170346"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1116357"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1142626"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1115649"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76338"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10875298"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76414"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4403/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4479/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1138588"
      },
      {
        "trust": 0.6,
        "url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/3517185"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10870936"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1167202"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/77674"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-in-ibm-qradar-siem-is-vulnerable-to-a-timing-side-channel-attack-cve-2018-0734/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0491/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3390.4/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4479.2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/75658"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4251/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-identified-in-openssl-and-the-kernel-shipped-with-the-ds8000-hardware-management-console-hmc/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0529/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4753/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-integrated-analytics-system-2/"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10794861"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0102/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1143442"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-plus-cve-2018-0735-cve-2018-0734-cve-2018-5407/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1169938"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10873310"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/75802"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-0734"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0735"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9511"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9517"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-0737"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-17199"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9516"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9513"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0217"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0197"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-17189"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-5407"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0196"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/327.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2018-0734"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59087"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0734"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5407"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0732"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/openssl"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-0735"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1543"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.14"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.27"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.0g-2ubuntu4.3"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3840-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu6.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.2"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118936"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0734"
      },
      {
        "db": "PACKETSTORM",
        "id": "150437"
      },
      {
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155160"
      },
      {
        "db": "PACKETSTORM",
        "id": "150683"
      },
      {
        "db": "PACKETSTORM",
        "id": "169667"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1435"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0734"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-118936"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0734"
      },
      {
        "db": "PACKETSTORM",
        "id": "150437"
      },
      {
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155160"
      },
      {
        "db": "PACKETSTORM",
        "id": "150683"
      },
      {
        "db": "PACKETSTORM",
        "id": "169667"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1435"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0734"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118936"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-0734"
      },
      {
        "date": "2018-11-22T23:23:23",
        "db": "PACKETSTORM",
        "id": "150437"
      },
      {
        "date": "2019-11-20T23:02:22",
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "date": "2019-11-20T21:11:11",
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "date": "2018-12-03T21:06:37",
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "date": "2019-11-06T15:56:37",
        "db": "PACKETSTORM",
        "id": "155160"
      },
      {
        "date": "2018-12-07T01:03:36",
        "db": "PACKETSTORM",
        "id": "150683"
      },
      {
        "date": "2018-10-30T12:12:12",
        "db": "PACKETSTORM",
        "id": "169667"
      },
      {
        "date": "2018-10-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-1435"
      },
      {
        "date": "2018-10-30T12:29:00.257000",
        "db": "NVD",
        "id": "CVE-2018-0734"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118936"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-0734"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-1435"
      },
      {
        "date": "2023-11-07T02:51:05.217000",
        "db": "NVD",
        "id": "CVE-2018-0734"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1435"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Encryption problem vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1435"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1435"
      }
    ],
    "trust": 0.6
  }
}

var-201605-0077
Vulnerability from variot

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. Note : This issue is the result of an incomplete fix for the issue described in 57778 (Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability) OpenSSL versions 1.0.2 prior to 1.0.2h are vulnerable. OpenSSL versions 1.0.1 prior to 1.0.1t are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03756en_us Version: 1

HPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-06-05 Last Updated: 2017-06-05

Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.

References:

  • CVE-2016-2105 - Remote Denial of Service (DoS)
  • CVE-2016-2106 - Remote Denial of Service (DoS)
  • CVE-2016-2107 - Remote disclosure of sensitive information
  • CVE-2016-2108 - Remote Denial of Service (DoS)
  • CVE-2016-2109 - Remote Denial of Service (DoS)
  • CVE-2016-2176 - Remote Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • HP Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2016-2105
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-2106
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-2107
  3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVE-2016-2108
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-2016-2109
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVE-2016-2176
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
  6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software updates available to resolve the vulnerabilities in the Comware 7, iMC and VCX products running OpenSSL.

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7377P02
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 10500 (Comware 7) - Version: R7184
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5900/5920 (Comware 7) - Version: R2422P02
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR1000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR2000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR3000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR4000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • VSR (Comware 7) - Version: E0324
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 7900 (Comware 7) - Version: R2152
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5130 (Comware 7) - Version: R3115
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 6125XLG - Version: R2422P02
    • HP Network Products
    • 711307-B21 HP 6125XLG Blade Switch
    • 737230-B21 HP 6125XLG Blade Switch with TAA
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 6127XLG - Version: R2422P02
    • HP Network Products
    • 787635-B21 HP 6127XLG Blade Switch Opt Kit
    • 787635-B22 HP 6127XLG Blade Switch with TAA
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • Moonshot - Version: R2432
    • HP Network Products
    • 786617-B21 - HP Moonshot-45Gc Switch Module
    • 704654-B21 - HP Moonshot-45XGc Switch Module
    • 786619-B21 - HP Moonshot-180XGc Switch Module
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5700 (Comware 7) - Version: R2422P02
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5930 (Comware 7) - Version: R2422P02
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 1950 (Comware 7) - Version: R3115
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 7500 (Comware 7) - Version: R7184
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5510HI (Comware 7) - Version: R1120P10
    • HP Network Products
    • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
    • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
    • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
    • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
    • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5130HI (Comware 7) - Version: R1120P10
    • HP Network Products
    • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
    • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
    • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
    • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5940 - Version: R2509
    • HP Network Products
    • JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
    • JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
    • JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
    • JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
    • JH396A HPE FlexFabric 5940 32QSFP+ Switch
    • JH397A HPE FlexFabric 5940 2-slot Switch
    • JH398A HPE FlexFabric 5940 4-slot Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5950 - Version: R6123
    • HP Network Products
    • JH321A HPE FlexFabric 5950 32QSFP28 Switch
    • JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch
    • JH404A HPE FlexFabric 5950 4-slot Switch
  • 12900E (Comware 7) - Version: R2609
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176

iMC Products

  • iNode PC 7.2 (E0410) - Version: 7.2 E0410
    • HP Network Products
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
    • CVEs
    • CVE-2016-2106
    • CVE-2016-2109
    • CVE-2016-2176
  • iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409
    • HP Network Products
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
    • CVEs
    • CVE-2016-2106
    • CVE-2016-2109
    • CVE-2016-2176

VCX Products

  • VCX - Version: 9.8.19
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 2 June 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Corrected: 2016-05-03 18:54:20 UTC (stable/10, 10.3-STABLE) 2016-05-04 15:25:47 UTC (releng/10.3, 10.3-RELEASE-p2) 2016-05-04 15:26:23 UTC (releng/10.2, 10.2-RELEASE-p16) 2016-05-04 15:27:09 UTC (releng/10.1, 10.1-RELEASE-p33) 2016-05-04 06:53:02 UTC (stable/9, 9.3-STABLE) 2016-05-04 15:27:09 UTC (releng/9.3, 9.3-RELEASE-p41) CVE Name: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project.

II. [CVE-2016-2176] FreeBSD does not run on any EBCDIC systems and therefore is not affected.

III.

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

Restart all daemons that use the library, or reboot the system.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

Restart all daemons that use the library, or reboot the system.

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.x]

fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch

fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch.asc

gpg --verify openssl-10.patch.asc

[FreeBSD 9.3]

fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patc

fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patch.asc

gpg --verify openssl-9.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all daemons that use the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/9/ r299053 releng/9.3/ r299068 stable/10/ r298999 releng/10.1/ r299068 releng/10.2/ r299067 releng/10.3/ r299066

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII.

Gentoo Linux Security Advisory GLSA 201612-16

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2j >= 1.0.2j

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"

References

[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201612-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0722-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0722.html Issue date: 2016-05-09 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 7. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)

  • It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-0799, CVE-2016-2842)

  • A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. (CVE-2016-2109)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-51.el7_2.5.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-51.el7_2.5.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-51.el7_2.5.src.rpm

ppc64: openssl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64.rpm

ppc64le: openssl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64le.rpm

s390x: openssl-1.0.1e-51.el7_2.5.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-devel-1.0.1e-51.el7_2.5.s390.rpm openssl-devel-1.0.1e-51.el7_2.5.s390x.rpm openssl-libs-1.0.1e-51.el7_2.5.s390.rpm openssl-libs-1.0.1e-51.el7_2.5.s390x.rpm

x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-static-1.0.1e-51.el7_2.5.ppc.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64le.rpm

s390x: openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-perl-1.0.1e-51.el7_2.5.s390x.rpm openssl-static-1.0.1e-51.el7_2.5.s390.rpm openssl-static-1.0.1e-51.el7_2.5.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-51.el7_2.5.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFXMFlTXlSAg2UNWIIRAhYAAJ0T9Ib2vXUa5te34i6fphHrbe0HlwCfePy5 WjaK8x9OaI0FgbWyfxvwq6o= =jHjh -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. This could lead to a heap corruption. This could lead to a heap corruption.

CVE-2016-2108

David Benjamin from Google discovered that two separate bugs in the
ASN.1 encoder, related to handling of negative zero integer values
and large universal tags, could lead to an out-of-bounds write.

For the unstable distribution (sid), these problems have been fixed in version 1.0.2h-1.

A security vulnerability in QEMU was addressed by HPE Helion OpenStack. The vulnerability could be exploited resulting in local unauthorized data access.

References:

CVE-2016-2108 CVE-2016-2107 CVE-2016-3710 PSRT110142

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004

OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following:

apache_mod_php Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36. CVE-2016-4650

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro

Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro

bsdiff Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher

CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc.

CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo

Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4634 : Stefan Esser of SektionEins

ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex

ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : an anonymous researcher

IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins

IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero

Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team

Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

libc++abi Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4621 : an anonymous researcher

libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-0718 : Gustavo Grieco

LibreSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand, Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck

libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to the compromise of user information Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a denial of service Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

OpenSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in OpenSSL. CVE-2016-2105 : Guido Vranken CVE-2016-2106 : Guido Vranken CVE-2016-2107 : Juraj Somorovsky CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter CVE-2016-2176 : Guido Vranken

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted SGI file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab

Safari Login AutoFill Available for: OS X El Capitan v10.11 and later Impact: A user's password may be visible on screen Description: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields. CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD

Sandbox Profiles Available for: OS X El Capitan v10.11 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins

Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900

OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y +cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc 55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5 YozOGPQFmX0OviWCQsX6 =ng+m -----END PGP SIGNATURE----- . Description:

This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)

  • This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)

  • This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)

  • This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)

  • This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)

  • A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808)

  • A memory leak flaw was fixed in expat.

See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/):

JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

6. OpenSSL Security Advisory [3rd May 2016]

Memory corruption in the ASN.1 encoder (CVE-2016-2108)

Severity: High

This issue affected versions of OpenSSL prior to April 2015. The bug causing the vulnerability was fixed on April 18th 2015, and released as part of the June 11th 2015 security releases. The security impact of the bug was not known at the time.

In previous versions of OpenSSL, ASN.1 encoding the value zero represented as a negative integer can cause a buffer underflow with an out-of-bounds write in i2c_ASN1_INTEGER. The ASN.1 parser does not normally create "negative zeroes" when parsing ASN.1 input, and therefore, an attacker cannot trigger this bug.

However, a second, independent bug revealed that the ASN.1 parser (specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag as a negative zero value. Large universal tags are not present in any common ASN.1 structures (such as X509) but are accepted as part of ANY structures.

Therefore, if an application deserializes untrusted ASN.1 structures containing an ANY field, and later reserializes them, an attacker may be able to trigger an out-of-bounds write. This has been shown to cause memory corruption that is potentially exploitable with some malloc implementations.

Applications that parse and re-encode X509 certificates are known to be vulnerable. Applications that verify RSA signatures on X509 certificates may also be vulnerable; however, only certificates with valid signatures trigger ASN.1 re-encoding and hence the bug. Specifically, since OpenSSL's default TLS X509 chain verification code verifies the certificate chain from root to leaf, TLS handshakes could only be targeted with valid certificates issued by trusted Certification Authorities.

OpenSSL 1.0.2 users should upgrade to 1.0.2c OpenSSL 1.0.1 users should upgrade to 1.0.1o

This vulnerability is a combination of two bugs, neither of which individually has security impact. The first bug (mishandling of negative zero integers) was reported to OpenSSL by Huzaifa Sidhpurwala (Red Hat) and independently by Hanno Böck in April 2015. The second issue (mishandling of large universal tags) was found using libFuzzer, and reported on the public issue tracker on March 1st 2016. The fact that these two issues combined present a security vulnerability was reported by David Benjamin (Google) on March 31st 2016. The fixes were developed by Steve Henson of the OpenSSL development team, and David Benjamin. The OpenSSL team would also like to thank Mark Brand and Ian Beer from the Google Project Zero team for their careful analysis of the impact.

The fix for the "negative zero" memory corruption bug can be identified by commits

3661bb4e7934668bd99ca777ea8b30eedfafa871 (1.0.2) and 32d3b0f52f77ce86d53f38685336668d47c5bdfe (1.0.1)

Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)

Severity: High

A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI.

This issue was introduced as part of the fix for Lucky 13 padding attack (CVE-2013-0169). The padding check was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes.

OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t

This issue was reported to OpenSSL on 13th of April 2016 by Juraj Somorovsky using TLS-Attacker. The fix was developed by Kurt Roeckx of the OpenSSL development team.

EVP_EncodeUpdate overflow (CVE-2016-2105)

Severity: Low

An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption.

Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by the PEM_write_bio family of functions. These are mainly used within the OpenSSL command line applications. These internal uses are not considered vulnerable because all calls are bounded with length checks so no overflow is possible. User applications that call these APIs directly with large amounts of untrusted data may be vulnerable. (Note: Initial analysis suggested that the PEM_write_bio were vulnerable, and this is reflected in the patch commit message. This is no longer believed to be the case).

OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t

This issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

EVP_EncryptUpdate overflow (CVE-2016-2106)

Severity: Low

An overflow can occur in the EVP_EncryptUpdate() function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. Following an analysis of all OpenSSL internal usage of the EVP_EncryptUpdate() function all usage is one of two forms. The first form is where the EVP_EncryptUpdate() call is known to be the first called function after an EVP_EncryptInit(), and therefore that specific call must be safe. The second form is where the length passed to EVP_EncryptUpdate() can be seen from the code to be some small value and therefore there is no possibility of an overflow. Since all instances are one of these two forms, it is believed that there can be no overflows in internal code due to this problem. It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths. Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances of these calls have also been analysed too and it is believed there are no instances in internal usage where an overflow could occur.

This could still represent a security issue for end user code that calls this function directly.

OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t

This issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

ASN.1 BIO excessive memory allocation (CVE-2016-2109)

Severity: Low

When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory.

Any application parsing untrusted data through d2i BIO functions is affected. The memory based functions such as d2i_X509() are not affected. Since the memory based functions are used by the TLS library, TLS applications are not affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t

This issue was reported to OpenSSL on 4th April 2016 by Brian Carpenter. The fix was developed by Stephen Henson of the OpenSSL development team.

EBCDIC overread (CVE-2016-2176)

Severity: Low

ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer.

OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t

This issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20160503.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0077",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "helion openstack",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "helion openstack",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "5.0.1"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.10"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2g"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.2"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.0.1"
      },
      {
        "model": "helion openstack",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "2.1.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.14"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "5.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.4.1"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.0.3"
      },
      {
        "model": "node.js",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.0.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.4.4"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.2.2"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.11.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.0.4"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.3"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "5.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.4.2"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "5.1.0"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.1.2"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.45"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.3.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.2.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.4.3"
      },
      {
        "model": "helion openstack",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "2.0.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.1.2"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.1"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.2.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.0.0"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "paging server",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "ironport encryption appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.2.1"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.10"
      },
      {
        "model": "nexus series blade switches 0.9.8zf",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "cognos insight fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.216"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.6"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "85100"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.35"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "tivoli netcool system service monitors fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5.4.3"
      },
      {
        "model": "watson explorer foundational components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.6"
      },
      {
        "model": "tivoli netcool system service monitors fp15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1879.2.5"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.8"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.10.1"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.8"
      },
      {
        "model": "9.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90008.3"
      },
      {
        "model": "spa50x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli netcool system service monitors fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "10.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-109"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "nexus intercloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.0.0"
      },
      {
        "model": "buildforge",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified workforce optimization quality management sr3 es5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "qradar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "xenserver common criteria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.0.2"
      },
      {
        "model": "mediasense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8961"
      },
      {
        "model": "unified wireless ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.11"
      },
      {
        "model": "spa122 ata with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "webex meeting center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "10.2-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "communications session border controller scz7.3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.11-28"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "cognos tm1 interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "primavera p6 professional project management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.17"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.0-13"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.14"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.16"
      },
      {
        "model": "agent for openflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0.7"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(3)"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "netezza platform software 7.1.0.9-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "webex meetings for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "ios software and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "webex meeting center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.0.5"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.4.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.19"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.7"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "sterling connect:direct for hp nonstop ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6.0.1030"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.10000.5)"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.4"
      },
      {
        "model": "helion openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v5000-"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "jabber for android mr",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.12"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.7"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9.0"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-110"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "communications application session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "helion openstack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30-12"
      },
      {
        "model": "tivoli netcool system service monitors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "cognos tm1 fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.26"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "life sciences data hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.8"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.1"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "netezza platform software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1.3"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "webex messenger service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "10.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.10"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "telepresence server on multiparty media mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.2"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.12"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.1"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "packet tracer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(3.10000.9)"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.6"
      },
      {
        "model": "infosphere data explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2.10"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-108"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.16"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "flashsystem 9848-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "netezza platform software 7.2.0.7-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "9.3-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0"
      },
      {
        "model": "edge digital media player 1.6rb4 5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "9.3-release-p36",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.2"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "spa30x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.12.2"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.4.7"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.7"
      },
      {
        "model": "light",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.5"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "84200"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "9.3-release-p41",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agile engineering data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.0.0"
      },
      {
        "model": "cloud object store",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.8"
      },
      {
        "model": "registered envelope service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.4"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "asa cx and prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "10.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.0.2"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0(0.400)"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.4.2"
      },
      {
        "model": "life sciences data hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.1"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.12-04"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.1"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "prime license manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "infosphere data explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2-4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.12-01"
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.9"
      },
      {
        "model": "9.3-release-p39",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-114"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.2"
      },
      {
        "model": "telepresence profile series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.2"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.014-08"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "globalprotect agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.1"
      },
      {
        "model": "10.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "netezza platform software 7.2.1.2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "connected analytics for collaboration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos tm1 interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.2"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p23",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.113"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "9.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.1"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "services analytic platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.17"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "agent for openflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.5"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.5"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "9.3-release-p34",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.10"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.2"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.13900.9)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "network health framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.5"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "unified series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "780011.5.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(3.10000.9)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6(3)"
      },
      {
        "model": "communications application session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.5"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.2"
      },
      {
        "model": "emergency responder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "xenserver service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.21"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.131"
      },
      {
        "model": "watson explorer foundational components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0.0.1"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.1"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.2"
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "prime collaboration assurance sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "10.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.15"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 1.0.1t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "webex recording playback client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "communications application session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.6"
      },
      {
        "model": "9.3-release-p38",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "9.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.16-37"
      },
      {
        "model": "10.2-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "opensuse evergreen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "prime infrastructure standalone plug and play gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.014-01"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "communications application session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.4"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4.2"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "10.2-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere application server liberty pr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.0-"
      },
      {
        "model": "10.1-release-p27",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.3.4"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.36"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "flashsystem 9846-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.3"
      },
      {
        "model": "unified ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.7"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.34"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.6.1"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.4.0"
      },
      {
        "model": "telepresence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.4"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "globalprotect agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.0"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "mds series multilayer switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "communications unified session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.3.5"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "unified sip proxy",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "watson explorer foundational components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0.0.2"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli composite application manager for transactions if03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.1"
      },
      {
        "model": "access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.2"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2.5"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.0"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "telepresence profile series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "primavera p6 professional project management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.2"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "ironport email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.2"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.3"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.1"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.3"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.3.0"
      },
      {
        "model": "algo audit and compliance if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.32"
      },
      {
        "model": "spa525g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.1"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9971"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "rational tau interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5:20"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.1.1"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3.1"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.0"
      },
      {
        "model": "security access manager for web",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "virtual security gateway vsg2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flashsystem 9843-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "900"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.0"
      },
      {
        "model": "telepresence sx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.9"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1"
      },
      {
        "model": "wide area application services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.5.7"
      },
      {
        "model": "9.3-release-p24",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "10.1-release-p30",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0.9.8"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.4"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1.0.0"
      },
      {
        "model": "communications eagle lnp application processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.11"
      },
      {
        "model": "edge digital media player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3401.2.0.20"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.4"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.8"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "42000"
      },
      {
        "model": "standalone rack server cimc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.0.5"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.0.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.4.4"
      },
      {
        "model": "10.1-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "infosphere information server on cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "mq appliance m2001",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.4"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1)"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "10.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.21"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.13-41"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.9"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.0"
      },
      {
        "model": "10.1-release-p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence conductor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "unified attendant console standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "mate live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "security identity governance and intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "unified ip phones 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0(0.98000.225)"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.0"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50008.3"
      },
      {
        "model": "10.1-release-p31",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "communications application session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1.10000.5)"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "netezza platform software 7.2.1.1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-42"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3500-"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "sun ray operating software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.7"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.13"
      },
      {
        "model": "watson explorer foundational components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0.0.0"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3700-"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "19.0"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1876"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "local collector appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.12"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.0"
      },
      {
        "model": "10.1-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1.1"
      },
      {
        "model": "mac os security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016"
      },
      {
        "model": "10.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7(0)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "policy suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "communications unified session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.2.5"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "53000"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1)"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "webex meetings server mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.1"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "asa cx and cisco prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5.4.3"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2.1"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos insight fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.126"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(0.98000.88)"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.19"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.1"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.2"
      },
      {
        "model": "telepresence server mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.2"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.3"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "telepresence isdn link",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1.6"
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "telepresence sx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "helion openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "cognos business intelligence interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.119"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.3.0"
      },
      {
        "model": "10.1-release-p26",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.8"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13-34"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "ucs central 1.5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.3.5"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "primavera p6 professional project management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.20"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4-23"
      },
      {
        "model": "10.2-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70000"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0.1.7"
      },
      {
        "model": "media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "webex node for mcs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.12.9.8"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2.8"
      },
      {
        "model": "light",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.4.1"
      },
      {
        "model": "cloud manager with openstack interix fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "qradar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.8"
      },
      {
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.5"
      },
      {
        "model": "connected analytics for collaboration 1.0.1q",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(2)"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6.7"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.31"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.12"
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.3"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p35",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2.3"
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "10.2-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "spa50x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "netezza platform software 7.2.0.8-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.14"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.6"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "telepresence mx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.0.0"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.00"
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "connected grid router-cgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2919"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.9"
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "spa30x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client on premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.6"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.131)"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1(1)"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "connected grid router 15.6.2.15t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "counter fraud management for safer payments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.0"
      },
      {
        "model": "telepresence server on multiparty media mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.2"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.17"
      },
      {
        "model": "unified wireless ip phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1"
      },
      {
        "model": "10.2-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "spa51x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2.2"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(2.1)"
      },
      {
        "model": "physical access control gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "application and content networking system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.5.41"
      },
      {
        "model": "enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.11"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.9"
      },
      {
        "model": "mds series multilayer switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.8"
      },
      {
        "model": "flashsystem 9846-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "mobility services engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0"
      },
      {
        "model": "security access manager for web",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.0"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2.4"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.18"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.2"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "cognos business intelligence fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.12"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(4)"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.21"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8945"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1.10000.12)"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "mate design",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.31"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization sr3 es5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified communications manager 10.5 su3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nac server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "security proventia network active bypass 0343c3c",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "prime optical for sps",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "45000"
      },
      {
        "model": "telepresence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.4"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.6"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.8"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v vsg2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.3"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7.0"
      },
      {
        "model": "primavera p6 professional project management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2.1"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.21"
      },
      {
        "model": "security access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.0"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9951"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "content security appliance updater servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence ex series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.17"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.4-12"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "900012.0"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.32"
      },
      {
        "model": "tivoli netcool system service monitors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "unified series ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "unified communications manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2.7"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.2"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "watson explorer foundational components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0.0.3"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.99.2"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.9"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "spa51x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mate collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.10"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "10.2-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.3.6"
      },
      {
        "model": "watson explorer foundational components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0.0.2"
      },
      {
        "model": "mediasense 9.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "communications session border controller scz7.4.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "cognos insight fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.26"
      },
      {
        "model": "communications session router scz740",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "im and presence service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5(2)"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-11.5.2"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.1"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.1.1"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p28",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "flashsystem 9843-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.5.1"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "light",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.4.0"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.25-57"
      },
      {
        "model": "flashsystem 9848-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-43"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "meetingplace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "webex messenger service ep1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9.9"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.5"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.3"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.17"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.10"
      },
      {
        "model": "netezza platform software 7.2.0.4-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.0.997"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.15"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "mmp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.3.4.2-4"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "cognos business intelligence interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.117"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "bigfix remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.11"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.01"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.15-36"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.6"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.10"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "flashsystem 9840-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "900"
      },
      {
        "model": "webex meetings client hosted t31r1sp6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.8"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3x000"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.1"
      },
      {
        "model": "netezza platform software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.9"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1.0.0"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.3.1"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "9.3-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.8"
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "identity services engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.1"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "qradar siem/qrif/qrm/qvm patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.71"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.6"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "netezza platform software 7.2.0.4-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on virtual machine mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "unified ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60008.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.2-9"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70008.3"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-113"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.3(1)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.12"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.29-9"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "telepresence server mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.2"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.1.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "watson explorer foundational components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2.9"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.3.3"
      },
      {
        "model": "webex meetings client on premises",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-2.7"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "communications session router scz730",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.9.1"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "10.1-release-p19",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.10"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "agile engineering data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.3.0"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.1.0"
      },
      {
        "model": "partner supporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "10.2-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.11"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5"
      },
      {
        "model": "tivoli netcool system service monitors fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "jabber for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.2"
      },
      {
        "model": "9.3-release-p33",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "spa525g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller 1.0.3394m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.1.5"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "telepresence content server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50007.3.1"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(3)"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.18-49"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "mq appliance m2000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "telepresence ex series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.3.2"
      },
      {
        "model": "network admission control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "mobile security suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.1"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.6)"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7.0"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9-34"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "9.3-release-p31",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "unity connection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1.98991.13)"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.7"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.3"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.1"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-2.7"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "tivoli composite application manager for transactions if37",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "tivoli network manager ip edition fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.94"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "connected grid router cgos 15.6.2.15t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "9.3-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "communications session router ecz730",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.3-release-p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "emergency responder 10.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.2"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "xenserver service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.51"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79009.4(2)"
      },
      {
        "model": "video surveillance media server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9"
      },
      {
        "model": "10.2-release-p16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "watson explorer foundational components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.4.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.2"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.33"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "89760"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2107"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.1s",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hp:helion_openstack:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:helion_openstack:2.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:helion_openstack:2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:helion_openstack:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.12.14",
                "versionStartIncluding": "0.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.10.45",
                "versionStartIncluding": "0.10.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.4.4",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.11.1",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2107"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juraj Somorovsky using TLS-Attacker",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-080"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-2107",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "CVE-2016-2107",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "LOW",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2107",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201605-080",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-2107",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2107"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2107"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. OpenSSL is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. \nNote : This issue is the result of an incomplete fix for the issue  described in 57778 (Multiple TLS And DTLS Implementations CVE-2013-0169  Information Disclosure Vulnerability)\nOpenSSL versions 1.0.2 prior to 1.0.2h are vulnerable. \nOpenSSL versions 1.0.1 prior to 1.0.1t are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03756en_us\nVersion: 1\n\nHPESBHF03756 rev.1 -  HPE Network Products including Comware 7, iMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-06-05\nLast Updated: 2017-06-05\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nnetwork products including Comware 7, iMC, and VCX. The vulnerabilities could\nbe remotely exploited resulting in Denial of Service (DoS) or disclosure of\nsensitive information. \n\nReferences:\n\n  - CVE-2016-2105 - Remote Denial of Service (DoS)\n  - CVE-2016-2106 - Remote Denial of Service (DoS)\n  - CVE-2016-2107 - Remote disclosure of sensitive information\n  - CVE-2016-2108 - Remote Denial of Service (DoS)\n  - CVE-2016-2109 - Remote Denial of Service (DoS)\n  - CVE-2016-2176 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n  - Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - HP Intelligent Management Center (iMC) All versions - Please refer to the\nRESOLUTION below for a list of updated products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2016-2105\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-2106\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-2107\n      3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\n      2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n    CVE-2016-2108\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-2109\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n    CVE-2016-2176\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\n      6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerabilities in the Comware 7, iMC and VCX products running OpenSSL. \n\n**COMWARE 7 Products**\n\n  + 12500 (Comware 7) - Version: R7377P02\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 10500 (Comware 7) - Version: R7184\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5900/5920 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR1000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR2000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR3000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR4000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + VSR (Comware 7) - Version: E0324\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 7900 (Comware 7) - Version: R2152\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5130 (Comware 7) - Version: R3115\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 6125XLG - Version: R2422P02\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 6127XLG - Version: R2422P02\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + Moonshot - Version: R2432\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5700 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5930 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 1950 (Comware 7) - Version: R3115\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 7500 (Comware 7) - Version: R7184\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5510HI (Comware 7) - Version: R1120P10\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5130HI (Comware 7) - Version: R1120P10\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5940 - Version: R2509\n    * HP Network Products\n      - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch\n      - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch\n      - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch\n      - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch\n      - JH396A HPE FlexFabric 5940 32QSFP+ Switch\n      - JH397A HPE FlexFabric 5940 2-slot Switch\n      - JH398A HPE FlexFabric 5940 4-slot Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5950 - Version: R6123\n    * HP Network Products\n      - JH321A HPE FlexFabric 5950 32QSFP28 Switch\n      - JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch\n      - JH404A HPE FlexFabric 5950 4-slot Switch\n  + 12900E (Comware 7) - Version: R2609\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n\n**iMC Products**\n\n  + iNode PC 7.2 (E0410) - Version: 7.2 E0410\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n    * CVEs\n      - CVE-2016-2106\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n    * CVEs\n      - CVE-2016-2106\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n\n**VCX Products**\n\n  + VCX - Version: 9.8.19\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 2 June 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \nCorrected:      2016-05-03 18:54:20 UTC (stable/10, 10.3-STABLE)\n                2016-05-04 15:25:47 UTC (releng/10.3, 10.3-RELEASE-p2)\n                2016-05-04 15:26:23 UTC (releng/10.2, 10.2-RELEASE-p16)\n                2016-05-04 15:27:09 UTC (releng/10.1, 10.1-RELEASE-p33)\n                2016-05-04 06:53:02 UTC (stable/9, 9.3-STABLE)\n                2016-05-04 15:27:09 UTC (releng/9.3, 9.3-RELEASE-p41)\nCVE Name:       CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109,\n                CVE-2016-2176\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2016-2176]\nFreeBSD does not run on any EBCDIC systems and therefore is not affected. \n\nIII. \n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nRestart all daemons that use the library, or reboot the system. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nRestart all daemons that use the library, or reboot the system. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.x]\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch.asc\n# gpg --verify openssl-10.patch.asc\n\n[FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patc\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patch.asc\n# gpg --verify openssl-9.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all daemons that use the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/9/                                                         r299053\nreleng/9.3/                                                       r299068\nstable/10/                                                        r298999\nreleng/10.1/                                                      r299068\nreleng/10.2/                                                      r299067\nreleng/10.3/                                                      r299066\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 07, 2016\n     Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n           #592082, #594500, #595186\n       ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2j                  \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. Additionally, a time based side-channel\nattack may allow a local attacker to recover a private DSA key. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[  1 ] CVE-2016-2105\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[  2 ] CVE-2016-2106\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[  3 ] CVE-2016-2107\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[  4 ] CVE-2016-2108\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[  5 ] CVE-2016-2109\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[  6 ] CVE-2016-2176\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[  7 ] CVE-2016-2177\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[  8 ] CVE-2016-2178\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[  9 ] CVE-2016-2180\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n       http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2016:0722-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0722.html\nIssue date:        2016-05-09\nCVE Names:         CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 \n                   CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 \n                   CVE-2016-2842 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. A remote attacker could use these\nflaws to crash an application using OpenSSL or, possibly, execute arbitrary\ncode with the permissions of the user running that application. \n(CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. \n(CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno B\u00f6ck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions\n1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0799\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2107\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-2842\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXMFlTXlSAg2UNWIIRAhYAAJ0T9Ib2vXUa5te34i6fphHrbe0HlwCfePy5\nWjaK8x9OaI0FgbWyfxvwq6o=\n=jHjh\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. This could lead to a heap corruption. \n    This could lead to a heap corruption. \n\nCVE-2016-2108\n\n    David Benjamin from Google discovered that two separate bugs in the\n    ASN.1 encoder, related to handling of negative zero integer values\n    and large universal tags, could lead to an out-of-bounds write. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2h-1. \n\nA security vulnerability in QEMU was addressed by HPE Helion OpenStack. The\nvulnerability could be exploited resulting in local unauthorized data access. \n\nReferences:\n\nCVE-2016-2108\nCVE-2016-2107\nCVE-2016-3710\nPSRT110142\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update\n2016-004\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 is now\navailable and addresses the following:\n\napache_mod_php\nAvailable for:  \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple issues existed in PHP versions prior to\n5.5.36. These were addressed by updating PHP to version 5.5.36. \nCVE-2016-4650\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Parsing a maliciously crafted audio file may lead to the\ndisclosure of user information\nDescription:  An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend\nMicro\u0027s Zero Day Initiative\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nbsdiff\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription:  An integer overflow existed in bspatch. This issue was\naddressed through improved bounds checking. \nCVE-2014-9862 : an anonymous researcher\n\nCFNetwork\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to view sensitive user information\nDescription:  A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed through improved\nrestrictions. \nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc. \n\nCoreGraphics\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nCoreGraphics\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to elevate privileges\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nFaceTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription:  User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nGraphics Drivers\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4634 : Stefan Esser of SektionEins\n\nImageIO\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nImageIO\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nIntel Graphics Driver\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4633 : an anonymous researcher\n\nIOHIDFamily\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nIOSurface\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A use-after-free was addressed through improved memory\nmanagement. \nCVE-2016-4625 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibc++abi\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  An application may be able to execute arbitrary code with\nroot privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4621 : an anonymous researcher\n\nlibexpat\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-0718 : Gustavo Grieco\n\nLibreSSL\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple issues existed in LibreSSL before 2.2.7. These\nwere addressed by updating LibreSSL to version 2.2.7. \nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand,\nIan Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription:  An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Multiple vulnerabilities in libxml2\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxslt\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Multiple vulnerabilities in libxslt\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode leading to compromise of user information\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode leading to the compromise of user information\nDescription:  A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a denial of service\nDescription:  A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to gain root privileges\nDescription:  A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in OpenSSL. \nCVE-2016-2105 : Guido Vranken\nCVE-2016-2106 : Guido Vranken\nCVE-2016-2107 : Juraj Somorovsky\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\nCVE-2016-2176 : Guido Vranken\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4596 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4597 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4600 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4602 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4598 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted SGI file may lead to\narbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4601 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4599 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nSafari Login AutoFill\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A user\u0027s password may be visible on screen\nDescription:  An issue existed in Safari\u0027s password auto-fill. This\nissue was addressed through improved matching of form fields. \nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\nSandbox Profiles\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local application may be able to access the process list\nDescription:  An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nNote: OS X El Capitan 10.11.6 includes the security content of Safari\n9.1.2. For further details see https://support.apple.com/kb/HT206900\n\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y\n+cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy\npSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV\nxj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u\nwevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN\nZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k\nah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk\nmmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC\nJM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc\n55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs\nxPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5\nYozOGPQFmX0OviWCQsX6\n=ng+m\n-----END PGP SIGNATURE-----\n. Description:\n\nThis release of Red Hat JBoss Core Services httpd 2.4.23 serves as a\nreplacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. OpenSSL Security Advisory [3rd May 2016]\n========================================\n\nMemory corruption in the ASN.1 encoder (CVE-2016-2108)\n======================================================\n\nSeverity: High\n\nThis issue affected versions of OpenSSL prior to April 2015. The bug\ncausing the vulnerability was fixed on April 18th 2015, and released\nas part of the June 11th 2015 security releases. The security impact\nof the bug was not known at the time. \n\nIn previous versions of OpenSSL, ASN.1 encoding the value zero\nrepresented as a negative integer can cause a buffer underflow\nwith an out-of-bounds write in i2c_ASN1_INTEGER. The ASN.1 parser does\nnot normally create \"negative zeroes\" when parsing ASN.1 input, and\ntherefore, an attacker cannot trigger this bug. \n\nHowever, a second, independent bug revealed that the ASN.1 parser\n(specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag\nas a negative zero value. Large universal tags are not present in any\ncommon ASN.1 structures (such as X509) but are accepted as part of ANY\nstructures. \n\nTherefore, if an application deserializes untrusted ASN.1 structures\ncontaining an ANY field, and later reserializes them, an attacker may\nbe able to trigger an out-of-bounds write. This has been shown to\ncause memory corruption that is potentially exploitable with some\nmalloc implementations. \n\nApplications that parse and re-encode X509 certificates are known to\nbe vulnerable. Applications that verify RSA signatures on X509\ncertificates may also be vulnerable; however, only certificates with\nvalid signatures trigger ASN.1 re-encoding and hence the\nbug. Specifically, since OpenSSL\u0027s default TLS X509 chain verification\ncode verifies the certificate chain from root to leaf, TLS handshakes\ncould only be targeted with valid certificates issued by trusted\nCertification Authorities. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2c\nOpenSSL 1.0.1 users should upgrade to 1.0.1o\n\nThis vulnerability is a combination of two bugs, neither of which\nindividually has security impact. The first bug (mishandling of\nnegative zero integers) was reported to OpenSSL by Huzaifa Sidhpurwala\n(Red Hat) and independently by Hanno B\u00f6ck in April 2015. The second\nissue (mishandling of large universal tags) was found using libFuzzer,\nand reported on the public issue tracker on March 1st 2016. The fact\nthat these two issues combined present a security vulnerability was\nreported by David Benjamin (Google) on March 31st 2016. The fixes were\ndeveloped by Steve Henson of the OpenSSL development team, and David\nBenjamin.  The OpenSSL team would also like to thank Mark Brand and\nIan Beer from the Google Project Zero team for their careful analysis\nof the impact. \n\nThe fix for the \"negative zero\" memory corruption bug can be\nidentified by commits\n\n3661bb4e7934668bd99ca777ea8b30eedfafa871 (1.0.2)\nand\n32d3b0f52f77ce86d53f38685336668d47c5bdfe (1.0.1)\n\nPadding oracle in AES-NI CBC MAC check (CVE-2016-2107)\n======================================================\n\nSeverity: High\n\nA MITM attacker can use a padding oracle attack to decrypt traffic\nwhen the connection uses an AES CBC cipher and the server support\nAES-NI. \n\nThis issue was introduced as part of the fix for Lucky 13 padding\nattack (CVE-2013-0169). The padding check was rewritten to be in\nconstant time by making sure that always the same bytes are read and\ncompared against either the MAC or padding bytes. But it no longer\nchecked that there was enough data to have both the MAC and padding\nbytes. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 13th of April 2016 by Juraj\nSomorovsky using TLS-Attacker. The fix was developed by Kurt Roeckx\nof the OpenSSL development team. \n\nEVP_EncodeUpdate overflow (CVE-2016-2105)\n=========================================\n\nSeverity: Low\n\nAn overflow can occur in the EVP_EncodeUpdate() function which is used for\nBase64 encoding of binary data. If an attacker is able to supply very large\namounts of input data then a length check can overflow resulting in a heap\ncorruption. \n\nInternally to OpenSSL the EVP_EncodeUpdate() function is primarly used by the\nPEM_write_bio* family of functions. These are mainly used within the OpenSSL\ncommand line applications. These internal uses are not considered vulnerable\nbecause all calls are bounded with length checks so no overflow is possible. \nUser applications that call these APIs directly with large amounts of untrusted\ndata may be vulnerable. (Note: Initial analysis suggested that the\nPEM_write_bio* were vulnerable, and this is reflected in the patch commit\nmessage. This is no longer believed to be the case). \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nEVP_EncryptUpdate overflow (CVE-2016-2106)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in the EVP_EncryptUpdate() function. If an attacker is\nable to supply very large amounts of input data after a previous call to\nEVP_EncryptUpdate() with a partial block then a length check can overflow\nresulting in a heap corruption. Following an analysis of all OpenSSL internal\nusage of the EVP_EncryptUpdate() function all usage is one of two forms. \nThe first form is where the EVP_EncryptUpdate() call is known to be the first\ncalled function after an EVP_EncryptInit(), and therefore that specific call\nmust be safe. The second form is where the length passed to EVP_EncryptUpdate()\ncan be seen from the code to be some small value and therefore there is no\npossibility of an overflow. Since all instances are one of these two forms, it\nis believed that there can be no overflows in internal code due to this problem. \nIt should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate() in\ncertain code paths. Also EVP_CipherUpdate() is a synonym for\nEVP_EncryptUpdate(). All instances of these calls have also been analysed too\nand it is believed there are no instances in internal usage where an overflow\ncould occur. \n\nThis could still represent a security issue for end user code that calls this\nfunction directly. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nASN.1 BIO excessive memory allocation (CVE-2016-2109)\n=====================================================\n\nSeverity: Low\n\nWhen ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()\na short invalid encoding can casuse allocation of large amounts of memory\npotentially consuming excessive resources or exhausting memory. \n\nAny application parsing untrusted data through d2i BIO functions is affected. \nThe memory based functions such as d2i_X509() are *not* affected. Since the\nmemory based functions are used by the TLS library, TLS applications are not\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 4th April 2016 by Brian Carpenter. \nThe fix was developed by Stephen Henson of the OpenSSL development team. \n\nEBCDIC overread (CVE-2016-2176)\n===============================\n\nSeverity: Low\n\nASN1 Strings that are over 1024 bytes can cause an overread in applications\nusing the X509_NAME_oneline() function on EBCDIC systems. This could result in\narbitrary stack data being returned in the buffer. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160503.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2107"
      },
      {
        "db": "BID",
        "id": "89760"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2107"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "136919"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136937"
      },
      {
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "db": "PACKETSTORM",
        "id": "137353"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "169652"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39768",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2107"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2107",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "89760",
        "trust": 1.9
      },
      {
        "db": "PACKETSTORM",
        "id": "136912",
        "trust": 1.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "39768",
        "trust": 1.6
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.6
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-18",
        "trust": 1.6
      },
      {
        "db": "MCAFEE",
        "id": "SB10160",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1035721",
        "trust": 1.6
      },
      {
        "db": "PULSESECURE",
        "id": "SA40202",
        "trust": 1.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2148",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-080",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2107",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "142803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136919",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140056",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136937",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136893",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137353",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137958",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140182",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169652",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2107"
      },
      {
        "db": "BID",
        "id": "89760"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "136919"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136937"
      },
      {
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "db": "PACKETSTORM",
        "id": "137353"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "169652"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2107"
      }
    ]
  },
  "id": "VAR-201605-0077",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.43052093714285716
  },
  "last_update_date": "2024-07-22T22:40:18.127000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "OpenSSL AES-NI Remedial measures to achieve security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=61405"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162073 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2016-2107",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2107"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2959-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3566-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=055972eb84483959232c972f757685e0"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-695",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-695"
      },
      {
        "title": "Citrix Security Bulletins: Citrix XenServer 7.2 Multiple Security Updates",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=b7259bee9307e075caf863b54947ad7b"
      },
      {
        "title": "Citrix Security Bulletins: Citrix XenServer Multiple Security Updates",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=c11f24ab4065121676cfe8313127856c"
      },
      {
        "title": "Tenable Security Advisories: [R5] OpenSSL \u002720160503\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-10"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-13"
      },
      {
        "title": "Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-18"
      },
      {
        "title": "docker-cve-2016-2107",
        "trust": 0.1,
        "url": "https://github.com/tmiklas/docker-cve-2016-2107 "
      },
      {
        "title": "SSLtest\nUsage:",
        "trust": 0.1,
        "url": "https://github.com/psc4re/ssltest "
      },
      {
        "title": "CVE-2016-2107",
        "trust": 0.1,
        "url": "https://github.com/filosottile/cve-2016-2107 "
      },
      {
        "title": "WS-TLS-Scanner\nCompiling\nRunning\nResults\nDocker",
        "trust": 0.1,
        "url": "https://github.com/rub-nds/ws-tls-scanner "
      },
      {
        "title": "TLS - what can go wrong?",
        "trust": 0.1,
        "url": "https://github.com/hannob/tls-what-can-go-wrong "
      },
      {
        "title": "OpenBSD httpd TLS Let\u0027s Encrypt configuration for perfect A+ SSLLabs score\nLicense\nAuthor",
        "trust": 0.1,
        "url": "https://github.com/krabelize/openbsd-httpd-tls-config "
      },
      {
        "title": "OpenBSD httpd TLS Let\u0027s Encrypt configuration for perfect A+ SSLLabs score\nLicense\nAuthor",
        "trust": 0.1,
        "url": "https://github.com/krabelize/openbsd-httpd-tls-perfect-ssllabs-score "
      },
      {
        "title": "Donate if you want\nHow it looks\nUsage\nWhat it can test\nWhat it won\u0027t test for you",
        "trust": 0.1,
        "url": "https://github.com/compilenix/tls-tester "
      },
      {
        "title": "OpenBSD httpd TLS Let\u0027s Encrypt configuration for perfect A+ SSLLabs score\nLicense\nAuthor",
        "trust": 0.1,
        "url": "https://github.com/krabelize/openbsd-httpd-tls-config-ssllabs "
      },
      {
        "title": "https://github.com/githuberxu/Project",
        "trust": 0.1,
        "url": "https://github.com/githuberxu/project "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2107"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-080"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-310",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2107"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://www.openssl.org/news/secadv/20160503.txt"
      },
      {
        "trust": 2.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html"
      },
      {
        "trust": 1.9,
        "url": "http://source.android.com/security/bulletin/2016-07-01.html"
      },
      {
        "trust": 1.9,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.9,
        "url": "http://support.citrix.com/article/ctx212736"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/201612-16"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.6,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03728en_us"
      },
      {
        "trust": 1.6,
        "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
      },
      {
        "trust": 1.6,
        "url": "https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2016/dsa-3566"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
      },
      {
        "trust": 1.6,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149"
      },
      {
        "trust": 1.6,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03756en_us"
      },
      {
        "trust": 1.6,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "trust": 1.6,
        "url": "https://bto.bluecoat.com/security-advisory/sa123"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
      },
      {
        "trust": 1.6,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03765en_us"
      },
      {
        "trust": 1.6,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05164862"
      },
      {
        "trust": 1.6,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160"
      },
      {
        "trust": 1.6,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1035721"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
      },
      {
        "trust": 1.6,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183457.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
      },
      {
        "trust": 1.6,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202"
      },
      {
        "trust": 1.6,
        "url": "http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
      },
      {
        "trust": 1.6,
        "url": "http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.6,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
      },
      {
        "trust": 1.6,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
      },
      {
        "trust": 1.6,
        "url": "https://support.apple.com/ht206903"
      },
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
      },
      {
        "trust": 1.6,
        "url": "https://www.tenable.com/security/tns-2016-18"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html"
      },
      {
        "trust": 1.6,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183607.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.ubuntu.com/usn/usn-2959-1"
      },
      {
        "trust": 1.6,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05386804"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2073.html"
      },
      {
        "trust": 1.6,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-16:17.openssl.asc"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
      },
      {
        "trust": 1.6,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184605.html"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
      },
      {
        "trust": 1.6,
        "url": "https://www.exploit-db.com/exploits/39768/"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/89760"
      },
      {
        "trust": 1.6,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03726en_us"
      },
      {
        "trust": 1.6,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=68595c0c2886e7942a14f98c17a55a88afb6c292"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=68595c0c2886e7942a14f98c17a55a88afb6c292"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331426"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2016/may/25"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbgn03728en_us"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05164862"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023779"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023814"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024319"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099429"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000158"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021361"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021376"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "https://securityadvisories.paloaltonetworks.com/home/detail/56?aspxautodetectcookiesupport=1"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987903"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984111"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988007"
      },
      {
        "trust": 0.3,
        "url": "http://www.splunk.com/view/sp-caaapqm"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009105"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009106"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009147"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009281"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21982823"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982949"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983158"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983514"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983555"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983909"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984323"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984446"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21984483"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984583"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984609"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984794"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984920"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984977"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985736"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985981"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986054"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986123"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986152"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986260"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986460"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986473"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986506"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986563"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986564"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986669"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21987174"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987175"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987671"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987707"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987779"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988055"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988071"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988081"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988189"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988350"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988383"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988976"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989046"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989958"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989964"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990141"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992493"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992894"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982814"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03756en_us"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-16:17/openssl-9.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-16:17/openssl-9.patc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-16:17/openssl-10.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2106\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2176\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20160503.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:17.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-16:17/openssl-10.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2109\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2107\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://eprint.iacr.org/2016/594.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "https://helion.hpwsportal.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3710"
      },
      {
        "trust": 0.1,
        "url": "http://docs.hpcloud.com/#helion/releasenotes215.html"
      },
      {
        "trust": 0.1,
        "url": "http://docs.hpcloud.com/#helion/installation/upgrade2x_to_215.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4599"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4601"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4597"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4596"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4595"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9862"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4598"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4602"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht206900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-8612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5420"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5419"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/releasestrat.html),"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "89760"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "136919"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136937"
      },
      {
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "db": "PACKETSTORM",
        "id": "137353"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "169652"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2107"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2107"
      },
      {
        "db": "BID",
        "id": "89760"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "136919"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136937"
      },
      {
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "db": "PACKETSTORM",
        "id": "137353"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "169652"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2107"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2107"
      },
      {
        "date": "2016-05-03T00:00:00",
        "db": "BID",
        "id": "89760"
      },
      {
        "date": "2017-06-05T18:18:00",
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "date": "2016-05-05T16:11:49",
        "db": "PACKETSTORM",
        "id": "136919"
      },
      {
        "date": "2016-12-07T16:37:31",
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "date": "2016-05-09T14:05:44",
        "db": "PACKETSTORM",
        "id": "136937"
      },
      {
        "date": "2016-05-03T22:55:47",
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "date": "2016-06-08T13:16:00",
        "db": "PACKETSTORM",
        "id": "137353"
      },
      {
        "date": "2016-07-19T19:45:20",
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "date": "2016-12-16T16:34:49",
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "date": "2016-05-03T12:12:12",
        "db": "PACKETSTORM",
        "id": "169652"
      },
      {
        "date": "2016-05-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-080"
      },
      {
        "date": "2016-05-05T01:59:03.200000",
        "db": "NVD",
        "id": "CVE-2016-2107"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-02-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2107"
      },
      {
        "date": "2018-10-17T07:00:00",
        "db": "BID",
        "id": "89760"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-080"
      },
      {
        "date": "2024-02-16T19:19:33.320000",
        "db": "NVD",
        "id": "CVE-2016-2107"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-080"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL AES-NI Implement security vulnerabilities",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-080"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-080"
      }
    ],
    "trust": 0.6
  }
}

var-201507-0348
Vulnerability from variot

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. OpenSSL Contains a certificate chain validation flaw. 2015 Year 7 Moon 9 Day, OpenSSL Project Than OpenSSL Security Advisory [9 Jul 2015] Has been published. OpenSSL Security Advisory [9 Jul 2015] https://www.openssl.org/news/secadv_20150709.txt According to the advisory, the following vulnerabilities have been fixed: OpenSSL 1.0.2d , 1.0.1p Has been released. Severity − High (Severity: High) ・ Alternative chains certificate forgery (CVE-2015-1793) OpenSSL Tries to build an alternative certificate chain if the certificate validation fails to build the first certificate chain, but there is a flaw in the implementation of this process. As a result, for example CA Flag FALSE A certificate issued using a certificate that is considered to be trusted is not detected as being invalid. CA May be treated as a certificate issued by.Man-in-the-middle attacks (man-in-the-middle attack) By HTTPS The contents of the communication may be viewed or altered. OpenSSL is prone to a security-bypass vulnerability because the application fails to properly verify SSL, TLS, and DTLS certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions. This may aid in further attacks. OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n, and 1.0.1o are vulnerable. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a security vulnerability in the TLS protocol 1.2 and earlier versions. The vulnerability comes from that when the server enables the DHE_EXPORT cipher suite, the program does not pass the DHE_EXPORT option correctly. Attackers can exploit this vulnerability to implement man-in-the-middle attacks and cipher-downgrade attacks by rewriting ClientHello (use DHE_EXPORT instead of DHE) and then rewrite ServerHello (use DHE instead of DHE_EXPORT). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04760669

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04760669 Version: 1

HPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-08-05 Last Updated: 2015-08-05

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled.

This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information.

References:

CVE-2015-4000: DHE man-in-the-middle protection (Logjam). CVE-2015-1788: Malformed ECParameters causes infinite loop. CVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time. CVE-2015-1790: PKCS7 crash with missing EnvelopedContent CVE-2015-1791: Race condition handling NewSessionTicket CVE-2015-1792: CMS verify infinite loop with unknown hash function CVE-2015-1793: Alternative Chain Certificate Forgery.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1793 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided an updated version of OpenSSL to resolve this vulnerability.

A new B.11.31 depot for OpenSSL_A.01.00.01p is available here:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I

MANUAL ACTIONS: Yes - Update

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.31

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.01.00.01p or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 5 August 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlXCSD4ACgkQ4B86/C0qfVlKnQCg5XcK1amrTACEyDY3QtJF75u2 L90AnAgGXxSCZgBVzDQCAezbHbrHPwtg =74KM -----END PGP SIGNATURE----- . The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS) or unauthorized access.

References:

  • CVE-2014-8176 - Remote Denial of Service (DoS)
  • CVE-2015-1788 - Remote Denial of Service (DoS)
  • CVE-2015-1789 - Remote Denial of Service (DoS)
  • CVE-2015-1790 - Remote Denial of Service (DoS)
  • CVE-2015-1791 - Remote Denial of Service (DoS)
  • CVE-2015-1792 - Remote Denial of Service (DoS)
  • CVE-2015-1793 - Remote Unauthorized Access
  • PSRT110158, SSRT102264

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

Please refer to the RESOLUTION below for a list of impacted products.

COMWARE 5 Products

  • A6600 (Comware 5) - Version: R3303P23
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • HSR6602 (Comware 5) - Version: R3303P23
    • HP Network Products
    • JC176A HP 6602 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 (Comware 5) - Version: R3303P23
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • MSR20 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD432A HP A-MSR20-21 Router
    • JD662A HP MSR20-20 Router
    • JD663A HP A-MSR20-21 Router
    • JD663B HP MSR20-21 Router
    • JD664A HP MSR20-40 Router
    • JF228A HP MSR20-40 Router
    • JF283A HP MSR20-20 Router
  • MSR20-1X (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD431A HP MSR20-10 Router
    • JD667A HP MSR20-15 IW Multi-Service Router
    • JD668A HP MSR20-13 Multi-Service Router
    • JD669A HP MSR20-13 W Multi-Service Router
    • JD670A HP MSR20-15 A Multi-Service Router
    • JD671A HP MSR20-15 AW Multi-Service Router
    • JD672A HP MSR20-15 I Multi-Service Router
    • JD673A HP MSR20-11 Multi-Service Router
    • JD674A HP MSR20-12 Multi-Service Router
    • JD675A HP MSR20-12 W Multi-Service Router
    • JD676A HP MSR20-12 T1 Multi-Service Router
    • JF236A HP MSR20-15-I Router
    • JF237A HP MSR20-15-A Router
    • JF238A HP MSR20-15-I-W Router
    • JF239A HP MSR20-11 Router
    • JF240A HP MSR20-13 Router
    • JF241A HP MSR20-12 Router
    • JF806A HP MSR20-12-T Router
    • JF807A HP MSR20-12-W Router
    • JF808A HP MSR20-13-W Router
    • JF809A HP MSR20-15-A-W Router
    • JF817A HP MSR20-15 Router
    • JG209A HP MSR20-12-T-W Router (NA)
    • JG210A HP MSR20-13-W Router (NA)
  • MSR 30 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD654A HP MSR30-60 POE Multi-Service Router
    • JD657A HP MSR30-40 Multi-Service Router
    • JD658A HP MSR30-60 Multi-Service Router
    • JD660A HP MSR30-20 POE Multi-Service Router
    • JD661A HP MSR30-40 POE Multi-Service Router
    • JD666A HP MSR30-20 Multi-Service Router
    • JF229A HP MSR30-40 Router
    • JF230A HP MSR30-60 Router
    • JF232A HP RTMSR3040-AC-OVSAS-H3
    • JF235A HP MSR30-20 DC Router
    • JF284A HP MSR30-20 Router
    • JF287A HP MSR30-40 DC Router
    • JF801A HP MSR30-60 DC Router
    • JF802A HP MSR30-20 PoE Router
    • JF803A HP MSR30-40 PoE Router
    • JF804A HP MSR30-60 PoE Router
    • JG728A HP MSR30-20 TAA-compliant DC Router
    • JG729A HP MSR30-20 TAA-compliant Router
  • MSR 30-16 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD659A HP MSR30-16 POE Multi-Service Router
    • JD665A HP MSR30-16 Multi-Service Router
    • JF233A HP MSR30-16 Router
    • JF234A HP MSR30-16 PoE Router
  • MSR 30-1X (Comware 5) - Version: R2514P10
    • HP Network Products
    • JF800A HP MSR30-11 Router
    • JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
    • JG182A HP MSR30-11E Router
    • JG183A HP MSR30-11F Router
    • JG184A HP MSR30-10 DC Router
  • MSR 50 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD433A HP MSR50-40 Router
    • JD653A HP MSR50 Processor Module
    • JD655A HP MSR50-40 Multi-Service Router
    • JD656A HP MSR50-60 Multi-Service Router
    • JF231A HP MSR50-60 Router
    • JF285A HP MSR50-40 DC Router
    • JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
  • MSR 50-G2 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD429A HP MSR50 G2 Processor Module
    • JD429B HP MSR50 G2 Processor Module
  • MSR 9XX (Comware 5) - Version: R2514P10
    • HP Network Products
    • JF812A HP MSR900 Router
    • JF813A HP MSR920 Router
    • JF814A HP MSR900-W Router
    • JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
    • JG207A HP MSR900-W Router (NA)
    • JG208A HP MSR920-W Router (NA)
  • MSR 93X (Comware 5) - Version: R2514P10
    • HP Network Products
    • JG511A HP MSR930 Router
    • JG511B HP MSR930 Router
    • JG512A HP MSR930 Wireless Router
    • JG513A HP MSR930 3G Router
    • JG513B HP MSR930 3G Router
    • JG514A HP MSR931 Router
    • JG514B HP MSR931 Router
    • JG515A HP MSR931 3G Router
    • JG516A HP MSR933 Router
    • JG517A HP MSR933 3G Router
    • JG518A HP MSR935 Router
    • JG518B HP MSR935 Router
    • JG519A HP MSR935 Wireless Router
    • JG520A HP MSR935 3G Router
    • JG531A HP MSR931 Dual 3G Router
    • JG531B HP MSR931 Dual 3G Router
    • JG596A HP MSR930 4G LTE/3G CDMA Router
    • JG597A HP MSR936 Wireless Router
    • JG665A HP MSR930 4G LTE/3G WCDMA Global Router
    • JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
    • JH009A HP MSR931 Serial (TI) Router
    • JH010A HP MSR933 G.SHDSL (TI) Router
    • JH011A HP MSR935 ADSL2+ (TI) Router
    • JH012A HP MSR930 Wireless 802.11n (NA) Router
    • JH012B HP MSR930 Wireless 802.11n (NA) Router
    • JH013A HP MSR935 Wireless 802.11n (NA) Router
  • MSR1000 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JG732A HP MSR1003-8 AC Router
  • 12500 (Comware 5) - Version: R1829P01
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JC808A HP 12500 TAA Main Processing Unit
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
  • 9500E (Comware 5) - Version: R1829P01
    • HP Network Products
    • JC124A HP A9508 Switch Chassis
    • JC124B HP 9505 Switch Chassis
    • JC125A HP A9512 Switch Chassis
    • JC125B HP 9512 Switch Chassis
    • JC474A HP A9508-V Switch Chassis
    • JC474B HP 9508-V Switch Chassis
  • 10500 (Comware 5) - Version: R1210P01
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC614A HP 10500 Main Processing Unit
    • JC748A HP 10512 Switch Chassis
    • JG375A HP 10500 TAA-compliant Main Processing Unit
    • JG820A HP 10504 TAA-compliant Switch Chassis
    • JG821A HP 10508 TAA-compliant Switch Chassis
    • JG822A HP 10508-V TAA-compliant Switch Chassis
    • JG823A HP 10512 TAA-compliant Switch Chassis
  • 7500 (Comware 5) - Version: R6710P01
    • HP Network Products
    • JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
    • JC697A HP 7502 TAA-compliant Main Processing Unit
    • JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
    • JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
    • JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
    • JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
    • JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD194A HP 7500 384Gbps Fabric Module
    • JD194B HP 7500 384Gbps Fabric Module
    • JD195A HP 7500 384Gbps Advanced Fabric Module
    • JD196A HP 7502 Fabric Module
    • JD220A HP 7500 768Gbps Fabric Module
    • JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
    • JD238A HP 7510 Switch Chassis
    • JD238B HP 7510 Switch Chassis
    • JD239A HP 7506 Switch Chassis
    • JD239B HP 7506 Switch Chassis
    • JD240A HP 7503 Switch Chassis
    • JD240B HP 7503 Switch Chassis
    • JD241A HP 7506-V Switch Chassis
    • JD241B HP 7506-V Switch Chassis
    • JD242A HP 7502 Switch Chassis
    • JD242B HP 7502 Switch Chassis
    • JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
    • JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
    • JE164A HP E7902 Switch Chassis
    • JE165A HP E7903 Switch Chassis
    • JE166A HP E7903 1 Fabric Slot Switch Chassis
    • JE167A HP E7906 Switch Chassis
    • JE168A HP E7906 Vertical Switch Chassis
    • JE169A HP E7910 Switch Chassis
  • 5830 (Comware 5) - Version: R1118P13
    • HP Network Products
    • JC691A HP 5830AF-48G Switch with 1 Interface Slot
    • JC694A HP 5830AF-96G Switch
    • JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
    • JG374A HP 5830AF-96G TAA-compliant Switch
  • 5800 (Comware 5) - Version: R1809P11
    • HP Network Products
    • JC099A HP 5800-24G-PoE Switch
    • JC099B HP 5800-24G-PoE+ Switch
    • JC100A HP 5800-24G Switch
    • JC100B HP 5800-24G Switch
    • JC101A HP 5800-48G Switch with 2 Slots
    • JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
    • JC103A HP 5800-24G-SFP Switch
    • JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
    • JC104A HP 5800-48G-PoE Switch
    • JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
    • JC105A HP 5800-48G Switch
    • JC105B HP 5800-48G Switch with 1 Interface Slot
    • JG254A HP 5800-24G-PoE+ TAA-compliant Switch
    • JG254B HP 5800-24G-PoE+ TAA-compliant Switch
    • JG255A HP 5800-24G TAA-compliant Switch
    • JG255B HP 5800-24G TAA-compliant Switch
    • JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG225A HP 5800AF-48G Switch
    • JG225B HP 5800AF-48G Switch
    • JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
    • JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
    • JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
    • JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
    • JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
    • JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
    • JG219A HP 5820AF-24XG Switch
    • JG219B HP 5820AF-24XG Switch
    • JC102A HP 5820-24XG-SFP+ Switch
    • JC102B HP 5820-24XG-SFP+ Switch
  • 5500 HI (Comware 5) - Version: R5501P17
    • HP Network Products
    • JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
    • JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
    • JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
    • JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
  • 5500 EI (Comware 5) - Version: R2221P19
    • HP Network Products
    • JD373A HP 5500-24G DC EI Switch
    • JD374A HP 5500-24G-SFP EI Switch
    • JD375A HP 5500-48G EI Switch
    • JD376A HP 5500-48G-PoE EI Switch
    • JD377A HP 5500-24G EI Switch
    • JD378A HP 5500-24G-PoE EI Switch
    • JD379A HP 5500-24G-SFP DC EI Switch
    • JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
    • JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
    • JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
    • JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
    • JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
  • 4800G (Comware 5) - Version: R2221P19
    • HP Network Products
    • JD007A HP 4800-24G Switch
    • JD008A HP 4800-24G-PoE Switch
    • JD009A HP 4800-24G-SFP Switch
    • JD010A HP 4800-48G Switch
    • JD011A HP 4800-48G-PoE Switch
  • 5500SI (Comware 5) - Version: R2221P20
    • HP Network Products
    • JD369A HP 5500-24G SI Switch
    • JD370A HP 5500-48G SI Switch
    • JD371A HP 5500-24G-PoE SI Switch
    • JD372A HP 5500-48G-PoE SI Switch
    • JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
    • JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
  • 4500G (Comware 5) - Version: R2221P20
    • HP Network Products
    • JF428A HP 4510-48G Switch
    • JF847A HP 4510-24G Switch
  • 5120 EI (Comware 5) - Version: R2221P20
    • HP Network Products
    • JE066A HP 5120-24G EI Switch
    • JE067A HP 5120-48G EI Switch
    • JE068A HP 5120-24G EI Switch with 2 Interface Slots
    • JE069A HP 5120-48G EI Switch with 2 Interface Slots
    • JE070A HP 5120-24G-PoE EI 2-slot Switch
    • JE071A HP 5120-48G-PoE EI 2-slot Switch
    • JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
    • JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
    • JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
    • JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
  • 4210G (Comware 5) - Version: R2221P20
    • HP Network Products
    • JF844A HP 4210-24G Switch
    • JF845A HP 4210-48G Switch
    • JF846A HP 4210-24G-PoE Switch
  • 5120 SI (Comware 5) - Version: R1516
    • HP Network Products
    • JE072A HP 5120-48G SI Switch
    • JE072B HPE 5120 48G SI Switch
    • JE073A HP 5120-16G SI Switch
    • JE073B HPE 5120 16G SI Switch
    • JE074A HP 5120-24G SI Switch
    • JE074B HPE 5120 24G SI Switch
    • JG091A HP 5120-24G-PoE+ (370W) SI Switch
    • JG091B HPE 5120 24G PoE+ (370W) SI Switch
    • JG092A HP 5120-24G-PoE+ (170W) SI Switch
    • JG309B HPE 5120 8G PoE+ (180W) SI Switch
    • JG310B HPE 5120 8G PoE+ (65W) SI Switch
  • 3610 (Comware 5) - Version: R5319P14
    • HP Network Products
    • JD335A HP 3610-48 Switch
    • JD336A HP 3610-24-4G-SFP Switch
    • JD337A HP 3610-24-2G-2G-SFP Switch
    • JD338A HP 3610-24-SFP Switch
  • 3600V2 (Comware 5) - Version: R2110P06
    • HP Network Products
    • JG299A HP 3600-24 v2 EI Switch
    • JG299B HP 3600-24 v2 EI Switch
    • JG300A HP 3600-48 v2 EI Switch
    • JG300B HP 3600-48 v2 EI Switch
    • JG301A HP 3600-24-PoE+ v2 EI Switch
    • JG301B HP 3600-24-PoE+ v2 EI Switch
    • JG301C HP 3600-24-PoE+ v2 EI Switch
    • JG302A HP 3600-48-PoE+ v2 EI Switch
    • JG302B HP 3600-48-PoE+ v2 EI Switch
    • JG302C HP 3600-48-PoE+ v2 EI Switch
    • JG303A HP 3600-24-SFP v2 EI Switch
    • JG303B HP 3600-24-SFP v2 EI Switch
    • JG304A HP 3600-24 v2 SI Switch
    • JG304B HP 3600-24 v2 SI Switch
    • JG305A HP 3600-48 v2 SI Switch
    • JG305B HP 3600-48 v2 SI Switch
    • JG306A HP 3600-24-PoE+ v2 SI Switch
    • JG306B HP 3600-24-PoE+ v2 SI Switch
    • JG306C HP 3600-24-PoE+ v2 SI Switch
    • JG307A HP 3600-48-PoE+ v2 SI Switch
    • JG307B HP 3600-48-PoE+ v2 SI Switch
    • JG307C HP 3600-48-PoE+ v2 SI Switch
  • 3100V2-48 (Comware 5) - Version: R2110P06
    • HP Network Products
    • JG315A HP 3100-48 v2 Switch
    • JG315B HP 3100-48 v2 Switch
  • HP870 (Comware 5) - Version: R2607P46
    • HP Network Products
    • JG723A HP 870 Unified Wired-WLAN Appliance
    • JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
  • HP850 (Comware 5) - Version: R2607P46
    • HP Network Products
    • JG722A HP 850 Unified Wired-WLAN Appliance
    • JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
  • HP830 (Comware 5) - Version: R3507P46
    • HP Network Products
    • JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
    • JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
    • JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
    • JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
  • HP6000 (Comware 5) - Version: R2507P46
    • HP Network Products
    • JG639A HP 10500/7500 20G Unified Wired-WLAN Module
    • JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
  • WX5004-EI (Comware 5) - Version: R2507P46
    • HP Network Products
    • JD447B HP WX5002 Access Controller
    • JD448A HP WX5004 Access Controller
    • JD448B HP WX5004 Access Controller
    • JD469A HP WX5004 Access Controller
  • SecBlade FW (Comware 5) - Version: R3181P07
    • HP Network Products
    • JC635A HP 12500 VPN Firewall Module
    • JD245A HP 9500 VPN Firewall Module
    • JD249A HP 10500/7500 Advanced VPN Firewall Module
    • JD250A HP 6600 Firewall Processing Router Module
    • JD251A HP 8800 Firewall Processing Module
    • JD255A HP 5820 VPN Firewall Module
  • F1000-E (Comware 5) - Version: R3181P07
    • HP Network Products
    • JD272A HP F1000-E VPN Firewall Appliance
  • F1000-A-EI (Comware 5) - Version: R3734P08
    • HP Network Products
    • JG214A HP F1000-A-EI VPN Firewall Appliance
  • F1000-S-EI (Comware 5) - Version: R3734P08
    • HP Network Products
    • JG213A HP F1000-S-EI VPN Firewall Appliance
  • F5000-A (Comware 5) - Version: F3210P26
    • HP Network Products
    • JD259A HP A5000-A5 VPN Firewall Chassis
    • JG215A HP F5000 Firewall Main Processing Unit
    • JG216A HP F5000 Firewall Standalone Chassis
  • U200S and CS (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD273A HP U200-S UTM Appliance
  • U200A and M (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD275A HP U200-A UTM Appliance
  • F5000-C/S (Comware 5) - Version: R3811P05
    • HP Network Products
    • JG650A HP F5000-C VPN Firewall Appliance
    • JG370A HP F5000-S VPN Firewall Appliance
  • SecBlade III (Comware 5) - Version: R3820P06
    • HP Network Products
    • JG371A HP 12500 20Gbps VPN Firewall Module
    • JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
  • 6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
  • 6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC165A) HP 6600 RPE-X1 Router Module
    • JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • 6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC176A) HP 6602 Router Chassis
  • HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • SMB1910 (Comware 5) - Version: R1111
    • HP Network Products
    • JG540A HP 1910-48 Switch
    • JG539A HP 1910-24-PoE+ Switch
    • JG538A HP 1910-24 Switch
    • JG537A HP 1910-8 -PoE+ Switch
    • JG536A HP 1910-8 Switch
  • SMB1920 (Comware 5) - Version: R1109
    • HP Network Products
    • JG928A HP 1920-48G-PoE+ (370W) Switch
    • JG927A HP 1920-48G Switch
    • JG926A HP 1920-24G-PoE+ (370W) Switch
    • JG925A HP 1920-24G-PoE+ (180W) Switch
    • JG924A HP 1920-24G Switch
    • JG923A HP 1920-16G Switch
    • JG922A HP 1920-8G-PoE+ (180W) Switch
    • JG921A HP 1920-8G-PoE+ (65W) Switch
    • JG920A HP 1920-8G Switch
  • V1910 (Comware 5) - Version: R1516
    • HP Network Products
    • JE005A HP 1910-16G Switch
    • JE006A HP 1910-24G Switch
    • JE007A HP 1910-24G-PoE (365W) Switch
    • JE008A HP 1910-24G-PoE(170W) Switch
    • JE009A HP 1910-48G Switch
    • JG348A HP 1910-8G Switch
    • JG349A HP 1910-8G-PoE+ (65W) Switch
    • JG350A HP 1910-8G-PoE+ (180W) Switch
  • SMB 1620 (Comware 5) - Version: R1108
    • HP Network Products
    • JG914A HP 1620-48G Switch
    • JG913A HP 1620-24G Switch
    • JG912A HP 1620-8G Switch

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7376
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
  • 10500 (Comware 7) - Version: R7170
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
  • 12900 (Comware 7) - Version: R1138P01
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
  • 5900 (Comware 7) - Version: R2422P01
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
  • MSR1000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
  • MSR2000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
  • MSR3000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
  • MSR4000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
  • VSR (Comware 7) - Version: E0321P01
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
  • 7900 (Comware 7) - Version: R2138P01
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
  • 5130 (Comware 7) - Version: R3109P16
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
  • 5700 (Comware 7) - Version: R2422P01
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
  • 5930 (Comware 7) - Version: R2422P01
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
  • HSR6600 (Comware 7) - Version: R7103P05
    • HP Network Products
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
  • HSR6800 (Comware 7) - Version: R7103P05
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
    • JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
  • 1950 (Comware 7) - Version: R3109P16
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
  • 7500 (Comware 7) - Version: R7170
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit

iMC Products

  • iMC Plat - Version: iMC Plat 7.1 E0303P16
    • HP Network Products
    • JD125A HP IMC Std S/W Platform w/100-node
    • JD126A HP IMC Ent S/W Platform w/100-node
    • JD808A HP IMC Ent Platform w/100-node License
    • JD814A HP A-IMC Enterprise Edition Software DVD Media
    • JD815A HP IMC Std Platform w/100-node License
    • JD816A HP A-IMC Standard Edition Software DVD Media
    • JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
    • JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
    • JF377A HP IMC Std S/W Platform w/100-node Lic
    • JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
    • JF378A HP IMC Ent S/W Platform w/200-node Lic
    • JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
    • JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
    • JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
    • JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
    • JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
    • JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
    • JG659AAE HP IMC Smart Connect VAE E-LTU
    • JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
    • JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
    • JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
    • JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
    • JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
    • JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
  • iMC iNode - Version: iNode PC 7.1 E0313, or, iNode PC 7.2 (E0401)
    • HP Network Products
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
  • iMC TAM_UAM - Version: iMC UAM_TAM 7.1 (E0307)
    • HP Network Products
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
  • iMC NSM - Version: iMC WSM 7.1 E0303P10
    • HP Network Products
    • JD456A HP IMC WSM Software Module with 50-Access Point License
    • JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
    • JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
    • JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
    • JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
    • JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU

VCX Products

  • VCX - Version: 9.8.18
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0

HISTORY Version:1 (rev.1) - 5 July 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1p"

References

[ 1 ] CVE-2015-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1793

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201507-15

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . The vulnerability could be exploited to allow remote authentication bypass.

Note: HP C.A. contains a version of Node.js, that when used in FIPS mode is affected by Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793). The patch is available from HP Software Support Online portal (HP SSO).

Note: This patch includes Node.js for FIPS mode that includes the newer version of OpenSSL (1.0.2d) which addresses the vulnerability. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-15:12.openssl Security Advisory The FreeBSD Project

Topic: OpenSSL alternate chains certificate forgery vulnerability

Category: contrib Module: openssl Announced: 2015-07-09 Credits: Adam Langley/David Benjamin (Google/BoringSSL), OpenSSL Affects: FreeBSD 10.1-STABLE after 2015-06-11 and prior to the correction date. Corrected: 2015-07-09 17:17:22 UTC (stable/10, 10.2-PRERELEASE, 10.2-BETA1) CVE Name: CVE-2015-1793

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II.

An error in the implementation of this logic could erroneously mark certificate as trusted when they should not.

III.

IV. Workaround

No workaround is available.

NOTE WELL: This issue does not affect earlier FreeBSD releases, including the supported 8.4, 9.3 and 10.1-RELEASE because the alternative certificate chain feature was not introduced in these releases. Only 10.1-STABLE after 2015-06-11 and prior to the correction date is affected.

V. Solution

Upgrade your vulnerable system to the latest supported FreeBSD stable/10 branch dated after the correction date.

Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/10/ r285330

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII.

This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p

This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150709.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0348",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "3.2"
      },
      {
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "3.1"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.2.0"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.1.2.2"
      },
      {
        "model": "opus 10g ethernet switch family",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "2.0.0.6"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.1.3.0"
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.9,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "enterprise monitor 2.3.20"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "enterprise monitor 3.0.22"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "base platform 11.1.0.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "base platform 11.2.0.4"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "base platform 12.1.0.4"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "base platform 12.1.0.5"
      },
      {
        "model": "enterprise manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "grid control of  oss support tools 8.8.15.7.15"
      },
      {
        "model": "enterprise manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.1.4"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.2.0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.2.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.3.0"
      },
      {
        "model": "ethernet switch",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "es2-64 2.0.0.6"
      },
      {
        "model": "ethernet switch",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "es2-72 2.0.0.6"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle business intelligence enterprise edition 11.1.1.7.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle business intelligence enterprise edition 11.1.1.9.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.3.0.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.4.0.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.5.0.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.6.0.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle tuxedo 12.1.1.0"
      },
      {
        "model": "jd edwards products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  jd edwards world security a9.4"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.53"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.54"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle agile engineering data management 6.1.2.2"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle agile engineering data management 6.1.3.0"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle agile engineering data management 6.2.0.0"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.1"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.2"
      },
      {
        "model": "switch",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "es1-24 1.3.1.13"
      },
      {
        "model": "sun blade 6000 ethernet switched nem 24p 10ge",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.2.2.13"
      },
      {
        "model": "sun network 10ge switch 72p",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.2.2.15"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0 manager component"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver8.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "hs series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7400/nv5400/nv3400 series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7500/nv5500/nv3500 series"
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v4.2 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v4.2 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard-j edition v4.1 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "uddi registry v1.1 to  v7.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v4.1 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v7.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v7.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard-j edition v7.1 to  v8.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v7.1 to  v8.1"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.4 to  v9.2"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v7.1 to  v8.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator ver3.1.0.x to  ver4.1.0.x"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "opus 10g ethernet switch family",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "2.0.0.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "hp-ux b.11.22",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "junos 12.1x44-d33",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.4"
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "junos 13.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.35"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "agile engineering data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.2.2"
      },
      {
        "model": "ios xe",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.14"
      },
      {
        "model": "rational automation framework ifix5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "hp-ux b.11.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13-34"
      },
      {
        "model": "junos 12.1x44-d51",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "imc products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.16-37"
      },
      {
        "model": "digital media players 5.3 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "junos 12.1x44-d50",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4-23"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.25-57"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-43"
      },
      {
        "model": "telepresence conductor xc4.0",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.16"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "ethernet switch es2-64",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.0.6"
      },
      {
        "model": "ios xe",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.15"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "junos 12.3x48-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.5"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.11-28"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "ethernet switch es2-72",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.0.6"
      },
      {
        "model": "junos 15.1r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.36"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "junos 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5.1"
      },
      {
        "model": "junos 14.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ethernet switch es2-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.9.1"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.5"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.34"
      },
      {
        "model": "digital media players 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "jd edwards world security a9.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "junos 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sun blade ethernet switched nem 24p 10ge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "60000"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "registered envelope service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4.1"
      },
      {
        "model": "aspera orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ethernet switch es2-72",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.9.1"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "partner supporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9.15.9.8"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.15-36"
      },
      {
        "model": "junos 12.1x44-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x44-d30.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 15.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "junos d20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "prime network services controller 3.4.1c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.6.0"
      },
      {
        "model": "hp-ux b.11.11.16.09",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9"
      },
      {
        "model": "webex messenger service ep1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9.9"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "switch es1-24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2919"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "hp-ux b.11.11.13.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 14.1r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "ios xe",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.13"
      },
      {
        "model": "10.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "hp-ux b.11.23.1.007",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.5.0"
      },
      {
        "model": "sun network 10ge switch 72p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.3.4.2-4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.29-9"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security manager sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.8"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "rational tau interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "local collector appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.10"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 13.2x51-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "junos 14.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "hp-ux b.11.11.02.008",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.0"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "aspera point to point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.5"
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1x46-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "netinsight",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.14"
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "esight network v300r003c10spc201",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "agile engineering data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.3.0"
      },
      {
        "model": "socialminer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "junos 14.2r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.3.0"
      },
      {
        "model": "aspera faspex application",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.2"
      },
      {
        "model": "asa cx and cisco prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 13.2x51-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "model d9485 davic qpsk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.24"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "vcx products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "agile engineering data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.0.0"
      },
      {
        "model": "junos 12.1x47-d45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "nexus series fex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "tuxedo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1.0"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3"
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1"
      },
      {
        "model": "rational tau interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "hp-ux b.11.11.17.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.18-49"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "puredata system for analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "industrial router 1.2.1rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.13-41"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.31"
      },
      {
        "model": "hp-ux b.11.23.07.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "netezza host management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.7.0"
      },
      {
        "model": "unified attendant console standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9-34"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "security proventia network active bypass 0343c3c",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.23"
      },
      {
        "model": "junos 12.1x46-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "junos 12.3r11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aspera proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.2"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "junos 13.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "esight network v300r003c10spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.2"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "junos 15.1x49-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "switch es1-24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.4"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-42"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "junos 14.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.4"
      },
      {
        "model": "aspera enterprise server client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "aspera ondemand",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.4"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "junos 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1876"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "connected analytics for collaboration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud service automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.5"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "hp-ux b.11.11.14.15",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1x44-d35.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "junos 12.3x48-d30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.32"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sun blade ethernet switched nem 24p 10ge",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "60001.2.2.13"
      },
      {
        "model": "services analytic platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "switch es1-24",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.3.1.3"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.9"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "junos 13.2x51-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "hp-ux b.11.11.15.13",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "emergency responder",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "junos 15.1x49-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "model d9485 davic qpsk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.2.19"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.1"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.33"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.6.0"
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sun network 10ge switch 72p",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.2.2.15"
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.3r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75652"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003487"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-298"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1793"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:supply_chain_products_suite:6.1.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:supply_chain_products_suite:6.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:supply_chain_products_suite:6.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:opus_10g_ethernet_switch_family:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0.0.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1793"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Adam Langley of Google and David Benjamin of BoringSSL.",
    "sources": [
      {
        "db": "BID",
        "id": "75652"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-1793",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-1793",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-79754",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-81961",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2015-1793",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1793",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201507-298",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-79754",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81961",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-1793",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79754"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81961"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1793"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003487"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-298"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1793"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. OpenSSL Contains a certificate chain validation flaw. 2015 Year 7 Moon 9 Day, OpenSSL Project Than OpenSSL Security Advisory [9 Jul 2015] Has been published. OpenSSL Security Advisory [9 Jul 2015] https://www.openssl.org/news/secadv_20150709.txt According to the advisory, the following vulnerabilities have been fixed: OpenSSL 1.0.2d , 1.0.1p Has been released. Severity \u2212 High (Severity: High) \uff65 Alternative chains certificate forgery (CVE-2015-1793) OpenSSL Tries to build an alternative certificate chain if the certificate validation fails to build the first certificate chain, but there is a flaw in the implementation of this process. As a result, for example CA Flag FALSE A certificate issued using a certificate that is considered to be trusted is not detected as being invalid. CA May be treated as a certificate issued by.Man-in-the-middle attacks (man-in-the-middle attack) By HTTPS The contents of the communication may be viewed or altered. OpenSSL is prone to a security-bypass vulnerability because the application fails to properly verify SSL, TLS, and DTLS certificates. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions. This may aid in further attacks. \nOpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n, and 1.0.1o are vulnerable. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a security vulnerability in the TLS protocol 1.2 and earlier versions. The vulnerability comes from that when the server enables the DHE_EXPORT cipher suite, the program does not pass the DHE_EXPORT option correctly. Attackers can exploit this vulnerability to implement man-in-the-middle attacks and cipher-downgrade attacks by rewriting ClientHello (use DHE_EXPORT instead of DHE) and then rewrite ServerHello (use DHE instead of DHE_EXPORT). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04760669\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04760669\nVersion: 1\n\nHPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-05\nLast Updated: 2015-08-05\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running\nOpenSSL with SSL/TLS enabled. \n\nThis is the TLS vulnerability using US export-grade 512-bit keys in\nDiffie-Hellman key exchange known as Logjam which could be exploited remotely\nresulting in disclosure of information. \n\nReferences:\n\nCVE-2015-4000: DHE man-in-the-middle protection (Logjam). \nCVE-2015-1788: Malformed ECParameters causes infinite loop. \nCVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time. \nCVE-2015-1790: PKCS7 crash with missing EnvelopedContent\nCVE-2015-1791: Race condition handling NewSessionTicket\nCVE-2015-1792: CMS verify infinite loop with unknown hash function\nCVE-2015-1793: Alternative Chain Certificate Forgery. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2015-4000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2015-1788    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1793    (AV:N/AC:L/Au:N/C:P/I:P/A:N)       6.4\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided an updated version of OpenSSL to resolve this vulnerability. \n\nA new B.11.31 depot for OpenSSL_A.01.00.01p is available here:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nMANUAL ACTIONS: Yes - Update\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.01.00.01p or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 5 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niEYEARECAAYFAlXCSD4ACgkQ4B86/C0qfVlKnQCg5XcK1amrTACEyDY3QtJF75u2\nL90AnAgGXxSCZgBVzDQCAezbHbrHPwtg\n=74KM\n-----END PGP SIGNATURE-----\n. The\nvulnerabilities could be exploited remotely resulting in Denial of Service\n(DoS) or unauthorized access. \n\nReferences:\n\n  - CVE-2014-8176 - Remote Denial of Service (DoS)\n  - CVE-2015-1788 - Remote Denial of Service (DoS)\n  - CVE-2015-1789 - Remote Denial of Service (DoS)\n  - CVE-2015-1790 - Remote Denial of Service (DoS)\n  - CVE-2015-1791 - Remote Denial of Service (DoS)\n  - CVE-2015-1792 - Remote Denial of Service (DoS)\n  - CVE-2015-1793 - Remote Unauthorized Access\n  - PSRT110158, SSRT102264\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nPlease refer to the RESOLUTION\n below for a list of impacted products. \n\n**COMWARE 5 Products**\n\n  + **A6600 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **HSR6602 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **MSR20 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD432A HP A-MSR20-21 Router\n      - JD662A HP MSR20-20 Router\n      - JD663A HP A-MSR20-21 Router\n      - JD663B HP MSR20-21 Router\n      - JD664A HP MSR20-40 Router\n      - JF228A HP MSR20-40 Router\n      - JF283A HP MSR20-20 Router\n  + **MSR20-1X  (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD431A HP MSR20-10 Router\n      - JD667A HP MSR20-15 IW Multi-Service Router\n      - JD668A HP MSR20-13 Multi-Service Router\n      - JD669A HP MSR20-13 W Multi-Service Router\n      - JD670A HP MSR20-15 A Multi-Service Router\n      - JD671A HP MSR20-15 AW Multi-Service Router\n      - JD672A HP MSR20-15 I Multi-Service Router\n      - JD673A HP MSR20-11 Multi-Service Router\n      - JD674A HP MSR20-12 Multi-Service Router\n      - JD675A HP MSR20-12 W Multi-Service Router\n      - JD676A HP MSR20-12 T1 Multi-Service Router\n      - JF236A HP MSR20-15-I Router\n      - JF237A HP MSR20-15-A Router\n      - JF238A HP MSR20-15-I-W Router\n      - JF239A HP MSR20-11 Router\n      - JF240A HP MSR20-13 Router\n      - JF241A HP MSR20-12 Router\n      - JF806A HP MSR20-12-T Router\n      - JF807A HP MSR20-12-W Router\n      - JF808A HP MSR20-13-W Router\n      - JF809A HP MSR20-15-A-W Router\n      - JF817A HP MSR20-15 Router\n      - JG209A HP MSR20-12-T-W Router (NA)\n      - JG210A HP MSR20-13-W Router (NA)\n  + **MSR 30 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD654A HP MSR30-60 POE Multi-Service Router\n      - JD657A HP MSR30-40 Multi-Service Router\n      - JD658A HP MSR30-60 Multi-Service Router\n      - JD660A HP MSR30-20 POE Multi-Service Router\n      - JD661A HP MSR30-40 POE Multi-Service Router\n      - JD666A HP MSR30-20 Multi-Service Router\n      - JF229A HP MSR30-40 Router\n      - JF230A HP MSR30-60 Router\n      - JF232A HP RTMSR3040-AC-OVSAS-H3\n      - JF235A HP MSR30-20 DC Router\n      - JF284A HP MSR30-20 Router\n      - JF287A HP MSR30-40 DC Router\n      - JF801A HP MSR30-60 DC Router\n      - JF802A HP MSR30-20 PoE Router\n      - JF803A HP MSR30-40 PoE Router\n      - JF804A HP MSR30-60 PoE Router\n      - JG728A HP MSR30-20 TAA-compliant DC Router\n      - JG729A HP MSR30-20 TAA-compliant Router\n  + **MSR 30-16 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD659A HP MSR30-16 POE Multi-Service Router\n      - JD665A HP MSR30-16 Multi-Service Router\n      - JF233A HP MSR30-16 Router\n      - JF234A HP MSR30-16 PoE Router\n  + **MSR 30-1X (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JF800A HP MSR30-11 Router\n      - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n      - JG182A HP MSR30-11E Router\n      - JG183A HP MSR30-11F Router\n      - JG184A HP MSR30-10 DC Router\n  + **MSR 50 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD433A HP MSR50-40 Router\n      - JD653A HP MSR50 Processor Module\n      - JD655A HP MSR50-40 Multi-Service Router\n      - JD656A HP MSR50-60 Multi-Service Router\n      - JF231A HP MSR50-60 Router\n      - JF285A HP MSR50-40 DC Router\n      - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n  + **MSR 50-G2 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD429A HP MSR50 G2 Processor Module\n      - JD429B HP MSR50 G2 Processor Module\n  + **MSR 9XX (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JF812A HP MSR900 Router\n      - JF813A HP MSR920 Router\n      - JF814A HP MSR900-W Router\n      - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n      - JG207A HP MSR900-W Router (NA)\n      - JG208A HP MSR920-W Router (NA)\n  + **MSR 93X (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JG511A HP MSR930 Router\n      - JG511B HP MSR930 Router\n      - JG512A HP MSR930 Wireless Router\n      - JG513A HP MSR930 3G Router\n      - JG513B HP MSR930 3G Router\n      - JG514A HP MSR931 Router\n      - JG514B HP MSR931 Router\n      - JG515A HP MSR931 3G Router\n      - JG516A HP MSR933 Router\n      - JG517A HP MSR933 3G Router\n      - JG518A HP MSR935 Router\n      - JG518B HP MSR935 Router\n      - JG519A HP MSR935 Wireless Router\n      - JG520A HP MSR935 3G Router\n      - JG531A HP MSR931 Dual 3G Router\n      - JG531B HP MSR931 Dual 3G Router\n      - JG596A HP MSR930 4G LTE/3G CDMA Router\n      - JG597A HP MSR936 Wireless Router\n      - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n      - JG704A HP MSR930 4G LTE/3G WCDMA  ATT Router\n      - JH009A HP MSR931 Serial (TI) Router\n      - JH010A HP MSR933 G.SHDSL (TI) Router\n      - JH011A HP MSR935 ADSL2+ (TI) Router\n      - JH012A HP MSR930 Wireless 802.11n (NA) Router\n      - JH012B HP MSR930 Wireless 802.11n (NA) Router\n      - JH013A HP MSR935 Wireless 802.11n (NA) Router\n  + **MSR1000 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JG732A HP MSR1003-8 AC Router\n  + **12500 (Comware 5) - Version: R1829P01**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JC808A HP 12500 TAA Main Processing Unit\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n  + **9500E (Comware 5) - Version: R1829P01**\n    * HP Network Products\n      - JC124A HP A9508 Switch Chassis\n      - JC124B HP 9505 Switch Chassis\n      - JC125A HP A9512 Switch Chassis\n      - JC125B HP 9512 Switch Chassis\n      - JC474A HP A9508-V Switch Chassis\n      - JC474B HP 9508-V Switch Chassis\n  + **10500 (Comware 5) - Version: R1210P01**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC614A HP 10500 Main Processing Unit\n      - JC748A HP 10512 Switch Chassis\n      - JG375A HP 10500 TAA-compliant Main Processing Unit\n      - JG820A HP 10504 TAA-compliant Switch Chassis\n      - JG821A HP 10508 TAA-compliant Switch Chassis\n      - JG822A HP 10508-V TAA-compliant Switch Chassis\n      - JG823A HP 10512 TAA-compliant Switch Chassis\n  + **7500 (Comware 5) - Version: R6710P01**\n    * HP Network Products\n      - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n      - JC697A HP 7502 TAA-compliant Main Processing Unit\n      - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n      - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n      - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n      - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n      - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD194A HP 7500 384Gbps Fabric Module\n      - JD194B HP 7500 384Gbps Fabric Module\n      - JD195A HP 7500 384Gbps Advanced Fabric Module\n      - JD196A HP 7502 Fabric Module\n      - JD220A HP 7500 768Gbps Fabric Module\n      - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n      - JD238A HP 7510 Switch Chassis\n      - JD238B HP 7510 Switch Chassis\n      - JD239A HP 7506 Switch Chassis\n      - JD239B HP 7506 Switch Chassis\n      - JD240A HP 7503 Switch Chassis\n      - JD240B HP 7503 Switch Chassis\n      - JD241A HP 7506-V Switch Chassis\n      - JD241B HP 7506-V Switch Chassis\n      - JD242A HP 7502 Switch Chassis\n      - JD242B HP 7502 Switch Chassis\n      - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JE164A HP E7902 Switch Chassis\n      - JE165A HP E7903 Switch Chassis\n      - JE166A HP E7903 1 Fabric Slot Switch Chassis\n      - JE167A HP E7906 Switch Chassis\n      - JE168A HP E7906 Vertical Switch Chassis\n      - JE169A HP E7910 Switch Chassis\n  + **5830 (Comware 5) - Version: R1118P13**\n    * HP Network Products\n      - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n      - JC694A HP 5830AF-96G Switch\n      - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n      - JG374A HP 5830AF-96G TAA-compliant Switch\n  + **5800 (Comware 5) - Version: R1809P11**\n    * HP Network Products\n      - JC099A HP 5800-24G-PoE Switch\n      - JC099B HP 5800-24G-PoE+ Switch\n      - JC100A HP 5800-24G Switch\n      - JC100B HP 5800-24G Switch\n      - JC101A HP 5800-48G Switch with 2 Slots\n      - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n      - JC103A HP 5800-24G-SFP Switch\n      - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n      - JC104A HP 5800-48G-PoE Switch\n      - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n      - JC105A HP 5800-48G Switch\n      - JC105B HP 5800-48G Switch with 1 Interface Slot\n      - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG255A HP 5800-24G TAA-compliant Switch\n      - JG255B HP 5800-24G TAA-compliant Switch\n      - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG225A HP 5800AF-48G Switch\n      - JG225B HP 5800AF-48G Switch\n      - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n      - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n      - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n      - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n      - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n      - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n      - JG219A HP 5820AF-24XG Switch\n      - JG219B HP 5820AF-24XG Switch\n      - JC102A HP 5820-24XG-SFP+ Switch\n      - JC102B HP 5820-24XG-SFP+ Switch\n  + **5500 HI (Comware 5) - Version: R5501P17**\n    * HP Network Products\n      - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n      - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n      - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n      - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n  + **5500 EI (Comware 5) - Version: R2221P19**\n    * HP Network Products\n      - JD373A HP 5500-24G DC EI Switch\n      - JD374A HP 5500-24G-SFP EI Switch\n      - JD375A HP 5500-48G EI Switch\n      - JD376A HP 5500-48G-PoE EI Switch\n      - JD377A HP 5500-24G EI Switch\n      - JD378A HP 5500-24G-PoE EI Switch\n      - JD379A HP 5500-24G-SFP DC EI Switch\n      - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n      - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n      - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n  + **4800G (Comware 5) - Version: R2221P19**\n    * HP Network Products\n      - JD007A HP 4800-24G Switch\n      - JD008A HP 4800-24G-PoE Switch\n      - JD009A HP 4800-24G-SFP Switch\n      - JD010A HP 4800-48G Switch\n      - JD011A HP 4800-48G-PoE Switch\n  + **5500SI (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JD369A HP 5500-24G SI Switch\n      - JD370A HP 5500-48G SI Switch\n      - JD371A HP 5500-24G-PoE SI Switch\n      - JD372A HP 5500-48G-PoE SI Switch\n      - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n      - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n  + **4500G (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JF428A HP 4510-48G Switch\n      - JF847A HP 4510-24G Switch\n  + **5120 EI (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JE066A HP 5120-24G EI Switch\n      - JE067A HP 5120-48G EI Switch\n      - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n      - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n      - JE070A HP 5120-24G-PoE EI 2-slot Switch\n      - JE071A HP 5120-48G-PoE EI 2-slot Switch\n      - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n      - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n  + **4210G (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JF844A HP 4210-24G Switch\n      - JF845A HP 4210-48G Switch\n      - JF846A HP 4210-24G-PoE Switch\n  + **5120 SI (Comware 5) - Version: R1516**\n    * HP Network Products\n      - JE072A HP 5120-48G SI Switch\n      - JE072B HPE 5120 48G SI Switch\n      - JE073A HP 5120-16G SI Switch\n      - JE073B HPE 5120 16G SI Switch\n      - JE074A HP 5120-24G SI Switch\n      - JE074B HPE 5120 24G SI Switch\n      - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n      - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n      - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n      - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n      - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n  + **3610 (Comware 5) - Version: R5319P14**\n    * HP Network Products\n      - JD335A HP 3610-48 Switch\n      - JD336A HP 3610-24-4G-SFP Switch\n      - JD337A HP 3610-24-2G-2G-SFP Switch\n      - JD338A HP 3610-24-SFP Switch\n  + **3600V2 (Comware 5) - Version: R2110P06**\n    * HP Network Products\n      - JG299A HP 3600-24 v2 EI Switch\n      - JG299B HP 3600-24 v2 EI Switch\n      - JG300A HP 3600-48 v2 EI Switch\n      - JG300B HP 3600-48 v2 EI Switch\n      - JG301A HP 3600-24-PoE+ v2 EI Switch\n      - JG301B HP 3600-24-PoE+ v2 EI Switch\n      - JG301C HP 3600-24-PoE+ v2 EI Switch\n      - JG302A HP 3600-48-PoE+ v2 EI Switch\n      - JG302B HP 3600-48-PoE+ v2 EI Switch\n      - JG302C HP 3600-48-PoE+ v2 EI Switch\n      - JG303A HP 3600-24-SFP v2 EI Switch\n      - JG303B HP 3600-24-SFP v2 EI Switch\n      - JG304A HP 3600-24 v2 SI Switch\n      - JG304B HP 3600-24 v2 SI Switch\n      - JG305A HP 3600-48 v2 SI Switch\n      - JG305B HP 3600-48 v2 SI Switch\n      - JG306A HP 3600-24-PoE+ v2 SI Switch\n      - JG306B HP 3600-24-PoE+ v2 SI Switch\n      - JG306C HP 3600-24-PoE+ v2 SI Switch\n      - JG307A HP 3600-48-PoE+ v2 SI Switch\n      - JG307B HP 3600-48-PoE+ v2 SI Switch\n      - JG307C HP 3600-48-PoE+ v2 SI Switch\n  + **3100V2-48 (Comware 5) - Version: R2110P06**\n    * HP Network Products\n      - JG315A HP 3100-48 v2 Switch\n      - JG315B HP 3100-48 v2 Switch\n  + **HP870 (Comware 5) - Version: R2607P46**\n    * HP Network Products\n      - JG723A HP 870 Unified Wired-WLAN Appliance\n      - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP850 (Comware 5) - Version: R2607P46**\n    * HP Network Products\n      - JG722A HP 850 Unified Wired-WLAN Appliance\n      - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP830 (Comware 5) - Version: R3507P46**\n    * HP Network Products\n      - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n      - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n      - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n      - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n  + **HP6000 (Comware 5) - Version: R2507P46**\n    * HP Network Products\n      - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n      - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n  + **WX5004-EI (Comware 5) - Version: R2507P46**\n    * HP Network Products\n      - JD447B HP WX5002 Access Controller\n      - JD448A HP WX5004 Access Controller\n      - JD448B HP WX5004 Access Controller\n      - JD469A HP WX5004 Access Controller\n  + **SecBlade FW (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JC635A HP 12500 VPN Firewall Module\n      - JD245A HP 9500 VPN Firewall Module\n      - JD249A HP 10500/7500 Advanced VPN Firewall Module\n      - JD250A HP 6600 Firewall Processing Router Module\n      - JD251A HP 8800 Firewall Processing Module\n      - JD255A HP 5820 VPN Firewall Module\n  + **F1000-E (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JD272A HP F1000-E VPN Firewall Appliance\n  + **F1000-A-EI (Comware 5) - Version: R3734P08**\n    * HP Network Products\n      - JG214A HP F1000-A-EI VPN Firewall Appliance\n  + **F1000-S-EI (Comware 5) - Version: R3734P08**\n    * HP Network Products\n      - JG213A HP F1000-S-EI VPN Firewall Appliance\n  + **F5000-A (Comware 5) - Version: F3210P26**\n    * HP Network Products\n      - JD259A HP A5000-A5 VPN Firewall Chassis\n      - JG215A HP F5000 Firewall Main Processing Unit\n      - JG216A HP F5000 Firewall Standalone Chassis\n  + **U200S and CS (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD273A HP U200-S UTM Appliance\n  + **U200A and M (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD275A HP U200-A UTM Appliance\n  + **F5000-C/S (Comware 5) - Version: R3811P05**\n    * HP Network Products\n      - JG650A HP F5000-C VPN Firewall Appliance\n      - JG370A HP F5000-S VPN Firewall Appliance\n  + **SecBlade III (Comware 5) - Version: R3820P06**\n    * HP Network Products\n      - JG371A HP 12500 20Gbps VPN Firewall Module\n      - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n  + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n  + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC165A) HP 6600 RPE-X1 Router Module\n      - JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC176A) HP 6602 Router Chassis\n  + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **SMB1910 (Comware 5) - Version: R1111**\n    * HP Network Products\n      - JG540A HP 1910-48 Switch\n      - JG539A HP 1910-24-PoE+ Switch\n      - JG538A HP 1910-24 Switch\n      - JG537A HP 1910-8 -PoE+ Switch\n      - JG536A HP 1910-8 Switch\n  + **SMB1920 (Comware 5) - Version: R1109**\n    * HP Network Products\n      - JG928A HP 1920-48G-PoE+ (370W) Switch\n      - JG927A HP 1920-48G Switch\n      - JG926A HP 1920-24G-PoE+ (370W) Switch\n      - JG925A HP 1920-24G-PoE+ (180W) Switch\n      - JG924A HP 1920-24G Switch\n      - JG923A HP 1920-16G Switch\n      - JG922A HP 1920-8G-PoE+ (180W) Switch\n      - JG921A HP 1920-8G-PoE+ (65W) Switch\n      - JG920A HP 1920-8G Switch\n  + **V1910 (Comware 5) - Version: R1516**\n    * HP Network Products\n      - JE005A HP 1910-16G Switch\n      - JE006A HP 1910-24G Switch\n      - JE007A HP 1910-24G-PoE (365W) Switch\n      - JE008A HP 1910-24G-PoE(170W) Switch\n      - JE009A HP 1910-48G Switch\n      - JG348A HP 1910-8G Switch\n      - JG349A HP 1910-8G-PoE+ (65W) Switch\n      - JG350A HP 1910-8G-PoE+ (180W) Switch\n  + **SMB 1620 (Comware 5) - Version: R1108**\n    * HP Network Products\n      - JG914A HP 1620-48G Switch\n      - JG913A HP 1620-24G Switch\n      - JG912A HP 1620-8G Switch\n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7376**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7170**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1138P01**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0321P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2138P01**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3109P16**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **5700 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P05**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P05**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3109P16**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7170**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n\n**iMC Products**\n\n  + **iMC Plat - Version: iMC Plat 7.1 E0303P16**\n    * HP Network Products\n      - JD125A  HP IMC Std S/W Platform w/100-node\n      - JD126A  HP IMC Ent S/W Platform w/100-node\n      - JD808A  HP IMC Ent Platform w/100-node License\n      - JD814A   HP A-IMC Enterprise Edition Software DVD Media\n      - JD815A  HP IMC Std Platform w/100-node License\n      - JD816A  HP A-IMC Standard Edition Software DVD Media\n      - JF288AAE  HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n      - JF289AAE  HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n      - JF377A  HP IMC Std S/W Platform w/100-node Lic\n      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU\n      - JF378A  HP IMC Ent S/W Platform w/200-node Lic\n      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU\n      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU\n      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU\n      - JG550AAE  HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\n      - JG590AAE  HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\n      - JG659AAE  HP IMC Smart Connect VAE E-LTU\n      - JG660AAE  HP IMC Smart Connect w/WLM VAE E-LTU\n      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU\n      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n      - JG766AAE  HP IMC SmCnct Vrtl Applnc SW E-LTU\n      - JG767AAE  HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\n      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n  + **iMC iNode - Version: iNode PC 7.1 E0313, or, iNode PC 7.2 (E0401)**\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n  + **iMC TAM_UAM - Version: iMC UAM_TAM 7.1 (E0307)**\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n  + **iMC NSM - Version: iMC WSM 7.1 E0303P10**\n    * HP Network Products\n      - JD456A HP IMC WSM Software Module with 50-Access Point License\n      - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n      - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n      - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n      - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n      - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n  + **VCX - Version: 9.8.18**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n\nHISTORY\nVersion:1 (rev.1) - 5 July 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1p\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-1793\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1793\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201507-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. The vulnerability could be exploited to allow remote\nauthentication bypass. \n\nNote: HP C.A. contains a version of Node.js, that when used in FIPS mode is\naffected by Alternative Chains Certificate Forgery Vulnerability\n(CVE-2015-1793). The patch\nis available from HP Software Support Online portal (HP SSO). \n\nNote: This patch includes Node.js for FIPS mode that includes the newer\nversion of OpenSSL (1.0.2d) which addresses the vulnerability. The bulletin does not apply to any other 3rd party application\n(e.g. operating system, web server, or application server) that may be\nrequired to be installed by the customer according instructions in the\nproduct install guide. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:12.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          OpenSSL alternate chains certificate forgery vulnerability\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2015-07-09\nCredits:        Adam Langley/David Benjamin (Google/BoringSSL), OpenSSL\nAffects:        FreeBSD 10.1-STABLE after 2015-06-11 and prior to the\n                correction date. \nCorrected:      2015-07-09 17:17:22 UTC (stable/10, 10.2-PRERELEASE,\n                                         10.2-BETA1)\nCVE Name:       CVE-2015-1793\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. \n\nAn error in the implementation of this logic could erroneously mark\ncertificate as trusted when they should not. \n\nIII. \n\nIV.  Workaround\n\nNo workaround is available. \n\nNOTE WELL: This issue does not affect earlier FreeBSD releases, including the\nsupported 8.4, 9.3 and 10.1-RELEASE because the alternative certificate chain\nfeature was not introduced in these releases.  Only 10.1-STABLE after\n2015-06-11 and prior to the correction date is affected. \n\nV.   Solution\n\nUpgrade your vulnerable system to the latest supported FreeBSD stable/10\nbranch dated after the correction date. \n\nRecompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/10/                                                        r285330\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n\nThis issue will impact any application that verifies certificates including\nSSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication. \n\nOpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d\nOpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p\n\nThis issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David\nBenjamin (Google/BoringSSL). The fix was developed by the BoringSSL project. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150709.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1793"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003487"
      },
      {
        "db": "BID",
        "id": "75652"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79754"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81961"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1793"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132642"
      },
      {
        "db": "PACKETSTORM",
        "id": "133793"
      },
      {
        "db": "PACKETSTORM",
        "id": "132646"
      },
      {
        "db": "PACKETSTORM",
        "id": "132625"
      }
    ],
    "trust": 2.7
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-79754",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-81961",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38640",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79754"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81961"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1793"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1793",
        "trust": 3.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10694",
        "trust": 1.5
      },
      {
        "db": "BID",
        "id": "75652",
        "trust": 1.5
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.3
      },
      {
        "db": "EXPLOIT-DB",
        "id": "38640",
        "trust": 1.2
      },
      {
        "db": "SECTRACK",
        "id": "1032817",
        "trust": 1.2
      },
      {
        "db": "MCAFEE",
        "id": "SB10125",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU99160787",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003487",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-298",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "132625",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "133793",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "132642",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "132646",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "132843",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134250",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132634",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-79754",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032864",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033341",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032777",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032727",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032871",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032475",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032783",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032653",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032702",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033222",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032865",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033065",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033208",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033019",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033991",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032759",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1040630",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032910",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033067",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032637",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033064",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032654",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032656",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1034087",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032932",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033385",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032652",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032688",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032699",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032649",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032960",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032647",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032474",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033210",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032778",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033416",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033891",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032884",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032651",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033760",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033433",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032476",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032784",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1036218",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032856",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033430",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1034884",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032655",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032650",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032648",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033513",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1033209",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1032645",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1034728",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132413",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132649",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132586",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132164",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132610",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "135506",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136247",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137744",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132439",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132652",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139002",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "135510",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132465",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133338",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132468",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134232",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134902",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136975",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134755",
        "trust": 0.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10681",
        "trust": 0.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10727",
        "trust": 0.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-428",
        "trust": 0.1
      },
      {
        "db": "BID",
        "id": "74733",
        "trust": 0.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10122",
        "trust": 0.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/05/20/8",
        "trust": 0.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-81961",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1793",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132973",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137772",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79754"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81961"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1793"
      },
      {
        "db": "BID",
        "id": "75652"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003487"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132642"
      },
      {
        "db": "PACKETSTORM",
        "id": "133793"
      },
      {
        "db": "PACKETSTORM",
        "id": "132646"
      },
      {
        "db": "PACKETSTORM",
        "id": "132625"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-298"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1793"
      }
    ]
  },
  "id": "VAR-201507-0348",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79754"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81961"
      }
    ],
    "trust": 0.74851742
  },
  "last_update_date": "2024-07-23T19:37:42.535000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20150710-openssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150710-openssl"
      },
      {
        "title": "Fix alternate chains certificate forgery issue",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8"
      },
      {
        "title": "Add test for CVE-2015-1793",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/f404943bcab4898d18f3ac1b36479d1d7bbbb9e6"
      },
      {
        "title": "HPSBUX03388",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2"
      },
      {
        "title": "HPSBGN03424",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=144370846326989\u0026w=2"
      },
      {
        "title": "HPSBHF03613",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351"
      },
      {
        "title": "HPSBMU03546",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "title": "NV15-010",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-010.html"
      },
      {
        "title": "OpenSSL Security Advisory [9 Jul 2015]",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150709.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "April 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
      },
      {
        "title": "October 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "http://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "JSA10694",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "title": "cisco-sa-20150710-openssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/113/1130/1130208_cisco-sa-20150710-openssl-j.html"
      },
      {
        "title": "openssl-1.0.2d",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56655"
      },
      {
        "title": "openssl-1.0.1p",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56654"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/07/06/hpe_rushes_out_patch_for_more_than_a_year_of_openssl_vulns/"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-564",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-564"
      },
      {
        "title": "Red Hat: CVE-2015-1793",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1793"
      },
      {
        "title": "Symantec Security Advisories: SA101 : OpenSSL Security Advisory 09-July-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=bb24cf23a4d911e95562099e0e8d0f2d"
      },
      {
        "title": "Tenable Security Advisories: [R5] OpenSSL \u002720150709\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-08"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-4000 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-1788 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1793"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003487"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-298"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-254",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-310",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79754"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81961"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003487"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1793"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://openssl.org/news/secadv_20150709.txt"
      },
      {
        "trust": 1.6,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 1.5,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150710-openssl"
      },
      {
        "trust": 1.5,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.4,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/75652"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.3,
        "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
      },
      {
        "trust": 1.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.3,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "trust": 1.3,
        "url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
      },
      {
        "trust": 1.3,
        "url": "https://www.exploit-db.com/exploits/38640/"
      },
      {
        "trust": 1.3,
        "url": "https://security.gentoo.org/glsa/201507-15"
      },
      {
        "trust": 1.3,
        "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
      },
      {
        "trust": 1.2,
        "url": "http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
      },
      {
        "trust": 1.2,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.2,
        "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm"
      },
      {
        "trust": 1.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04822825"
      },
      {
        "trust": 1.2,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351"
      },
      {
        "trust": 1.2,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-july/161747.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-july/161782.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15:12.openssl.asc"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1032817"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144370846326989\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10125"
      },
      {
        "trust": 1.1,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.561427"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1793"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99160787/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1793"
      },
      {
        "trust": 0.8,
        "url": "https://cryptanalysis.eu/blog/2015/07/09/bypassing-certificate-checks-in-openssl-1-0-2c-cve-2015-1793/"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1793"
      },
      {
        "trust": 0.4,
        "url": "https://www.openssl.org/news/secadv_20150709.txt"
      },
      {
        "trust": 0.3,
        "url": "https://mta.openssl.org/pipermail/openssl-announce/2015-july/000037.html"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://support.asperasoft.com/entries/94843988-security-bulletin-openssl-,-tls-vulnerabilities-logjam-cve-2015-4000"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/13"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04822825"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "trust": 0.3,
        "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-454058.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964231"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21965399"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962398"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962929"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963448"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html#2015-1793"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966484"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965725"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965807"
      },
      {
        "trust": 0.2,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.2,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10694"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10125"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=144370846326989\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2015\u0026amp;m=slackware-security.561427"
      },
      {
        "trust": 0.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.securityfocus.com/bid/74733"
      },
      {
        "trust": 0.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04876402"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04949778"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10681"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10727"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht204941"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht204942"
      },
      {
        "trust": 0.1,
        "url": "http://support.citrix.com/article/ctx201114"
      },
      {
        "trust": 0.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"
      },
      {
        "trust": 0.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"
      },
      {
        "trust": 0.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"
      },
      {
        "trust": 0.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"
      },
      {
        "trust": 0.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"
      },
      {
        "trust": 0.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"
      },
      {
        "trust": 0.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"
      },
      {
        "trust": 0.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"
      },
      {
        "trust": 0.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"
      },
      {
        "trust": 0.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"
      },
      {
        "trust": 0.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"
      },
      {
        "trust": 0.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"
      },
      {
        "trust": 0.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"
      },
      {
        "trust": 0.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"
      },
      {
        "trust": 0.1,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"
      },
      {
        "trust": 0.1,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"
      },
      {
        "trust": 0.1,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
      },
      {
        "trust": 0.1,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"
      },
      {
        "trust": 0.1,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"
      },
      {
        "trust": 0.1,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"
      },
      {
        "trust": 0.1,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"
      },
      {
        "trust": 0.1,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"
      },
      {
        "trust": 0.1,
        "url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
      },
      {
        "trust": 0.1,
        "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/releasenotes/releasenotes.htm"
      },
      {
        "trust": 0.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa98"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"
      },
      {
        "trust": 0.1,
        "url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.19.1_release_notes"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04770140"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04772190"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773119"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773241"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04832246"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04918839"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04923929"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04926789"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04740527"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04953655"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128722"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05193083"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10122"
      },
      {
        "trust": 0.1,
        "url": "https://openssl.org/news/secadv/20150611.txt"
      },
      {
        "trust": 0.1,
        "url": "https://puppet.com/security/cve/cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "https://security.netapp.com/advisory/ntap-20150619-0001/"
      },
      {
        "trust": 0.1,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 0.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03831en_us"
      },
      {
        "trust": 0.1,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"
      },
      {
        "trust": 0.1,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098403"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "trust": 0.1,
        "url": "https://www.suse.com/security/cve/cve-2015-4000.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/2015/dsa-3287"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/2015/dsa-3300"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/2015/dsa-3316"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/2015/dsa-3324"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/2015/dsa-3339"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/2016/dsa-3688"
      },
      {
        "trust": 0.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/159351.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/159314.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160117.html"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/glsa/201506-02"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/glsa/201512-10"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/glsa/201603-11"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/glsa/201701-46"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143557934009303\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143628304012255\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143558092609708\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143655800220052\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=144060576831314\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=144069189622016\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=144050121701297\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=144060606031437\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=144102017024820\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=144061542602287\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=145409266329539\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=144043644216842\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143506486712441\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=144104533800819\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143637549705650\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=144493176821532\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04718196"
      },
      {
        "trust": 0.1,
        "url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/"
      },
      {
        "trust": 0.1,
        "url": "https://weakdh.org/"
      },
      {
        "trust": 0.1,
        "url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
      },
      {
        "trust": 0.1,
        "url": "http://openwall.com/lists/oss-security/2015/05/20/8"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1072.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1185.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1197.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1228.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1229.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1230.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1241.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1242.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1243.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1485.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1486.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1488.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1526.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1544.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1604.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1624.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032474"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032475"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032476"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032637"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032645"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032647"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032648"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032649"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032650"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032651"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032652"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032653"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032654"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032655"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032656"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032688"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032699"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032702"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032727"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032759"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032777"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032778"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032783"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032784"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032856"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032864"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032865"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032871"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032884"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032910"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032932"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1032960"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033019"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033064"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033065"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033067"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033208"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033209"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033210"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033222"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033341"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033385"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033416"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033430"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033433"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033513"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033760"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033891"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1033991"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1034087"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1034728"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1034884"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1036218"
      },
      {
        "trust": 0.1,
        "url": "http://www.securitytracker.com/id/1040630"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2656-1"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2656-2"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2673-1"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2696-1"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2706-1"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/254.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/modules/auxiliary/server/openssl_altchainsforgery_mitm_proxy"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=44733"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?doci"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1793"
      },
      {
        "trust": 0.1,
        "url": "https://software"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20150709.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-15:12.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1793\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79754"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81961"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1793"
      },
      {
        "db": "BID",
        "id": "75652"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003487"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132642"
      },
      {
        "db": "PACKETSTORM",
        "id": "133793"
      },
      {
        "db": "PACKETSTORM",
        "id": "132646"
      },
      {
        "db": "PACKETSTORM",
        "id": "132625"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-298"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1793"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-79754"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81961"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1793"
      },
      {
        "db": "BID",
        "id": "75652"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003487"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132642"
      },
      {
        "db": "PACKETSTORM",
        "id": "133793"
      },
      {
        "db": "PACKETSTORM",
        "id": "132646"
      },
      {
        "db": "PACKETSTORM",
        "id": "132625"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-298"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1793"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79754"
      },
      {
        "date": "2015-05-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81961"
      },
      {
        "date": "2015-07-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1793"
      },
      {
        "date": "2015-07-09T00:00:00",
        "db": "BID",
        "id": "75652"
      },
      {
        "date": "2015-07-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003487"
      },
      {
        "date": "2015-08-06T10:10:00",
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "date": "2016-07-05T18:18:00",
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "date": "2015-07-10T15:43:49",
        "db": "PACKETSTORM",
        "id": "132642"
      },
      {
        "date": "2015-10-01T15:52:56",
        "db": "PACKETSTORM",
        "id": "133793"
      },
      {
        "date": "2015-07-10T15:53:18",
        "db": "PACKETSTORM",
        "id": "132646"
      },
      {
        "date": "2015-07-09T23:03:33",
        "db": "PACKETSTORM",
        "id": "132625"
      },
      {
        "date": "2015-07-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-298"
      },
      {
        "date": "2015-07-09T19:17:00.093000",
        "db": "NVD",
        "id": "CVE-2015-1793"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-11-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79754"
      },
      {
        "date": "2023-02-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81961"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1793"
      },
      {
        "date": "2016-10-26T05:10:00",
        "db": "BID",
        "id": "75652"
      },
      {
        "date": "2016-11-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003487"
      },
      {
        "date": "2015-07-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-298"
      },
      {
        "date": "2023-11-07T02:24:55.670000",
        "db": "NVD",
        "id": "CVE-2015-1793"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "133793"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-298"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Vulnerabilities in certificate chain validation failure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003487"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "75652"
      }
    ],
    "trust": 0.3
  }
}

var-202004-2205
Vulnerability from variot

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f). OpenSSL for, NULL Pointer reference vulnerability (CWE-476) exists. OpenSSL Project Than, OpenSSL Security Advisory [21 April 2020] Has been published. Severity - high (Severity: HIGH)SSL_check_chain Segmentation violation in function - CVE-2020-1967TLS 1.3 of signature_algorithms_cert When processing extensions NULL Because pointer reference occurs, communication after handshake SSL_check_chain() The server or client application may crash when the function is executed.Denial of service by receiving a specially crafted message by a remote third party (DoS) You may be attacked. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A remote attacker could exploit this vulnerability to crash the server or client application. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202004-10

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: April 23, 2020 Bugs: #702176, #717442 ID: 202004-10

Synopsis

Multiple vulnerabilities were found in OpenSSL, the worst of which could allow remote attackers to cause a Denial of Service condition.

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as well as a general purpose cryptography library.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.1.1g >= 1.1.1g

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could perform a malicious crafted TLS 1.3 handshake against an application using OpenSSL, possibly resulting in a Denial of Service condition.

In addition, it's feasible that an attacker might attack DH512.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1g"

References

[ 1 ] CVE-2019-1551 https://nvd.nist.gov/vuln/detail/CVE-2019-1551 [ 2 ] CVE-2020-1967 https://nvd.nist.gov/vuln/detail/CVE-2020-1967

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202004-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

.

The oldstable distribution (stretch) is not affected.

For the stable distribution (buster), this problem has been fixed in version 1.1.1d-0+deb10u3.

For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6e+koACgkQEMKTtsN8 TjZYpA//YvGfr9NTErugtCJQ7KwRJGrXeKsYehR/EJXj1wR77f6k4HRc5J9AiLbV HaS+EKOPWS+buQ6MTS4hslwxhNzAlnharrzhSh2RrUZTfYB66+GhiPiilf09iXsG 2xTTqQW2stoOhzo8Qw6cN3SL7avw61moJwcIlFYxZ4wMuAZbLVSUw2Dlnk0LN3UP 4LD5k5sEYzlt57rygNJsFkquwpr5eth3FvCm5WYGorvcEJzhgdTgnerpSD1DYd84 eZczcYXCnnjXKeeJT3TPIgDiNt3eSP5ixQni1+lpR3bGfZHmlr7MwhhttQMvL+o7 lFP+M19/osxkYs9jt69naDxQIo0tHomrVCtBhTPdC6EIUPGMv4sIjLSIcJKWMhfC tax66NcCWrgRn62v60IgY26nWg52ZLezcOZyqUrMfeEzzCT3lQ5vXd7/+23YU689 PKTpXw4eyOEg3wp7kjyS9Xd2xGjwzGzq5jjK4cVwTPCZMhnlQTef7WLoWLwSqHIi pUTDnZZsBZJJ5l8Xp5j2tAwFhUseih1zd0Iz32Jog2YdUFZ4gd280/whDs8Iu9SR ZeD0mpKw0vsBvG6/yDypbOmRCvrhjSgtixx5Z/yiswSP0WGZg2Y+GAl9LVByBY7K JzfXM799tz16MrKVinXPsIAfZTrr6nbrxYuyDwQ4X7iFdJZ6T3g= =RykD -----END PGP SIGNATURE----- . It was found using the new static analysis pass being implemented in GCC, -fanalyzer. Additional analysis was performed by Matt Caswell and Benjamin Kaduk. Extended support is available for premium support customers: https://www.openssl.org/support/contracts.html

This issue did not affect OpenSSL 1.1.0 however these versions are out of support and no longer receiving updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20200421.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-2205",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "active iq unified manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "9.5"
      },
      {
        "model": "log correlation engine",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "6.0.9"
      },
      {
        "model": "enterpriseone",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "jdedwards",
        "version": "9.2.5.0"
      },
      {
        "model": "e-series performance analyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "steelstore cloud integrated storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.59"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "mysql connectors",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.20"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "model": "fabric operating system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "freebsd",
        "version": "12.1"
      },
      {
        "model": "mysql",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.30"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.57"
      },
      {
        "model": "mysql",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.20"
      },
      {
        "model": "snapcenter",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "mysql workbench",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.21"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1f"
      },
      {
        "model": "enterprise manager for storage management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.4.0.0"
      },
      {
        "model": "active iq unified manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "7.3"
      },
      {
        "model": "jd edwards world security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "a9.4"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "30"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.3"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.6.48"
      },
      {
        "model": "smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "31"
      },
      {
        "model": "enterprise manager for storage management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3.0.0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.0.12"
      },
      {
        "model": "oncommand insight",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.4.0"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.20"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.4.0.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1d"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.58"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.56"
      },
      {
        "model": "openssl",
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "\u65e5\u7acb\u30a2\u30c9\u30d0\u30f3\u30b9\u30c8\u30b5\u30fc\u30d0 ha8000 \u30b7\u30ea\u30fc\u30ba",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003713"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1967"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.1.1f",
                "versionStartIncluding": "1.1.1d",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.7.30",
                "versionStartIncluding": "5.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.20",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.48",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.0.12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.20",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.21",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:12.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionStartIncluding": "7.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "versionStartIncluding": "9.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:jdedwards:enterpriseone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.5.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.9",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1967"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Imre Rad",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1790"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-1967",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-173071",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-1967",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2020-1967",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-1967",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-1790",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-173071",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-1967",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-173071"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1967"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003713"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1790"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1967"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f). OpenSSL for, NULL Pointer reference vulnerability (CWE-476) exists. OpenSSL Project Than, OpenSSL Security Advisory [21 April 2020] Has been published. Severity - high (Severity: HIGH)SSL_check_chain Segmentation violation in function - CVE-2020-1967TLS 1.3 of signature_algorithms_cert When processing extensions NULL Because pointer reference occurs, communication after handshake SSL_check_chain() The server or client application may crash when the function is executed.Denial of service by receiving a specially crafted message by a remote third party (DoS) You may be attacked. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A remote attacker could exploit this vulnerability to crash the server or client application. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202004-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: April 23, 2020\n     Bugs: #702176, #717442\n       ID: 202004-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in OpenSSL, the worst of which\ncould allow remote attackers to cause a Denial of Service condition. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as\nwell as a general purpose cryptography library. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.1.1g                  \u003e= 1.1.1g\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could perform a malicious crafted TLS 1.3 handshake\nagainst an application using OpenSSL, possibly resulting in a Denial of\nService condition. \n\nIn addition, it\u0027s feasible that an attacker might attack DH512. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.1.1g\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-1551\n      https://nvd.nist.gov/vuln/detail/CVE-2019-1551\n[ 2 ] CVE-2020-1967\n      https://nvd.nist.gov/vuln/detail/CVE-2020-1967\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202004-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. \n\nThe oldstable distribution (stretch) is not affected. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.1.1d-0+deb10u3. \n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6e+koACgkQEMKTtsN8\nTjZYpA//YvGfr9NTErugtCJQ7KwRJGrXeKsYehR/EJXj1wR77f6k4HRc5J9AiLbV\nHaS+EKOPWS+buQ6MTS4hslwxhNzAlnharrzhSh2RrUZTfYB66+GhiPiilf09iXsG\n2xTTqQW2stoOhzo8Qw6cN3SL7avw61moJwcIlFYxZ4wMuAZbLVSUw2Dlnk0LN3UP\n4LD5k5sEYzlt57rygNJsFkquwpr5eth3FvCm5WYGorvcEJzhgdTgnerpSD1DYd84\neZczcYXCnnjXKeeJT3TPIgDiNt3eSP5ixQni1+lpR3bGfZHmlr7MwhhttQMvL+o7\nlFP+M19/osxkYs9jt69naDxQIo0tHomrVCtBhTPdC6EIUPGMv4sIjLSIcJKWMhfC\ntax66NcCWrgRn62v60IgY26nWg52ZLezcOZyqUrMfeEzzCT3lQ5vXd7/+23YU689\nPKTpXw4eyOEg3wp7kjyS9Xd2xGjwzGzq5jjK4cVwTPCZMhnlQTef7WLoWLwSqHIi\npUTDnZZsBZJJ5l8Xp5j2tAwFhUseih1zd0Iz32Jog2YdUFZ4gd280/whDs8Iu9SR\nZeD0mpKw0vsBvG6/yDypbOmRCvrhjSgtixx5Z/yiswSP0WGZg2Y+GAl9LVByBY7K\nJzfXM799tz16MrKVinXPsIAfZTrr6nbrxYuyDwQ4X7iFdJZ6T3g=\n=RykD\n-----END PGP SIGNATURE-----\n. It was found using the new static analysis pass being implemented in GCC,\n-fanalyzer. Additional analysis was performed by Matt Caswell and Benjamin\nKaduk. Extended support is available\nfor premium support customers: https://www.openssl.org/support/contracts.html\n\nThis issue did not affect OpenSSL 1.1.0 however these versions are out of\nsupport and no longer receiving updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20200421.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1967"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003713"
      },
      {
        "db": "VULHUB",
        "id": "VHN-173071"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1967"
      },
      {
        "db": "PACKETSTORM",
        "id": "157365"
      },
      {
        "db": "PACKETSTORM",
        "id": "168793"
      },
      {
        "db": "PACKETSTORM",
        "id": "169658"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-1967",
        "trust": 3.7
      },
      {
        "db": "PULSESECURE",
        "id": "SA44440",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "157527",
        "trust": 1.8
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2020/04/22/2",
        "trust": 1.8
      },
      {
        "db": "TENABLE",
        "id": "TNS-2020-04",
        "trust": 1.8
      },
      {
        "db": "TENABLE",
        "id": "TNS-2020-11",
        "trust": 1.8
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-10",
        "trust": 1.8
      },
      {
        "db": "TENABLE",
        "id": "TNS-2020-03",
        "trust": 1.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-046-02",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91198149",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97087254",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003713",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1790",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "157365",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "157324",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0319",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1392",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2551",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1381",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1564",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1916",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3729",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "47020",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-173071",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1967",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168793",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169658",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-173071"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1967"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003713"
      },
      {
        "db": "PACKETSTORM",
        "id": "157365"
      },
      {
        "db": "PACKETSTORM",
        "id": "168793"
      },
      {
        "db": "PACKETSTORM",
        "id": "169658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1790"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1967"
      }
    ]
  },
  "id": "VAR-202004-2205",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-173071"
      }
    ],
    "trust": 0.725
  },
  "last_update_date": "2024-02-20T20:51:42.423000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "NV22-002 Hitachi Server / Client Product Security Information",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/eb563247aef3e83dda7679c43f9649270462e5b1"
      },
      {
        "title": "OpenSSL Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=116271"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2020/04/23/gcc_openssl_vulnerability/"
      },
      {
        "title": "Debian Security Advisories: DSA-4661-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=4173cc0125cd07aebab9bc8365a85a63"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202004-18] openssl: denial of service",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202004-18"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2020-1967 log"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus Network Monitor 5.11.1 Fixes One Third-party Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2020-04"
      },
      {
        "title": "Tenable Security Advisories: [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2020-11"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus Agent 7.6.3 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2020-03"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus Agent 8.2.2 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2020-13"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus 8.13.1 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2020-12"
      },
      {
        "title": "Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-10"
      },
      {
        "title": "CVE-2020-1967",
        "trust": 0.1,
        "url": "https://github.com/irsl/cve-2020-1967 "
      },
      {
        "title": "sheldon-cross",
        "trust": 0.1,
        "url": "https://github.com/rossmacarthur/sheldon-cross "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/snigdhasambitak/cks "
      },
      {
        "title": "misc",
        "trust": 0.1,
        "url": "https://github.com/dragon7-fc/misc "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/omnibor/bomsh "
      },
      {
        "title": "tekton-image-scan-trivy",
        "trust": 0.1,
        "url": "https://github.com/vinamra28/tekton-image-scan-trivy "
      },
      {
        "title": "TASSL-1.1.1k",
        "trust": 0.1,
        "url": "https://github.com/jntass/tassl-1.1.1k "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/scholarnishu/trivy-by-aquasecurity "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/fredrkl/trivy-demo "
      },
      {
        "title": "github_aquasecurity_trivy",
        "trust": 0.1,
        "url": "https://github.com/back8/github_aquasecurity_trivy "
      },
      {
        "title": "security",
        "trust": 0.1,
        "url": "https://github.com/umahari/security "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/mohzeela/external-secret "
      },
      {
        "title": "Vulnerability-Scanner-for-Containers",
        "trust": 0.1,
        "url": "https://github.com/t31m0/vulnerability-scanner-for-containers "
      },
      {
        "title": "trivy",
        "trust": 0.1,
        "url": "https://github.com/aquasecurity/trivy "
      },
      {
        "title": "trivy",
        "trust": 0.1,
        "url": "https://github.com/knqyf263/trivy "
      },
      {
        "title": "trivy",
        "trust": 0.1,
        "url": "https://github.com/siddharthraopotukuchi/trivy "
      },
      {
        "title": "snykout",
        "trust": 0.1,
        "url": "https://github.com/garethr/snykout "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/aravindb26/new.txt "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/soosmile/poc "
      },
      {
        "title": "PoC",
        "trust": 0.1,
        "url": "https://github.com/jonathan-elias/poc "
      },
      {
        "title": "PoC-in-GitHub",
        "trust": 0.1,
        "url": "https://github.com/developer3000s/poc-in-github "
      },
      {
        "title": "CVE-POC",
        "trust": 0.1,
        "url": "https://github.com/0xt11/cve-poc "
      },
      {
        "title": "PoC-in-GitHub",
        "trust": 0.1,
        "url": "https://github.com/hectorgie/poc-in-github "
      },
      {
        "title": "PoC-in-GitHub",
        "trust": 0.1,
        "url": "https://github.com/nomi-sec/poc-in-github "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-1967"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003713"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1790"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.1
      },
      {
        "problemtype": "NULL Pointer dereference (CWE-476) [JPCERT/CC evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-173071"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003713"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1967"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://packetstormsecurity.com/files/157527/openssl-signature_algorithms_cert-denial-of-service.html"
      },
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
      },
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
      },
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
      },
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.9,
        "url": "https://www.openssl.org/news/secadv/20200421.txt"
      },
      {
        "trust": 1.9,
        "url": "https://www.debian.org/security/2020/dsa-4661"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/202004-10"
      },
      {
        "trust": 1.9,
        "url": "https://github.com/irsl/cve-2020-1967"
      },
      {
        "trust": 1.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44440"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20200424-0003/"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
      },
      {
        "trust": 1.8,
        "url": "https://www.synology.com/security/advisory/synology_sa_20_05"
      },
      {
        "trust": 1.8,
        "url": "https://www.synology.com/security/advisory/synology_sa_20_05_openssl"
      },
      {
        "trust": 1.8,
        "url": "https://www.tenable.com/security/tns-2020-03"
      },
      {
        "trust": 1.8,
        "url": "https://www.tenable.com/security/tns-2020-04"
      },
      {
        "trust": 1.8,
        "url": "https://www.tenable.com/security/tns-2020-11"
      },
      {
        "trust": 1.8,
        "url": "https://www.tenable.com/security/tns-2021-10"
      },
      {
        "trust": 1.8,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-20:11.openssl.asc"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2020/may/5"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1967"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xvep3lak4jsprxfo4qf4gg2ivxadv3so/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ddhoaatpwjcxrnfmj2sasdbbnu5rjony/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/exddaowsaiefqnbhwye6ppyfv4qxgmcd/"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=eb563247aef3e83dda7679c43f9649270462e5b1"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu97087254/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91198149/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2020/at200018.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-02"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/exddaowsaiefqnbhwye6ppyfv4qxgmcd/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ddhoaatpwjcxrnfmj2sasdbbnu5rjony/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xvep3lak4jsprxfo4qf4gg2ivxadv3so/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3729/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-1967"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-affect-ibm-spectrum-control-cve-2020-1967-cve-2019-1551/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0319/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157365/gentoo-linux-security-advisory-202004-10.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2020-1967/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-disclosed-vulnerability-affects-messagegatweay-cve-2020-1967/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/openssl-null-pointer-dereference-via-ssl-check-chain-32076"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1392/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1564/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1916"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200715-01-openssl-cn"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2551/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affects-watson-explorer-foundational-components-cve-2020-1967/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1381/"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/47020"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157324/openssl-toolkit-1.1.1g.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/476.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1551"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/openssl"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/support/contracts.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-173071"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1967"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003713"
      },
      {
        "db": "PACKETSTORM",
        "id": "157365"
      },
      {
        "db": "PACKETSTORM",
        "id": "168793"
      },
      {
        "db": "PACKETSTORM",
        "id": "169658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1790"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1967"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-173071"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1967"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003713"
      },
      {
        "db": "PACKETSTORM",
        "id": "157365"
      },
      {
        "db": "PACKETSTORM",
        "id": "168793"
      },
      {
        "db": "PACKETSTORM",
        "id": "169658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1790"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1967"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-173071"
      },
      {
        "date": "2020-04-21T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-1967"
      },
      {
        "date": "2020-04-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-003713"
      },
      {
        "date": "2020-04-23T19:28:42",
        "db": "PACKETSTORM",
        "id": "157365"
      },
      {
        "date": "2020-04-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "168793"
      },
      {
        "date": "2020-04-21T12:12:12",
        "db": "PACKETSTORM",
        "id": "169658"
      },
      {
        "date": "2020-04-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-1790"
      },
      {
        "date": "2020-04-21T14:15:11.287000",
        "db": "NVD",
        "id": "CVE-2020-1967"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-173071"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-1967"
      },
      {
        "date": "2024-02-19T05:59:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-003713"
      },
      {
        "date": "2021-10-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-1790"
      },
      {
        "date": "2023-11-07T03:19:39.090000",
        "db": "NVD",
        "id": "CVE-2020-1967"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "157365"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1790"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL\u00a0 In \u00a0NULL\u00a0 Pointer reference vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003713"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1790"
      }
    ],
    "trust": 0.6
  }
}

var-200311-0089
Vulnerability from variot

Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. Multiple vulnerabilities exist in different vendors' SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL Is X.509 With a certificate etc. ASN.1 Authentication information is exchanged using objects. OpenSSL 0.9.6j/0.9.7b Before ASN.1 An integer overflow vulnerability exists due to insufficient bounds checking on the value of the object's tag field. In addition, SSL/TLS Implement the protocol OpenSSL Many other products also contain this vulnerability ASN.1 The existence of vulnerabilities related to processing has been confirmed.Third party crafted ASN.1 The client certificate containing the object SSL/TSL Etc. OpenSSL By passing it through an application implemented using OpenSSL Service disruption (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----

OpenSSL Security Advisory [30 September 2003]

Vulnerabilities in ASN.1 parsing

NISCC (www.niscc.gov.uk) prepared a test suite to check the operation of SSL/TLS software when presented with a wide range of malformed client certificates.

Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code when running the test suite.

Vulnerabilities

  1. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6.

  3. Exploitation of an affected application would result in a denial of service vulnerability.

  4. This by itself is not strictly speaking a vulnerability but it does mean that all SSL/TLS servers that use OpenSSL can be attacked using vulnerabilities 1, 2 and 3 even if they don't enable client authentication.

Who is affected?

All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected.

Any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.

Recommendations

Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications statically linked to OpenSSL libraries.

References

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0545 for issue 1:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545

and CAN-2003-0543 and CAN-2003-0544 for issue 2:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544

URL for this Security Advisory: http://www.openssl.org/news/secadv_20030930.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q x4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS 3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un xjGKYbcITrM= =fFTe -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200311-0089",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 4.0,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "mandrakesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ios 12.1 e",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security ab",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "check point",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "conectiva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cray",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "guardian digital",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ingrian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "novell",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sgi",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "secure computing",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stunnel",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "tawie server linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "wirex",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.0.2.2s"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.3"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "1.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "cobalt qube3",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raq3",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raq4",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raq550",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raqxtr",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "java system application server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "7 platform edition update 2"
      },
      {
        "model": "java system application server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "7 standard edition update 2"
      },
      {
        "model": "java system directory server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "5.1"
      },
      {
        "model": "java system web server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "4.1 sp13"
      },
      {
        "model": "java system web server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "6.0 sp6"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "6.1"
      },
      {
        "model": "linux 5.0",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.3"
      },
      {
        "model": "turbolinux advanced server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.1"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.5"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.0"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.00"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.22"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "hp-ux apache-based web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "8.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "9"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "gsx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.15336"
      },
      {
        "model": "esx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.05257"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.5.2"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.30"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.200"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.11"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.10"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.01"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.0"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "one web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1x86"
      },
      {
        "model": "one directory server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1"
      },
      {
        "model": "one directory server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1"
      },
      {
        "model": "one directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1"
      },
      {
        "model": "one application server ur2 standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server ur2 platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server ur1 standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server ur1 platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "cluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.1"
      },
      {
        "model": "cluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.0"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.9"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.6"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.5"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.4"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.6.3"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.6.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.5.18"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.5.17"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat high availability",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.1"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat fullcluster for isa server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "stonebeat fullcluster for gauntlet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "ssleay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssleay",
        "version": "0.9.1"
      },
      {
        "model": "ssleay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssleay",
        "version": "0.9"
      },
      {
        "model": "ssleay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssleay",
        "version": "0.8.1"
      },
      {
        "model": "ssleay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssleay",
        "version": "0.6.6"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.5"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.4"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.3"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.2"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.1"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.8"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.7"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.6"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.5"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.4"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.3"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.2"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.1"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1"
      },
      {
        "model": "communications security ssh sentinel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.4"
      },
      {
        "model": "communications security ipsec express toolkit",
        "scope": null,
        "trust": 0.3,
        "vendor": "ssh",
        "version": null
      },
      {
        "model": "os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "snapgear",
        "version": "1.8.4"
      },
      {
        "model": "gpl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "smoothwall",
        "version": "1.0"
      },
      {
        "model": "express beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "smoothwall",
        "version": "2.0"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "2.3"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "2.2.1"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.22"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.7"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.6"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.5"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "9.0"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "oracle9i application server .1s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.4"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.3"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.2"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.1"
      },
      {
        "model": "nsure audit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.0.1"
      },
      {
        "model": "netware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "netware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.0"
      },
      {
        "model": "netware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "5.1"
      },
      {
        "model": "netmail e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.1"
      },
      {
        "model": "netmail b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.0.3"
      },
      {
        "model": "netmail a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.0.3"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.0.3"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.0.1"
      },
      {
        "model": "international cryptographic infostructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.6.1"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.0.2"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.0"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.5"
      },
      {
        "model": "ichain server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.2"
      },
      {
        "model": "ichain server fp1a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.2"
      },
      {
        "model": "ichain server fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.2"
      },
      {
        "model": "ichain server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.2"
      },
      {
        "model": "groupwise webaccess sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "groupwise webaccess sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "groupwise webaccess",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "groupwise webaccess sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.0"
      },
      {
        "model": "groupwise internet agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5.1"
      },
      {
        "model": "groupwise sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "groupwise sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.0"
      },
      {
        "model": "edirectory su1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.6.2"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.5.27"
      },
      {
        "model": "edirectory a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.5.12"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.5"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.0"
      },
      {
        "model": "bordermanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.8"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.2"
      },
      {
        "model": "linux mandrake ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "8.2"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.1"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.1"
      },
      {
        "model": "networks t-series router t640",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks t-series router t320",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1.1"
      },
      {
        "model": "networks sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1"
      },
      {
        "model": "networks m-series router m5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m40e",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m160",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "rational rose",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2000"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.47"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.42.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.42"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.28"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.26"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.19"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.12.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.12.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.12.2"
      },
      {
        "model": "hp-ux aaa server a.06.01.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.22"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.20"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "wbem services for hp-ux a.01.05.05",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "isman",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "firepass",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "ssh for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.3"
      },
      {
        "model": "ssh for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.2"
      },
      {
        "model": "ssh for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.1"
      },
      {
        "model": "ssh for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.2.3"
      },
      {
        "model": "ssh for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.2.0"
      },
      {
        "model": "ssh for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.1.0"
      },
      {
        "model": "ssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.1.0"
      },
      {
        "model": "ssh for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.0.1"
      },
      {
        "model": "open software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cray",
        "version": "3.4"
      },
      {
        "model": "associates etrust security command center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "threat response",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sn storage router sn5428-3.3.2-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-3.3.1-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-3.2.2-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-3.2.1-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-2.5.1-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-2-3.3.2-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-2-3.3.1-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure policy manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "520"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "515"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios 12.2sy",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sx",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "css11000 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css secure content accelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "css secure content accelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ciscoworks wireless lan solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1105"
      },
      {
        "model": "ciscoworks hosting solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1105"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "point software vpn-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software nokia voyager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software next generation fp3 hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp3 hf1",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp3",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "3.0"
      },
      {
        "model": "firewall server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "borderware",
        "version": "7.0"
      },
      {
        "model": "coat systems security gateway os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "3.0"
      },
      {
        "model": "coat systems security gateway os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "2.0"
      },
      {
        "model": "coat systems cacheos ca/sa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.1.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.40"
      },
      {
        "model": "solaris 8 x86",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 8 sparc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 7.0 x86",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one web server sp7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp14",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one directory server sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1"
      },
      {
        "model": "one application server ur2 upgrade standard",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server ur2 upgrade platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java system web server sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "cluster",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "2.2"
      },
      {
        "model": "cluster",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "2.1"
      },
      {
        "model": "communications security ssh2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.9"
      },
      {
        "model": "communications security ssh sentinel",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.4.1"
      },
      {
        "model": "os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "snapgear",
        "version": "1.8.5"
      },
      {
        "model": "project openssl c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "nsure audit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.0.3"
      },
      {
        "model": "nsure audit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.0.2"
      },
      {
        "model": "netmail f",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.1"
      },
      {
        "model": "imanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.5"
      },
      {
        "model": "edirectory su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "hp-ux aaa server a.06.01.02.04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "wbem services for hp-ux a.01.05.07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000286"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-070"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0543"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0543"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NISCC uniras@niscc.gov.uk",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-070"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2003-0543",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2003-0543",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.8,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2003-0543",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#104280",
            "trust": 0.8,
            "value": "11.81"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#732952",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#686224",
            "trust": 0.8,
            "value": "1.50"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#935264",
            "trust": 0.8,
            "value": "21.52"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#380864",
            "trust": 0.8,
            "value": "11.25"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#255484",
            "trust": 0.8,
            "value": "11.25"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200311-070",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000286"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-070"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0543"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. Multiple vulnerabilities exist in different vendors\u0027 SSL/TLS implementations.  The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages.  This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL Is X.509 With a certificate etc. ASN.1 Authentication information is exchanged using objects. OpenSSL 0.9.6j/0.9.7b Before ASN.1 An integer overflow vulnerability exists due to insufficient bounds checking on the value of the object\u0027s tag field. In addition, SSL/TLS Implement the protocol OpenSSL Many other products also contain this vulnerability ASN.1 The existence of vulnerabilities related to processing has been confirmed.Third party crafted ASN.1 The client certificate containing the object SSL/TSL Etc. OpenSSL By passing it through an application implemented using OpenSSL Service disruption (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----\n\nOpenSSL Security Advisory [30 September 2003]\n\nVulnerabilities in ASN.1 parsing\n================================\n\nNISCC (www.niscc.gov.uk) prepared a test suite to check the operation\nof SSL/TLS software when presented with a wide range of malformed client\ncertificates. \n\nDr Stephen Henson (steve@openssl.org) of the OpenSSL core team\nidentified and prepared fixes for a number of vulnerabilities in the\nOpenSSL ASN1 code when running the test suite. \n\nVulnerabilities\n- ---------------\n\n1. Certain ASN.1 encodings that are rejected as invalid by the parser\ncan trigger a bug in the deallocation of the corresponding data\nstructure, corrupting the stack. This can be used as a denial of service\nattack. It is currently unknown whether this can be exploited to run\nmalicious code. This issue does not affect OpenSSL 0.9.6. \n\n2. \n\n3. Exploitation of an affected\napplication would result in a denial of service vulnerability. \n\n4. This by\nitself is not strictly speaking a vulnerability but it does mean that\n*all* SSL/TLS servers that use OpenSSL can be attacked using\nvulnerabilities 1, 2 and 3 even if they don\u0027t enable client authentication. \n\nWho is affected?\n- ----------------\n\nAll versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all\nversions of SSLeay are affected. \n\nAny application that makes use of OpenSSL\u0027s ASN1 library to parse\nuntrusted data. This includes all SSL or TLS applications, those using\nS/MIME (PKCS#7) or certificate generation routines. \n\nRecommendations\n- ---------------\n\nUpgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications\nstatically linked to OpenSSL libraries. \n\nReferences\n- ----------\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0545 for issue 1:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545\n\nand CAN-2003-0543 and CAN-2003-0544 for issue 2:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20030930.txt\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q\nx4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS\n3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un\nxjGKYbcITrM=\n=fFTe\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0543"
      },
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000286"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "PACKETSTORM",
        "id": "31738"
      }
    ],
    "trust": 6.3
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#255484",
        "trust": 3.5
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0543",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "8732",
        "trust": 2.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952",
        "trust": 1.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224",
        "trust": 1.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#104280",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3900",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "22249",
        "trust": 1.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864",
        "trust": 1.1
      },
      {
        "db": "XF",
        "id": "13316",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000286",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "CA-2003-26",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2003:291",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2003:292",
        "trust": 0.6
      },
      {
        "db": "SUNALERT",
        "id": "201029",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:4254",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:5292",
        "trust": 0.6
      },
      {
        "db": "ENGARDE",
        "id": "ESA-20030930-027",
        "trust": 0.6
      },
      {
        "db": "DEBIAN",
        "id": "DSA-394",
        "trust": 0.6
      },
      {
        "db": "DEBIAN",
        "id": "DSA-393",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-070",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "31738",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000286"
      },
      {
        "db": "PACKETSTORM",
        "id": "31738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-070"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0543"
      }
    ]
  },
  "id": "VAR-200311-0089",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2022-05-29T19:17:04.347000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20030930-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
      },
      {
        "title": "HPSBUX00288",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00891831"
      },
      {
        "title": "HPSBUX00290",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00901847"
      },
      {
        "title": "HPSBUX0310-284",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0310-284"
      },
      {
        "title": "HPSBUX0310-290",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0310-290.html"
      },
      {
        "title": "HPSBUX0310-284",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0310-284.html"
      },
      {
        "title": "openssl",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/data/openssl.html"
      },
      {
        "title": "secadv_20030930",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20030930.txt"
      },
      {
        "title": "#62",
        "trust": 0.8,
        "url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
      },
      {
        "title": "RHSA-2003:292",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2003-292.html"
      },
      {
        "title": "RHSA-2003:291",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2003-291.html"
      },
      {
        "title": "RHSA-2003:293",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2003-293.html"
      },
      {
        "title": "57472",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57472-1"
      },
      {
        "title": "57100",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57100-1"
      },
      {
        "title": "57498",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57498-1"
      },
      {
        "title": "57599",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57599-1"
      },
      {
        "title": "57498",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57498-3"
      },
      {
        "title": "57472",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57472-3"
      },
      {
        "title": "57100",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57100-3"
      },
      {
        "title": "57599",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57599-3"
      },
      {
        "title": "TLSA-2003-55",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2003/tlsa-2003-55.txt"
      },
      {
        "title": "#62",
        "trust": 0.8,
        "url": "http://otn.oracle.co.jp/security/031210_62/top.html"
      },
      {
        "title": "cisco-sa-20030930-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20030930-ssl-j.shtml"
      },
      {
        "title": "RHSA-2003:292",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-292j.html"
      },
      {
        "title": "RHSA-2003:291",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-291j.html"
      },
      {
        "title": "RHSA-2003:293",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-293j.html"
      },
      {
        "title": "TLSA-2003-55",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-55j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000286"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0543"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 5.1,
        "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
      },
      {
        "trust": 4.8,
        "url": "http://www.ietf.org/rfc/rfc2246.txt"
      },
      {
        "trust": 4.0,
        "url": "http://wp.netscape.com/eng/ssl3/"
      },
      {
        "trust": 4.0,
        "url": "http://www.itu.int/itu-t/studygroups/com10/languages/"
      },
      {
        "trust": 3.9,
        "url": "http://www.openssl.org/news/secadv_20030930.txt"
      },
      {
        "trust": 3.2,
        "url": "http://www.ietf.org/html.charters/pkix-charter.html"
      },
      {
        "trust": 2.7,
        "url": "http://www.cert.org/advisories/ca-2003-26.html"
      },
      {
        "trust": 2.7,
        "url": "http://www.kb.cert.org/vuls/id/255484"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/8732"
      },
      {
        "trust": 1.9,
        "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
      },
      {
        "trust": 1.6,
        "url": "http://www.redhat.com/support/errata/rhsa-2003-291.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.redhat.com/support/errata/rhsa-2003-292.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2003/dsa-394"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2003/dsa-393"
      },
      {
        "trust": 1.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
      },
      {
        "trust": 1.6,
        "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/22249"
      },
      {
        "trust": 1.1,
        "url": "http://www.kb.cert.org/vuls/id/686224"
      },
      {
        "trust": 1.1,
        "url": "http://www.kb.cert.org/vuls/id/732952"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3900"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5292"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4254"
      },
      {
        "trust": 0.9,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10087450.htm"
      },
      {
        "trust": 0.8,
        "url": "http://www.uniras.gov.uk/vuls/2003/006489/tls.htm"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/pkcs/"
      },
      {
        "trust": 0.8,
        "url": "http://wp.netscape.com/eng/ssl3/draft302.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.ciac.org/ciac/bulletins/n-159.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://www.ciac.org/ciac/bulletins/o-065.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0543"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20031104-00753.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/advisories/default.aspx?id=br-20031104-00633.xml"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/13316"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnca-2003-26"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trca-2003-26"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0543"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20031104-00748.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20031104-00753.pdf?lang=en"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/104280"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/20031001_103420.html"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5292"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/3900"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:4254"
      },
      {
        "trust": 0.3,
        "url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-tech.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120400.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57599"
      },
      {
        "trust": 0.3,
        "url": "http://www.info.apple.com/usen/security/security_updates.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/swupdates/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967586.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968007.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/download/esx/esx2-openssh.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967420.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967421.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.borderware.com/products/firewall.php"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967425.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967411.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967408.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967399.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/download/gsx_security.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967175.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=mdksa-2003:098"
      },
      {
        "trust": 0.3,
        "url": "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/mss-oar-e01-2004.0422.1"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967210.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967209.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967208.htm"
      },
      {
        "trust": 0.3,
        "url": "http://cirt.dk/advisories/cirt-32-advisory.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.cirt.dk/advisories/cirt-31-advisory.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/document/art/3040.html"
      },
      {
        "trust": 0.3,
        "url": "http://metalink.oracle.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.smoothwall.org/home/news/item/20031001.01.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-331.php"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2003-293.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com/support/knowledge/advisory_openssl_asn_vulnerability.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/security-alerts/"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/document/art/3041.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ssh.com/company/newsroom/article/476/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ssh.com/company/newsroom/article/477/"
      },
      {
        "trust": 0.3,
        "url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57100"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57444"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57472"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57475"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57498"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/patches/linux/security.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.tarantella.com/security/bulletin-08.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097379.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.borderware.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/380864"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/935264"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/343055"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0545"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0545"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0543"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0544"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0544"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000286"
      },
      {
        "db": "PACKETSTORM",
        "id": "31738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-070"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0543"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000286"
      },
      {
        "db": "PACKETSTORM",
        "id": "31738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-070"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0543"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "BID",
        "id": "8732"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000286"
      },
      {
        "date": "2003-09-30T16:10:22",
        "db": "PACKETSTORM",
        "id": "31738"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200311-070"
      },
      {
        "date": "2003-11-17T05:00:00",
        "db": "NVD",
        "id": "CVE-2003-0543"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-08-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "date": "2016-07-06T14:32:00",
        "db": "BID",
        "id": "8732"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000286"
      },
      {
        "date": "2010-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200311-070"
      },
      {
        "date": "2018-05-03T01:29:00",
        "db": "NVD",
        "id": "CVE-2003-0543"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-070"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in SSL/TLS implementations",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-070"
      }
    ],
    "trust": 0.9
  }
}

var-202302-0482
Vulnerability from variot

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. (CVE-2022-4304) A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. Under certain conditions. (CVE-2023-0286). Bugs fixed (https://bugzilla.redhat.com/):

2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

  1. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.

All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide several bug fixes. Bugs fixed (https://bugzilla.redhat.com/):

2171965 - [4.11 clone] Secrets are used in env variables 2176012 - [ODF 4.11] Move the defaults for rookceph operator from configmap to csv 2181405 - CVE-2022-40186 vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity 2183683 - [ODF 4.11] Deployment of ODF 4.9 over external mode failing with: panic: assignment to entry in nil map in ocs-operator logs 2186456 - Include at ODF 4.11 container images the RHEL8 CVE fix on "openssl"

  1. Summary:

Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Description:

Multicluster Engine for Kubernetes 2.1.6 images

Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds.

You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Jira issue addressed:

ACM-3513: MCE 2.1.6 images

Security fix(es):

  • CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

  • Solution:

For multicluster engine for Kubernetes, see the following documentation for details on how to install the images:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/multicluster_engine/multicluster_engine_overview#installing-while-connected-online-mce

  1. Bugs fixed (https://bugzilla.redhat.com/):

2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

  1. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update Advisory ID: RHSA-2023:3354-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2023:3354 Issue date: 2023-06-05 CVE Names: CVE-2006-20001 CVE-2022-4304 CVE-2022-4450 CVE-2022-25147 CVE-2022-43551 CVE-2022-43552 CVE-2023-0215 CVE-2023-0286 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-25690 =====================================================================

  1. Summary:

An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)
  • curl: HSTS bypass via IDN (CVE-2022-43551)
  • curl: HTTP Proxy deny use-after-free (CVE-2022-43552)
  • curl: HSTS ignored on multiple requests (CVE-2023-23914)
  • curl: HSTS amnesia with --parallel (CVE-2023-23915)
  • curl: HTTP multi-header compression denial of service (CVE-2023-23916)
  • httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)
  • httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
  • openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
  • openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)
  • openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)
  • openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.

  1. Bugs fixed (https://bugzilla.redhat.com/):

2152639 - CVE-2022-43551 curl: HSTS bypass via IDN 2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response 2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte 2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName 2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation 2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF 2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex 2167797 - CVE-2023-23914 curl: HSTS ignored on multiple requests 2167813 - CVE-2023-23915 curl: HSTS amnesia with --parallel 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service 2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy

  1. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  2. References:

https://access.redhat.com/security/cve/CVE-2006-20001 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-25147 https://access.redhat.com/security/cve/CVE-2022-43551 https://access.redhat.com/security/cve/CVE-2022-43552 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-23914 https://access.redhat.com/security/cve/CVE-2023-23915 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/cve/CVE-2023-25690 https://access.redhat.com/security/updates/classification/#important

  1. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBZH4jO9zjgjWX9erEAQhdzQ//WjNcrrZ2U8gZyEoQSCNUuGWPbKkm9H5e bdaRIBdB+st5qK0c114J+jSozhjpTsY3FvKVQaIvO5HVpQLXgJZEAjWjTCJPF0R6 zEafAjK8UennjPkXzH7kYfXrGMIyDh+aMj0QN+SQM2IyD34W0Zk3uwjRnO1RlwCN PuPv9RxSTa8SbFAoYkmvI9N1e73Qiwv/50m9dN6DSo1jpLIhiiG15GIB0baoOS05 5Vh8haPq9jmbsHjdyEdDNifgruwm/OipaS6QrcB21T2f0Tsy3Kvn7oUbXC5NxKWZ 1H5RWEnVhFA+pfeY5ZChVYuktqFuhhhsnCcdLzMrzNsDquZXcKP/sRG4Lg6EjrOr sv7ywIgIEAYrHSuXj+b4Bkx1NRKZtMknsfi9Mw3vCARAqvIapBNIthC4dqg0gIiS HoXtsZDoz7GGcguOpcrMuzPOaiJiS8u9M8068JT6k20DSAM/jmL/mkzhaw2GG+KV MRLIaJViehUCrxJ4eht+djH4Mv8aEORWJx81yG91IKsH7nMcBkvqYsHf1qBxm78T L8L1va2P9tS1tA4Dbfp8aKr/Jr/ocMOJhapGCMNnAwsAUErgaGYOSVbYo4Bp2hrG FCsgWJWCB6NQwvRv/CZXar5AMvmVlrOVqYEHjMVQBfVS3Bu12a12EGKtnO3fJAYa 2SvVnChgmv4= =TkYq -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . OpenSSL Security Advisory [7th February 2023] =============================================

X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)

Severity: High

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.

When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

OpenSSL versions 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. OpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers only).

This issue was reported on 11th January 2023 by David Benjamin (Google). The fix was developed by Hugo Landau.

OpenSSL 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. OpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers only).

An initial report of a possible timing side channel was made on 14th July 2020 by Hubert Kario (Red Hat). A refined report identifying a specific timing side channel was made on 15th July 2022 by Hubert Kario. The fix was developed by Dmitry Belyavsky (Red Hat) and Hubert Kario.

X.509 Name Constraints Read Buffer Overflow (CVE-2022-4203)

Severity: Moderate

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer.

The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory.

OpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue.

OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8.

OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

This issue was reported to OpenSSL on 3rd November 2022 by Corey Bonnell from Digicert. The fix was developed by Viktor Dukhovni.

Use-after-free following BIO_new_NDEF (CVE-2023-0215)

Severity: Moderate

The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications.

The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash.

This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.

Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream.

The OpenSSL cms and smime command line applications are similarly affected.

OpenSSL 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. OpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers only).

This issue was reported on 29th November 2022 by Octavio Galland and Marcel Böhme (Max Planck Institute for Security and Privacy). The fix was developed by Viktor Dukhovni and Matt Caswell.

Double free after calling PEM_read_bio_ex (CVE-2022-4450)

Severity: Moderate

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack.

The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected.

These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0.

The OpenSSL asn1parse command line application is also impacted by this issue.

OpenSSL 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t.

OpenSSL 1.0.2 is not affected by this issue.

This issue was discovered by CarpetFuzz and reported on 8th December 2022 by Dawei Wang. The fix was developed by Kurt Roeckx and Matt Caswell.

Invalid pointer dereference in d2i_PKCS7 functions (CVE-2023-0216)

Severity: Moderate

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.

The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.

OpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue.

OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8.

OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

This issue was reported on 27th December 2022 by Marc Schönefeld. The fix was developed by Tomas Mraz.

NULL dereference validating DSA public key (CVE-2023-0217)

Severity: Moderate

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack.

The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.

OpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue.

OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8.

OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

This issue was reported on 27th December 2022 by Kurt Roeckx. The fix was developed by Shane Lontis from Oracle.

NULL dereference during PKCS7 data verification (CVE-2023-0401)

Severity: Moderate

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash.

The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider.

PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.

OpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue.

OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8.

OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

This issue was reported on 13th January 2023 by Hubert Kario and Dmitry Belyavsky (Red Hat). The fix was developed by Tomas Mraz.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20230207.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/general/security-policy.html .

This advisory contains OpenShift Virtualization 4.12.6 images. Bugs fixed (https://bugzilla.redhat.com/):

2139896 - Requested TSC frequency outside tolerance range & TSC scaling not supported 2145146 - CDI operator is not creating PrometheusRule resource with alerts if CDI resource is incorrect 2148383 - Migration metrics values are not sum up values from all VMIs 2149409 - HPP mounter deployment can't mount as unprivileged 2168489 - Overview -> Migrations - The ?Bandwidth consumption? Graph display with wrong values 2184435 - [cnv-4.12] virt-handler should not delete any pre-configured mediated devices i these are provided by an external provider 2222191 - [cnv-4.12] manually increasing the number of virt-api pods does not work

  1. ========================================================================== Ubuntu Security Notice USN-6564-1 January 03, 2024

nodejs vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Node.js.

Software Description: - nodejs: An open-source, cross-platform JavaScript runtime environment.

Details:

Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. (CVE-2022-4304)

CarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-4450)

Octavio Galland and Marcel Böhme discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-0215)

David Benjamin discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-0286)

Hubert Kario and Dmitry Belyavsky discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-0401)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04 LTS: libnode-dev 12.22.9~dfsg-1ubuntu3.3 libnode72 12.22.9~dfsg-1ubuntu3.3 nodejs 12.22.9~dfsg-1ubuntu3.3

In general, a standard system update will make all the necessary changes

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202302-0482",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ucosminexus service platform",
        "scope": null,
        "trust": 1.6,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": null,
        "trust": 1.6,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "ucosminexus primary server base",
        "scope": null,
        "trust": 1.6,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "3.0.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2zg"
      },
      {
        "model": "network security",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "stormshield",
        "version": "4.4.0"
      },
      {
        "model": "network security",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "stormshield",
        "version": "2.7.0"
      },
      {
        "model": "network security",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "stormshield",
        "version": "4.6.3"
      },
      {
        "model": "network security",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "stormshield",
        "version": "2.8.0"
      },
      {
        "model": "network security",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "stormshield",
        "version": "4.3.16"
      },
      {
        "model": "network security",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "stormshield",
        "version": "3.8.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1t"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "3.0.8"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1"
      },
      {
        "model": "sslvpn",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "stormshield",
        "version": "3.2.1"
      },
      {
        "model": "network security",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "stormshield",
        "version": "2.7.11"
      },
      {
        "model": "endpoint security",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "stormshield",
        "version": "7.2.40"
      },
      {
        "model": "network security",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "stormshield",
        "version": "4.0.0"
      },
      {
        "model": "network security",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "stormshield",
        "version": "3.11.22"
      },
      {
        "model": "network security",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "stormshield",
        "version": "3.7.34"
      },
      {
        "model": "hitachi compute systems manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "hitachi tuning manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/performance management - manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/snmp system observer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u74b0\u5883 for java",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "connexive pf",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "jp1/it desktop management 2 - smart device manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "hitachi tiered storage manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "hitachi configuration manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "nec multimedia olap for \u6620\u50cf\u5206\u6790\u30b5\u30fc\u30d3\u30b9",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "jp1/navigation platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/navigation platform for developers",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "openssl",
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "jp1/operations analytics",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/base",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "ix \u30eb\u30fc\u30bf",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "jp1/automatic job management system 3 - manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "\u5f97\u9078\u8857\u30fbgcb",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "jp1/it desktop management 2 - manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/data highway - server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/it desktop management 2 - operations director",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/performance management - agent option for service response",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "esmpro/serveragent",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "neoface monitor",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "\u990a\u6b96\u9b5a\u30b5\u30a4\u30ba\u6e2c\u5b9a\u81ea\u52d5\u5316\u30b5\u30fc\u30d3\u30b9",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "vran",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "ucosminexus application server-r",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/service support",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/service support starter edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "hitachi device manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/automatic operation",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "spoolserver/reportfiling",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "hitachi global link manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "webotx sip application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "cosminexus http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "hitachi replication manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "iot \u5171\u901a\u57fa\u76e4",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "\u65e5\u7acb\u30a2\u30c9\u30d0\u30f3\u30b9\u30c8\u30b5\u30fc\u30d0 ha8000v \u30b7\u30ea\u30fc\u30ba",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/data highway - server starter edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "connexive application platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "nec enhanced speech analysis",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "jp1/automatic job management system 3 - definitions assistant",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/file transmission server/ftp",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003736"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-4304"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0.8",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.1t",
                "versionStartIncluding": "1.1.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.2zg",
                "versionStartIncluding": "1.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.6.3",
                "versionStartIncluding": "4.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.16",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.11.22",
                "versionStartIncluding": "3.8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.7.34",
                "versionStartIncluding": "2.8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.7.11",
                "versionStartIncluding": "2.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stormshield:endpoint_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.2.40",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stormshield:sslvpn:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-4304"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "173547"
      },
      {
        "db": "PACKETSTORM",
        "id": "172045"
      },
      {
        "db": "PACKETSTORM",
        "id": "172084"
      },
      {
        "db": "PACKETSTORM",
        "id": "172737"
      },
      {
        "db": "PACKETSTORM",
        "id": "172734"
      },
      {
        "db": "PACKETSTORM",
        "id": "174517"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2022-4304",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-4304",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-4304",
            "trust": 1.8,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003736"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-4304"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE. \n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection. (CVE-2022-4304)\nA use-after-free vulnerability was found in OpenSSL\u0027s BIO_new_NDEF function. Under certain conditions. (CVE-2023-0286). Bugs fixed (https://bugzilla.redhat.com/):\n\n2212085 - CVE-2023-3089 openshift: OCP \u0026 FIPS mode\n\n5. Red Hat\nOpenShift Data Foundation is a highly scalable, production-grade persistent\nstorage for stateful applications running in the Red Hat OpenShift\nContainer Platform. In addition to persistent storage, Red Hat OpenShift\nData Foundation provisions a multicloud data management service with an S3\ncompatible API. \n\nAll users of Red Hat OpenShift Data Foundation are advised to upgrade to\nthese updated images, which provide several bug fixes. Bugs fixed (https://bugzilla.redhat.com/):\n\n2171965 - [4.11 clone] Secrets are used in env variables\n2176012 - [ODF 4.11] Move the defaults for rookceph operator from configmap to csv\n2181405 - CVE-2022-40186 vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity\n2183683 - [ODF 4.11] Deployment of ODF 4.9 over external mode failing with: panic: assignment to entry in nil map in ocs-operator logs\n2186456 - Include at ODF 4.11 container images the RHEL8 CVE fix on \"openssl\"\n\n5. Summary:\n\nMulticluster Engine for Kubernetes 2.1.6 General Availability release\nimages,\nwhich fix bugs and security updates container images. Description:\n\nMulticluster Engine for Kubernetes 2.1.6 images\n\nMulticluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds. \n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters or to bring existing Kubernetes-based clusters under management by\nimporting them. After the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy. \n\nJira issue addressed:\n\nACM-3513: MCE 2.1.6 images\n\nSecurity fix(es):\n\n* CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service\n(ReDoS) vulnerability\n\n3. Solution:\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/multicluster_engine/multicluster_engine_overview#installing-while-connected-online-mce\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability\n\n5. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update\nAdvisory ID:       RHSA-2023:3354-01\nProduct:           Red Hat JBoss Core Services\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:3354\nIssue date:        2023-06-05\nCVE Names:         CVE-2006-20001 CVE-2022-4304 CVE-2022-4450 \n                   CVE-2022-25147 CVE-2022-43551 CVE-2022-43552 \n                   CVE-2023-0215 CVE-2023-0286 CVE-2023-23914 \n                   CVE-2023-23915 CVE-2023-23916 CVE-2023-25690 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Core Services Apache HTTP\nServer 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nService Pack 2 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and\nenhancements, which are documented in the Release Notes document linked to\nin the References. \n\nSecurity Fix(es):\n\n* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)\n* curl: HSTS bypass via IDN (CVE-2022-43551)\n* curl: HTTP Proxy deny use-after-free (CVE-2022-43552)\n* curl: HSTS ignored on multiple requests (CVE-2023-23914)\n* curl: HSTS amnesia with --parallel (CVE-2023-23915)\n* curl: HTTP multi-header compression denial of service (CVE-2023-23916)\n* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)\n* httpd: HTTP request splitting with mod_rewrite and mod_proxy\n(CVE-2023-25690)\n* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)\n* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)\n* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)\n* openssl: X.400 address type confusion in X.509 GeneralName\n(CVE-2023-0286)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for\nthis update to take effect. After installing the updated packages, the\nhttpd daemon will be restarted automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2152639 - CVE-2022-43551 curl: HSTS bypass via IDN\n2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response\n2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte\n2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName\n2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation\n2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF\n2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex\n2167797 - CVE-2023-23914 curl: HSTS ignored on multiple requests\n2167813 - CVE-2023-23915 curl: HSTS amnesia with --parallel\n2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service\n2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64\n2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy\n\n6.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2006-20001\nhttps://access.redhat.com/security/cve/CVE-2022-4304\nhttps://access.redhat.com/security/cve/CVE-2022-4450\nhttps://access.redhat.com/security/cve/CVE-2022-25147\nhttps://access.redhat.com/security/cve/CVE-2022-43551\nhttps://access.redhat.com/security/cve/CVE-2022-43552\nhttps://access.redhat.com/security/cve/CVE-2023-0215\nhttps://access.redhat.com/security/cve/CVE-2023-0286\nhttps://access.redhat.com/security/cve/CVE-2023-23914\nhttps://access.redhat.com/security/cve/CVE-2023-23915\nhttps://access.redhat.com/security/cve/CVE-2023-23916\nhttps://access.redhat.com/security/cve/CVE-2023-25690\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZH4jO9zjgjWX9erEAQhdzQ//WjNcrrZ2U8gZyEoQSCNUuGWPbKkm9H5e\nbdaRIBdB+st5qK0c114J+jSozhjpTsY3FvKVQaIvO5HVpQLXgJZEAjWjTCJPF0R6\nzEafAjK8UennjPkXzH7kYfXrGMIyDh+aMj0QN+SQM2IyD34W0Zk3uwjRnO1RlwCN\nPuPv9RxSTa8SbFAoYkmvI9N1e73Qiwv/50m9dN6DSo1jpLIhiiG15GIB0baoOS05\n5Vh8haPq9jmbsHjdyEdDNifgruwm/OipaS6QrcB21T2f0Tsy3Kvn7oUbXC5NxKWZ\n1H5RWEnVhFA+pfeY5ZChVYuktqFuhhhsnCcdLzMrzNsDquZXcKP/sRG4Lg6EjrOr\nsv7ywIgIEAYrHSuXj+b4Bkx1NRKZtMknsfi9Mw3vCARAqvIapBNIthC4dqg0gIiS\nHoXtsZDoz7GGcguOpcrMuzPOaiJiS8u9M8068JT6k20DSAM/jmL/mkzhaw2GG+KV\nMRLIaJViehUCrxJ4eht+djH4Mv8aEORWJx81yG91IKsH7nMcBkvqYsHf1qBxm78T\nL8L1va2P9tS1tA4Dbfp8aKr/Jr/ocMOJhapGCMNnAwsAUErgaGYOSVbYo4Bp2hrG\nFCsgWJWCB6NQwvRv/CZXar5AMvmVlrOVqYEHjMVQBfVS3Bu12a12EGKtnO3fJAYa\n2SvVnChgmv4=\n=TkYq\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. OpenSSL Security Advisory [7th February 2023]\n=============================================\n\nX.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n=================================================================\n\nSeverity: High\n\nThere is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING. \n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network. \n\nOpenSSL versions 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. \n\nOpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. \nOpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. \nOpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers\nonly). \n\nThis issue was reported on 11th January 2023 by David Benjamin (Google). \nThe fix was developed by Hugo Landau. \n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. \n\nOpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. \nOpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. \nOpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers\nonly). \n\nAn initial report of a possible timing side channel was made on 14th July 2020\nby Hubert Kario (Red Hat). A refined report identifying a specific timing side\nchannel was made on 15th July 2022 by Hubert Kario. \nThe fix was developed by Dmitry Belyavsky (Red Hat) and Hubert Kario. \n\nX.509 Name Constraints Read Buffer Overflow (CVE-2022-4203)\n===========================================================\n\nSeverity: Moderate\n\nA read buffer overrun can be triggered in X.509 certificate verification,\nspecifically in name constraint checking. Note that this occurs\nafter certificate chain signature verification and requires either a\nCA to have signed the malicious certificate or for the application to\ncontinue certificate verification despite failure to construct a path\nto a trusted issuer. \n\nThe read buffer overrun might result in a crash which could lead to\na denial of service attack. In theory it could also result in the disclosure\nof private memory contents (such as private keys, or sensitive plaintext)\nalthough we are not aware of any working exploit leading to memory\ncontents disclosure as of the time of release of this advisory. \n\nOpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue. \n\nOpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. \n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue. \n\nThis issue was reported to OpenSSL on 3rd November 2022 by Corey Bonnell\nfrom Digicert. The fix was developed by Viktor Dukhovni. \n\nUse-after-free following BIO_new_NDEF (CVE-2023-0215)\n=====================================================\n\nSeverity: Moderate\n\nThe public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications. \n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash. \n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. \n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream. \n\nThe OpenSSL cms and smime command line applications are similarly affected. \n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. \n\nOpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. \nOpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. \nOpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers\nonly). \n\nThis issue was reported on 29th November 2022 by Octavio Galland and\nMarcel B\u00f6hme (Max Planck Institute for Security and Privacy). The fix was\ndeveloped by Viktor Dukhovni and Matt Caswell. \n\nDouble free after calling PEM_read_bio_ex (CVE-2022-4450)\n=========================================================\n\nSeverity: Moderate\n\nThe function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. \nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack. \n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected. \n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0. \n\nThe OpenSSL asn1parse command line application is also impacted by this issue. \n\nOpenSSL 3.0 and 1.1.1 are vulnerable to this issue. \n\nOpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. \nOpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. \n\nOpenSSL 1.0.2 is not affected by this issue. \n\nThis issue was discovered by CarpetFuzz and reported on 8th December 2022 by\nDawei Wang. The fix was developed by Kurt Roeckx and Matt Caswell. \n\nInvalid pointer dereference in d2i_PKCS7 functions (CVE-2023-0216)\n==================================================================\n\nSeverity: Moderate\n\nAn invalid pointer dereference on read can be triggered when an\napplication tries to load malformed PKCS7 data with the\nd2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. \n\nThe result of the dereference is an application crash which could\nlead to a denial of service attack. The TLS implementation in OpenSSL\ndoes not call this function however third party applications might\ncall these functions on untrusted data. \n\nOpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue. \n\nOpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. \n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue. \n\nThis issue was reported on 27th December 2022 by Marc Sch\u00f6nefeld. \nThe fix was developed by Tomas Mraz. \n\nNULL dereference validating DSA public key (CVE-2023-0217)\n==========================================================\n\nSeverity: Moderate\n\nAn invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\nEVP_PKEY_public_check() function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack. \n\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3. \n\nOpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue. \n\nOpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. \n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue. \n\nThis issue was reported on 27th December 2022 by Kurt Roeckx. \nThe fix was developed by Shane Lontis from Oracle. \n\nNULL dereference during PKCS7 data verification (CVE-2023-0401)\n===============================================================\n\nSeverity: Moderate\n\nA NULL pointer can be dereferenced when signatures are being\nverified on PKCS7 signed or signedAndEnveloped data. In case the hash\nalgorithm used for the signature is known to the OpenSSL library but\nthe implementation of the hash algorithm is not available the digest\ninitialization will fail. There is a missing check for the return\nvalue from the initialization function which later leads to invalid\nusage of the digest API most likely leading to a crash. \n\nThe unavailability of an algorithm can be caused by using FIPS\nenabled configuration of providers or more commonly by not loading\nthe legacy provider. \n\nPKCS7 data is processed by the SMIME library calls and also by the\ntime stamp (TS) library calls. The TLS implementation in OpenSSL does\nnot call these functions however third party applications would be\naffected if they call these functions to verify signatures on untrusted\ndata. \n\nOpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue. \n\nOpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. \n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue. \n\nThis issue was reported on 13th January 2023 by Hubert Kario and\nDmitry Belyavsky (Red Hat). \nThe fix was developed by Tomas Mraz. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20230207.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/general/security-policy.html\n. \n\nThis advisory contains OpenShift Virtualization 4.12.6 images. Bugs fixed (https://bugzilla.redhat.com/):\n\n2139896 - Requested TSC frequency outside tolerance range \u0026 TSC scaling not supported\n2145146 - CDI operator is not creating PrometheusRule resource with alerts if CDI resource is incorrect\n2148383 - Migration metrics values are not sum up values from all VMIs\n2149409 - HPP mounter deployment can\u0027t mount as unprivileged\n2168489 - Overview -\u003e Migrations - The ?Bandwidth consumption? Graph display with wrong values\n2184435 - [cnv-4.12] virt-handler should not delete any pre-configured mediated devices i these are provided by an external provider\n2222191 - [cnv-4.12] manually increasing the number of virt-api pods does not work\n\n5. ==========================================================================\nUbuntu Security Notice USN-6564-1\nJanuary 03, 2024\n\nnodejs vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Node.js. \n\nSoftware Description:\n- nodejs: An open-source, cross-platform JavaScript runtime environment. \n\nDetails:\n\nHubert Kario discovered that Node.js incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a specially crafted input\nfile, a remote attacker could possibly use this issue to obtain sensitive\ninformation. (CVE-2022-4304)\n\nCarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain\ninputs. If a user or an automated system were tricked into opening a specially\ncrafted input file, a remote attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-4450)\n\nOctavio Galland and Marcel B\u00f6hme discovered that Node.js incorrectly handled\ncertain inputs. If a user or an automated system were tricked into opening a\nspecially crafted input file, a remote attacker could possibly use this issue\nto cause a denial of service. (CVE-2023-0215)\n\nDavid Benjamin discovered that Node.js incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a specially crafted input\nfile, a remote attacker could possibly use this issue to obtain sensitive\ninformation. (CVE-2023-0286)\n\nHubert Kario and Dmitry Belyavsky discovered that Node.js incorrectly handled\ncertain inputs. If a user or an automated system were tricked into opening a\nspecially crafted input file, a remote attacker could possibly use this issue\nto cause a denial of service. (CVE-2023-0401)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n   libnode-dev                     12.22.9~dfsg-1ubuntu3.3\n   libnode72                       12.22.9~dfsg-1ubuntu3.3\n   nodejs                          12.22.9~dfsg-1ubuntu3.3\n\nIn general, a standard system update will make all the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-4304"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003736"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-4304"
      },
      {
        "db": "PACKETSTORM",
        "id": "173547"
      },
      {
        "db": "PACKETSTORM",
        "id": "172045"
      },
      {
        "db": "PACKETSTORM",
        "id": "172084"
      },
      {
        "db": "PACKETSTORM",
        "id": "172737"
      },
      {
        "db": "PACKETSTORM",
        "id": "172734"
      },
      {
        "db": "PACKETSTORM",
        "id": "170922"
      },
      {
        "db": "PACKETSTORM",
        "id": "174517"
      },
      {
        "db": "PACKETSTORM",
        "id": "176366"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-4304",
        "trust": 3.5
      },
      {
        "db": "JVN",
        "id": "JVNVU90056839",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91676340",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95292697",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91198149",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU92598492",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99464755",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97200253",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99752892",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91213144",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU98954443",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-075-04",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-143-02",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-046-15",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-222-09",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-255-01",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-166-11",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-320-08",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-194-04",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003736",
        "trust": 0.8
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-4304",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "173547",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172045",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172084",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172737",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172734",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170922",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "174517",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "176366",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-4304"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003736"
      },
      {
        "db": "PACKETSTORM",
        "id": "173547"
      },
      {
        "db": "PACKETSTORM",
        "id": "172045"
      },
      {
        "db": "PACKETSTORM",
        "id": "172084"
      },
      {
        "db": "PACKETSTORM",
        "id": "172737"
      },
      {
        "db": "PACKETSTORM",
        "id": "172734"
      },
      {
        "db": "PACKETSTORM",
        "id": "170922"
      },
      {
        "db": "PACKETSTORM",
        "id": "174517"
      },
      {
        "db": "PACKETSTORM",
        "id": "176366"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-4304"
      }
    ]
  },
  "id": "VAR-202302-0482",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.24287330499999998
  },
  "last_update_date": "2024-06-17T11:16:50.530000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "hitachi-sec-2023-135 Software product security information",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20230207.txt"
      },
      {
        "title": "Red Hat: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-4304"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2023-1683",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2023-1683"
      },
      {
        "title": "Debian Security Advisories: DSA-5343-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b6a11b827fe9cfaea9c113b2ad37856f"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2023-1935",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2023-1935"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2023-1934",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2023-1934"
      },
      {
        "title": "Palo Alto Networks Security Advisory: PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=3092389eb9f034e4b8387a75a5ae33f8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2022-4304 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-4304"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003736"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-203",
        "trust": 1.0
      },
      {
        "problemtype": "others (CWE-Other) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003736"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-4304"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4304"
      },
      {
        "trust": 1.2,
        "url": "https://www.openssl.org/news/secadv/20230207.txt"
      },
      {
        "trust": 1.0,
        "url": "https://security.gentoo.org/glsa/202402-08"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91213144/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99752892/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91676340/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99464755/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95292697/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu90056839/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu97200253/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu92598492/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98954443/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91198149/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-04"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-02"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-11"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-04"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-09"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-01"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-08"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4450"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0215"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-4304"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2023-0215"
      },
      {
        "trust": 0.6,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-4450"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0286"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2023-0361"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0361"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2023-0286"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23916"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2023-23916"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://issues.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-48303"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40897"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-10735"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-40897"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4415"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-45061"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10735"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-4415"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-45061"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-28861"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28861"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-48303"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0401"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2022-4304"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://alas.aws.amazon.com/alas-2023-1683.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-26604"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-001"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:4114"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-1667"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-2283"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24736"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-24329"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-3089"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-2283"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-1667"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-3089"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-26604"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-24329"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40186"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:2023"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40186"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/multicluster_engine/multicluster_engine_overview#installing-while-connected-online-mce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25881"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:2061"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25881"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:3421"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=5.7"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25147"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-23915"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-25690"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43552"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-43552"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-23914"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25690"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23914"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-20001"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25147"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:3354"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23915"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43551"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2006-20001"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-43551"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4203"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/general/security-policy.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-34969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38408"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-3899"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-2602"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-32681"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-29469"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28321"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-34969"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-29469"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27536"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32681"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-28321"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28484"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-27536"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-28484"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:4982"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-2603"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-2602"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-2603"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-38408"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-6564-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nodejs/12.22.9~dfsg-1ubuntu3.3"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-4304"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003736"
      },
      {
        "db": "PACKETSTORM",
        "id": "173547"
      },
      {
        "db": "PACKETSTORM",
        "id": "172045"
      },
      {
        "db": "PACKETSTORM",
        "id": "172084"
      },
      {
        "db": "PACKETSTORM",
        "id": "172737"
      },
      {
        "db": "PACKETSTORM",
        "id": "172734"
      },
      {
        "db": "PACKETSTORM",
        "id": "170922"
      },
      {
        "db": "PACKETSTORM",
        "id": "174517"
      },
      {
        "db": "PACKETSTORM",
        "id": "176366"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-4304"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2022-4304"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003736"
      },
      {
        "db": "PACKETSTORM",
        "id": "173547"
      },
      {
        "db": "PACKETSTORM",
        "id": "172045"
      },
      {
        "db": "PACKETSTORM",
        "id": "172084"
      },
      {
        "db": "PACKETSTORM",
        "id": "172737"
      },
      {
        "db": "PACKETSTORM",
        "id": "172734"
      },
      {
        "db": "PACKETSTORM",
        "id": "170922"
      },
      {
        "db": "PACKETSTORM",
        "id": "174517"
      },
      {
        "db": "PACKETSTORM",
        "id": "176366"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-4304"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-4304"
      },
      {
        "date": "2023-03-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-003736"
      },
      {
        "date": "2023-07-18T13:35:08",
        "db": "PACKETSTORM",
        "id": "173547"
      },
      {
        "date": "2023-04-26T15:28:12",
        "db": "PACKETSTORM",
        "id": "172045"
      },
      {
        "date": "2023-05-02T15:33:51",
        "db": "PACKETSTORM",
        "id": "172084"
      },
      {
        "date": "2023-06-06T16:32:27",
        "db": "PACKETSTORM",
        "id": "172737"
      },
      {
        "date": "2023-06-06T16:30:34",
        "db": "PACKETSTORM",
        "id": "172734"
      },
      {
        "date": "2023-02-07T12:12:12",
        "db": "PACKETSTORM",
        "id": "170922"
      },
      {
        "date": "2023-09-06T16:39:54",
        "db": "PACKETSTORM",
        "id": "174517"
      },
      {
        "date": "2024-01-03T14:50:24",
        "db": "PACKETSTORM",
        "id": "176366"
      },
      {
        "date": "2023-02-08T20:15:23.887000",
        "db": "NVD",
        "id": "CVE-2022-4304"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-4304"
      },
      {
        "date": "2024-03-14T03:32:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-003736"
      },
      {
        "date": "2024-02-04T09:15:08.627000",
        "db": "NVD",
        "id": "CVE-2022-4304"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "176366"
      }
    ],
    "trust": 0.1
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL\u00a0 side-channel vulnerabilities in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003736"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "overflow",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "170922"
      }
    ],
    "trust": 0.1
  }
}

var-200110-0240
Vulnerability from variot

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. OpenSSL library vulnerabilities:

ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

(CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
allows remote attackers to cause a denial of service (infinite
loop and memory consumption) via malformed ASN.1 structures that
trigger an improperly handled error condition.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

(CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
SSH protocol, allows remote attackers to cause a denial of service
(CPU consumption) via an SSH packet that contains duplicate blocks,
which is not properly handled by the CRC compensation attack
detector.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)

files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

Full-Disclosure - We believe in it. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0240",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "5.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "6.06"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "5.10"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar410v2"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar450s"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar550s"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar570s"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar740"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10cu2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0.8"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux personal",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "fitelnet-f series",
        "scope": null,
        "trust": 0.8,
        "vendor": "furukawa electric",
        "version": null
      },
      {
        "model": "mucho series",
        "scope": null,
        "trust": 0.8,
        "vendor": "furukawa electric",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.10"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.9"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "x8610.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.50.3.45"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "ciscosecure acs appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1111"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "mds 9216i",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.10.2.65"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "ciscosecure acs for windows and unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-4343",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-4343",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4343",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-534",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      }
    ],
    "trust": 4.41
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 2.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25420",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1973",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4443",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29263",
        "trust": 1.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4773",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "id": "VAR-200110-0240",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.32525984999999996
  },
  "last_update_date": "2024-05-24T22:10:35.107000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Oracle Critical Patch Update - January 2007",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "openssl (V2.x)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1003"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102711",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "Oracle Critical Patch Update - January 2007",
        "trust": 0.8,
        "url": "http://otn.oracle.co.jp/security/070119_77/top.html"
      },
      {
        "title": "X.509\u8a3c\u660e\u66f8\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20071108.html"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      },
      {
        "title": "729618/NISCC/PARASITIC-KEYS",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/niscc729618.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-DesignError",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.7,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/386964"
      },
      {
        "trust": 1.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25420"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29263"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4443"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1973"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10207"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4356"
      },
      {
        "trust": 1.0,
        "url": "https://www.exploit-db.com/exploits/4773"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr044501.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/niscc/niscc-729618/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4343"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf?lang=en"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20246"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T09:25:00",
        "db": "BID",
        "id": "20246"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "date": "2018-10-17T21:36:13.210000",
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "design error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0498
Vulnerability from variot

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. The following are vulnerable: OpenSSL 1.0.2 prior to 1.0.2b OpenSSL 1.0.1 prior to 1.0.1n OpenSSL 1.0.0 prior to 1.0.0s OpenSSL 0.9.8 prior to 0.9.8zg. The following firmware versions of Virtual Connect (VC) are impacted:

HPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45 HPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21

Note: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800, CVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and CVE-2016-2842.

Release Date: 2015-08-05 Last Updated: 2015-08-05

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled.

References:

CVE-2015-4000: DHE man-in-the-middle protection (Logjam).

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1793 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided an updated version of OpenSSL to resolve this vulnerability.

A new B.11.31 depot for OpenSSL_A.01.00.01p is available here:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I

MANUAL ACTIONS: Yes - Update

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.31

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.01.00.01p or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 5 August 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ============================================================================ Ubuntu Security Notice USN-2639-1 June 11, 2015

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL. (CVE-2014-8176)

Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.4

Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.8

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.15

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.31

After a standard system update you need to reboot your computer to make all the necessary changes. Corrected: 2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE) 2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12) 2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE) 2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16) 2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE) 2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30) CVE Name: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 CVE-2015-1792, CVE-2015-4000

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project.

II. [CVE-2015-1791]

The OpenSSL advisory also describes a problem that is identified as CVE-2014-8176, which is already fixed by an earlier FreeBSD Errata Notice, FreeBSD-EN-15:02.openssl.

III. [CVE-2015-4000]. [CVE-2015-1788]. This affects FreeBSD 10.1 only, as the problem was no longer exist in OpenSSL 0.9.8 series since July 2012. [CVE-2015-1790]. [CVE-2015-1792]

An attacker may be able to crash multi-thread applications that supports resumed TLS handshakes. [CVE-2015-1791]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.1]

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc

gpg --verify openssl-10.1.patch.asc

[FreeBSD 9.3 and 8.4]

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc

gpg --verify openssl-8.4.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r284286 releng/8.4/ r284295 stable/9/ r284286 releng/9.3/ r284295 stable/10/ r284285 releng/10.1/ r284295

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:1115-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1115.html Issue date: 2015-06-15 CVE Names: CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176)

A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. (CVE-2015-3216)

An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)

A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791)

A flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792)

A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)

Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Böck as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Käsper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792.

All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression 1228603 - CVE-2015-1789 OpenSSL: out-of-bounds read in X509_cmp_time 1228604 - CVE-2015-1790 OpenSSL: PKCS7 crash with missing EnvelopedContent 1228607 - CVE-2015-1792 OpenSSL: CMS verify infinite loop with unknown hash function 1228608 - CVE-2015-1791 OpenSSL: Race condition handling NewSessionTicket 1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-30.el6_6.11.src.rpm

i386: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-perl-1.0.1e-30.el6_6.11.i686.rpm openssl-static-1.0.1e-30.el6_6.11.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-30.el6_6.11.src.rpm

x86_64: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-30.el6_6.11.src.rpm

i386: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm

ppc64: openssl-1.0.1e-30.el6_6.11.ppc.rpm openssl-1.0.1e-30.el6_6.11.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.11.ppc.rpm openssl-devel-1.0.1e-30.el6_6.11.ppc64.rpm

s390x: openssl-1.0.1e-30.el6_6.11.s390.rpm openssl-1.0.1e-30.el6_6.11.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.s390x.rpm openssl-devel-1.0.1e-30.el6_6.11.s390.rpm openssl-devel-1.0.1e-30.el6_6.11.s390x.rpm

x86_64: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-perl-1.0.1e-30.el6_6.11.i686.rpm openssl-static-1.0.1e-30.el6_6.11.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-30.el6_6.11.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.11.ppc64.rpm openssl-static-1.0.1e-30.el6_6.11.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-30.el6_6.11.s390x.rpm openssl-perl-1.0.1e-30.el6_6.11.s390x.rpm openssl-static-1.0.1e-30.el6_6.11.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-30.el6_6.11.src.rpm

i386: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-perl-1.0.1e-30.el6_6.11.i686.rpm openssl-static-1.0.1e-30.el6_6.11.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-42.el7_1.8.src.rpm

x86_64: openssl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.8.i686.rpm openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.8.i686.rpm openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-static-1.0.1e-42.el7_1.8.i686.rpm openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-42.el7_1.8.src.rpm

x86_64: openssl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.8.i686.rpm openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.8.i686.rpm openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-static-1.0.1e-42.el7_1.8.i686.rpm openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-42.el7_1.8.src.rpm

ppc64: openssl-1.0.1e-42.el7_1.8.ppc64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.ppc.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.ppc64.rpm openssl-devel-1.0.1e-42.el7_1.8.ppc.rpm openssl-devel-1.0.1e-42.el7_1.8.ppc64.rpm openssl-libs-1.0.1e-42.el7_1.8.ppc.rpm openssl-libs-1.0.1e-42.el7_1.8.ppc64.rpm

s390x: openssl-1.0.1e-42.el7_1.8.s390x.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.s390.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.s390x.rpm openssl-devel-1.0.1e-42.el7_1.8.s390.rpm openssl-devel-1.0.1e-42.el7_1.8.s390x.rpm openssl-libs-1.0.1e-42.el7_1.8.s390.rpm openssl-libs-1.0.1e-42.el7_1.8.s390x.rpm

x86_64: openssl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.8.i686.rpm openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.8.i686.rpm openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-42.ael7b_1.8.src.rpm

ppc64le: openssl-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-debuginfo-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-devel-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-libs-1.0.1e-42.ael7b_1.8.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-42.el7_1.8.ppc.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.ppc64.rpm openssl-perl-1.0.1e-42.el7_1.8.ppc64.rpm openssl-static-1.0.1e-42.el7_1.8.ppc.rpm openssl-static-1.0.1e-42.el7_1.8.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-42.el7_1.8.s390.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.s390x.rpm openssl-perl-1.0.1e-42.el7_1.8.s390x.rpm openssl-static-1.0.1e-42.el7_1.8.s390.rpm openssl-static-1.0.1e-42.el7_1.8.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-static-1.0.1e-42.el7_1.8.i686.rpm openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le: openssl-debuginfo-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-perl-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-static-1.0.1e-42.ael7b_1.8.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-42.el7_1.8.src.rpm

x86_64: openssl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.8.i686.rpm openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.8.i686.rpm openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-static-1.0.1e-42.el7_1.8.i686.rpm openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8176 https://access.redhat.com/security/cve/CVE-2015-1789 https://access.redhat.com/security/cve/CVE-2015-1790 https://access.redhat.com/security/cve/CVE-2015-1791 https://access.redhat.com/security/cve/CVE-2015-1792 https://access.redhat.com/security/cve/CVE-2015-3216 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150611.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFVf0NNXlSAg2UNWIIRArL4AJ9e7lbD/4Nks5midR5o3E4Bs5lQWQCgnrvk ZyXizCcFL9oAQexObjxp/Mo= =PXiY -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. 5 client) - i386, x86_64

  1. (CVE-2015-1790)

A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. (CVE-2015-4000)

Note: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. OpenSSL Security Advisory [11 Jun 2015] =======================================

DHE man-in-the-middle protection (Logjam)

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000).

OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.

Malformed ECParameters causes infinite loop (CVE-2015-1788)

Severity: Moderate

When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field.

This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled.

This issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent 1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The fix was developed by Andy Polyakov of the OpenSSL development team.

Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)

Severity: Moderate

X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string.

An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki (Google), and independently on 11th April 2015 by Hanno Böck. The fix was developed by Emilia Käsper of the OpenSSL development team.

PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)

Severity: Moderate

The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.

Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 18th April 2015 by Michal Zalewski (Google). The fix was developed by Emilia Käsper of the OpenSSL development team.

This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. The fix was developed by Matt Caswell of the OpenSSL development team. It existed in previous OpenSSL versions and was fixed in June 2014.

If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption.

This issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

This issue was originally reported on March 28th 2014 in https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google). A fix was developed by zhu qun-ying.

The fix for this issue can be identified by commits bcc31166 (1.0.1), b79e6e3a (1.0.0) and 4b258e73 (0.9.8).

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150611.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0498",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zf"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "sparc-opl service processor",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.9,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "hs series all versions"
      },
      {
        "model": "hpe systems insight manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "6.1"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.54"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver6.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v7.1 to  v8.1"
      },
      {
        "model": "hpe matrix operating environment",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0s"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "7.0"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v4.2 to  v6.5"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "mcoperations ver3.6.2 to  ver4.2"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ip38x/5000",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0 manager component"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.25 and earlier"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c ucm"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "none"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "systemmanager ver5.5.2 to  ver6.2.1"
      },
      {
        "model": "ip38x/3500",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.2"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7500/nv5500/nv3500 series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7400/nv5400/nv3400 series"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v7.1 to  v8.1"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle exalogic infrastructure eecs 2.0.6.2.3"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "uddi registry v1.1 to  v7.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator probe option ver3.1.0.x to  ver4.1.0.x"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c cmm"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v4.2 to  v6.5"
      },
      {
        "model": "hpe server migration pack",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1"
      },
      {
        "model": "xcp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v7.1"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.53"
      },
      {
        "model": "hpe version control repository manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "jobcenter r14.1"
      },
      {
        "model": "ip38x/810",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v4.1 to  v6.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "server provisioning"
      },
      {
        "model": "xcp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1 to  v8.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator agent ver3.3 to  ver4.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v4.1 to  v6.5"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.4 to  v9.2"
      },
      {
        "model": "ip38x/1210",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator manager ver3.2.2 to  ver4.1"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "8.0"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "sparc-opl service processor",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2"
      },
      {
        "model": "sparc enterprise m5000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "junos 12.1x44-d33",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.0.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "imc products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37001.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "junos 12.1x44-d50",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50001.1"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.0.52"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.10.38"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 15.1r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sparc enterprise m4000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.12"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4.2"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "exalogic infrastructure eecs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.6.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.2"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.34"
      },
      {
        "model": "sparc enterprise m9000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "flashsystem 9840-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "ds8870 r7.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.12.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.5"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.18"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.0.4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "fortivoice enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.6"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.7"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.19"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.1"
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "model": "junos 12.1x46-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "junos 13.2x51-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.12"
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "junos 12.1x47-d45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "sparc enterprise m5000 xcp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "screenos 6.3.0r13",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.1.5"
      },
      {
        "model": "linux enterprise server sp4 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "secure backup",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.13"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "project openssl 0.9.8zf",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "qradar incident forensics mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.6"
      },
      {
        "model": "aura application server sip core pb5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "infosphere guardium for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "sparc enterprise m4000 xcp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35001.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.1.0"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "flashsystem 9846-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "fsso build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "235"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.3"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.5"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.01"
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "junos 13.2x51-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "sparc enterprise m8000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.6"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "sparc enterprise m3000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "junos 12.3r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.214"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.5"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.2"
      },
      {
        "model": "hp-ux b.11.22",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "insight orchestration",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 14.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.12"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.6"
      },
      {
        "model": "open source siem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "junos 13.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "cms r16.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.19"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "junos 14.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.8"
      },
      {
        "model": "linux enterprise server sp2 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.33"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "enterprise content management system monitor fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.02"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.03"
      },
      {
        "model": "i v5r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "junos 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.1.8"
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "junos 14.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "one-x client enablement services sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "screenos 6.3.0r19",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.8"
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.213"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.6"
      },
      {
        "model": "hp-ux b.11.11.16.09",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.07"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.38"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "aura utility services sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.12"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "flashsystem 9848-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.6"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.3"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.35"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "project openssl 0.9.8zg",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 13.2x51-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sparc enterprise m8000 xcp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "qradar siem mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.5"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.3"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.7"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.10"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.5"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "aura conferencing sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "workload deployer if9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "junos 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.212"
      },
      {
        "model": "cognos insight standard edition fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.124"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.0"
      },
      {
        "model": "sparc enterprise m4000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "hp-ux b.11.11.14.15",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.20.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.3"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.21"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "unified security management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.15"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "hp-ux b.11.11.15.13",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.3"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.14"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.3"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "one-x client enablement services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "hp-ux b.11.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d51",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server eus 6.6.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "qradar incident forensics mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 12.3x48-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.03"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "rational policy tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.9"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.30"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "aura conferencing sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.11.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "junos d40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "junos 15.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.38"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.14"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "screenos 6.3.0r22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.5"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.14"
      },
      {
        "model": "cognos insight standard edition fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.214"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.16"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "junos 14.1r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.16"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.10"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "hp-ux b.11.23.1.007",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "forticlient windows/mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.31"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.04"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.6"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security identity governance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.12"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "hp-ux b.11.11.02.008",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.19"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "junos 14.2r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "powerkvm build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.157"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "16.1"
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "sparc enterprise m8000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.24"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vcx products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "aura application server sip core pb3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.10"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "flashsystem 9843-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "sparc enterprise m3000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.5"
      },
      {
        "model": "hp-ux b.11.11.17.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.01"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "sparc enterprise m9000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.03"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.41"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.41"
      },
      {
        "model": "hp-ux b.11.23.07.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "aura conferencing sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.7"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.2"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "junos 12.1x46-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.3"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "junos 15.1x49-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.41"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.3"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.12"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.10"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "flashsystem 9848-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.13"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.62"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.2"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.5"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "junos 12.3x48-d30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "junos 13.2x51-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "aura conferencing sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.05"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "junos 15.1x49-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura messaging sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "sparc enterprise m5000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.13"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "ascenlink",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.2.3"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sterling integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.9"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "junos 13.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "flashsystem 9843-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "communications security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "qradar siem patch ifix01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.44"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.00"
      },
      {
        "model": "filenet system monitor interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.8"
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "screenos 6.3.0r21",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.19"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "aura communication manager ssp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1.8"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise content management system monitor interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "sterling connect:enterprise for unix ifix03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "junos 12.1x44-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d30.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "junos d20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.07"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.50"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.8"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "sparc enterprise m9000 xcp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "qradar siem mr2 patch ifi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.110"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "hp-ux b.11.11.13.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.7"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.34"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "screenos 6.3.0r12",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.2.0"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.12"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 13.2x51-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.45"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "junos 14.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "flashsystem 9846-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.11"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.16"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.21"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.0"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.21.0"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "sparc enterprise m3000 xcp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.26"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "qradar siem mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.37"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.19"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.1.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.15"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.6"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.02"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.23"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "junos 12.3r11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "linux enterprise server sp1 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "screenos 6.3.0r20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "junos 13.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cognos insight standard edition fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.24"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "aura application server sip core sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "junos 14.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.33"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.37"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "junos 12.1x44-d35.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.12"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "junos 14.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.32"
      },
      {
        "model": "junos 13.2x51-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.8"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.19"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75156"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zf",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1121",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Robert Swiecki(Google) and Hanno B\u0026amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;ouml;ck.",
    "sources": [
      {
        "db": "BID",
        "id": "75156"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-1789",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-1789",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-1789",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1789",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201506-245",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-1789",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1789"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. \nThe following are vulnerable:\nOpenSSL 1.0.2 prior to 1.0.2b\nOpenSSL 1.0.1 prior to 1.0.1n\nOpenSSL 1.0.0 prior to 1.0.0s\nOpenSSL 0.9.8 prior to 0.9.8zg. \nThe following firmware versions of Virtual Connect (VC) are impacted:\n\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21\n\nNote: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800,\nCVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and\nCVE-2016-2842. \n\nRelease Date: 2015-08-05\nLast Updated: 2015-08-05\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running\nOpenSSL with SSL/TLS enabled. \n\nReferences:\n\nCVE-2015-4000: DHE man-in-the-middle protection (Logjam). \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2015-4000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2015-1788    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1793    (AV:N/AC:L/Au:N/C:P/I:P/A:N)       6.4\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided an updated version of OpenSSL to resolve this vulnerability. \n\nA new B.11.31 depot for OpenSSL_A.01.00.01p is available here:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nMANUAL ACTIONS: Yes - Update\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.01.00.01p or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 5 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. ============================================================================\nUbuntu Security Notice USN-2639-1\nJune 11, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2014-8176)\n\nJoseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed\nECParameters structures. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n  libssl1.0.0                     1.0.1f-1ubuntu11.4\n\nUbuntu 14.10:\n  libssl1.0.0                     1.0.1f-1ubuntu9.8\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.15\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.31\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \nCorrected:      2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE)\n                2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12)\n                2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE)\n                2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16)\n                2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE)\n                2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30)\nCVE Name:       CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791\n                CVE-2015-1792, CVE-2015-4000\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2015-1791]\n\nThe OpenSSL advisory also describes a problem that is identified as\nCVE-2014-8176, which is already fixed by an earlier FreeBSD Errata\nNotice, FreeBSD-EN-15:02.openssl. \n\nIII. [CVE-2015-4000]. \n[CVE-2015-1788].  This affects FreeBSD 10.1 only, as the problem\nwas no longer exist in OpenSSL 0.9.8 series since July 2012. [CVE-2015-1790]. [CVE-2015-1792]\n\nAn attacker may be able to crash multi-thread applications that\nsupports resumed TLS handshakes. [CVE-2015-1791]\n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\n[FreeBSD 9.3 and 8.4]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc\n# gpg --verify openssl-8.4.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r284286\nreleng/8.4/                                                       r284295\nstable/9/                                                         r284286\nreleng/9.3/                                                       r284295\nstable/10/                                                        r284285\nreleng/10.1/                                                      r284295\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2015:1115-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1115.html\nIssue date:        2015-06-15\nCVE Names:         CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 \n                   CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nAn invalid free flaw was found in the way OpenSSL handled certain DTLS\nhandshake messages. A malicious DTLS client or server could cause a DTLS\nserver or client using OpenSSL to crash or, potentially, execute arbitrary\ncode. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Red Hat\nEnterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes()\nfunction. (CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of\nOpenSSL. A specially crafted X.509 certificate or a Certificate Revocation\nList (CRL) could possibly cause a TLS/SSL server or client using OpenSSL\nto crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL. This\nissue could possibly cause a multi-threaded TLS/SSL client using OpenSSL\nto double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message Syntax\n(CMS) messages. A CMS message with an unknown hash function identifier\ncould cause an application using OpenSSL to enter an infinite loop. \n(CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain\nPKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to crash. \n(CVE-2015-1790)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and\nCVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan\nFratric as the original reporters of CVE-2014-8176, Robert Swiecki and\nHanno B\u00f6ck as the original reporters of CVE-2015-1789, Michal Zalewski as\nthe original reporter of CVE-2015-1790, Emilia K\u00e4sper as the original\nreport of  CVE-2015-1791 and Johannes Bauer as the original reporter of\nCVE-2015-1792. \n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression\n1228603 - CVE-2015-1789 OpenSSL: out-of-bounds read in X509_cmp_time\n1228604 - CVE-2015-1790 OpenSSL: PKCS7 crash with missing EnvelopedContent\n1228607 - CVE-2015-1792 OpenSSL: CMS verify infinite loop with unknown hash function\n1228608 - CVE-2015-1791 OpenSSL: Race condition handling NewSessionTicket\n1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.11.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.11.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.11.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.11.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.11.ppc.rpm\nopenssl-1.0.1e-30.el6_6.11.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.11.s390.rpm\nopenssl-1.0.1e-30.el6_6.11.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.11.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.11.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.11.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.11.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-42.el7_1.8.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-static-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-42.el7_1.8.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-static-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-42.el7_1.8.src.rpm\n\nppc64:\nopenssl-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-42.ael7b_1.8.src.rpm\n\nppc64le:\nopenssl-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-devel-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-libs-1.0.1e-42.ael7b_1.8.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-static-1.0.1e-42.el7_1.8.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-static-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-static-1.0.1e-42.el7_1.8.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-static-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nopenssl-debuginfo-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-perl-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-static-1.0.1e-42.ael7b_1.8.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-42.el7_1.8.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-static-1.0.1e-42.el7_1.8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8176\nhttps://access.redhat.com/security/cve/CVE-2015-1789\nhttps://access.redhat.com/security/cve/CVE-2015-1790\nhttps://access.redhat.com/security/cve/CVE-2015-1791\nhttps://access.redhat.com/security/cve/CVE-2015-1792\nhttps://access.redhat.com/security/cve/CVE-2015-3216\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150611.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVf0NNXlSAg2UNWIIRArL4AJ9e7lbD/4Nks5midR5o3E4Bs5lQWQCgnrvk\nZyXizCcFL9oAQexObjxp/Mo=\n=PXiY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. 5 client) - i386, x86_64\n\n3. \n(CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the Diffie-Hellman \n(DH) key exchange. (CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL to \nreject DH key sizes below 768 bits, which prevents sessions to be \ndowngraded to export-grade keys. OpenSSL Security Advisory [11 Jun 2015]\n=======================================\n\nDHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA vulnerability in the TLS protocol allows a man-in-the-middle\nattacker to downgrade vulnerable TLS connections using ephemeral\nDiffie-Hellman key exchange to 512-bit export-grade cryptography. This\nvulnerability is known as Logjam (CVE-2015-4000). \n\nOpenSSL has added protection for TLS clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. This limit will be increased\nto 1024 bits in a future release. \n\nMalformed ECParameters causes infinite loop (CVE-2015-1788)\n===========================================================\n\nSeverity: Moderate\n\nWhen processing an ECParameters structure OpenSSL enters an infinite loop if\nthe curve specified is over a specially malformed binary polynomial field. \n\nThis can be used to perform denial of service against any\nsystem which processes public keys, certificate requests or\ncertificates.  This includes TLS clients and TLS servers with\nclient authentication enabled. \n\nThis issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent\n1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s\nOpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The\nfix was developed by Andy Polyakov of the OpenSSL development team. \n\nExploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n===============================================================\n\nSeverity: Moderate\n\nX509_cmp_time does not properly check the length of the ASN1_TIME\nstring and can read a few bytes out of bounds. In addition,\nX509_cmp_time accepts an arbitrary number of fractional seconds in the\ntime string. \n\nAn attacker can use this to craft malformed certificates and CRLs of\nvarious sizes and potentially cause a segmentation fault, resulting in\na DoS on applications that verify certificates or CRLs. TLS clients\nthat verify CRLs are affected. TLS clients and servers with client\nauthentication enabled may be affected if they use custom verification\ncallbacks. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki\n(Google), and independently on 11th April 2015 by Hanno B\u00f6ck. The fix\nwas developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n=========================================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\nwith missing content and trigger a NULL pointer dereference on parsing. \n\nApplications that decrypt PKCS#7 data or otherwise parse PKCS#7\nstructures from untrusted sources are affected. OpenSSL clients and\nservers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 18th April 2015 by  Michal\nZalewski (Google). The fix was developed by Emilia K\u00e4sper of the\nOpenSSL development team. \n\nThis can be used to perform denial of service against any system which\nverifies signedData messages using the CMS code. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The\nfix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. The\nfix was developed by Matt Caswell of the OpenSSL development team. It\nexisted in previous OpenSSL versions and was fixed in June 2014. \n\nIf a DTLS peer receives application data between the ChangeCipherSpec\nand Finished messages, buffering of such data may cause an invalid\nfree, resulting in a segmentation fault or potentially, memory\ncorruption. \n\nThis issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThis issue was originally reported on March 28th 2014 in\nhttps://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen\nKariyanahalli, and subsequently by Ivan Fratric and Felix Groebert\n(Google). A fix was developed by zhu qun-ying. \n\nThe fix for this issue can be identified by commits bcc31166 (1.0.1),\nb79e6e3a (1.0.0) and 4b258e73 (0.9.8). \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150611.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1789"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "db": "BID",
        "id": "75156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1789"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "132508"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1789",
        "trust": 3.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10733",
        "trust": 2.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10694",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "75156",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10122",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1032564",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU91445763",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1789",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137294",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132973",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132260",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132288",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132313",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132508",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169629",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1789"
      },
      {
        "db": "BID",
        "id": "75156"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "132508"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "id": "VAR-201506-0498",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2242063475
  },
  "last_update_date": "2024-07-04T22:03:03.877000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "title": "Fix length checks in X509_cmp_time to avoid out-of-bounds reads.",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11"
      },
      {
        "title": "HPSBUX03388",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2"
      },
      {
        "title": "HPSBMU03612",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "title": "HPSBHF03613",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "title": "HPSBMU03546",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05045763"
      },
      {
        "title": "HPSBMU03611",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/522154/index.html"
      },
      {
        "title": "NV15-010",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-010.html"
      },
      {
        "title": "OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "title": "Tarballs",
        "trust": 0.8,
        "url": "https://www.openssl.org/source/"
      },
      {
        "title": "[11 Jun 2015] DHE man-in-the-middle protection (Logjam)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "title": "April 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "JSA10694",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "title": "TLSA-2015-14",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-14j.html"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1129/1129443_cisco-sa-20150612-openssl-j.html"
      },
      {
        "title": "openssl-1.0.1n",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56612"
      },
      {
        "title": "openssl-1.0.0s",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56611"
      },
      {
        "title": "openssl-0.9.8zg",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56610"
      },
      {
        "title": "openssl-1.0.2b",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56613"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/07/06/hpe_rushes_out_patch_for_more_than_a_year_of_openssl_vulns/"
      },
      {
        "title": "Red Hat: CVE-2015-1789",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1789"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2639-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-550",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-550"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150611\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-07"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150612-openssl"
      },
      {
        "title": "Symantec Security Advisories: SA98 : OpenSSL Security Advisory 11-June-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a7350b0751124b5a44ba8dbd2df71f9f"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-1789 "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/khadas/android_external_honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/yaap/external_honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/crdroid-r/external_honggfuzz "
      },
      {
        "title": "tab_pie_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/credenceid/tab_pie_external_honggfuzz "
      },
      {
        "title": "platform_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/dennissimos/platform_external_honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/swordphoenix/external_honggfuzz "
      },
      {
        "title": "platform_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/aosp-caf-upstream/platform_external_honggfuzz "
      },
      {
        "title": "honggfuzz_READ",
        "trust": 0.1,
        "url": "https://github.com/imbaya2466/honggfuzz_read "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/bananadroid/android_external_honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/forklineageos/external_honggfuzz "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/thexperienceproject/android_external_honggfuzz "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/random-aosp-stuff/android_external_honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/wave-project/external_honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/project-1ce/external_honggfuzz "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/jingpad-bsp/android_external_honggfuzz "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/crdroidandroid/android_external_honggfuzz "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/statixos/android_external_honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/caf-extended/external_honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/ozone-os/external_honggfuzz "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/corvus-r/android_external_honggfuzz "
      },
      {
        "title": "external-honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/tinkerboard2-android/external-honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/tinkeredger-android/external_honggfuzz "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/ep-infosec/50_google_honggfuzz "
      },
      {
        "title": "lllnx",
        "trust": 0.1,
        "url": "https://github.com/lllnx/lllnx "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/tinkerboard2-android/external_honggfuzz "
      },
      {
        "title": "external-honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/tinkerboard-android/external-honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/havocr/external_honggfuzz "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/protonaosp-platina/android_external_honggfuzz "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/protonaosp/android_external_honggfuzz "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/tomoms/android_external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/google/honggfuzz "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1789"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "trust": 2.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1115.html"
      },
      {
        "trust": 2.0,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "trust": 2.0,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/75156"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2639-1"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1197.html"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131044"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=143654156615516\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.7,
        "url": "https://openssl.org/news/secadv/20150611.txt"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733"
      },
      {
        "trust": 1.7,
        "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa98"
      },
      {
        "trust": 1.7,
        "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05353965"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/201506-02"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.7,
        "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160647.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160436.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032564"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2015/dsa-3287"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1789"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2015-1789"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2015:1115"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228603"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2015:1197"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022444"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962775"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965845"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/13"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04739301"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05353965"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/135"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05157667"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022527"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1022724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005313"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005376"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21961837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962520"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963232"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963954"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965415"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21966484"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966723"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022655"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098801"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101012435"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101013879"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-014/"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101012550"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/5438/security-advisory-alienvault-v5-0-4-addresses-31-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962726"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005375"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962039"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020862"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022647"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962686"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961800"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961633"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960633"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963096"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960713"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964033"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964441"
      },
      {
        "trust": 0.3,
        "url": "www-01.ibm.com/support/docview.wss?uid=swg21903425"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960157"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962493"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?rs=0\u0026uid=swg21963438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959518"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961569"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963270"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005314"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005373"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005434"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960045"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966847"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966873"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967384"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968046"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968871"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970020"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970103"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971238"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963603"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966381"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-1790"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2639-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=44733"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/swd/public"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5161"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0800"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1793"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.8"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.15"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.31"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20150611.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4000\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-15:10.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightcontrol"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://rt.openssl.org/ticket/display.html?id=3286"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1789"
      },
      {
        "db": "BID",
        "id": "75156"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "132508"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1789"
      },
      {
        "db": "BID",
        "id": "75156"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "132508"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1789"
      },
      {
        "date": "2015-06-11T00:00:00",
        "db": "BID",
        "id": "75156"
      },
      {
        "date": "2015-06-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "date": "2016-06-02T16:22:00",
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "date": "2015-08-06T10:10:00",
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "date": "2015-06-11T23:39:03",
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "date": "2015-06-12T13:25:28",
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "date": "2015-06-15T23:37:59",
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "date": "2016-06-02T19:12:12",
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "date": "2015-07-01T02:01:05",
        "db": "PACKETSTORM",
        "id": "132508"
      },
      {
        "date": "2015-06-11T12:12:12",
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "date": "2015-06-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      },
      {
        "date": "2015-06-12T19:59:02.507000",
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1789"
      },
      {
        "date": "2017-05-02T01:08:00",
        "db": "BID",
        "id": "75156"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "date": "2023-04-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      },
      {
        "date": "2023-02-13T00:46:47.770000",
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/x509/x509_vfy.c of  X509_cmp_time Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      }
    ],
    "trust": 0.6
  }
}

var-200110-0282
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it.

Update:

There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

               VMware Security Advisory

Advisory ID: VMSA-2007-0001 Synopsis: VMware ESX server security updates Issue date: 2007-01-08 Updated on: 2007-01-08 CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-4980

  1. Summary:

Updated ESX Patches address several security issues.

  1. Relevant releases:

VMware ESX 3.0.1 without patch ESX-9986131 VMware ESX 3.0.0 without patch ESX-3069097

VMware ESX 2.5.4 prior to upgrade patch 3 VMware ESX 2.5.3 prior to upgrade patch 6 VMware ESX 2.1.3 prior to upgrade patch 4 VMware ESX 2.0.2 prior to upgrade patch 4

  1. Problem description:

Problems addressed by these patches:

a. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) assigned the name CVE-2006-3589 to this issue.

b. 

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
CVE-2006-4339, and CVE-2006-4343 to these issues.

c. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.

d. Object reuse problems with newly created virtual disk (.vmdk or .dsk) files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w.

e. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2006-4980 to this issue.
  1. Solution:

Please review the Patch notes for your version of ESX and verify the md5sum.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Contact:

http://www.vmware.com/security

VMware Security Response Policy http://www.vmware.com/vmtn/technology/security/security_response.html

E-mail: security@vmware.com

Copyright 2007 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE neFG0RikD74TCYeXKW6CBy4= =9/6k -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . This can result in an infinite loop which consumes system memory. ASN.1 Denial of Service Attack (2/2)

 Certain types of public key can take disproportionate amounts of
 time to process. This could be used by an attacker in a denial of
 service attack. SSL_get_shared_ciphers() Buffer Overflow

 A buffer overflow was discovered in the SSL_get_shared_ciphers()
 utility function. An attacker could send a list of ciphers to an
 application that uses this function and overrun a buffer. SSLv2 Client Crash

 A flaw in the SSLv2 client code was discovered.

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01118771 Version: 1

HPSBMA02250 SSRT061275 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-08-01 Last Updated: 2007-08-01

Potential Security Impact: Remote execution of arbitrary code and Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified HP System Management Homepage (SMH) for Linux and Windows.

References: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-4339, CVE-2006-4343

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. A more recent version is available: System Management Homepage (SMH) version 2.1.8

HP System Management Homepage for Linux (x86) version 2.1.8-177 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26864.html

HP System Management Homepage for Linux (AMD64/EM64T) version 2.1.8-177 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26866.html

HP System Management Homepage for Windows version 2.1.8-179 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26977.html

PRODUCT SPECIFIC INFORMATION

HISTORY: Version:1 (rev.1) - 1 August 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0282",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2007-0001\nSynopsis:          VMware ESX server security updates\nIssue date:        2007-01-08\nUpdated on:        2007-01-08\nCVE:               CVE-2006-3589 CVE-2006-2937 CVE-2006-2940\n                   CVE-2006-3738 CVE-2006-4339 CVE-2006-4343\n                   CVE-2006-4980\n- -------------------------------------------------------------------\n\n1. Summary:\n\nUpdated ESX Patches address several security issues. \n\n2. Relevant releases:\n\nVMware ESX 3.0.1 without patch ESX-9986131\nVMware ESX 3.0.0 without patch ESX-3069097\n\nVMware ESX 2.5.4 prior to upgrade patch 3\nVMware ESX 2.5.3 prior to upgrade patch 6\nVMware ESX 2.1.3 prior to upgrade patch 4\nVMware ESX 2.0.2 prior to upgrade patch 4\n\n3. Problem description:\n\nProblems addressed by these patches:\n\na. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. The Common Vulnerabilities and Exposures project\n    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue. \n\nb. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,\n    CVE-2006-4339, and CVE-2006-4343 to these issues. \n\nc. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,\n    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues. \n\nd. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. \n\ne. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the name CVE-2006-4980 to this issue. \n\n4. Solution:\n\nPlease review the Patch notes for your version of ESX and verify the md5sum. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. Contact:\n\nhttp://www.vmware.com/security\n\nVMware Security Response Policy\nhttp://www.vmware.com/vmtn/technology/security/security_response.html\n\nE-mail:  security@vmware.com\n\nCopyright 2007 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE\nneFG0RikD74TCYeXKW6CBy4=\n=9/6k\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. This can result in an infinite loop which\n     consumes system memory. ASN.1 Denial of Service Attack (2/2)\n\n     Certain types of public key can take disproportionate amounts of\n     time to process. This could be used by an attacker in a denial of\n     service attack. SSL_get_shared_ciphers() Buffer Overflow\n\n     A buffer overflow was discovered in the SSL_get_shared_ciphers()\n     utility function. An attacker could send a list of ciphers to an\n     application that uses this function and overrun a buffer. SSLv2 Client Crash\n \n     A flaw in the SSLv2 client code was discovered. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01118771\nVersion: 1\n\nHPSBMA02250 SSRT061275 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-08-01\nLast Updated: 2007-08-01\n\n\nPotential Security Impact: Remote execution of arbitrary code and Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified HP System Management Homepage (SMH) for Linux and Windows. \n\nReferences: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-4339, CVE-2006-4343\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \nA more recent version is available: System Management Homepage (SMH) version 2.1.8 \n\nHP System Management Homepage for Linux (x86) version 2.1.8-177 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26864.html \n\nHP System Management Homepage for Linux (AMD64/EM64T) version 2.1.8-177 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26866.html \n\nHP System Management Homepage for Windows version 2.1.8-179 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26977.html \n\nPRODUCT SPECIFIC INFORMATION \n\nHISTORY: \nVersion:1 (rev.1) - 1 August 2007 Initial Release \n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux \nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      }
    ],
    "trust": 4.77
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200110-0282",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-04-28T19:46:42.430000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.5,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.2,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.4,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.4,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2006-10-04T00:47:19",
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  }
}

var-201609-0597
Vulnerability from variot

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. TLS (Transport Layer Security) is a set of protocols used to provide confidentiality and data integrity between two communication applications. SSH (full name Secure Shell) is a set of security protocols based on the application layer and transport layer developed by the Network Working Group of the Internet Engineering Task Force (IETF). IPSec (full name Internet Protocol Security) is a set of IP security protocols established by the IPSec group of the Internet Engineering Task Force (IETF). Both DES and Triple DES are encryption algorithms. There are information leakage vulnerabilities in the DES and Triple DES encryption algorithms used in the TLS, SSH, and IPSec protocols and other protocols and products. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: python security update Advisory ID: RHSA-2018:2123-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2123 Issue date: 2018-07-03 CVE Names: CVE-2016-2183 =====================================================================

  1. Summary:

An update for python is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x

  1. Description:

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)

Note: This update modifies the Python ssl module to disable 3DES cipher suites by default.

Red Hat would like to thank OpenVPN for reporting this issue. Upstream acknowledges Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: python-2.7.5-69.el7_5.src.rpm

x86_64: python-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.i686.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-libs-2.7.5-69.el7_5.i686.rpm python-libs-2.7.5-69.el7_5.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: python-debug-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-devel-2.7.5-69.el7_5.x86_64.rpm python-test-2.7.5-69.el7_5.x86_64.rpm python-tools-2.7.5-69.el7_5.x86_64.rpm tkinter-2.7.5-69.el7_5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: python-2.7.5-69.el7_5.src.rpm

x86_64: python-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.i686.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-devel-2.7.5-69.el7_5.x86_64.rpm python-libs-2.7.5-69.el7_5.i686.rpm python-libs-2.7.5-69.el7_5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: python-debug-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-test-2.7.5-69.el7_5.x86_64.rpm python-tools-2.7.5-69.el7_5.x86_64.rpm tkinter-2.7.5-69.el7_5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: python-2.7.5-69.el7_5.src.rpm

ppc64: python-2.7.5-69.el7_5.ppc64.rpm python-debuginfo-2.7.5-69.el7_5.ppc.rpm python-debuginfo-2.7.5-69.el7_5.ppc64.rpm python-devel-2.7.5-69.el7_5.ppc64.rpm python-libs-2.7.5-69.el7_5.ppc.rpm python-libs-2.7.5-69.el7_5.ppc64.rpm

ppc64le: python-2.7.5-69.el7_5.ppc64le.rpm python-debuginfo-2.7.5-69.el7_5.ppc64le.rpm python-devel-2.7.5-69.el7_5.ppc64le.rpm python-libs-2.7.5-69.el7_5.ppc64le.rpm

s390x: python-2.7.5-69.el7_5.s390x.rpm python-debuginfo-2.7.5-69.el7_5.s390.rpm python-debuginfo-2.7.5-69.el7_5.s390x.rpm python-devel-2.7.5-69.el7_5.s390x.rpm python-libs-2.7.5-69.el7_5.s390.rpm python-libs-2.7.5-69.el7_5.s390x.rpm

x86_64: python-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.i686.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-devel-2.7.5-69.el7_5.x86_64.rpm python-libs-2.7.5-69.el7_5.i686.rpm python-libs-2.7.5-69.el7_5.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source: python-2.7.5-69.el7_5.src.rpm

aarch64: python-2.7.5-69.el7_5.aarch64.rpm python-debuginfo-2.7.5-69.el7_5.aarch64.rpm python-devel-2.7.5-69.el7_5.aarch64.rpm python-libs-2.7.5-69.el7_5.aarch64.rpm

ppc64le: python-2.7.5-69.el7_5.ppc64le.rpm python-debuginfo-2.7.5-69.el7_5.ppc64le.rpm python-devel-2.7.5-69.el7_5.ppc64le.rpm python-libs-2.7.5-69.el7_5.ppc64le.rpm

s390x: python-2.7.5-69.el7_5.s390x.rpm python-debuginfo-2.7.5-69.el7_5.s390.rpm python-debuginfo-2.7.5-69.el7_5.s390x.rpm python-devel-2.7.5-69.el7_5.s390x.rpm python-libs-2.7.5-69.el7_5.s390.rpm python-libs-2.7.5-69.el7_5.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: python-debug-2.7.5-69.el7_5.ppc64.rpm python-debuginfo-2.7.5-69.el7_5.ppc64.rpm python-test-2.7.5-69.el7_5.ppc64.rpm python-tools-2.7.5-69.el7_5.ppc64.rpm tkinter-2.7.5-69.el7_5.ppc64.rpm

ppc64le: python-debug-2.7.5-69.el7_5.ppc64le.rpm python-debuginfo-2.7.5-69.el7_5.ppc64le.rpm python-test-2.7.5-69.el7_5.ppc64le.rpm python-tools-2.7.5-69.el7_5.ppc64le.rpm tkinter-2.7.5-69.el7_5.ppc64le.rpm

s390x: python-debug-2.7.5-69.el7_5.s390x.rpm python-debuginfo-2.7.5-69.el7_5.s390x.rpm python-test-2.7.5-69.el7_5.s390x.rpm python-tools-2.7.5-69.el7_5.s390x.rpm tkinter-2.7.5-69.el7_5.s390x.rpm

x86_64: python-debug-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-test-2.7.5-69.el7_5.x86_64.rpm python-tools-2.7.5-69.el7_5.x86_64.rpm tkinter-2.7.5-69.el7_5.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64: python-debug-2.7.5-69.el7_5.aarch64.rpm python-debuginfo-2.7.5-69.el7_5.aarch64.rpm python-test-2.7.5-69.el7_5.aarch64.rpm python-tools-2.7.5-69.el7_5.aarch64.rpm tkinter-2.7.5-69.el7_5.aarch64.rpm

ppc64le: python-debug-2.7.5-69.el7_5.ppc64le.rpm python-debuginfo-2.7.5-69.el7_5.ppc64le.rpm python-test-2.7.5-69.el7_5.ppc64le.rpm python-tools-2.7.5-69.el7_5.ppc64le.rpm tkinter-2.7.5-69.el7_5.ppc64le.rpm

s390x: python-debug-2.7.5-69.el7_5.s390x.rpm python-debuginfo-2.7.5-69.el7_5.s390x.rpm python-test-2.7.5-69.el7_5.s390x.rpm python-tools-2.7.5-69.el7_5.s390x.rpm tkinter-2.7.5-69.el7_5.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: python-2.7.5-69.el7_5.src.rpm

x86_64: python-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.i686.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-devel-2.7.5-69.el7_5.x86_64.rpm python-libs-2.7.5-69.el7_5.i686.rpm python-libs-2.7.5-69.el7_5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: python-debug-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-test-2.7.5-69.el7_5.x86_64.rpm python-tools-2.7.5-69.el7_5.x86_64.rpm tkinter-2.7.5-69.el7_5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-2183 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBWzuDSdzjgjWX9erEAQgETg/9HevQ3tUvI8plP6DSgN1Es+jArUKVGct5 cIlHbLXCGIcy1D2NAndEznF+6LSWo/Ynd2C5esSdD9R+KvJrmbNJ7s+XN4Uys4ea FyBlHvw56yuSiAcGvUCF+rjg2IaN9QCkH9oGKUNIHpfOdxNnHu3Yk8muNa5H2mXh v2yomcfl6voFIMxvxlVKO7ENkESH/vYYnXFS7S+pnBoEZb4/HTp000ASovjewroq xGBLDUKzTp9nOVWVWECA6La1o+nDi4wOZVDgF7Ks2kaYdAYSa3vkoAI1hN6XtZ3O T3Fv7iF1BqQt+B//tCeT3Fa5SsDulob3K5H2TqnMRlZSr0mst/89RePsbz2wFM+p 1wcklX9gVBI66y5XPfst/sNyLgWMkYgvUsYJTJHeYT0vAN+N54lcwjK1vxKCMFso 2ltd63+E5ql26E1pp//cAqAo7JhWqsaqNV8uY4oKzAHRRfQ9kdz/yq2DfA8aswDL 8nb1rjQ2tIRL/GtWL9ofhKey136qePvF5IwqF+jlO+N7wpG685KZF9zarNZqODxo p93VTJQ6+J0oXktvyJ8RS1XqkFvznocfEThgrhdmsWW4G6bjA2GyAoTWpDy3NUUv 6TxyeUjc6NvKb7t6wgrRuSBKkSRCaln+aBSakq012A50PNssvx7hNzVVl9zBgOv1 6NvSNmqGIdM= =AUgF -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution:

Before applying this update, ensure all previously released errata relevant to your system is applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05369415

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05369415 Version: 1

HPSBGN03690 rev.1 - HPE Real User Monitor (RUM), Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-01-18 Last Updated: 2017-01-18

Potential Security Impact: Remote: Disclosure of Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY A security vulnerability in DES/3DES block ciphers used in the TLS protocol, could potentially impact HPE Real User Monitor (RUM) resulting in remote disclosure of information also known as the SWEET32 attack.

References:

  • CVE-2016-2183 - SWEET32

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • HP Real User Monitor Software Series v9.2x, v9.30

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2016-2183
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has provided the following mitigation information to resolve the vulnerability for impacted versions of HPE Real User Monitor (RUM):

* https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/KM02683527

HISTORY Version:1 (rev.1) - 18 January 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ========================================================================== Ubuntu Security Notice USN-3087-1 September 22, 2016

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. (CVE-2016-6304)

Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)

Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2179)

Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio() function. (CVE-2016-2180)

It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. (CVE-2016-2181)

Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182)

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. This update moves DES from the HIGH cipher list to MEDIUM. (CVE-2016-2183)

Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6302)

Shi Lei discovered that OpenSSL incorrectly handled memory in the MDC2_Update() function. (CVE-2016-6303)

Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.4

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.20

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.37

After a standard system update you need to reboot your computer to make all the necessary changes. This update causes NSS to limit use of the same symmetric key. (CVE-2017-5461)

This update refreshes the NSS package to version 3.28.4 which includes the latest CA certificate bundle. After a standard system update you need to restart any applications that use NSS, such as Evolution and Chromium, to make all the necessary changes. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.16. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2021:0309

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.16-x86_64

The image digest is sha256:3e855ad88f46ad1b7f56c312f078ca6adaba623c5d4b360143f9f82d2f349741

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.16-s390x

The image digest is sha256:2335685cda334ecf9e12c056b148c483fb81412fbfc96c885dc669d775e1f1ee

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.16-ppc64le

The image digest is sha256:953ccacf79467b3e8ebfb8def92013f1574d75e24b3ea9a455aa8931f7f17b88

All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor.

Security Fix(es):

  • SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183)

  • openshift/builder: privilege escalation during container image builds via mounted secrets (CVE-2021-3344)

  • openshift/installer: Bootstrap nodes allow anonymous authentication on kubelet port 10250 (CVE-2021-20198)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:

For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):

1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1873004 - [downstream] Should indicate the version info instead of the commit info 1887759 - [release 4.6] Gather MachineConfigPools 1889676 - [release 4.6] Gather top installplans and their count 1889865 - operator-registry image needs clean up in /tmp 1890274 - [4.6] External IP doesn't work if the IP address is not assigned to a node 1890452 - Adding BYOK disk encryption through DES 1891697 - Handle missing labels as empty. 1891892 - The windows oc.exe binary does not have version metadata 1893409 - [release-4.6] MCDPivotError alert/metric missing 1893738 - Examining agones helm chart resources results in "Oh no!" 1894916 - [4.6] Panic output due to timeouts in openshift-apiserver 1896919 - start creating new-style Secrets for AWS 1898672 - Pod gets stuck in ContainerCreating state with exhausted Whereabouts IPAM range with a daemonset 1899107 - [4.6] ironic-api used by metal3 is over provisioned and consumes a lot of RAM 1899535 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster 1901602 - Extra reboot during 4.5 -> 4.6 upgrade 1901605 - CNO blocks editing Kuryr options 1903649 - Automated cleaning is disabled by default 1903887 - dns daemonset rolls out slowly in large clusters 1904091 - Missing registry v1 protocol usage metric on telemetry 1904577 - [4.6] Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console 1905031 - (release-4.6) Collect spec config for clusteroperator resources 1905195 - [release-4.6] Detecting broken connections to the Kube API takes up to 15 minutes 1905573 - [4.6] Changing the bound token service account issuer invalids previously issued bound tokens 1905788 - Role name missing on create role binding form 1906332 - update discovery burst to reflect lots of CRDs on openshift clusters 1906741 - KeyError: 'nodeName' on NP deletion 1906796 - [SA] verify-image-signature using service account does not work 1907827 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber 1907830 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum" 1909673 - scale up / down buttons available on pod details side panel 1912388 - [OVN]: make check broken on 4.6 1912430 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap 1913109 - oc debug of an init container no longer works 1913645 - Improved Red Hat image and crashlooping OpenShift pod collection 1915560 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing 1916096 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. 1916100 - [oVirt] Consume 23-10 ovirt sdk - csi operator 1916347 - Updating scheduling component builder & base images to be consistent with ART 1916857 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change 1916907 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use 1917240 - [4.6] Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service 1917498 - Regression OLM uses scoped client for CRD installation 1917547 - oc adm catalog mirror does not mirror the index image itself 1917548 - [4.6] Cannot filter the platform/arch of the index image 1917549 - Failed to mirror operator catalog - error: destination registry required 1917550 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option 1917609 - [4.6z] Deleting an exgw causes pods to no longer route to other exgws 1918194 - with sharded ingresscontrollers, all shards reload when any endpoint changes 1918202 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks) 1918525 - OLM enters infinite loop if Pending CSV replaces itself 1918779 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state 1918792 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them 1918961 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere 1920764 - CVE-2021-20198 openshift/installer: Bootstrap nodes allow anonymous authentication on kubelet port 10250 1920873 - Failure to upgrade operator when a Service is included in a Bundle 1920995 - kuryr-cni pods using unreasonable amount of CPU 1921450 - CVE-2021-3344 openshift/builder: privilege escalation during container image builds via mounted secrets 1921473 - test-cmd is failing on volumes.sh pretty consistently 1921599 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set

  1. OpenSSL Security Advisory [22 Sep 2016]

OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

Severity: High

A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.

Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.

OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

SSL_peek() hang on empty record (CVE-2016-6305)

Severity: Moderate

OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.

SWEET32 Mitigation (CVE-2016-2183)

Severity: Low

SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.

OOB write in MDC2_Update() (CVE-2016-6303)

Severity: Low

An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.

The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Malformed SHA512 ticket DoS (CVE-2016-6302)

Severity: Low

If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.

The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB write in BN_bn2dec() (CVE-2016-2182)

Severity: Low

The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB read in TS_OBJ_print_bio() (CVE-2016-2180)

Severity: Low

The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Pointer arithmetic undefined behaviour (CVE-2016-2177)

Severity: Low

Avoid some undefined pointer arithmetic

A common idiom in the codebase is to check limits in the following manner: "p + len > limit"

Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS message).

The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.

For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

Constant time flag not preserved in DSA signing (CVE-2016-2178)

Severity: Low

Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.

DTLS buffered message DoS (CVE-2016-2179)

Severity: Low

In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.

DTLS replay protection DoS (CVE-2016-2181)

Severity: Low

A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.

Certificate message OOB reads (CVE-2016-6306)

Severity: Low

In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.

The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.

OpenSSL 1.1.0 is not affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)

Severity: Low

A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect DTLS users.

OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)

Severity: Low

This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.

A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect TLS users.

OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0597",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.1.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "jboss enterprise web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.0.0"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.7.0-006"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.6.6-068"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "python",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "python",
        "version": "3.5.0"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.0.2"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "python",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "python",
        "version": "2.7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.16"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.2.0"
      },
      {
        "model": "jboss web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "jboss enterprise web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.6.0"
      },
      {
        "model": "python",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "python",
        "version": "2.7.13"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1t"
      },
      {
        "model": "python",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "python",
        "version": "3.4.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.47"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "python",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "python",
        "version": "3.5.3"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.0"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.2.0.4"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "python",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "python",
        "version": "3.4.7"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2183"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.4.7",
                "versionStartIncluding": "3.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.3",
                "versionStartIncluding": "3.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.7.13",
                "versionStartIncluding": "2.7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:content_security_management_appliance:9.7.0-006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:content_security_management_appliance:9.6.6-068:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.7.0",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.1.2",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.6.0",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.12.16",
                "versionStartIncluding": "0.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.10.47",
                "versionStartIncluding": "0.10.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2183"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148410"
      },
      {
        "db": "PACKETSTORM",
        "id": "159431"
      },
      {
        "db": "PACKETSTORM",
        "id": "156451"
      },
      {
        "db": "PACKETSTORM",
        "id": "161320"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2016-2183",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-91002",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2183",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-91002",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91002"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2183"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack. TLS (Transport Layer Security) is a set of protocols used to provide confidentiality and data integrity between two communication applications. SSH (full name Secure Shell) is a set of security protocols based on the application layer and transport layer developed by the Network Working Group of the Internet Engineering Task Force (IETF). IPSec (full name Internet Protocol Security) is a set of IP security protocols established by the IPSec group of the Internet Engineering Task Force (IETF). Both DES and Triple DES are encryption algorithms. There are information leakage vulnerabilities in the DES and Triple DES encryption algorithms used in the TLS, SSH, and IPSec protocols and other protocols and products. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: python security update\nAdvisory ID:       RHSA-2018:2123-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2018:2123\nIssue date:        2018-07-03\nCVE Names:         CVE-2016-2183 \n=====================================================================\n\n1. Summary:\n\nAn update for python is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage, which includes modules, classes, exceptions, very high level\ndynamic data types and dynamic typing. Python supports interfaces to many\nsystem calls and libraries, as well as to various windowing systems. \n\nSecurity Fix(es):\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the\nTLS/SSL protocol. A man-in-the-middle attacker could use this flaw to\nrecover some plaintext data by capturing large amounts of encrypted traffic\nbetween TLS/SSL server and client if the communication used a DES/3DES\nbased ciphersuite. (CVE-2016-2183)\n\nNote: This update modifies the Python ssl module to disable 3DES cipher\nsuites by default. \n\nRed Hat would like to thank OpenVPN for reporting this issue. Upstream\nacknowledges Karthikeyan Bhargavan (Inria) and GaA\u003c\u003ctan Leurent (Inria) as\nthe original reporters. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\npython-2.7.5-69.el7_5.src.rpm\n\nx86_64:\npython-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.i686.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-libs-2.7.5-69.el7_5.i686.rpm\npython-libs-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\npython-debug-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-devel-2.7.5-69.el7_5.x86_64.rpm\npython-test-2.7.5-69.el7_5.x86_64.rpm\npython-tools-2.7.5-69.el7_5.x86_64.rpm\ntkinter-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\npython-2.7.5-69.el7_5.src.rpm\n\nx86_64:\npython-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.i686.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-devel-2.7.5-69.el7_5.x86_64.rpm\npython-libs-2.7.5-69.el7_5.i686.rpm\npython-libs-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\npython-debug-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-test-2.7.5-69.el7_5.x86_64.rpm\npython-tools-2.7.5-69.el7_5.x86_64.rpm\ntkinter-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\npython-2.7.5-69.el7_5.src.rpm\n\nppc64:\npython-2.7.5-69.el7_5.ppc64.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64.rpm\npython-devel-2.7.5-69.el7_5.ppc64.rpm\npython-libs-2.7.5-69.el7_5.ppc.rpm\npython-libs-2.7.5-69.el7_5.ppc64.rpm\n\nppc64le:\npython-2.7.5-69.el7_5.ppc64le.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64le.rpm\npython-devel-2.7.5-69.el7_5.ppc64le.rpm\npython-libs-2.7.5-69.el7_5.ppc64le.rpm\n\ns390x:\npython-2.7.5-69.el7_5.s390x.rpm\npython-debuginfo-2.7.5-69.el7_5.s390.rpm\npython-debuginfo-2.7.5-69.el7_5.s390x.rpm\npython-devel-2.7.5-69.el7_5.s390x.rpm\npython-libs-2.7.5-69.el7_5.s390.rpm\npython-libs-2.7.5-69.el7_5.s390x.rpm\n\nx86_64:\npython-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.i686.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-devel-2.7.5-69.el7_5.x86_64.rpm\npython-libs-2.7.5-69.el7_5.i686.rpm\npython-libs-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\npython-2.7.5-69.el7_5.src.rpm\n\naarch64:\npython-2.7.5-69.el7_5.aarch64.rpm\npython-debuginfo-2.7.5-69.el7_5.aarch64.rpm\npython-devel-2.7.5-69.el7_5.aarch64.rpm\npython-libs-2.7.5-69.el7_5.aarch64.rpm\n\nppc64le:\npython-2.7.5-69.el7_5.ppc64le.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64le.rpm\npython-devel-2.7.5-69.el7_5.ppc64le.rpm\npython-libs-2.7.5-69.el7_5.ppc64le.rpm\n\ns390x:\npython-2.7.5-69.el7_5.s390x.rpm\npython-debuginfo-2.7.5-69.el7_5.s390.rpm\npython-debuginfo-2.7.5-69.el7_5.s390x.rpm\npython-devel-2.7.5-69.el7_5.s390x.rpm\npython-libs-2.7.5-69.el7_5.s390.rpm\npython-libs-2.7.5-69.el7_5.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\npython-debug-2.7.5-69.el7_5.ppc64.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64.rpm\npython-test-2.7.5-69.el7_5.ppc64.rpm\npython-tools-2.7.5-69.el7_5.ppc64.rpm\ntkinter-2.7.5-69.el7_5.ppc64.rpm\n\nppc64le:\npython-debug-2.7.5-69.el7_5.ppc64le.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64le.rpm\npython-test-2.7.5-69.el7_5.ppc64le.rpm\npython-tools-2.7.5-69.el7_5.ppc64le.rpm\ntkinter-2.7.5-69.el7_5.ppc64le.rpm\n\ns390x:\npython-debug-2.7.5-69.el7_5.s390x.rpm\npython-debuginfo-2.7.5-69.el7_5.s390x.rpm\npython-test-2.7.5-69.el7_5.s390x.rpm\npython-tools-2.7.5-69.el7_5.s390x.rpm\ntkinter-2.7.5-69.el7_5.s390x.rpm\n\nx86_64:\npython-debug-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-test-2.7.5-69.el7_5.x86_64.rpm\npython-tools-2.7.5-69.el7_5.x86_64.rpm\ntkinter-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\npython-debug-2.7.5-69.el7_5.aarch64.rpm\npython-debuginfo-2.7.5-69.el7_5.aarch64.rpm\npython-test-2.7.5-69.el7_5.aarch64.rpm\npython-tools-2.7.5-69.el7_5.aarch64.rpm\ntkinter-2.7.5-69.el7_5.aarch64.rpm\n\nppc64le:\npython-debug-2.7.5-69.el7_5.ppc64le.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64le.rpm\npython-test-2.7.5-69.el7_5.ppc64le.rpm\npython-tools-2.7.5-69.el7_5.ppc64le.rpm\ntkinter-2.7.5-69.el7_5.ppc64le.rpm\n\ns390x:\npython-debug-2.7.5-69.el7_5.s390x.rpm\npython-debuginfo-2.7.5-69.el7_5.s390x.rpm\npython-test-2.7.5-69.el7_5.s390x.rpm\npython-tools-2.7.5-69.el7_5.s390x.rpm\ntkinter-2.7.5-69.el7_5.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\npython-2.7.5-69.el7_5.src.rpm\n\nx86_64:\npython-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.i686.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-devel-2.7.5-69.el7_5.x86_64.rpm\npython-libs-2.7.5-69.el7_5.i686.rpm\npython-libs-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\npython-debug-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-test-2.7.5-69.el7_5.x86_64.rpm\npython-tools-2.7.5-69.el7_5.x86_64.rpm\ntkinter-2.7.5-69.el7_5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2183\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBWzuDSdzjgjWX9erEAQgETg/9HevQ3tUvI8plP6DSgN1Es+jArUKVGct5\ncIlHbLXCGIcy1D2NAndEznF+6LSWo/Ynd2C5esSdD9R+KvJrmbNJ7s+XN4Uys4ea\nFyBlHvw56yuSiAcGvUCF+rjg2IaN9QCkH9oGKUNIHpfOdxNnHu3Yk8muNa5H2mXh\nv2yomcfl6voFIMxvxlVKO7ENkESH/vYYnXFS7S+pnBoEZb4/HTp000ASovjewroq\nxGBLDUKzTp9nOVWVWECA6La1o+nDi4wOZVDgF7Ks2kaYdAYSa3vkoAI1hN6XtZ3O\nT3Fv7iF1BqQt+B//tCeT3Fa5SsDulob3K5H2TqnMRlZSr0mst/89RePsbz2wFM+p\n1wcklX9gVBI66y5XPfst/sNyLgWMkYgvUsYJTJHeYT0vAN+N54lcwjK1vxKCMFso\n2ltd63+E5ql26E1pp//cAqAo7JhWqsaqNV8uY4oKzAHRRfQ9kdz/yq2DfA8aswDL\n8nb1rjQ2tIRL/GtWL9ofhKey136qePvF5IwqF+jlO+N7wpG685KZF9zarNZqODxo\np93VTJQ6+J0oXktvyJ8RS1XqkFvznocfEThgrhdmsWW4G6bjA2GyAoTWpDy3NUUv\n6TxyeUjc6NvKb7t6wgrRuSBKkSRCaln+aBSakq012A50PNssvx7hNzVVl9zBgOv1\n6NvSNmqGIdM=\n=AUgF\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system is applied. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05369415\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05369415\nVersion: 1\n\nHPSBGN03690 rev.1 - HPE Real User Monitor (RUM), Remote Disclosure of\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-01-18\nLast Updated: 2017-01-18\n\nPotential Security Impact: Remote: Disclosure of Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA security vulnerability in DES/3DES block ciphers used in the TLS protocol,\ncould potentially impact HPE Real User Monitor (RUM) resulting in remote\ndisclosure of information also known as the SWEET32 attack. \n\nReferences:\n\n  - CVE-2016-2183 - SWEET32\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - HP Real User Monitor Software Series v9.2x, v9.30\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2016-2183\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n      5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following mitigation information to resolve the\nvulnerability for impacted versions of HPE Real User Monitor (RUM):  \n\n  *\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02683527\u003e\n\nHISTORY\nVersion:1 (rev.1) - 18 January 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. ==========================================================================\nUbuntu Security Notice USN-3087-1\nSeptember 22, 2016\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nShi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request\nextension. (CVE-2016-6304)\n\nGuido Vranken discovered that OpenSSL used undefined behaviour when\nperforming pointer arithmetic. This\nissue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n\nQuan Luo discovered that OpenSSL did not properly restrict the lifetime\nof queue entries in the DTLS implementation. (CVE-2016-2179)\n\nShi Lei discovered that OpenSSL incorrectly handled memory in the\nTS_OBJ_print_bio() function. (CVE-2016-2180)\n\nIt was discovered that the OpenSSL incorrectly handled the DTLS anti-replay\nfeature. (CVE-2016-2181)\n\nShi Lei discovered that OpenSSL incorrectly validated division results. \n(CVE-2016-2182)\n\nKarthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\nciphers were vulnerable to birthday attacks. This update moves DES from the HIGH cipher list to MEDIUM. \n(CVE-2016-2183)\n\nShi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. \n(CVE-2016-6302)\n\nShi Lei discovered that OpenSSL incorrectly handled memory in the\nMDC2_Update() function. (CVE-2016-6303)\n\nShi Lei discovered that OpenSSL incorrectly performed certain message\nlength checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.4\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.20\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.37\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. This update causes NSS to limit use of the same symmetric key. (CVE-2017-5461)\n\nThis update refreshes the NSS package to version 3.28.4 which includes\nthe latest CA certificate bundle. After a standard system update you need to restart any applications\nthat use NSS, such as Evolution and Chromium, to make all the necessary\nchanges. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.6.16. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHBA-2021:0309\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.16-x86_64\n\nThe image digest is\nsha256:3e855ad88f46ad1b7f56c312f078ca6adaba623c5d4b360143f9f82d2f349741\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.16-s390x\n\nThe image digest is\nsha256:2335685cda334ecf9e12c056b148c483fb81412fbfc96c885dc669d775e1f1ee\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.16-ppc64le\n\nThe image digest is\nsha256:953ccacf79467b3e8ebfb8def92013f1574d75e24b3ea9a455aa8931f7f17b88\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. \n\nSecurity Fix(es):\n\n* SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n(CVE-2016-2183)\n\n* openshift/builder: privilege escalation during container image builds via\nmounted secrets (CVE-2021-3344)\n\n* openshift/installer: Bootstrap nodes allow anonymous authentication on\nkubelet port 10250 (CVE-2021-20198)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1873004 - [downstream] Should indicate the version info instead of the commit info\n1887759 - [release 4.6] Gather MachineConfigPools\n1889676 - [release 4.6] Gather top installplans and their count\n1889865 - operator-registry image needs clean up in /tmp\n1890274 - [4.6] External IP doesn\u0027t work if the IP address is not assigned to a node\n1890452 - Adding BYOK disk encryption through DES\n1891697 - Handle missing labels as empty. \n1891892 - The windows oc.exe binary does not have version metadata\n1893409 - [release-4.6] MCDPivotError alert/metric missing\n1893738 - Examining agones helm chart resources results in \"Oh no!\"\n1894916 - [4.6] Panic output due to timeouts in openshift-apiserver\n1896919 - start creating new-style Secrets for AWS\n1898672 - Pod gets stuck in ContainerCreating state with exhausted Whereabouts IPAM range with a daemonset\n1899107 - [4.6] ironic-api used by metal3 is over provisioned and consumes a lot of RAM\n1899535 - ds/machine-config-daemon takes 100+ minutes to rollout on  250 node cluster\n1901602 - Extra reboot during 4.5 -\u003e 4.6 upgrade\n1901605 - CNO blocks editing Kuryr options\n1903649 - Automated cleaning is disabled by default\n1903887 - dns daemonset rolls out slowly in large clusters\n1904091 - Missing registry v1 protocol usage metric on telemetry\n1904577 - [4.6] Local storage operator doesn\u0027t include correctly populate LocalVolumeDiscoveryResult in console\n1905031 - (release-4.6) Collect spec config for clusteroperator resources\n1905195 - [release-4.6] Detecting broken connections to the Kube API takes up to 15 minutes\n1905573 - [4.6] Changing the bound token service account issuer invalids previously issued bound tokens\n1905788 - Role name missing on create role binding form\n1906332 - update discovery burst to reflect lots of CRDs on openshift clusters\n1906741 - KeyError: \u0027nodeName\u0027 on NP deletion\n1906796 - [SA] verify-image-signature using service account does not work\n1907827 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber\n1907830 - \"Evaluating rule failed\" for \"record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum\" and \"record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum\"\n1909673 - scale up / down buttons available on pod details side panel\n1912388 - [OVN]: `make check` broken on 4.6\n1912430 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap\n1913109 - oc debug of an init container no longer works\n1913645 - Improved Red Hat image and crashlooping OpenShift pod collection\n1915560 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing\n1916096 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. \n1916100 - [oVirt] Consume 23-10 ovirt sdk - csi operator\n1916347 - Updating scheduling component builder \u0026 base images to be consistent with ART\n1916857 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change\n1916907 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use\n1917240 - [4.6] Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service\n1917498 - Regression OLM uses scoped client for CRD installation\n1917547 - oc adm catalog mirror does not mirror the index image itself\n1917548 - [4.6] Cannot filter the platform/arch of the index image\n1917549 - Failed to mirror operator catalog - error: destination registry required\n1917550 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option\n1917609 - [4.6z] Deleting an exgw causes pods to no longer route to other exgws\n1918194 - with sharded ingresscontrollers, all shards reload when any endpoint changes\n1918202 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)\n1918525 - OLM enters infinite loop if Pending CSV replaces itself\n1918779 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state\n1918792 - [BUG] Thanos having possible memory leak consuming huge amounts of node\u0027s memory and killing them\n1918961 - [IPI on vsphere] Executing \u0027openshift-installer destroy cluster\u0027 leaves installer tag categories in vsphere\n1920764 - CVE-2021-20198 openshift/installer: Bootstrap nodes allow anonymous authentication on kubelet port 10250\n1920873 - Failure to upgrade operator when a Service is included in a Bundle\n1920995 - kuryr-cni pods using unreasonable amount of CPU\n1921450 - CVE-2021-3344 openshift/builder: privilege escalation during container image builds via mounted secrets\n1921473 - test-cmd is failing on volumes.sh pretty consistently\n1921599 - OCP 4.5 to 4.6 upgrade for \"aws-ebs-csi-driver-operator\" fails when \"defaultNodeSelector\" is set\n\n5. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2.  OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2183"
      },
      {
        "db": "VULHUB",
        "id": "VHN-91002"
      },
      {
        "db": "PACKETSTORM",
        "id": "148410"
      },
      {
        "db": "PACKETSTORM",
        "id": "159431"
      },
      {
        "db": "PACKETSTORM",
        "id": "156451"
      },
      {
        "db": "PACKETSTORM",
        "id": "140708"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "142340"
      },
      {
        "db": "PACKETSTORM",
        "id": "161320"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      }
    ],
    "trust": 1.71
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-91002",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91002"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2183",
        "trust": 1.9
      },
      {
        "db": "PACKETSTORM",
        "id": "142756",
        "trust": 1.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSMA-18-058-02",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1036696",
        "trust": 1.1
      },
      {
        "db": "PULSESECURE",
        "id": "SA40312",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "92630",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "95568",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2017-09",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-21",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-20",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-16",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10197",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10310",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10186",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10215",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10171",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "42091",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161320",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "148410",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "140708",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "142340",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "156451",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "159431",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "141352",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143970",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150303",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140718",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143244",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141100",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140473",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141111",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141354",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "144865",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143549",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141555",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140725",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "144869",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145017",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140084",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "147581",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "152978",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140977",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154650",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145018",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141353",
        "trust": 0.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-448",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-91002",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138820",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169633",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91002"
      },
      {
        "db": "PACKETSTORM",
        "id": "148410"
      },
      {
        "db": "PACKETSTORM",
        "id": "159431"
      },
      {
        "db": "PACKETSTORM",
        "id": "156451"
      },
      {
        "db": "PACKETSTORM",
        "id": "140708"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "142340"
      },
      {
        "db": "PACKETSTORM",
        "id": "161320"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2183"
      }
    ]
  },
  "id": "VAR-201609-0597",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91002"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T20:50:53.381000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91002"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2183"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "https://access.redhat.com/security/cve/cve-2016-2183"
      },
      {
        "trust": 1.4,
        "url": "https://access.redhat.com/articles/2548661"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2018:2123"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2020:0451"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-3087-1"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-3270-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036696"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2017/may/105"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2017/jul/31"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://seclists.org/bugtraq/2018/nov/21"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/42091/"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/92630"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/95568"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2016/dsa-3673"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/201612-16"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/201701-65"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/201707-01"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2017-0336.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2017-0337.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2017-0338.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2017-0462.html"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2017:1216"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2017:2708"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2017:2709"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2017:2710"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2017:3113"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2017:3114"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2017:3239"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2017:3240"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:1245"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2859"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-3087-2"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-3179-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-3194-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-3198-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-3372-1"
      },
      {
        "trust": 1.1,
        "url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/142756/ibm-informix-dynamic-server-dll-injection-code-execution.html"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021697"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.splunk.com/view/sp-caaapsv"
      },
      {
        "trust": 1.1,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "trust": 1.1,
        "url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa133"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05309984"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05323116"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05349499"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05356388"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05369403"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05369415"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05385680"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390849"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-058-02"
      },
      {
        "trust": 1.1,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "trust": 1.1,
        "url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
      },
      {
        "trust": 1.1,
        "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
      },
      {
        "trust": 1.1,
        "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/km03158613"
      },
      {
        "trust": 1.1,
        "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/km03286178"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/csp/article/k13167034"
      },
      {
        "trust": 1.1,
        "url": "https://sweet32.info/"
      },
      {
        "trust": 1.1,
        "url": "https://wiki.opendaylight.org/view/security_advisories"
      },
      {
        "trust": 1.1,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
      },
      {
        "trust": 1.1,
        "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
      },
      {
        "trust": 1.1,
        "url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
      },
      {
        "trust": 1.1,
        "url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.sigsac.org/ccs/ccs2016/accepted-papers/"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-20"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-21"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2017-09"
      },
      {
        "trust": 1.1,
        "url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
      },
      {
        "trust": 1.0,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05302448"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05369403"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05369415"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05385680"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05390722"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05390849"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03765en_us"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03725en_us"
      },
      {
        "trust": 1.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10171"
      },
      {
        "trust": 1.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10186"
      },
      {
        "trust": 1.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10197"
      },
      {
        "trust": 1.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215"
      },
      {
        "trust": 1.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10310"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10759"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05302448"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05369403"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05369415"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05385680"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05390722"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05390849"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbgn03765en_us"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbux03725en_us"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10171"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10186"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10197"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10215"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10310"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3842"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.5/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13734"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13734"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258."
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r"
      },
      {
        "trust": 0.1,
        "url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05369415"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.17.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.14.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5461"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8011"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3344"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhba-2021:0309"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8011"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14382"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20198"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20198"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3344"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14382"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://sweet32.info)"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91002"
      },
      {
        "db": "PACKETSTORM",
        "id": "148410"
      },
      {
        "db": "PACKETSTORM",
        "id": "159431"
      },
      {
        "db": "PACKETSTORM",
        "id": "156451"
      },
      {
        "db": "PACKETSTORM",
        "id": "140708"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "142340"
      },
      {
        "db": "PACKETSTORM",
        "id": "161320"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2183"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-91002"
      },
      {
        "db": "PACKETSTORM",
        "id": "148410"
      },
      {
        "db": "PACKETSTORM",
        "id": "159431"
      },
      {
        "db": "PACKETSTORM",
        "id": "156451"
      },
      {
        "db": "PACKETSTORM",
        "id": "140708"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "142340"
      },
      {
        "db": "PACKETSTORM",
        "id": "161320"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2183"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-91002"
      },
      {
        "date": "2018-07-03T14:44:44",
        "db": "PACKETSTORM",
        "id": "148410"
      },
      {
        "date": "2020-10-01T14:47:21",
        "db": "PACKETSTORM",
        "id": "159431"
      },
      {
        "date": "2020-02-20T21:09:43",
        "db": "PACKETSTORM",
        "id": "156451"
      },
      {
        "date": "2017-01-24T19:13:55",
        "db": "PACKETSTORM",
        "id": "140708"
      },
      {
        "date": "2016-09-22T22:25:00",
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "date": "2017-04-27T23:47:18",
        "db": "PACKETSTORM",
        "id": "142340"
      },
      {
        "date": "2021-02-08T16:28:20",
        "db": "PACKETSTORM",
        "id": "161320"
      },
      {
        "date": "2016-09-22T12:12:12",
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "date": "2016-09-01T00:59:00.137000",
        "db": "NVD",
        "id": "CVE-2016-2183"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-91002"
      },
      {
        "date": "2023-02-12T23:17:38.140000",
        "db": "NVD",
        "id": "CVE-2016-2183"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "140708"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "142340"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat Security Advisory 2018-2123-01",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148410"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "arbitrary",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "142340"
      }
    ],
    "trust": 0.1
  }
}

var-201408-0090
Vulnerability from variot

The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. OpenSSL is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. The following versions are vulnerable: OpenSSL 0.9.8 versions prior to 0.9.8zb. OpenSSL 1.0.0 versions prior to 1.0.0n. OpenSSL 1.0.1 versions prior to 1.0.1i. The HP Matrix Operating Environment v7.2.3 Update kit applicable to HP Matrix Operating Environment 7.2.x installations is available at the following location:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPID

NOTE: Please read the readme.txt file before proceeding with the installation.

References:

CVE-2014-3505 - Remote Denial of Service (DoS) CVE-2014-3506 - Remote Denial of Service (DoS) CVE-2014-3507 - Remote Denial of Service (DoS) CVE-2014-3508 - Remote Disclosure of Information CVE-2014-3510 - Remote Denial of Service (DoS)

SSRT101686

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 6.3 openssl security update Advisory ID: RHSA-2014:1297-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1297.html Issue date: 2014-09-24 CVE Names: CVE-2014-3505 CVE-2014-3506 CVE-2014-3508 CVE-2014-3510 =====================================================================

  1. Summary:

An update for the OpenSSL packages for Red Hat JBoss Enterprise Application Platform 6.3 that fixes multiple security issues is now available from the Red Hat Customer Portal.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Description:

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.

It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3505, CVE-2014-3506)

A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. (CVE-2014-3510)

All users of Red Hat JBoss Enterprise Application Platform 6.3.0 as provided from the Red Hat Customer Portal are advised to apply this update. The JBoss server process must be restarted for the update to take effect. Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc. ============================================================================ Ubuntu Security Notice USN-2308-1 August 07, 2014

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3505)

Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS handshake messages. A remote attacker could use this issue to cause OpenSSL to consume memory, resulting in a denial of service. (CVE-2014-3506)

Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS fragments. A remote attacker could use this issue to cause OpenSSL to leak memory, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3507)

Ivan Fratric discovered that OpenSSL incorrectly leaked information in the pretty printing functions. (CVE-2014-3508)

Gabor Tyukasz discovered that OpenSSL contained a race condition when processing serverhello messages. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3509)

Felix Gr=C3=B6bert discovered that OpenSSL incorrectly handled certain DTLS handshake messages. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. (CVE-2014-3510)

David Benjamin and Adam Langley discovered that OpenSSL incorrectly handled fragmented ClientHello messages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be used to force a protocol downgrade to TLS 1.0. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3511)

Sean Devlin and Watson Ladd discovered that OpenSSL incorrectly handled certain SRP parameters. A remote attacker could use this with applications that use SRP to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3512)

Joonas Kuorilehto and Riku Hietam=C3=A4ki discovered that OpenSSL incorrectly handled certain Server Hello messages that specify an SRP ciphersuite. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.5

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.17

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.20

After a standard system update you need to reboot your computer to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2308-1 CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17 https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04424322

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04424322 Version: 1

HPSBGN03099 rev.1 - HP IceWall SSO Dfw, SSO Agent and MCRP running OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-09-01 Last Updated: 2014-09-01

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP IceWall SSO Dfw, SSO Agent and MCRP running OpenSSL.

HP IceWall SSO Agent Option v8.0, v8.0 2007 Update Release 2, and v10.0 HP IceWall MCRP v2.1, v3.0 HP IceWall SSO Dfw v8.0, v8.0 R1, v8.0 R2, v8.0 R3, and v10.0

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP recommends the following software update options to resolve this vulnerability for HP IceWall SSO Dfw, SSO Agent and MCRP.

  1. HP IceWall SSO Agent and MCRP

    • OpenSSL patches are available for RHEL: https://access.redhat.com/security/cve/CVE-2014-3508

    • OpenSSL patches are available for HP-UX.

    Please refer to HP Security Bulletin HPSBUX03095: https://h20564.www2.h p.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04404655

  2. HP IceWall SSO Dfw

    Updated OpenSSL is available for the HP IceWall SSO Dfw Bundle: http://www.hp.com/jp/icewall/_patchaccess

HP recommends the following mitigation information to protect against potential risk for the following HP IceWall products.

HP IceWall SSO Dfw and MCRP

If possible, do not use SHOST setting which allows IceWall SSO Dfw or

MCRP to use SSL/TLS for back-end web server connection.

HP IceWall SSO Dfw

If possible, do not use SHOST and set CC_DECODE_FLG to 0 which will

disable certificate decode by HP IceWall SSO Dfw .

Note: The HP IceWall product is only available in Japan.

HISTORY Version:1 (rev.1) - 2 September 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux)

iEYEARECAAYFAlQGEj8ACgkQ4B86/C0qfVne6gCg99hMorczaPKAZbOnaQb7D4Gr /hMAoLzofSZ3Qg4e+kXrFqUAnpOjkOUK =kaPy -----END PGP SIGNATURE----- .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz 3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: 3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz 075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz 92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: df5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz 582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz b80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz 0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz

Slackware 14.0 packages: d1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz ec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz 25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz 4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: f2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz 4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz

Slackware -current packages: 49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz 27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz

Slackware x86_64 -current packages: 8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz fd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0090",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8u"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8t"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8y"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8za"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8w"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "8.4-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "10.0-beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "-release-p2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "8.4-release-p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.8"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.016"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "one-x client enablement services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.7"
      },
      {
        "model": "8.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "9.2-release-p11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "vios fp-25 sp-02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "9.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.3-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7530061.121.225.06100"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.2"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "7.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.4-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "7.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "idatplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.2"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "jboss web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2407863"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "idatplex dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79180"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x35007383"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "release-p4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "78450"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "72250"
      },
      {
        "model": "10.0-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "9.1-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.8"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2207906"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.14"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "hp-ux b.11.23 (11i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v2)"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "-release/alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "8.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.1"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.00"
      },
      {
        "model": "9.2-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "model": "linerate",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3.2"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.4"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5"
      },
      {
        "model": "2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "78350"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "9.1--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "idatplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "6.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "9.3-beta3-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "72200"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "57350"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7556061.121.225.06100"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch 7.2.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "9.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "-stablepre2001-07-20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.0"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5855072.060.134.32804"
      },
      {
        "model": "8.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "6.3-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.0"
      },
      {
        "model": "9.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x33007382"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "7.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.2"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "7.0-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "9.0-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.3"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "78300"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x638370"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "9.1-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "7.1-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.13"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.4"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "model": "7.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75300"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "9.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7955"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "nextscale nx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54550"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.08"
      },
      {
        "model": "7.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.015"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.2x"
      },
      {
        "model": "7.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.0-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "8.4-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2408738"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5875072.060.134.32804"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.01"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75450"
      },
      {
        "model": "8.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0.x"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.3-rc",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "9.3-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "8.4-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.0-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.7"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9301072.180.134.32804"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "-pre-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager utility services sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.16.1.0.9.8"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079150"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75560"
      },
      {
        "model": "8.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "enterprise linux load balancer eus 6.5.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "9.2-rc2-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "58750"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.6"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.2-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x35507914"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.1"
      },
      {
        "model": "8.3-release-p15",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.9"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "9.1-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "9.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.3"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.5"
      },
      {
        "model": "7.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.2-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4.0.15"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.3x"
      },
      {
        "model": "9.3-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "8.3-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "-stablepre2002-03-07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.00"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087330"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.2"
      },
      {
        "model": "8.3-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.6.1"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.3"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "7.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.3"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "8.3-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.2-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system fc5022 16gb san scalable switch 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "7.3-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "6.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand workflow automation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "oncommand unified manager core package 5.2.1p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "89000"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "8.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "7.4-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "8.3-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2202585"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "10.0-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.1-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5.6.4"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "9.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75250"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "open systems snapvault 3.0.1p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7525061.121.225.06100"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-release-p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "9.3-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7835072.010.134.32804"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.5.0.15"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "8-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.4"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6.9"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2227916"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "-release-p6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "8.4-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "qradar risk manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "8.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "8.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "7.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.4"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "8.4-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2-"
      },
      {
        "model": "9.1-release-p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "10.0-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "icewall sso dfw r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "7.3-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.4x"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0.x"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "7.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.9"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.3"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0"
      },
      {
        "model": "10.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "hp-ux b.11.11 (11i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v1)"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.3"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.4"
      },
      {
        "model": "6.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x8804259"
      },
      {
        "model": "10.0-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.1-release-p15",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-493"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5.4.4"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "7.0-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1.5.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x37508752"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "8700072.161.134.32804"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.3"
      },
      {
        "model": "8.2-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "8.5"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.4"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.3-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "8.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "6.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "9.2-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5x"
      },
      {
        "model": "8.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "-release-p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release-p32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.3"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x36307158"
      },
      {
        "model": "7.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "workcentre",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5745061.132.224.35203"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3.2"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7830072.010.134.32804"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "93020"
      },
      {
        "model": "10.0-release-p8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "puredata system for operational analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "8.1-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "bladecenter advanced management module 3.66g",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "8.4-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "58550"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "8900072.161.134.32804"
      },
      {
        "model": "linerate",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.4.1"
      },
      {
        "model": "9.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "qradar vulnerability manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.1x"
      },
      {
        "model": "9.3-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2408737"
      },
      {
        "model": "9.0--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "9.2-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.2"
      },
      {
        "model": "7.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9302072.180.134.32804"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0.x"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.01"
      },
      {
        "model": "9.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.5"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "3655072.060.134.32804"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "8.4-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "release -p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2-"
      },
      {
        "model": "8.1-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "57550"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "9.3-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tivoli netcool system service monitor fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2x"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "7.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "9.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.1"
      },
      {
        "model": "8-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "7.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.2"
      },
      {
        "model": "8.2-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x32502583"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "9.2-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "-release-p38",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.15"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "93030"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.4"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "workcentre",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5755061.132.224.35203"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.2"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1.4"
      },
      {
        "model": "8.4-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7225072.030.134.32804"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x31002582"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "6.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1.5"
      },
      {
        "model": "9.2-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.4"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "58450"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "10.0-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.6"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5845072.060.134.32804"
      },
      {
        "model": "8.4-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1x"
      },
      {
        "model": "9.3-release-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "8.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "8.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.0"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "tssc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.16"
      },
      {
        "model": "workcentre",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5740061.132.224.35203"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "57450"
      },
      {
        "model": "8.1-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.5"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.7.1"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "87000"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "9.1-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310054570"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "icewall sso agent option update rele",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.02007"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x35307160"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "9.2-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6.1"
      },
      {
        "model": "7.2-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.5"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "9.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.02"
      },
      {
        "model": "7.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "flashsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8400"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "36550"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "release p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.3--"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "icewall sso dfw r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7535061.121.225.06100"
      },
      {
        "model": "release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "9.1-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.1-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release-p10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087180"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "66550"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.14"
      },
      {
        "model": "9.3-beta1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.6"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5.6.2"
      },
      {
        "model": "cms r17ac.g",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "78550"
      },
      {
        "model": "idatplex dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79190"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x638370"
      },
      {
        "model": "10.0-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "57400"
      },
      {
        "model": "websphere mq advanced message security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-8.0.0.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "10.0-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "hp-ux b.11.31 (11i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v3)"
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2408956"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8731"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "93010"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.17"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x8807903"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "9.2-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "8.4-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "system m4 hd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x36305466"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "-release-p17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "7.0-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "9.1-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7845072.040.134.32804"
      },
      {
        "model": "qradar risk manager mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.0.9.8"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7545061.121.225.06100"
      },
      {
        "model": "10.0-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x4407917"
      },
      {
        "model": "flashsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v8400"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system m4 hd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x36505460"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087220"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8734"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "79700"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.5"
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "9.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7970072.200.134.32804"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75350"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7220072.030.134.32804"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "cms r17ac.h",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9303072.180.134.32804"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "workcentre",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5735061.132.224.35203"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch 7.2.0d5",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "9.2-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2"
      },
      {
        "model": "8.2-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325054580"
      },
      {
        "model": "-release-p42",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7855072.040.134.32804"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "6655072.060.134.32804"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "6.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "6.4-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "icewall sso dfw r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.07"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "69075"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3508"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3508"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "128131"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2014-3508",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-3508",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3508",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3508",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3508"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3508"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of \u0027\\0\u0027 characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. OpenSSL is prone to an information disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. \nThe following versions are vulnerable:\nOpenSSL 0.9.8 versions prior to 0.9.8zb. \nOpenSSL 1.0.0 versions prior  to 1.0.0n. \nOpenSSL 1.0.1 versions prior  to 1.0.1i. The HP Matrix\nOperating Environment v7.2.3 Update kit applicable to HP Matrix Operating\nEnvironment 7.2.x installations is available at the following location:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=HPID\n\nNOTE: Please read the readme.txt file before proceeding with the\ninstallation. \n\nReferences:\n\nCVE-2014-3505 - Remote Denial of Service (DoS)\nCVE-2014-3506 - Remote Denial of Service (DoS)\nCVE-2014-3507 - Remote Denial of Service (DoS)\nCVE-2014-3508 - Remote Disclosure of Information\nCVE-2014-3510 - Remote Denial of Service (DoS)\n\nSSRT101686\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat JBoss Enterprise Application Platform 6.3 openssl security update\nAdvisory ID:       RHSA-2014:1297-01\nProduct:           Red Hat JBoss Enterprise Application Platform\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-1297.html\nIssue date:        2014-09-24\nCVE Names:         CVE-2014-3505 CVE-2014-3506 CVE-2014-3508 \n                   CVE-2014-3510 \n=====================================================================\n\n1. Summary:\n\nAn update for the OpenSSL packages for Red Hat JBoss Enterprise Application\nPlatform 6.3 that fixes multiple security issues is now available from the\nRed Hat Customer Portal. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3505,\nCVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. (CVE-2014-3510)\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.3.0 as\nprovided from the Red Hat Customer Portal are advised to apply this update. \nThe JBoss server process must be restarted for the update to take effect. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting Red Hat JBoss Enterprise Application Platform installation and\ndeployed applications. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. ============================================================================\nUbuntu Security Notice USN-2308-1\nAugust 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nAdam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled\ncertain DTLS packets. A remote attacker could use this issue to cause\nOpenSSL to crash, resulting in a denial of service. (CVE-2014-3505)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS handshake messages. A remote attacker could use this issue\nto cause OpenSSL to consume memory, resulting in a denial of service. \n(CVE-2014-3506)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS fragments. A remote attacker could use this issue to cause\nOpenSSL to leak memory, resulting in a denial of service. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3507)\n\nIvan Fratric discovered that OpenSSL incorrectly leaked information in\nthe pretty printing functions. (CVE-2014-3508)\n\nGabor Tyukasz discovered that OpenSSL contained a race condition when\nprocessing serverhello messages. A malicious server could use this issue\nto cause clients to crash, resulting in a denial of service. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3509)\n\nFelix Gr=C3=B6bert discovered that OpenSSL incorrectly handled certain DTLS\nhandshake messages. A malicious server could use this issue to cause\nclients to crash, resulting in a denial of service. (CVE-2014-3510)\n\nDavid Benjamin and Adam Langley discovered that OpenSSL incorrectly\nhandled fragmented ClientHello messages. If a remote attacker were able to\nperform a man-in-the-middle attack, this flaw could be used to force a\nprotocol downgrade to TLS 1.0. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. (CVE-2014-3511)\n\nSean Devlin and Watson Ladd discovered that OpenSSL incorrectly handled\ncertain SRP parameters. A remote attacker could use this with applications\nthat use SRP to cause a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n(CVE-2014-3512)\n\nJoonas Kuorilehto and Riku Hietam=C3=A4ki discovered that OpenSSL incorrectly\nhandled certain Server Hello messages that specify an SRP ciphersuite. A\nmalicious server could use this issue to cause clients to crash, resulting\nin a denial of service. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-5139)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.17\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.20\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2308-1\n  CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508,\n  CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512,\n  CVE-2014-5139\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17\n  https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04424322\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04424322\nVersion: 1\n\nHPSBGN03099 rev.1 - HP IceWall SSO Dfw, SSO Agent and MCRP running OpenSSL,\nRemote Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-09-01\nLast Updated: 2014-09-01\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP IceWall SSO\nDfw, SSO Agent and MCRP running OpenSSL. \n\nHP IceWall SSO Agent Option v8.0, v8.0 2007 Update Release 2, and v10.0\nHP IceWall MCRP v2.1, v3.0\nHP IceWall SSO Dfw v8.0, v8.0 R1, v8.0 R2, v8.0 R3, and v10.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3508    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP recommends the following software update options to resolve this\nvulnerability for HP IceWall SSO Dfw, SSO Agent and MCRP. \n\n  1. HP IceWall SSO Agent and MCRP\n\n    - OpenSSL patches are available for RHEL:\nhttps://access.redhat.com/security/cve/CVE-2014-3508\n\n    - OpenSSL patches are available for HP-UX. \n\n      Please refer to HP Security Bulletin HPSBUX03095: https://h20564.www2.h\np.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04404655\n\n  2. HP IceWall SSO Dfw\n\n    Updated OpenSSL is available for the HP IceWall SSO Dfw Bundle:\nhttp://www.hp.com/jp/icewall/_patchaccess\n\nHP recommends the following mitigation information to protect against\npotential risk for the following HP IceWall products. \n\n  HP IceWall SSO Dfw and MCRP\n\n    If possible, do not use SHOST setting which allows IceWall SSO Dfw or\nMCRP to use SSL/TLS for back-end web server connection. \n\n  HP IceWall SSO Dfw\n\n    If possible, do not use SHOST and set CC_DECODE_FLG to 0 which will\ndisable certificate decode by HP IceWall SSO Dfw . \n\nNote: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 2 September 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.19 (GNU/Linux)\n\niEYEARECAAYFAlQGEj8ACgkQ4B86/C0qfVne6gCg99hMorczaPKAZbOnaQb7D4Gr\n/hMAoLzofSZ3Qg4e+kXrFqUAnpOjkOUK\n=kaPy\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz:  Upgraded. \n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd  openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200  openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413  openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544  openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb  openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d  openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c  openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da  openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620  openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691  openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023  openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843  openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180  openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231  openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58  openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c  openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7  openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7  openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d  openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250  openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269  a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f  n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc  a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8  n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3508"
      },
      {
        "db": "BID",
        "id": "69075"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3508"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "128387"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "128131"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3508",
        "trust": 2.2
      },
      {
        "db": "BID",
        "id": "69075",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "59700",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61100",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60803",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59710",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60410",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61214",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60917",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61017",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59221",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60921",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60221",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60022",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60824",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60938",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59743",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61250",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59756",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61959",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60861",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58962",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61171",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61775",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60778",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60684",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61184",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60687",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61392",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60493",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030693",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2014-06",
        "trust": 1.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3508",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130815",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128248",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132467",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128387",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127790",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137201",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128131",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127811",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3508"
      },
      {
        "db": "BID",
        "id": "69075"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "128387"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "128131"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3508"
      }
    ]
  },
  "id": "VAR-201408-0090",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.42424244
  },
  "last_update_date": "2024-06-17T08:53:04.393000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2308-1"
      },
      {
        "title": "Debian Security Advisories: DSA-2998-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=bfd576c692d8814b2a331baf29ad367c"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-391",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-391"
      },
      {
        "title": "Symantec Security Advisories: SA85 : OpenSSL Security Advisory 06-Aug-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=02a206cf2efb06aecdaf29aeca851b55"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "BinSeeker",
        "trust": 0.1,
        "url": "https://github.com/buptssegj/binseeker "
      },
      {
        "title": "oval",
        "trust": 0.1,
        "url": "https://github.com/jumanjihouse/oval "
      },
      {
        "title": "wormhole",
        "trust": 0.1,
        "url": "https://github.com/jumanjihouse/wormhole "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3508"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3508"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "https://www.openssl.org/news/secadv_20140806.txt"
      },
      {
        "trust": 1.4,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1256.html"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.4,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:18.openssl.asc"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1297.html"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
      },
      {
        "trust": 1.1,
        "url": "http://linux.oracle.com/errata/elsa-2014-1052.html"
      },
      {
        "trust": 1.1,
        "url": "http://linux.oracle.com/errata/elsa-2014-1053.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140973896703549\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58962"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59221"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59700"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59710"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59743"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59756"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60022"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60221"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60410"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60493"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60684"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60687"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60778"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60803"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60824"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60861"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60917"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60921"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60938"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61017"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61100"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61171"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61184"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61214"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61250"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61392"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61775"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61959"
      },
      {
        "trust": 1.1,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2014/dsa-2998"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:158"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/69075"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030693"
      },
      {
        "trust": 1.1,
        "url": "http://www.tenable.com/security/tns-2014-06"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681752"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
      },
      {
        "trust": 1.1,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127490"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95165"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.4,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682663"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317"
      },
      {
        "trust": 0.3,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wan_boot"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004917"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21681752"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004931"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004872"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691210"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/mar/84"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/feb/151"
      },
      {
        "trust": 0.3,
        "url": "aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100182969"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04424322"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04426586"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04404655"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684570"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2b8d8-513128526dd97/cert_security_mini-_bulletin_xrx15m_for_wc75xx_v1_1.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2a20e-5105457a515cc/cert_security_mini-_bulletin_xrx15e_for_wc57xx_v1_0.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2deee-50da9c14daae3/cert_mini_security_bulletin_xrx15a_v1-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2df3c-51055b159fd50/cert_security_mini_bulletin_xrx15f_for_connectkey_1.5_v1-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685467"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097658"
      },
      {
        "trust": 0.3,
        "url": "https://bto.bluecoat.com/security-advisory/sa85"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100182784"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1052.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1054.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684913"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683389"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097903"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098252"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098585"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689886"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686182"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685967"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096510"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687099"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685043"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966557"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.2,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/ibm-aix-cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/buptssegj/binseeker"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2308-1/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35202"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
      },
      {
        "trust": 0.1,
        "url": "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04486577-1"
      },
      {
        "trust": 0.1,
        "url": "https://technet.microsoft.com/library/security/3009008"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3508.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3510.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3505.html"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3506.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2308-1"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightmanagement"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2019"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2018"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2021"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.h"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/jp/icewall/_patchaccess"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3508"
      },
      {
        "db": "BID",
        "id": "69075"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "128387"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "128131"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3508"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3508"
      },
      {
        "db": "BID",
        "id": "69075"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "128387"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "128131"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3508"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-08-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3508"
      },
      {
        "date": "2014-08-06T00:00:00",
        "db": "BID",
        "id": "69075"
      },
      {
        "date": "2015-03-13T17:11:00",
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "date": "2014-09-15T17:53:34",
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "date": "2015-06-29T15:35:42",
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "date": "2014-09-25T00:05:16",
        "db": "PACKETSTORM",
        "id": "128387"
      },
      {
        "date": "2014-08-08T21:44:17",
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "date": "2016-05-26T09:22:00",
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "date": "2014-09-03T21:23:53",
        "db": "PACKETSTORM",
        "id": "128131"
      },
      {
        "date": "2014-08-11T11:11:00",
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "date": "2014-08-13T23:55:07.497000",
        "db": "NVD",
        "id": "CVE-2014-3508"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3508"
      },
      {
        "date": "2016-09-09T15:00:00",
        "db": "BID",
        "id": "69075"
      },
      {
        "date": "2023-11-07T02:20:10.163000",
        "db": "NVD",
        "id": "CVE-2014-3508"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "69075"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL CVE-2014-3508 Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "69075"
      }
    ],
    "trust": 0.3
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "69075"
      }
    ],
    "trust": 0.3
  }
}

var-201609-0347
Vulnerability from variot

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)

  • It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. (CVE-2016-2178)

  • It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. (CVE-2016-2179)

  • A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181)

  • An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code. (CVE-2016-2182)

  • A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)

This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.

  • An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets. (CVE-2016-6302)

  • Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)

  • An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. (CVE-2016-2180)

  • Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304 and CVE-2016-6306; and Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters of CVE-2016-2183.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm

ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm

s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm

ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm

s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm

s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

After installing the updated packages, the httpd daemon will be restarted automatically. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/

CVE-2016-2178

Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.

CVE-2016-2179 / CVE-2016-2181

Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your openssl packages. ========================================================================== Ubuntu Security Notice USN-3087-1 September 22, 2016

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)

Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181)

Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182)

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183)

Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)

Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.4

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.20

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.37

After a standard system update you need to reboot your computer to make all the necessary changes. Description:

This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):

JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7

7

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0347",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1t"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "(linux edition )"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "sg3600 all series"
      },
      {
        "model": "ix1000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard v8.2 to  v9.4"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v8.5"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "webex centers t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13150-13"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series blade switches 4.1 e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "stealthwatch management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment 5.1.fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.2"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.5"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router 1.2.1rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.14"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "nexus series switches standalone nx-os mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3.1"
      },
      {
        "model": "nexus series switches standalone nx-os mode 7.0 i5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.26"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.11"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.9"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.8"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "telepresence sx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0.1"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8200"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.9"
      },
      {
        "model": "unified communications manager im \u0026 presence service (formerly c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.5"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.1.3"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0.7"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.11"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "partner support service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.9"
      },
      {
        "model": "cloud web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "email gateway 7.6.2h968406",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.8"
      },
      {
        "model": "webex meetings client on-premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6(1)"
      },
      {
        "model": "services provisioning platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "nac appliance clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.405"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "services provisioning platform sfp1.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.8"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.5"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "jabber for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.4"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.9"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3.8"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "stealthwatch identity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.2"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2(1)"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.1"
      },
      {
        "model": "unified workforce optimization quality management solution 11.5 su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "universal small cell iuh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.2"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "jabber client framework components",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings client on-premises t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dcm series d9900 digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.19"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.4"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "prime network services controller 1.01u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9.15.9.8"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.10"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103204.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.10"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.1"
      },
      {
        "model": "telepresence system ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.5(3)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series blade switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-376.1"
      },
      {
        "model": "jabber for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence profile series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1.0.0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.10"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.28"
      },
      {
        "model": "edge digital media player 1.6rb5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.12"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "telepresence isdn gateway mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "wireless lan controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.3"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.33"
      },
      {
        "model": "telepresence mx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.23"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0.1"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.401"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.8"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.7"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "tandberg codian isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway 7.6.405h1165239",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.9"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9.0"
      },
      {
        "model": "digital media manager 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.2"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.7"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.3"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.19"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "webex meetings server multimedia platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified ip conference phone 10.3.1sr4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.5"
      },
      {
        "model": "series stackable managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.11"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "aironet series access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27000"
      },
      {
        "model": "onepk all-in-one virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13006.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11006.1"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "telepresence sx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5"
      },
      {
        "model": "nac appliance clean access server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.0.1"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime optical for service providers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart care",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.11"
      },
      {
        "model": "edge digital media player 1.2rb1.0.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "340"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "network performance analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.19"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82.8"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.7"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.7"
      },
      {
        "model": "telepresence integrator c series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "content security management appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.140"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.8"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.14"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "jabber client framework components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.403"
      },
      {
        "model": "unified sip proxy software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "telepresence server and mse",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087104.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.6"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "ucs series and series fabric interconnects",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "620063000"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.3.0"
      },
      {
        "model": "netflow generation appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(1)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.6"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.2"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.3-6513"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.28"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.9"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.29"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.8.15.7.15"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "prime infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.23"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103200"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.24"
      },
      {
        "model": "content security appliance update servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "videoscape anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.7.2"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.6"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.9"
      },
      {
        "model": "universal small cell iuh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.2"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.4"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-326.1"
      },
      {
        "model": "unity express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.8"
      },
      {
        "model": "small business series managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10006.1"
      },
      {
        "model": "telepresence isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "series smart plus switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2200"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.3.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "telepresence system series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30006.1"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.4"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.13"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.12"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.5"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.9"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.32"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.9"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "mds series multilayer switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-3.0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.1"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart net total care local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.12"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.8.9"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "prime performance manager sp1611",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "unified ip phone 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.23"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.10"
      },
      {
        "model": "telepresence server and mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087100"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.19"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270015.5(3)"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.30"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.4"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.11"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "digital media manager 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified workforce optimization quality management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.13"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "cloud object storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.5"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.4"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.4"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7.0"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47100"
      },
      {
        "model": "oss support tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.15.17.3.14"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.2.0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "prime infrastructure plug and play standalone gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.2"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.6"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.19"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.3"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4.1"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.8"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5(1.89)"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.003(002)"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.31"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8204.4"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.13"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.400"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "prime network",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "431"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.26"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "network analysis module 6.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system ex series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mxe series media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "ip series phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.9"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.27"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.17"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.18"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2.0.0"
      },
      {
        "model": "unified meetingplace 8.6mr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.406-3402.103"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.9"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "spa525g 5-line ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "unified ip conference phone for third-party call control 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.6"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway 7.6.405h1157986",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.23"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "webex meetings client hosted t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.15"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1.30"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.402"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "92628"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004781"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-449"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6302"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6302"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Shi Lei.,The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-449"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-6302",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6302",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6302",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6302",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201608-449",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-6302",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6302"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004781"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-449"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6302"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2016:1940-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1940.html\nIssue date:        2016-09-27\nCVE Names:         CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 \n                   CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 \n                   CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* A memory leak flaw was found in the way OpenSSL handled TLS status\nrequest extension data during session renegotiation. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. (CVE-2016-6304)\n\n* It was discovered that OpenSSL did not always use constant time\noperations when computing Digital Signature Algorithm (DSA) signatures. A\nlocal attacker could possibly use this flaw to obtain a private DSA key\nbelonging to another user or service running on the same system. \n(CVE-2016-2178)\n\n* It was discovered that the Datagram TLS (DTLS) implementation could fail\nto release memory in certain cases. A malicious DTLS client could cause a\nDTLS server using OpenSSL to consume an excessive amount of memory and,\npossibly, exit unexpectedly after exhausting all available memory. \n(CVE-2016-2179)\n\n* A flaw was found in the Datagram TLS (DTLS) replay protection\nimplementation in OpenSSL. A remote attacker could possibly use this flaw\nto make a DTLS server using OpenSSL to reject further packets sent from a\nDTLS client over an established DTLS connection. (CVE-2016-2181)\n\n* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()\nfunction. An attacker able to make an application using OpenSSL to process\na large BIGNUM could cause the application to crash or, possibly, execute\narbitrary code. (CVE-2016-2182)\n\n* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL\nprotocol. A man-in-the-middle attacker could use this flaw to recover some\nplaintext data by capturing large amounts of encrypted traffic between\nTLS/SSL server and client if the communication used a DES/3DES based\nciphersuite. (CVE-2016-2183)\n\nThis update mitigates the CVE-2016-2183 issue by lowering priority of DES\ncipher suites so they are not preferred over cipher suites using AES. For\ncompatibility reasons, DES cipher suites remain enabled by default and\nincluded in the set of cipher suites identified by the HIGH cipher string. \nFuture updates may move them to MEDIUM or not enable them by default. \n\n* An integer underflow flaw leading to a buffer over-read was found in the\nway OpenSSL parsed TLS session tickets. A remote attacker could use this\nflaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for\nsession tickets. (CVE-2016-6302)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* An out of bounds read flaw was found in the way OpenSSL formatted Public\nKey Infrastructure Time-Stamp Protocol data for printing. An attacker could\npossibly cause an application using OpenSSL to crash if it printed time\nstamp data from the attacker. (CVE-2016-2180)\n\n* Multiple out of bounds read flaws were found in the way OpenSSL handled\ncertain TLS/SSL protocol handshake messages. A remote attacker could\npossibly use these flaws to crash a TLS/SSL server or client using OpenSSL. \n(CVE-2016-6306)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. Upstream\nacknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter\nof CVE-2016-6304 and CVE-2016-6306; and Karthikeyan Bhargavan (Inria) and\nGaA\u003c\u003ctan Leurent (Inria) as the original reporters of CVE-2016-2183. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2179\nhttps://access.redhat.com/security/cve/CVE-2016-2180\nhttps://access.redhat.com/security/cve/CVE-2016-2181\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.openssl.org/news/secadv/20160922.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI\nxpTW7ApBLmKhVjs49DGYouI=\n=4VgY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Additional information can be found at\n    https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/    \n\nCVE-2016-2178\n\n    Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n    leak in the DSA code. \n\nCVE-2016-2179 / CVE-2016-2181\n\n    Quan Luo and the OCAP audit team discovered denial of service\n    vulnerabilities in DTLS. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4. \n\nFor the unstable distribution (sid), these problems will be fixed soon. \n\nWe recommend that you upgrade your openssl packages. ==========================================================================\nUbuntu Security Notice USN-3087-1\nSeptember 22, 2016\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This\nissue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n\nQuan Luo discovered that OpenSSL did not properly restrict the lifetime\nof queue entries in the DTLS implementation. (CVE-2016-2181)\n\nShi Lei discovered that OpenSSL incorrectly validated division results. \n(CVE-2016-2182)\n\nKarthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\nciphers were vulnerable to birthday attacks. \n(CVE-2016-2183)\n\nShi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)\n\nShi Lei discovered that OpenSSL incorrectly performed certain message\nlength checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.4\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.20\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.37\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Description:\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-373 - Errata for httpd 2.4.29 GA RHEL 7\n\n7",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6302"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004781"
      },
      {
        "db": "BID",
        "id": "92628"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6302"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6302",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "92628",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1036885",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-16",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-21",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-20",
        "trust": 1.7
      },
      {
        "db": "PULSESECURE",
        "id": "SA40312",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU98667810",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004781",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2148",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-449",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6302",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138870",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148521",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148525",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138817",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138820",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148524",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6302"
      },
      {
        "db": "BID",
        "id": "92628"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004781"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-449"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6302"
      }
    ]
  },
  "id": "VAR-201609-0347",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.37975769357142847
  },
  "last_update_date": "2024-07-23T20:02:01.581000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160927-openssl",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "title": "1995039",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "title": "NV17-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "Sanity check ticket length.",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Oracle Linux Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "title": "SA40312",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "title": "SA132",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaapsv"
      },
      {
        "title": "TNS-2016-16",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "title": "OpenSSL Remediation measures for denial of service vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=63772"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182187 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29  RHEL 7 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182185 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182186 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2016-6302",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-6302"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-6302"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-755",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24"
      },
      {
        "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16"
      },
      {
        "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
      },
      {
        "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-6302 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/holmes-py/reports-summary "
      },
      {
        "title": "rhsecapi",
        "trust": 0.1,
        "url": "https://github.com/redhatofficial/rhsecapi "
      },
      {
        "title": "alpine-cvecheck",
        "trust": 0.1,
        "url": "https://github.com/tomwillfixit/alpine-cvecheck "
      },
      {
        "title": "cve-pylib",
        "trust": 0.1,
        "url": "https://github.com/redhatproductsecurity/cve-pylib "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6302"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004781"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-449"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004781"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6302"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/92628"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2187"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2186"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2185"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "trust": 1.7,
        "url": "http://www.splunk.com/view/sp-caaapsv"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1036885"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-21"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-20"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=e97763c92c655dcf4af2860b3abd2bc4c8a267f9"
      },
      {
        "trust": 0.9,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6302"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98667810/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6302"
      },
      {
        "trust": 0.8,
        "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9"
      },
      {
        "trust": 0.6,
        "url": "https://www.openssl.org/news/vulnerabilities.html#y2017"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-6306"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-2182"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-6302"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/openssl/openssl/commit/1bbe48ab149893a78bf99c8eb8895c928900a16f"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369855"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3738"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3731"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3737"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3738"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3732"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-7055"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3737"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3736"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3736"
      },
      {
        "trust": 0.2,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-6302"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3087-2/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2181"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2179"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-3087-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6302"
      },
      {
        "db": "BID",
        "id": "92628"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004781"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-449"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6302"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6302"
      },
      {
        "db": "BID",
        "id": "92628"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004781"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-449"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6302"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6302"
      },
      {
        "date": "2016-08-24T00:00:00",
        "db": "BID",
        "id": "92628"
      },
      {
        "date": "2016-09-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004781"
      },
      {
        "date": "2016-09-27T19:32:00",
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "date": "2018-07-12T21:45:18",
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "date": "2018-07-12T21:48:57",
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "date": "2016-09-22T22:22:00",
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "date": "2016-09-22T22:25:00",
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "date": "2018-07-12T21:48:49",
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "date": "2016-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-449"
      },
      {
        "date": "2016-09-16T05:59:12.003000",
        "db": "NVD",
        "id": "CVE-2016-6302"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6302"
      },
      {
        "date": "2018-02-05T15:00:00",
        "db": "BID",
        "id": "92628"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004781"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-449"
      },
      {
        "date": "2023-11-07T02:33:56.930000",
        "db": "NVD",
        "id": "CVE-2016-6302"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-449"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  ssl/t1_lib.c of  tls_decrypt_ticket Denial of service in function  (DoS) Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004781"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-449"
      }
    ],
    "trust": 0.6
  }
}

var-201512-0483
Vulnerability from variot

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to crash the affected application; denying service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05157667

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05157667 Version: 1

HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2016-06-01 Last Updated: 2016-06-01

Potential Security Impact: Remote Cross-Site Request Forgery (CSRF), Denial of Service (DoS), Disclosure of Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified in HPE BladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities include:

The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which could be exploited remotely resulting in disclosure of information. Additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS), disclosure of information, or Cross-site Request Forgery (CSRF).

References:

CVE-2016-0800 CVE-2016-0799 CVE-2016-2842 CVE-2015-1789 CVE-2015-1791 CVE-2015-3194 CVE-2015-0705 CVE-2015-5600 CVE-2014-3566 CVE-2008-5161 SSRT102281

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following firmware versions of Virtual Connect (VC) are impacted:

HPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45 HPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21

Note: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800, CVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and CVE-2016-2842.

The following products run the impacted versions of Virtual Connect (VC) firmware:

HPE VC Flex-10 10Gb Enet Module HPE Virtual Connect Flex-10/10D Module for c-Class BladeSystem HPE Virtual Connect FlexFabric 10Gb/24-port Module for c-Class BladeSystem HPE Virtual Connect FlexFabric-20/40 F8 Module for c-Class BladeSystem

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2016-0800 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-3194 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2008-5161 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2015-0705 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2016-0799 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2016-2842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5600 (AV:N/AC:L/Au:N/C:P/I:N/A:C) 8.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HPE has provided an updated version of the BladeSystem c-Class Virtual Connect (VC) firmware to address these vulnerabilities.

HPE BladeSystem c-Class Virtual Connect (VC) Firmware v4.50

The update can be downloaded from: http://h20564.www2.hpe.com/hpsc/swd/public /detail?swItemId=MTX_1f352fb404f5410d9b2ca1b56d

HISTORY Version:1 (rev.1) - 1 June 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:2617-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2617.html Issue date: 2015-12-14 CVE Names: CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 =====================================================================

  1. Summary:

Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194)

A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)

A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)

All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

ppc64: openssl-1.0.1e-42.el6_7.1.ppc.rpm openssl-1.0.1e-42.el6_7.1.ppc64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm openssl-devel-1.0.1e-42.el6_7.1.ppc.rpm openssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm

s390x: openssl-1.0.1e-42.el6_7.1.s390.rpm openssl-1.0.1e-42.el6_7.1.s390x.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm openssl-devel-1.0.1e-42.el6_7.1.s390.rpm openssl-devel-1.0.1e-42.el6_7.1.s390x.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm openssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm openssl-static-1.0.1e-42.el6_7.1.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm openssl-perl-1.0.1e-42.el6_7.1.s390x.rpm openssl-static-1.0.1e-42.el6_7.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

aarch64: openssl-1.0.1e-51.el7_2.1.aarch64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm openssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm openssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm

ppc64: openssl-1.0.1e-51.el7_2.1.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm

ppc64le: openssl-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm

s390x: openssl-1.0.1e-51.el7_2.1.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm openssl-devel-1.0.1e-51.el7_2.1.s390.rpm openssl-devel-1.0.1e-51.el7_2.1.s390x.rpm openssl-libs-1.0.1e-51.el7_2.1.s390.rpm openssl-libs-1.0.1e-51.el7_2.1.s390x.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64: openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm openssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm openssl-static-1.0.1e-51.el7_2.1.aarch64.rpm

ppc64: openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm openssl-static-1.0.1e-51.el7_2.1.ppc.rpm openssl-static-1.0.1e-51.el7_2.1.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm

s390x: openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm openssl-perl-1.0.1e-51.el7_2.1.s390x.rpm openssl-static-1.0.1e-51.el7_2.1.s390.rpm openssl-static-1.0.1e-51.el7_2.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2015-3194 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-3196 https://access.redhat.com/security/updates/classification/#moderate https://openssl.org/news/secadv/20151203.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4 dpIS/iR9oiOKMXJY5t447ME= =qvLr -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). For more information, see: https://openssl.org/news/secadv_20151203.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196 ( Security fix ) patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 5e45a22283b41aaf4f867918746ebc1d openssl-0.9.8zh-i486-1_slack13.0.txz 0ad74b36ce143d28e15dfcfcf1fcb483 openssl-solibs-0.9.8zh-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: c360d323a2bed57c62d6699b2d4be65e openssl-0.9.8zh-x86_64-1_slack13.0.txz 122240badbfbe51c842a9102d3cfe30f openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 1bf98b27573b20a7de5f6359f3eadbd7 openssl-0.9.8zh-i486-1_slack13.1.txz 2b732f1f29de1cb6078fd1ddda8eb9ec openssl-solibs-0.9.8zh-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 735c3bbc55902ec57e46370cde32ea4b openssl-0.9.8zh-x86_64-1_slack13.1.txz 483f506f3b86572e60fe4c46a67c226b openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 9af41ba336c64b92d5bbd86c17a93e94 openssl-0.9.8zh-i486-1_slack13.37.txz b83170b9c5ec56b4e2dc882b3c64b306 openssl-solibs-0.9.8zh-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 2220ff161d0bf3635d2dea7caae6e5e7 openssl-0.9.8zh-x86_64-1_slack13.37.txz 17b3e8884f383e3327d5e4a6080634cb openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz

Slackware 14.0 packages: ced42bc3799f2b54aeb3b631a2864b90 openssl-1.0.1q-i486-1_slack14.0.txz 52965f98ee30e8f3d22bde6b0fe7f53b openssl-solibs-1.0.1q-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: cbf49f09bdcebc61cf7fcb2857dc3a71 openssl-1.0.1q-x86_64-1_slack14.0.txz 156911f58b71ee6369467d8fec34a59f openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 36d5f60b634788d4315ffb46ef6d4d88 openssl-1.0.1q-i486-1_slack14.1.txz fc18f566a9a2f5c6adb15d288245403a openssl-solibs-1.0.1q-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 03f1832417a79f73b35180a39ae4fb16 openssl-1.0.1q-x86_64-1_slack14.1.txz bf447792f23deb14e1fe3f008a6b78a7 openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz

Slackware -current packages: 27b2974199a970392ed2192bf4a207a9 a/openssl-solibs-1.0.2e-i586-1.txz 940a7653a6cadb44ce143d3b0e0eaa16 n/openssl-1.0.2e-i586-1.txz

Slackware x86_64 -current packages: 8636a45f49d186d505b356b9be66309b a/openssl-solibs-1.0.2e-x86_64-1.txz 87c33a76a94993864a52bfe4e5d5b2f0 n/openssl-1.0.2e-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Corrected: 2015-12-03 21:18:48 UTC (stable/10, 10.2-STABLE) 2015-12-05 09:53:58 UTC (releng/10.2, 10.2-RELEASE-p8) 2015-12-05 09:53:58 UTC (releng/10.1, 10.1-RELEASE-p25) 2015-12-03 21:24:40 UTC (stable/9, 9.3-STABLE) 2015-12-05 09:53:58 UTC (releng/9.3, 9.3-RELEASE-p31) CVE Name: CVE-2015-3194, CVE-2015-3195, CVE-2015-3196

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project.

II. [CVE-2015-3196]

III. [CVE-2015-3194] This affects FreeBSD 10.x only. [CVE-2015-3196]. This affects FreeBSD 10.1 only.

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

Reboot is optional but recommended.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

Reboot is optional but recommended.

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 9.3]

fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-9.3.patch

fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-9.3.patch.asc

gpg --verify openssl-9.3.patch.asc

[FreeBSD 10.1]

fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.1.patch

fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.1.patch.asc

gpg --verify openssl-10.1.patch.asc

[FreeBSD 10.2]

fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.2.patch

fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.2.patch.asc

gpg --verify openssl-10.2.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/9/ r291722 releng/9.3/ r291854 stable/10/ r291721 releng/10.1/ r291854 releng/10.2/ r291854

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. Description:

This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)

  • This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)

  • This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)

  • This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)

  • This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)

  • A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2012-1148)

Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.

See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):

801648 - CVE-2012-1148 expat: Memory leak in poolGrow 1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service 1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import 1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp() 1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression 1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation 1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file 1332820 - CVE-2016-4483 libxml2: out-of-bounds read 1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar 1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName 1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs 1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral 1338700 - CVE-2016-4448 libxml2: Format string vulnerability 1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content 1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey 1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString 1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal 1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup 1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat 1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass 1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert 1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates 1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI 1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error

  1. JIRA issues fixed (https://issues.jboss.org/):

JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE 0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.

BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)

Severity: Moderate

There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites.

This issue affects OpenSSL version 1.0.2.

OpenSSL 1.0.2 users should upgrade to 1.0.2e

This issue was reported to OpenSSL on August 13 2015 by Hanno Böck. The fix was developed by Andy Polyakov of the OpenSSL development team. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q

This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne (Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL development team. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.

This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q OpenSSL 1.0.0 users should upgrade to 1.0.0t OpenSSL 0.9.8 users should upgrade to 0.9.8zh

This issue was reported to OpenSSL on November 9 2015 by Adam Langley (Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Race condition handling PSK identify hint (CVE-2015-3196)

Severity: Low

If PSK identity hints are received by a multi-threaded client then the values are wrongly updated in the parent SSL_CTX structure.

This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0 and has not been previously fixed in an OpenSSL 1.0.0 release.

The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)

Severity: Low

If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack.

This issue affects OpenSSL version 1.0.2.

OpenSSL 1.0.2 users should upgrade to 1.0.2e

This issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these versions will be provided after that date. In the absence of significant security issues being identified prior to that date, the 1.0.0t and 0.9.8zh releases will be the last for those versions. Users of these versions are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20151203.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0483",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.10"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.0.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.2.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.41"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.1.1"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.9"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "hpe systems insight manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.7.10 and earlier"
      },
      {
        "model": "hpe server migration pack",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.28 and earlier"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "none"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "hpe version control repository manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hpe matrix operating environment",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "server provisioning"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.6"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.14"
      },
      {
        "model": "10.2-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.19"
      },
      {
        "model": "1/10gb uplink ethernet switch module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.8.22.0"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59307)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.10"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "oncommand performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "hsr6602 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66025"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.15"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.5"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.13"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5"
      },
      {
        "model": "9.3-release-p31",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "hp870 (comware r2607p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-165)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.2"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.19"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "10.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "4500g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.6"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "fortiswitch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3"
      },
      {
        "model": "9.3-release-p22",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.6.0.3"
      },
      {
        "model": "openscape uc application",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "0"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-1x5)"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.2.1"
      },
      {
        "model": "(comware r2150",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79007)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37001.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "5.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "9.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4"
      },
      {
        "model": "opensuse evergreen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.5"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014091001"
      },
      {
        "model": "flashsystem 9843-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.8"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "g8264cs si fabric image",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "bigfix platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "smb (comware r1110",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "16205)"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "10.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "2.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50001.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "qradar siem patch ifix01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.44"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "10.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.4"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.16.0"
      },
      {
        "model": "mobile foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3.091"
      },
      {
        "model": "msr20 (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.8"
      },
      {
        "model": "msr 50-g2 (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.10"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "ctpview 7.3r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "9.3-beta3-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.6.0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.6.0.4"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014090800"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "10.2-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.19"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.6"
      },
      {
        "model": "si (comware r1517",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51205)"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "10.1-rc2-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "(comware r7180",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105007)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bigfix platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10.1.38.00"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.3"
      },
      {
        "model": "openscape common management port",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "1/10gb uplink ethernet switch module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.13.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "netezza platform software 7.2.0.4-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.10"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.1.8"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "(comware r7180",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75007)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1.8"
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "oncommand report",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.12"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.17"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "imc uam tam e0406",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.9"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.30"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4"
      },
      {
        "model": "netezza platform software 7.1.0.8-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "(comware r5319p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "36105)"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "bundle of g8264cs image",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.13.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.16"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.1"
      },
      {
        "model": "openscape voice trace manage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.7"
      },
      {
        "model": "msr2000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "vcx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "bigfix remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.7"
      },
      {
        "model": "ei (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51205)"
      },
      {
        "model": "openscape desk phone ip hf r0.28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "1/10gb uplink ethernet switch module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.8.23.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.7"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "1.0"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "virtual fabric 10gb switch module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.8.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "9.3-rc",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.12"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.9"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.6"
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "9.3-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.8"
      },
      {
        "model": "10.2-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "10.1-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "6125xlg r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "10.1-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.10"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.50"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59007)"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "hsr6800 (comware r7103p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "f5000-a (comware f3210p26",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.6"
      },
      {
        "model": "9.3-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.13.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "10.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.4"
      },
      {
        "model": "10.1-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.2"
      },
      {
        "model": "si4093 image",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "imc inode e0407",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.34"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize 6.4storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3500v3700"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.21.0"
      },
      {
        "model": "netezza platform software 7.1.0.4-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "openscape voice r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "9.3-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.38"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "altavault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "netezza platform software 7.2.0.4-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "10.2-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.9"
      },
      {
        "model": "netezza platform software 7.2.1.1-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "smb1910 (comware r1113",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.6"
      },
      {
        "model": "netezza diagnostics tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.10"
      },
      {
        "model": "hi (comware r5501p21",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.13.0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "10.1-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.4"
      },
      {
        "model": "9.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.53"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "virtual fabric 10gb switch module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.8.22.0"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.10"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.12"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9xx5)"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.6.0"
      },
      {
        "model": "hp850 (comware r2607p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "imc wsm e0502p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "6127xlg r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "a6600 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "(comware r1810p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58005)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "moonshot r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.8"
      },
      {
        "model": "infinity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "11.1"
      },
      {
        "model": "9.3-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.31"
      },
      {
        "model": "9.3-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.5"
      },
      {
        "model": "flashsystem 9848-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "flashsystem 9840-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.7"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.9"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.34"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "openscape sbc r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v7"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014090300"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.9"
      },
      {
        "model": "10.2-beta2-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "netezza platform software 7.1.0.5-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.7"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "openscape alarm respons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4.0650"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.7"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "4.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.5"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.5"
      },
      {
        "model": "ei (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)"
      },
      {
        "model": "5510hi (comware r1120",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "g8264cs si fabric image",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.13.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.16"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.45"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.8"
      },
      {
        "model": "10.1-beta3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "msr1000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.3"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10"
      },
      {
        "model": "vsr (comware e0322p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "openscape r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "4000v7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.3"
      },
      {
        "model": "manageability sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.13.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "flashsystem 9846-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.7"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.13.0"
      },
      {
        "model": "wx5004-ei (comware r2507p44",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "10.1-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.16.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014111002"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.19"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.1"
      },
      {
        "model": "openscape r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "4000v7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.12"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "openscape sbc r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v8"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "9.3-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "4800g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "(comware r3113p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51307)"
      },
      {
        "model": "9.3-release-p21",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smb1920 (comware r1112",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "9.3-release-p24",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8"
      },
      {
        "model": "1/10gb uplink ethernet switch module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.12.0"
      },
      {
        "model": "10.1-release-p19",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.5"
      },
      {
        "model": "openstage desk phone ip si r3.32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.35"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "6.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "u200s and cs (comware f5123p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "9.3-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "10.1-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "57007)"
      },
      {
        "model": "fortivoiceos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.19"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.9"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "msr4000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "hp6000 (comware r2507p44",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "(comware r1118p13",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58305)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "3.0"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "netezza diagnostics tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.1"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.6.0.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "intelligent management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rse ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66005"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "rpe ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66005"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.6.0.3"
      },
      {
        "model": "(comware r5213p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v25)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.6.0.3"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.4"
      },
      {
        "model": "mq light client module for node.js 1.0.2014091000-red",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "9.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.6.0.4"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6"
      },
      {
        "model": "vcx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.8.19"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.8"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.21"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "netezza platform software 7.1.0.5-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "security identity governance and intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "(comware r7377",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125007)"
      },
      {
        "model": "websphere mq for hp nonstop server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.11"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.10"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.5"
      },
      {
        "model": "security network controller 1.0.3394m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.6.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.37"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "9.3-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-rc4-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.12"
      },
      {
        "model": "imc plat e0403p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "flashsystem 9843-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "qlogic virtual fabric extension module for ibm bladecenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3.16.00"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.3"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.5"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.13.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "10.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3.633"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "openscape branch r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "virtual fabric 10gb switch module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.8.23.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "10.2-beta2-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "(comware r1517p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v19105)"
      },
      {
        "model": "hp830 (comware r3507p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.11"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "505)"
      },
      {
        "model": "hsr6800 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "puredata system for analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.13"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.16.0"
      },
      {
        "model": "10.2-release-p8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.41"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.3"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "si4093 image",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.13.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.17"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "9.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.1.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "u200a and m (comware f5123p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "openscape desk phone ip si r3.32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.7"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ctpview 7.1r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "hsr6602 ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "ctpview 7.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.7"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.6"
      },
      {
        "model": "(comware r1210p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105005)"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.22.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.3"
      },
      {
        "model": "openscape voice r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v8"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.6.0.3"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.16.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "nj5000 r1107",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hsr6600 (comware r7103p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.3"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "hsr6800 ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "bigfix platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "tivoli netcool reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1"
      },
      {
        "model": "(comware r1829p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125005)"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "qlogic virtual fabric extension module for ibm bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.1"
      },
      {
        "model": "netezza platform software 7.2.0.7-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.6.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.62"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "10.2-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.3"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "9.3-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "msr20-1x (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "msr3000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.53"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9500e (comware r1829p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "fortidb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "5130hi (comware r1120",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "5500si (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "flashsystem 9848-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "9.3-beta1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.33"
      },
      {
        "model": "openscape branch r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v8"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.12"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35001.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.5"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.2"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.6"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "flashsystem 9846-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.2"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "93x5)"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.18"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1.1"
      },
      {
        "model": "websphere mq advanced message security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-8.0.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "10.1-release-p23",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.4"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "bundle of g8264cs image",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "10.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.7"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "ctpview 7.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "9.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "(comware r3113p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19507)"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.12"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.3"
      },
      {
        "model": "9.3-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "(comware r6710p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75005)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.7"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.9"
      },
      {
        "model": "fortiwan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014090801"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "oncommand unified manager for clustered data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "6.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "(comware r2111p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v25)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "(comware r1150",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129007)"
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "websphere mq for hp nonstop server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.10"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "305)"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "10.1-release-p25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.4.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "mobile foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "flex system chassis management module 2pet",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.6"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.7"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.2"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.8"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "xcode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.16.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.6"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.3"
      },
      {
        "model": "secblade fw (comware r3181p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "4210g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.32"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "systems insight manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "6125g/xg blade switch r2112p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.8"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "9.3-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.2"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.16.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "7.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "oncommand unified manager host package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.6.0.4"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.2-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.9"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "virtual fabric 10gb switch module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.9.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "78623"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.1.1",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.12.9",
                "versionStartIncluding": "0.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.10.41",
                "versionStartIncluding": "0.10.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.3",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lo\u0026amp;iuml;c Jonas Etienne(Qnective AG)",
    "sources": [
      {
        "db": "BID",
        "id": "78623"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3194",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-3194",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-3194",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3194",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3194",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the affected application; denying service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c05157667\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05157667\nVersion: 1\n\nHPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware,\nRemote Denial of Service (DoS), Disclosure of Information, Cross-Site Request\nForgery (CSRF)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-06-01\nLast Updated: 2016-06-01\n\nPotential Security Impact: Remote Cross-Site Request Forgery (CSRF), Denial\nof Service (DoS), Disclosure of Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential security vulnerabilities have been identified in HPE\nBladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities\ninclude:\n\nThe SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"POODLE\", which could be exploited remotely\nresulting in disclosure of information. \nThe Cross-protocol Attack on TLS using SSLv2 also known as \"DROWN\", which\ncould be exploited remotely resulting in disclosure of information. \nAdditional OpenSSL and OpenSSH vulnerabilities which could be remotely\nexploited resulting in Denial of Service (DoS), disclosure of information, or\nCross-site Request Forgery (CSRF). \n\nReferences:\n\nCVE-2016-0800\nCVE-2016-0799\nCVE-2016-2842\nCVE-2015-1789\nCVE-2015-1791\nCVE-2015-3194\nCVE-2015-0705\nCVE-2015-5600\nCVE-2014-3566\nCVE-2008-5161\nSSRT102281\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nThe following firmware versions of Virtual Connect (VC) are impacted:\n\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21\n\nNote: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800,\nCVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and\nCVE-2016-2842. \n\nThe following products run the impacted versions of Virtual Connect (VC)\nfirmware:\n\nHPE VC Flex-10 10Gb Enet Module\nHPE Virtual Connect Flex-10/10D Module for c-Class BladeSystem\nHPE Virtual Connect FlexFabric 10Gb/24-port Module for c-Class BladeSystem\nHPE Virtual Connect FlexFabric-20/40 F8 Module for c-Class BladeSystem\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2016-0800    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-3194    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3566    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2008-5161    (AV:N/AC:H/Au:N/C:P/I:N/A:N)        2.6\nCVE-2015-0705    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2016-0799    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2016-2842    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5600    (AV:N/AC:L/Au:N/C:P/I:N/A:C)        8.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHPE has provided an updated version of the BladeSystem c-Class Virtual\nConnect (VC) firmware to address these vulnerabilities. \n\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware v4.50\n\nThe update can be downloaded from: http://h20564.www2.hpe.com/hpsc/swd/public\n/detail?swItemId=MTX_1f352fb404f5410d9b2ca1b56d\n\nHISTORY\nVersion:1 (rev.1) - 1 June 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2015:2617-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-2617.html\nIssue date:        2015-12-14\nCVE Names:         CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nA NULL pointer derefernce flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could possibly\nuse this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server\nusing OpenSSL if it enabled client authentication. (CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\n\nppc64:\nopenssl-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-static-1.0.1e-42.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\naarch64:\nopenssl-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.aarch64.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3194\nhttps://access.redhat.com/security/cve/CVE-2015-3195\nhttps://access.redhat.com/security/cve/CVE-2015-3196\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://openssl.org/news/secadv/20151203.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4\ndpIS/iR9oiOKMXJY5t447ME=\n=qvLr\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz:  Upgraded. \n  Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). \n  For more information, see:\n    https://openssl.org/news/secadv_20151203.txt\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n5e45a22283b41aaf4f867918746ebc1d  openssl-0.9.8zh-i486-1_slack13.0.txz\n0ad74b36ce143d28e15dfcfcf1fcb483  openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\nc360d323a2bed57c62d6699b2d4be65e  openssl-0.9.8zh-x86_64-1_slack13.0.txz\n122240badbfbe51c842a9102d3cfe30f  openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1bf98b27573b20a7de5f6359f3eadbd7  openssl-0.9.8zh-i486-1_slack13.1.txz\n2b732f1f29de1cb6078fd1ddda8eb9ec  openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n735c3bbc55902ec57e46370cde32ea4b  openssl-0.9.8zh-x86_64-1_slack13.1.txz\n483f506f3b86572e60fe4c46a67c226b  openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n9af41ba336c64b92d5bbd86c17a93e94  openssl-0.9.8zh-i486-1_slack13.37.txz\nb83170b9c5ec56b4e2dc882b3c64b306  openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n2220ff161d0bf3635d2dea7caae6e5e7  openssl-0.9.8zh-x86_64-1_slack13.37.txz\n17b3e8884f383e3327d5e4a6080634cb  openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nced42bc3799f2b54aeb3b631a2864b90  openssl-1.0.1q-i486-1_slack14.0.txz\n52965f98ee30e8f3d22bde6b0fe7f53b  openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ncbf49f09bdcebc61cf7fcb2857dc3a71  openssl-1.0.1q-x86_64-1_slack14.0.txz\n156911f58b71ee6369467d8fec34a59f  openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n36d5f60b634788d4315ffb46ef6d4d88  openssl-1.0.1q-i486-1_slack14.1.txz\nfc18f566a9a2f5c6adb15d288245403a  openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n03f1832417a79f73b35180a39ae4fb16  openssl-1.0.1q-x86_64-1_slack14.1.txz\nbf447792f23deb14e1fe3f008a6b78a7  openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n27b2974199a970392ed2192bf4a207a9  a/openssl-solibs-1.0.2e-i586-1.txz\n940a7653a6cadb44ce143d3b0e0eaa16  n/openssl-1.0.2e-i586-1.txz\n\nSlackware x86_64 -current packages:\n8636a45f49d186d505b356b9be66309b  a/openssl-solibs-1.0.2e-x86_64-1.txz\n87c33a76a94993864a52bfe4e5d5b2f0  n/openssl-1.0.2e-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \nCorrected:      2015-12-03 21:18:48 UTC (stable/10, 10.2-STABLE)\n                2015-12-05 09:53:58 UTC (releng/10.2, 10.2-RELEASE-p8)\n                2015-12-05 09:53:58 UTC (releng/10.1, 10.1-RELEASE-p25)\n                2015-12-03 21:24:40 UTC (stable/9, 9.3-STABLE)\n                2015-12-05 09:53:58 UTC (releng/9.3, 9.3-RELEASE-p31)\nCVE Name:       CVE-2015-3194, CVE-2015-3195, CVE-2015-3196\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII.  [CVE-2015-3196]\n\nIII. [CVE-2015-3194]  This affects FreeBSD 10.x only. [CVE-2015-3196].  This affects FreeBSD 10.1 only. \n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nReboot is optional but recommended. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nReboot is optional but recommended. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-9.3.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\n[FreeBSD 10.2]\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.2.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.2.patch.asc\n# gpg --verify openssl-10.2.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/9/                                                         r291722\nreleng/9.3/                                                       r291854\nstable/10/                                                        r291721\nreleng/10.1/                                                      r291854\nreleng/10.2/                                                      r291854\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. Description:\n\nThis release of Red Hat JBoss Core Services httpd 2.4.23 serves as a\nreplacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2012-1148)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nand CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team)\nas the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),\nHanno BAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,\nCVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj\nSomorovsky as the original reporter of CVE-2016-2107; Yuval Yarom\n(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv\nUniversity), and Nadia Heninger (University of Pennsylvania) as the\noriginal reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as\nthe original reporter of CVE-2016-0705. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n801648 - CVE-2012-1148 expat: Memory leak in poolGrow\n1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service\n1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import\n1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()\n1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression\n1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS\n1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code\n1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation\n1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption\n1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions\n1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds\n1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file\n1332820 - CVE-2016-4483 libxml2: out-of-bounds read\n1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar\n1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName\n1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs\n1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral\n1338700 - CVE-2016-4448 libxml2: Format string vulnerability\n1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content\n1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey\n1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString\n1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal\n1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup\n1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat\n1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass\n1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert\n1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates\n1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI\n1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. \n\nNOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE\n0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS\nPER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS. \n\nBN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)\n==================================================================\n\nSeverity: Moderate\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring procedure. No\nEC algorithms are affected. Analysis suggests that attacks against RSA and DSA\nas a result of this defect would be very difficult to perform and are not\nbelieved likely. Attacks against DH are considered just feasible (although very\ndifficult) because most of the work necessary to deduce information\nabout a private key may be performed offline. The amount of resources\nrequired for such an attack would be very significant and likely only\naccessible to a limited number of attackers. An attacker would\nadditionally need online access to an unpatched system using the target\nprivate key in a scenario with persistent DH parameters and a private\nkey that is shared between multiple clients. For example this can occur by\ndefault in OpenSSL DHE based SSL/TLS ciphersuites. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\n\nThis issue was reported to OpenSSL on August 13 2015 by Hanno\nB\u00f6ck. The fix was developed by Andy Polyakov of the OpenSSL\ndevelopment team. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any certificate\nverification operation and exploited in a DoS attack. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\nOpenSSL 1.0.1 users should upgrade to 1.0.1q\n\nThis issue was reported to OpenSSL on August 27 2015 by Lo\u00efc Jonas Etienne\n(Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL\ndevelopment team. This structure is used by the PKCS#7 and CMS routines so any\napplication which reads PKCS#7 or CMS data from untrusted sources is affected. \nSSL/TLS is not affected. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\nOpenSSL 1.0.1 users should upgrade to 1.0.1q\nOpenSSL 1.0.0 users should upgrade to 1.0.0t\nOpenSSL 0.9.8 users should upgrade to 0.9.8zh\n\nThis issue was reported to OpenSSL on November 9 2015 by Adam Langley\n(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen\nHenson of the OpenSSL development team. \n\nRace condition handling PSK identify hint (CVE-2015-3196)\n=========================================================\n\nSeverity: Low\n\nIf PSK identity hints are received by a multi-threaded client then\nthe values are wrongly updated in the parent SSL_CTX structure. \n\nThis issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously\nlisted in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0\nand has not been previously fixed in an OpenSSL 1.0.0 release. \n\nThe fix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nAnon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)\n============================================================\n\nSeverity: Low\n\nIf a client receives a ServerKeyExchange for an anonymous DH ciphersuite with\nthe value of p set to 0 then a seg fault can occur leading to a possible denial\nof service attack. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\n\nThis issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nversions will be provided after that date. In the absence of significant\nsecurity issues being identified prior to that date, the 1.0.0t and 0.9.8zh\nreleases will be the last for those versions. Users of these versions are\nadvised to upgrade. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20151203.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "db": "BID",
        "id": "78623"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3194"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "134650"
      },
      {
        "db": "PACKETSTORM",
        "id": "136992"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3194",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "78623",
        "trust": 1.4
      },
      {
        "db": "JUNIPER",
        "id": "JSA10761",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.1
      },
      {
        "db": "PULSESECURE",
        "id": "SA40100",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1034294",
        "trust": 1.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU95113540",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115",
        "trust": 0.8
      },
      {
        "db": "MCAFEE",
        "id": "SB10203",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3194",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137294",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134782",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134859",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134650",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136992",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140182",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169632",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3194"
      },
      {
        "db": "BID",
        "id": "78623"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "134650"
      },
      {
        "db": "PACKETSTORM",
        "id": "136992"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "id": "VAR-201512-0483",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.391459985
  },
  "last_update_date": "2024-07-22T22:33:37.136000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBMU03590",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "title": "HPSBMU03611",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "title": "HPSBMU03612",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "Release Strategy",
        "trust": 0.8,
        "url": "https://www.openssl.org/policies/releasestrat.html"
      },
      {
        "title": "Add PSS parameter check. (d8541d7)",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=d8541d7e9e63bf5f343af24644046c8d96498c17"
      },
      {
        "title": "Add PSS parameter check. (c394a48)",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674e"
      },
      {
        "title": "Certificate verify crash with missing PSS parameter (CVE-2015-3194)",
        "trust": 0.8,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "title": "Bug 1288320",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288320"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "April 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152617 - security advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-3413-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=82bedc073c0f22b408ebaf092ed8621c"
      },
      {
        "title": "Red Hat: CVE-2015-3194",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3194"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2830-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-614",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-614"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720151203\u0027 Advisory Affects Tenable SecurityCenter",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-01"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2015-3194, 3195, 3196 -- Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=62ab21cc073446940abce12c35db3049"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151204-openssl"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "Symantec Security Advisories: SA105 : OpenSSL Vulnerabilities 3-Dec-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a924415f718a299b2d1e8046890941f3"
      },
      {
        "title": "Debian CVElist Bug Report Logs: Security fixes from the April 2016 CPU",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=6bed8fb34e63f7953d08e5701d75ec01"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3194 "
      },
      {
        "title": "changelog",
        "trust": 0.1,
        "url": "https://github.com/halon/changelog "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "trust": 1.4,
        "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-2617.html"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3413"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-december/173801.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html"
      },
      {
        "trust": 1.1,
        "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/78623"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04944173"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131085"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05111017"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.1,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40100"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288320"
      },
      {
        "trust": 1.1,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151204-openssl"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2830-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05398322"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1034294"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=c394a488942387246653833359a5c94b5832674e"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=d8541d7e9e63bf5f343af24644046c8d96498c17"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3194"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95113540/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3194"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.3,
        "url": "https://kb.netapp.com/support/index?page=content\u0026id=9010051\u0026actp=rss"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2016/oct/msg00005.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10203"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/dec/23"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05398322"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04944173"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085 "
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05157667"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023836"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023987"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099199"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099200"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099210"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099426"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981021"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021091"
      },
      {
        "trust": 0.3,
        "url": "https://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2016-02-17.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://networks.unify.com/security/advisories/obso-1512-02.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21979528"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000128"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978415"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21979761"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005656"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005657"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005669"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005694"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005702"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974168"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974459"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976148"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976419"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977265"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978085"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978238"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978239"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979086"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980207"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980965"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980969"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981765"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982172"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982877"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982883"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983532"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984021"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985739"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986593"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000058"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983823"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982347"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.3,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.3,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3194"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3196"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1794"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/476.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:2617"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2830-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42530"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/swd/public"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5161"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0800"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightcontrol"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3193"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://openssl.org/news/secadv_20151203.txt"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1794"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:26/openssl-10.2.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3194\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:26/openssl-10.1.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20151203.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:26/openssl-10.1.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3196\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-15:26.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:26/openssl-9.3.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3195\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:26/openssl-10.2.patch"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:26/openssl-9.3.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/hpsim"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-8612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5420"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5419"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7141"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20151203.txt"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3194"
      },
      {
        "db": "BID",
        "id": "78623"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "134650"
      },
      {
        "db": "PACKETSTORM",
        "id": "136992"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3194"
      },
      {
        "db": "BID",
        "id": "78623"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "134650"
      },
      {
        "db": "PACKETSTORM",
        "id": "136992"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3194"
      },
      {
        "date": "2015-12-03T00:00:00",
        "db": "BID",
        "id": "78623"
      },
      {
        "date": "2015-12-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "date": "2016-06-02T16:22:00",
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "date": "2015-12-14T16:39:59",
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "date": "2016-06-02T19:12:12",
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "date": "2015-12-16T20:20:47",
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "date": "2015-12-06T13:33:33",
        "db": "PACKETSTORM",
        "id": "134650"
      },
      {
        "date": "2016-05-13T16:14:35",
        "db": "PACKETSTORM",
        "id": "136992"
      },
      {
        "date": "2016-12-16T16:34:49",
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "date": "2015-12-03T12:12:12",
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "date": "2015-12-06T20:59:04.707000",
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3194"
      },
      {
        "date": "2017-12-19T22:37:00",
        "db": "BID",
        "id": "78623"
      },
      {
        "date": "2016-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "date": "2023-11-07T02:25:31.567000",
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "78623"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/rsa/rsa_ameth.c Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "78623"
      }
    ],
    "trust": 0.3
  }
}

var-201505-0233
Vulnerability from variot

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. OpenSSL is prone to a security-bypass vulnerability because the application fails to properly verify SSL, TLS, and DTLS certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions. This may aid in further attacks. OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n, and 1.0.1o are vulnerable.

Release Date: 2015-08-05 Last Updated: 2015-08-05

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled.

This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information.

References:

CVE-2015-4000: DHE man-in-the-middle protection (Logjam).

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1793 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided an updated version of OpenSSL to resolve this vulnerability.

A new B.11.31 depot for OpenSSL_A.01.00.01p is available here:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I

MANUAL ACTIONS: Yes - Update

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.31

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.01.00.01p or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 5 August 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. 6) - i386, x86_64

IBM Java SDK and JRE 5.0 will not receive software updates after September 2015. This date is referred to as the End of Service (EOS) date. Customers are advised to migrate to current versions of IBM Java at this time. IBM Java SDK and JRE versions 6 and 7 are available via the Red Hat Enterprise Linux 5 and 6 Supplementary content sets and will continue to receive updates based on IBM's lifecycle policy, linked to in the References section.

Customers can also consider OpenJDK, an open source implementation of the Java SE specification. OpenJDK is available by default on supported hardware architectures. ============================================================================ Ubuntu Security Notice USN-2656-2 July 15, 2015

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS

Summary:

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Software Description: - firefox: Mozilla Open Source web browser

Details:

USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and later releases.

This update provides the corresponding update for Ubuntu 12.04 LTS.

Original advisory details:

Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. (CVE-2015-2721)

Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. (CVE-2015-2722, CVE-2015-2733)

Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory safety issues in Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2726)

Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. (CVE-2015-2727)

Paul Bandha discovered a type confusion bug in the Indexed DB Manager. (CVE-2015-2728)

Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-2729)

Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730)

A use-after-free was discovered when a Content Policy modifies the DOM to remove a DOM object. (CVE-2015-2731)

Ronald Crane discovered multiple security vulnerabilities. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)

David Keeler discovered that key pinning checks can be skipped when an overridable certificate error occurs. This allows a user to manually override an error for a fake certificate, but cannot be exploited on its own. (CVE-2015-2741)

Jonas Jenwald discovered that some internal workers were incorrectly executed with a high privilege. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS: firefox 39.0+build5-0ubuntu0.12.04.2

After a standard system update you need to restart Firefox to make all the necessary changes.

CVE-2015-4000

David Adrian et al. reported that it may be feasible to attack
Diffie-Hellman-based cipher suites in certain circumstances,
compromising the confidentiality and integrity of data encrypted
with Transport Layer Security (TLS).

CVE-2015-7181 CVE-2015-7182 CVE-2016-1950

Tyson Smith, David Keeler, and Francis Gabriel discovered
heap-based buffer overflows in the ASN.1 DER parser, potentially
leading to arbitrary code execution.

CVE-2015-7575

Karthikeyan Bhargavan discovered that TLS client implementation
accepted MD5-based signatures for TLS 1.2 connections with forward
secrecy, weakening the intended security strength of TLS
connections.

CVE-2016-1938

Hanno Boeck discovered that NSS miscomputed the result of integer
division for certain inputs.  This could weaken the cryptographic
protections provided by NSS.  However, NSS implements RSA-CRT leak
hardening, so RSA private keys are not directly disclosed by this
issue.

CVE-2016-1978

Eric Rescorla discovered a user-after-free vulnerability in the
implementation of ECDH-based TLS handshakes, with unknown
consequences.

CVE-2016-1979

Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER
processing, with application-specific impact.

CVE-2016-2834

Tyson Smith and Jed Davis discovered unspecified memory-safety
bugs in NSS.

In addition, the NSS library did not ignore environment variables in processes which underwent a SUID/SGID/AT_SECURE transition at process start. In certain system configurations, this allowed local users to escalate their privileges.

For the stable distribution (jessie), these problems have been fixed in version 2:3.26-1+debu8u1.

For the unstable distribution (sid), these problems have been fixed in version 2:3.23-1. HP Integration Adaptor v9.12. For further information, see the knowledge base article linked to in the References section.

Security Fix(es):

  • A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)

  • Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)

  • A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-4000)

  • An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105)

  • An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2106)

  • It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-3110)

  • A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)

  • It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. (CVE-2016-4459)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for reporting CVE-2016-3110. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105 and CVE-2016-2106. Bugs fixed (https://bugzilla.redhat.com/):

1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1345989 - RHEL7 RPMs: Upgrade mod_cluster-native to 1.2.13.Final-redhat-1 1345993 - RHEL7 RPMs: Upgrade mod_jk to 1.2.41.redhat-1 1345997 - RHEL7 RPMs: Upgrade tomcat-native to 1.1.34

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2015:1229-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1229.html Issue date: 2015-07-15 CVE Names: CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 =====================================================================

  1. Summary:

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

  1. Description:

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733)

A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601)

A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808)

Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change.

A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000)

Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change.

It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749)

Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632)

A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625)

Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.

All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher 1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694) 1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865) 1242232 - CVE-2015-2628 OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376) 1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397) 1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405) 1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409) 1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374) 1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853) 1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378) 1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520) 1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715) 1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm

i386: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.i686.rpm

x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.i686.rpm

noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm

x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm

x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm

x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm

i386: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.i686.rpm

x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.i686.rpm

noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm

x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm

i386: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.i686.rpm

x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.i686.rpm

noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm

x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm

x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm

x86_64: java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm

x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm

x86_64: java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm

ppc64: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm

s390x: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.s390x.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.s390x.rpm java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.s390x.rpm

x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.ael7b_1.src.rpm

ppc64le: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm

ppc64: java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm

s390x: java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.s390x.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.s390x.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.s390x.rpm

x86_64: java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.ael7b_1.noarch.rpm

ppc64le: java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm

x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm

x86_64: java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2015-2590 https://access.redhat.com/security/cve/CVE-2015-2601 https://access.redhat.com/security/cve/CVE-2015-2621 https://access.redhat.com/security/cve/CVE-2015-2625 https://access.redhat.com/security/cve/CVE-2015-2628 https://access.redhat.com/security/cve/CVE-2015-2632 https://access.redhat.com/security/cve/CVE-2015-2808 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/cve/CVE-2015-4731 https://access.redhat.com/security/cve/CVE-2015-4732 https://access.redhat.com/security/cve/CVE-2015-4733 https://access.redhat.com/security/cve/CVE-2015-4748 https://access.redhat.com/security/cve/CVE-2015-4749 https://access.redhat.com/security/cve/CVE-2015-4760 https://access.redhat.com/security/updates/classification/#critical https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11 https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFVpliAXlSAg2UNWIIRAmDIAKC0SKJPEBiUrI0sgDcQMZTM/nm7nwCfUIje QU57Hj/UGZeY+OmKchPFPcI= =miFC -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - x86_64

  1. Description:

Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Future updates may raise this limit to 1024 bits.

The nss and nss-util packages have been upgraded to upstream versions 3.19.1. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Bugs fixed (https://bugzilla.redhat.com/):

1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

6. OpenSSL Security Advisory [11 Jun 2015]

DHE man-in-the-middle protection (Logjam)

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000).

OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n

Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx of the OpenSSL development team.

Malformed ECParameters causes infinite loop (CVE-2015-1788)

Severity: Moderate

When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field.

This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled. 1.0.0d and 0.9.8r and below are affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The fix was developed by Andy Polyakov of the OpenSSL development team.

Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)

Severity: Moderate

X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string.

An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki (Google), and independently on 11th April 2015 by Hanno Böck. The fix was developed by Emilia Käsper of the OpenSSL development team.

PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)

Severity: Moderate

The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.

Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 18th April 2015 by Michal Zalewski (Google). The fix was developed by Emilia Käsper of the OpenSSL development team.

CMS verify infinite loop with unknown hash function (CVE-2015-1792)

Severity: Moderate

When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID.

This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Race condition handling NewSessionTicket (CVE-2015-1791)

Severity: Low

If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was discovered by Emilia Käsper of the OpenSSL development team. The fix was developed by Matt Caswell of the OpenSSL development team.

Invalid free in DTLS (CVE-2014-8176)

Severity: Moderate

This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014.

If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption.

This issue was originally reported on March 28th 2014 in https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google). A fix was developed by zhu qun-ying.

The fix for this issue can be identified by commits bcc31166 (1.0.1), b79e6e3a (1.0.0) and 4b258e73 (0.9.8).

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150611.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

. DH parameter with 1024 bits is used by default. Allow to configure custom DHE or ECDHE parameters by appending the concerned parameter file to the certificate file given for the SSLCertificateFile directive.

CVE-2015-2808:

Disable RC4 cipher in configuration file

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201505-0233",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "seamonkey",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "2.35"
      },
      {
        "model": "firefox os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "2.2"
      },
      {
        "model": "internet explorer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.04"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.8.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": null
      },
      {
        "model": "content manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "11.0"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "linux enterprise software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.10"
      },
      {
        "model": "sparc-opl service processor",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.3"
      },
      {
        "model": "jrockit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "r28.3.6"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "39.0"
      },
      {
        "model": "firefox esr",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "31.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "thunderbird",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "38.1"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": "thunderbird",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "31.8"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "b.11.31"
      },
      {
        "model": "firefox esr",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "38.1.0"
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.6.0"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "3.19"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "browser",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opera",
        "version": null
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.8.0"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.6.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.9,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "hp-ux b.11.22",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "junos 12.1x44-d33",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.4"
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "junos 13.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.35"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "agile engineering data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.2.2"
      },
      {
        "model": "ios xe",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.14"
      },
      {
        "model": "rational automation framework ifix5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "hp-ux b.11.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13-34"
      },
      {
        "model": "junos 12.1x44-d51",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "imc products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.16-37"
      },
      {
        "model": "digital media players 5.3 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "junos 12.1x44-d50",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4-23"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.25-57"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-43"
      },
      {
        "model": "telepresence conductor xc4.0",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios xe",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.16"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "ethernet switch es2-64",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.0.6"
      },
      {
        "model": "ios xe",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.15"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "junos 12.3x48-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.5"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.11-28"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "ethernet switch es2-72",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.0.6"
      },
      {
        "model": "junos 15.1r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.36"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "junos 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5.1"
      },
      {
        "model": "junos 14.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ethernet switch es2-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.9.1"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.5"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.34"
      },
      {
        "model": "digital media players 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "jd edwards world security a9.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "junos 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sun blade ethernet switched nem 24p 10ge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "60000"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "registered envelope service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4.1"
      },
      {
        "model": "aspera orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ethernet switch es2-72",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.9.1"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "partner supporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9.15.9.8"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.15-36"
      },
      {
        "model": "junos 12.1x44-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x44-d30.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 15.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "junos d20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "prime network services controller 3.4.1c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.6.0"
      },
      {
        "model": "hp-ux b.11.11.16.09",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9"
      },
      {
        "model": "webex messenger service ep1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9.9"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "switch es1-24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2919"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "hp-ux b.11.11.13.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 14.1r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "ios xe",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.13"
      },
      {
        "model": "10.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "hp-ux b.11.23.1.007",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.5.0"
      },
      {
        "model": "sun network 10ge switch 72p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.3.4.2-4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.29-9"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security manager sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.8"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "rational tau interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "local collector appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.10"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 13.2x51-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "junos 14.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "hp-ux b.11.11.02.008",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.0"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "aspera point to point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.5"
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1x46-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "netinsight",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.14"
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "esight network v300r003c10spc201",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "agile engineering data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.3.0"
      },
      {
        "model": "socialminer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "junos 14.2r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.3.0"
      },
      {
        "model": "aspera faspex application",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.2"
      },
      {
        "model": "asa cx and cisco prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 13.2x51-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "model d9485 davic qpsk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.24"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "vcx products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "agile engineering data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.0.0"
      },
      {
        "model": "junos 12.1x47-d45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "nexus series fex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "tuxedo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1.0"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3"
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1"
      },
      {
        "model": "rational tau interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "hp-ux b.11.11.17.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.18-49"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "puredata system for analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "industrial router 1.2.1rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.13-41"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.31"
      },
      {
        "model": "hp-ux b.11.23.07.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "netezza host management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.7.0"
      },
      {
        "model": "unified attendant console standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9-34"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "security proventia network active bypass 0343c3c",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.23"
      },
      {
        "model": "junos 12.1x46-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "junos 12.3r11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aspera proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.2"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "junos 13.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "esight network v300r003c10spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.2"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "junos 15.1x49-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "switch es1-24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.4"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-42"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "junos 14.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.4"
      },
      {
        "model": "aspera enterprise server client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "aspera ondemand",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.4"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "junos 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1876"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "connected analytics for collaboration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud service automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.5"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "hp-ux b.11.11.14.15",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1x44-d35.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "junos 12.3x48-d30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.32"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sun blade ethernet switched nem 24p 10ge",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "60001.2.2.13"
      },
      {
        "model": "services analytic platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "switch es1-24",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.3.1.3"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.9"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "junos 13.2x51-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "hp-ux b.11.11.15.13",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "emergency responder",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "junos 15.1x49-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "model d9485 davic qpsk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.2.19"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.1"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.33"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.6.0"
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sun network 10ge switch 72p",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.2.2.15"
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.3r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75652"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4000"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.1m",
                "versionStartIncluding": "1.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.2a",
                "versionStartIncluding": "1.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.1m",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:content_manager:8.5:*:*:*:*:enterprise:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jrockit:r28.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update_75:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update45:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update75:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update95:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update80:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1121",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:2.35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:38.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:31.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mozilla:firefox_os:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4000"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132943"
      },
      {
        "db": "PACKETSTORM",
        "id": "133039"
      },
      {
        "db": "PACKETSTORM",
        "id": "132803"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "132697"
      },
      {
        "db": "PACKETSTORM",
        "id": "132439"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2015-4000",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-4000",
            "trust": 1.0,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4000"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue. OpenSSL is prone to a security-bypass vulnerability because the application fails to properly verify SSL, TLS, and DTLS certificates. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions. This may aid in further attacks. \nOpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n, and 1.0.1o are vulnerable. \n\nRelease Date: 2015-08-05\nLast Updated: 2015-08-05\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running\nOpenSSL with SSL/TLS enabled. \n\nThis is the TLS vulnerability using US export-grade 512-bit keys in\nDiffie-Hellman key exchange known as Logjam which could be exploited remotely\nresulting in disclosure of information. \n\nReferences:\n\nCVE-2015-4000: DHE man-in-the-middle protection (Logjam). \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2015-4000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2015-1788    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1793    (AV:N/AC:L/Au:N/C:P/I:P/A:N)       6.4\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided an updated version of OpenSSL to resolve this vulnerability. \n\nA new B.11.31 depot for OpenSSL_A.01.00.01p is available here:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nMANUAL ACTIONS: Yes - Update\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.01.00.01p or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 5 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. 6) - i386, x86_64\n\n3. \n\nIBM Java SDK and JRE 5.0 will not receive software updates after September\n2015. This date is referred to as the End of Service (EOS) date. Customers\nare advised to migrate to current versions of IBM Java at this time. IBM\nJava SDK and JRE versions 6 and 7 are available via the Red Hat Enterprise\nLinux 5 and 6 Supplementary content sets and will continue to receive\nupdates based on IBM\u0027s lifecycle policy, linked to in the References\nsection. \n\nCustomers can also consider OpenJDK, an open source implementation of\nthe Java SE specification. OpenJDK is available by default on supported\nhardware architectures. ============================================================================\nUbuntu Security Notice USN-2656-2\nJuly 15, 2015\n\nfirefox vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n\nSummary:\n\nFirefox could be made to crash or run programs as your login if it\nopened a malicious website. \n\nSoftware Description:\n- firefox: Mozilla Open Source web browser\n\nDetails:\n\nUSN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and\nlater releases. \n\nThis update provides the corresponding update for Ubuntu 12.04 LTS. \n\nOriginal advisory details:\n\n Karthikeyan Bhargavan discovered that NSS incorrectly handled state\n transitions for the TLS state machine. \n (CVE-2015-2721)\n \n Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in\n some circumstances. (CVE-2015-2722,\n CVE-2015-2733)\n \n Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence\n Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru\n Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory\n safety issues in Firefox. (CVE-2015-2724,\n CVE-2015-2725, CVE-2015-2726)\n \n Armin Razmdjou discovered that opening hyperlinks with specific mouse\n and key combinations could allow a Chrome privileged URL to be opened\n without context restrictions being preserved. (CVE-2015-2727)\n \n Paul Bandha discovered a type confusion bug in the Indexed DB Manager. (CVE-2015-2728)\n \n Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a\n user were tricked in to opening a specially crafted website, an attacker\n could potentially exploit this to obtain sensitive information. \n (CVE-2015-2729)\n \n Watson Ladd discovered that NSS incorrectly handled Elliptical Curve\n Cryptography (ECC) multiplication. A remote attacker could possibly use\n this issue to spoof ECDSA signatures. (CVE-2015-2730)\n \n A use-after-free was discovered when a Content Policy modifies the DOM to\n remove a DOM object. (CVE-2015-2731)\n \n Ronald Crane discovered multiple security vulnerabilities. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737,\n CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n \n David Keeler discovered that key pinning checks can be skipped when an\n overridable certificate error occurs. This allows a user to manually\n override an error for a fake certificate, but cannot be exploited on its\n own. (CVE-2015-2741)\n \n Jonas Jenwald discovered that some internal workers were incorrectly\n executed with a high privilege. An attacker could potentially exploit this to impersonate\n the server. (CVE-2015-4000)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n  firefox                         39.0+build5-0ubuntu0.12.04.2\n\nAfter a standard system update you need to restart Firefox to make\nall the necessary changes. \n\nCVE-2015-4000\n\n    David Adrian et al. reported that it may be feasible to attack\n    Diffie-Hellman-based cipher suites in certain circumstances,\n    compromising the confidentiality and integrity of data encrypted\n    with Transport Layer Security (TLS). \n\nCVE-2015-7181\nCVE-2015-7182\nCVE-2016-1950\n\n    Tyson Smith, David Keeler, and Francis Gabriel discovered\n    heap-based buffer overflows in the ASN.1 DER parser, potentially\n    leading to arbitrary code execution. \n\nCVE-2015-7575\n\n    Karthikeyan Bhargavan discovered that TLS client implementation\n    accepted MD5-based signatures for TLS 1.2 connections with forward\n    secrecy, weakening the intended security strength of TLS\n    connections. \n\nCVE-2016-1938\n\n    Hanno Boeck discovered that NSS miscomputed the result of integer\n    division for certain inputs.  This could weaken the cryptographic\n    protections provided by NSS.  However, NSS implements RSA-CRT leak\n    hardening, so RSA private keys are not directly disclosed by this\n    issue. \n\nCVE-2016-1978\n\n    Eric Rescorla discovered a user-after-free vulnerability in the\n    implementation of ECDH-based TLS handshakes, with unknown\n    consequences. \n\nCVE-2016-1979\n\n    Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER\n    processing, with application-specific impact. \n\nCVE-2016-2834\n\n    Tyson Smith and Jed Davis discovered unspecified memory-safety\n    bugs in NSS. \n\nIn addition, the NSS library did not ignore environment variables in\nprocesses which underwent a SUID/SGID/AT_SECURE transition at process\nstart.  In certain system configurations, this allowed local users to\nescalate their privileges. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:3.26-1+debu8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:3.23-1. \nHP Integration Adaptor v9.12. For\nfurther information, see the knowledge base article linked to in the\nReferences section. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. \n(CVE-2016-2108)\n\n* Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\n* A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-4000)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of\ninput data. A remote attacker could use this flaw to crash an application\nusing OpenSSL or, possibly, execute arbitrary code with the permissions of\nthe user running that application. (CVE-2016-2105)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts\nof input data. A remote attacker could use this flaw to crash an\napplication using OpenSSL or, possibly, execute arbitrary code with the\npermissions of the user running that application. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-3110)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. (CVE-2016-4459)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for\nreporting CVE-2016-3110. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno\nBAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105\nand CVE-2016-2106. Bugs fixed (https://bugzilla.redhat.com/):\n\n1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks\n1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1345989 - RHEL7 RPMs: Upgrade mod_cluster-native to 1.2.13.Final-redhat-1\n1345993 - RHEL7 RPMs: Upgrade mod_jk to 1.2.41.redhat-1\n1345997 - RHEL7 RPMs: Upgrade tomcat-native to 1.1.34\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Critical: java-1.7.0-openjdk security update\nAdvisory ID:       RHSA-2015:1229-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1229.html\nIssue date:        2015-07-15\nCVE Names:         CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 \n                   CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 \n                   CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 \n                   CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 \n                   CVE-2015-4749 CVE-2015-4760 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.7.0-openjdk packages that fix multiple security issues are\nnow available for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit. \n\nMultiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI\ncomponents in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2015-4760,\nCVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733)\n\nA flaw was found in the way the Libraries component of OpenJDK verified\nOnline Certificate Status Protocol (OCSP) responses. An OCSP response with\nno nextUpdate date specified was incorrectly handled as having unlimited\nvalidity, possibly causing a revoked X.509 certificate to be interpreted as\nvalid. (CVE-2015-4748)\n\nIt was discovered that the JCE component in OpenJDK failed to use constant\ntime comparisons in multiple cases. An attacker could possibly use these\nflaws to disclose sensitive information by measuring the time used to\nperform operations using these non-constant time comparisons. \n(CVE-2015-2601)\n\nA flaw was found in the RC4 encryption algorithm. When using certain keys\nfor RC4 encryption, an attacker could obtain portions of the plain text\nfrom the cipher text without the knowledge of the encryption key. \n(CVE-2015-2808)\n\nNote: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by\ndefault to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug\n1207101, linked to in the References section, for additional details about\nthis change. \n\nA flaw was found in the way the TLS protocol composed the Diffie-Hellman\n(DH) key exchange. A man-in-the-middle attacker could use this flaw to\nforce the use of weak 512 bit export-grade keys during the key exchange,\nallowing them do decrypt all traffic. (CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenJDK to\nreject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211,\nlinked to in the References section, for additional details about this\nchange. \n\nIt was discovered that the JNDI component in OpenJDK did not handle DNS\nresolutions correctly. An attacker able to trigger such DNS errors could\ncause a Java application using JNDI to consume memory and CPU time, and\npossibly block further DNS resolution. (CVE-2015-4749)\n\nMultiple information leak flaws were found in the JMX and 2D components in\nOpenJDK. An untrusted Java application or applet could use this flaw to\nbypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632)\n\nA flaw was found in the way the JSSE component in OpenJDK performed X.509\ncertificate identity verification when establishing a TLS/SSL connection to\na host identified by an IP address. In certain cases, the certificate was\naccepted as valid if it was issued for a host name to which the IP address\nresolves rather than for the IP address. (CVE-2015-2625)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website. \n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1207101 - CVE-2015-2808 SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher\n1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks\n1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)\n1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)\n1242232 - CVE-2015-2628 OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376)\n1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)\n1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)\n1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)\n1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)\n1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)\n1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)\n1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)\n1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)\n1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm\n\ni386:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.i686.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.i686.rpm\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm\n\ni386:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.i686.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.i686.rpm\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm\n\ni386:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.i686.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.i686.rpm\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm\n\nppc64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm\njava-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm\n\ns390x:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.s390x.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.s390x.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.s390x.rpm\njava-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.s390x.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.ael7b_1.src.rpm\n\nppc64le:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm\njava-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm\n\nppc64:\njava-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm\n\ns390x:\njava-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.s390x.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.s390x.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.s390x.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.s390x.rpm\n\nx86_64:\njava-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.ael7b_1.noarch.rpm\n\nppc64le:\njava-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-2590\nhttps://access.redhat.com/security/cve/CVE-2015-2601\nhttps://access.redhat.com/security/cve/CVE-2015-2621\nhttps://access.redhat.com/security/cve/CVE-2015-2625\nhttps://access.redhat.com/security/cve/CVE-2015-2628\nhttps://access.redhat.com/security/cve/CVE-2015-2632\nhttps://access.redhat.com/security/cve/CVE-2015-2808\nhttps://access.redhat.com/security/cve/CVE-2015-4000\nhttps://access.redhat.com/security/cve/CVE-2015-4731\nhttps://access.redhat.com/security/cve/CVE-2015-4732\nhttps://access.redhat.com/security/cve/CVE-2015-4733\nhttps://access.redhat.com/security/cve/CVE-2015-4748\nhttps://access.redhat.com/security/cve/CVE-2015-4749\nhttps://access.redhat.com/security/cve/CVE-2015-4760\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVpliAXlSAg2UNWIIRAmDIAKC0SKJPEBiUrI0sgDcQMZTM/nm7nwCfUIje\nQU57Hj/UGZeY+OmKchPFPcI=\n=miFC\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 7) - x86_64\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support \ncross-platform development of security-enabled client and server\napplications. Future updates may raise this limit to\n1024 bits. \n\nThe nss and nss-util packages have been upgraded to upstream versions\n3.19.1. The upgraded versions provide a number of bug fixes and\nenhancements over the previous versions. Bugs fixed (https://bugzilla.redhat.com/):\n\n1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks\n\n6. OpenSSL Security Advisory [11 Jun 2015]\n=======================================\n\nDHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA vulnerability in the TLS protocol allows a man-in-the-middle\nattacker to downgrade vulnerable TLS connections using ephemeral\nDiffie-Hellman key exchange to 512-bit export-grade cryptography. This\nvulnerability is known as Logjam (CVE-2015-4000). \n\nOpenSSL has added protection for TLS clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\n\nFixes for this issue were developed by Emilia K\u00e4sper and Kurt Roeckx\nof the OpenSSL development team. \n\nMalformed ECParameters causes infinite loop (CVE-2015-1788)\n===========================================================\n\nSeverity: Moderate\n\nWhen processing an ECParameters structure OpenSSL enters an infinite loop if\nthe curve specified is over a specially malformed binary polynomial field. \n\nThis can be used to perform denial of service against any\nsystem which processes public keys, certificate requests or\ncertificates.  This includes TLS clients and TLS servers with\nclient authentication enabled. 1.0.0d and 0.9.8r and below are\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s\nOpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The\nfix was developed by Andy Polyakov of the OpenSSL development team. \n\nExploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n===============================================================\n\nSeverity: Moderate\n\nX509_cmp_time does not properly check the length of the ASN1_TIME\nstring and can read a few bytes out of bounds. In addition,\nX509_cmp_time accepts an arbitrary number of fractional seconds in the\ntime string. \n\nAn attacker can use this to craft malformed certificates and CRLs of\nvarious sizes and potentially cause a segmentation fault, resulting in\na DoS on applications that verify certificates or CRLs. TLS clients\nthat verify CRLs are affected. TLS clients and servers with client\nauthentication enabled may be affected if they use custom verification\ncallbacks. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki\n(Google), and independently on 11th April 2015 by Hanno B\u00f6ck. The fix\nwas developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n=========================================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\nwith missing content and trigger a NULL pointer dereference on parsing. \n\nApplications that decrypt PKCS#7 data or otherwise parse PKCS#7\nstructures from untrusted sources are affected. OpenSSL clients and\nservers are not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 18th April 2015 by  Michal\nZalewski (Google). The fix was developed by Emilia K\u00e4sper of the\nOpenSSL development team. \n\nCMS verify infinite loop with unknown hash function (CVE-2015-1792)\n===================================================================\n\nSeverity: Moderate\n\nWhen verifying a signedData message the CMS code can enter an infinite loop\nif presented with an unknown hash function OID. \n\nThis can be used to perform denial of service against any system which\nverifies signedData messages using the CMS code. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The\nfix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nRace condition handling NewSessionTicket (CVE-2015-1791)\n========================================================\n\nSeverity: Low\n\nIf a NewSessionTicket is received by a multi-threaded client when attempting to\nreuse a previous ticket then a race condition can occur potentially leading to\na double free of the ticket data. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was discovered by Emilia K\u00e4sper of the OpenSSL development team. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nInvalid free in DTLS (CVE-2014-8176)\n====================================\n\nSeverity: Moderate\n\nThis vulnerability does not affect current versions of OpenSSL. It\nexisted in previous OpenSSL versions and was fixed in June 2014. \n\nIf a DTLS peer receives application data between the ChangeCipherSpec\nand Finished messages, buffering of such data may cause an invalid\nfree, resulting in a segmentation fault or potentially, memory\ncorruption. \n\nThis issue was originally reported on March 28th 2014 in\nhttps://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen\nKariyanahalli, and subsequently by Ivan Fratric and Felix Groebert\n(Google). A fix was developed by zhu qun-ying. \n\nThe fix for this issue can be identified by commits bcc31166 (1.0.1),\nb79e6e3a (1.0.0) and 4b258e73 (0.9.8). \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150611.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. \nDH parameter with 1024 bits is used by default. \nAllow to configure custom DHE or ECDHE parameters by appending the concerned\nparameter file to the certificate file given for the SSLCertificateFile\ndirective. \n\nCVE-2015-2808:\n\nDisable RC4 cipher in configuration file",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4000"
      },
      {
        "db": "BID",
        "id": "75652"
      },
      {
        "db": "PACKETSTORM",
        "id": "132835"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132943"
      },
      {
        "db": "PACKETSTORM",
        "id": "133039"
      },
      {
        "db": "PACKETSTORM",
        "id": "132699"
      },
      {
        "db": "PACKETSTORM",
        "id": "133990"
      },
      {
        "db": "PACKETSTORM",
        "id": "132803"
      },
      {
        "db": "PACKETSTORM",
        "id": "139002"
      },
      {
        "db": "PACKETSTORM",
        "id": "133337"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "132921"
      },
      {
        "db": "PACKETSTORM",
        "id": "132697"
      },
      {
        "db": "PACKETSTORM",
        "id": "132439"
      },
      {
        "db": "PACKETSTORM",
        "id": "132413"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "PACKETSTORM",
        "id": "135172"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4000",
        "trust": 2.9
      },
      {
        "db": "SECTRACK",
        "id": "1033064",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1034884",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032777",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032649",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1033065",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032865",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032784",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032871",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1033760",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1033067",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1036218",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1033222",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032778",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032637",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032759",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1033208",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1033430",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1034087",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032702",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032783",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032648",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032476",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1033991",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1040630",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032960",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1033891",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032856",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1033416",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032910",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1033513",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032475",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032651",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032727",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032864",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1033341",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1033433",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032688",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032645",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1033019",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1033209",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032652",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032654",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032655",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032932",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032653",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032474",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1034728",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032650",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1033385",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1033210",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032699",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032884",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032656",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1032647",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/05/20/8",
        "trust": 1.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10681",
        "trust": 1.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10727",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "74733",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.0
      },
      {
        "db": "MCAFEE",
        "id": "SB10122",
        "trust": 1.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10694",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "75652",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "139002",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132835",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132973",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132943",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133039",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132699",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "135172",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133337",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139114",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132921",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132697",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132439",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132413",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169629",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75652"
      },
      {
        "db": "PACKETSTORM",
        "id": "139002"
      },
      {
        "db": "PACKETSTORM",
        "id": "132835"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132943"
      },
      {
        "db": "PACKETSTORM",
        "id": "133039"
      },
      {
        "db": "PACKETSTORM",
        "id": "132699"
      },
      {
        "db": "PACKETSTORM",
        "id": "133990"
      },
      {
        "db": "PACKETSTORM",
        "id": "132803"
      },
      {
        "db": "PACKETSTORM",
        "id": "135172"
      },
      {
        "db": "PACKETSTORM",
        "id": "133337"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "132921"
      },
      {
        "db": "PACKETSTORM",
        "id": "132697"
      },
      {
        "db": "PACKETSTORM",
        "id": "132439"
      },
      {
        "db": "PACKETSTORM",
        "id": "132413"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4000"
      }
    ]
  },
  "id": "VAR-201505-0233",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.54851742
  },
  "last_update_date": "2024-07-22T21:28:15.176000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4000"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 1.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1544.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1604.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2656-2"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2656-1"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1486.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1229.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1185.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "trust": 1.0,
        "url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"
      },
      {
        "trust": 1.0,
        "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
      },
      {
        "trust": 1.0,
        "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04876402"
      },
      {
        "trust": 1.0,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04949778"
      },
      {
        "trust": 1.0,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10681"
      },
      {
        "trust": 1.0,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10727"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/159314.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/159351.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160117.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143506486712441\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143557934009303\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143558092609708\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143628304012255\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143637549705650\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143655800220052\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050121701297\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=144061542602287\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=145409266329539\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openwall.com/lists/oss-security/2015/05/20/8"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1072.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1197.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1228.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1230.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1241.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1242.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1243.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1485.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1488.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1526.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1624.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.apple.com/kb/ht204941"
      },
      {
        "trust": 1.0,
        "url": "http://support.apple.com/kb/ht204942"
      },
      {
        "trust": 1.0,
        "url": "http://support.citrix.com/article/ctx201114"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"
      },
      {
        "trust": 1.0,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"
      },
      {
        "trust": 1.0,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"
      },
      {
        "trust": 1.0,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
      },
      {
        "trust": 1.0,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"
      },
      {
        "trust": 1.0,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"
      },
      {
        "trust": 1.0,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"
      },
      {
        "trust": 1.0,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"
      },
      {
        "trust": 1.0,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2015/dsa-3287"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2015/dsa-3300"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2015/dsa-3316"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2015/dsa-3324"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2015/dsa-3339"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2016/dsa-3688"
      },
      {
        "trust": 1.0,
        "url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
      },
      {
        "trust": 1.0,
        "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/74733"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032474"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032475"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032476"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032637"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032645"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032647"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032648"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032649"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032650"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032651"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032652"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032653"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032654"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032655"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032656"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032688"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032699"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032702"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032727"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032759"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032777"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032778"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032783"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032784"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032856"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032864"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032865"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032871"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032884"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032910"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032932"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1032960"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033019"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033064"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033065"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033067"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033208"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033209"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033210"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033222"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033341"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033385"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033416"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033430"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033433"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033513"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033760"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033891"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1033991"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1034087"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1034728"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1034884"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1036218"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1040630"
      },
      {
        "trust": 1.0,
        "url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/releasenotes/releasenotes.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-2673-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-2696-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-2706-1"
      },
      {
        "trust": 1.0,
        "url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/"
      },
      {
        "trust": 1.0,
        "url": "https://bto.bluecoat.com/security-advisory/sa98"
      },
      {
        "trust": 1.0,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.19.1_release_notes"
      },
      {
        "trust": 1.0,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04718196"
      },
      {
        "trust": 1.0,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04770140"
      },
      {
        "trust": 1.0,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04772190"
      },
      {
        "trust": 1.0,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773119"
      },
      {
        "trust": 1.0,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773241"
      },
      {
        "trust": 1.0,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04832246"
      },
      {
        "trust": 1.0,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04918839"
      },
      {
        "trust": 1.0,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04923929"
      },
      {
        "trust": 1.0,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04926789"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04740527"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04953655"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128722"
      },
      {
        "trust": 1.0,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05193083"
      },
      {
        "trust": 1.0,
        "url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
      },
      {
        "trust": 1.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122"
      },
      {
        "trust": 1.0,
        "url": "https://openssl.org/news/secadv/20150611.txt"
      },
      {
        "trust": 1.0,
        "url": "https://puppet.com/security/cve/cve-2015-4000"
      },
      {
        "trust": 1.0,
        "url": "https://security.gentoo.org/glsa/201506-02"
      },
      {
        "trust": 1.0,
        "url": "https://security.gentoo.org/glsa/201512-10"
      },
      {
        "trust": 1.0,
        "url": "https://security.gentoo.org/glsa/201603-11"
      },
      {
        "trust": 1.0,
        "url": "https://security.gentoo.org/glsa/201701-46"
      },
      {
        "trust": 1.0,
        "url": "https://security.netapp.com/advisory/ntap-20150619-0001/"
      },
      {
        "trust": 1.0,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.0,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03831en_us"
      },
      {
        "trust": 1.0,
        "url": "https://weakdh.org/"
      },
      {
        "trust": 1.0,
        "url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"
      },
      {
        "trust": 1.0,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098403"
      },
      {
        "trust": 1.0,
        "url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"
      },
      {
        "trust": 1.0,
        "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
      },
      {
        "trust": 1.0,
        "url": "https://www.suse.com/security/cve/cve-2015-4000.html"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2015-4000"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4732"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4760"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2601"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2632"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2621"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2808"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2590"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4733"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4749"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4731"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4748"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2625"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.4,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4760"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-2621"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-2601"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4732"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-2632"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4733"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4748"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4731"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4749"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-2590"
      },
      {
        "trust": 0.3,
        "url": "https://mta.openssl.org/pipermail/openssl-announce/2015-july/000037.html"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://support.asperasoft.com/entries/94843988-security-bulletin-openssl-,-tls-vulnerabilities-logjam-cve-2015-4000"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/13"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/secadv_20150709.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04822825"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "trust": 0.3,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150710-openssl"
      },
      {
        "trust": 0.3,
        "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-454058.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964231"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21965399"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962398"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962929"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963448"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html#2015-1793"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966484"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965725"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965807"
      },
      {
        "trust": 0.3,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.3,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.3,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-2664"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-1931"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2638"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-2638"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1931"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2664"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-2637"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2637"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-2625"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2628"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://www.ibm.com/developerworks/java/jdk/alerts/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2740"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2737"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2721"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2739"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2734"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2724"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2735"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2736"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2738"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1979"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1938"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7182"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1950"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1978"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7181"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7575"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8873"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0477"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0480"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0478"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0470"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0469"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2613"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0488"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0460"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1793"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/developerworks/java/jdk/lifecycle/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2730"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/firefox/39.0+build5-0ubuntu0.12.04.2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2727"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2725"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2731"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2741"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2726"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2722"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2729"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2743"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumbe"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04832246"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/face"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/2688611"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/solutions/222023"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-2054.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3110"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3183"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2808"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2628"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facets"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://rt.openssl.org/ticket/display.html?id=3286"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75652"
      },
      {
        "db": "PACKETSTORM",
        "id": "139002"
      },
      {
        "db": "PACKETSTORM",
        "id": "132835"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132943"
      },
      {
        "db": "PACKETSTORM",
        "id": "133039"
      },
      {
        "db": "PACKETSTORM",
        "id": "132699"
      },
      {
        "db": "PACKETSTORM",
        "id": "133990"
      },
      {
        "db": "PACKETSTORM",
        "id": "132803"
      },
      {
        "db": "PACKETSTORM",
        "id": "135172"
      },
      {
        "db": "PACKETSTORM",
        "id": "133337"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "132921"
      },
      {
        "db": "PACKETSTORM",
        "id": "132697"
      },
      {
        "db": "PACKETSTORM",
        "id": "132439"
      },
      {
        "db": "PACKETSTORM",
        "id": "132413"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4000"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "75652"
      },
      {
        "db": "PACKETSTORM",
        "id": "139002"
      },
      {
        "db": "PACKETSTORM",
        "id": "132835"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132943"
      },
      {
        "db": "PACKETSTORM",
        "id": "133039"
      },
      {
        "db": "PACKETSTORM",
        "id": "132699"
      },
      {
        "db": "PACKETSTORM",
        "id": "133990"
      },
      {
        "db": "PACKETSTORM",
        "id": "132803"
      },
      {
        "db": "PACKETSTORM",
        "id": "135172"
      },
      {
        "db": "PACKETSTORM",
        "id": "133337"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "132921"
      },
      {
        "db": "PACKETSTORM",
        "id": "132697"
      },
      {
        "db": "PACKETSTORM",
        "id": "132439"
      },
      {
        "db": "PACKETSTORM",
        "id": "132413"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4000"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-09T00:00:00",
        "db": "BID",
        "id": "75652"
      },
      {
        "date": "2016-10-06T20:59:47",
        "db": "PACKETSTORM",
        "id": "139002"
      },
      {
        "date": "2015-07-27T15:36:14",
        "db": "PACKETSTORM",
        "id": "132835"
      },
      {
        "date": "2015-08-06T10:10:00",
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "date": "2015-08-04T17:55:43",
        "db": "PACKETSTORM",
        "id": "132943"
      },
      {
        "date": "2015-08-12T19:42:09",
        "db": "PACKETSTORM",
        "id": "133039"
      },
      {
        "date": "2015-07-16T17:45:50",
        "db": "PACKETSTORM",
        "id": "132699"
      },
      {
        "date": "2015-10-16T01:44:08",
        "db": "PACKETSTORM",
        "id": "133990"
      },
      {
        "date": "2015-07-22T22:38:54",
        "db": "PACKETSTORM",
        "id": "132803"
      },
      {
        "date": "2016-01-08T15:12:14",
        "db": "PACKETSTORM",
        "id": "135172"
      },
      {
        "date": "2015-08-26T23:41:29",
        "db": "PACKETSTORM",
        "id": "133337"
      },
      {
        "date": "2016-10-12T20:16:45",
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "date": "2015-08-04T01:08:37",
        "db": "PACKETSTORM",
        "id": "132921"
      },
      {
        "date": "2015-07-16T17:45:29",
        "db": "PACKETSTORM",
        "id": "132697"
      },
      {
        "date": "2015-06-25T14:18:03",
        "db": "PACKETSTORM",
        "id": "132439"
      },
      {
        "date": "2015-06-23T14:09:34",
        "db": "PACKETSTORM",
        "id": "132413"
      },
      {
        "date": "2015-06-11T12:12:12",
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "date": "2015-05-21T00:59:00.087000",
        "db": "NVD",
        "id": "CVE-2015-4000"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-26T05:10:00",
        "db": "BID",
        "id": "75652"
      },
      {
        "date": "2023-02-09T16:15:28.840000",
        "db": "NVD",
        "id": "CVE-2015-4000"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "75652"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL CVE-2015-1793 Certificate Verification Security Bypass Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "75652"
      }
    ],
    "trust": 0.3
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "75652"
      }
    ],
    "trust": 0.3
  }
}

var-200110-0326
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)

files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- .

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

Full-Disclosure - We believe in it

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0326",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.2.6-p1"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.3.2-p1"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-2937",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      }
    ],
    "trust": 5.67
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 3.7
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200110-0326",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-03-18T20:17:51.889000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "BIND 9: OpenSSL Vulnerabilities",
        "trust": 0.8,
        "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "title": "102759",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.6,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2011-05-10T00:45:11",
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  }
}

var-200110-0206
Vulnerability from variot

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. OpenSSL is prone to a denial-of-service vulnerability. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it.

Update:

There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. OpenSSL library vulnerabilities:

ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

(CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
allows remote attackers to cause a denial of service (infinite
loop and memory consumption) via malformed ASN.1 structures that
trigger an improperly handled error condition.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

(CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
SSH protocol, allows remote attackers to cause a denial of service
(CPU consumption) via an SSH packet that contains duplicate blocks,
which is not properly handled by the CRC compensation attack
detector.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)

files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0206",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "5.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "6.06"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "5.10"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar410v2"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar450s"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar550s"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar570s"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar740"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10cu2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0.8"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux personal",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "fitelnet-f series",
        "scope": null,
        "trust": 0.8,
        "vendor": "furukawa electric",
        "version": null
      },
      {
        "model": "mucho series",
        "scope": null,
        "trust": 0.8,
        "vendor": "furukawa electric",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.10"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.9"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "x8610.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.50.3.45"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "ciscosecure acs appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1111"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "mds 9216i",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.10.2.65"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "ciscosecure acs for windows and unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with the discovery of this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "20246"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-4343",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-4343",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4343",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. OpenSSL is prone to a denial-of-service vulnerability. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      }
    ],
    "trust": 5.04
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343",
        "trust": 3.2
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 2.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25420",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1973",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4443",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29263",
        "trust": 1.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4773",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "id": "VAR-200110-0206",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.32525984999999996
  },
  "last_update_date": "2024-05-12T02:40:25.656000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Oracle Critical Patch Update - January 2007",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "openssl (V2.x)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1003"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102711",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "Oracle Critical Patch Update - January 2007",
        "trust": 0.8,
        "url": "http://otn.oracle.co.jp/security/070119_77/top.html"
      },
      {
        "title": "X.509\u8a3c\u660e\u66f8\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20071108.html"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      },
      {
        "title": "729618/NISCC/PARASITIC-KEYS",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/niscc729618.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-DesignError",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/386964"
      },
      {
        "trust": 1.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 1.2,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25420"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29263"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4443"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1973"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10207"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4356"
      },
      {
        "trust": 1.0,
        "url": "https://www.exploit-db.com/exploits/4773"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr044501.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/niscc/niscc-729618/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4343"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf?lang=en"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.6,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.6,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.4,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.2,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20246"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2006-10-04T00:47:19",
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T09:25:00",
        "db": "BID",
        "id": "20246"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "date": "2018-10-17T21:36:13.210000",
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20246"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "20246"
      }
    ],
    "trust": 0.3
  }
}

var-201408-0081
Vulnerability from variot

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. OpenSSL 1.0.1 versions prior to 1.0.1i are vulnerable. ============================================================================ Ubuntu Security Notice USN-2308-1 August 07, 2014

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. (CVE-2014-3506)

Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS fragments. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain applications, an attacker may use this issue to possibly gain access to sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.5

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.17

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.20

After a standard system update you need to reboot your computer to make all the necessary changes. OpenSSL Security Advisory [6 Aug 2014] ========================================

Information leak in pretty printing functions (CVE-2014-3508)

A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.

OpenSSL 0.9.8 users should upgrade to 0.9.8zb OpenSSL 1.0.0 users should upgrade to 1.0.0n. OpenSSL 1.0.1 users should upgrade to 1.0.1i.

Thanks to Ivan Fratric (Google) for discovering this issue. This issue was reported to OpenSSL on 19th June 2014.

The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL development team.

Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)

The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This can be exploited through a Denial of Service attack.

OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. This issue was reported to OpenSSL on 2nd July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)

If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory.

OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. This issue was reported to OpenSSL on 8th July 2014.

The fix was developed by Gabor Tyukasz.

Double Free when processing DTLS packets (CVE-2014-3505)

An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.

Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley.

DTLS memory exhaustion (CVE-2014-3506)

An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.

Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley.

DTLS memory leak from zero-length fragments (CVE-2014-3507)

By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.

Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley.

OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages.

OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.

Thanks to Felix Gröbert (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 18th July 2014.

The fix was developed by Emilia Käsper of the OpenSSL development team.

OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.

Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 21st July 2014.

The fix was developed by David Benjamin.

SRP buffer overrun (CVE-2014-3512)

A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.

OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1i.

Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC Group) for discovering this issue. This issue was reported to OpenSSL on 31st July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20140806.txt

Note: the online version of the advisory may be updated with additional details over time.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. This update fixes several security issues: Double Free when processing DTLS packets (CVE-2014-3505) DTLS memory exhaustion (CVE-2014-3506) DTLS memory leak from zero-length fragments (CVE-2014-3507) Information leak in pretty printing functions (CVE-2014-3508) Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510) OpenSSL TLS protocol downgrade attack (CVE-2014-3511) SRP buffer overrun (CVE-2014-3512) Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139) For more information, see: https://www.openssl.org/news/secadv_20140806.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139 ( Security fix ) patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz: Upgraded. ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz 3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: 3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz 075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz 92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: df5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz 582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz b80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz 0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz

Slackware 14.0 packages: d1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz ec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz 25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz 4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: f2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz 4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz

Slackware -current packages: 49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz 27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz

Slackware x86_64 -current packages: 8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz fd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04624296

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04624296 Version: 1

HPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and Windows, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-04-01 Last Updated: 2015-04-01

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) which are components of HP Insight Control server deployment. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE". The components of HP Insight Control server deployment could be exploited remotely to allow disclosure of information.

HP Insight Control server deployment includes HP System Management Homepage (SMH), HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following jobs. This bulletin provides the information needed to update the vulnerable components in HP Insight Control server deployment.

Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware

References:

CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-5139 SSRT102004

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-5139 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following instructions to resolve this vulnerability.

Note: For HP Insight deployment Control server v7.1.2, v7.2.0, v7.2.1 and v7.2.2, you must upgrade to v7.3.1 and follow the steps from 1 to 11 mentioned below to resolve the vulnerability.

Delete the files smh.exe from Component Copy Location listed in the following table, rows 1 and 2. Delete the files vca.exe/vcaamd64-.exe from Component Copy Location listed in the following table, rows 3 and 4. Delete the files hpsmh-7..rpm" from Component Copy Location listed in row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location specified in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location

1 http://www.hp.com/swpublishing/MTX-bd2042a1c7574aad90c4839efe smhamd64-cp023964.exe \express\hpfeatures\hpagents-ws\components\Win2008

2 http://www.hp.com/swpublishing/MTX-062078f1ae354b7e99c86c151c smhx86-cp023963.exe \express\hpfeatures\hpagents-ws\components\Win2008

3 http://www.hp.com/swpublishing/MTX-7b23e47d5d9b420b94bd1323eb vcax86 cp025295.exe \express\hpfeatures\hpagents-ws\components\Win2008

4 http://www.hp.com/swpublishing/MTX-2557aa7dc1654cf6b547c1a9e4 vcaamd64-cp025296.exe \express\hpfeatures\hpagents-ws\components\Win2008

5 http://www.hp.com/swpublishing/MTX-5827037475e44abab586463723 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components

\express\hpfeatures\hpagents-sles10-x64\components

\express\hpfeatures\hpagents-rhel5-x64\components

\express\hpfeatures\hpagents-rhel6-x64\components

6 http://www.hp.com/swpublishing/MTX-57ab6bb78b6e47a18718f44133 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components

\express\hpfeatures\hpagents-sles10-x64\components

\express\hpfeatures\hpagents-rhel5-x64\components

\express\hpfeatures\hpagents-rhel6-x64\components

7 http://www.hp.com/swpublishing/MTX-34bcab41ac7e4db299e3f5f2f1 smhx86-cp025274.exe \express\hpfeatures\hpagents-ws\components\Win2003

8 http://www.hp.com/swpublishing/MTX-00eb9ac82e86449e8c3ba101bd smhamd64-cp025275.exe \express\hpfeatures\hpagents-ws\components\Win2003

Download and extract the HP SUM component from ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p991570621/v99346

Copy all content from extracted folder and paste at \eXpress\hpfeatures\fw-proLiant\components Initiate Install HP Management Agents for SLES 11 x64 on the target running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on the target running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on the target running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on the target running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 job on the target running Windows.

HISTORY Version:1 (rev.1) - 1 April 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: rhevm-spice-client security and bug fix update Advisory ID: RHSA-2015:0197-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0197.html Issue date: 2014-07-25 Updated on: 2015-02-11 CVE Names: CVE-2014-3509 CVE-2014-3511 =====================================================================

  1. Summary:

Updated rhevm-spice-client packages that fix two security issues and several bugs are now available for Red Hat Enterprise Virtualization Manager 3.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

RHEV-M 3.5 - noarch

  1. Description:

Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. (CVE-2014-3509)

A flaw was found in the way OpenSSL handled fragmented handshake packets. (CVE-2014-3511)

This update also fixes the following bugs:

  • Previously, various clipboard managers, operating on the client or on the guest, would occasionally lose synchronization, which resulted in clipboard data loss and the SPICE console freezing. Now, spice-gtk have been patched, such that clipboard synchronization does not freeze the SPICE console anymore. (BZ#1083489)

  • Prior to this update, when a SPICE console was launched from the Red Hat Enterprise Virtualization User Portal with the 'Native Client' invocation method and 'Open in Full Screen' selected, the displays of the guest virtual machine were not always configured to match the client displays. After this update, the SPICE console will show a full-screen guest display for each client monitor. (BZ#1076243)

  • A difference in behavior between Linux and Windows clients caused an extra nul character to be sent when pasting text in a guest machine from a Windows client. This invisible character was visible in some Java applications. With this update, the extra nul character is removed from text strings and no more extraneous character would appear. (BZ#1090122)

  • Previously, If the clipboard is of type image/bmp, and the data is of 0 size, GTK+ will crash. With this update, the data size is checked first, and GTK+ no longer crashes when clipboard is of type image/bmp, and the data is of 0 size. (BZ#1090433)

  • Modifier-only key combinations cannot be registered by users as hotkeys so if a user tries to set a modifier-only key sequence (for example, 'ctrl+alt') as the hotkey for releasing the cursor, it will fail, and the user will be able to release the cursor from the window. With this update, when a modifier-only hotkey is attempted to be registered, it will fall back to the default cursor-release sequence (which happens to be 'ctrl+alt'). (BZ#985319)

  • Display configuration sometimes used outdated information about the position of the remote-viewer windows in order to align and configure the guest displays. Occasionally, this caused the guest displays to became unexpectedly swapped when a window is resized. With this update, remote-viewer will always use the current window locations to align displays, rather than using a possibly outdated cached location information. (BZ#1018182)

All rhevm-spice-client users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1018145 - --full-screen=auto-conf sometimes (but frequently) doesn't work correctly 1018182 - primary monitor is switched if some screen gets bigger then current primary screen 1076243 - [BUG] RHEV SPICE console not opening in full screen or detecting resolution by default 1083489 - [SPICE][BUG] Spice session freezes randomly 1090122 - Pasting into java apps inserts unprintable character 1090433 - [GTK][BUG] win32: add more clipboard data checks to avoid crash 1103366 - Rebase virt-viewer to 0.6.0 1105650 - Fix windows productversion to fit -z releases 1115445 - in About dialog, hyphen version-build dividing hyphen is missing 1127498 - CVE-2014-3509 openssl: race condition in ssl_parse_serverhello_tlsext 1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack

  1. Package List:

RHEV-M 3.5:

Source: rhevm-spice-client-3.5-2.el6.src.rpm

noarch: rhevm-spice-client-x64-cab-3.5-2.el6.noarch.rpm rhevm-spice-client-x64-msi-3.5-2.el6.noarch.rpm rhevm-spice-client-x86-cab-3.5-2.el6.noarch.rpm rhevm-spice-client-x86-msi-3.5-2.el6.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-3509 https://access.redhat.com/security/cve/CVE-2014-3511 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFU253LXlSAg2UNWIIRAjJEAKCrqGkFJHhLN3Iqt069y96etuCAxgCcCTWW 1SViofNGiqbiufMWwY7okg4= =cjiU -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-39

                                        http://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 26, 2014 Bugs: #494816, #519264, #525468 ID: 201412-39

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1j *>= 0.9.8z_p2 >= 1.0.1j

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Resolution

All OpenSSL 1.0.1 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j"

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.

References

[ 1 ] CVE-2013-6449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449 [ 2 ] CVE-2013-6450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450 [ 3 ] CVE-2014-3505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505 [ 4 ] CVE-2014-3506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506 [ 5 ] CVE-2014-3507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507 [ 6 ] CVE-2014-3509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509 [ 7 ] CVE-2014-3510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510 [ 8 ] CVE-2014-3511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511 [ 9 ] CVE-2014-3512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512 [ 10 ] CVE-2014-3513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513 [ 11 ] CVE-2014-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567 [ 12 ] CVE-2014-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568 [ 13 ] CVE-2014-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201412-39.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 .

References:

CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-5139 SSRT101894 SSRT101916 SSRT101918 SSRT101920 SSRT101921 SSRT101922 SSRT101923 SSRT101925 SSRT101926 SSRT101927

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The HP Matrix Operating Environment v7.2.3 Update kit applicable to HP Matrix Operating Environment 7.2.x installations is available at the following location:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPID

NOTE: Please read the readme.txt file before proceeding with the installation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-14:18.openssl Security Advisory The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib Module: openssl Announced: 2014-09-09 Affects: All supported versions of FreeBSD. Corrected: 2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE) 2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8) 2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE) 2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1) 2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11) 2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18) 2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE) 2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15) CVE Name: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510, CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. [CVE-2014-5139]

III. Impact

A remote attacker may be able to cause a denial of service (application crash, large memory consumption), obtain additional information, cause protocol downgrade. Additionally, a remote attacker may be able to run arbitrary code on a vulnerable system if the application has been set up for SRP.

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.0]

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc

gpg --verify openssl-10.0.patch.asc

[FreeBSD 9.3]

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc

gpg --verify openssl-9.3.patch.asc

[FreeBSD 9.2, 9.1, 8.4]

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc

gpg --verify openssl-9.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

3) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r269687 releng/8.4/ r271305 stable/9/ r269687 releng/9.1/ r271305 releng/9.2/ r271305 releng/9.3/ r271305 stable/10/ r269686 releng/10.0/ r271304

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII.

References:

CVE-2014-0224 Remote Unauthorized Access, Disclosure of Information CVE-2014-3509 Remote Denial of Service (DoS) CVE-2014-3511 Remote Unauthorized Access, Disclosure of Information CVE-2014-5139 Remote Denial of Service (DoS) SSRT101818

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Note: For versions not listed, please contact support:

Note: ServiceCenter 6.2 is impacted only if using the Directory Services integration feature with the SC LDAP over SSL (LDAPS) protocol. If this feature is in use, HP recommends that ServiceCenter 6.2 customers upgrade to Service Manager 7.11, 9.21, or 9.34, and then apply the patches listed below.

Patch Version Package Name / SSO URL

SM711P22 AIX Server 7.11.720 p22 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00614

HP Itanium Server 7.11.720 p22 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00615

HP parisc Server 7.11.720 p22 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00616

Linux x86 Server 7.11.720 p22 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00617

Solaris Server 7.11.720 p22 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00618

Windows Server 7.11.720 p22 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00619

SM921P9 AIX server 9.21.706 P9 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00621

HPUX/IA server 9.21.706 P9 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00622

HPUX/PA server 9.21.706 P9 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00623

Linux server 9.21.706 P9 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00624

Solaris server 9.21.706 P9 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00625

Windows server 9.21.706 P9 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00626

SM934P2 AIX Server 9.34.2003 p2 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00605

HP Itanium Server 9.34.2003 p2 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00606

Linux Server 9.34.2003 p2 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00607

Solaris Server 9.34.2003 p2 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00608

Windows Server 9.34.2003 p2 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00609

HISTORY Version:1 (rev.1) - 22 January 2015 Initial release Version:2 (rev.2) - 23 January 2015 added note for versions not listed in table

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0081",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "8.4-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "10.0-beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "-release-p2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "8.4-release-p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.8"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.016"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "8.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "9.2-release-p11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "vios fp-25 sp-02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "9.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.3-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "7.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.4-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "7.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.34"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "idatplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2407863"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "idatplex dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79180"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x35007383"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.2"
      },
      {
        "model": "release-p4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "10.0-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "9.1-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.8"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2207906"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.14"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "-release/alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "8.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.1"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.00"
      },
      {
        "model": "9.2-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "junos os 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5"
      },
      {
        "model": "2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "9.1--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "idatplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "6.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "9.3-beta3-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch 7.2.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "9.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "-stablepre2001-07-20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "8.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.10"
      },
      {
        "model": "6.3-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.0"
      },
      {
        "model": "9.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x33007382"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "7.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.0-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "9.0-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "junos os 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x638370"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.20"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "9.1-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.1-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.13"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "7.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "9.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7955"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "nextscale nx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54550"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.08"
      },
      {
        "model": "7.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.015"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.2x"
      },
      {
        "model": "7.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.0-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "8.4-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5.0"
      },
      {
        "model": "prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2408738"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.01"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "8.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "servicecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0.x"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.3-rc",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "9.3-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "8.4-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "7.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.31"
      },
      {
        "model": "10.0-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.7"
      },
      {
        "model": "-pre-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079150"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "8.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux load balancer eus 6.5.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "9.2-rc2-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.6"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.2-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x35507914"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.1"
      },
      {
        "model": "8.3-release-p15",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.9"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.1-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "9.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.3"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "7.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.5"
      },
      {
        "model": "7.2-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.3x"
      },
      {
        "model": "9.3-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "8.3-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "-stablepre2002-03-07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.00"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087330"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.2"
      },
      {
        "model": "8.3-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.6.1"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "7.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.3"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "8.3-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.2-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system fc5022 16gb san scalable switch 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "7.3-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "6.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "oncommand unified manager core package 5.2.1p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "8.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "7.4-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "8.3-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2202585"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "10.0-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.1-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "9.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.21"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.2"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "open systems snapvault 3.0.1p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-release-p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "9.3-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "8-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.4"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2227916"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "-release-p6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "8.4-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "qradar risk manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "8.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "8.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.4"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "8.4-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2-"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "9.1-release-p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "junos os 14.1r2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "10.0-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "7.3-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.4x"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0.x"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "junos os 13.3r3-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.33"
      },
      {
        "model": "7.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.9"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0"
      },
      {
        "model": "10.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.3"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.4"
      },
      {
        "model": "6.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x8804259"
      },
      {
        "model": "10.0-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.1-release-p15",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.21"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "7.0-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1.5.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x37508752"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.3"
      },
      {
        "model": "8.2-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.3-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.20"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "8.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "6.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "9.2-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5x"
      },
      {
        "model": "8.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "-release-p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release-p32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x36307158"
      },
      {
        "model": "7.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3.2"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "10.0-release-p8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "puredata system for operational analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "8.1-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "bladecenter advanced management module 3.66g",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "8.4-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.1"
      },
      {
        "model": "9.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "qradar vulnerability manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.1x"
      },
      {
        "model": "9.3-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2408737"
      },
      {
        "model": "9.0--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "9.2-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.2"
      },
      {
        "model": "7.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0.x"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.01"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.21"
      },
      {
        "model": "9.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "8.4-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "release -p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2-"
      },
      {
        "model": "8.1-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "9.3-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tivoli netcool system service monitor fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2x"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "7.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "9.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "8-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.0"
      },
      {
        "model": "7.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "8.2-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x32502583"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "9.2-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "-release-p38",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.15"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.4"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.2"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "8.4-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x31002582"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "6.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1.5"
      },
      {
        "model": "9.2-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.4"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "10.0-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.6"
      },
      {
        "model": "8.4-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.21"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1x"
      },
      {
        "model": "9.3-release-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "8.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "8.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tssc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.16"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "8.1-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.5"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.7.1"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "9.1-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310054570"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x35307160"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.2"
      },
      {
        "model": "9.2-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6.1"
      },
      {
        "model": "7.2-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "9.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.02"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "7.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "flashsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8400"
      },
      {
        "model": "release p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.3--"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "9.1-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.1-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release-p10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087180"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "9.3-beta1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.14"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cms r17ac.g",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "idatplex dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79190"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x638370"
      },
      {
        "model": "10.0-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "10.0-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2408956"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8731"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.17"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x8807903"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.32"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "9.2-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "8.4-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "system m4 hd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x36305466"
      },
      {
        "model": "-release-p17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "7.0-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "9.1-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "qradar risk manager mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "10.0-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x4407917"
      },
      {
        "model": "flashsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v8400"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system m4 hd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x36505460"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087220"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8734"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.5"
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "9.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "cms r17ac.h",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "contact optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch 7.2.0d5",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "9.2-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2"
      },
      {
        "model": "8.2-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325054580"
      },
      {
        "model": "-release-p42",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "6.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.30"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "6.4-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.07"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "69079"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3511"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3511"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "130299"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "131254"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2014-3511",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-3511",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3511",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3511",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3511"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3511"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a \"protocol downgrade\" issue. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. \nOpenSSL 1.0.1 versions prior to 1.0.1i are vulnerable. ============================================================================\nUbuntu Security Notice USN-2308-1\nAugust 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nAdam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled\ncertain DTLS packets. \n(CVE-2014-3506)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS fragments. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access to\nsensitive information. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-5139)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.17\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.20\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. OpenSSL Security Advisory [6 Aug 2014]\n========================================\n\nInformation leak in pretty printing functions (CVE-2014-3508)\n=============================================================\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information from the\nstack. Applications may be affected if they echo pretty printing output to the\nattacker. OpenSSL SSL/TLS clients and servers themselves are not affected. \n\nOpenSSL 0.9.8 users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 users should upgrade to 1.0.1i. \n\nThanks to Ivan Fratric (Google) for discovering this issue. This issue\nwas reported to OpenSSL on 19th June 2014. \n\nThe fix was developed by Emilia K\u00e4sper and Stephen Henson of the OpenSSL\ndevelopment team. \n\n\nCrash with SRP ciphersuite in Server Hello message (CVE-2014-5139)\n==================================================================\n\nThe issue affects OpenSSL clients and allows a malicious server to crash\nthe client with a null pointer dereference (read) by specifying an SRP\nciphersuite even though it was not properly negotiated with the client. This can\nbe exploited through a Denial of Service attack. \n\nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Joonas Kuorilehto and Riku Hietam\u00e4ki (Codenomicon) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 2nd July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nRace condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)\n==============================================================\n\nIf a multithreaded client connects to a malicious server using a resumed session\nand the server sends an ec point format extension it could write up to 255 bytes\nto freed memory. \n\nOpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this\nissue. This issue was reported to OpenSSL on 8th July 2014. \n\nThe fix was developed by Gabor Tyukasz. \n\n\nDouble Free when processing DTLS packets (CVE-2014-3505)\n========================================================\n\nAn attacker can force an error condition which causes openssl to crash whilst\nprocessing DTLS packets due to memory being freed twice. This can be exploited\nthrough a Denial of Service attack. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i. \n\nThanks to Adam Langley and Wan-Teh Chang (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 6th June\n2014. \n\nThe fix was developed by Adam Langley. \n\n\nDTLS memory exhaustion (CVE-2014-3506)\n======================================\n\nAn attacker can force openssl to consume large amounts of memory whilst\nprocessing DTLS handshake messages. This can be exploited through a Denial of\nService attack. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\n\nDTLS memory leak from zero-length fragments (CVE-2014-3507)\n===========================================================\n\nBy sending carefully crafted DTLS packets an attacker could cause openssl to\nleak memory. This can be exploited through a Denial of Service attack. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\nOpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n===============================================================\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a\ndenial of service attack. A malicious server can crash the client with a null\npointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and\nsending carefully crafted handshake messages. \n\nOpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i. \n\nThanks to Felix Gr\u00f6bert (Google) for discovering and researching this issue. \nThis issue was reported to OpenSSL on 18th July 2014. \n\nThe fix was developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nOpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i. \n\nThanks to David Benjamin and Adam Langley (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 21st July 2014. \n\nThe fix was developed by David Benjamin. \n\n\nSRP buffer overrun (CVE-2014-3512)\n==================================\n\nA malicious client or server can send invalid SRP parameters and overrun\nan internal buffer. Only applications which are explicitly set up for SRP\nuse are affected. \n\nOpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1i. \n\nThanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC\nGroup) for discovering this issue. This issue was reported to OpenSSL\non 31st July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz:  Upgraded. \n  This update fixes several security issues:\n  Double Free when processing DTLS packets (CVE-2014-3505)\n  DTLS memory exhaustion (CVE-2014-3506)\n  DTLS memory leak from zero-length fragments (CVE-2014-3507)\n  Information leak in pretty printing functions (CVE-2014-3508)\n  Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)\n  OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n  OpenSSL TLS protocol downgrade attack (CVE-2014-3511)\n  SRP buffer overrun (CVE-2014-3512)\n  Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)\n  For more information, see:\n    https://www.openssl.org/news/secadv_20140806.txt\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz:  Upgraded. \n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd  openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200  openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413  openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544  openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb  openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d  openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c  openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da  openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620  openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691  openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023  openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843  openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180  openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231  openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58  openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c  openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7  openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7  openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d  openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250  openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269  a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f  n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc  a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8  n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04624296\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04624296\nVersion: 1\n\nHPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and\nWindows, Remote Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-04-01\nLast Updated: 2015-04-01\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH), HP Smart Update Manager (SUM), and HP Version\nControl Agent (VCA) which are components of HP Insight Control server\ndeployment. These vulnerabilities are related to the SSLv3 vulnerability\nknown as \"Padding Oracle on Downgraded Legacy Encryption\" or \"POODLE\". The\ncomponents of HP Insight Control server deployment could be exploited\nremotely to allow disclosure of information. \n\nHP Insight Control server deployment includes HP System Management Homepage\n(SMH), HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and\ndeploys them through the following jobs. This bulletin provides the\ninformation needed to update the vulnerable components in HP Insight Control\nserver deployment. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\nUpgrade Proliant Firmware\n\nReferences:\n\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\nCVE-2014-5139\nSSRT102004\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3508    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-3509    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-3511    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2014-3513    (AV:N/AC:M/Au:N/C:N/I:N/A:C)       7.1\nCVE-2014-3566    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-3567    (AV:N/AC:M/Au:N/C:N/I:N/A:C)       7.1\nCVE-2014-3568    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2014-5139    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following instructions to resolve this vulnerability. \n\nNote: For HP Insight deployment Control server v7.1.2, v7.2.0, v7.2.1 and\nv7.2.2, you must upgrade to v7.3.1 and follow the steps from 1 to 11\nmentioned below to resolve the vulnerability. \n\nDelete the files smh*.exe from Component Copy Location listed in the\nfollowing table, rows 1 and 2. \nDelete the files vca*.exe/vcaamd64-*.exe from Component Copy Location listed\nin the following table, rows 3 and 4. \nDelete the files hpsmh-7.*.rpm\" from Component Copy Location listed in row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nspecified in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-bd2042a1c7574aad90c4839efe\n smhamd64-cp023964.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n2\n http://www.hp.com/swpublishing/MTX-062078f1ae354b7e99c86c151c\n smhx86-cp023963.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n3\n http://www.hp.com/swpublishing/MTX-7b23e47d5d9b420b94bd1323eb\n vcax86 cp025295.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-2557aa7dc1654cf6b547c1a9e4\n vcaamd64-cp025296.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-5827037475e44abab586463723\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\n6\n http://www.hp.com/swpublishing/MTX-57ab6bb78b6e47a18718f44133\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\n7\n http://www.hp.com/swpublishing/MTX-34bcab41ac7e4db299e3f5f2f1\n smhx86-cp025274.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\n8\n http://www.hp.com/swpublishing/MTX-00eb9ac82e86449e8c3ba101bd\n smhamd64-cp025275.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\nDownload and extract the HP SUM component from\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p991570621/v99346\n\nCopy all content from extracted folder and paste at\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components\nInitiate Install HP Management Agents for SLES 11 x64 on the target running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on the target running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on the target running\nRHEL 6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on the target running\nRHEL 5 x64. \nInitiate Install HP Management Agents for Windows x86/x64 job on the target\nrunning Windows. \n\nHISTORY\nVersion:1 (rev.1) - 1 April 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: rhevm-spice-client security and bug fix update\nAdvisory ID:       RHSA-2015:0197-01\nProduct:           Red Hat Enterprise Virtualization\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-0197.html\nIssue date:        2014-07-25\nUpdated on:        2015-02-11\nCVE Names:         CVE-2014-3509 CVE-2014-3511 \n=====================================================================\n\n1. Summary:\n\nUpdated rhevm-spice-client packages that fix two security issues and\nseveral bugs are now available for Red Hat Enterprise Virtualization\nManager 3. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEV-M 3.5 - noarch\n\n3. Description:\n\nRed Hat Enterprise Virtualization Manager provides access to virtual\nmachines using SPICE. These SPICE client packages provide the SPICE client\nand usbclerk service for both Windows 32-bit operating systems and Windows\n64-bit operating systems. (CVE-2014-3509)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets. (CVE-2014-3511)\n\nThis update also fixes the following bugs:\n\n* Previously, various clipboard managers, operating on the client or on the\nguest, would occasionally lose synchronization, which resulted in clipboard\ndata loss and the SPICE console freezing. Now, spice-gtk have been patched,\nsuch that clipboard synchronization does not freeze the SPICE console\nanymore. (BZ#1083489)\n\n* Prior to this update, when a SPICE console was launched from the Red Hat\nEnterprise Virtualization User Portal with the \u0027Native Client\u0027 invocation\nmethod and \u0027Open in Full Screen\u0027 selected, the displays of the guest\nvirtual machine were not always configured to match the client displays. \nAfter this update, the SPICE console will show a full-screen guest display\nfor each client monitor. (BZ#1076243)\n\n* A difference in behavior between Linux and Windows clients caused an\nextra nul character to be sent when pasting text in a guest machine from a\nWindows client. This invisible character was visible in some Java\napplications. With this update, the extra nul character is removed from\ntext strings and no more extraneous character would appear. (BZ#1090122)\n\n* Previously, If the clipboard is of type image/bmp, and the data is of 0\nsize, GTK+ will crash. With this update, the data size is checked first,\nand GTK+ no longer crashes when clipboard is of type image/bmp, and the\ndata is of 0 size. (BZ#1090433)\n\n* Modifier-only key combinations cannot be registered by users as hotkeys\nso if a user tries to set a modifier-only key sequence (for example,\n\u0027ctrl+alt\u0027) as the hotkey for releasing the cursor, it will fail, and the\nuser will be able to release the cursor from the window. With this update,\nwhen a modifier-only hotkey is attempted to be registered, it will fall\nback to the default cursor-release sequence (which happens to be\n\u0027ctrl+alt\u0027). (BZ#985319)\n\n* Display configuration sometimes used outdated information about the\nposition of the remote-viewer windows in order to align and configure the\nguest displays. Occasionally, this caused the guest displays to became\nunexpectedly swapped when a window is resized. With this update,\nremote-viewer will always use the current window locations to align\ndisplays, rather than using a possibly outdated cached location\ninformation. (BZ#1018182)\n\nAll rhevm-spice-client users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1018145 - --full-screen=auto-conf sometimes (but frequently) doesn\u0027t work correctly\n1018182 - primary monitor is switched if some screen gets bigger then current primary screen\n1076243 - [BUG] RHEV SPICE console not opening in full screen or detecting resolution by default\n1083489 - [SPICE][BUG] Spice session freezes randomly\n1090122 - Pasting into java apps inserts unprintable character\n1090433 - [GTK][BUG] win32: add more clipboard data checks to avoid crash\n1103366 - Rebase virt-viewer to 0.6.0\n1105650 - Fix windows productversion to fit -z releases\n1115445 - in About dialog, hyphen version-build dividing hyphen is missing\n1127498 - CVE-2014-3509 openssl: race condition in ssl_parse_serverhello_tlsext\n1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack\n\n6. Package List:\n\nRHEV-M 3.5:\n\nSource:\nrhevm-spice-client-3.5-2.el6.src.rpm\n\nnoarch:\nrhevm-spice-client-x64-cab-3.5-2.el6.noarch.rpm\nrhevm-spice-client-x64-msi-3.5-2.el6.noarch.rpm\nrhevm-spice-client-x86-cab-3.5-2.el6.noarch.rpm\nrhevm-spice-client-x86-msi-3.5-2.el6.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3509\nhttps://access.redhat.com/security/cve/CVE-2014-3511\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFU253LXlSAg2UNWIIRAjJEAKCrqGkFJHhLN3Iqt069y96etuCAxgCcCTWW\n1SViofNGiqbiufMWwY7okg4=\n=cjiU\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201412-39\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 26, 2014\n     Bugs: #494816, #519264, #525468\n       ID: 201412-39\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\ncould result in Denial of Service or Man-in-the-Middle attacks. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.1j              *\u003e= 0.9.8z_p2\n                                                            \u003e= 1.0.1j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1j\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p2\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying these packages. \n\nReferences\n==========\n\n[  1 ] CVE-2013-6449\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449\n[  2 ] CVE-2013-6450\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450\n[  3 ] CVE-2014-3505\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505\n[  4 ] CVE-2014-3506\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506\n[  5 ] CVE-2014-3507\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507\n[  6 ] CVE-2014-3509\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509\n[  7 ] CVE-2014-3510\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510\n[  8 ] CVE-2014-3511\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511\n[  9 ] CVE-2014-3512\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512\n[ 10 ] CVE-2014-3513\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513\n[ 11 ] CVE-2014-3567\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567\n[ 12 ] CVE-2014-3568\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568\n[ 13 ] CVE-2014-5139\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-39.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nReferences:\n\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\nCVE-2014-5139\nSSRT101894\nSSRT101916\nSSRT101918\nSSRT101920\nSSRT101921\nSSRT101922\nSSRT101923\nSSRT101925\nSSRT101926\nSSRT101927\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The HP Matrix\nOperating Environment v7.2.3 Update kit applicable to HP Matrix Operating\nEnvironment 7.2.x installations is available at the following location:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=HPID\n\nNOTE: Please read the readme.txt file before proceeding with the\ninstallation. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-14:18.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          OpenSSL multiple vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2014-09-09\nAffects:        All supported versions of FreeBSD. \nCorrected:      2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE)\n                2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8)\n                2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE)\n                2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1)\n                2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11)\n                2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18)\n                2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE)\n                2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15)\nCVE Name:       CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510,\n                CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. [CVE-2014-5139]\n\nIII. Impact\n\nA remote attacker may be able to cause a denial of service (application\ncrash, large memory consumption), obtain additional information,\ncause protocol downgrade.  Additionally, a remote attacker may be able\nto run arbitrary code on a vulnerable system if the application has been\nset up for SRP. \n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 9.3]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 9.2, 9.1, 8.4]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc\n# gpg --verify openssl-9.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r269687\nreleng/8.4/                                                       r271305\nstable/9/                                                         r269687\nreleng/9.1/                                                       r271305\nreleng/9.2/                                                       r271305\nreleng/9.3/                                                       r271305\nstable/10/                                                        r269686\nreleng/10.0/                                                      r271304\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n\nReferences:\n\nCVE-2014-0224 Remote Unauthorized Access, Disclosure of Information\nCVE-2014-3509 Remote Denial of Service (DoS)\nCVE-2014-3511 Remote Unauthorized Access, Disclosure of Information\nCVE-2014-5139 Remote Denial of Service (DoS)\nSSRT101818\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nNote: For versions not listed, please contact support:\n\nNote: ServiceCenter 6.2 is impacted only if using the Directory Services\nintegration feature with the SC LDAP over SSL (LDAPS) protocol. If this\nfeature is in use, HP recommends that ServiceCenter 6.2 customers upgrade to\nService Manager 7.11, 9.21, or 9.34, and then apply the patches listed below. \n\nPatch Version\n Package Name / SSO URL\n\nSM711P22\n AIX Server 7.11.720 p22\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00614\n\nHP Itanium Server 7.11.720 p22\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00615\n\nHP parisc Server 7.11.720 p22\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00616\n\nLinux x86 Server 7.11.720 p22\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00617\n\nSolaris Server 7.11.720 p22\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00618\n\nWindows Server 7.11.720 p22\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00619\n\nSM921P9\n AIX server 9.21.706 P9\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00621\n\nHPUX/IA server 9.21.706 P9\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00622\n\nHPUX/PA server 9.21.706 P9\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00623\n\nLinux server 9.21.706 P9\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00624\n\nSolaris server 9.21.706 P9\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00625\n\nWindows server 9.21.706 P9\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00626\n\nSM934P2\n AIX Server 9.34.2003 p2\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00605\n\nHP Itanium Server 9.34.2003 p2\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00606\n\nLinux Server 9.34.2003 p2\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00607\n\nSolaris Server 9.34.2003 p2\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00608\n\nWindows Server 9.34.2003 p2\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00609\n\nHISTORY\nVersion:1 (rev.1) - 22 January 2015 Initial release\nVersion:2 (rev.2) - 23 January 2015 added note for versions not listed in\ntable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3511"
      },
      {
        "db": "BID",
        "id": "69079"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "131254"
      },
      {
        "db": "PACKETSTORM",
        "id": "130359"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3511"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "130299"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3511",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "69079",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "59700",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61100",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60803",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59710",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60810",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60917",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61017",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60921",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60221",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60022",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60938",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61139",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61043",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59756",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61959",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58962",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61775",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60377",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60684",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61184",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59887",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60890",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60493",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030693",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2014-06",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10084",
        "trust": 1.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10649",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3511",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130299",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130868",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128214",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130815",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131014",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132467",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129721",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132085",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127790",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137201",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132081",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130359",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131254",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127811",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169648",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3511"
      },
      {
        "db": "BID",
        "id": "69079"
      },
      {
        "db": "PACKETSTORM",
        "id": "130299"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "130359"
      },
      {
        "db": "PACKETSTORM",
        "id": "131254"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3511"
      }
    ]
  },
  "id": "VAR-201408-0081",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44401007833333334
  },
  "last_update_date": "2024-07-23T21:31:18.574000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Red Hat: Critical: rhev-hypervisor6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150126 - security advisory"
      },
      {
        "title": "Tenable Security Advisories: [R4] Tenable Products Affected by OpenSSL Protocol Downgrade Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2014-06"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2308-1"
      },
      {
        "title": "Debian Security Advisories: DSA-2998-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=bfd576c692d8814b2a331baf29ad367c"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-391",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-391"
      },
      {
        "title": "Symantec Security Advisories: SA85 : OpenSSL Security Advisory 06-Aug-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=02a206cf2efb06aecdaf29aeca851b55"
      },
      {
        "title": "Splunk Security Announcements: Splunk Enterprise 6.1.4 and 5.0.10 address four vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=f5716086497f074005596fe8e0bc5dce"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "oval",
        "trust": 0.1,
        "url": "https://github.com/jumanjihouse/oval "
      },
      {
        "title": "wormhole",
        "trust": 0.1,
        "url": "https://github.com/jumanjihouse/wormhole "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3511"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3511"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://www.openssl.org/news/secadv_20140806.txt"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.4,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:18.openssl.asc"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0197.html"
      },
      {
        "trust": 1.2,
        "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
      },
      {
        "trust": 1.1,
        "url": "http://linux.oracle.com/errata/elsa-2014-1052.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0126.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58962"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59700"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59710"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59756"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59887"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60022"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60221"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60377"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60493"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60684"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60803"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60810"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60890"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60917"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60921"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60938"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61017"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61043"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61100"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61139"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61184"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61775"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61959"
      },
      {
        "trust": 1.1,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.arubanetworks.com/support/alerts/aid-08182014.txt"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2014/dsa-2998"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/69079"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030693"
      },
      {
        "trust": 1.1,
        "url": "http://www.splunk.com/view/sp-caaanhs"
      },
      {
        "trust": 1.1,
        "url": "http://www.tenable.com/security/tns-2014-06"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127504"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95162"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10084"
      },
      {
        "trust": 1.1,
        "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html"
      },
      {
        "trust": 1.1,
        "url": "https://techzone.ergon.ch/cve-2014-3511"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=280b1f1ad12131defcd986676a8fc9717aaa601b"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.8,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.8,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.8,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.4,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682663"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317"
      },
      {
        "trust": 0.3,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wan_boot"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684903"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004917"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096266"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004931"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686126"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004872"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691210"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/mar/84"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/feb/151"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10649\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100182969"
      },
      {
        "trust": 0.3,
        "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04512909"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684570"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685467"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097658"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1052.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1054.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684913"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691014"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21715901"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683389"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097903"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682034"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098252"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098585"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689886"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686182"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682016"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685967"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096510"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687099"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691162"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966557"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683744"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.2,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35208"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2308-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20140806.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.patch"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-14:18.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04486577-1"
      },
      {
        "trust": 0.1,
        "url": "https://technet.microsoft.com/library/security/3009008"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6450"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6449"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6450"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5139"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3507"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6449"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2308-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightcontrol"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightmanagement"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2019"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2018"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2021"
      },
      {
        "trust": 0.1,
        "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-2557aa7dc1654cf6b547c1a9e4"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-bd2042a1c7574aad90c4839efe"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-57ab6bb78b6e47a18718f44133"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-00eb9ac82e86449e8c3ba101bd"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-34bcab41ac7e4db299e3f5f2f1"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-062078f1ae354b7e99c86c151c"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-5827037475e44abab586463723"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-7b23e47d5d9b420b94bd1323eb"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3511"
      },
      {
        "db": "BID",
        "id": "69079"
      },
      {
        "db": "PACKETSTORM",
        "id": "130299"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "130359"
      },
      {
        "db": "PACKETSTORM",
        "id": "131254"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3511"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3511"
      },
      {
        "db": "BID",
        "id": "69079"
      },
      {
        "db": "PACKETSTORM",
        "id": "130299"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "130359"
      },
      {
        "db": "PACKETSTORM",
        "id": "131254"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3511"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-08-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3511"
      },
      {
        "date": "2014-08-06T00:00:00",
        "db": "BID",
        "id": "69079"
      },
      {
        "date": "2015-02-09T21:09:18",
        "db": "PACKETSTORM",
        "id": "130299"
      },
      {
        "date": "2015-03-18T00:44:34",
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "date": "2014-09-09T17:32:22",
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "date": "2015-03-13T17:11:00",
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "date": "2015-03-25T00:42:25",
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "date": "2015-06-29T15:35:42",
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "date": "2014-12-26T15:46:37",
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "date": "2015-05-29T23:37:43",
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "date": "2014-08-08T21:44:17",
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "date": "2016-06-02T19:12:12",
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "date": "2016-05-26T09:22:00",
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "date": "2015-05-29T23:37:11",
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "date": "2015-02-12T00:29:07",
        "db": "PACKETSTORM",
        "id": "130359"
      },
      {
        "date": "2015-04-02T00:37:56",
        "db": "PACKETSTORM",
        "id": "131254"
      },
      {
        "date": "2014-08-11T11:11:00",
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "date": "2014-08-06T12:12:12",
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "date": "2014-08-13T23:55:07.623000",
        "db": "NVD",
        "id": "CVE-2014-3511"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3511"
      },
      {
        "date": "2016-09-09T15:00:00",
        "db": "BID",
        "id": "69079"
      },
      {
        "date": "2023-11-07T02:20:10.770000",
        "db": "NVD",
        "id": "CVE-2014-3511"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "69079"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL CVE-2014-3511 Man in the Middle Security Bypass Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "69079"
      }
    ],
    "trust": 0.3
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "69079"
      }
    ],
    "trust": 0.3
  }
}

var-200609-0823
Vulnerability from variot

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL Library utility functions 1 First, output a list of encryption algorithms used for communication as a readable character string. SSL_get_shared_ciphers() there is. SSL_get_shared_ciphers() There is a buffer overflow vulnerability in the processing of.OpenSSL Any code may be executed with the privileges of the application that uses it. Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it.

Update:

There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

               VMware Security Advisory

Advisory ID: VMSA-2007-0001 Synopsis: VMware ESX server security updates Issue date: 2007-01-08 Updated on: 2007-01-08 CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-4980

  1. Summary:

Updated ESX Patches address several security issues.

  1. Relevant releases:

VMware ESX 3.0.1 without patch ESX-9986131 VMware ESX 3.0.0 without patch ESX-3069097

VMware ESX 2.5.4 prior to upgrade patch 3 VMware ESX 2.5.3 prior to upgrade patch 6 VMware ESX 2.1.3 prior to upgrade patch 4 VMware ESX 2.0.2 prior to upgrade patch 4

  1. Problem description:

Problems addressed by these patches:

a. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) assigned the name CVE-2006-3589 to this issue.

b. OpenSSL library vulnerabilities:

ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

(CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
allows remote attackers to cause a denial of service (infinite
loop and memory consumption) via malformed ASN.1 structures that
trigger an improperly handled error condition.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
CVE-2006-4339, and CVE-2006-4343 to these issues.

c. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

(CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
SSH protocol, allows remote attackers to cause a denial of service
(CPU consumption) via an SSH packet that contains duplicate blocks,
which is not properly handled by the CRC compensation attack
detector.

NOTE: ESX by default disables version 1 SSH protocol.

(CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
allows remote attackers to cause a denial of service (crash), and
possibly execute arbitrary code if GSSAPI authentication is enabled,
via unspecified vectors that lead to a double-free.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.

d. Object reuse problems with newly created virtual disk (.vmdk or .dsk) files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w.

e. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2006-4980 to this issue.
  1. Solution:

Please review the Patch notes for your version of ESX and verify the md5sum.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Contact:

http://www.vmware.com/security

VMware Security Response Policy http://www.vmware.com/vmtn/technology/security/security_response.html

E-mail: security@vmware.com

Copyright 2007 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE neFG0RikD74TCYeXKW6CBy4= =9/6k -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ASN.1 Denial of Service Attack (1/2)

 During the parsing of certain invalid ASN.1 structures an error
 condition is mishandled. This can result in an infinite loop which
 consumes system memory. ASN.1 Denial of Service Attack (2/2)

 Certain types of public key can take disproportionate amounts of
 time to process. This could be used by an attacker in a denial of
 service attack. SSL_get_shared_ciphers() Buffer Overflow

 A buffer overflow was discovered in the SSL_get_shared_ciphers()
 utility function. SSLv2 Client Crash

 A flaw in the SSLv2 client code was discovered.

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0823",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10cu2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0.8"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux personal",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "11"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "11 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "wizpy",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-26000"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.10"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.9"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "networks meridian option 61c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "systems management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.168"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "x8610.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux database server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "stonebeat fullcluster for gauntlet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1050"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "networks meridian option 51c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "aironet acs350 c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3502.6"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "6000"
      },
      {
        "model": "networks cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1000"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.5"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "fuji",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "networks meridian option 81c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.4"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "networks self-service mps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5000"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5.2"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "2700"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1740"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1010"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.1"
      },
      {
        "model": "networks communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1000"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0.0x64"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.50.3.45"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-45000"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-46000"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "17500"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5000"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "ciscosecure acs appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1111"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.6"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "networks ip address domain manager",
        "scope": null,
        "trust": 0.3,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "mds 9216i",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.3"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.10.2.65"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "networks meridian option 11c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0.1"
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1700"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "ciscosecure acs for windows and unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "stonebeat fullcluster for isa server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1100"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "networks wlan access point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "7250.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with the discovery of this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "20249"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-3738",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2006-3738",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-3738",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL Library utility functions 1 First, output a list of encryption algorithms used for communication as a readable character string. SSL_get_shared_ciphers() there is. SSL_get_shared_ciphers() There is a buffer overflow vulnerability in the processing of.OpenSSL Any code may be executed with the privileges of the application that uses it. \nSuccessfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2007-0001\nSynopsis:          VMware ESX server security updates\nIssue date:        2007-01-08\nUpdated on:        2007-01-08\nCVE:               CVE-2006-3589 CVE-2006-2937 CVE-2006-2940\n                   CVE-2006-3738 CVE-2006-4339 CVE-2006-4343\n                   CVE-2006-4980\n- -------------------------------------------------------------------\n\n1. Summary:\n\nUpdated ESX Patches address several security issues. \n\n2. Relevant releases:\n\nVMware ESX 3.0.1 without patch ESX-9986131\nVMware ESX 3.0.0 without patch ESX-3069097\n\nVMware ESX 2.5.4 prior to upgrade patch 3\nVMware ESX 2.5.3 prior to upgrade patch 6\nVMware ESX 2.1.3 prior to upgrade patch 4\nVMware ESX 2.0.2 prior to upgrade patch 4\n\n3. Problem description:\n\nProblems addressed by these patches:\n\na. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. The Common Vulnerabilities and Exposures project\n    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue. \n\nb. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,\n    CVE-2006-4339, and CVE-2006-4343 to these issues. \n\nc. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4\n    allows remote attackers to cause a denial of service (crash), and\n    possibly execute arbitrary code if GSSAPI authentication is enabled,\n    via unspecified vectors that lead to a double-free. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,\n    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues. \n\nd. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. \n\ne. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the name CVE-2006-4980 to this issue. \n\n4. Solution:\n\nPlease review the Patch notes for your version of ESX and verify the md5sum. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. Contact:\n\nhttp://www.vmware.com/security\n\nVMware Security Response Policy\nhttp://www.vmware.com/vmtn/technology/security/security_response.html\n\nE-mail:  security@vmware.com\n\nCopyright 2007 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE\nneFG0RikD74TCYeXKW6CBy4=\n=9/6k\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ASN.1 Denial of Service Attack (1/2)\n\n     During the parsing of certain invalid ASN.1 structures an error\n     condition is mishandled. This can result in an infinite loop which\n     consumes system memory. ASN.1 Denial of Service Attack (2/2)\n\n     Certain types of public key can take disproportionate amounts of\n     time to process. This could be used by an attacker in a denial of\n     service attack. SSL_get_shared_ciphers() Buffer Overflow\n\n     A buffer overflow was discovered in the SSL_get_shared_ciphers()\n     utility function. SSLv2 Client Crash\n \n     A flaw in the SSLv2 client code was discovered. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nReferences: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      }
    ],
    "trust": 4.77
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 2.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 2.9
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22654",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22633",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30161",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4314",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4443",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29262",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "TA07-017A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "id": "VAR-200609-0823",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.346980685
  },
  "last_update_date": "2024-06-17T11:20:51.586000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Critical Patch Update - January 2007",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "openssl (V2.x)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1003"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102711",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "TLSA-2007-52",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2007/tlsa-2007-52.txt"
      },
      {
        "title": "Critical Patch Update - January 2007",
        "trust": 0.8,
        "url": "http://otn.oracle.co.jp/security/070119_77/top.html"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      },
      {
        "title": "TLSA-2007-52",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2007/tlsa-2007-52j.txt"
      },
      {
        "title": "vu386964-547300",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/vu386964-547300.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.7,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/547300"
      },
      {
        "trust": 1.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20249"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.2,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22633"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22654"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30161"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29262"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4314"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4443"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026documentoid=498093\u0026renditionid=\u0026poid=8881"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4256"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9370"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta07-017a/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta07-017a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3738"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta07-017a.html"
      },
      {
        "trust": 0.4,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.4,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/en/support/security_advisories/2909_2006.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "/archive/1/481217"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www116.nortelnetworks.com/pub/repository/clarify/document/2006/44/021420-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.3,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20249"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2006-10-04T00:47:19",
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2011-05-10T00:45:11",
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2011-05-09T19:52:00",
        "db": "BID",
        "id": "20249"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "date": "2018-10-17T21:29:08.090000",
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20249"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "20249"
      }
    ],
    "trust": 0.3
  }
}

var-201712-0248
Vulnerability from variot

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. This vulnerability CVE-2017-3736 , CVE-2017-3732 and CVE-2015-3193 Similar problem.It may be affected unspecified. Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

After installing the updated packages, the httpd daemon will be restarted automatically. =========================================================================== Ubuntu Security Notice USN-3512-1 December 11, 2017

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 17.04
  • Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

David Benjamin discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions. While unlikely, a remote attacker could possibly use this issue to recover private keys. (CVE-2017-3738)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10: libssl1.0.0 1.0.2g-1ubuntu13.3

Ubuntu 17.04: libssl1.0.0 1.0.2g-1ubuntu11.4

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.10

After a standard system update you need to reboot your computer to make all the necessary changes. Corrected: 2017-12-07 18:04:48 UTC (stable/11, 11.1-STABLE) 2017-12-09 03:44:26 UTC (releng/11.1, 11.1-RELEASE-p6) 2017-12-09 03:41:31 UTC (stable/10, 10.4-STABLE) 2017-12-09 03:45:23 UTC (releng/10.4, 10.4-RELEASE-p5) 2017-12-09 03:45:23 UTC (releng/10.3, 10.3-RELEASE-p26) CVE Name: CVE-2017-3737, CVE-2017-3738

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project. It is also a full-strength general purpose cryptography library.

II. Problem Description

Invoking SSL_read()/SSL_write() while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer.

In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. [CVE-2017-3738] This bug only affects FreeBSD 11.x.

III. Impact

Applications with incorrect error handling may inappropriately pass unencrypted data. [CVE-2017-3737]

Mishandling of carry propagation will produce incorrect output, and make it easier for a remote attacker to obtain sensitive private-key information. [CVE-2017-3738]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

Restart all daemons that use the library, or reboot the system.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

Restart all daemons that use the library, or reboot the system.

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.x]

fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-10.patch

fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-10.patch.asc

gpg --verify openssl-10.patch.asc

[FreeBSD 11.x]

fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-11.patch

fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-11.patch.asc

gpg --verify openssl-11.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all daemons that use the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/10/ r326721 releng/10.3/ r326723 releng/10.4/ r326723 stable/11/ r326663 releng/11.1/ r326722

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2018:0998-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0998 Issue date: 2018-04-10 CVE Names: CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)

  • openssl: Read/write after SSL object in error state (CVE-2017-3737)

  • openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.2k-12.el7.src.rpm

x86_64: openssl-1.0.2k-12.el7.x86_64.rpm openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-libs-1.0.2k-12.el7.i686.rpm openssl-libs-1.0.2k-12.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-devel-1.0.2k-12.el7.i686.rpm openssl-devel-1.0.2k-12.el7.x86_64.rpm openssl-perl-1.0.2k-12.el7.x86_64.rpm openssl-static-1.0.2k-12.el7.i686.rpm openssl-static-1.0.2k-12.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.2k-12.el7.src.rpm

x86_64: openssl-1.0.2k-12.el7.x86_64.rpm openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-libs-1.0.2k-12.el7.i686.rpm openssl-libs-1.0.2k-12.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-devel-1.0.2k-12.el7.i686.rpm openssl-devel-1.0.2k-12.el7.x86_64.rpm openssl-perl-1.0.2k-12.el7.x86_64.rpm openssl-static-1.0.2k-12.el7.i686.rpm openssl-static-1.0.2k-12.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.2k-12.el7.src.rpm

ppc64: openssl-1.0.2k-12.el7.ppc64.rpm openssl-debuginfo-1.0.2k-12.el7.ppc.rpm openssl-debuginfo-1.0.2k-12.el7.ppc64.rpm openssl-devel-1.0.2k-12.el7.ppc.rpm openssl-devel-1.0.2k-12.el7.ppc64.rpm openssl-libs-1.0.2k-12.el7.ppc.rpm openssl-libs-1.0.2k-12.el7.ppc64.rpm

ppc64le: openssl-1.0.2k-12.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-12.el7.ppc64le.rpm openssl-devel-1.0.2k-12.el7.ppc64le.rpm openssl-libs-1.0.2k-12.el7.ppc64le.rpm

s390x: openssl-1.0.2k-12.el7.s390x.rpm openssl-debuginfo-1.0.2k-12.el7.s390.rpm openssl-debuginfo-1.0.2k-12.el7.s390x.rpm openssl-devel-1.0.2k-12.el7.s390.rpm openssl-devel-1.0.2k-12.el7.s390x.rpm openssl-libs-1.0.2k-12.el7.s390.rpm openssl-libs-1.0.2k-12.el7.s390x.rpm

x86_64: openssl-1.0.2k-12.el7.x86_64.rpm openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-devel-1.0.2k-12.el7.i686.rpm openssl-devel-1.0.2k-12.el7.x86_64.rpm openssl-libs-1.0.2k-12.el7.i686.rpm openssl-libs-1.0.2k-12.el7.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source: openssl-1.0.2k-12.el7.src.rpm

aarch64: openssl-1.0.2k-12.el7.aarch64.rpm openssl-debuginfo-1.0.2k-12.el7.aarch64.rpm openssl-devel-1.0.2k-12.el7.aarch64.rpm openssl-libs-1.0.2k-12.el7.aarch64.rpm

ppc64le: openssl-1.0.2k-12.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-12.el7.ppc64le.rpm openssl-devel-1.0.2k-12.el7.ppc64le.rpm openssl-libs-1.0.2k-12.el7.ppc64le.rpm

s390x: openssl-1.0.2k-12.el7.s390x.rpm openssl-debuginfo-1.0.2k-12.el7.s390.rpm openssl-debuginfo-1.0.2k-12.el7.s390x.rpm openssl-devel-1.0.2k-12.el7.s390.rpm openssl-devel-1.0.2k-12.el7.s390x.rpm openssl-libs-1.0.2k-12.el7.s390.rpm openssl-libs-1.0.2k-12.el7.s390x.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64: openssl-debuginfo-1.0.2k-12.el7.aarch64.rpm openssl-perl-1.0.2k-12.el7.aarch64.rpm openssl-static-1.0.2k-12.el7.aarch64.rpm

ppc64le: openssl-debuginfo-1.0.2k-12.el7.ppc64le.rpm openssl-perl-1.0.2k-12.el7.ppc64le.rpm openssl-static-1.0.2k-12.el7.ppc64le.rpm

s390x: openssl-debuginfo-1.0.2k-12.el7.s390.rpm openssl-debuginfo-1.0.2k-12.el7.s390x.rpm openssl-perl-1.0.2k-12.el7.s390x.rpm openssl-static-1.0.2k-12.el7.s390.rpm openssl-static-1.0.2k-12.el7.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.2k-12.el7.ppc.rpm openssl-debuginfo-1.0.2k-12.el7.ppc64.rpm openssl-perl-1.0.2k-12.el7.ppc64.rpm openssl-static-1.0.2k-12.el7.ppc.rpm openssl-static-1.0.2k-12.el7.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.2k-12.el7.ppc64le.rpm openssl-perl-1.0.2k-12.el7.ppc64le.rpm openssl-static-1.0.2k-12.el7.ppc64le.rpm

s390x: openssl-debuginfo-1.0.2k-12.el7.s390.rpm openssl-debuginfo-1.0.2k-12.el7.s390x.rpm openssl-perl-1.0.2k-12.el7.s390x.rpm openssl-static-1.0.2k-12.el7.s390.rpm openssl-static-1.0.2k-12.el7.s390x.rpm

x86_64: openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-perl-1.0.2k-12.el7.x86_64.rpm openssl-static-1.0.2k-12.el7.i686.rpm openssl-static-1.0.2k-12.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.2k-12.el7.src.rpm

x86_64: openssl-1.0.2k-12.el7.x86_64.rpm openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-devel-1.0.2k-12.el7.i686.rpm openssl-devel-1.0.2k-12.el7.x86_64.rpm openssl-libs-1.0.2k-12.el7.i686.rpm openssl-libs-1.0.2k-12.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-perl-1.0.2k-12.el7.x86_64.rpm openssl-static-1.0.2k-12.el7.i686.rpm openssl-static-1.0.2k-12.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2017-3736 https://access.redhat.com/security/cve/CVE-2017-3737 https://access.redhat.com/security/cve/CVE-2017-3738 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/7/html/7.5_release_notes/index.html

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFazHmPXlSAg2UNWIIRAqu6AKDErP0kbrPwLuGhT0FWhHa/Os9K1gCfRI4r j0HnnUq1AsYgW3JsOqRcuTk= =hlqc -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:

This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):

JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7

Gentoo Linux Security Advisory GLSA 201712-03

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 14, 2017 Bugs: #629290, #636264, #640172 ID: 201712-03

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2n >= 1.0.2n

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details.

Impact

A remote attacker could cause a Denial of Service condition, recover a private key in unlikely circumstances, circumvent security restrictions to perform unauthorized actions, or gain access to sensitive information.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2n"

References

[ 1 ] CVE-2017-3735 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3735 [ 2 ] CVE-2017-3736 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3736 [ 3 ] CVE-2017-3737 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3737 [ 4 ] CVE-2017-3738 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3738

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201712-03

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

--IrEhWFjxIJsFtqH1v1HHQsLm3nLmhNeP4--

. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call.

OpenSSL 1.0.2 users should upgrade to 1.0.2n

This issue was reported to OpenSSL on 10th November 2017 by David Benjamin (Google). The fix was proposed by David Benjamin and implemented by Matt Caswell of the OpenSSL development team.

OpenSSL 1.0.2 users should upgrade to 1.0.2n

This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin (Google). The issue was originally found via the OSS-Fuzz project.

Note

Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20171207.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . OpenSSL Security Advisory [27 Mar 2018] ========================================

Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)

Severity: Moderate

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.

Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)

Severity: Moderate

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0248",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2l"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "9.2.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0a"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.9.0"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.1.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0c"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.9.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0g"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.8.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "9.0.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2g"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.12.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2m"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.8.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0b"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.2.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.9.3"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.0.0"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.8.1"
      },
      {
        "model": "gnu/linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "openssl",
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "edge gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "cosminexus http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "automation director",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "( overseas edition )"
      },
      {
        "model": "automation director",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "( domestic version )"
      },
      {
        "model": "compute systems manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "configuration manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "device manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "global link manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "infrastructure analytics advisor",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "replication manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "tiered storage manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "tuning manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/automatic job management system 3",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- web console (windows"
      },
      {
        "model": "jp1/automatic job management system 3",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "linux)"
      },
      {
        "model": "jp1/automatic operation",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/it desktop management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "2 - smart device manager"
      },
      {
        "model": "jp1/operations analytics",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/performance management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- web console"
      },
      {
        "model": "jp1/snmp system observer",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "-r"
      },
      {
        "model": "ucosminexus developer",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus service platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011252"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-216"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3738"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.8.1",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.8.1",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.1",
                "versionStartIncluding": "9.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.9.3",
                "versionStartIncluding": "8.9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.12.2",
                "versionStartIncluding": "6.9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.8.7",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3738"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "147117"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2017-3738",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-3738",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-3738",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-3738",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201712-216",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-3738",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3738"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011252"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-216"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3738"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. This vulnerability CVE-2017-3736 , CVE-2017-3732 and CVE-2015-3193 Similar problem.It may be affected unspecified. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n===========================================================================\nUbuntu Security Notice USN-3512-1\nDecember 11, 2017\n\nopenssl vulnerabilities\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.10\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nDavid Benjamin discovered that OpenSSL did not correctly prevent\nbuggy applications that ignore handshake errors from subsequently calling\ncertain functions. While unlikely, a remote attacker could possibly\nuse this issue to recover private keys. (CVE-2017-3738)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.10:\n  libssl1.0.0                     1.0.2g-1ubuntu13.3\n\nUbuntu 17.04:\n  libssl1.0.0                     1.0.2g-1ubuntu11.4\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.10\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \nCorrected:      2017-12-07 18:04:48 UTC (stable/11, 11.1-STABLE)\n                2017-12-09 03:44:26 UTC (releng/11.1, 11.1-RELEASE-p6)\n                2017-12-09 03:41:31 UTC (stable/10, 10.4-STABLE)\n                2017-12-09 03:45:23 UTC (releng/10.4, 10.4-RELEASE-p5)\n                2017-12-09 03:45:23 UTC (releng/10.3, 10.3-RELEASE-p26)\nCVE Name:       CVE-2017-3737, CVE-2017-3738\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project.  It is also a full-strength general purpose\ncryptography library. \n\nII.  Problem Description\n\nInvoking SSL_read()/SSL_write() while in an error state causes data to be\npassed without being decrypted/encrypted directly from the SSL/TLS record\nlayer. \n\nIn order to exploit this issue an application bug would have to be present\nthat resulted in a call to SSL_read()/SSL_write() being issued after having\nalready received a fatal error.  [CVE-2017-3738]  This bug only affects FreeBSD 11.x. \n\nIII. Impact\n\nApplications with incorrect error handling may inappropriately pass\nunencrypted data.  [CVE-2017-3737]\n\nMishandling of carry propagation will produce incorrect output, and make it\neasier for a remote attacker to obtain sensitive private-key information.  [CVE-2017-3738]\n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nRestart all daemons that use the library, or reboot the system. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nRestart all daemons that use the library, or reboot the system. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.x]\n# fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-10.patch\n# fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-10.patch.asc\n# gpg --verify openssl-10.patch.asc\n\n[FreeBSD 11.x]\n# fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-11.patch\n# fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-11.patch.asc\n# gpg --verify openssl-11.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all daemons that use the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/10/                                                        r326721\nreleng/10.3/                                                      r326723\nreleng/10.4/                                                      r326723\nstable/11/                                                        r326663\nreleng/11.1/                                                      r326722\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security and bug fix update\nAdvisory ID:       RHSA-2018:0998-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2018:0998\nIssue date:        2018-04-10\nCVE Names:         CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.5 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.2k-12.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-12.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-12.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-12.el7.x86_64.rpm\nopenssl-libs-1.0.2k-12.el7.i686.rpm\nopenssl-libs-1.0.2k-12.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-12.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-12.el7.x86_64.rpm\nopenssl-devel-1.0.2k-12.el7.i686.rpm\nopenssl-devel-1.0.2k-12.el7.x86_64.rpm\nopenssl-perl-1.0.2k-12.el7.x86_64.rpm\nopenssl-static-1.0.2k-12.el7.i686.rpm\nopenssl-static-1.0.2k-12.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.2k-12.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-12.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-12.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-12.el7.x86_64.rpm\nopenssl-libs-1.0.2k-12.el7.i686.rpm\nopenssl-libs-1.0.2k-12.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-12.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-12.el7.x86_64.rpm\nopenssl-devel-1.0.2k-12.el7.i686.rpm\nopenssl-devel-1.0.2k-12.el7.x86_64.rpm\nopenssl-perl-1.0.2k-12.el7.x86_64.rpm\nopenssl-static-1.0.2k-12.el7.i686.rpm\nopenssl-static-1.0.2k-12.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.2k-12.el7.src.rpm\n\nppc64:\nopenssl-1.0.2k-12.el7.ppc64.rpm\nopenssl-debuginfo-1.0.2k-12.el7.ppc.rpm\nopenssl-debuginfo-1.0.2k-12.el7.ppc64.rpm\nopenssl-devel-1.0.2k-12.el7.ppc.rpm\nopenssl-devel-1.0.2k-12.el7.ppc64.rpm\nopenssl-libs-1.0.2k-12.el7.ppc.rpm\nopenssl-libs-1.0.2k-12.el7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.2k-12.el7.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-12.el7.ppc64le.rpm\nopenssl-devel-1.0.2k-12.el7.ppc64le.rpm\nopenssl-libs-1.0.2k-12.el7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-12.el7.s390x.rpm\nopenssl-debuginfo-1.0.2k-12.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-12.el7.s390x.rpm\nopenssl-devel-1.0.2k-12.el7.s390.rpm\nopenssl-devel-1.0.2k-12.el7.s390x.rpm\nopenssl-libs-1.0.2k-12.el7.s390.rpm\nopenssl-libs-1.0.2k-12.el7.s390x.rpm\n\nx86_64:\nopenssl-1.0.2k-12.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-12.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-12.el7.x86_64.rpm\nopenssl-devel-1.0.2k-12.el7.i686.rpm\nopenssl-devel-1.0.2k-12.el7.x86_64.rpm\nopenssl-libs-1.0.2k-12.el7.i686.rpm\nopenssl-libs-1.0.2k-12.el7.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nopenssl-1.0.2k-12.el7.src.rpm\n\naarch64:\nopenssl-1.0.2k-12.el7.aarch64.rpm\nopenssl-debuginfo-1.0.2k-12.el7.aarch64.rpm\nopenssl-devel-1.0.2k-12.el7.aarch64.rpm\nopenssl-libs-1.0.2k-12.el7.aarch64.rpm\n\nppc64le:\nopenssl-1.0.2k-12.el7.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-12.el7.ppc64le.rpm\nopenssl-devel-1.0.2k-12.el7.ppc64le.rpm\nopenssl-libs-1.0.2k-12.el7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-12.el7.s390x.rpm\nopenssl-debuginfo-1.0.2k-12.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-12.el7.s390x.rpm\nopenssl-devel-1.0.2k-12.el7.s390.rpm\nopenssl-devel-1.0.2k-12.el7.s390x.rpm\nopenssl-libs-1.0.2k-12.el7.s390.rpm\nopenssl-libs-1.0.2k-12.el7.s390x.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.2k-12.el7.aarch64.rpm\nopenssl-perl-1.0.2k-12.el7.aarch64.rpm\nopenssl-static-1.0.2k-12.el7.aarch64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-12.el7.ppc64le.rpm\nopenssl-perl-1.0.2k-12.el7.ppc64le.rpm\nopenssl-static-1.0.2k-12.el7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-12.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-12.el7.s390x.rpm\nopenssl-perl-1.0.2k-12.el7.s390x.rpm\nopenssl-static-1.0.2k-12.el7.s390.rpm\nopenssl-static-1.0.2k-12.el7.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.2k-12.el7.ppc.rpm\nopenssl-debuginfo-1.0.2k-12.el7.ppc64.rpm\nopenssl-perl-1.0.2k-12.el7.ppc64.rpm\nopenssl-static-1.0.2k-12.el7.ppc.rpm\nopenssl-static-1.0.2k-12.el7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-12.el7.ppc64le.rpm\nopenssl-perl-1.0.2k-12.el7.ppc64le.rpm\nopenssl-static-1.0.2k-12.el7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-12.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-12.el7.s390x.rpm\nopenssl-perl-1.0.2k-12.el7.s390x.rpm\nopenssl-static-1.0.2k-12.el7.s390.rpm\nopenssl-static-1.0.2k-12.el7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-12.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-12.el7.x86_64.rpm\nopenssl-perl-1.0.2k-12.el7.x86_64.rpm\nopenssl-static-1.0.2k-12.el7.i686.rpm\nopenssl-static-1.0.2k-12.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.2k-12.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-12.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-12.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-12.el7.x86_64.rpm\nopenssl-devel-1.0.2k-12.el7.i686.rpm\nopenssl-devel-1.0.2k-12.el7.x86_64.rpm\nopenssl-libs-1.0.2k-12.el7.i686.rpm\nopenssl-libs-1.0.2k-12.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-12.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-12.el7.x86_64.rpm\nopenssl-perl-1.0.2k-12.el7.x86_64.rpm\nopenssl-static-1.0.2k-12.el7.i686.rpm\nopenssl-static-1.0.2k-12.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-3736\nhttps://access.redhat.com/security/cve/CVE-2017-3737\nhttps://access.redhat.com/security/cve/CVE-2017-3738\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/7/html/7.5_release_notes/index.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFazHmPXlSAg2UNWIIRAqu6AKDErP0kbrPwLuGhT0FWhHa/Os9K1gCfRI4r\nj0HnnUq1AsYgW3JsOqRcuTk=\n=hlqc\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360\nInc.) as the original reporter of CVE-2016-6306. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-373 - Errata for httpd 2.4.29 GA RHEL 7\n\n7. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201712-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 14, 2017\n     Bugs: #629290, #636264, #640172\n       ID: 201712-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nmay lead to a Denial of Service condition. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2n                  \u003e= 1.0.2n\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe referenced CVE identifiers for details. \n\nImpact\n======\n\nA remote attacker could cause a Denial of Service condition, recover a\nprivate key in unlikely circumstances, circumvent security restrictions\nto perform unauthorized actions, or gain access to sensitive\ninformation. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2n\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-3735\n      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3735\n[ 2 ] CVE-2017-3736\n      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3736\n[ 3 ] CVE-2017-3737\n      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3737\n[ 4 ] CVE-2017-3738\n      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3738\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201712-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--IrEhWFjxIJsFtqH1v1HHQsLm3nLmhNeP4--\n\n. The intent was that if a fatal error occurred during a handshake then\nOpenSSL would move into the error state and would immediately fail if you\nattempted to continue the handshake. This works as designed for the explicit\nhandshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()),\nhowever due to a bug it does not work correctly if SSL_read() or SSL_write() is\ncalled directly. In that scenario, if the handshake fails then a fatal error\nwill be returned in the initial function call. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2n\n\nThis issue was reported to OpenSSL on 10th November 2017 by David Benjamin\n(Google). The fix was proposed by David Benjamin and implemented by Matt Caswell\nof the OpenSSL development team. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2n\n\nThis issue was reported to OpenSSL on 22nd November 2017 by David Benjamin\n(Google). The issue was originally found via the OSS-Fuzz project. \n\nNote\n====\n\nSupport for version 1.0.1 ended on 31st December 2016. Support for versions\n0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer\nreceiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20171207.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n. \nOpenSSL Security Advisory [27 Mar 2018]\n========================================\n\nConstructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)\n==========================================================================================\n\nSeverity: Moderate\n\nConstructed ASN.1 types with a recursive definition (such as can be found in\nPKCS7) could eventually exceed the stack given malicious input with\nexcessive recursion. This could result in a Denial Of Service attack. There are\nno such structures used within SSL/TLS that come from untrusted sources so this\nis considered safe. \n\nIncorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)\n========================================================\n\nSeverity: Moderate\n\nBecause of an implementation bug the PA-RISC CRYPTO_memcmp function is\neffectively reduced to only comparing the least significant bit of each byte. \nThis allows an attacker to forge messages that would be considered as\nauthenticated in an amount of tries lower than that guaranteed by the security\nclaims of the scheme. The module can only be compiled by the HP-UX assembler, so\nthat only HP-UX PA-RISC targets are affected",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3738"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011252"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3738"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "145372"
      },
      {
        "db": "PACKETSTORM",
        "id": "145367"
      },
      {
        "db": "PACKETSTORM",
        "id": "147117"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "145423"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "169626"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3738",
        "trust": 3.4
      },
      {
        "db": "TENABLE",
        "id": "TNS-2018-04",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2018-07",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2017-16",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2018-06",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "102118",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1039978",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU93502675",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011252",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4645",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2261",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1089",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2536",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1054",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-216",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3738",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148521",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148525",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145372",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145367",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "147117",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148524",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145423",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169655",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169626",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3738"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011252"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "145372"
      },
      {
        "db": "PACKETSTORM",
        "id": "145367"
      },
      {
        "db": "PACKETSTORM",
        "id": "147117"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "145423"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "169626"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-216"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3738"
      }
    ]
  },
  "id": "VAR-201712-0248",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22708334
  },
  "last_update_date": "2024-07-22T21:26:50.899000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DSA-4065",
        "trust": 0.8,
        "url": "https://www.debian.org/security/2017/dsa-4065"
      },
      {
        "title": "hitachi-sec-2018-106",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-106/index.html"
      },
      {
        "title": "hitachi-sec-2018-124",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-124/index.html"
      },
      {
        "title": "hitachi-sec-2019-105",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-105/index.html"
      },
      {
        "title": "NV18-010",
        "trust": 0.8,
        "url": "https://jpn.nec.com/security-info/secinfo/nv18-010.html"
      },
      {
        "title": "NTAP-20171208-0001",
        "trust": 0.8,
        "url": "https://security.netapp.com/advisory/ntap-20171208-0001/"
      },
      {
        "title": "Data Confidentiality/Integrity Vulnerability, December 2017",
        "trust": 0.8,
        "url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/"
      },
      {
        "title": "Read/write after SSL object in error state (CVE-2017-3737)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20171207.txt"
      },
      {
        "title": "hitachi-sec-2018-106",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2018-106/index.html"
      },
      {
        "title": "hitachi-sec-2018-124",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2018-124/index.html"
      },
      {
        "title": "hitachi-sec-2019-105",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2019-105/index.html"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76995"
      },
      {
        "title": "Red Hat: Moderate: openssl security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20180998 - security advisory"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3512-1"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182186 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182187 - security advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-4157-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c79d1e1d762e93b378a3fac64f240919"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29  RHEL 7 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182185 - security advisory"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=29a34ceeb17cecefa4b82c6b5a2da56d"
      },
      {
        "title": "Red Hat: CVE-2017-3738",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-3738"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-3738"
      },
      {
        "title": "Hitachi Security Advisories: Multiple Vulnerabilities in JP1",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-105"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201804-6] lib32-openssl: private key recovery",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201804-6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2018-1016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-1016"
      },
      {
        "title": "Symantec Security Advisories: SA159: OpenSSL Vulnerabilities 7-Dec-2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=7a23414ce58f57534a106c24bd753c6b"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201804-2] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201804-2"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2018-1004",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2018-1004"
      },
      {
        "title": "Tenable Security Advisories: [R1] OpenSSL Stand-alone Patch Available for SecurityCenter versions 5.0 or Later",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2018-04"
      },
      {
        "title": "Tenable Security Advisories: [R1] Industrial Security 1.1.0 Fixes One Third-party Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2018-06"
      },
      {
        "title": "Tenable Security Advisories: [R2] SecurityCenter 5.6.1 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2017-16"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201712-11] lib32-openssl-1.0: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201712-11"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus Network Monitor 5.5.0 Fixes One Third-party Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2018-07"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=72fe5ebf222112c8481815fd7cefc7af"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f5bb2b180c7c77e5a02747a1f31830d9"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=ae57a14ec914f60b7203332a77613077"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=525e4e31765e47b9e53b24e880af9d6e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "core-kit",
        "trust": 0.1,
        "url": "https://github.com/funtoo/core-kit "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3738"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011252"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-216"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011252"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3738"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/102118"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/errata/rhsa-2018:0998"
      },
      {
        "trust": 1.8,
        "url": "https://www.openssl.org/news/secadv/20171207.txt"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201712-03"
      },
      {
        "trust": 1.8,
        "url": "https://www.openssl.org/news/secadv/20180327.txt"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2187"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2186"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2185"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1039978"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20171208-0001/"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-17:12.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2017/dsa-4065"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2017-16"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2018/dsa-4157"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2018-04"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2018-07"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2018-06"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbst03881en_us"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
      },
      {
        "trust": 1.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3738"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3738"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu93502675"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3737"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3736"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887987"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887995"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887989"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887985"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887991"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2261/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2536/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10887987"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10879093"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/78218"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/78082"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10888295"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2017-3737"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2017-3738"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2017-3736"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3731"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-6306"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3732"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2182"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-7055"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-6302"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.2,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0701"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3512-1/"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=56193"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu13.3"
      },
      {
        "trust": 0.1,
        "url": "https://www.ubuntu.com/usn/usn-3512-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu11.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.10"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20171207.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3738\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-17:12/openssl-10.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-17:12/openssl-11.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3737\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-17:12/openssl-11.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-17:12.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-17:12/openssl-10.patch"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.5_release_notes/index.html"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3737"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3735"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0739"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0733"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3738"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011252"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "145372"
      },
      {
        "db": "PACKETSTORM",
        "id": "145367"
      },
      {
        "db": "PACKETSTORM",
        "id": "147117"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "145423"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "169626"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-216"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3738"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3738"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011252"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "145372"
      },
      {
        "db": "PACKETSTORM",
        "id": "145367"
      },
      {
        "db": "PACKETSTORM",
        "id": "147117"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "145423"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "169626"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-216"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3738"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3738"
      },
      {
        "date": "2018-01-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011252"
      },
      {
        "date": "2018-07-12T21:45:18",
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "date": "2018-07-12T21:48:57",
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "date": "2017-12-12T05:29:29",
        "db": "PACKETSTORM",
        "id": "145372"
      },
      {
        "date": "2017-12-12T05:27:14",
        "db": "PACKETSTORM",
        "id": "145367"
      },
      {
        "date": "2018-04-11T01:25:17",
        "db": "PACKETSTORM",
        "id": "147117"
      },
      {
        "date": "2018-07-12T21:48:49",
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "date": "2017-12-15T14:15:17",
        "db": "PACKETSTORM",
        "id": "145423"
      },
      {
        "date": "2017-12-07T12:12:12",
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "date": "2018-03-27T12:12:12",
        "db": "PACKETSTORM",
        "id": "169626"
      },
      {
        "date": "2017-12-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-216"
      },
      {
        "date": "2017-12-07T16:29:00.240000",
        "db": "NVD",
        "id": "CVE-2017-3738"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-08-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3738"
      },
      {
        "date": "2018-08-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011252"
      },
      {
        "date": "2022-08-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-216"
      },
      {
        "date": "2022-08-19T11:49:42.737000",
        "db": "NVD",
        "id": "CVE-2017-3738"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "145372"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-216"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011252"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-216"
      }
    ],
    "trust": 0.6
  }
}

var-201501-0442
Vulnerability from variot

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. OpenSSL is prone to a local security-bypass vulnerability. Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks.

Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe

Easy Update Via ThinPro / EasyUpdate (x86):

http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar

Via ThinPro / EasyUpdate (ARM):

http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar

Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem. 5 client) - i386, x86_64

  1. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-0289)

Red Hat would like to thank the OpenSSL project for reporting CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Emilia Käsper of the OpenSSL development team as the original reporter of CVE-2015-0287, Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewski of Google as the original reporter of CVE-2015-0289, Robert Dugal and David Ramos as the original reporters of CVE-2015-0292, and Sean Burford of Google and Emilia Käsper of the OpenSSL development team as the original reporters of CVE-2015-0293. This could lead to a Denial Of Service attack (CVE-2014-3571). In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion (CVE-2015-0206). This effectively removes forward secrecy from the ciphersuite (CVE-2014-3572). A server could present a weak temporary key and downgrade the security of the session (CVE-2015-0204). This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered (CVE-2015-0205).

OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected (CVE-2014-8275).

The updated packages have been upgraded to the 1.0.0p version where these security flaws has been fixed.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 https://www.openssl.org/news/secadv_20150108.txt

Updated Packages:

Mandriva Business Server 1/X86_64: 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb LHbCdAkBpYHYSuaUwpiAu1w= =ePa9 -----END PGP SIGNATURE----- . HP SSL for OpenVMS: All versions prior to 1.4-502.

HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the following locations:

- HP SSL for OpenVMS website:

  http://h71000.www7.hp.com/openvms/products/ssl/ssl.html

- HP Support Center website:

  https://h20566.www2.hp.com/portal/site/hpsc/patch/home

  Note: Login using your HP Passport account. -----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04774019

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04774019 Version: 1

HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-08-24 Last Updated: 2015-08-24

Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.

References:

CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:

HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment

HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:

http://www.hp.com/go/insightupdates

Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.

HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.

HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location

HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744

HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=

HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169

HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115

HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021

HISTORY Version:1 (rev.1) - 24 August 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.

A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571)

A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206)

It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)

It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user. (CVE-2014-3572)

It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)

Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)

It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205)

All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-30.el6_6.5.src.rpm

i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-30.el6_6.5.src.rpm

x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-30.el6_6.5.src.rpm

i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm

ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm

s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm

x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-30.el6_6.5.src.rpm

i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-34.el7_0.7.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-34.el7_0.7.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-34.el7_0.7.src.rpm

ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm

s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm

x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-34.el7_0.7.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.

References:

CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101885

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The updates are available from either of the following sites:

ftp://sl098ze:Secure12@h2.usa.hp.com

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I

HP-UX Release HP-UX OpenSSL depot name

B.11.11 (11i v1) OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot

B.11.23 (11i v2) OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot

B.11.31 (11i v3) OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot

MANUAL ACTIONS: Yes - Update

Install OpenSSL A.00.09.08ze or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0442",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "powerlinux 7r2",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "communications core session manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "7.3.5"
      },
      {
        "model": "communications core session manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "7.2.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zc"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7200"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7700"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7800"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7100"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.1"
      },
      {
        "model": "sparc enterprise m3000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.3"
      },
      {
        "model": "ip38x/fw120",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "rev.11.03.08 before"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "sparc enterprise m5000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "agent 8.0"
      },
      {
        "model": "sparc enterprise m9000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.2"
      },
      {
        "model": "xcp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "2260"
      },
      {
        "model": "sparc enterprise m4000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 5.0"
      },
      {
        "model": "ip38x/sr100",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.63"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle mobile security suite mss 3.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.71"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "agent 8.0 2007 update release 2"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r3"
      },
      {
        "model": "ip38x/3000",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r2"
      },
      {
        "model": "ip38x/58i",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "3.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "xcp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "ip38x/1200",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.1"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.22 and earlier"
      },
      {
        "model": "ip38x/3500",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.4"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.4"
      },
      {
        "model": "ip38x/n500",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r1"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.2"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 10.0"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.3"
      },
      {
        "model": "ip38x/1210",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "xcp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1120"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 5.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.1"
      },
      {
        "model": "xcp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "(fujitsu m10-1/m10-4/m10-4s server )"
      },
      {
        "model": "sparc enterprise m8000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "ip38x/5000",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.1"
      },
      {
        "model": "ip38x/810",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "rev.11.01.21 before"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7400"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "5200"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "5700"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7300"
      },
      {
        "model": "powerlinux 7r1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.5"
      },
      {
        "model": "mate collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7600"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.60"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "bladecenter advanced management module 25r5778",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "power system s822",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "es750",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1948"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "783.00"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5205635"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.80"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system p270 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7954-24x)0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22025850"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "6"
      },
      {
        "model": "power systems e870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.4"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.50"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.3"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355042540"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.1"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "85100"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.0"
      },
      {
        "model": "one-x client enablement services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "cms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "17.0"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.2"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "flex system p260 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-23x)0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "junos os 13.3r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.19"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.1"
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "prime security manager 04.8 qa08",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.70"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.21"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "cognos planning interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.4"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0-68"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355041980"
      },
      {
        "model": "power systems 350.c0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.842"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5750"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "flex system manager node types",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79550"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2-77"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "telepresence te software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "linux enterprise software development kit sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.1.11"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350073830"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "7"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.2.2.2"
      },
      {
        "model": "network configuration and change management service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "policycenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37001.1"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.8"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "power system s814",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.2"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310025820"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.21"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.60"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.3"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.6.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "10.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.40"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power systems 350.b1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "cognos planning interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.12"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24087380"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power systems 350.e0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.21"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "alienvault",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.1"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.96"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50001.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "es1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "power systems 350.e1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6.156"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.00"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.8"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12"
      },
      {
        "model": "system management homepage c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079450"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "enterprise content delivery service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4(7.26)"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8.0.10"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.19"
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.4"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "aura communication manager ssp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.2"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "power systems 350.a0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "systems insight manager sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.3"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1(5.106)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.3"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.1.8"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1.8"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22079060"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.4"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x638370"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x88042590"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79180"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "content analysis system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2"
      },
      {
        "model": "one-x client enablement services sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.00"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.02"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.102"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.22"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "application policy infrastructure controller 1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "norman shark scada protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "820.03"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nextscale nx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54550"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5205577"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15-210"
      },
      {
        "model": "10g vfsm for bladecenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.6.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x571451.43"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365042550"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571910"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0-103"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12.201"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.16"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.95"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.3.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.81"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0-95"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.8"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.00"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "ace30 application control engine module 3.0 a5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "unified computing system b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos os 12.3r10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.96"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.3"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.8"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079150"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571480"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.6"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.7"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2.127"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.50"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.2"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "cms r17 r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087220"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350073800"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.60"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "powerlinux 7r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "norman shark network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3.2"
      },
      {
        "model": "proxysg sgos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5.6.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1-73"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "power systems 350.b0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system idataplex dx360 m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x63910"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "wag310g residential gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "power ese",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "aura utility services sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0-14"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571460"
      },
      {
        "model": "sametime community server hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x571431.43"
      },
      {
        "model": "as infinity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "820.02"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.00"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.11"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.7"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "linux enterprise server for vmware sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux enterprise server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(0.625)"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "agent desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x88079030"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "sametime community server limited use",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "flex system p260 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-22x)0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24087370"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571470"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12.1"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "52056340"
      },
      {
        "model": "ctpos 7.0r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "system management homepage a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11.197"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "power system s824l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15210"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365041990"
      },
      {
        "model": "system m4 hd type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054600"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "flex system interconnect fabric",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.80"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.30"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.0"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "560"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10g vfsm for bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3.2"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "power 795",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.740"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.3"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "systems insight manager update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.31"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "system management homepage 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.51"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x571430"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system idataplex dx360 m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x73210"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.21"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "cms r17 r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22279160"
      },
      {
        "model": "1:10g switch for bladecenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.10.0"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power system s822l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571450"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5504667"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.10"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5205587"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1.1"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system idataplex dx360 m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x63800"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "ringmaster appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.60"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.19"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.5"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "ctpview 7.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.41"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bladecenter js22",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7998-61x)0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vgw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.5"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "business process manager advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.20"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.32"
      },
      {
        "model": "1:10g switch for bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "system m4 bd type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054660"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.19"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.15"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "openssh for gpfs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "src series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079460"
      },
      {
        "model": "iptv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.2"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "model": "linux enterprise desktop sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325025830"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2.106"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "web security appliance 9.0.0 -fcs",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "systems insight manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079440"
      },
      {
        "model": "bladecenter js23",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x)0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "42000"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage 7.3.2.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "3"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571920"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14.20"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.760"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.7"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "84200"
      },
      {
        "model": "physical access gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079470"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "52056330"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571490"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "1:10g switch for bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.80"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "bladecenter js43 with feature code",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x8446)0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "aura application server sip core pb3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.51"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x330073820"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "2"
      },
      {
        "model": "power system s824",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "ctp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7500"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1.730"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x363071580"
      },
      {
        "model": "power systems e880",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.0"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.5"
      },
      {
        "model": "ctpos 7.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "flex system p460 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-42x)0"
      },
      {
        "model": "content analysis system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.5"
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "bladecenter t advanced management module 32r0835",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.801"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.10"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8734-"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.5"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.20"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.3"
      },
      {
        "model": "mobile wireless transport manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mate design",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24078630"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.61"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.143"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "business process manager advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087330"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.20"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24089560"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.90"
      },
      {
        "model": "powervu d9190 conditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.02"
      },
      {
        "model": "bladecenter js12 express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7998-60x)0"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.1.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.7"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x353071600"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0(4.29)"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "mate live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0-12"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.50"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "mobile security suite mss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1.104"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.6"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.7"
      },
      {
        "model": "nsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.20"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.10"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.10"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.11"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.6"
      },
      {
        "model": "flex system p24l compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "aura application server sip core pb5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "power system s812l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.10"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.2"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.1"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "pulse secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087180"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8731-"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "packetshaper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "systems insight manager sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1.73"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "45000"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310054570"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "783.01"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "system idataplex dx360 m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x73230"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "aura conferencing sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x363073770"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.10"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "flex system interconnect fabric",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1841"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "aura application server sip core sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.3"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.2(3.1)"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.4"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.179"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cms r16",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079140"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.20"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.01"
      },
      {
        "model": "power systems 350.d0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087520"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.40"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.2"
      },
      {
        "model": "vds service broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "74.90"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.40"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x638370"
      },
      {
        "model": "flex system p260 compute node /fc efd9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.2"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5950"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "junos os 12.3x48-d10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054540"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "004.000(1233)"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2.10"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.841"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.7"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "ctpos 6.6r5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "junos os 13.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.3"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.103"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.3"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.01"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.52"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "550"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350078390"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "management center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.3.2.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5504965"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "53000"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.60"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.0.121"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "aura conferencing sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "ios 15.5 s",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "prime performance manager for sps ppm sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.7"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.70"
      },
      {
        "model": "content analysis system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2.3.1"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura messaging sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.6"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.31"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x44079170"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.1.2"
      },
      {
        "model": "flex system p460 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-43x)0"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "systems insight manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.8"
      },
      {
        "model": "dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79190"
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.750"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.5"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325054580"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.00"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.1"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "71935"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007554"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8275"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zc",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-8275"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2014-8275",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-8275",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-8275",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-8275",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-8275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007554"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8275"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate\u0027s unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. OpenSSL is prone to a local security-bypass vulnerability. \nLocal attackers can exploit this issue to  bypass certain security restrictions and perform unauthorized actions.  This may aid in further attacks. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. 5 client) - i386, x86_64\n\n3. Note: this flaw is not exploitable via the TLS/SSL protocol because\nthe data being transferred is not Base64-encoded. TLS/SSL clients and servers using OpenSSL were not\naffected by this flaw. (CVE-2015-0289)\n\nRed Hat would like to thank the OpenSSL project for reporting \nCVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and \nCVE-2015-0293. Upstream acknowledges Emilia K\u00e4sper of the OpenSSL \ndevelopment team as the original reporter of CVE-2015-0287, Brian Carpenter\nas the original reporter of CVE-2015-0288, Michal Zalewski of Google as the\noriginal reporter of CVE-2015-0289, Robert Dugal and David Ramos as the \noriginal reporters of CVE-2015-0292, and Sean Burford of Google and Emilia \nK\u00e4sper of the OpenSSL development team as the original reporters of \nCVE-2015-0293. This could lead to a Denial\n Of Service attack (CVE-2014-3571). In particular this could occur if an attacker\n sent repeated DTLS records with the same sequence number but for the\n next epoch. The memory leak could be exploited by an attacker in a\n Denial of Service attack through memory exhaustion (CVE-2015-0206). This effectively removes forward secrecy from\n the ciphersuite (CVE-2014-3572). A server could present\n a weak temporary key and downgrade the security of the session\n (CVE-2015-0204). This\n only affects servers which trust a client certificate authority which\n issues certificates containing DH keys: these are extremely rare and\n hardly ever encountered (CVE-2015-0205). \n \n OpenSSL accepts several non-DER-variations of certificate signature\n algorithm and signature encodings. OpenSSL also does not enforce a\n match between the signature algorithm between the signed and unsigned\n portions of the certificate. By modifying the contents of the signature\n algorithm or the encoding of the signature, it is possible to change\n the certificate\u0026#039;s fingerprint. It also does not affect\n common revocation mechanisms. Only custom applications that rely\n on the uniqueness of the fingerprint (e.g. certificate blacklists)\n may be affected (CVE-2014-8275). \n \n The updated packages have been upgraded to the 1.0.0p version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n https://www.openssl.org/news/secadv_20150108.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 08baba1b5ee61bdd0bfbcf81d465f154  mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n 51198a2b577e182d10ad72d28b67288e  mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm\n aa34fd335001d83bc71810d6c0b14e85  mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n c8b6fdaba18364b315e78761a5aa0c1c  mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm\n fc67f3da9fcd1077128845ce85be93e2  mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm \n ab8f672de2bf2f0f412034f89624aa32  mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb\nLHbCdAkBpYHYSuaUwpiAu1w=\n=ePa9\n-----END PGP SIGNATURE-----\n. \nHP SSL for OpenVMS: All versions prior to 1.4-502. \n\n  HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the\nfollowing locations:\n\n    - HP SSL for OpenVMS website:\n\n      http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\n    - HP Support Center website:\n\n      https://h20566.www2.hp.com/portal/site/hpsc/patch/home\n\n      Note: Login using your HP Passport account. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04774019\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04774019\nVersion: 1\n\nHPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5107    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2013-0248    (AV:L/AC:M/Au:N/C:N/I:P/A:P)        3.3\nCVE-2014-0118    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2014-0226    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2014-0231    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-1692    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-3523    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3569    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3570    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2014-3571    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3572    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-8142    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-8275    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-9427    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-9652    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-9653    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-9705    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0204    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2015-0205    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-0206    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0207    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0208    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-0209    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-0231    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0232    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-0273    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0285    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2015-0286    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0287    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0288    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0289    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0290    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0291    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0293    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-1787    (AV:N/AC:H/Au:N/C:N/I:N/A:P)        2.6\nCVE-2015-1788    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-2134    (AV:N/AC:M/Au:S/C:P/I:P/A:P)        6.0\nCVE-2015-2139    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\nCVE-2015-2140    (AV:N/AC:M/Au:S/C:P/I:P/A:N)        4.9\nCVE-2015-2301    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-2331    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-2348    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-2787    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-3113    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5122    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5123    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5402    (AV:L/AC:M/Au:N/C:C/I:C/A:C)        6.9\nCVE-2015-5403    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\nCVE-2015-5404    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5405    (AV:N/AC:M/Au:S/C:P/I:P/A:P)        6.0\nCVE-2015-5427    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5428    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5429    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5430    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2015-5431    (AV:N/AC:M/Au:S/C:P/I:P/A:N)        4.9\nCVE-2015-5432    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5433    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2015:0066-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-0066.html\nIssue date:        2015-01-20\nUpdated on:        2015-01-21\nCVE Names:         CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n                   CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 \n                   CVE-2015-0206 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function\nof OpenSSL parsed certain DTLS messages. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL\u0027s BigNumber Squaring implementation could produce\nincorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected. \nA malicious server could make a TLS/SSL client using OpenSSL use a weaker\nkey exchange method than the one requested by the user. (CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept\nDiffie-Hellman client certificates without the use of a private key. \nAn attacker could use a user\u0027s client certificate to authenticate as that\nuser, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites\n1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record\n1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record\n1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3571\nhttps://access.redhat.com/security/cve/CVE-2014-3572\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0205\nhttps://access.redhat.com/security/cve/CVE-2015-0206\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X\nENFobdxQdJ+gVAiRe8Qf54A=\n=wyAg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. These vulnerabilities could be exploited remotely to create a remote\nDenial of Service (DoS) and other vulnerabilites. \n\nReferences:\n\nCVE-2014-8275 Cryptographic Issues (CWE-310)\nCVE-2014-3569 Remote Denial of Service (DoS)\nCVE-2014-3570 Cryptographic Issues (CWE-310)\nCVE-2014-3571 Remote Denial of Service (DoS)\nCVE-2014-3572 Cryptographic Issues (CWE-310)\nCVE-2015-0204 Cryptographic Issues (CWE-310)\nSSRT101885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The\nupdates are available from either of the following sites:\n\nftp://sl098ze:Secure12@h2.usa.hp.com\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08ze or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-8275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007554"
      },
      {
        "db": "BID",
        "id": "71935"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8275"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "131387"
      },
      {
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-8275",
        "trust": 3.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10679",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "71935",
        "trust": 1.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10102",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10108",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1033378",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU98974537",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91828320",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007554",
        "trust": 0.8
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8275",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133317",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130987",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131387",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129870",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131408",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133325",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132763",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130051",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130545",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-8275"
      },
      {
        "db": "BID",
        "id": "71935"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007554"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "131387"
      },
      {
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8275"
      }
    ]
  },
  "id": "VAR-201501-0442",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.36198661599999993
  },
  "last_update_date": "2024-07-23T19:45:42.984000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
      },
      {
        "title": "HT204659",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht204659"
      },
      {
        "title": "HT204659",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht204659"
      },
      {
        "title": "cisco-sa-20150310-ssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
      },
      {
        "title": "use correct function name",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811b"
      },
      {
        "title": "Fix various certificate fingerprint issues.",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3e"
      },
      {
        "title": "HPSBHF03289",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04602055"
      },
      {
        "title": "HPSBUX03244 SSRT101885",
        "trust": 0.8,
        "url": "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04556853\u0026lang=en\u0026cc=us"
      },
      {
        "title": "HPSBGN03299",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04604357"
      },
      {
        "title": "NV15-017",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html"
      },
      {
        "title": "Certificate fingerprints can be modified (CVE-2014-8275)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150108.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Oracle Third Party Bulletin - January 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "title": "RHSA-2015:0066",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0066.html"
      },
      {
        "title": "RHSA-2015:0800",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0800.html"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "July 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
      },
      {
        "title": "April 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
      },
      {
        "title": "cisco-sa-20150310-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html"
      },
      {
        "title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "http://buffalo.jp/support_s/s20150327b.html"
      },
      {
        "title": "TLSA-2015-2",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150066 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2014-8275",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-8275"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2459-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-469",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-469"
      },
      {
        "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
      },
      {
        "title": "Tenable Security Advisories: [R6] OpenSSL \u002720150319\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-04"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "JPN_RIC13351-2",
        "trust": 0.1,
        "url": "https://github.com/neominds/jpn_ric13351-2 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-8275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007554"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007554"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8275"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 1.4,
        "url": "https://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811b"
      },
      {
        "trust": 1.4,
        "url": "https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3e"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.4,
        "url": "https://bto.bluecoat.com/security-advisory/sa88"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0800.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3125"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht204659"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1033378"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/71935"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98974537/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91828320/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8275"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.6,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.6,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2014-8275"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/openssl/openssl/commit/ec2fede9467ae1a65f452d3a39f7fbc4891d9285"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/openssl/openssl/commit/a8565530e27718760220df469f0a071c85b9e731"
      },
      {
        "trust": 0.3,
        "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/feb/160"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101010782"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818"
      },
      {
        "trust": 0.3,
        "url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101008182"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101011698"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html#2014-3571"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022575"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097733"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883287"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097504"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903726"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699810"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0204"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/310.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:0066"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2459-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/1384453"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/patch/home"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/insightupdates"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/smh"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-8275"
      },
      {
        "db": "BID",
        "id": "71935"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007554"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "131387"
      },
      {
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8275"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-8275"
      },
      {
        "db": "BID",
        "id": "71935"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007554"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "131387"
      },
      {
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8275"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-01-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-8275"
      },
      {
        "date": "2015-01-08T00:00:00",
        "db": "BID",
        "id": "71935"
      },
      {
        "date": "2015-01-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007554"
      },
      {
        "date": "2015-08-26T01:33:18",
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "date": "2015-03-24T17:05:09",
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "date": "2015-04-13T14:03:56",
        "db": "PACKETSTORM",
        "id": "131387"
      },
      {
        "date": "2015-01-09T17:43:35",
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "date": "2015-04-14T18:54:44",
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "date": "2015-08-26T01:35:08",
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "date": "2015-07-21T13:37:51",
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "date": "2015-01-22T01:35:41",
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "date": "2015-02-26T17:13:09",
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "date": "2015-01-09T02:59:09.413000",
        "db": "NVD",
        "id": "CVE-2014-8275"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-8275"
      },
      {
        "date": "2017-01-23T00:09:00",
        "db": "BID",
        "id": "71935"
      },
      {
        "date": "2016-08-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007554"
      },
      {
        "date": "2017-11-15T02:29:05.437000",
        "db": "NVD",
        "id": "CVE-2014-8275"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "71935"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Vulnerable to breaking fingerprint-based authentication blacklist protection mechanism",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007554"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "71935"
      }
    ],
    "trust": 0.3
  }
}

var-200208-0243
Vulnerability from variot

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the system. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. There is a buffer overflow on 64-bit platforms related to the ASCII representation of integers. Remotely exploitable buffer overflow conditions have been reported in OpenSSL. It is possible to overflow these buffers on a vulnerable system if overly large values are submitted by a malicious attacker. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a loophole in the design and implementation of OpenSSL. Under certain circumstances, a remote attacker may use this loophole to cause a denial of service attack on the server or execute arbitrary instructions on the host. OpenSSL Security Advisory [30 July 2002]

This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory.

Advisory 1

A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are conducting a security review of OpenSSL, under the DARPA program CHATS.

Vulnerabilities

All four of these are potentially remotely exploitable.

  1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is NOT available at this time.

  2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer.

  3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue 3, and CAN-2002-0655 to issue 4.

In addition various potential buffer overflows not known to be exploitable have had assertions added to defend against them.

Who is affected?

Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable.

SSLeay is probably also affected.

Recommendations

Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL to provide SSL or TLS.

A patch for 0.9.7 is available from the OpenSSL website (https://www.openssl.org/).

Servers can disable SSL2, alternatively disable all applications using SSL or TLS until the patches are applied. Users of 0.9.7 pre-release versions with Kerberos enabled will also have to disable Kerberos.

Client should be disabled altogether until the patches are applied.

Known Exploits

There are no know exploits available for these vulnerabilities. As noted above, Neohapsis have demonstrated internally that an exploit is possible, but have not released the exploit code.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657

Acknowledgements

The project leading to this advisory is sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.

The patch and advisory were prepared by Ben Laurie.

Advisory 2

Vulnerabilities

The ASN1 parser can be confused by supplying it with certain invalid encodings.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0659 to this issue.

Who is affected?

Any OpenSSL program which uses the ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.

Recommendations

Apply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL.

Users of 0.9.7 pre-release versions should apply the patch or upgrade to 0.9.7-beta3 or later. Recompile all applications using OpenSSL.

Exploits

There are no known exploits for this vulnerability.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659

Acknowledgements

This vulnerability was discovered by Adi Stav stav@mercury.co.il and James Yonan jim@ntlp.com independently. The patch is partly based on a version by Adi Stav.

The patch and advisory were prepared by Dr. Stephen Henson.

Combined patches for OpenSSL 0.9.6d: https://www.openssl.org/news/patch_20020730_0_9_6d.txt

Combined patches for OpenSSL 0.9.7 beta 2: https://www.openssl.org/news/patch_20020730_0_9_7.txt

URL for this Security Advisory: https://www.openssl.org/news/secadv_20020730.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200208-0243",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "debian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "guardian digital",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "mandrakesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openldap",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "secure computing",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "suse",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix",
        "version": null
      },
      {
        "model": "corporate time outlook connector",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "oracle",
        "version": "3.1.1"
      },
      {
        "model": "corporate time outlook connector",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "oracle",
        "version": "3.1.2"
      },
      {
        "model": "corporate time outlook connector",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "oracle",
        "version": "3.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "*"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.1.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.1.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.0.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.1.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.0.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.0.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "model": "corporate time outlook connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.0.2.1s"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "isc",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.1.x"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "application server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9ias"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.1.7.1"
      },
      {
        "model": "database",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "cobalt raq3",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raq4",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raq550",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raqxtr",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.3"
      },
      {
        "model": "crypto accelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1000"
      },
      {
        "model": "computing safeword premieraccess",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "oracle9i application server .1s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "oracle9i application server",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "http server for server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "corporatetime outlook connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.3"
      },
      {
        "model": "corporatetime outlook connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.2"
      },
      {
        "model": "corporatetime outlook connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.1"
      },
      {
        "model": "corporatetime outlook connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "netmail d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "networks t-series router t640",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks t-series router t320",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1.1"
      },
      {
        "model": "networks sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1"
      },
      {
        "model": "networks m-series router m5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m40e",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m160",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.6"
      },
      {
        "model": "networks junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.5"
      },
      {
        "model": "networks junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.4"
      },
      {
        "model": "networks junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.3"
      },
      {
        "model": "networks junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.2"
      },
      {
        "model": "networks junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      },
      {
        "model": "networks junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "linux affinity toolkit",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "webproxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "webproxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "virtualvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.6"
      },
      {
        "model": "virtualvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.5"
      },
      {
        "model": "tru64 unix internet express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.9"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.8.1"
      },
      {
        "model": "tcp/ip services for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "secure os software for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "openssl for openvms alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "internet express eak",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "directory pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cosmicperl",
        "version": "10.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0"
      },
      {
        "model": "project openssl beta3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "netmail e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.9.2"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.9.1"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.8.2"
      },
      {
        "model": "openssl for openvms alpha -a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#561275"
      },
      {
        "db": "CERT/CC",
        "id": "VU#308891"
      },
      {
        "db": "BID",
        "id": "5364"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000171"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0655"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-173"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:9.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:9.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-0655"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A.L. Digital Ltd\nThe Bunker",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-173"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2002-0655",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2002-0655",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-5046",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2002-0655",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#561275",
            "trust": 0.8,
            "value": "5.88"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#308891",
            "trust": 0.8,
            "value": "17.63"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200208-173",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-5046",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#561275"
      },
      {
        "db": "CERT/CC",
        "id": "VU#308891"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5046"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000171"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0655"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-173"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the system. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. There is a buffer overflow on 64-bit platforms related to the ASCII representation of integers. Remotely exploitable buffer overflow conditions have been reported in OpenSSL.  It is possible to overflow these buffers on a vulnerable system if overly large values are submitted by a malicious attacker. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a loophole in the design and implementation of OpenSSL. Under certain circumstances, a remote attacker may use this loophole to cause a denial of service attack on the server or execute arbitrary instructions on the host. OpenSSL Security Advisory [30 July 2002]\n\nThis advisory consists of two independent advisories, merged, and is\nan official OpenSSL advisory. \n\nAdvisory 1\n==========\n\nA.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are\nconducting a security review of OpenSSL, under the DARPA program\nCHATS. \n\nVulnerabilities\n---------------\n\nAll four of these are potentially remotely exploitable. \n\n1. The client master key in SSL2 could be oversized and overrun a\n    buffer. This vulnerability was also independently discovered by\n    consultants at Neohapsis (http://www.neohapsis.com/) who have also\n    demonstrated that the vulerability is exploitable. Exploit code is\n    NOT available at this time. \n\n2. The session ID supplied to a client in SSL3 could be oversized and\n    overrun a buffer. \n\n3. The master key supplied to an SSL3 server could be oversized and\n    overrun a stack-based buffer. This issues only affects OpenSSL\n    0.9.7 before 0.9.7-beta3 with Kerberos enabled. \n\n4. \n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue\n3, and CAN-2002-0655 to issue 4. \n\nIn addition various potential buffer overflows not known to be\nexploitable have had assertions added to defend against them. \n\nWho is affected?\n----------------\n\nEveryone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or\ncurrent development snapshots of 0.9.7 to provide SSL or TLS is\nvulnerable, whether client or server. 0.9.6d servers on 32-bit systems\nwith SSL 2.0 disabled are not vulnerable. \n\nSSLeay is probably also affected. \n\nRecommendations\n---------------\n\nApply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL\n0.9.6e. Recompile all applications using OpenSSL to provide SSL or\nTLS. \n\nA patch for 0.9.7 is available from the OpenSSL website\n(https://www.openssl.org/). \n\nServers can disable SSL2, alternatively disable all applications using\nSSL or TLS until the patches are applied. Users of 0.9.7 pre-release\nversions with Kerberos enabled will also have to disable Kerberos. \n\nClient should be disabled altogether until the patches are applied. \n\nKnown Exploits\n--------------\n\nThere are no know exploits available for these vulnerabilities. As\nnoted above, Neohapsis have demonstrated internally that an exploit is\npossible, but have not released the exploit code. \n\nReferences\n----------\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657\n\nAcknowledgements\n----------------\n\nThe project leading to this advisory is sponsored by the Defense\nAdvanced Research Projects Agency (DARPA) and Air Force Research\nLaboratory, Air Force Materiel Command, USAF, under agreement number\nF30602-01-2-0537. \n\nThe patch and advisory were prepared by Ben Laurie. \n\n\n\nAdvisory 2\n==========\n\nVulnerabilities\n---------------\n\nThe ASN1 parser can be confused by supplying it with certain invalid\nencodings. \n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0659 to this issue. \n\nWho is affected?\n----------------\n\nAny OpenSSL program which uses the ASN1 library to parse untrusted\ndata. This includes all SSL or TLS applications, those using S/MIME\n(PKCS#7) or certificate generation routines. \n\nRecommendations\n---------------\n\nApply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile\nall applications using OpenSSL. \n\nUsers of 0.9.7 pre-release versions should apply the patch or upgrade\nto 0.9.7-beta3 or later. Recompile all applications using OpenSSL. \n\nExploits\n--------\n\nThere are no known exploits for this vulnerability. \n\nReferences\n----------\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659\n\nAcknowledgements\n----------------\n\nThis vulnerability was discovered by Adi Stav \u003cstav@mercury.co.il\u003e\nand James Yonan \u003cjim@ntlp.com\u003e independently. The patch is partly\nbased on a version by Adi Stav. \n\nThe patch and advisory were prepared by Dr. Stephen Henson. \n\n\n\n\nCombined patches for OpenSSL 0.9.6d:\nhttps://www.openssl.org/news/patch_20020730_0_9_6d.txt\n\nCombined patches for OpenSSL 0.9.7 beta 2:\nhttps://www.openssl.org/news/patch_20020730_0_9_7.txt\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20020730.txt\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-0655"
      },
      {
        "db": "CERT/CC",
        "id": "VU#561275"
      },
      {
        "db": "CERT/CC",
        "id": "VU#308891"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000171"
      },
      {
        "db": "BID",
        "id": "5364"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5046"
      },
      {
        "db": "PACKETSTORM",
        "id": "169647"
      }
    ],
    "trust": 3.51
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "5364",
        "trust": 3.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#308891",
        "trust": 3.3
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0655",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "5353",
        "trust": 1.6
      },
      {
        "db": "BID",
        "id": "5361",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#561275",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000171",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-173",
        "trust": 0.7
      },
      {
        "db": "CONECTIVA",
        "id": "CLA-2002:513",
        "trust": 0.6
      },
      {
        "db": "CALDERA",
        "id": "CSSA-2002-033.0",
        "trust": 0.6
      },
      {
        "db": "CALDERA",
        "id": "CSSA-2002-033.1",
        "trust": 0.6
      },
      {
        "db": "MANDRAKE",
        "id": "MDKSA-2002:046",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "CA-2002-23",
        "trust": 0.6
      },
      {
        "db": "FREEBSD",
        "id": "FREEBSD-SA-02:33",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-5046",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169647",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#561275"
      },
      {
        "db": "CERT/CC",
        "id": "VU#308891"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5046"
      },
      {
        "db": "BID",
        "id": "5364"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000171"
      },
      {
        "db": "PACKETSTORM",
        "id": "169647"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0655"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-173"
      }
    ]
  },
  "id": "VAR-200208-0243",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-5046"
      }
    ],
    "trust": 0.38947368000000004
  },
  "last_update_date": "2023-12-18T11:06:11.329000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "secadv_20020730",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20020730.txt"
      },
      {
        "title": "#37",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/htdocs/opensslalert.html"
      },
      {
        "title": "RHSA-2002:155",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2002-155.html"
      },
      {
        "title": "46424",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-46424-1"
      },
      {
        "title": "ISC Information for VU#308891",
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/jsha-5csm74"
      },
      {
        "title": "RHSA-2002:155",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2002-155j.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000171"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-0655"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "http://www.securityfocus.com/bid/5364"
      },
      {
        "trust": 2.5,
        "url": "http://www.cert.org/advisories/ca-2002-23.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/308891"
      },
      {
        "trust": 1.7,
        "url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.0.txt"
      },
      {
        "trust": 1.7,
        "url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.1.txt"
      },
      {
        "trust": 1.7,
        "url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-02:33.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "http://www.linux-mandrake.com/en/security/2002/mdksa-2002-046.php"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/5353"
      },
      {
        "trust": 1.6,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/5361"
      },
      {
        "trust": 0.8,
        "url": "http://www.ciac.org/ciac/bulletins/m-103.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0655"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr023601.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr023001.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr023101.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr023201.txt"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0655"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/20030416_114510.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/20030424_144742.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2965676.htm"
      },
      {
        "trust": 0.3,
        "url": "http://otn.oracle.com/deploy/security/htdocs/opensslalert.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/securitypatch"
      },
      {
        "trust": 0.3,
        "url": "http://docs.info.apple.com/article.html?artnum=120139"
      },
      {
        "trust": 0.3,
        "url": "http://docs.info.apple.com/article.html?artnum=120141"
      },
      {
        "trust": 0.1,
        "url": ""
      },
      {
        "trust": 0.1,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000513"
      },
      {
        "trust": 0.1,
        "url": "http://www.neohapsis.com/)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0656"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0657"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0657"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/patch_20020730_0_9_6d.txt"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0656"
      },
      {
        "trust": 0.1,
        "url": "http://www.thebunker.net/)"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/patch_20020730_0_9_7.txt"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/)."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0655"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0655"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0659"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20020730.txt"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#561275"
      },
      {
        "db": "CERT/CC",
        "id": "VU#308891"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5046"
      },
      {
        "db": "BID",
        "id": "5364"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000171"
      },
      {
        "db": "PACKETSTORM",
        "id": "169647"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0655"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-173"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#561275"
      },
      {
        "db": "CERT/CC",
        "id": "VU#308891"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5046"
      },
      {
        "db": "BID",
        "id": "5364"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000171"
      },
      {
        "db": "PACKETSTORM",
        "id": "169647"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0655"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-173"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2002-07-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#561275"
      },
      {
        "date": "2002-07-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#308891"
      },
      {
        "date": "2002-08-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-5046"
      },
      {
        "date": "2002-07-30T00:00:00",
        "db": "BID",
        "id": "5364"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2002-000171"
      },
      {
        "date": "2002-07-30T12:12:12",
        "db": "PACKETSTORM",
        "id": "169647"
      },
      {
        "date": "2002-08-12T04:00:00",
        "db": "NVD",
        "id": "CVE-2002-0655"
      },
      {
        "date": "2002-07-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200208-173"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2002-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#561275"
      },
      {
        "date": "2002-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#308891"
      },
      {
        "date": "2008-09-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-5046"
      },
      {
        "date": "2015-03-19T08:28:00",
        "db": "BID",
        "id": "5364"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2002-000171"
      },
      {
        "date": "2008-09-10T19:12:39.993000",
        "db": "NVD",
        "id": "CVE-2002-0655"
      },
      {
        "date": "2006-09-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200208-173"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-173"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL servers contain a remotely exploitable buffer overflow vulnerability during the SSL3 handshake process",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#561275"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "5364"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200208-173"
      }
    ],
    "trust": 0.9
  }
}

var-200110-0196
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. Three of the vulnerabilities are denials of service, but the other is a buffer overflow that is expected to create remote unauthorized access vulnerabilities in other applications. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDKSA-2006:172-1 http://www.mandriva.com/security/

Package : openssl Date : October 2, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0

Problem Description:

Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). (CVE-2006-4343)

Updated packages are patched to address these issues.

Update:

There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . OpenSSL Security Advisory [28th September 2006]

New OpenSSL releases are now available to correct four security issues.

ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)

Vulnerability

Dr. S. N. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940).

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. N. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project.

SSL_get_shared_ciphers() buffer overflow (CVE-2006-3738)

Vulnerability

A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

Acknowledgements

The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Acknowledgements

The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20060928.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0196",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "igateway vpn/ssl-vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intoto",
        "version": "0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "intrusion detection system 4.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2940",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2940",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-533",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks.  Three of the vulnerabilities are denials of service,\n    but the other is a buffer overflow that is expected to create\n    remote unauthorized access vulnerabilities in other applications. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                       MDKSA-2006:172-1\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : openssl\n Date    : October 2, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n Dr S N Henson of the OpenSSL core team and Open Network Security\n recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. OpenSSL Security Advisory [28th September 2006]\n\nNew OpenSSL releases are now available to correct four security\nissues. \n\n\nASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)\n==============================================================\n\nVulnerability\n-------------\n\nDr. S. N. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  This can result in an infinite loop which\nconsumes system memory (CVE-2006-2937). Certain types of public key can take disproportionate amounts of\ntime to process. This could be used by an attacker in a denial of\nservice attack (CVE-2006-2940). \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. N. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project. \n\n\nSSL_get_shared_ciphers() buffer overflow (CVE-2006-3738)\n========================================================\n\nVulnerability\n-------------\n\nA buffer overflow was discovered in the SSL_get_shared_ciphers()\nutility function.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20060928.txt\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.6
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940",
        "trust": 2.2
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "20247",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26893",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29261",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "id": "VAR-200110-0196",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-07-22T21:24:42.970000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 1.9,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26893"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29261"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20247"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-2"
      },
      {
        "trust": 1.0,
        "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-1633"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10311"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20247"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2006-10-04T00:47:19",
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-05-09T19:53:00",
        "db": "BID",
        "id": "20247"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "date": "2018-10-18T16:44:22.137000",
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.6
  }
}

var-200110-0280
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00967144 Version: 1

HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-04-12 Last Updated: 2007-04-12

Potential Security Impact: Remote unauthenticated arbitrary code execution or Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified on the Secure Sockets Layer (SSL) and BIND running on the HP Tru64 UNIX Operating System that may allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS).

References: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) VU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

BACKGROUND

RESOLUTION

HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

PRODUCT SPECIFIC INFORMATION

The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.

HISTORY Version:1 (rev.1) - 12 April 2007 Initial release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1

iQA/AwUBRiUNQ+AfOvwtKn1ZEQLdQgCdEpF7dyJMCx0S6FBh8zEs/1hrKIcAnjB3 gP3DWRATNULxgPyX4sSP1HEm =/EIA -----END PGP SIGNATURE----- . --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library.

Affected packages

-------------------------------------------------------------------
 Package           /  Vulnerable  /                     Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 0.9.8d >= 0.9.8d *>= 0.9.7l

Description

Tavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSL_get_shared_ciphers() function contains a buffer overflow vulnerability, and that the SSLv2 client code contains a flaw leading to a crash. Additionally Dr. Stephen N. Henson found that the ASN.1 handler contains two Denial of Service vulnerabilities: while parsing an invalid ASN.1 structure and while handling certain types of public key.

Impact

An attacker could trigger the buffer overflow vulnerability by sending a malicious suite of ciphers to an application using the vulnerable function, and thus execute arbitrary code with the rights of the user running the application. An attacker could also consume CPU and/or memory by exploiting the Denial of Service vulnerabilities. Finally a malicious server could crash a SSLv2 client through the SSLv2 vulnerability.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0280",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "igateway vpn/ssl-vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intoto",
        "version": "0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "intrusion detection system 4.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2940",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2940",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-533",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00967144\nVersion: 1\n\nHPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-04-12\nLast Updated: 2007-04-12\n\nPotential Security Impact: Remote unauthenticated arbitrary code execution or Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified on the Secure Sockets Layer (SSL) and BIND running on the HP Tru64 UNIX Operating System that may allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS). \n\nReferences: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) \nVU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND) \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. \n\nHISTORY \nVersion:1 (rev.1) - 12 April 2007 Initial release \n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRiUNQ+AfOvwtKn1ZEQLdQgCdEpF7dyJMCx0S6FBh8zEs/1hrKIcAnjB3\ngP3DWRATNULxgPyX4sSP1HEm\n=/EIA\n-----END PGP SIGNATURE-----\n. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package           /  Vulnerable  /                     Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl      \u003c 0.9.8d                          \u003e= 0.9.8d\n                                                            *\u003e= 0.9.7l\n\nDescription\n===========\n\nTavis Ormandy and Will Drewry, both of the Google Security Team,\ndiscovered that the SSL_get_shared_ciphers() function contains a buffer\noverflow vulnerability, and that the SSLv2 client code contains a flaw\nleading to a crash. Additionally Dr. Stephen N. Henson found that the\nASN.1 handler contains two Denial of Service vulnerabilities: while\nparsing an invalid ASN.1 structure and while handling certain types of\npublic key. \n\nImpact\n======\n\nAn attacker could trigger the buffer overflow vulnerability by sending\na malicious suite of ciphers to an application using the vulnerable\nfunction, and thus execute arbitrary code with the rights of the user\nrunning the application. An attacker could also consume CPU and/or\nmemory by exploiting the Denial of Service vulnerabilities. Finally a\nmalicious server could crash a SSLv2 client through the SSLv2\nvulnerability. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.6
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "20247",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26893",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29261",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "56053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "id": "VAR-200110-0280",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-06-12T22:29:21.955000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 1.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26893"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29261"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20247"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-2"
      },
      {
        "trust": 1.0,
        "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-1633"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10311"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://h30097.www3.hp.com/cma/patches.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20247"
      },
      {
        "date": "2007-04-19T00:58:08",
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-05-09T19:53:00",
        "db": "BID",
        "id": "20247"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      },
      {
        "date": "2018-10-18T16:44:22.137000",
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-533"
      }
    ],
    "trust": 0.6
  }
}

var-201410-0371
Vulnerability from variot

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. OpenSSL is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04540692

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04540692 Version: 1

HPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, and Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-01-13 Last Updated: 2015-01-13

Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OneView running OpenSSL and Bash Shell. These vulnerabilities (POODLE and Shellshock) could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information.

References:

CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 SSRT101739 SSRT101868

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OneView versions prior to 1.20

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has released the following software update to resolve the vulnerabilities in HP OneView.

Existing users may upgrade to HP OneView version 1.20 using the Update Appliance feature in HP OneView.

HP OneView version 1.20 is available from the following location:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =Z7550-63180

Note: The upgrade (.bin) or a new install (.ova) is also available:

An HP Passport login is required.

Go to the HP Software Depot site at http://www.software.hp.com and search for HP OneView.

HISTORY Version:1 (rev.1) - 13 January 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Summary

VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues. Relevant Releases

VMware Workstation 10.x prior to version 10.0.5

VMware Player 6.x prior to version 6.0.5

VMware Fusion 7.x prior to version 7.0.1 VMware Fusion 6.x prior to version 6.0.5

vCenter Server 5.5 prior to Update 2d

ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG ESXi 5.1 without patch ESXi510-201404101-SG ESXi 5.0 without patch ESXi500-201405101-SG

  1. Problem Description

a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability

  VMware ESXi, Workstation, Player and Fusion contain an arbitrary 
  file write issue. Exploitation this issue may allow for privilege
  escalation on the host.

  The vulnerability does not allow for privilege escalation from 
  the guest Operating System to the host or vice-versa. This means
  that host memory can not be manipulated from the Guest Operating
  System.

  Mitigation

  For ESXi to be affected, permissions must have been added to ESXi
  (or a vCenter Server managing it) for a virtual machine 
  administrator role or greater.

  VMware would like to thank Shanon Olsson for reporting this issue to
  us through JPCERT.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the identifier CVE-2014-8370 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is 
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  Workstation    11.x       any       not affected
  Workstation    10.x       any       10.0.5

  Player         7.x        any       not affected
  Player         6.x        any       6.0.5

  Fusion         7.x        any       not affected
  Fusion         6.x        any       6.0.5

  ESXi           5.5        ESXi      ESXi550-201403102-SG
  ESXi           5.1        ESXi      ESXi510-201404101-SG 
  ESXi           5.0        ESXi      ESXi500-201405101-SG

b. VMware Workstation, Player, and Fusion Denial of Service vulnerability

  VMware Workstation, Player, and Fusion contain an input validation 
  issue in the Host Guest File System (HGFS). This issue may allow
  for a Denial of Service of the Guest Operating system.

  VMware would like to thank Peter Kamensky from Digital Security for 
  reporting this issue to us.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the identifier CVE-2015-1043 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is 
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  Workstation    11.x       any       not affected
  Workstation    10.x       any       10.0.5

  Player         7.x        any       not affected
  Player         6.x        any       6.0.5

  Fusion         7.x        any       7.0.1
  Fusion         6.x        any       6.0.5

c. VMware ESXi, Workstation, and Player Denial of Service vulnerability

  VMware ESXi, Workstation, and Player contain an input
  validation issue in VMware Authorization process (vmware-authd). 
  This issue may allow for a Denial of Service of the host. On 
  VMware ESXi and on Workstation running on Linux the Denial of
  Service would be partial.

  VMware would like to thank Dmitry Yudin @ret5et for reporting
  this issue to us through HP's Zero Day Initiative.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the identifier CVE-2015-1044 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is 
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  Workstation    11.x       any       not affected
  Workstation    10.x       any       10.0.5

  Player         7.x        any       not affected
  Player         6.x        any       6.0.5

  Fusion         7.x        any       not affected
  Fusion         6.x        any       not affected

  ESXi           5.5        ESXi      ESXi550-201501101-SG
  ESXi           5.1        ESXi      ESXi510-201410101-SG
  ESXi           5.0        ESXi      not affected

d. 

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the names CVE-2014-3513, CVE-2014-3567, 
  CVE-2014-3566 ("POODLE") and CVE-2014-3568 to these issues.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  vCenter Server 5.5        any       Update 2d*
  vCenter Server 5.1        any       patch pending
  vCenter Server 5.0        any       patch pending

  ESXi           5.5        ESXi      ESXi550-201501101-SG       
  ESXi           5.1        ESXi      patch pending
  ESXi           5.0        ESXi      patch pending

  * The VMware vCenter 5.5 SSO component will be 
    updated in a later release

e. Update to ESXi libxml2 package

  The libxml2 library is updated to version libxml2-2.7.6-17
  to resolve a security issue.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the name CVE-2014-3660 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  ESXi           5.5        ESXi      ESXi550-201501101-SG     
  ESXi           5.1        ESXi      patch pending
  ESXi           5.0        ESXi      patch pending
  1. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

VMware Workstation 10.x

https://www.vmware.com/go/downloadworkstation

VMware Player 6.x

https://www.vmware.com/go/downloadplayer

VMware Fusion 7.x and 6.x

https://www.vmware.com/go/downloadplayer

vCenter Server

Downloads and Documentation: https://www.vmware.com/go/download-vsphere

ESXi 5.5 Update 2d

File: update-from-esxi5.5-5.5_update01.zip md5sum: 5773844efc7d8e43135de46801d6ea25 sha1sum: 6518355d260e81b562c66c5016781db9f077161f http://kb.vmware.com/kb/2065832 update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG

ESXi 5.5

File: ESXi550-201501001.zip md5sum: b0f2edd9ad17d0bae5a11782aaef9304 sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1 http://kb.vmware.com/kb/2099265 ESXi550-201501001.zip contains ESXi550-201501101-SG

ESXi 5.1

File: ESXi510-201404001.zip md5sum: 9dc3c9538de4451244a2b62d247e52c4 sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66 http://kb.vmware.com/kb/2070666 ESXi510-201404001 contains ESXi510-201404101-SG

ESXi 5.0

File: ESXi500-201405001.zip md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5 http://kb.vmware.com/kb/2075521 ESXi500-201405001 contains ESXi500-201405101-SG

  1. Change log

2015-01-27 VMSA-2015-0001 Initial security advisory in conjunction with the release of VMware Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d and, ESXi 5.5 Patches released on 2015-01-27. Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

Consolidated list of VMware Security Advisories http://kb.vmware.com/kb/2078735

VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html

Twitter https://twitter.com/VMwareSRC

Copyright 2015 VMware Inc. All rights reserved. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. 

This update adds support for Fallback SCSV to mitigate this issue.

CVE-2014-3568

When OpenSSL is configured with "no-ssl3" as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them.

For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u13.

For the unstable distribution (sid), these problems have been fixed in version 1.0.1j-1.

We recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2014:1652-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1652.html Issue date: 2014-10-16 CVE Names: CVE-2014-3513 CVE-2014-3567 =====================================================================

  1. Summary:

Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.

This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.

This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication.

For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123

A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. (CVE-2014-3513)

A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567)

All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to mitigate the CVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-30.el6_6.2.src.rpm

i386: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-perl-1.0.1e-30.el6_6.2.i686.rpm openssl-static-1.0.1e-30.el6_6.2.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-30.el6_6.2.src.rpm

x86_64: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-30.el6_6.2.src.rpm

i386: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm

ppc64: openssl-1.0.1e-30.el6_6.2.ppc.rpm openssl-1.0.1e-30.el6_6.2.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.2.ppc.rpm openssl-devel-1.0.1e-30.el6_6.2.ppc64.rpm

s390x: openssl-1.0.1e-30.el6_6.2.s390.rpm openssl-1.0.1e-30.el6_6.2.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.s390x.rpm openssl-devel-1.0.1e-30.el6_6.2.s390.rpm openssl-devel-1.0.1e-30.el6_6.2.s390x.rpm

x86_64: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-perl-1.0.1e-30.el6_6.2.i686.rpm openssl-static-1.0.1e-30.el6_6.2.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-30.el6_6.2.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.2.ppc64.rpm openssl-static-1.0.1e-30.el6_6.2.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-30.el6_6.2.s390x.rpm openssl-perl-1.0.1e-30.el6_6.2.s390x.rpm openssl-static-1.0.1e-30.el6_6.2.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-30.el6_6.2.src.rpm

i386: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-perl-1.0.1e-30.el6_6.2.i686.rpm openssl-static-1.0.1e-30.el6_6.2.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-34.el7_0.6.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.6.i686.rpm openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.6.i686.rpm openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-static-1.0.1e-34.el7_0.6.i686.rpm openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-34.el7_0.6.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.6.i686.rpm openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.6.i686.rpm openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-static-1.0.1e-34.el7_0.6.i686.rpm openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-34.el7_0.6.src.rpm

ppc64: openssl-1.0.1e-34.el7_0.6.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.6.ppc.rpm openssl-devel-1.0.1e-34.el7_0.6.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.6.ppc.rpm openssl-libs-1.0.1e-34.el7_0.6.ppc64.rpm

s390x: openssl-1.0.1e-34.el7_0.6.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.s390x.rpm openssl-devel-1.0.1e-34.el7_0.6.s390.rpm openssl-devel-1.0.1e-34.el7_0.6.s390x.rpm openssl-libs-1.0.1e-34.el7_0.6.s390.rpm openssl-libs-1.0.1e-34.el7_0.6.s390x.rpm

x86_64: openssl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.6.i686.rpm openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.6.i686.rpm openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-34.el7_0.6.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.6.ppc64.rpm openssl-static-1.0.1e-34.el7_0.6.ppc.rpm openssl-static-1.0.1e-34.el7_0.6.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-34.el7_0.6.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.s390x.rpm openssl-perl-1.0.1e-34.el7_0.6.s390x.rpm openssl-static-1.0.1e-34.el7_0.6.s390.rpm openssl-static-1.0.1e-34.el7_0.6.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-static-1.0.1e-34.el7_0.6.i686.rpm openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-34.el7_0.6.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.6.i686.rpm openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.6.i686.rpm openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-static-1.0.1e-34.el7_0.6.i686.rpm openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2014-3513.html https://www.redhat.com/security/data/cve/CVE-2014-3567.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/1232123

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFUP940XlSAg2UNWIIRAhUYAJ4or1rZ25E0BXjTPyeDsN+keTz3twCdHDEz qY686VXQQ02SLq5vTvKfuHk= =McEc -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201410-0371",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "bladecenter advanced management module 3.66n",
        "scope": "ne",
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter advanced management module 3.66k",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "global console manager",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.26.1.23978"
      },
      {
        "model": "global console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.4.2.15036"
      },
      {
        "model": "global console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.20.20.23447"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "local console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.39.0"
      },
      {
        "model": "local console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.27.00"
      },
      {
        "model": "local console manager",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.40.00"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "rational software architect realtime edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "bladecenter advanced management module 25r5778",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "q",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "16200"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1948"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58200"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "switch series r1809p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5820"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "msr4000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "mcp r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6600"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "msr3000 r0106p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sle client tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "850/8700"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "r5203p11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v2"
      },
      {
        "model": "f5000-s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "msr1000 r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "msr9xx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58300"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.0"
      },
      {
        "model": "wb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "n",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aspera",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "m210",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "vsr1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "r15xx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19100"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.2"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "119000"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "switch series r5319p10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3610"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "msr1000 russian version r2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "f5000-c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.0.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.23"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.4"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "a6600",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "r1828p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12500"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "r2122",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7900"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.1"
      },
      {
        "model": "u200s and cs f5123p30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "office connect ps1810",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aura communication manager ssp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ex series network switches for ibm products pre 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "f1000-a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.0.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "hsr6602 r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "m.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "a6600 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79000"
      },
      {
        "model": "aspera proxy",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.3"
      },
      {
        "model": "si switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51200"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "f1000-s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v2-480"
      },
      {
        "model": "aspera mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "msr93x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "h.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "r1104",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1620"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "u200s and cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.20"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "aspera drive",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "russian version r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6602"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.4"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "f1000-e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2.0"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "12500(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v7)0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48000"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "vcx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "57000"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5.0"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3.1"
      },
      {
        "model": "msr50-g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5"
      },
      {
        "model": "r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.1"
      },
      {
        "model": "esxi esxi550-20150110",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "ei switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5500"
      },
      {
        "model": "kb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "msr30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.8.0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129000"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "msr1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "msr30 russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "i.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "m.08",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.1"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "a6600 r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "9500e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-493"
      },
      {
        "model": "msr20 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "switch series r1118p11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5830"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.8"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tivoli workload scheduler for z/os connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.6"
      },
      {
        "model": "secblade iii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational software architect realtime edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "sle client tools for x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4"
      },
      {
        "model": "msr30 r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for z/os connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "msr50-g2 r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "msr1000 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "vb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56001"
      },
      {
        "model": "ka",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "office connect pk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "yb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "f5000 f3210p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.5.03.00"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.41"
      },
      {
        "model": "aspera ondemand for google cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.21"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "aura utility services sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "hsr6602 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "aspera console",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.5.3"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "mcp russian version r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6600"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51200"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.2"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "msr50 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "hsr6800 r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.20"
      },
      {
        "model": "msr3000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aspera faspex",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.9"
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.40"
      },
      {
        "model": "msr2000 r0106p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "va",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.32"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aspera ondemand for softlayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.4"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125000"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "switch series r1809p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5800"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "aspera ondemand for azure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5700"
      },
      {
        "model": "aspera shares",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.9"
      },
      {
        "model": "hi switch series r5501p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5500"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "qradar risk manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "secblade iii r3820p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.46.4.2.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.1"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "aspera client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "hsr6800 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.4"
      },
      {
        "model": "aspera outlook plugin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v5)0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.0"
      },
      {
        "model": "r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6602"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.5"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.0"
      },
      {
        "model": "u200a and m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56003"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "msr20-1x r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "r1105",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1920"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "r11xx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19100"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.2"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "tivoli workload scheduler for z/os connector fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58000"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.3"
      },
      {
        "model": "si switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5500"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1.2"
      },
      {
        "model": "aspera connect server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "z/tpf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "r2110p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v2-48"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3.2"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "ps110",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.33"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "9500e r1828p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.0"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "f5000-s r3811p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.1.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "a6600 russian version r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v7)0"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "qradar vulnerability manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "msr30-16 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "hsr6602",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.1.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "msr30-16 russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "msr20-1x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ra",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "f5000-c r3811p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "si switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "rf manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.9.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.6.0"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "tivoli workload scheduler for z/os connector fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "hsr6800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ei switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5120"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "h.07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-495"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.1"
      },
      {
        "model": "msr50 g2 russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "sle client tools for s390x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2.2"
      },
      {
        "model": "office connect pm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "36100"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "msr30-16",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ya",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "switch series r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5900"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "bladecenter t advanced management module 32r0835",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.26.2.1.2"
      },
      {
        "model": "hi switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "msr30-1x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.0"
      },
      {
        "model": "msr30-1x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.80"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "switch series r2110p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v2"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "12500(comware r7328p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v7)"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.0.1"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "w",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "msr30 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "r15xx r1513p95",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1910"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.1.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.7.0"
      },
      {
        "model": "msr4000 r0106p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "msr50 russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v20"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "msr30-1x r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v20"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "pb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.56.5.1.0"
      },
      {
        "model": "msr50 r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "switch series r6708p10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7500"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.10"
      },
      {
        "model": "g switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4800"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "f1000-e r3181p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "msr9xx r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mcp russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66000"
      },
      {
        "model": "4510g switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "r11xx r1107",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1910"
      },
      {
        "model": "wx5002/5004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "msr30-16 r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "msr30-1x russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "aspera point to point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "msr50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.7"
      },
      {
        "model": "xcode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "switch series r2111p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11900"
      },
      {
        "model": "f1000-a r3734p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "hsr6602 russian version r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "aspera orchestrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.10"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8300"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "hsr6800 russian version r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.0"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51300"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59200"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "y",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "4210g switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.34"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aspera proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "4210g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "m220",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56002"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "f5000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aspera ondemand for amazon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.36.3.1.0"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "msr20-1x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aspera cargo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59000"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.5"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "msr2000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "mcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66000"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125000"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75000"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19200"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "si switch series r1513p95",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5120"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.1"
      },
      {
        "model": "f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "qradar risk manager mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "switch series r1005p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12900"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.0"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "office connect p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "aspera orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "r2507p34",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "f1000-s r3734p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "msr50 g2 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "manager for sle sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "111.7"
      },
      {
        "model": "studio onsite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "msr20-1x russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "secblade ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66020"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66020"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "60000"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "office connect pl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "msr20 russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "secblade fw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "u200a and m f5123p30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "switch series (comware r1208p10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v5)"
      },
      {
        "model": "4510g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vsr1000 r0204p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "switch series r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5920"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "ei switch series r3108p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5130"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "70585"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "129932"
      },
      {
        "db": "PACKETSTORM",
        "id": "130541"
      },
      {
        "db": "PACKETSTORM",
        "id": "132082"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2014-3513",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-3513",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3513",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3513",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3513"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. OpenSSL is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04540692\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04540692\nVersion: 1\n\nHPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service\n(DoS), Unauthorized Access, and Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-01-13\nLast Updated: 2015-01-13\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized\naccess, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP OneView\nrunning OpenSSL and Bash Shell. These vulnerabilities (POODLE and Shellshock)\ncould be exploited remotely to create a Denial of Service (DoS), allow\nunauthorized access, or disclose information. \n\nReferences:\n\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-6271\nCVE-2014-6277\nCVE-2014-6278\nCVE-2014-7169\nCVE-2014-7186\nCVE-2014-7187\nSSRT101739\nSSRT101868\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP OneView versions prior to 1.20\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3513    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2014-3566    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2014-3567    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2014-6271    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2014-6277    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2014-6278    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2014-7169    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2014-7186    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2014-7187    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has released the following software update to resolve the vulnerabilities\nin HP OneView. \n\nExisting users may upgrade to HP OneView version 1.20 using the Update\nAppliance feature in HP OneView. \n\nHP OneView version 1.20 is available from the following location:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=Z7550-63180\n\nNote: The upgrade (.bin) or a new install (.ova) is also available:\n\nAn HP Passport login is required. \n\nGo to the HP Software Depot site at http://www.software.hp.com and search for\nHP OneView. \n\nHISTORY\nVersion:1 (rev.1) - 13 January 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. Summary\n\n   VMware vCenter Server, ESXi, Workstation, Player and Fusion address\n   several security issues. Relevant Releases\n\n   VMware Workstation 10.x prior to version 10.0.5\n  \n   VMware Player 6.x prior to version 6.0.5\n\n   VMware Fusion 7.x prior to version 7.0.1\n   VMware Fusion 6.x prior to version 6.0.5\n\n   vCenter Server 5.5 prior to Update 2d\n\n   ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG\n   ESXi 5.1 without patch ESXi510-201404101-SG\n   ESXi 5.0 without patch ESXi500-201405101-SG\n\n3. Problem Description \n\n   a. VMware ESXi, Workstation, Player, and Fusion host privilege\n      escalation vulnerability\n\n      VMware ESXi, Workstation, Player and Fusion contain an arbitrary \n      file write issue. Exploitation this issue may allow for privilege\n      escalation on the host. \n\n      The vulnerability does not allow for privilege escalation from \n      the guest Operating System to the host or vice-versa. This means\n      that host memory can not be manipulated from the Guest Operating\n      System. \n\n      Mitigation\n      \n      For ESXi to be affected, permissions must have been added to ESXi\n      (or a vCenter Server managing it) for a virtual machine \n      administrator role or greater. \n\n      VMware would like to thank Shanon Olsson for reporting this issue to\n      us through JPCERT. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifier CVE-2014-8370 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      Workstation    11.x       any       not affected\n      Workstation    10.x       any       10.0.5\n\n      Player         7.x        any       not affected\n      Player         6.x        any       6.0.5\n\n      Fusion         7.x        any       not affected\n      Fusion         6.x        any       6.0.5\n\n      ESXi           5.5        ESXi      ESXi550-201403102-SG\n      ESXi           5.1        ESXi      ESXi510-201404101-SG \n      ESXi           5.0        ESXi      ESXi500-201405101-SG\n\n   b. VMware Workstation, Player, and Fusion Denial of Service \n      vulnerability\n\n      VMware Workstation, Player, and Fusion contain an input validation \n      issue in the Host Guest File System (HGFS). This issue may allow\n      for a Denial of Service of the Guest Operating system. \n\n      VMware would like to thank Peter Kamensky from Digital Security for \n      reporting this issue to us. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifier CVE-2015-1043 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      Workstation    11.x       any       not affected\n      Workstation    10.x       any       10.0.5\n\n      Player         7.x        any       not affected\n      Player         6.x        any       6.0.5\n\n      Fusion         7.x        any       7.0.1\n      Fusion         6.x        any       6.0.5\n\n   c. VMware ESXi, Workstation, and Player Denial of Service \n      vulnerability\n\n      VMware ESXi, Workstation, and Player contain an input\n      validation issue in VMware Authorization process (vmware-authd). \n      This issue may allow for a Denial of Service of the host. On \n      VMware ESXi and on Workstation running on Linux the Denial of\n      Service would be partial. \n\n      VMware would like to thank Dmitry Yudin @ret5et for reporting\n      this issue to us through HP\u0027s Zero Day Initiative. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifier CVE-2015-1044 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      Workstation    11.x       any       not affected\n      Workstation    10.x       any       10.0.5\n\n      Player         7.x        any       not affected\n      Player         6.x        any       6.0.5\n\n      Fusion         7.x        any       not affected\n      Fusion         6.x        any       not affected\n\n      ESXi           5.5        ESXi      ESXi550-201501101-SG\n      ESXi           5.1        ESXi      ESXi510-201410101-SG\n      ESXi           5.0        ESXi      not affected\n\n   d. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the names CVE-2014-3513, CVE-2014-3567, \n      CVE-2014-3566 (\"POODLE\") and CVE-2014-3568 to these issues. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is\n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      vCenter Server 5.5        any       Update 2d*\n      vCenter Server 5.1        any       patch pending\n      vCenter Server 5.0        any       patch pending\n\n      ESXi           5.5        ESXi      ESXi550-201501101-SG       \n      ESXi           5.1        ESXi      patch pending\n      ESXi           5.0        ESXi      patch pending\n\n      * The VMware vCenter 5.5 SSO component will be \n        updated in a later release\n  \n   e. Update to ESXi libxml2 package\n\n      The libxml2 library is updated to version libxml2-2.7.6-17\n      to resolve a security issue. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the name CVE-2014-3660 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is\n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      ESXi           5.5        ESXi      ESXi550-201501101-SG     \n      ESXi           5.1        ESXi      patch pending\n      ESXi           5.0        ESXi      patch pending\n     \n4. Solution\n\n   Please review the patch/release notes for your product and \n   version and verify the checksum of your downloaded file. \n\n   VMware Workstation 10.x\n   -------------------------------- \n   https://www.vmware.com/go/downloadworkstation \n\n   VMware Player 6.x\n   --------------------------------     \n   https://www.vmware.com/go/downloadplayer \n\n   VMware Fusion 7.x and 6.x\n   --------------------------------     \n   https://www.vmware.com/go/downloadplayer \n\n   vCenter Server\n   ----------------------------\n   Downloads and Documentation: \n   https://www.vmware.com/go/download-vsphere \n\n   ESXi 5.5 Update 2d\n   ----------------------------\n   File: update-from-esxi5.5-5.5_update01.zip\n   md5sum: 5773844efc7d8e43135de46801d6ea25\n   sha1sum: 6518355d260e81b562c66c5016781db9f077161f\n   http://kb.vmware.com/kb/2065832\n   update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG\n\n   ESXi 5.5\n   ----------------------------\n   File: ESXi550-201501001.zip\n   md5sum: b0f2edd9ad17d0bae5a11782aaef9304\n   sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1\n   http://kb.vmware.com/kb/2099265\n   ESXi550-201501001.zip contains ESXi550-201501101-SG\n\n   ESXi 5.1\n   ----------------------------\n   File: ESXi510-201404001.zip\n   md5sum: 9dc3c9538de4451244a2b62d247e52c4\n   sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66\n   http://kb.vmware.com/kb/2070666\n   ESXi510-201404001 contains ESXi510-201404101-SG\n\n   ESXi 5.0\n   ----------------------------\n   File: ESXi500-201405001.zip\n   md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d\n   sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5\n   http://kb.vmware.com/kb/2075521\n   ESXi500-201405001 contains  ESXi500-201405101-SG\n   \n5. Change log\n\n   2015-01-27 VMSA-2015-0001\n   Initial security advisory in conjunction with the release of VMware\n   Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d\n   and, ESXi 5.5 Patches released on 2015-01-27. Contact\n\n   E-mail list for product security notifications and announcements:\n   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n   This Security Advisory is posted to the following lists:\n\n    security-announce at lists.vmware.com\n    bugtraq at securityfocus.com\n    fulldisclosure at seclists.org\n\n   E-mail: security at vmware.com\n   PGP key at: http://kb.vmware.com/kb/1055\n\n   VMware Security Advisories\n   http://www.vmware.com/security/advisories\n\n   Consolidated list of VMware Security Advisories\n   http://kb.vmware.com/kb/2078735\n\n   VMware Security Response Policy\n   https://www.vmware.com/support/policies/security_response.html\n\n   VMware Lifecycle Support Phases\n   https://www.vmware.com/support/policies/lifecycle.html\n \n   Twitter\n   https://twitter.com/VMwareSRC\n\n   Copyright 2015 VMware Inc.  All rights reserved. This flaw allows a man-in-the-middle (MITM)\n    attacker to decrypt a selected byte of a cipher text in as few as 256\n    tries if they are able to force a victim application to repeatedly send\n    the same data over newly created SSL 3.0 connections. \n\n    This update adds support for Fallback SCSV to mitigate this issue. \n\nCVE-2014-3568\n\n    When OpenSSL is configured with \"no-ssl3\" as a build option, servers\n    could accept and complete a SSL 3.0 handshake, and clients could be\n    configured to send them. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u13. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1j-1. \n\nWe recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2014:1652-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-1652.html\nIssue date:        2014-10-16\nCVE Names:         CVE-2014-3513 CVE-2014-3567 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that contain a backported patch to mitigate the\nCVE-2014-3566 issue and fix two security issues are now available for Red\nHat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails. \n\nThis can prevent a forceful downgrade of the communication to SSL 3.0. \nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode. \nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication. \n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed session\nticket integrity checks. A remote attacker could exhaust all available\nmemory of an SSL/TLS or DTLS server by sending a large number of invalid\nsession tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.2.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.2.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.2.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.2.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.2.ppc.rpm\nopenssl-1.0.1e-30.el6_6.2.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.2.s390.rpm\nopenssl-1.0.1e-30.el6_6.2.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.2.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.2.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.2.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.2.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.6.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.6.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.6.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.6.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.6.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.6.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.6.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.6.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.6.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.6.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-3513.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3567.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/1232123\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUP940XlSAg2UNWIIRAhUYAJ4or1rZ25E0BXjTPyeDsN+keTz3twCdHDEz\nqY686VXQQ02SLq5vTvKfuHk=\n=McEc\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3513"
      },
      {
        "db": "BID",
        "id": "70585"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3513"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "129932"
      },
      {
        "db": "PACKETSTORM",
        "id": "130541"
      },
      {
        "db": "PACKETSTORM",
        "id": "132082"
      },
      {
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "db": "PACKETSTORM",
        "id": "128706"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3513",
        "trust": 2.4
      },
      {
        "db": "SECUNIA",
        "id": "61439",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61058",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61207",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61837",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "62070",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61298",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61990",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61073",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59627",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61959",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031052",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "70584",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10091",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "70585",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3513",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130815",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129932",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130541",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132082",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130144",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137201",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132081",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132080",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128728",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128706",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3513"
      },
      {
        "db": "BID",
        "id": "70585"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "129932"
      },
      {
        "db": "PACKETSTORM",
        "id": "130541"
      },
      {
        "db": "PACKETSTORM",
        "id": "132082"
      },
      {
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "db": "PACKETSTORM",
        "id": "128706"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "id": "VAR-201410-0371",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.395238084
  },
  "last_update_date": "2024-07-23T21:06:25.896000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/10/15/openssl_ddos_vulns/"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2385-1"
      },
      {
        "title": "Red Hat: CVE-2014-3513",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3513"
      },
      {
        "title": "Debian Security Advisories: DSA-3053-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=89bdef3607a7448566a930eca0e94cb3"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-427",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-427"
      },
      {
        "title": "Symantec Security Advisories: SA87 : OpenSSL Security Advisory 15-Oct-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=374cff59719675d8235f907c21b99bfc"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720141015\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2014-11"
      },
      {
        "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.4,
        "url": "https://www.openssl.org/news/secadv_20141015.txt"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1652.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2014/dsa-3053"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1692.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2385-1"
      },
      {
        "trust": 1.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0416.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59627"
      },
      {
        "trust": 1.1,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61298"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61959"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61439"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61073"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/70584"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62070"
      },
      {
        "trust": 1.1,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031052"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61207"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61058"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61990"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61837"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142834685803386\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht205217"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10091"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=2b0532f3984324ebe1236a63d15893792384328d"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.6,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.6,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.6,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691210"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/feb/151"
      },
      {
        "trust": 0.3,
        "url": "http://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 0.3,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:23.openssl.asc"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04492722"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04616259"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04533567 "
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04533567 "
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686792"
      },
      {
        "trust": 0.3,
        "url": "https://support.asperasoft.com/entries/103000206-security-advisory-cve-2014-3513-cve-2014-3566-poodle-cve-2014-3567-cve-2014-3568"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097074"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21884030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959134"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21688284"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697995"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697165"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21689482"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097375"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098265"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021548"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097587"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701452"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098105"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693662"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689347"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097867"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098586"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097807"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689743"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020593"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689332"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691140"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688762"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/fulldisclosure/2015/jan/108"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101009000"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699200"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700489"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687863"
      },
      {
        "trust": 0.3,
        "url": "www-01.ibm.com/support/docview.wss?uid=ssg1s1005003"
      },
      {
        "trust": 0.3,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2385-1/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://www.software.hp.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7186"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7169"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6271"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6277"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7187"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6278"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-0c9e74c0cd5a48b4a537e63427"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-a7973a3813bf47d8afdb053b58"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-b41f3bc307ee43d39a172d249f"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-0d22e1c193434997889fa62736"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hp.com/hpsc/swd/public/detail?switemid=mtx_00eb9ac82e864"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hp.com/hpsc/swd/public/detail?switemid=mtx_34bcab41ac7e4"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/insightupdates"
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/vmwaresrc"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1044"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1044"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2078735"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2070666"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1043"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8370"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2075521"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2065832"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/downloadplayer"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3660"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1043"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/lifecycle.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/downloadworkstation"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3660"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2099265"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8370"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/download-vsphere"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightmanagement"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2019"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2018"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2021"
      },
      {
        "trust": 0.1,
        "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3513.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3567.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/1232123"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3513"
      },
      {
        "db": "BID",
        "id": "70585"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "129932"
      },
      {
        "db": "PACKETSTORM",
        "id": "130541"
      },
      {
        "db": "PACKETSTORM",
        "id": "132082"
      },
      {
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "db": "PACKETSTORM",
        "id": "128706"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3513"
      },
      {
        "db": "BID",
        "id": "70585"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "129932"
      },
      {
        "db": "PACKETSTORM",
        "id": "130541"
      },
      {
        "db": "PACKETSTORM",
        "id": "132082"
      },
      {
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "db": "PACKETSTORM",
        "id": "128706"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-10-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3513"
      },
      {
        "date": "2014-10-15T00:00:00",
        "db": "BID",
        "id": "70585"
      },
      {
        "date": "2015-03-13T17:11:00",
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "date": "2015-01-14T03:51:42",
        "db": "PACKETSTORM",
        "id": "129932"
      },
      {
        "date": "2015-02-26T17:12:16",
        "db": "PACKETSTORM",
        "id": "130541"
      },
      {
        "date": "2015-05-29T23:37:23",
        "db": "PACKETSTORM",
        "id": "132082"
      },
      {
        "date": "2015-01-28T18:22:00",
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "date": "2016-05-26T09:22:00",
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "date": "2015-05-29T23:37:11",
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "date": "2015-05-29T23:37:04",
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "date": "2014-10-17T14:50:20",
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "date": "2014-10-17T00:03:21",
        "db": "PACKETSTORM",
        "id": "128706"
      },
      {
        "date": "2014-10-19T01:55:13.887000",
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3513"
      },
      {
        "date": "2016-09-09T15:00:00",
        "db": "BID",
        "id": "70585"
      },
      {
        "date": "2023-11-07T02:20:11.097000",
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "70585"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL \u0027no-ssl3\u0027 Build Option Security Bypass Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "70585"
      }
    ],
    "trust": 0.3
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "70585"
      }
    ],
    "trust": 0.3
  }
}

var-200609-0837
Vulnerability from variot

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDKSA-2006:207 http://www.mandriva.com/security/

Package : bind Date : November 14, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0

Problem Description:

The BIND DNS server is vulnerable to the recently-discovered OpenSSL RSA signature verification problem (CVE-2006-4339). BIND uses RSA cryptography as part of its DNSSEC implementation. As a result, to resolve the security issue, these packages need to be upgraded and for both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to be generated using the "-e" option of dnssec-keygen, if the current keys were generated using the default exponent of 3.

You are able to determine if your keys are vulnerable by looking at the algorithm (1 or 5) and the first three characters of the Base64 encoded RSA key. RSAMD5 (1) and RSASHA1 (5) keys that start with "AQM", "AQN", "AQO", or "AQP" are vulnerable.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445

Updated Packages:

Mandriva Linux 2006.0: 1035f92172986ed63ca035de0603a0fd 2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm 4f5949d85f13c68220f4f5f030f63849 2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm f201e05548b673268038e95225451085 2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm 4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 83b6c31bef9e4df229e2fe5cf8c3aa2a 2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm fb03e9a493645041816c206267a052f4 2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm f54babadfba3ec593563724208df1eaa 2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm 4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm

Mandriva Linux 2007.0: 6c282a7b5c3cfec534e2557926005bbf 2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm 03390448f140777d62cdd76e50361526 2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm 7546dc98ff5e8061636a3a75d6b318fb 2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm 8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: c190d522505a16aa97891f525e0034a4 2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm 594cacdac86db81b0c62a7380c6a3a2d 2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm e827e65717615868896e43bcb4856f2d 2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm 8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm

Corporate 3.0: fa096b2fac1840797e382ba61728d47e corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm 0f1e56f1f3a2689443c04b52d8ce5545 corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm 99bf1f4127e97b8941b597aa5e19aa0a corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm 2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm

Corporate 3.0/X86_64: e74bea44aee406d11c87227584790c26 corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm b108edf227b55f3af3ab55b48c23a62a corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm ba548cbba992f479ad40ecf0808f36cb corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm 2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm

Corporate 4.0: 8bfc97510d4f07568d64c9b9872b4bba corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm dda709703f8bf05f1ff59ae6132a81a7 corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm daf59d23abaaaf62c990d2fa1155688c corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 3d1bbe1e7d4f2de6e546996e181a16b0 corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm c1b8467d62623ef5daf35a696ab2389e corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm 83cf57110f107c450aaac5931ee52ecb corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0: abd228e7f0b762ae8c11c8ecd90200c2 mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm dd7b0785e31880a09d10957695c0552d mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm 0a2052e5f263b8b8d94111a581928c57 mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm eff2c78779b4285783ffea14e6e33c31 mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFWlnDmqjQ0CJFipgRAvl+AKCd5q51CkdHf1UnUJ4imb9Fzl5mZQCfaW5Z 6faoicEmIFqGW4QuEVIhCbU= =bI0u -----END PGP SIGNATURE-----

. ----------------------------------------------------------------------

Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/

TITLE: OpenOffice.org 2 Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA38567

VERIFY ADVISORY: http://secunia.com/advisories/38567/

DESCRIPTION: Some vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system.

For more information: SA38568

SOLUTION: Upgrade to version 3.2.

ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2006-4339.html http://www.openoffice.org/security/cves/CVE-2009-0217.html http://www.openoffice.org/security/cves/CVE-2009-2949.html http://www.openoffice.org/security/cves/CVE-2009-2950.html http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html

OTHER REFERENCES: SA38568: http://secunia.com/advisories/38568/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0837",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "jre 011",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 011",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 010",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 010",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 013",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 014",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": "sdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 15",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 015",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jdk 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jdk 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "jre 1.4.2 12",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "sdk 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre .0 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "sdk 07",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk b 005",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "sdk 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk .0 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk .0 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk .0 4",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk 008",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2"
      },
      {
        "model": "sdk 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre .0 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 015",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "sdk 012",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 014",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 009",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": "jre 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jdk 003",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk .0 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "sdk 13",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre .0 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jdk 006",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk 05",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk .0 03",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sybase",
        "version": "3.1"
      },
      {
        "model": "jdk 06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre b 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jdk 002",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 008",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 004",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 009",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "jdk 004",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "sdk 013",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk b 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "jre 012",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 009",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.5"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.1"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.9"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "java system web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.10"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.5"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "5.2.2"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ffi global fix lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "java web proxy server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.6"
      },
      {
        "model": "2-stable-20061018",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "jre b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "4,0 beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "jre .0 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "software opera web browser 1win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "jdk 09",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "7.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "6.2.3"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.51"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "sdk 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "java web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "thunderbird",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.5"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "jdk 1.5.0.0 06",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "one application server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "java system web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "sdk 04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.6"
      },
      {
        "model": "thunderbird",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.7"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "java system web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "solonde etl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.6"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "jsse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.2"
      },
      {
        "model": "one web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.54"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "one web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.51"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "one web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.1"
      },
      {
        "model": "java system web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "www-client/opera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gentoo",
        "version": "9.0.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.3"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.10"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.12"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.4"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "sdk 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.02"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-release-p32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.1.1"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5.1"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "jre 01a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "reflection ftp client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "12.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "ffi global fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.1"
      },
      {
        "model": "jsse 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "java system web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "java system application server 2004q2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "java web proxy server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "jre 009",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.52"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "jre b 005",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "jsse 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "jre 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "international cryptographic infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.7.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.54"
      },
      {
        "model": "software opera web browser beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "83"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.53"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.21"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "java system web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "data auditing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.5.3"
      },
      {
        "model": "openoffice",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.2"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "-release-p42",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "java system application server 2004q2 r1standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "seamonkey",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.5"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.0"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "data direct odbc/ole-db drivers for ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "java system web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "communications security tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "global fix lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.3"
      },
      {
        "model": "software opera web browser win32 beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.01"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.7"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.22"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.4"
      },
      {
        "model": "virtualvault a.04.50",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "jdk 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "integrated management",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "jre 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "one web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.2.1"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.1"
      },
      {
        "model": "jdk 1.5.0.0 04",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "java system web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.5"
      },
      {
        "model": "tomboy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "one application server platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "x0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "ecda",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.6"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.2"
      },
      {
        "model": "software opera web browser j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "solaris 8 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.1"
      },
      {
        "model": "one web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.50"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.06"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "ecda",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "sdk 05a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "java web proxy server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "software opera web browser beta build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.2012981"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "9"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.2"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "sdk 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.53"
      },
      {
        "model": "reflection sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.1"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "current pre20010701",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "jdk b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "-release-p38",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.13"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "corp banking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "java system application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "tomboy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.9"
      },
      {
        "model": "one web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.10"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.5"
      },
      {
        "model": "java system application server 2004q2 r1enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "jdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "seamonkey",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.3"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.1"
      },
      {
        "model": "-release-p17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "9.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0.4"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser .6win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "data integration suite di",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.0"
      },
      {
        "model": "linux enterprise sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.14"
      },
      {
        "model": "java web proxy server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "java system application server platform edition q1 ur1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "data auditing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.5.2"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.1"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.4"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.2"
      },
      {
        "model": "stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "java system web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "sdk 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "4.10-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "java enterprise system 2005q1",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "reflection sftp client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "solaris 8 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "java system application server platform edition q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "iq extended enterpirse edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.7"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "jdk 13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "java system application server standard 2004q2 r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "sdk 07a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "interactive response",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.1"
      },
      {
        "model": "software opera web browser mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.1"
      },
      {
        "model": "java system application server enterprise edition 2005q1rhel2.1/rhel3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "international cryptographic infostructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.6.1"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.8"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "software opera web browser b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "project openssl k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "java system application server standard 2004q2 r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "9.01"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "java system application server 2004q2 r2 enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java system web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "current august",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "232006"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "jre 05a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "sdk 007",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "one web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.2"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.3"
      },
      {
        "model": "jdk 15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "cvlan",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "jre 099",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "java system application server 2004q2 r3 enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java enterprise system 2003q4",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "java system application server 2004q2 r3 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "jre beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.10"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "java system application server 2004q2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20090"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "3.1 rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "e-biz impact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.5"
      },
      {
        "model": "ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "11.5"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.02"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "java system application server enterprise 2004q2 r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "-release-p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "8.0"
      },
      {
        "model": "one web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "jre 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "jre 13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "10.5"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "jdk 12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "mach desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "jdk 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "advanced linux environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "secure global desktop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.0.2"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.4"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "one web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "7.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "java system application server standard platform q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.52"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3)4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "webproxy a.02.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.2"
      },
      {
        "model": "java system application server enterprise 2004q2 r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "java system web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "java system web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "one web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "project openssl c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bpi for healthcare",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2"
      },
      {
        "model": "jdk 099",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 006",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "10.2.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.13"
      },
      {
        "model": "webproxy a.02.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "virtualvault a.04.70",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "11.0"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "e-biz impact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.4.5"
      },
      {
        "model": "java system application server enterprise edition q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "jdk 1.5.0.0 03",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.3-1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "jdk 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "ffi uofx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.50"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.0"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "java web proxy server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "reflection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0.5"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "seamonkey",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.6"
      },
      {
        "model": "ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5.2"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.4"
      },
      {
        "model": "jsse 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "one web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "e1.0-solid",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.2"
      },
      {
        "model": "-release/alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "ffi bptw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "java web proxy server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "java system application server 2004q2 r2 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.2"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "virtualvault a.04.60",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.3"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "10.0"
      },
      {
        "model": "java enterprise system 2005q4",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "hat fedora core5",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "one web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "sdk 01a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "solaris 9 x86 update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0.x"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "network security services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.11.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "jre 004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.23"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "8.1"
      },
      {
        "model": "legion of the bouncy castle java cryptography api",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "the",
        "version": "1.37"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "-stablepre2002-03-07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.0"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.2"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1"
      },
      {
        "model": "thunderbird",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.8"
      },
      {
        "model": "ffi cons banking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "java enterprise system 2004q2",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "securefx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "van dyke",
        "version": "4.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "java system web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.5"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "software opera web browser 3win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "java web proxy server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.0"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "jre 09",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "software opera web browser 2win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.01"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.8"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.7"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "bpi for healthcare",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2.1"
      },
      {
        "model": "java web proxy server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "sdk .0 05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.20"
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "java system web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.14"
      },
      {
        "model": "sdk .0 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.12"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3"
      },
      {
        "model": "jre .0 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.3.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "mfolio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.2.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.11"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "jdk 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "software opera web browser win32 beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.02"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.6"
      },
      {
        "model": "firefox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.8"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.11"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "jsse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "current pre20010805",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "java web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.0"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "legion of the bouncy castle java cryptography api",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "the",
        "version": "1.38"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "java system web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "java web proxy server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "solaris update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "95"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "solonde etl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "vshell",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "van dyke",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "interactive response",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.3"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andy Davis advisories@irmplc.com\u203bVicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es\u203bAlexander Kornbrust ak@red-database-security.com David Litchfield",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-4339",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4339",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#594904",
            "trust": 0.8,
            "value": "0.63"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-044",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. \nAn attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. \nAll versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                         MDKSA-2006:207\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : bind\n Date    : November 14, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n The BIND DNS server is vulnerable to the recently-discovered OpenSSL\n RSA signature verification problem (CVE-2006-4339).  BIND uses RSA\n cryptography as part of its DNSSEC implementation.  As a result, to\n resolve the security issue, these packages need to be upgraded and for\n both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to\n be generated using the \"-e\" option of dnssec-keygen, if the current\n keys were generated using the default exponent of 3. \n\n You are able to determine if your keys are vulnerable by looking at the\n algorithm (1 or 5) and the first three characters of the Base64 encoded\n RSA key.  RSAMD5 (1) and RSASHA1 (5) keys that start with \"AQM\", \"AQN\",\n \"AQO\", or \"AQP\" are vulnerable. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 1035f92172986ed63ca035de0603a0fd  2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm\n 4f5949d85f13c68220f4f5f030f63849  2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm\n f201e05548b673268038e95225451085  2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm \n 4f57cbdc960171c439223f5c20952460  2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 83b6c31bef9e4df229e2fe5cf8c3aa2a  2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm\n fb03e9a493645041816c206267a052f4  2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm\n f54babadfba3ec593563724208df1eaa  2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm \n 4f57cbdc960171c439223f5c20952460  2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 6c282a7b5c3cfec534e2557926005bbf  2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm\n 03390448f140777d62cdd76e50361526  2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm\n 7546dc98ff5e8061636a3a75d6b318fb  2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm \n 8be8a7d591971e760d1251bd75f97a6c  2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n c190d522505a16aa97891f525e0034a4  2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm\n 594cacdac86db81b0c62a7380c6a3a2d  2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm\n e827e65717615868896e43bcb4856f2d  2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm \n 8be8a7d591971e760d1251bd75f97a6c  2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n fa096b2fac1840797e382ba61728d47e  corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm\n 0f1e56f1f3a2689443c04b52d8ce5545  corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm\n 99bf1f4127e97b8941b597aa5e19aa0a  corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm \n 2b49bd9c7edf8bd81b297260b54de32d  corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n e74bea44aee406d11c87227584790c26  corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm\n b108edf227b55f3af3ab55b48c23a62a  corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm\n ba548cbba992f479ad40ecf0808f36cb  corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm \n 2b49bd9c7edf8bd81b297260b54de32d  corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm\n\n Corporate 4.0:\n 8bfc97510d4f07568d64c9b9872b4bba  corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm\n dda709703f8bf05f1ff59ae6132a81a7  corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm\n daf59d23abaaaf62c990d2fa1155688c  corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm \n ccfd1d4d79b168ab5f7998e51c305a26  corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 3d1bbe1e7d4f2de6e546996e181a16b0  corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm\n c1b8467d62623ef5daf35a696ab2389e  corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm\n 83cf57110f107c450aaac5931ee52ecb  corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm \n ccfd1d4d79b168ab5f7998e51c305a26  corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n abd228e7f0b762ae8c11c8ecd90200c2  mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm\n dd7b0785e31880a09d10957695c0552d  mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm\n 0a2052e5f263b8b8d94111a581928c57  mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm \n eff2c78779b4285783ffea14e6e33c31  mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFWlnDmqjQ0CJFipgRAvl+AKCd5q51CkdHf1UnUJ4imb9Fzl5mZQCfaW5Z\n6faoicEmIFqGW4QuEVIhCbU=\n=bI0u\n-----END PGP SIGNATURE-----\n\n. ----------------------------------------------------------------------\n\n\n\nSecunia integrated with Microsoft WSUS \nhttp://secunia.com/blog/71/\n\n\n\n----------------------------------------------------------------------\n\nTITLE:\nOpenOffice.org 2 Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA38567\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38567/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in OpenOffice.org, which can\nbe exploited by malicious people to bypass certain security\nrestrictions, conduct spoofing attacks, or compromise a user\u0027s\nsystem. \n\nFor more information:\nSA38568\n\nSOLUTION:\nUpgrade to version 3.2. \n\nORIGINAL ADVISORY:\nhttp://www.openoffice.org/security/cves/CVE-2006-4339.html\nhttp://www.openoffice.org/security/cves/CVE-2009-0217.html\nhttp://www.openoffice.org/security/cves/CVE-2009-2949.html\nhttp://www.openoffice.org/security/cves/CVE-2009-2950.html\nhttp://www.openoffice.org/security/cves/CVE-2009-3301-3302.html\n\nOTHER REFERENCES:\nSA38568:\nhttp://secunia.com/advisories/38568/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "52186"
      },
      {
        "db": "PACKETSTORM",
        "id": "86234"
      }
    ],
    "trust": 3.51
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 2.1
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "19849",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "38567",
        "trust": 1.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "25399",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22936",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23841",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21785",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22325",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21870",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22044",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22934",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22689",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22036",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22509",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21927",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22939",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "28115",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22446",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22733",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22938",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21852",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22932",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21873",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22711",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22066",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "60799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22937",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "41818",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21930",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "38568",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21776",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22523",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25649",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21982",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21767",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21906",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22232",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22513",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21846",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22949",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21823",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22161",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22940",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26893",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22226",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21778",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23455",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22948",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21812",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22585",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22545",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24099",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-4224",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4366",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3793",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4586",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4216",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-5146",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3899",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4205",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3730",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4206",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1945",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4744",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0366",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0254",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3453",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4207",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3748",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3566",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1815",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2163",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1016791",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000079",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "28549",
        "trust": 1.0
      },
      {
        "db": "JVN",
        "id": "JVN51615542",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1017143",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22646",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "52186",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "86234",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "52186"
      },
      {
        "db": "PACKETSTORM",
        "id": "86234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "id": "VAR-200609-0837",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.32525984999999996
  },
  "last_update_date": "2024-05-17T22:22:44.985000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "OOo_3.2.1_Win_x86_install-wJRE_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3189"
      },
      {
        "title": "OOo_3.2.0_Linux_x86-64_install-deb_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3193"
      },
      {
        "title": "OOo_3.2.0_Linux_x86-64_install-rpm-wJRE_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3192"
      },
      {
        "title": "OOo_3.2.1_Linux_x86_install-deb_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3191"
      },
      {
        "title": "OOo_3.2.0_Solaris_x86_install-wJRE_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3195"
      },
      {
        "title": "OOo_3.2.1_Linux_x86_install-rpm-wJRE_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3190"
      },
      {
        "title": "OOo_3.2.0_MacOS_x86_install_zh-CN",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3194"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 1.4,
        "url": "http://www.openoffice.org/security/cves/cve-2006-4339.html"
      },
      {
        "trust": 1.3,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=3117"
      },
      {
        "trust": 1.3,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-188.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://support.attachmate.com/techdocs/2137.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.openssl.org/news/secadv_20060905.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.bluecoat.com/support/knowledge/openssl_rsa_signature_forgery.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/845620"
      },
      {
        "trust": 1.3,
        "url": "http://docs.info.apple.com/article.html?artnum=307177"
      },
      {
        "trust": 1.3,
        "url": "https://secure-support.novell.com/kanisaplatform/publishing/41/3143224_f.sal_public.html"
      },
      {
        "trust": 1.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1"
      },
      {
        "trust": 1.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "trust": 1.3,
        "url": "http://www.sybase.com/detail?id=1047991"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://dev2dev.bea.com/pub/advisory/238"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c01070495"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://jvn.jp/en/jp/jvn51615542/index.html"
      },
      {
        "trust": 1.0,
        "url": "http://jvndb.jvn.jp/ja/contents/2012/jvndb-2012-000079.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2007/dec/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21709"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21767"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21776"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21778"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21785"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21812"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21823"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21846"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21852"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21870"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21873"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21906"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21927"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21982"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22036"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22044"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22066"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22161"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22226"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22232"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22325"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22446"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22509"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22513"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22523"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22545"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22585"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22689"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22711"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22733"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22932"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22934"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22936"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22937"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22938"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22939"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22940"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22948"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22949"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23455"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23841"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24099"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25399"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25649"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26893"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/28115"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/38567"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/38568"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/41818"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/60799"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:19.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200609-05.xml"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200609-18.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016791"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.566955"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.605306"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2127.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2128.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/40ak-2006-04-fr-1.1_ssl360_openssl_rsa.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1174"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:161"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:207"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_61_opera.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openbsd.org/errata.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.com/security/advisories/openpkg-sa-2006.018.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.029-bind.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.opera.com/support/search/supsearch.dml?index=845"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/28549"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0661.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0062.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0072.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0073.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/445231/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/445822/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/450327/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/19849"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-339-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.us.debian.org/security/2006/dsa-1173"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3453"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3566"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3730"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3748"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3793"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3899"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4205"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4206"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4207"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4216"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4366"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4586"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4744"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/5146"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0254"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1815"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1945"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2163"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/4224"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2010/0366"
      },
      {
        "trust": 1.0,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00771742"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28755"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-1633"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-616"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11656"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.sun.com/software/products/appsrvr/index.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.sun.com/download/products.xml?id=438cfb75"
      },
      {
        "trust": 0.8,
        "url": "http://www.sun.com/download/products.xml?id=43a84f89"
      },
      {
        "trust": 0.8,
        "url": "http://www.mozilla.org/projects/security/pki/nss/"
      },
      {
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102670-1 "
      },
      {
        "trust": 0.8,
        "url": "http://en.wikipedia.org/wiki/ssl"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/4299 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1017143 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22646 "
      },
      {
        "trust": 0.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1\u0026searchclause="
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.3,
        "url": "http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-196.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-224.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-246.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.cdc.informatik.tu-darmstadt.de/securebrowser/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
      },
      {
        "trust": 0.3,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2006-023.txt.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-451.php"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0735.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0661.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0675.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0676.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0677.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0733.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0734.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/44ak-2006-04-en-1.1_ssl360_openssl_rsa.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www1.vandyke.com/support/advisory/2007/01/845620.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.slackware.com/security/list.php?l=slackware-security\u0026y=2006"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "/archive/1/446038"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2007-091.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-250.htm"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?admit=-1335382922+1174502331230+28353475\u0026docid=c00774579"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-january/051708.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2007-0062.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2007-0072.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/594904"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://www.openoffice.org/security/cves/cve-2009-0217.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/38568/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/blog/71/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openoffice.org/security/cves/cve-2009-3301-3302.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.openoffice.org/security/cves/cve-2009-2950.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openoffice.org/security/cves/cve-2009-2949.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/38567/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "52186"
      },
      {
        "db": "PACKETSTORM",
        "id": "86234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "PACKETSTORM",
        "id": "52186"
      },
      {
        "db": "PACKETSTORM",
        "id": "86234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "date": "2006-09-05T00:00:00",
        "db": "BID",
        "id": "19849"
      },
      {
        "date": "2006-11-16T16:32:32",
        "db": "PACKETSTORM",
        "id": "52186"
      },
      {
        "date": "2010-02-12T13:01:15",
        "db": "PACKETSTORM",
        "id": "86234"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "date": "2006-09-05T17:04:00",
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#594904"
      },
      {
        "date": "2015-03-19T08:19:00",
        "db": "BID",
        "id": "19849"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      },
      {
        "date": "2018-10-17T21:35:10.617000",
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-044"
      }
    ],
    "trust": 0.6
  }
}

var-201512-0485
Vulnerability from variot

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. ============================================================================ Ubuntu Security Notice USN-2830-1 December 07, 2015

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL. This issue only applied to Ubuntu 15.10. This issue only applied to Ubuntu 15.10. (CVE-2015-3194)

Adam Langley discovered that OpenSSL incorrectly handled malformed X509_ATTRIBUTE structures. (CVE-2015-3195)

It was discovered that OpenSSL incorrectly handled PSK identity hints. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10: libssl1.0.0 1.0.2d-0ubuntu1.2

Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.5

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.16

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.32

After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05398322 Version: 1

HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-02-21 Last Updated: 2017-02-21

Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE Network products including Comware 5, Comware 7, IMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.

References:

  • CVE-2015-1794 - Remote Denial of Service (DoS)
  • CVE-2015-3193 - Remote disclosure of sensitive information
  • CVE-2015-3194 - Remote Denial of Service (DoS)
  • CVE-2015-3195 - Remote disclosure of sensitive information
  • CVE-2015-3196 - Remote Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • HPE Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.
  • VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2015-1794
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3193
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2015-3194
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3195
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3196
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software updates to resolve the vulnerabilities in the Comware, IMC and VCX products running OpenSSL.

COMWARE 5 Products

  • A6600 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • HSR6602 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JC176A HP 6602 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • MSR20 (Comware 5) - Version: R2516
    • HP Network Products
    • JD432A HP A-MSR20-21 Router
    • JD662A HP MSR20-20 Router
    • JD663A HP A-MSR20-21 Router
    • JD663B HP MSR20-21 Router
    • JD664A HP MSR20-40 Router
    • JF228A HP MSR20-40 Router
    • JF283A HP MSR20-20 Router
  • MSR20-1X (Comware 5) - Version: R2516
    • HP Network Products
    • JD431A HP MSR20-10 Router
    • JD667A HP MSR20-15 IW Multi-Service Router
    • JD668A HP MSR20-13 Multi-Service Router
    • JD669A HP MSR20-13 W Multi-Service Router
    • JD670A HP MSR20-15 A Multi-Service Router
    • JD671A HP MSR20-15 AW Multi-Service Router
    • JD672A HP MSR20-15 I Multi-Service Router
    • JD673A HP MSR20-11 Multi-Service Router
    • JD674A HP MSR20-12 Multi-Service Router
    • JD675A HP MSR20-12 W Multi-Service Router
    • JD676A HP MSR20-12 T1 Multi-Service Router
    • JF236A HP MSR20-15-I Router
    • JF237A HP MSR20-15-A Router
    • JF238A HP MSR20-15-I-W Router
    • JF239A HP MSR20-11 Router
    • JF240A HP MSR20-13 Router
    • JF241A HP MSR20-12 Router
    • JF806A HP MSR20-12-T Router
    • JF807A HP MSR20-12-W Router
    • JF808A HP MSR20-13-W Router
    • JF809A HP MSR20-15-A-W Router
    • JF817A HP MSR20-15 Router
    • JG209A HP MSR20-12-T-W Router (NA)
    • JG210A HP MSR20-13-W Router (NA)
  • MSR 30 (Comware 5) - Version: R2516
    • HP Network Products
    • JD654A HP MSR30-60 POE Multi-Service Router
    • JD657A HP MSR30-40 Multi-Service Router
    • JD658A HP MSR30-60 Multi-Service Router
    • JD660A HP MSR30-20 POE Multi-Service Router
    • JD661A HP MSR30-40 POE Multi-Service Router
    • JD666A HP MSR30-20 Multi-Service Router
    • JF229A HP MSR30-40 Router
    • JF230A HP MSR30-60 Router
    • JF232A HP RTMSR3040-AC-OVSAS-H3
    • JF235A HP MSR30-20 DC Router
    • JF284A HP MSR30-20 Router
    • JF287A HP MSR30-40 DC Router
    • JF801A HP MSR30-60 DC Router
    • JF802A HP MSR30-20 PoE Router
    • JF803A HP MSR30-40 PoE Router
    • JF804A HP MSR30-60 PoE Router
    • JG728A HP MSR30-20 TAA-compliant DC Router
    • JG729A HP MSR30-20 TAA-compliant Router
  • MSR 30-16 (Comware 5) - Version: R2516
    • HP Network Products
    • JD659A HP MSR30-16 POE Multi-Service Router
    • JD665A HP MSR30-16 Multi-Service Router
    • JF233A HP MSR30-16 Router
    • JF234A HP MSR30-16 PoE Router
  • MSR 30-1X (Comware 5) - Version: R2516
    • HP Network Products
    • JF800A HP MSR30-11 Router
    • JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
    • JG182A HP MSR30-11E Router
    • JG183A HP MSR30-11F Router
    • JG184A HP MSR30-10 DC Router
  • MSR 50 (Comware 5) - Version: R2516
    • HP Network Products
    • JD433A HP MSR50-40 Router
    • JD653A HP MSR50 Processor Module
    • JD655A HP MSR50-40 Multi-Service Router
    • JD656A HP MSR50-60 Multi-Service Router
    • JF231A HP MSR50-60 Router
    • JF285A HP MSR50-40 DC Router
    • JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
  • MSR 50-G2 (Comware 5) - Version: R2516
    • HP Network Products
    • JD429A HP MSR50 G2 Processor Module
    • JD429B HP MSR50 G2 Processor Module
  • MSR 9XX (Comware 5) - Version: R2516
    • HP Network Products
    • JF812A HP MSR900 Router
    • JF813A HP MSR920 Router
    • JF814A HP MSR900-W Router
    • JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
    • JG207A HP MSR900-W Router (NA)
    • JG208A HP MSR920-W Router (NA)
  • MSR 93X (Comware 5) - Version: R2516
    • HP Network Products
    • JG511A HP MSR930 Router
    • JG511B HP MSR930 Router
    • JG512A HP MSR930 Wireless Router
    • JG513A HP MSR930 3G Router
    • JG513B HP MSR930 3G Router
    • JG514A HP MSR931 Router
    • JG514B HP MSR931 Router
    • JG515A HP MSR931 3G Router
    • JG516A HP MSR933 Router
    • JG517A HP MSR933 3G Router
    • JG518A HP MSR935 Router
    • JG518B HP MSR935 Router
    • JG519A HP MSR935 Wireless Router
    • JG520A HP MSR935 3G Router
    • JG531A HP MSR931 Dual 3G Router
    • JG531B HP MSR931 Dual 3G Router
    • JG596A HP MSR930 4G LTE/3G CDMA Router
    • JG597A HP MSR936 Wireless Router
    • JG665A HP MSR930 4G LTE/3G WCDMA Global Router
    • JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
    • JH009A HP MSR931 Serial (TI) Router
    • JH010A HP MSR933 G.SHDSL (TI) Router
    • JH011A HP MSR935 ADSL2+ (TI) Router
    • JH012A HP MSR930 Wireless 802.11n (NA) Router
    • JH012B HP MSR930 Wireless 802.11n (NA) Router
    • JH013A HP MSR935 Wireless 802.11n (NA) Router
  • MSR1000 (Comware 5) - Version: See Mitigation
    • HP Network Products
    • JG732A HP MSR1003-8 AC Router
  • 12500 (Comware 5) - Version: R1829P02
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JC808A HP 12500 TAA Main Processing Unit
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
  • 9500E (Comware 5) - Version: R1829P02
    • HP Network Products
    • JC124A HP A9508 Switch Chassis
    • JC124B HP 9505 Switch Chassis
    • JC125A HP A9512 Switch Chassis
    • JC125B HP 9512 Switch Chassis
    • JC474A HP A9508-V Switch Chassis
    • JC474B HP 9508-V Switch Chassis
  • 10500 (Comware 5) - Version: R1210P02
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC614A HP 10500 Main Processing Unit
    • JC748A HP 10512 Switch Chassis
    • JG375A HP 10500 TAA-compliant Main Processing Unit
    • JG820A HP 10504 TAA-compliant Switch Chassis
    • JG821A HP 10508 TAA-compliant Switch Chassis
    • JG822A HP 10508-V TAA-compliant Switch Chassis
    • JG823A HP 10512 TAA-compliant Switch Chassis
  • 7500 (Comware 5) - Version: R6710P02
    • HP Network Products
    • JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
    • JC697A HP 7502 TAA-compliant Main Processing Unit
    • JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
    • JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
    • JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
    • JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
    • JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD194A HP 7500 384Gbps Fabric Module
    • JD194B HP 7500 384Gbps Fabric Module
    • JD195A HP 7500 384Gbps Advanced Fabric Module
    • JD196A HP 7502 Fabric Module
    • JD220A HP 7500 768Gbps Fabric Module
    • JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
    • JD238A HP 7510 Switch Chassis
    • JD238B HP 7510 Switch Chassis
    • JD239A HP 7506 Switch Chassis
    • JD239B HP 7506 Switch Chassis
    • JD240A HP 7503 Switch Chassis
    • JD240B HP 7503 Switch Chassis
    • JD241A HP 7506-V Switch Chassis
    • JD241B HP 7506-V Switch Chassis
    • JD242A HP 7502 Switch Chassis
    • JD242B HP 7502 Switch Chassis
    • JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
    • JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
    • JE164A HP E7902 Switch Chassis
    • JE165A HP E7903 Switch Chassis
    • JE166A HP E7903 1 Fabric Slot Switch Chassis
    • JE167A HP E7906 Switch Chassis
    • JE168A HP E7906 Vertical Switch Chassis
    • JE169A HP E7910 Switch Chassis
  • 6125G/XG Blade Switch - Version: R2112P05
    • HP Network Products
    • 737220-B21 HP 6125G Blade Switch with TAA
    • 737226-B21 HP 6125G/XG Blade Switch with TAA
    • 658250-B21 HP 6125G/XG Blade Switch Opt Kit
    • 658247-B21 HP 6125G Blade Switch Opt Kit
  • 5830 (Comware 5) - Version: R1118P13
    • HP Network Products
    • JC691A HP 5830AF-48G Switch with 1 Interface Slot
    • JC694A HP 5830AF-96G Switch
    • JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
    • JG374A HP 5830AF-96G TAA-compliant Switch
  • 5800 (Comware 5) - Version: R1810P03
    • HP Network Products
    • JC099A HP 5800-24G-PoE Switch
    • JC099B HP 5800-24G-PoE+ Switch
    • JC100A HP 5800-24G Switch
    • JC100B HP 5800-24G Switch
    • JC101A HP 5800-48G Switch with 2 Slots
    • JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
    • JC103A HP 5800-24G-SFP Switch
    • JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
    • JC104A HP 5800-48G-PoE Switch
    • JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
    • JC105A HP 5800-48G Switch
    • JC105B HP 5800-48G Switch with 1 Interface Slot
    • JG254A HP 5800-24G-PoE+ TAA-compliant Switch
    • JG254B HP 5800-24G-PoE+ TAA-compliant Switch
    • JG255A HP 5800-24G TAA-compliant Switch
    • JG255B HP 5800-24G TAA-compliant Switch
    • JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG225A HP 5800AF-48G Switch
    • JG225B HP 5800AF-48G Switch
    • JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
    • JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
    • JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
    • JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
    • JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
    • JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
    • JG219A HP 5820AF-24XG Switch
    • JG219B HP 5820AF-24XG Switch
    • JC102A HP 5820-24XG-SFP+ Switch
    • JC102B HP 5820-24XG-SFP+ Switch
  • 5500 HI (Comware 5) - Version: R5501P21
    • HP Network Products
    • JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
    • JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
    • JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
    • JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
  • 5500 EI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD373A HP 5500-24G DC EI Switch
    • JD374A HP 5500-24G-SFP EI Switch
    • JD375A HP 5500-48G EI Switch
    • JD376A HP 5500-48G-PoE EI Switch
    • JD377A HP 5500-24G EI Switch
    • JD378A HP 5500-24G-PoE EI Switch
    • JD379A HP 5500-24G-SFP DC EI Switch
    • JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
    • JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
    • JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
    • JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
    • JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
  • 4800G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD007A HP 4800-24G Switch
    • JD008A HP 4800-24G-PoE Switch
    • JD009A HP 4800-24G-SFP Switch
    • JD010A HP 4800-48G Switch
    • JD011A HP 4800-48G-PoE Switch
  • 5500SI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD369A HP 5500-24G SI Switch
    • JD370A HP 5500-48G SI Switch
    • JD371A HP 5500-24G-PoE SI Switch
    • JD372A HP 5500-48G-PoE SI Switch
    • JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
    • JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
  • 4500G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JF428A HP 4510-48G Switch
    • JF847A HP 4510-24G Switch
  • 5120 EI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JE066A HP 5120-24G EI Switch
    • JE067A HP 5120-48G EI Switch
    • JE068A HP 5120-24G EI Switch with 2 Interface Slots
    • JE069A HP 5120-48G EI Switch with 2 Interface Slots
    • JE070A HP 5120-24G-PoE EI 2-slot Switch
    • JE071A HP 5120-48G-PoE EI 2-slot Switch
    • JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
    • JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
    • JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
    • JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
  • 4210G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JF844A HP 4210-24G Switch
    • JF845A HP 4210-48G Switch
    • JF846A HP 4210-24G-PoE Switch
  • 5120 SI (Comware 5) - Version: R1517
    • HP Network Products
    • JE072A HP 5120-48G SI Switch
    • JE072B HPE 5120 48G SI Switch
    • JE073A HP 5120-16G SI Switch
    • JE073B HPE 5120 16G SI Switch
    • JE074A HP 5120-24G SI Switch
    • JE074B HPE 5120 24G SI Switch
    • JG091A HP 5120-24G-PoE+ (370W) SI Switch
    • JG091B HPE 5120 24G PoE+ (370W) SI Switch
    • JG092A HP 5120-24G-PoE+ (170W) SI Switch
    • JG309B HPE 5120 8G PoE+ (180W) SI Switch
    • JG310B HPE 5120 8G PoE+ (65W) SI Switch
  • 3610 (Comware 5) - Version: R5319P15
    • HP Network Products
    • JD335A HP 3610-48 Switch
    • JD336A HP 3610-24-4G-SFP Switch
    • JD337A HP 3610-24-2G-2G-SFP Switch
    • JD338A HP 3610-24-SFP Switch
  • 3600V2 (Comware 5) - Version: R2111P01
    • HP Network Products
    • JG299A HP 3600-24 v2 EI Switch
    • JG299B HP 3600-24 v2 EI Switch
    • JG300A HP 3600-48 v2 EI Switch
    • JG300B HP 3600-48 v2 EI Switch
    • JG301A HP 3600-24-PoE+ v2 EI Switch
    • JG301B HP 3600-24-PoE+ v2 EI Switch
    • JG301C HP 3600-24-PoE+ v2 EI Switch
    • JG302A HP 3600-48-PoE+ v2 EI Switch
    • JG302B HP 3600-48-PoE+ v2 EI Switch
    • JG302C HP 3600-48-PoE+ v2 EI Switch
    • JG303A HP 3600-24-SFP v2 EI Switch
    • JG303B HP 3600-24-SFP v2 EI Switch
    • JG304A HP 3600-24 v2 SI Switch
    • JG304B HP 3600-24 v2 SI Switch
    • JG305A HP 3600-48 v2 SI Switch
    • JG305B HP 3600-48 v2 SI Switch
    • JG306A HP 3600-24-PoE+ v2 SI Switch
    • JG306B HP 3600-24-PoE+ v2 SI Switch
    • JG306C HP 3600-24-PoE+ v2 SI Switch
    • JG307A HP 3600-48-PoE+ v2 SI Switch
    • JG307B HP 3600-48-PoE+ v2 SI Switch
    • JG307C HP 3600-48-PoE+ v2 SI Switch
  • 3100V2 (Comware 5) - Version: R5213P01
    • HP Network Products
    • JD313B HPE 3100 24 PoE v2 EI Switch
    • JD318B HPE 3100 8 v2 EI Switch
    • JD319B HPE 3100 16 v2 EI Switch
    • JD320B HPE 3100 24 v2 EI Switch
    • JG221A HPE 3100 8 v2 SI Switch
    • JG222A HPE 3100 16 v2 SI Switch
    • JG223A HPE 3100 24 v2 SI Switch
  • HP870 (Comware 5) - Version: R2607P51
    • HP Network Products
    • JG723A HP 870 Unified Wired-WLAN Appliance
    • JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
  • HP850 (Comware 5) - Version: R2607P51
    • HP Network Products
    • JG722A HP 850 Unified Wired-WLAN Appliance
    • JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
  • HP830 (Comware 5) - Version: R3507P51
    • HP Network Products
    • JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
    • JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
    • JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
    • JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
  • HP6000 (Comware 5) - Version: R2507P44
    • HP Network Products
    • JG639A HP 10500/7500 20G Unified Wired-WLAN Module
    • JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
  • WX5004-EI (Comware 5) - Version: R2507P44
    • HP Network Products
    • JD447B HP WX5002 Access Controller
    • JD448A HP WX5004 Access Controller
    • JD448B HP WX5004 Access Controller
    • JD469A HP WX5004 Access Controller
  • SecBlade FW (Comware 5) - Version: R3181P07
    • HP Network Products
    • JC635A HP 12500 VPN Firewall Module
    • JD245A HP 9500 VPN Firewall Module
    • JD249A HP 10500/7500 Advanced VPN Firewall Module
    • JD250A HP 6600 Firewall Processing Router Module
    • JD251A HP 8800 Firewall Processing Module
    • JD255A HP 5820 VPN Firewall Module
  • F1000-E (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JD272A HP F1000-E VPN Firewall Appliance
  • F1000-A-EI (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG214A HP F1000-A-EI VPN Firewall Appliance
  • F1000-S-EI (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG213A HP F1000-S-EI VPN Firewall Appliance
  • F5000-A (Comware 5) - Version: F3210P26
    • HP Network Products
    • JD259A HP A5000-A5 VPN Firewall Chassis
    • JG215A HP F5000 Firewall Main Processing Unit
    • JG216A HP F5000 Firewall Standalone Chassis
  • U200S and CS (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD273A HP U200-S UTM Appliance
  • U200A and M (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD275A HP U200-A UTM Appliance
  • F5000-C/S (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG650A HP F5000-C VPN Firewall Appliance
    • JG370A HP F5000-S VPN Firewall Appliance
  • SecBlade III (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG371A HP 12500 20Gbps VPN Firewall Module
    • JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
  • 6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
  • 6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HPE FlexNetwork 6608 Router Chassis
    • JC178A HPE FlexNetwork 6604 Router Chassis
    • JC178B HPE FlexNetwork 6604 Router Chassis
    • JC496A HPE FlexNetwork 6616 Router Chassis
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • 6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC176A HP 6602 Router Chassis
  • HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • SMB1910 (Comware 5) - Version: R1113
    • HP Network Products
    • JG540A HP 1910-48 Switch
    • JG539A HP 1910-24-PoE+ Switch
    • JG538A HP 1910-24 Switch
    • JG537A HP 1910-8 -PoE+ Switch
    • JG536A HP 1910-8 Switch
  • SMB1920 (Comware 5) - Version: R1112
    • HP Network Products
    • JG928A HP 1920-48G-PoE+ (370W) Switch
    • JG927A HP 1920-48G Switch
    • JG926A HP 1920-24G-PoE+ (370W) Switch
    • JG925A HP 1920-24G-PoE+ (180W) Switch
    • JG924A HP 1920-24G Switch
    • JG923A HP 1920-16G Switch
    • JG922A HP 1920-8G-PoE+ (180W) Switch
    • JG921A HP 1920-8G-PoE+ (65W) Switch
    • JG920A HP 1920-8G Switch
  • V1910 (Comware 5) - Version: R1517P01
    • HP Network Products
    • JE005A HP 1910-16G Switch
    • JE006A HP 1910-24G Switch
    • JE007A HP 1910-24G-PoE (365W) Switch
    • JE008A HP 1910-24G-PoE(170W) Switch
    • JE009A HP 1910-48G Switch
    • JG348A HP 1910-8G Switch
    • JG349A HP 1910-8G-PoE+ (65W) Switch
    • JG350A HP 1910-8G-PoE+ (180W) Switch
  • SMB 1620 (Comware 5) - Version: R1110
    • HP Network Products
    • JG914A HP 1620-48G Switch
    • JG913A HP 1620-24G Switch
    • JG912A HP 1620-8G Switch
  • NJ5000 - Version: R1107
    • HP Network Products
    • JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7377
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
  • 10500 (Comware 7) - Version: R7180
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
  • 12900 (Comware 7) - Version: R1150
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
  • 5900 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
  • MSR1000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
  • MSR2000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
  • MSR3000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
  • MSR4000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
  • VSR (Comware 7) - Version: E0322P01
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
  • 7900 (Comware 7) - Version: R2150
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
  • 5130 (Comware 7) - Version: R3113P02
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
  • 6125XLG - Version: R2432P01
    • HP Network Products
    • 711307-B21 HP 6125XLG Blade Switch
    • 737230-B21 HP 6125XLG Blade Switch with TAA
  • 6127XLG - Version: R2432P01
    • HP Network Products
    • 787635-B21 HP 6127XLG Blade Switch Opt Kit
    • 787635-B22 HP 6127XLG Blade Switch with TAA
  • Moonshot - Version: R2432P01
    • HP Network Products
    • 786617-B21 - HP Moonshot-45Gc Switch Module
    • 704654-B21 - HP Moonshot-45XGc Switch Module
    • 786619-B21 - HP Moonshot-180XGc Switch Module
  • 5700 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
  • 5930 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
  • HSR6600 (Comware 7) - Version: R7103P09
    • HP Network Products
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
  • HSR6800 (Comware 7) - Version: R7103P09
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
    • JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
  • 1950 (Comware 7) - Version: R3113P02
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
  • 7500 (Comware 7) - Version: R7180
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
  • 5510HI (Comware 7) - Version: R1120
    • HP Network Products
    • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
    • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
    • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
    • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
    • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
  • 5130HI (Comware 7) - Version: R1120
    • HP Network Products
    • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
    • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
    • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
    • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch

iMC Products

  • IMC PLAT - Version: 7.2 E0403P04
    • HP Network Products
    • JD125A HP IMC Std S/W Platform w/100-node
    • JD126A HP IMC Ent S/W Platform w/100-node
    • JD808A HP IMC Ent Platform w/100-node License
    • JD814A HP A-IMC Enterprise Edition Software DVD Media
    • JD815A HP IMC Std Platform w/100-node License
    • JD816A HP A-IMC Standard Edition Software DVD Media
    • JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
    • JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
    • JF377A HP IMC Std S/W Platform w/100-node Lic
    • JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
    • JF378A HP IMC Ent S/W Platform w/200-node Lic
    • JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
    • JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
    • JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
    • JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
    • JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
    • JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
    • JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
  • IMC iNode - Version: 7.2 E0407
    • HP Network Products
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
  • iMC UAM_TAM - Version: 7.1 E0406
    • HP Network Products
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
  • IMC WSM - Version: 7.2 E0502P04
    • HP Network Products
    • JD456A HP IMC WSM Software Module with 50-Access Point License
    • JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
    • JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
    • JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
    • JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
    • JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU

VCX Products

  • VCX - Version: 9.8.19
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 21 February 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:2617-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2617.html Issue date: 2015-12-14 CVE Names: CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 =====================================================================

  1. Summary:

Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194)

A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)

A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)

All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

ppc64: openssl-1.0.1e-42.el6_7.1.ppc.rpm openssl-1.0.1e-42.el6_7.1.ppc64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm openssl-devel-1.0.1e-42.el6_7.1.ppc.rpm openssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm

s390x: openssl-1.0.1e-42.el6_7.1.s390.rpm openssl-1.0.1e-42.el6_7.1.s390x.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm openssl-devel-1.0.1e-42.el6_7.1.s390.rpm openssl-devel-1.0.1e-42.el6_7.1.s390x.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm openssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm openssl-static-1.0.1e-42.el6_7.1.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm openssl-perl-1.0.1e-42.el6_7.1.s390x.rpm openssl-static-1.0.1e-42.el6_7.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

aarch64: openssl-1.0.1e-51.el7_2.1.aarch64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm openssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm openssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm

ppc64: openssl-1.0.1e-51.el7_2.1.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm

ppc64le: openssl-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm

s390x: openssl-1.0.1e-51.el7_2.1.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm openssl-devel-1.0.1e-51.el7_2.1.s390.rpm openssl-devel-1.0.1e-51.el7_2.1.s390x.rpm openssl-libs-1.0.1e-51.el7_2.1.s390.rpm openssl-libs-1.0.1e-51.el7_2.1.s390x.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64: openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm openssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm openssl-static-1.0.1e-51.el7_2.1.aarch64.rpm

ppc64: openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm openssl-static-1.0.1e-51.el7_2.1.ppc.rpm openssl-static-1.0.1e-51.el7_2.1.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm

s390x: openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm openssl-perl-1.0.1e-51.el7_2.1.s390x.rpm openssl-static-1.0.1e-51.el7_2.1.s390.rpm openssl-static-1.0.1e-51.el7_2.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2015-3194 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-3196 https://access.redhat.com/security/updates/classification/#moderate https://openssl.org/news/secadv/20151203.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4 dpIS/iR9oiOKMXJY5t447ME= =qvLr -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). For more information, see: https://openssl.org/news/secadv_20151203.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196 ( Security fix ) patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 5e45a22283b41aaf4f867918746ebc1d openssl-0.9.8zh-i486-1_slack13.0.txz 0ad74b36ce143d28e15dfcfcf1fcb483 openssl-solibs-0.9.8zh-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: c360d323a2bed57c62d6699b2d4be65e openssl-0.9.8zh-x86_64-1_slack13.0.txz 122240badbfbe51c842a9102d3cfe30f openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 1bf98b27573b20a7de5f6359f3eadbd7 openssl-0.9.8zh-i486-1_slack13.1.txz 2b732f1f29de1cb6078fd1ddda8eb9ec openssl-solibs-0.9.8zh-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 735c3bbc55902ec57e46370cde32ea4b openssl-0.9.8zh-x86_64-1_slack13.1.txz 483f506f3b86572e60fe4c46a67c226b openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 9af41ba336c64b92d5bbd86c17a93e94 openssl-0.9.8zh-i486-1_slack13.37.txz b83170b9c5ec56b4e2dc882b3c64b306 openssl-solibs-0.9.8zh-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 2220ff161d0bf3635d2dea7caae6e5e7 openssl-0.9.8zh-x86_64-1_slack13.37.txz 17b3e8884f383e3327d5e4a6080634cb openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz

Slackware 14.0 packages: ced42bc3799f2b54aeb3b631a2864b90 openssl-1.0.1q-i486-1_slack14.0.txz 52965f98ee30e8f3d22bde6b0fe7f53b openssl-solibs-1.0.1q-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: cbf49f09bdcebc61cf7fcb2857dc3a71 openssl-1.0.1q-x86_64-1_slack14.0.txz 156911f58b71ee6369467d8fec34a59f openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 36d5f60b634788d4315ffb46ef6d4d88 openssl-1.0.1q-i486-1_slack14.1.txz fc18f566a9a2f5c6adb15d288245403a openssl-solibs-1.0.1q-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 03f1832417a79f73b35180a39ae4fb16 openssl-1.0.1q-x86_64-1_slack14.1.txz bf447792f23deb14e1fe3f008a6b78a7 openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz

Slackware -current packages: 27b2974199a970392ed2192bf4a207a9 a/openssl-solibs-1.0.2e-i586-1.txz 940a7653a6cadb44ce143d3b0e0eaa16 n/openssl-1.0.2e-i586-1.txz

Slackware x86_64 -current packages: 8636a45f49d186d505b356b9be66309b a/openssl-solibs-1.0.2e-x86_64-1.txz 87c33a76a94993864a52bfe4e5d5b2f0 n/openssl-1.0.2e-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Description:

This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)

  • This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)

  • This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)

  • This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)

  • This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)

  • A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2012-1148)

Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.

See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):

801648 - CVE-2012-1148 expat: Memory leak in poolGrow 1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service 1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import 1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp() 1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression 1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation 1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file 1332820 - CVE-2016-4483 libxml2: out-of-bounds read 1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar 1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName 1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs 1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral 1338700 - CVE-2016-4448 libxml2: Format string vulnerability 1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content 1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey 1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString 1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal 1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup 1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat 1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass 1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert 1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates 1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI 1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error

  1. JIRA issues fixed (https://issues.jboss.org/):

JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u18.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u2.

For the unstable distribution (sid), these problems have been fixed in version 1.0.2e-1 or earlier.

NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE 0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.

BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)

Severity: Moderate

There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites.

This issue affects OpenSSL version 1.0.2.

OpenSSL 1.0.2 users should upgrade to 1.0.2e

This issue was reported to OpenSSL on August 13 2015 by Hanno Böck. The fix was developed by Andy Polyakov of the OpenSSL development team.

Certificate verify crash with missing PSS parameter (CVE-2015-3194)

Severity: Moderate

The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q

This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne (Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL development team. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.

This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q OpenSSL 1.0.0 users should upgrade to 1.0.0t OpenSSL 0.9.8 users should upgrade to 0.9.8zh

This issue was reported to OpenSSL on November 9 2015 by Adam Langley (Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0 and has not been previously fixed in an OpenSSL 1.0.0 release.

The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)

Severity: Low

If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack.

This issue affects OpenSSL version 1.0.2.

OpenSSL 1.0.2 users should upgrade to 1.0.2e

This issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these versions will be provided after that date. In the absence of significant security issues being identified prior to that date, the 1.0.0t and 0.9.8zh releases will be the last for those versions. Users of these versions are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20151203.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0485",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.10"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "22"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0s"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.7"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "icewall sso",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "vm virtualbox",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.3.35"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "vm virtualbox",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.0.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.5"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "sun ray software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0t"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "4.3.35"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.14"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.19"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59307)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.10"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "oncommand performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "hsr6602 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66025"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.15"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.13"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "hp870 (comware r2607p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-165)"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "10.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "4500g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "fortiswitch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-1x5)"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.2.1"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.5"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smb (comware r1110",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "16205)"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "qradar siem patch ifix01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.44"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "10.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "mobile foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3.091"
      },
      {
        "model": "msr20 (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "msr 50-g2 (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "ctpview 7.3r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "si (comware r1517",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51205)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.6"
      },
      {
        "model": "(comware r7180",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105007)"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10.1.38.00"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "(comware r7180",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75007)"
      },
      {
        "model": "oncommand report",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.12"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.17"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "imc uam tam e0406",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.9"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "(comware r5319p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "36105)"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.16"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "msr2000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "vcx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "ei (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51205)"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "6125xlg r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59007)"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "hsr6800 (comware r7103p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "f5000-a (comware f3210p26",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "10.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.4"
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.4"
      },
      {
        "model": "10.1-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "imc inode e0407",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.34"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.38"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "altavault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "project openssl 1.0.0t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "smb1910 (comware r1113",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "netezza diagnostics tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.2"
      },
      {
        "model": "hi (comware r5501p21",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.53"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9xx5)"
      },
      {
        "model": "hp850 (comware r2607p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "imc wsm e0502p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "6127xlg r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "a6600 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "(comware r1810p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58005)"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "moonshot r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.31"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.34"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4.0650"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ei (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)"
      },
      {
        "model": "5510hi (comware r1120",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.16"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "(comware r2150",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79007)"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "msr1000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.3"
      },
      {
        "model": "vsr (comware e0322p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "manageability sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.7"
      },
      {
        "model": "wx5004-ei (comware r2507p44",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "4800g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "(comware r3113p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51307)"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smb1920 (comware r1112",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "10.1-release-p19",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.35"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "u200s and cs (comware f5123p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "57007)"
      },
      {
        "model": "fortivoiceos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "msr4000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "hp6000 (comware r2507p44",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "(comware r1118p13",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58305)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "netezza diagnostics tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.1"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rse ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66005"
      },
      {
        "model": "intelligent management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "rpe ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66005"
      },
      {
        "model": "(comware r5213p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v25)"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.4"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "vcx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.8.19"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.21"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.3"
      },
      {
        "model": "security identity governance and intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "(comware r7377",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125007)"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.10"
      },
      {
        "model": "security network controller 1.0.3394m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.37"
      },
      {
        "model": "imc plat e0403p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "qlogic virtual fabric extension module for ibm bladecenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3.16.00"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.3"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "10.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3.633"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "(comware r1517p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v19105)"
      },
      {
        "model": "hp830 (comware r3507p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.11"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "505)"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "hsr6800 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.13"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.41"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.17"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "u200a and m (comware f5123p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "ctpview 7.1r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "hsr6602 ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "ctpview 7.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.6"
      },
      {
        "model": "(comware r1210p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105005)"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "nj5000 r1107",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hsr6600 (comware r7103p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "hsr6800 ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "tivoli netcool reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "(comware r1829p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125005)"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "qlogic virtual fabric extension module for ibm bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.62"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "msr20-1x (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "msr3000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.53"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9500e (comware r1829p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "fortidb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "5130hi (comware r1120",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "5500si (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.33"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.12"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.2"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "93x5)"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.18"
      },
      {
        "model": "websphere mq advanced message security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-8.0.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "10.1-release-p23",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.4"
      },
      {
        "model": "10.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "ctpview 7.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "(comware r3113p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19507)"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "(comware r6710p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75005)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.9"
      },
      {
        "model": "fortiwan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "oncommand unified manager for clustered data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "6.0"
      },
      {
        "model": "(comware r2111p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v25)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "(comware r1150",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129007)"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "305)"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "10.1-release-p25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.4.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "mobile foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.8"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.3"
      },
      {
        "model": "secblade fw (comware r3181p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "4210g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.32"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "icewall sso certd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "6125g/xg blade switch r2112p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "oncommand unified manager host package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.9"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "78622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.3.35",
                "versionStartIncluding": "4.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.13",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. Stephen Henson of the OpenSSL development team",
    "sources": [
      {
        "db": "BID",
        "id": "78622"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3196",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-3196",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3196",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-076",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3196",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. ============================================================================\nUbuntu Security Notice USN-2830-1\nDecember 07, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This issue only applied to Ubuntu 15.10. This issue only\napplied to Ubuntu 15.10. \n(CVE-2015-3194)\n\nAdam Langley discovered that OpenSSL incorrectly handled malformed\nX509_ATTRIBUTE structures. \n(CVE-2015-3195)\n\nIt was discovered that OpenSSL incorrectly handled PSK identity hints. This issue only applied to Ubuntu 12.04\nLTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  libssl1.0.0                     1.0.2d-0ubuntu1.2\n\nUbuntu 15.04:\n  libssl1.0.0                     1.0.1f-1ubuntu11.5\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.16\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.32\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05398322\nVersion: 1\n\nHPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-02-21\nLast Updated: 2017-02-21\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nNetwork products including Comware 5, Comware 7, IMC, and VCX. The\nvulnerabilities could be remotely exploited resulting in Denial of Service\n(DoS) or disclosure of sensitive information. \n\nReferences:\n\n  - CVE-2015-1794 - Remote Denial of Service (DoS)\n  - CVE-2015-3193 - Remote disclosure of sensitive information\n  - CVE-2015-3194 - Remote Denial of Service (DoS)\n  - CVE-2015-3195 - Remote disclosure of sensitive information\n  - CVE-2015-3196 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - HPE Intelligent Management Center (iMC) All versions - Please refer to\nthe RESOLUTION below for a list of updated products. \n  - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2015-1794\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3193\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n    CVE-2015-3194\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3195\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3196\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates to resolve the vulnerabilities in\nthe Comware, IMC and VCX products running OpenSSL. \n\n\n**COMWARE 5 Products**\n\n  + **A6600 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **HSR6602 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **MSR20 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD432A HP A-MSR20-21 Router\n      - JD662A HP MSR20-20 Router\n      - JD663A HP A-MSR20-21 Router\n      - JD663B HP MSR20-21 Router\n      - JD664A HP MSR20-40 Router\n      - JF228A HP MSR20-40 Router\n      - JF283A HP MSR20-20 Router\n  + **MSR20-1X  (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD431A HP MSR20-10 Router\n      - JD667A HP MSR20-15 IW Multi-Service Router\n      - JD668A HP MSR20-13 Multi-Service Router\n      - JD669A HP MSR20-13 W Multi-Service Router\n      - JD670A HP MSR20-15 A Multi-Service Router\n      - JD671A HP MSR20-15 AW Multi-Service Router\n      - JD672A HP MSR20-15 I Multi-Service Router\n      - JD673A HP MSR20-11 Multi-Service Router\n      - JD674A HP MSR20-12 Multi-Service Router\n      - JD675A HP MSR20-12 W Multi-Service Router\n      - JD676A HP MSR20-12 T1 Multi-Service Router\n      - JF236A HP MSR20-15-I Router\n      - JF237A HP MSR20-15-A Router\n      - JF238A HP MSR20-15-I-W Router\n      - JF239A HP MSR20-11 Router\n      - JF240A HP MSR20-13 Router\n      - JF241A HP MSR20-12 Router\n      - JF806A HP MSR20-12-T Router\n      - JF807A HP MSR20-12-W Router\n      - JF808A HP MSR20-13-W Router\n      - JF809A HP MSR20-15-A-W Router\n      - JF817A HP MSR20-15 Router\n      - JG209A HP MSR20-12-T-W Router (NA)\n      - JG210A HP MSR20-13-W Router (NA)\n  + **MSR 30 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD654A HP MSR30-60 POE Multi-Service Router\n      - JD657A HP MSR30-40 Multi-Service Router\n      - JD658A HP MSR30-60 Multi-Service Router\n      - JD660A HP MSR30-20 POE Multi-Service Router\n      - JD661A HP MSR30-40 POE Multi-Service Router\n      - JD666A HP MSR30-20 Multi-Service Router\n      - JF229A HP MSR30-40 Router\n      - JF230A HP MSR30-60 Router\n      - JF232A HP RTMSR3040-AC-OVSAS-H3\n      - JF235A HP MSR30-20 DC Router\n      - JF284A HP MSR30-20 Router\n      - JF287A HP MSR30-40 DC Router\n      - JF801A HP MSR30-60 DC Router\n      - JF802A HP MSR30-20 PoE Router\n      - JF803A HP MSR30-40 PoE Router\n      - JF804A HP MSR30-60 PoE Router\n      - JG728A HP MSR30-20 TAA-compliant DC Router\n      - JG729A HP MSR30-20 TAA-compliant Router\n  + **MSR 30-16 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD659A HP MSR30-16 POE Multi-Service Router\n      - JD665A HP MSR30-16 Multi-Service Router\n      - JF233A HP MSR30-16 Router\n      - JF234A HP MSR30-16 PoE Router\n  + **MSR 30-1X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF800A HP MSR30-11 Router\n      - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n      - JG182A HP MSR30-11E Router\n      - JG183A HP MSR30-11F Router\n      - JG184A HP MSR30-10 DC Router\n  + **MSR 50 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD433A HP MSR50-40 Router\n      - JD653A HP MSR50 Processor Module\n      - JD655A HP MSR50-40 Multi-Service Router\n      - JD656A HP MSR50-60 Multi-Service Router\n      - JF231A HP MSR50-60 Router\n      - JF285A HP MSR50-40 DC Router\n      - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n  + **MSR 50-G2 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD429A HP MSR50 G2 Processor Module\n      - JD429B HP MSR50 G2 Processor Module\n  + **MSR 9XX (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF812A HP MSR900 Router\n      - JF813A HP MSR920 Router\n      - JF814A HP MSR900-W Router\n      - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n      - JG207A HP MSR900-W Router (NA)\n      - JG208A HP MSR920-W Router (NA)\n  + **MSR 93X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JG511A HP MSR930 Router\n      - JG511B HP MSR930 Router\n      - JG512A HP MSR930 Wireless Router\n      - JG513A HP MSR930 3G Router\n      - JG513B HP MSR930 3G Router\n      - JG514A HP MSR931 Router\n      - JG514B HP MSR931 Router\n      - JG515A HP MSR931 3G Router\n      - JG516A HP MSR933 Router\n      - JG517A HP MSR933 3G Router\n      - JG518A HP MSR935 Router\n      - JG518B HP MSR935 Router\n      - JG519A HP MSR935 Wireless Router\n      - JG520A HP MSR935 3G Router\n      - JG531A HP MSR931 Dual 3G Router\n      - JG531B HP MSR931 Dual 3G Router\n      - JG596A HP MSR930 4G LTE/3G CDMA Router\n      - JG597A HP MSR936 Wireless Router\n      - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n      - JG704A HP MSR930 4G LTE/3G WCDMA  ATT Router\n      - JH009A HP MSR931 Serial (TI) Router\n      - JH010A HP MSR933 G.SHDSL (TI) Router\n      - JH011A HP MSR935 ADSL2+ (TI) Router\n      - JH012A HP MSR930 Wireless 802.11n (NA) Router\n      - JH012B HP MSR930 Wireless 802.11n (NA) Router\n      - JH013A HP MSR935 Wireless 802.11n (NA) Router\n  + **MSR1000 (Comware 5) - Version: See Mitigation**\n    * HP Network Products\n      - JG732A HP MSR1003-8 AC Router\n  + **12500 (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JC808A HP 12500 TAA Main Processing Unit\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n  + **9500E (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC124A HP A9508 Switch Chassis\n      - JC124B HP 9505 Switch Chassis\n      - JC125A HP A9512 Switch Chassis\n      - JC125B HP 9512 Switch Chassis\n      - JC474A HP A9508-V Switch Chassis\n      - JC474B HP 9508-V Switch Chassis\n  + **10500 (Comware 5) - Version: R1210P02**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC614A HP 10500 Main Processing Unit\n      - JC748A HP 10512 Switch Chassis\n      - JG375A HP 10500 TAA-compliant Main Processing Unit\n      - JG820A HP 10504 TAA-compliant Switch Chassis\n      - JG821A HP 10508 TAA-compliant Switch Chassis\n      - JG822A HP 10508-V TAA-compliant Switch Chassis\n      - JG823A HP 10512 TAA-compliant Switch Chassis\n  + **7500 (Comware 5) - Version: R6710P02**\n    * HP Network Products\n      - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n      - JC697A HP 7502 TAA-compliant Main Processing Unit\n      - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n      - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n      - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n      - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n      - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD194A HP 7500 384Gbps Fabric Module\n      - JD194B HP 7500 384Gbps Fabric Module\n      - JD195A HP 7500 384Gbps Advanced Fabric Module\n      - JD196A HP 7502 Fabric Module\n      - JD220A HP 7500 768Gbps Fabric Module\n      - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n      - JD238A HP 7510 Switch Chassis\n      - JD238B HP 7510 Switch Chassis\n      - JD239A HP 7506 Switch Chassis\n      - JD239B HP 7506 Switch Chassis\n      - JD240A HP 7503 Switch Chassis\n      - JD240B HP 7503 Switch Chassis\n      - JD241A HP 7506-V Switch Chassis\n      - JD241B HP 7506-V Switch Chassis\n      - JD242A HP 7502 Switch Chassis\n      - JD242B HP 7502 Switch Chassis\n      - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JE164A HP E7902 Switch Chassis\n      - JE165A HP E7903 Switch Chassis\n      - JE166A HP E7903 1 Fabric Slot Switch Chassis\n      - JE167A HP E7906 Switch Chassis\n      - JE168A HP E7906 Vertical Switch Chassis\n      - JE169A HP E7910 Switch Chassis\n  + **6125G/XG Blade Switch - Version: R2112P05**\n    * HP Network Products\n      - 737220-B21 HP 6125G Blade Switch with TAA\n      - 737226-B21 HP 6125G/XG Blade Switch with TAA\n      - 658250-B21 HP 6125G/XG Blade Switch Opt Kit\n      - 658247-B21 HP 6125G Blade Switch Opt Kit\n  + **5830 (Comware 5) - Version: R1118P13**\n    * HP Network Products\n      - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n      - JC694A HP 5830AF-96G Switch\n      - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n      - JG374A HP 5830AF-96G TAA-compliant Switch\n  + **5800 (Comware 5) - Version: R1810P03**\n    * HP Network Products\n      - JC099A HP 5800-24G-PoE Switch\n      - JC099B HP 5800-24G-PoE+ Switch\n      - JC100A HP 5800-24G Switch\n      - JC100B HP 5800-24G Switch\n      - JC101A HP 5800-48G Switch with 2 Slots\n      - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n      - JC103A HP 5800-24G-SFP Switch\n      - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n      - JC104A HP 5800-48G-PoE Switch\n      - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n      - JC105A HP 5800-48G Switch\n      - JC105B HP 5800-48G Switch with 1 Interface Slot\n      - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG255A HP 5800-24G TAA-compliant Switch\n      - JG255B HP 5800-24G TAA-compliant Switch\n      - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG225A HP 5800AF-48G Switch\n      - JG225B HP 5800AF-48G Switch\n      - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n      - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n      - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n      - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n      - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n      - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n      - JG219A HP 5820AF-24XG Switch\n      - JG219B HP 5820AF-24XG Switch\n      - JC102A HP 5820-24XG-SFP+ Switch\n      - JC102B HP 5820-24XG-SFP+ Switch\n  + **5500 HI (Comware 5) - Version: R5501P21**\n    * HP Network Products\n      - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n      - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n      - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n      - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n  + **5500 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD373A HP 5500-24G DC EI Switch\n      - JD374A HP 5500-24G-SFP EI Switch\n      - JD375A HP 5500-48G EI Switch\n      - JD376A HP 5500-48G-PoE EI Switch\n      - JD377A HP 5500-24G EI Switch\n      - JD378A HP 5500-24G-PoE EI Switch\n      - JD379A HP 5500-24G-SFP DC EI Switch\n      - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n      - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n      - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n  + **4800G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD007A HP 4800-24G Switch\n      - JD008A HP 4800-24G-PoE Switch\n      - JD009A HP 4800-24G-SFP Switch\n      - JD010A HP 4800-48G Switch\n      - JD011A HP 4800-48G-PoE Switch\n  + **5500SI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD369A HP 5500-24G SI Switch\n      - JD370A HP 5500-48G SI Switch\n      - JD371A HP 5500-24G-PoE SI Switch\n      - JD372A HP 5500-48G-PoE SI Switch\n      - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n      - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n  + **4500G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF428A HP 4510-48G Switch\n      - JF847A HP 4510-24G Switch\n  + **5120 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JE066A HP 5120-24G EI Switch\n      - JE067A HP 5120-48G EI Switch\n      - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n      - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n      - JE070A HP 5120-24G-PoE EI 2-slot Switch\n      - JE071A HP 5120-48G-PoE EI 2-slot Switch\n      - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n      - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n  + **4210G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF844A HP 4210-24G Switch\n      - JF845A HP 4210-48G Switch\n      - JF846A HP 4210-24G-PoE Switch\n  + **5120 SI (Comware 5) - Version: R1517**\n    * HP Network Products\n      - JE072A HP 5120-48G SI Switch\n      - JE072B HPE 5120 48G SI Switch\n      - JE073A HP 5120-16G SI Switch\n      - JE073B HPE 5120 16G SI Switch\n      - JE074A HP 5120-24G SI Switch\n      - JE074B HPE 5120 24G SI Switch\n      - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n      - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n      - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n      - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n      - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n  + **3610 (Comware 5) - Version: R5319P15**\n    * HP Network Products\n      - JD335A HP 3610-48 Switch\n      - JD336A HP 3610-24-4G-SFP Switch\n      - JD337A HP 3610-24-2G-2G-SFP Switch\n      - JD338A HP 3610-24-SFP Switch\n  + **3600V2 (Comware 5) - Version: R2111P01**\n    * HP Network Products\n      - JG299A HP 3600-24 v2 EI Switch\n      - JG299B HP 3600-24 v2 EI Switch\n      - JG300A HP 3600-48 v2 EI Switch\n      - JG300B HP 3600-48 v2 EI Switch\n      - JG301A HP 3600-24-PoE+ v2 EI Switch\n      - JG301B HP 3600-24-PoE+ v2 EI Switch\n      - JG301C HP 3600-24-PoE+ v2 EI Switch\n      - JG302A HP 3600-48-PoE+ v2 EI Switch\n      - JG302B HP 3600-48-PoE+ v2 EI Switch\n      - JG302C HP 3600-48-PoE+ v2 EI Switch\n      - JG303A HP 3600-24-SFP v2 EI Switch\n      - JG303B HP 3600-24-SFP v2 EI Switch\n      - JG304A HP 3600-24 v2 SI Switch\n      - JG304B HP 3600-24 v2 SI Switch\n      - JG305A HP 3600-48 v2 SI Switch\n      - JG305B HP 3600-48 v2 SI Switch\n      - JG306A HP 3600-24-PoE+ v2 SI Switch\n      - JG306B HP 3600-24-PoE+ v2 SI Switch\n      - JG306C HP 3600-24-PoE+ v2 SI Switch\n      - JG307A HP 3600-48-PoE+ v2 SI Switch\n      - JG307B HP 3600-48-PoE+ v2 SI Switch\n      - JG307C HP 3600-48-PoE+ v2 SI Switch\n  + **3100V2 (Comware 5) - Version: R5213P01**\n    * HP Network Products\n      - JD313B HPE 3100 24 PoE v2 EI Switch\n      - JD318B HPE 3100 8 v2 EI Switch\n      - JD319B HPE 3100 16 v2 EI Switch\n      - JD320B HPE 3100 24 v2 EI Switch\n      - JG221A HPE 3100 8 v2 SI Switch\n      - JG222A HPE 3100 16 v2 SI Switch\n      - JG223A HPE 3100 24 v2 SI Switch\n  + **HP870 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG723A HP 870 Unified Wired-WLAN Appliance\n      - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP850 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG722A HP 850 Unified Wired-WLAN Appliance\n      - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP830 (Comware 5) - Version: R3507P51**\n    * HP Network Products\n      - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n      - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n      - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n      - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n  + **HP6000 (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n      - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n  + **WX5004-EI (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JD447B HP WX5002 Access Controller\n      - JD448A HP WX5004 Access Controller\n      - JD448B HP WX5004 Access Controller\n      - JD469A HP WX5004 Access Controller\n  + **SecBlade FW (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JC635A HP 12500 VPN Firewall Module\n      - JD245A HP 9500 VPN Firewall Module\n      - JD249A HP 10500/7500 Advanced VPN Firewall Module\n      - JD250A HP 6600 Firewall Processing Router Module\n      - JD251A HP 8800 Firewall Processing Module\n      - JD255A HP 5820 VPN Firewall Module\n  + **F1000-E (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JD272A HP F1000-E VPN Firewall Appliance\n  + **F1000-A-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG214A HP F1000-A-EI VPN Firewall Appliance\n  + **F1000-S-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG213A HP F1000-S-EI VPN Firewall Appliance\n  + **F5000-A (Comware 5) - Version: F3210P26**\n    * HP Network Products\n      - JD259A HP A5000-A5 VPN Firewall Chassis\n      - JG215A HP F5000 Firewall Main Processing Unit\n      - JG216A HP F5000 Firewall Standalone Chassis\n  + **U200S and CS (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD273A HP U200-S UTM Appliance\n  + **U200A and M (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD275A HP U200-A UTM Appliance\n  + **F5000-C/S (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG650A HP F5000-C VPN Firewall Appliance\n      - JG370A HP F5000-S VPN Firewall Appliance\n  + **SecBlade III (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG371A HP 12500 20Gbps VPN Firewall Module\n      - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n  + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n  + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HPE FlexNetwork 6608 Router Chassis\n      - JC178A HPE FlexNetwork 6604 Router Chassis\n      - JC178B HPE FlexNetwork 6604 Router Chassis\n      - JC496A HPE FlexNetwork 6616 Router Chassis\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n  + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **SMB1910 (Comware 5) - Version: R1113**\n    * HP Network Products\n      - JG540A HP 1910-48 Switch\n      - JG539A HP 1910-24-PoE+ Switch\n      - JG538A HP 1910-24 Switch\n      - JG537A HP 1910-8 -PoE+ Switch\n      - JG536A HP 1910-8 Switch\n  + **SMB1920 (Comware 5) - Version: R1112**\n    * HP Network Products\n      - JG928A HP 1920-48G-PoE+ (370W) Switch\n      - JG927A HP 1920-48G Switch\n      - JG926A HP 1920-24G-PoE+ (370W) Switch\n      - JG925A HP 1920-24G-PoE+ (180W) Switch\n      - JG924A HP 1920-24G Switch\n      - JG923A HP 1920-16G Switch\n      - JG922A HP 1920-8G-PoE+ (180W) Switch\n      - JG921A HP 1920-8G-PoE+ (65W) Switch\n      - JG920A HP 1920-8G Switch\n  + **V1910 (Comware 5) - Version: R1517P01**\n    * HP Network Products\n      - JE005A HP 1910-16G Switch\n      - JE006A HP 1910-24G Switch\n      - JE007A HP 1910-24G-PoE (365W) Switch\n      - JE008A HP 1910-24G-PoE(170W) Switch\n      - JE009A HP 1910-48G Switch\n      - JG348A HP 1910-8G Switch\n      - JG349A HP 1910-8G-PoE+ (65W) Switch\n      - JG350A HP 1910-8G-PoE+ (180W) Switch\n  + **SMB 1620 (Comware 5) - Version: R1110**\n    * HP Network Products\n      - JG914A HP 1620-48G Switch\n      - JG913A HP 1620-24G Switch\n      - JG912A HP 1620-8G Switch\n  + **NJ5000 - Version: R1107**\n    * HP Network Products\n      - JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack\n\n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7377**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1150**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0322P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2150**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **6125XLG - Version: R2432P01**\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n  + **6127XLG - Version: R2432P01**\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n  + **Moonshot - Version: R2432P01**\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n  + **5700 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n  + **5510HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n  + **5130HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n\n\n**iMC Products**\n\n  + **IMC PLAT - Version: 7.2 E0403P04**\n    * HP Network Products\n      - JD125A  HP IMC Std S/W Platform w/100-node\n      - JD126A  HP IMC Ent S/W Platform w/100-node\n      - JD808A  HP IMC Ent Platform w/100-node License\n      - JD814A   HP A-IMC Enterprise Edition Software DVD Media\n      - JD815A  HP IMC Std Platform w/100-node License\n      - JD816A  HP A-IMC Standard Edition Software DVD Media\n      - JF288AAE  HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n      - JF289AAE  HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n      - JF377A  HP IMC Std S/W Platform w/100-node Lic\n      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU\n      - JF378A  HP IMC Ent S/W Platform w/200-node Lic\n      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU\n      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU\n      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU\n      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU\n      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n  + **IMC iNode - Version: 7.2 E0407**\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n  + **iMC UAM_TAM - Version: 7.1 E0406**\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n  + **IMC WSM - Version: 7.2 E0502P04**\n    * HP Network Products\n      - JD456A HP IMC WSM Software Module with 50-Access Point License\n      - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n      - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n      - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n      - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n      - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n  + **VCX - Version: 9.8.19**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 February 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2015:2617-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-2617.html\nIssue date:        2015-12-14\nCVE Names:         CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nA NULL pointer derefernce flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could possibly\nuse this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server\nusing OpenSSL if it enabled client authentication. (CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\n\nppc64:\nopenssl-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-static-1.0.1e-42.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\naarch64:\nopenssl-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.aarch64.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3194\nhttps://access.redhat.com/security/cve/CVE-2015-3195\nhttps://access.redhat.com/security/cve/CVE-2015-3196\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://openssl.org/news/secadv/20151203.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4\ndpIS/iR9oiOKMXJY5t447ME=\n=qvLr\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz:  Upgraded. \n  Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). \n  For more information, see:\n    https://openssl.org/news/secadv_20151203.txt\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n5e45a22283b41aaf4f867918746ebc1d  openssl-0.9.8zh-i486-1_slack13.0.txz\n0ad74b36ce143d28e15dfcfcf1fcb483  openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\nc360d323a2bed57c62d6699b2d4be65e  openssl-0.9.8zh-x86_64-1_slack13.0.txz\n122240badbfbe51c842a9102d3cfe30f  openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1bf98b27573b20a7de5f6359f3eadbd7  openssl-0.9.8zh-i486-1_slack13.1.txz\n2b732f1f29de1cb6078fd1ddda8eb9ec  openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n735c3bbc55902ec57e46370cde32ea4b  openssl-0.9.8zh-x86_64-1_slack13.1.txz\n483f506f3b86572e60fe4c46a67c226b  openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n9af41ba336c64b92d5bbd86c17a93e94  openssl-0.9.8zh-i486-1_slack13.37.txz\nb83170b9c5ec56b4e2dc882b3c64b306  openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n2220ff161d0bf3635d2dea7caae6e5e7  openssl-0.9.8zh-x86_64-1_slack13.37.txz\n17b3e8884f383e3327d5e4a6080634cb  openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nced42bc3799f2b54aeb3b631a2864b90  openssl-1.0.1q-i486-1_slack14.0.txz\n52965f98ee30e8f3d22bde6b0fe7f53b  openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ncbf49f09bdcebc61cf7fcb2857dc3a71  openssl-1.0.1q-x86_64-1_slack14.0.txz\n156911f58b71ee6369467d8fec34a59f  openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n36d5f60b634788d4315ffb46ef6d4d88  openssl-1.0.1q-i486-1_slack14.1.txz\nfc18f566a9a2f5c6adb15d288245403a  openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n03f1832417a79f73b35180a39ae4fb16  openssl-1.0.1q-x86_64-1_slack14.1.txz\nbf447792f23deb14e1fe3f008a6b78a7  openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n27b2974199a970392ed2192bf4a207a9  a/openssl-solibs-1.0.2e-i586-1.txz\n940a7653a6cadb44ce143d3b0e0eaa16  n/openssl-1.0.2e-i586-1.txz\n\nSlackware x86_64 -current packages:\n8636a45f49d186d505b356b9be66309b  a/openssl-solibs-1.0.2e-x86_64-1.txz\n87c33a76a94993864a52bfe4e5d5b2f0  n/openssl-1.0.2e-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. Description:\n\nThis release of Red Hat JBoss Core Services httpd 2.4.23 serves as a\nreplacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2012-1148)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nand CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team)\nas the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),\nHanno BAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,\nCVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj\nSomorovsky as the original reporter of CVE-2016-2107; Yuval Yarom\n(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv\nUniversity), and Nadia Heninger (University of Pennsylvania) as the\noriginal reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as\nthe original reporter of CVE-2016-0705. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n801648 - CVE-2012-1148 expat: Memory leak in poolGrow\n1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service\n1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import\n1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()\n1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression\n1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS\n1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code\n1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation\n1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption\n1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions\n1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds\n1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file\n1332820 - CVE-2016-4483 libxml2: out-of-bounds read\n1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar\n1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName\n1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs\n1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral\n1338700 - CVE-2016-4448 libxml2: Format string vulnerability\n1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content\n1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey\n1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString\n1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal\n1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup\n1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat\n1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass\n1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert\n1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates\n1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI\n1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u18. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u2. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2e-1 or earlier. \n\nNOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE\n0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS\nPER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS. \n\nBN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)\n==================================================================\n\nSeverity: Moderate\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring procedure. No\nEC algorithms are affected. Analysis suggests that attacks against RSA and DSA\nas a result of this defect would be very difficult to perform and are not\nbelieved likely. Attacks against DH are considered just feasible (although very\ndifficult) because most of the work necessary to deduce information\nabout a private key may be performed offline. The amount of resources\nrequired for such an attack would be very significant and likely only\naccessible to a limited number of attackers. An attacker would\nadditionally need online access to an unpatched system using the target\nprivate key in a scenario with persistent DH parameters and a private\nkey that is shared between multiple clients. For example this can occur by\ndefault in OpenSSL DHE based SSL/TLS ciphersuites. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\n\nThis issue was reported to OpenSSL on August 13 2015 by Hanno\nB\u00f6ck. The fix was developed by Andy Polyakov of the OpenSSL\ndevelopment team. \n\nCertificate verify crash with missing PSS parameter (CVE-2015-3194)\n===================================================================\n\nSeverity: Moderate\n\nThe signature verification routines will crash with a NULL pointer dereference\nif presented with an ASN.1 signature using the RSA PSS algorithm and absent\nmask generation function parameter. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any certificate\nverification operation and exploited in a DoS attack. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\nOpenSSL 1.0.1 users should upgrade to 1.0.1q\n\nThis issue was reported to OpenSSL on August 27 2015 by Lo\u00efc Jonas Etienne\n(Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL\ndevelopment team. This structure is used by the PKCS#7 and CMS routines so any\napplication which reads PKCS#7 or CMS data from untrusted sources is affected. \nSSL/TLS is not affected. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\nOpenSSL 1.0.1 users should upgrade to 1.0.1q\nOpenSSL 1.0.0 users should upgrade to 1.0.0t\nOpenSSL 0.9.8 users should upgrade to 0.9.8zh\n\nThis issue was reported to OpenSSL on November 9 2015 by Adam Langley\n(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen\nHenson of the OpenSSL development team. \n\nThis issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously\nlisted in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0\nand has not been previously fixed in an OpenSSL 1.0.0 release. \n\nThe fix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nAnon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)\n============================================================\n\nSeverity: Low\n\nIf a client receives a ServerKeyExchange for an anonymous DH ciphersuite with\nthe value of p set to 0 then a seg fault can occur leading to a possible denial\nof service attack. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\n\nThis issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nversions will be provided after that date. In the absence of significant\nsecurity issues being identified prior to that date, the 1.0.0t and 0.9.8zh\nreleases will be the last for those versions. Users of these versions are\nadvised to upgrade. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20151203.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "BID",
        "id": "78622"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3196",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "78622",
        "trust": 2.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10761",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1034294",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "PULSESECURE",
        "id": "SA40100",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU95113540",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076",
        "trust": 0.6
      },
      {
        "db": "MCAFEE",
        "id": "SB10203",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3196",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134652",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141239",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134782",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134859",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140182",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134632",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169632",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "BID",
        "id": "78622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "id": "VAR-201512-0485",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.43503637333333334
  },
  "last_update_date": "2024-07-23T21:00:45.295000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "OpenSSL 1.0.0 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.0-notes.html"
      },
      {
        "title": "Release Strategy",
        "trust": 0.8,
        "url": "https://www.openssl.org/policies/releasestrat.html"
      },
      {
        "title": "Fix PSK handling.",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=3c66a669dfc7b3792f7af0758ea26fe8502ce70c"
      },
      {
        "title": "Race condition handling PSK identify hint (CVE-2015-3196)",
        "trust": 0.8,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "title": "April 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
      },
      {
        "title": "OpenSSL Remediation measures for denial of service vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=58938"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152617 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2015-3196",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3196"
      },
      {
        "title": "Debian Security Advisories: DSA-3413-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=82bedc073c0f22b408ebaf092ed8621c"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2830-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-614",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-614"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2015-3194, 3195, 3196 -- Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=62ab21cc073446940abce12c35db3049"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151204-openssl"
      },
      {
        "title": "Symantec Security Advisories: SA105 : OpenSSL Vulnerabilities 3-Dec-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a924415f718a299b2d1e8046890941f3"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3196 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.debian.org/security/2015/dsa-3413"
      },
      {
        "trust": 2.1,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-2617.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2830-1"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40100"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04944173"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/78622"
      },
      {
        "trust": 1.7,
        "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151204-openssl"
      },
      {
        "trust": 1.7,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-december/173801.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05398322"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1034294"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3196"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95113540/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3196"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=3c66a669dfc7b3792f7af0758ea26fe8502ce70c"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05398322"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1794"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3196"
      },
      {
        "trust": 0.3,
        "url": "https://kb.netapp.com/support/index?page=content\u0026id=9010051\u0026actp=rss"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288326"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10203"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/dec/23"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04944173"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023836"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023987"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099426"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021091"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21979528"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000128"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21979761"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005694"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005702"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974459"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976148"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977265"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978085"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978238"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978239"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979086"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980207"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980965"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980969"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981612"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982877"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982883"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983532"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984021"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000058"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983823"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982347"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3194"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/362.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:2617"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2830-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42531"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.16"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.32"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3193"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://openssl.org/news/secadv_20151203.txt"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1794"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-8612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5420"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5419"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7141"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20151203.txt"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "BID",
        "id": "78622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "BID",
        "id": "78622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "date": "2015-12-03T00:00:00",
        "db": "BID",
        "id": "78622"
      },
      {
        "date": "2015-12-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "date": "2015-12-07T16:36:58",
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "date": "2017-02-23T17:10:09",
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "date": "2015-12-14T16:39:59",
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "date": "2015-12-16T20:20:47",
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "date": "2016-12-16T16:34:49",
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "date": "2015-12-04T17:22:00",
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "date": "2015-12-03T12:12:12",
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "date": "2015-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "date": "2015-12-06T20:59:06.913000",
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "date": "2017-12-19T22:01:00",
        "db": "BID",
        "id": "78622"
      },
      {
        "date": "2016-05-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "date": "2023-11-07T02:25:31.830000",
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  ssl/s3_clnt.c Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "competition condition problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      }
    ],
    "trust": 0.6
  }
}

var-201408-0094
Vulnerability from variot

Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition. OpenSSL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL prior to 0.9.8zb, 1.0.0n, and 1.0.1i are vulnerable. - The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04426586

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04426586 Version: 1

HPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS) or Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-09-12 Last Updated: 2014-09-12

Potential Security Impact: Remote Denial of Service (DoS), disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL.

References:

CVE-2014-3505 - Remote Denial of Service (DoS) CVE-2014-3506 - Remote Denial of Service (DoS) CVE-2014-3507 - Remote Denial of Service (DoS) CVE-2014-3508 - Remote Disclosure of Information CVE-2014-3510 - Remote Denial of Service (DoS)

SSRT101686

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL Version 1.4-476 and earlier for OpenVMS

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-3505 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3506 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3507 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3510 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software update available to resolve the vulnerabilities with HP OpenVMS running OpenSSL. 

HP SSL Version 1.4-493 for OpenVMS is available from the following

location:

    http://h71000.www7.hp.com/openvms/products/ssl/ssl.html

HISTORY Version:1 (rev.1) - 12 September 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2014:1052-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1052.html Issue date: 2014-08-13 CVE Names: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.

A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code. (CVE-2014-3509)

It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3508)

A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. (CVE-2014-3511)

Multiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507)

A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. (CVE-2014-3510)

All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions 1127498 - CVE-2014-3509 openssl: race condition in ssl_parse_serverhello_tlsext 1127499 - CVE-2014-3505 openssl: DTLS packet processing double free 1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion 1127502 - CVE-2014-3507 openssl: DTLS memory leak from zero-length fragments 1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service 1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm

x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm

ppc64: openssl-1.0.1e-16.el6_5.15.ppc.rpm openssl-1.0.1e-16.el6_5.15.ppc64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.ppc.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm openssl-devel-1.0.1e-16.el6_5.15.ppc.rpm openssl-devel-1.0.1e-16.el6_5.15.ppc64.rpm

s390x: openssl-1.0.1e-16.el6_5.15.s390.rpm openssl-1.0.1e-16.el6_5.15.s390x.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.s390.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm openssl-devel-1.0.1e-16.el6_5.15.s390.rpm openssl-devel-1.0.1e-16.el6_5.15.s390x.rpm

x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm openssl-perl-1.0.1e-16.el6_5.15.ppc64.rpm openssl-static-1.0.1e-16.el6_5.15.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm openssl-perl-1.0.1e-16.el6_5.15.s390x.rpm openssl-static-1.0.1e-16.el6_5.15.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm

x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-34.el7_0.4.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-34.el7_0.4.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-34.el7_0.4.src.rpm

ppc64: openssl-1.0.1e-34.el7_0.4.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.4.ppc.rpm openssl-devel-1.0.1e-34.el7_0.4.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.4.ppc.rpm openssl-libs-1.0.1e-34.el7_0.4.ppc64.rpm

s390x: openssl-1.0.1e-34.el7_0.4.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm openssl-devel-1.0.1e-34.el7_0.4.s390.rpm openssl-devel-1.0.1e-34.el7_0.4.s390x.rpm openssl-libs-1.0.1e-34.el7_0.4.s390.rpm openssl-libs-1.0.1e-34.el7_0.4.s390x.rpm

x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.4.ppc64.rpm openssl-static-1.0.1e-34.el7_0.4.ppc.rpm openssl-static-1.0.1e-34.el7_0.4.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm openssl-perl-1.0.1e-34.el7_0.4.s390x.rpm openssl-static-1.0.1e-34.el7_0.4.s390.rpm openssl-static-1.0.1e-34.el7_0.4.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-34.el7_0.4.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2014-3505.html https://www.redhat.com/security/data/cve/CVE-2014-3506.html https://www.redhat.com/security/data/cve/CVE-2014-3507.html https://www.redhat.com/security/data/cve/CVE-2014-3508.html https://www.redhat.com/security/data/cve/CVE-2014-3509.html https://www.redhat.com/security/data/cve/CVE-2014-3510.html https://www.redhat.com/security/data/cve/CVE-2014-3511.html https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20140806.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFT69raXlSAg2UNWIIRAiQAAKCbp6Iou4mHuootBfgs0jm7zP/wWACgt50C pHXxupQnHYYH+zJFOmk5u8o= =DwUW -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2308-1 August 07, 2014

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain applications, an attacker may use this issue to possibly gain access to sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.5

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.17

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.20

After a standard system update you need to reboot your computer to make all the necessary changes. Description:

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. Solution:

The References section of this erratum contains a download link (you must log in to download the update).

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz 3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: 3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz 075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz 92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: df5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz 582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz b80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz 0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz

Slackware 14.0 packages: d1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz ec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz 25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz 4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: f2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz 4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz

Slackware -current packages: 49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz 27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz

Slackware x86_64 -current packages: 8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz fd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014] ========================================

Information leak in pretty printing functions (CVE-2014-3508)

A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.

Thanks to Ivan Fratric (Google) for discovering this issue. This issue was reported to OpenSSL on 19th June 2014.

The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL development team. This can be exploited through a Denial of Service attack.

OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. This issue was reported to OpenSSL on 2nd July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. This issue was reported to OpenSSL on 8th July 2014.

The fix was developed by Gabor Tyukasz. This can be exploited through a Denial of Service attack.

Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley. This can be exploited through a Denial of Service attack.

Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley. This can be exploited through a Denial of Service attack.

Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley.

OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages.

OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.

Thanks to Felix Gröbert (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 18th July 2014.

The fix was developed by Emilia Käsper of the OpenSSL development team.

OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.

Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 21st July 2014.

The fix was developed by David Benjamin.

SRP buffer overrun (CVE-2014-3512)

A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.

Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC Group) for discovering this issue. This issue was reported to OpenSSL on 31st July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20140806.txt

Note: the online version of the advisory may be updated with additional details over time

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0094",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8u"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8t"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8y"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8za"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8w"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "79700"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "78550"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "78450"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "78350"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "78300"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75560"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75450"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75350"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75300"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75250"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "72250"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "72200"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "66550"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "58750"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "58550"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "58450"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "57550"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "57450"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "57400"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "57350"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "36550"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "93030"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "93020"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "93010"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "89000"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "87000"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "jboss web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1.0"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.3"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux load balancer eus 6.5.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "vios fp-25 sp-02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.15"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "tivoli netcool system service monitor fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.21"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.21"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.21"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.4"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.3"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.2"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.3"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.2"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.5"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.4"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "puredata system for operational analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1"
      },
      {
        "model": "megaraid storage manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "15.03.01.00"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.11"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "flashsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v8400"
      },
      {
        "model": "flashsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8400"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "bladecenter advanced management module 3.66g",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip wom hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip webaccelerator hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip webaccelerator hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip psm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip ltm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip edge gateway hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip edge gateway hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "big-ip edge gateway hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip edge gateway hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip edge gateway hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip edge gateway hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip edge gateway hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.00"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip asm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip analytics hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip analytics 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "one-x client enablement services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "cms r17ac.h",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "cms r17ac.g",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.5.0.15"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4.0.15"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.0.9.8"
      },
      {
        "model": "aura communication manager utility services sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.16.1.0.9.8"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7970072.200.134.32804"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7855072.040.134.32804"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7845072.040.134.32804"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7835072.010.134.32804"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7830072.010.134.32804"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7556061.121.225.06100"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7545061.121.225.06100"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7535061.121.225.06100"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7530061.121.225.06100"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7525061.121.225.06100"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7225072.030.134.32804"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7220072.030.134.32804"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "6655072.060.134.32804"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5875072.060.134.32804"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5855072.060.134.32804"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5845072.060.134.32804"
      },
      {
        "model": "workcentre",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5755061.132.224.35203"
      },
      {
        "model": "workcentre",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5745061.132.224.35203"
      },
      {
        "model": "workcentre",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5740061.132.224.35203"
      },
      {
        "model": "workcentre",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5735061.132.224.35203"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "3655072.060.134.32804"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9303072.180.134.32804"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9302072.180.134.32804"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9301072.180.134.32804"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "8900072.161.134.32804"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "8700072.161.134.32804"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tssc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.16"
      },
      {
        "model": "snapdrive for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "snapdrive for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "open systems snapvault 3.0.1p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "oncommand workflow automation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "oncommand unified manager core package 5.2.1p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "contact optimization",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "campaign",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-493"
      },
      {
        "model": "hp-ux b.11.31 (11i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v3)"
      },
      {
        "model": "hp-ux b.11.23 (11i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v2)"
      },
      {
        "model": "hp-ux b.11.11 (11i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v1)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "69081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-126"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3505"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3505"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "and Wan-Teh Chang (Google).,Adam Langley",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-126"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2014-3505",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-3505",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3505",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201408-126",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3505",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3505"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-126"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3505"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition. OpenSSL is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. \nOpenSSL prior to 0.9.8zb, 1.0.0n, and 1.0.1i are vulnerable. \n  - The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely\nresulting in disclosure of information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04426586\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04426586\nVersion: 1\n\nHPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service\n(DoS) or Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-09-12\nLast Updated: 2014-09-12\n\nPotential Security Impact: Remote Denial of Service (DoS), disclosure of\ninformation\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP OpenVMS\nrunning OpenSSL. \n\nReferences:\n\nCVE-2014-3505 - Remote Denial of Service (DoS)\nCVE-2014-3506 - Remote Denial of Service (DoS)\nCVE-2014-3507 - Remote Denial of Service (DoS)\nCVE-2014-3508 - Remote Disclosure of Information\nCVE-2014-3510 - Remote Denial of Service (DoS)\n\nSSRT101686\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL Version 1.4-476 and earlier for OpenVMS\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3505    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3506    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3507    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3508    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-3510    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software update available to resolve the\nvulnerabilities with HP OpenVMS running OpenSSL. \n\n    HP SSL Version 1.4-493 for OpenVMS is available from the following\nlocation:\n\n        http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\nHISTORY\nVersion:1 (rev.1) - 12 September 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2014:1052-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-1052.html\nIssue date:        2014-08-13\nCVE Names:         CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 \n                   CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 \n                   CVE-2014-3511 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets. \nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets. \nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions\n1127498 - CVE-2014-3509 openssl: race condition in ssl_parse_serverhello_tlsext\n1127499 - CVE-2014-3505 openssl: DTLS packet processing double free\n1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion\n1127502 - CVE-2014-3507 openssl: DTLS memory leak from zero-length fragments\n1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service\n1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\n\nppc64:\nopenssl-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-static-1.0.1e-16.el6_5.15.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.4.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.4.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-3505.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3506.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3507.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3508.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3509.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3510.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3511.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20140806.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFT69raXlSAg2UNWIIRAiQAAKCbp6Iou4mHuootBfgs0jm7zP/wWACgt50C\npHXxupQnHYYH+zJFOmk5u8o=\n=DwUW\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ============================================================================\nUbuntu Security Notice USN-2308-1\nAugust 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access to\nsensitive information. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-5139)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.17\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.20\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz:  Upgraded. \n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd  openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200  openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413  openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544  openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb  openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d  openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c  openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da  openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620  openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691  openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023  openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843  openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180  openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231  openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58  openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c  openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7  openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7  openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d  openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250  openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269  a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f  n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc  a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8  n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014]\n========================================\n\nInformation leak in pretty printing functions (CVE-2014-3508)\n=============================================================\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information from the\nstack. Applications may be affected if they echo pretty printing output to the\nattacker. OpenSSL SSL/TLS clients and servers themselves are not affected. \n\nThanks to Ivan Fratric (Google) for discovering this issue. This issue\nwas reported to OpenSSL on 19th June 2014. \n\nThe fix was developed by Emilia K\u00e4sper and Stephen Henson of the OpenSSL\ndevelopment team. This can\nbe exploited through a Denial of Service attack. \n\nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Joonas Kuorilehto and Riku Hietam\u00e4ki (Codenomicon) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 2nd July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this\nissue. This issue was reported to OpenSSL on 8th July 2014. \n\nThe fix was developed by Gabor Tyukasz. This can be exploited\nthrough a Denial of Service attack. \n\nThanks to Adam Langley and Wan-Teh Chang (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 6th June\n2014. \n\nThe fix was developed by Adam Langley. This can be exploited through a Denial of\nService attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. This can be exploited through a Denial of Service attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\nOpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n===============================================================\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a\ndenial of service attack. A malicious server can crash the client with a null\npointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and\nsending carefully crafted handshake messages. \n\nOpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i. \n\nThanks to Felix Gr\u00f6bert (Google) for discovering and researching this issue. \nThis issue was reported to OpenSSL on 18th July 2014. \n\nThe fix was developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nOpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i. \n\nThanks to David Benjamin and Adam Langley (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 21st July 2014. \n\nThe fix was developed by David Benjamin. \n\n\nSRP buffer overrun (CVE-2014-3512)\n==================================\n\nA malicious client or server can send invalid SRP parameters and overrun\nan internal buffer. Only applications which are explicitly set up for SRP\nuse are affected. \n\nThanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC\nGroup) for discovering this issue. This issue was reported to OpenSSL\non 31st July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3505"
      },
      {
        "db": "BID",
        "id": "69081"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3505"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "127861"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "128297"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3505",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "69081",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "61250",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59710",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60687",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61184",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60938",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60684",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61775",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60493",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59221",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60221",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59743",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60778",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59756",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60921",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61959",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60917",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61040",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59700",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60803",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60824",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61100",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60022",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58962",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030693",
        "trust": 1.1
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-24443",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-126",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3505",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130868",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128248",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127861",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127790",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128297",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127811",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169648",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3505"
      },
      {
        "db": "BID",
        "id": "69081"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "127861"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "128297"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-126"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3505"
      }
    ]
  },
  "id": "VAR-201408-0094",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44401007833333334
  },
  "last_update_date": "2024-07-04T20:22:30.174000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl-1.0.1i",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51696"
      },
      {
        "title": "openssl-1.0.0n",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51695"
      },
      {
        "title": "openssl-0.9.8zb",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51694"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2308-1"
      },
      {
        "title": "Debian Security Advisories: DSA-2998-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=bfd576c692d8814b2a331baf29ad367c"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-391",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-391"
      },
      {
        "title": "Symantec Security Advisories: SA85 : OpenSSL Security Advisory 06-Aug-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=02a206cf2efb06aecdaf29aeca851b55"
      },
      {
        "title": "oval",
        "trust": 0.1,
        "url": "https://github.com/jumanjihouse/oval "
      },
      {
        "title": "wormhole",
        "trust": 0.1,
        "url": "https://github.com/jumanjihouse/wormhole "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3505"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-126"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3505"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.openssl.org/news/secadv_20140806.txt"
      },
      {
        "trust": 1.5,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1256.html"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "trust": 1.1,
        "url": "http://linux.oracle.com/errata/elsa-2014-1053.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60687"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59221"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60824"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60917"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60938"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60921"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1297.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2014/dsa-2998"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61775"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61959"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59756"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030693"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/69081"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:158"
      },
      {
        "trust": 1.1,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61250"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61184"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61100"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61040"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60803"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60778"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60684"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60493"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60221"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60022"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59743"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59710"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59700"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58962"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
      },
      {
        "trust": 1.1,
        "url": "http://linux.oracle.com/errata/elsa-2014-1052.html"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/solutions/len-24443"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.4,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1052.html"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512"
      },
      {
        "trust": 0.3,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684444"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684903"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004917"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004931"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686126"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004872"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/mar/84"
      },
      {
        "trust": 0.3,
        "url": "aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100182969"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04426586"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04404655"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684570"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2b8d8-513128526dd97/cert_security_mini-_bulletin_xrx15m_for_wc75xx_v1_1.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2a20e-5105457a515cc/cert_security_mini-_bulletin_xrx15e_for_wc57xx_v1_0.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2deee-50da9c14daae3/cert_mini_security_bulletin_xrx15a_v1-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2df3c-51055b159fd50/cert_security_mini_bulletin_xrx15f_for_connectkey_1.5_v1-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685467"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098196"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100182784"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1054.html"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691014"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683389"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098585"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686182"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685967"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096510"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966557"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.2,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3505.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3506.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3508.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3510.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35204"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2308-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3509.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3507.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3511.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2308-1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.1.0"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3505"
      },
      {
        "db": "BID",
        "id": "69081"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "127861"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "128297"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-126"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3505"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3505"
      },
      {
        "db": "BID",
        "id": "69081"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "127861"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "128297"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-126"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3505"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-08-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3505"
      },
      {
        "date": "2014-08-06T00:00:00",
        "db": "BID",
        "id": "69081"
      },
      {
        "date": "2015-03-18T00:44:34",
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "date": "2014-09-15T17:53:34",
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "date": "2014-08-14T02:24:57",
        "db": "PACKETSTORM",
        "id": "127861"
      },
      {
        "date": "2014-08-08T21:44:17",
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "date": "2014-09-17T20:46:27",
        "db": "PACKETSTORM",
        "id": "128297"
      },
      {
        "date": "2014-08-11T11:11:00",
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "date": "2014-08-06T12:12:12",
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "date": "2014-08-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201408-126"
      },
      {
        "date": "2014-08-13T23:55:07.343000",
        "db": "NVD",
        "id": "CVE-2014-3505"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-01-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3505"
      },
      {
        "date": "2016-07-26T23:00:00",
        "db": "BID",
        "id": "69081"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201408-126"
      },
      {
        "date": "2023-11-07T02:20:09.627000",
        "db": "NVD",
        "id": "CVE-2014-3505"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-126"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL DTLS Double release vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-126"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "69081"
      }
    ],
    "trust": 0.3
  }
}

var-200311-0090
Vulnerability from variot

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. Multiple vulnerabilities exist in different vendors' SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL Is X.509 With a certificate etc. ASN.1 Authentication information is exchanged using objects. In addition, SSL/TLS Implement the protocol OpenSSL Many other products also contain this vulnerability ASN.1 The existence of vulnerabilities related to processing has been confirmed.Crafted by a third party ASN.1 The client certificate containing the object OpenSSL By passing it to the application that uses (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----

OpenSSL Security Advisory [30 September 2003]

Vulnerabilities in ASN.1 parsing

NISCC (www.niscc.gov.uk) prepared a test suite to check the operation of SSL/TLS software when presented with a wide range of malformed client certificates.

Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code when running the test suite.

Vulnerabilities

  1. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6.

  3. Exploitation of an affected application would result in a denial of service vulnerability.

  4. This by itself is not strictly speaking a vulnerability but it does mean that all SSL/TLS servers that use OpenSSL can be attacked using vulnerabilities 1, 2 and 3 even if they don't enable client authentication.

Who is affected?

All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected.

Any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.

Recommendations

Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications statically linked to OpenSSL libraries.

References

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0545 for issue 1:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545

and CAN-2003-0543 and CAN-2003-0544 for issue 2:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544

URL for this Security Advisory: http://www.openssl.org/news/secadv_20030930.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q x4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS 3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un xjGKYbcITrM= =fFTe -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200311-0090",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 4.0,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "mandrakesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ios 12.1 e",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security ab",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "check point",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "conectiva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cray",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "guardian digital",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ingrian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "novell",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sgi",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "secure computing",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stunnel",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "tawie server linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "wirex",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.0.2.1s"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.3"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "1.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "cobalt qube3",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raq4",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raq550",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raqxtr",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "java system application server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "7 platform edition update 2"
      },
      {
        "model": "java system application server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "7 standard edition update 2"
      },
      {
        "model": "java system directory server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "5.1"
      },
      {
        "model": "java system web server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "4.1 sp13"
      },
      {
        "model": "java system web server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "6.0 sp6"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "6.1"
      },
      {
        "model": "linux 5.0",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.3"
      },
      {
        "model": "turbolinux advanced server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.1"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.5"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.0"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.00"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.22"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "hp-ux apache-based web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "8.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "9"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "gsx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.15336"
      },
      {
        "model": "esx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.05257"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.5.2"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.30"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.200"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.11"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.10"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.01"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.0"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "one web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1x86"
      },
      {
        "model": "one directory server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1"
      },
      {
        "model": "one directory server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1"
      },
      {
        "model": "one directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1"
      },
      {
        "model": "one application server ur2 standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server ur2 platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server ur1 standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server ur1 platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "cluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.1"
      },
      {
        "model": "cluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.0"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.9"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.6"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.5"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.4"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.6.3"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.6.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.5.18"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.5.17"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat high availability",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.1"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat fullcluster for isa server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "stonebeat fullcluster for gauntlet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "ssleay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssleay",
        "version": "0.9.1"
      },
      {
        "model": "ssleay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssleay",
        "version": "0.9"
      },
      {
        "model": "ssleay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssleay",
        "version": "0.8.1"
      },
      {
        "model": "ssleay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssleay",
        "version": "0.6.6"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.5"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.4"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.3"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.2"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.1"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.8"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.7"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.6"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.5"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.4"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.3"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.2"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.1"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1"
      },
      {
        "model": "communications security ssh sentinel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.4"
      },
      {
        "model": "communications security ipsec express toolkit",
        "scope": null,
        "trust": 0.3,
        "vendor": "ssh",
        "version": null
      },
      {
        "model": "os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "snapgear",
        "version": "1.8.4"
      },
      {
        "model": "gpl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "smoothwall",
        "version": "1.0"
      },
      {
        "model": "express beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "smoothwall",
        "version": "2.0"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "2.3"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "2.2.1"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.22"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.7"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.6"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.5"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "9.0"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "oracle9i application server .1s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.4"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.3"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.2"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.1"
      },
      {
        "model": "nsure audit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.0.1"
      },
      {
        "model": "netware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "netware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.0"
      },
      {
        "model": "netware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "5.1"
      },
      {
        "model": "netmail e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.1"
      },
      {
        "model": "netmail b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.0.3"
      },
      {
        "model": "netmail a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.0.3"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.0.3"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.0.1"
      },
      {
        "model": "international cryptographic infostructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.6.1"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.0.2"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.0"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.5"
      },
      {
        "model": "ichain server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.2"
      },
      {
        "model": "ichain server fp1a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.2"
      },
      {
        "model": "ichain server fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.2"
      },
      {
        "model": "ichain server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.2"
      },
      {
        "model": "groupwise webaccess sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "groupwise webaccess sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "groupwise webaccess",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "groupwise webaccess sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.0"
      },
      {
        "model": "groupwise internet agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5.1"
      },
      {
        "model": "groupwise sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "groupwise sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.0"
      },
      {
        "model": "edirectory su1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.6.2"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.5.27"
      },
      {
        "model": "edirectory a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.5.12"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.5"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.0"
      },
      {
        "model": "bordermanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.8"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.2"
      },
      {
        "model": "linux mandrake ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "8.2"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.1"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.1"
      },
      {
        "model": "networks t-series router t640",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks t-series router t320",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1.1"
      },
      {
        "model": "networks sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1"
      },
      {
        "model": "networks m-series router m5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m40e",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m160",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "rational rose",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2000"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.47"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.42.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.42"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.28"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.26"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.19"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.12.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.12.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.12.2"
      },
      {
        "model": "hp-ux aaa server a.06.01.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.22"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.20"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "wbem services for hp-ux a.01.05.05",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "isman",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "firepass",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "ssh for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.3"
      },
      {
        "model": "ssh for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.2"
      },
      {
        "model": "ssh for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.1"
      },
      {
        "model": "ssh for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.2.3"
      },
      {
        "model": "ssh for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.2.0"
      },
      {
        "model": "ssh for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.1.0"
      },
      {
        "model": "ssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.1.0"
      },
      {
        "model": "ssh for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.0.1"
      },
      {
        "model": "open software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cray",
        "version": "3.4"
      },
      {
        "model": "associates etrust security command center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "threat response",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sn storage router sn5428-3.3.2-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-3.3.1-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-3.2.2-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-3.2.1-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-2.5.1-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-2-3.3.2-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-2-3.3.1-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure policy manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "520"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "515"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios 12.2sy",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sx",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "css11000 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css secure content accelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "css secure content accelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ciscoworks wireless lan solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1105"
      },
      {
        "model": "ciscoworks hosting solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1105"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "point software vpn-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software nokia voyager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software next generation fp3 hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp3 hf1",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp3",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "3.0"
      },
      {
        "model": "firewall server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "borderware",
        "version": "7.0"
      },
      {
        "model": "coat systems security gateway os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "3.0"
      },
      {
        "model": "coat systems security gateway os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "2.0"
      },
      {
        "model": "coat systems cacheos ca/sa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.1.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.40"
      },
      {
        "model": "solaris 8 x86",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 8 sparc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 7.0 x86",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one web server sp7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp14",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one directory server sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1"
      },
      {
        "model": "one application server ur2 upgrade standard",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server ur2 upgrade platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java system web server sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "cluster",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "2.2"
      },
      {
        "model": "cluster",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "2.1"
      },
      {
        "model": "communications security ssh2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.9"
      },
      {
        "model": "communications security ssh sentinel",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.4.1"
      },
      {
        "model": "os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "snapgear",
        "version": "1.8.5"
      },
      {
        "model": "project openssl c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "nsure audit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.0.3"
      },
      {
        "model": "nsure audit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.0.2"
      },
      {
        "model": "netmail f",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.1"
      },
      {
        "model": "imanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.5"
      },
      {
        "model": "edirectory su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "hp-ux aaa server a.06.01.02.04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "wbem services for hp-ux a.01.05.07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NISCC uniras@niscc.gov.uk",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2003-0544",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2003-0544",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.8,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2003-0544",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#104280",
            "trust": 0.8,
            "value": "11.81"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#732952",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#686224",
            "trust": 0.8,
            "value": "1.50"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#935264",
            "trust": 0.8,
            "value": "21.52"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#380864",
            "trust": 0.8,
            "value": "11.25"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#255484",
            "trust": 0.8,
            "value": "11.25"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200311-040",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. Multiple vulnerabilities exist in different vendors\u0027 SSL/TLS implementations.  The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages.  This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL Is X.509 With a certificate etc. ASN.1 Authentication information is exchanged using objects. In addition, SSL/TLS Implement the protocol OpenSSL Many other products also contain this vulnerability ASN.1 The existence of vulnerabilities related to processing has been confirmed.Crafted by a third party ASN.1 The client certificate containing the object OpenSSL By passing it to the application that uses (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----\n\nOpenSSL Security Advisory [30 September 2003]\n\nVulnerabilities in ASN.1 parsing\n================================\n\nNISCC (www.niscc.gov.uk) prepared a test suite to check the operation\nof SSL/TLS software when presented with a wide range of malformed client\ncertificates. \n\nDr Stephen Henson (steve@openssl.org) of the OpenSSL core team\nidentified and prepared fixes for a number of vulnerabilities in the\nOpenSSL ASN1 code when running the test suite. \n\nVulnerabilities\n- ---------------\n\n1. Certain ASN.1 encodings that are rejected as invalid by the parser\ncan trigger a bug in the deallocation of the corresponding data\nstructure, corrupting the stack. This can be used as a denial of service\nattack. It is currently unknown whether this can be exploited to run\nmalicious code. This issue does not affect OpenSSL 0.9.6. \n\n2. \n\n3. Exploitation of an affected\napplication would result in a denial of service vulnerability. \n\n4. This by\nitself is not strictly speaking a vulnerability but it does mean that\n*all* SSL/TLS servers that use OpenSSL can be attacked using\nvulnerabilities 1, 2 and 3 even if they don\u0027t enable client authentication. \n\nWho is affected?\n- ----------------\n\nAll versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all\nversions of SSLeay are affected. \n\nAny application that makes use of OpenSSL\u0027s ASN1 library to parse\nuntrusted data. This includes all SSL or TLS applications, those using\nS/MIME (PKCS#7) or certificate generation routines. \n\nRecommendations\n- ---------------\n\nUpgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications\nstatically linked to OpenSSL libraries. \n\nReferences\n- ----------\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0545 for issue 1:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545\n\nand CAN-2003-0543 and CAN-2003-0544 for issue 2:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20030930.txt\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q\nx4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS\n3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un\nxjGKYbcITrM=\n=fFTe\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0544"
      },
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "PACKETSTORM",
        "id": "31738"
      }
    ],
    "trust": 6.3
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#380864",
        "trust": 3.5
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0544",
        "trust": 2.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952",
        "trust": 1.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224",
        "trust": 1.9
      },
      {
        "db": "BID",
        "id": "8732",
        "trust": 1.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#104280",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3900",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "22249",
        "trust": 1.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484",
        "trust": 1.1
      },
      {
        "db": "XF",
        "id": "13316",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000288",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "CA-2003-26",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2003:291",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2003:292",
        "trust": 0.6
      },
      {
        "db": "SUNALERT",
        "id": "201029",
        "trust": 0.6
      },
      {
        "db": "ENGARDE",
        "id": "ESA-20030930-027",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "1",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "43041",
        "trust": 0.6
      },
      {
        "db": "DEBIAN",
        "id": "DSA-394",
        "trust": 0.6
      },
      {
        "db": "DEBIAN",
        "id": "DSA-393",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:4574",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "31738",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      },
      {
        "db": "PACKETSTORM",
        "id": "31738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "id": "VAR-200311-0090",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2022-05-29T19:39:34.176000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20030930-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
      },
      {
        "title": "HPSBUX00288",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00891831"
      },
      {
        "title": "HPSBUX00290",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00901847"
      },
      {
        "title": "HPSBUX0310-284",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0310-284"
      },
      {
        "title": "HPSBUX0310-284",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0310-284.html"
      },
      {
        "title": "openssl",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/data/openssl.html"
      },
      {
        "title": "secadv_20030930",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20030930.txt"
      },
      {
        "title": "#62",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/pdf/2003alert62.pdf"
      },
      {
        "title": "RHSA-2003:292",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2003-292.html"
      },
      {
        "title": "RHSA-2003:291",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2003-291.html"
      },
      {
        "title": "RHSA-2003:293",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2003-293.html"
      },
      {
        "title": "57599",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57599-1"
      },
      {
        "title": "57472",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57472-1"
      },
      {
        "title": "57100",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57100-1"
      },
      {
        "title": "57498",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57498-1"
      },
      {
        "title": "57498",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57498-3"
      },
      {
        "title": "57599",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57599-3"
      },
      {
        "title": "57472",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57472-3"
      },
      {
        "title": "57100",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57100-3"
      },
      {
        "title": "TLSA-2003-55",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2003/tlsa-2003-55.txt"
      },
      {
        "title": "#62",
        "trust": 0.8,
        "url": "http://otn.oracle.co.jp/security/031210_62/top.html"
      },
      {
        "title": "cisco-sa-20030930-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20030930-ssl-j.shtml"
      },
      {
        "title": "RHSA-2003:292",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-292j.html"
      },
      {
        "title": "RHSA-2003:291",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-291j.html"
      },
      {
        "title": "RHSA-2003:293",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-293j.html"
      },
      {
        "title": "TLSA-2003-55",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-55j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 5.1,
        "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
      },
      {
        "trust": 4.8,
        "url": "http://www.ietf.org/rfc/rfc2246.txt"
      },
      {
        "trust": 4.0,
        "url": "http://wp.netscape.com/eng/ssl3/"
      },
      {
        "trust": 4.0,
        "url": "http://www.itu.int/itu-t/studygroups/com10/languages/"
      },
      {
        "trust": 3.9,
        "url": "http://www.openssl.org/news/secadv_20030930.txt"
      },
      {
        "trust": 3.2,
        "url": "http://www.ietf.org/html.charters/pkix-charter.html"
      },
      {
        "trust": 2.7,
        "url": "http://www.cert.org/advisories/ca-2003-26.html"
      },
      {
        "trust": 2.7,
        "url": "http://www.kb.cert.org/vuls/id/380864"
      },
      {
        "trust": 1.9,
        "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
      },
      {
        "trust": 1.6,
        "url": "http://www.redhat.com/support/errata/rhsa-2003-292.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.redhat.com/support/errata/rhsa-2003-291.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2003/dsa-394"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2003/dsa-393"
      },
      {
        "trust": 1.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
      },
      {
        "trust": 1.6,
        "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/8732"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/22249"
      },
      {
        "trust": 1.1,
        "url": "http://www.kb.cert.org/vuls/id/686224"
      },
      {
        "trust": 1.1,
        "url": "http://www.kb.cert.org/vuls/id/732952"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3900"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43041"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4574"
      },
      {
        "trust": 0.9,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10087450.htm"
      },
      {
        "trust": 0.8,
        "url": "http://www.uniras.gov.uk/vuls/2003/006489/tls.htm"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/pkcs/"
      },
      {
        "trust": 0.8,
        "url": "http://wp.netscape.com/eng/ssl3/draft302.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.ciac.org/ciac/bulletins/n-159.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://www.ciac.org/ciac/bulletins/o-065.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0544"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/advisories/default.aspx?id=br-20031104-00633.xml"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/13316"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnca-2003-26"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trca-2003-26"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0544"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20031104-00748.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/104280"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/20031001_103420.html"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/43041"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/3900"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:4574"
      },
      {
        "trust": 0.3,
        "url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-tech.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120400.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57599"
      },
      {
        "trust": 0.3,
        "url": "http://www.info.apple.com/usen/security/security_updates.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/swupdates/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967586.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968007.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/download/esx/esx2-openssh.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967420.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967421.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.borderware.com/products/firewall.php"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967425.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967411.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967408.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967399.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/download/gsx_security.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967175.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=mdksa-2003:098"
      },
      {
        "trust": 0.3,
        "url": "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/mss-oar-e01-2004.0422.1"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967210.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967209.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967208.htm"
      },
      {
        "trust": 0.3,
        "url": "http://cirt.dk/advisories/cirt-32-advisory.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.cirt.dk/advisories/cirt-31-advisory.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/document/art/3040.html"
      },
      {
        "trust": 0.3,
        "url": "http://metalink.oracle.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.smoothwall.org/home/news/item/20031001.01.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-331.php"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2003-293.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com/support/knowledge/advisory_openssl_asn_vulnerability.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/security-alerts/"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/document/art/3041.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ssh.com/company/newsroom/article/476/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ssh.com/company/newsroom/article/477/"
      },
      {
        "trust": 0.3,
        "url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57100"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57444"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57472"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57475"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57498"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/patches/linux/security.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.tarantella.com/security/bulletin-08.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097379.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.borderware.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/255484"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/935264"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/343055"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0545"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0545"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0543"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0544"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0544"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      },
      {
        "db": "PACKETSTORM",
        "id": "31738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      },
      {
        "db": "PACKETSTORM",
        "id": "31738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "BID",
        "id": "8732"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      },
      {
        "date": "2003-09-30T16:10:22",
        "db": "PACKETSTORM",
        "id": "31738"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      },
      {
        "date": "2003-11-17T05:00:00",
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-08-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "date": "2016-07-06T14:32:00",
        "db": "BID",
        "id": "8732"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      },
      {
        "date": "2010-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      },
      {
        "date": "2018-05-03T01:29:00",
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in SSL/TLS implementations",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      }
    ],
    "trust": 0.9
  }
}

var-200110-0179
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: PGP 8.1

iQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I otH/juFiPayhwdxQwX1pZwdm =e4BA -----END PGP SIGNATURE----- . --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDKSA-2006:172 http://www.mandriva.com/security/

Package : openssl Date : September 28, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0

Problem Description:

Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).

During the parsing of certain invalid ASN1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory. (CVE-2006-2937)

Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. (CVE-2006-2940)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. (CVE-2006-3738)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code. (CVE-2006-4343)

Updated packages are patched to address these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0179",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.2.6-p1"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.3.2-p1"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. Henson  of the OpenSSL core team and Open Network Security is credited  with the discovery of this vulnerability. He created the test suite that uncovered this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-2937",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nReferences: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I\notH/juFiPayhwdxQwX1pZwdm\n=e4BA\n-----END PGP SIGNATURE-----\n. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                         MDKSA-2006:172\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : openssl\n Date    : September 28, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n Dr S N Henson of the OpenSSL core team and Open Network Security\n recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). \n\n During the parsing of certain invalid ASN1 structures an error\n condition is mishandled. This can result in an infinite loop which\n consumes system memory. (CVE-2006-2937)\n\n Certain types of public key can take disproportionate amounts of time\n to process. This could be used by an attacker in a denial of service\n attack. (CVE-2006-2940)\n\n Tavis Ormandy and Will Drewry of the Google Security Team discovered a\n buffer overflow in the SSL_get_shared_ciphers utility function, used by\n some applications such as exim and mysql.  An attacker could send a\n list of ciphers that would overrun a buffer. (CVE-2006-3738)\n\n Tavis Ormandy and Will Drewry of the Google Security Team discovered a\n possible DoS in the sslv2 client code. (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      }
    ],
    "trust": 5.13
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200110-0179",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-05-22T21:09:20.229000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "BIND 9: OpenSSL Vulnerabilities",
        "trust": 0.8,
        "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "title": "102759",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  }
}

var-201605-0037
Vulnerability from variot

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Following product versions are affected: OpenSSL versions 1.0.2 prior to 1.0.2h OpenSSL versions 1.0.1 prior to 1.0.1t. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03756en_us Version: 1

HPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-06-05 Last Updated: 2017-06-05

Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.

References:

  • CVE-2016-2105 - Remote Denial of Service (DoS)
  • CVE-2016-2106 - Remote Denial of Service (DoS)
  • CVE-2016-2107 - Remote disclosure of sensitive information
  • CVE-2016-2108 - Remote Denial of Service (DoS)
  • CVE-2016-2109 - Remote Denial of Service (DoS)
  • CVE-2016-2176 - Remote Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • HP Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2016-2105
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-2106
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-2107
  3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVE-2016-2108
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-2016-2109
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVE-2016-2176
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
  6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software updates available to resolve the vulnerabilities in the Comware 7, iMC and VCX products running OpenSSL.

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7377P02
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 10500 (Comware 7) - Version: R7184
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5900/5920 (Comware 7) - Version: R2422P02
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR1000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR2000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR3000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR4000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • VSR (Comware 7) - Version: E0324
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 7900 (Comware 7) - Version: R2152
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5130 (Comware 7) - Version: R3115
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 6125XLG - Version: R2422P02
    • HP Network Products
    • 711307-B21 HP 6125XLG Blade Switch
    • 737230-B21 HP 6125XLG Blade Switch with TAA
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 6127XLG - Version: R2422P02
    • HP Network Products
    • 787635-B21 HP 6127XLG Blade Switch Opt Kit
    • 787635-B22 HP 6127XLG Blade Switch with TAA
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • Moonshot - Version: R2432
    • HP Network Products
    • 786617-B21 - HP Moonshot-45Gc Switch Module
    • 704654-B21 - HP Moonshot-45XGc Switch Module
    • 786619-B21 - HP Moonshot-180XGc Switch Module
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5700 (Comware 7) - Version: R2422P02
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5930 (Comware 7) - Version: R2422P02
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 1950 (Comware 7) - Version: R3115
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 7500 (Comware 7) - Version: R7184
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5510HI (Comware 7) - Version: R1120P10
    • HP Network Products
    • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
    • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
    • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
    • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
    • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5130HI (Comware 7) - Version: R1120P10
    • HP Network Products
    • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
    • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
    • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
    • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5940 - Version: R2509
    • HP Network Products
    • JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
    • JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
    • JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
    • JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
    • JH396A HPE FlexFabric 5940 32QSFP+ Switch
    • JH397A HPE FlexFabric 5940 2-slot Switch
    • JH398A HPE FlexFabric 5940 4-slot Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5950 - Version: R6123
    • HP Network Products
    • JH321A HPE FlexFabric 5950 32QSFP28 Switch
    • JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch
    • JH404A HPE FlexFabric 5950 4-slot Switch
  • 12900E (Comware 7) - Version: R2609
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176

iMC Products

  • iNode PC 7.2 (E0410) - Version: 7.2 E0410
    • HP Network Products
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
    • CVEs
    • CVE-2016-2106
    • CVE-2016-2109
    • CVE-2016-2176
  • iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409
    • HP Network Products
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
    • CVEs
    • CVE-2016-2106
    • CVE-2016-2109
    • CVE-2016-2176

VCX Products

  • VCX - Version: 9.8.19
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 2 June 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEcBAEBCAAGBQJZNbF9AAoJELXhAxt7SZaiCmsH/373hRDLNeYxIUxMYvltF6m4 B8gU5WH4mos1K7St+PHPsGdDNop/MxjtLHFEyDkweGUIycA3saZzvf5v8T5BfY3Y ssa38vZUde1mC8RfIUKAcwo0xLqniZ5BU1fpG3bs+8qVafA7gr0i7mMvK+1M19cv dTkbirrP7fQ+2HGNpV3fQlvN3nz0KWI8OWBfFyWtWnYvt1rrzPJyWk08iMsFWUwC gYzNV38AzPPHcB7UeTnbOegL+nC3kM3VkDzhhs2pL15/ZRSlAv6I1tgcuA6YRVhQ wMFX9+LdSuLtDA2idUGgRhTe7lyNApUN0LRJ3nPzIcYXTlRYg3m5fkfmu1Q5KdM= =xlHZ -----END PGP SIGNATURE----- .

Gentoo Linux Security Advisory GLSA 201612-16

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2j >= 1.0.2j

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"

References

[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201612-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-3566-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini May 03, 2016 https://www.debian.org/security/faq

Package : openssl CVE ID : CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2176

Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. This could lead to a heap corruption. This could lead to a heap corruption.

CVE-2016-2107

Juraj Somorovsky discovered a padding oracle in the AES CBC cipher
implementation based on the AES-NI instruction set. This could allow
an attacker to decrypt TLS traffic encrypted with one of the cipher
suites based on AES CBC.

CVE-2016-2108

David Benjamin from Google discovered that two separate bugs in the
ASN.1 encoder, related to handling of negative zero integer values
and large universal tags, could lead to an out-of-bounds write.

For the unstable distribution (sid), these problems have been fixed in version 1.0.2h-1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004

OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following:

apache_mod_php Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36. CVE-2016-4650

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro

Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro

bsdiff Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher

CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc.

CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo

Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4634 : Stefan Esser of SektionEins

ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex

ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : an anonymous researcher

IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins

IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero

Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team

Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

libc++abi Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4621 : an anonymous researcher

libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-0718 : Gustavo Grieco

LibreSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand, Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck

libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to the compromise of user information Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a denial of service Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

OpenSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in OpenSSL. CVE-2016-2105 : Guido Vranken CVE-2016-2106 : Guido Vranken CVE-2016-2107 : Juraj Somorovsky CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter CVE-2016-2176 : Guido Vranken

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted SGI file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab

Safari Login AutoFill Available for: OS X El Capitan v10.11 and later Impact: A user's password may be visible on screen Description: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields. CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD

Sandbox Profiles Available for: OS X El Capitan v10.11 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins

Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900

OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y +cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc 55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5 YozOGPQFmX0OviWCQsX6 =ng+m -----END PGP SIGNATURE----- . The bug causing the vulnerability was fixed on April 18th 2015, and released as part of the June 11th 2015 security releases. The security impact of the bug was not known at the time.

In previous versions of OpenSSL, ASN.1 encoding the value zero represented as a negative integer can cause a buffer underflow with an out-of-bounds write in i2c_ASN1_INTEGER. The ASN.1 parser does not normally create "negative zeroes" when parsing ASN.1 input, and therefore, an attacker cannot trigger this bug.

However, a second, independent bug revealed that the ASN.1 parser (specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag as a negative zero value. Large universal tags are not present in any common ASN.1 structures (such as X509) but are accepted as part of ANY structures.

Therefore, if an application deserializes untrusted ASN.1 structures containing an ANY field, and later reserializes them, an attacker may be able to trigger an out-of-bounds write. This has been shown to cause memory corruption that is potentially exploitable with some malloc implementations.

Applications that parse and re-encode X509 certificates are known to be vulnerable. Applications that verify RSA signatures on X509 certificates may also be vulnerable; however, only certificates with valid signatures trigger ASN.1 re-encoding and hence the bug. Specifically, since OpenSSL's default TLS X509 chain verification code verifies the certificate chain from root to leaf, TLS handshakes could only be targeted with valid certificates issued by trusted Certification Authorities.

OpenSSL 1.0.2 users should upgrade to 1.0.2c OpenSSL 1.0.1 users should upgrade to 1.0.1o

This vulnerability is a combination of two bugs, neither of which individually has security impact. The first bug (mishandling of negative zero integers) was reported to OpenSSL by Huzaifa Sidhpurwala (Red Hat) and independently by Hanno Böck in April 2015. The second issue (mishandling of large universal tags) was found using libFuzzer, and reported on the public issue tracker on March 1st 2016. The fact that these two issues combined present a security vulnerability was reported by David Benjamin (Google) on March 31st 2016. The fixes were developed by Steve Henson of the OpenSSL development team, and David Benjamin. The OpenSSL team would also like to thank Mark Brand and Ian Beer from the Google Project Zero team for their careful analysis of the impact.

The fix for the "negative zero" memory corruption bug can be identified by commits

3661bb4e7934668bd99ca777ea8b30eedfafa871 (1.0.2) and 32d3b0f52f77ce86d53f38685336668d47c5bdfe (1.0.1)

Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)

Severity: High

A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI.

This issue was introduced as part of the fix for Lucky 13 padding attack (CVE-2013-0169). The padding check was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes.

OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t

This issue was reported to OpenSSL on 13th of April 2016 by Juraj Somorovsky using TLS-Attacker. The fix was developed by Kurt Roeckx of the OpenSSL development team.

EVP_EncodeUpdate overflow (CVE-2016-2105)

Severity: Low

An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption.

Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by the PEM_write_bio family of functions. These are mainly used within the OpenSSL command line applications. These internal uses are not considered vulnerable because all calls are bounded with length checks so no overflow is possible. User applications that call these APIs directly with large amounts of untrusted data may be vulnerable. (Note: Initial analysis suggested that the PEM_write_bio were vulnerable, and this is reflected in the patch commit message. This is no longer believed to be the case).

OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t

This issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

EVP_EncryptUpdate overflow (CVE-2016-2106)

Severity: Low

An overflow can occur in the EVP_EncryptUpdate() function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. Following an analysis of all OpenSSL internal usage of the EVP_EncryptUpdate() function all usage is one of two forms. The first form is where the EVP_EncryptUpdate() call is known to be the first called function after an EVP_EncryptInit(), and therefore that specific call must be safe. The second form is where the length passed to EVP_EncryptUpdate() can be seen from the code to be some small value and therefore there is no possibility of an overflow. Since all instances are one of these two forms, it is believed that there can be no overflows in internal code due to this problem. It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths. Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances of these calls have also been analysed too and it is believed there are no instances in internal usage where an overflow could occur.

This could still represent a security issue for end user code that calls this function directly.

OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t

This issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

ASN.1 BIO excessive memory allocation (CVE-2016-2109)

Severity: Low

When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory.

Any application parsing untrusted data through d2i BIO functions is affected. The memory based functions such as d2i_X509() are not affected. Since the memory based functions are used by the TLS library, TLS applications are not affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t

This issue was reported to OpenSSL on 4th April 2016 by Brian Carpenter. The fix was developed by Stephen Henson of the OpenSSL development team.

EBCDIC overread (CVE-2016-2176)

Severity: Low

ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer.

OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t

This issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20160503.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0037",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2g"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "commerce guided search / oracle commerce experience manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions  (linux)"
      },
      {
        "model": "commerce guided search / oracle commerce experience manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "6.3.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "ip38x/3000",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "6.2"
      },
      {
        "model": "ip38x/3500",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ip38x/fw120",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "ip38x/1200",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "primavera p6 professional project management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.4"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver6.1 to  v8.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "netvisorpro 6.1"
      },
      {
        "model": "ip38x/810",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.3"
      },
      {
        "model": "ip38x/n500",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "primavera p6 professional project management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "15.x"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "commerce guided search / oracle commerce experience manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "ip38x/1210",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "primavera p6 professional project management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "16.x"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "12.1.3"
      },
      {
        "model": "commerce guided search / oracle commerce experience manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1t"
      },
      {
        "model": "commerce guided search / oracle commerce experience manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "business connect v7.1.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 and later"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "ip38x/5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "7.0"
      },
      {
        "model": "ip38x/sr100",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "commerce guided search / oracle commerce experience manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "6.5.0"
      },
      {
        "model": "primavera p6 professional project management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "paging server",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport encryption appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "spa51x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mate collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "network health framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.2.1"
      },
      {
        "model": "unified series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "780011.5.2"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(3.10000.9)"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.2"
      },
      {
        "model": "10.2-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6(3)"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.2"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.2"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "emergency responder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.6.0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "nexus series blade switches 0.9.8zf",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "telepresence isdn link",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1.6"
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "cognos insight fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.216"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence sx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.6"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "85100"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.131"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "mediasense 9.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.35"
      },
      {
        "model": "cognos business intelligence interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.119"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "aspera shares",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.6"
      },
      {
        "model": "10.1-release-p26",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.8"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "prime collaboration assurance sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "tivoli netcool system service monitors fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "cognos insight fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.26"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "10.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5.4.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13-34"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "im and presence service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1879.2.5"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.15"
      },
      {
        "model": "tivoli netcool system service monitors fp15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5(2)"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.1"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs central 1.5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration deployment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-11.5.2"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 1.0.1t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p28",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "webex recording playback client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p38",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.10.1"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "9.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90008.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.16-37"
      },
      {
        "model": "10.2-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "prime infrastructure standalone plug and play gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa50x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.014-01"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.5.1"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "model": "tivoli netcool system service monitors fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4-23"
      },
      {
        "model": "10.2-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.25-57"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-109"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-43"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus intercloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.5"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "buildforge",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4.2"
      },
      {
        "model": "unified workforce optimization quality management sr3 es5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "meetingplace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0.1.7"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex messenger service ep1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "mediasense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8961"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.1"
      },
      {
        "model": "10.2-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified wireless ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.1-release-p27",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "spa122 ata with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "webex meeting center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "webex node for mcs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.12.9.8"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2.8"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "10.2-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack interix fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.11-28"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.5"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12150-12"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.17"
      },
      {
        "model": "cognos tm1 interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.2"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.36"
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.8"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "aspera console",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.0.997"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.3"
      },
      {
        "model": "unified ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "connected analytics for collaboration 1.0.1q",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.20"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.7"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.34"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(2)"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "mmp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.0-13"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6.7"
      },
      {
        "model": "prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.3.4.2-4"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.6.1"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.4"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.7.0"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.31"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agent for openflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0.7"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "cognos business intelligence interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.117"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(3)"
      },
      {
        "model": "globalprotect agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.0"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "webex meetings for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5.0"
      },
      {
        "model": "mds series multilayer switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "ios software and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "webex meeting center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.0.5"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.15-36"
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.6"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.10"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client hosted t31r1sp6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "9.3-release-p35",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.8"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3x000"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "unified sip proxy",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "10.2-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.3"
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "spa50x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.8"
      },
      {
        "model": "9.3-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.6"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions if03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "identity services engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.1"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "10.1-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.10000.5)"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence mx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.0.0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.4"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "telepresence profile series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.6"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "jabber for android mr",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.12"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "connected grid router-cgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2919"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "telepresence server on virtual machine mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "unified ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.7"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60008.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.2-9"
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70008.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.2"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-110"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.2"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-113"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "spa30x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30-12"
      },
      {
        "model": "webex meetings client on premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.3"
      },
      {
        "model": "cognos tm1 fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.26"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.3(1)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.12"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.2"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.131)"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.3"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1(1)"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "algo audit and compliance if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.32"
      },
      {
        "model": "spa525g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "9.3-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.1"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9971"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.29-9"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.1.1"
      },
      {
        "model": "telepresence server mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.2"
      },
      {
        "model": "webex messenger service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "10.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.10"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.1"
      },
      {
        "model": "rational tau interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "telepresence server on multiparty media mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.2"
      },
      {
        "model": "connected grid router 15.6.2.15t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5:20"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "counter fraud management for safer payments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.0"
      },
      {
        "model": "telepresence server on multiparty media mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.2"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.17"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.0"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.1"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "packet tracer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3.1"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "unified wireless ip phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "virtual security gateway vsg2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.0"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "webex meetings client on premises",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-2.7"
      },
      {
        "model": "10.2-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "spa51x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.9.1"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.7"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(3.10000.9)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "telepresence sx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-108"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(2.1)"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1"
      },
      {
        "model": "physical access control gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wide area application services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.5.7"
      },
      {
        "model": "9.3-release-p24",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p19",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.10"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.5.41"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "10.1-release-p30",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0.9.8"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "edge digital media player 1.6rb4 5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "mds series multilayer switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "9.3-release-p36",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "partner supporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "mobility services engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0"
      },
      {
        "model": "edge digital media player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3401.2.0.20"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "spa30x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "10.2-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "42000"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "standalone rack server cimc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.12.2"
      },
      {
        "model": "tivoli netcool system service monitors fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "jabber for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.2"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.4.7"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.7"
      },
      {
        "model": "9.3-release-p33",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.5"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "84200"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.2"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "meetingplace",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa525g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.0.5"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.0.1"
      },
      {
        "model": "9.3-release-p41",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitors fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud object store",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.8"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "cognos business intelligence fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.12"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.1.5"
      },
      {
        "model": "registered envelope service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "tivoli netcool system service monitors fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "telepresence content server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(4)"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.4"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "asa cx and prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.21"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1)"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50007.3.1"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(3)"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "10.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8945"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.18-49"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1.10000.12)"
      },
      {
        "model": "telepresence ex series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.3"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "mate design",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "10.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.13-41"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.9"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network admission control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.31"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "10.1-release-p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "telepresence conductor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified attendant console standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.0"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mate live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.6)"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization sr3 es5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified communications manager 10.5 su3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.4"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0(0.400)"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nac server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9-34"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "9.3-release-p31",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "security proventia network active bypass 0343c3c",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "unified ip phones 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3.6"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0(0.98000.225)"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "websphere application server liberty profile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "unity connection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.8"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1.98991.13)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "prime optical for sps",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "45000"
      },
      {
        "model": "telepresence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.4"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50008.3"
      },
      {
        "model": "10.1-release-p31",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.12-04"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.2"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-2.7"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1.10000.5)"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.6"
      },
      {
        "model": "tivoli composite application manager for transactions if37",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "tivoli network manager ip edition fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.94"
      },
      {
        "model": "prime license manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.8"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-42"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.8"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v vsg2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "connected grid router cgos 15.6.2.15t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.3"
      },
      {
        "model": "9.3-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.12-01"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.3-release-p39",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-114"
      },
      {
        "model": "telepresence mx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.5"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence profile series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.13"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.2"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.014-08"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.21"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "globalprotect agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.1"
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "19.0"
      },
      {
        "model": "10.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9951"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1876"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "10.3-release-p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "local collector appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.12"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "content security appliance updater servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "connected analytics for collaboration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos tm1 interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.2"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p23",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "telepresence ex series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "mac os security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016"
      },
      {
        "model": "10.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.17"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.4-12"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder 10.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nexus",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "900012.0"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "9.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7(0)"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.3-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.3"
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.32"
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "services analytic platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "unified ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79009.4(2)"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.17"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "unified series ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "video surveillance media server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9"
      },
      {
        "model": "unified communications manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "agent for openflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.5"
      },
      {
        "model": "10.2-release-p16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "policy suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "53000"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.4.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "9.3-release-p34",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1)"
      },
      {
        "model": "tivoli provisioning manager for images system edition build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.20290.1"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12150-13"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.10"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "webex meetings server mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.99.2"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.33"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.1"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "asa cx and cisco prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5.4.3"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.2"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "9.3-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos insight fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.126"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.13900.9)"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(0.98000.88)"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "89746"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002477"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-084"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2176"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.1s",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2176"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Guido Vranken",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-084"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-2176",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-2176",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 4.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.2,
            "baseSeverity": "High",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2016-2176",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2176",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201605-084",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-2176",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2176"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002477"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-084"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2176"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. OpenSSL is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. \nFollowing product versions are affected:\nOpenSSL versions 1.0.2 prior to 1.0.2h\nOpenSSL versions 1.0.1 prior to 1.0.1t. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03756en_us\nVersion: 1\n\nHPESBHF03756 rev.1 -  HPE Network Products including Comware 7, iMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-06-05\nLast Updated: 2017-06-05\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nnetwork products including Comware 7, iMC, and VCX. The vulnerabilities could\nbe remotely exploited resulting in Denial of Service (DoS) or disclosure of\nsensitive information. \n\nReferences:\n\n  - CVE-2016-2105 - Remote Denial of Service (DoS)\n  - CVE-2016-2106 - Remote Denial of Service (DoS)\n  - CVE-2016-2107 - Remote disclosure of sensitive information\n  - CVE-2016-2108 - Remote Denial of Service (DoS)\n  - CVE-2016-2109 - Remote Denial of Service (DoS)\n  - CVE-2016-2176 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n  - Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - HP Intelligent Management Center (iMC) All versions - Please refer to the\nRESOLUTION below for a list of updated products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2016-2105\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-2106\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-2107\n      3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\n      2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n    CVE-2016-2108\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-2109\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n    CVE-2016-2176\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\n      6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerabilities in the Comware 7, iMC and VCX products running OpenSSL. \n\n**COMWARE 7 Products**\n\n  + 12500 (Comware 7) - Version: R7377P02\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 10500 (Comware 7) - Version: R7184\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5900/5920 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR1000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR2000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR3000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR4000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + VSR (Comware 7) - Version: E0324\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 7900 (Comware 7) - Version: R2152\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5130 (Comware 7) - Version: R3115\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 6125XLG - Version: R2422P02\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 6127XLG - Version: R2422P02\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + Moonshot - Version: R2432\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5700 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5930 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 1950 (Comware 7) - Version: R3115\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 7500 (Comware 7) - Version: R7184\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5510HI (Comware 7) - Version: R1120P10\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5130HI (Comware 7) - Version: R1120P10\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5940 - Version: R2509\n    * HP Network Products\n      - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch\n      - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch\n      - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch\n      - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch\n      - JH396A HPE FlexFabric 5940 32QSFP+ Switch\n      - JH397A HPE FlexFabric 5940 2-slot Switch\n      - JH398A HPE FlexFabric 5940 4-slot Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5950 - Version: R6123\n    * HP Network Products\n      - JH321A HPE FlexFabric 5950 32QSFP28 Switch\n      - JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch\n      - JH404A HPE FlexFabric 5950 4-slot Switch\n  + 12900E (Comware 7) - Version: R2609\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n\n**iMC Products**\n\n  + iNode PC 7.2 (E0410) - Version: 7.2 E0410\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n    * CVEs\n      - CVE-2016-2106\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n    * CVEs\n      - CVE-2016-2106\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n\n**VCX Products**\n\n  + VCX - Version: 9.8.19\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 2 June 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBCAAGBQJZNbF9AAoJELXhAxt7SZaiCmsH/373hRDLNeYxIUxMYvltF6m4\nB8gU5WH4mos1K7St+PHPsGdDNop/MxjtLHFEyDkweGUIycA3saZzvf5v8T5BfY3Y\nssa38vZUde1mC8RfIUKAcwo0xLqniZ5BU1fpG3bs+8qVafA7gr0i7mMvK+1M19cv\ndTkbirrP7fQ+2HGNpV3fQlvN3nz0KWI8OWBfFyWtWnYvt1rrzPJyWk08iMsFWUwC\ngYzNV38AzPPHcB7UeTnbOegL+nC3kM3VkDzhhs2pL15/ZRSlAv6I1tgcuA6YRVhQ\nwMFX9+LdSuLtDA2idUGgRhTe7lyNApUN0LRJ3nPzIcYXTlRYg3m5fkfmu1Q5KdM=\n=xlHZ\n-----END PGP SIGNATURE-----\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 07, 2016\n     Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n           #592082, #594500, #595186\n       ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2j                  \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. Additionally, a time based side-channel\nattack may allow a local attacker to recover a private DSA key. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[  1 ] CVE-2016-2105\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[  2 ] CVE-2016-2106\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[  3 ] CVE-2016-2107\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[  4 ] CVE-2016-2108\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[  5 ] CVE-2016-2109\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[  6 ] CVE-2016-2176\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[  7 ] CVE-2016-2177\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[  8 ] CVE-2016-2178\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[  9 ] CVE-2016-2180\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n       http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3566-1                   security@debian.org\nhttps://www.debian.org/security/                       Alessandro Ghedini\nMay 03, 2016                          https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : openssl\nCVE ID         : CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 \n                 CVE-2016-2109 CVE-2016-2176\n\nSeveral vulnerabilities were discovered in OpenSSL, a Secure Socket Layer\ntoolkit. This could lead to a heap corruption. \n    This could lead to a heap corruption. \n\nCVE-2016-2107\n\n    Juraj Somorovsky discovered a padding oracle in the AES CBC cipher\n    implementation based on the AES-NI instruction set. This could allow\n    an attacker to decrypt TLS traffic encrypted with one of the cipher\n    suites based on AES CBC. \n\nCVE-2016-2108\n\n    David Benjamin from Google discovered that two separate bugs in the\n    ASN.1 encoder, related to handling of negative zero integer values\n    and large universal tags, could lead to an out-of-bounds write. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2h-1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update\n2016-004\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 is now\navailable and addresses the following:\n\napache_mod_php\nAvailable for:  \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple issues existed in PHP versions prior to\n5.5.36. These were addressed by updating PHP to version 5.5.36. \nCVE-2016-4650\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Parsing a maliciously crafted audio file may lead to the\ndisclosure of user information\nDescription:  An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend\nMicro\u0027s Zero Day Initiative\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nbsdiff\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription:  An integer overflow existed in bspatch. This issue was\naddressed through improved bounds checking. \nCVE-2014-9862 : an anonymous researcher\n\nCFNetwork\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to view sensitive user information\nDescription:  A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed through improved\nrestrictions. \nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc. \n\nCoreGraphics\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nCoreGraphics\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to elevate privileges\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nFaceTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription:  User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nGraphics Drivers\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4634 : Stefan Esser of SektionEins\n\nImageIO\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nImageIO\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nIntel Graphics Driver\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4633 : an anonymous researcher\n\nIOHIDFamily\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nIOSurface\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A use-after-free was addressed through improved memory\nmanagement. \nCVE-2016-4625 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibc++abi\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  An application may be able to execute arbitrary code with\nroot privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4621 : an anonymous researcher\n\nlibexpat\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-0718 : Gustavo Grieco\n\nLibreSSL\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple issues existed in LibreSSL before 2.2.7. These\nwere addressed by updating LibreSSL to version 2.2.7. \nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand,\nIan Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription:  An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Multiple vulnerabilities in libxml2\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxslt\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Multiple vulnerabilities in libxslt\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode leading to compromise of user information\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode leading to the compromise of user information\nDescription:  A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a denial of service\nDescription:  A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to gain root privileges\nDescription:  A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in OpenSSL. \nCVE-2016-2105 : Guido Vranken\nCVE-2016-2106 : Guido Vranken\nCVE-2016-2107 : Juraj Somorovsky\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\nCVE-2016-2176 : Guido Vranken\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4596 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4597 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4600 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4602 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4598 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted SGI file may lead to\narbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4601 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4599 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nSafari Login AutoFill\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A user\u0027s password may be visible on screen\nDescription:  An issue existed in Safari\u0027s password auto-fill. This\nissue was addressed through improved matching of form fields. \nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\nSandbox Profiles\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local application may be able to access the process list\nDescription:  An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nNote: OS X El Capitan 10.11.6 includes the security content of Safari\n9.1.2. For further details see https://support.apple.com/kb/HT206900\n\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y\n+cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy\npSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV\nxj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u\nwevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN\nZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k\nah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk\nmmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC\nJM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc\n55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs\nxPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5\nYozOGPQFmX0OviWCQsX6\n=ng+m\n-----END PGP SIGNATURE-----\n. The bug\ncausing the vulnerability was fixed on April 18th 2015, and released\nas part of the June 11th 2015 security releases. The security impact\nof the bug was not known at the time. \n\nIn previous versions of OpenSSL, ASN.1 encoding the value zero\nrepresented as a negative integer can cause a buffer underflow\nwith an out-of-bounds write in i2c_ASN1_INTEGER. The ASN.1 parser does\nnot normally create \"negative zeroes\" when parsing ASN.1 input, and\ntherefore, an attacker cannot trigger this bug. \n\nHowever, a second, independent bug revealed that the ASN.1 parser\n(specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag\nas a negative zero value. Large universal tags are not present in any\ncommon ASN.1 structures (such as X509) but are accepted as part of ANY\nstructures. \n\nTherefore, if an application deserializes untrusted ASN.1 structures\ncontaining an ANY field, and later reserializes them, an attacker may\nbe able to trigger an out-of-bounds write. This has been shown to\ncause memory corruption that is potentially exploitable with some\nmalloc implementations. \n\nApplications that parse and re-encode X509 certificates are known to\nbe vulnerable. Applications that verify RSA signatures on X509\ncertificates may also be vulnerable; however, only certificates with\nvalid signatures trigger ASN.1 re-encoding and hence the\nbug. Specifically, since OpenSSL\u0027s default TLS X509 chain verification\ncode verifies the certificate chain from root to leaf, TLS handshakes\ncould only be targeted with valid certificates issued by trusted\nCertification Authorities. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2c\nOpenSSL 1.0.1 users should upgrade to 1.0.1o\n\nThis vulnerability is a combination of two bugs, neither of which\nindividually has security impact. The first bug (mishandling of\nnegative zero integers) was reported to OpenSSL by Huzaifa Sidhpurwala\n(Red Hat) and independently by Hanno B\u00f6ck in April 2015. The second\nissue (mishandling of large universal tags) was found using libFuzzer,\nand reported on the public issue tracker on March 1st 2016. The fact\nthat these two issues combined present a security vulnerability was\nreported by David Benjamin (Google) on March 31st 2016. The fixes were\ndeveloped by Steve Henson of the OpenSSL development team, and David\nBenjamin.  The OpenSSL team would also like to thank Mark Brand and\nIan Beer from the Google Project Zero team for their careful analysis\nof the impact. \n\nThe fix for the \"negative zero\" memory corruption bug can be\nidentified by commits\n\n3661bb4e7934668bd99ca777ea8b30eedfafa871 (1.0.2)\nand\n32d3b0f52f77ce86d53f38685336668d47c5bdfe (1.0.1)\n\nPadding oracle in AES-NI CBC MAC check (CVE-2016-2107)\n======================================================\n\nSeverity: High\n\nA MITM attacker can use a padding oracle attack to decrypt traffic\nwhen the connection uses an AES CBC cipher and the server support\nAES-NI. \n\nThis issue was introduced as part of the fix for Lucky 13 padding\nattack (CVE-2013-0169). The padding check was rewritten to be in\nconstant time by making sure that always the same bytes are read and\ncompared against either the MAC or padding bytes. But it no longer\nchecked that there was enough data to have both the MAC and padding\nbytes. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 13th of April 2016 by Juraj\nSomorovsky using TLS-Attacker. The fix was developed by Kurt Roeckx\nof the OpenSSL development team. \n\nEVP_EncodeUpdate overflow (CVE-2016-2105)\n=========================================\n\nSeverity: Low\n\nAn overflow can occur in the EVP_EncodeUpdate() function which is used for\nBase64 encoding of binary data. If an attacker is able to supply very large\namounts of input data then a length check can overflow resulting in a heap\ncorruption. \n\nInternally to OpenSSL the EVP_EncodeUpdate() function is primarly used by the\nPEM_write_bio* family of functions. These are mainly used within the OpenSSL\ncommand line applications. These internal uses are not considered vulnerable\nbecause all calls are bounded with length checks so no overflow is possible. \nUser applications that call these APIs directly with large amounts of untrusted\ndata may be vulnerable. (Note: Initial analysis suggested that the\nPEM_write_bio* were vulnerable, and this is reflected in the patch commit\nmessage. This is no longer believed to be the case). \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nEVP_EncryptUpdate overflow (CVE-2016-2106)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in the EVP_EncryptUpdate() function. If an attacker is\nable to supply very large amounts of input data after a previous call to\nEVP_EncryptUpdate() with a partial block then a length check can overflow\nresulting in a heap corruption. Following an analysis of all OpenSSL internal\nusage of the EVP_EncryptUpdate() function all usage is one of two forms. \nThe first form is where the EVP_EncryptUpdate() call is known to be the first\ncalled function after an EVP_EncryptInit(), and therefore that specific call\nmust be safe. The second form is where the length passed to EVP_EncryptUpdate()\ncan be seen from the code to be some small value and therefore there is no\npossibility of an overflow. Since all instances are one of these two forms, it\nis believed that there can be no overflows in internal code due to this problem. \nIt should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate() in\ncertain code paths. Also EVP_CipherUpdate() is a synonym for\nEVP_EncryptUpdate(). All instances of these calls have also been analysed too\nand it is believed there are no instances in internal usage where an overflow\ncould occur. \n\nThis could still represent a security issue for end user code that calls this\nfunction directly. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nASN.1 BIO excessive memory allocation (CVE-2016-2109)\n=====================================================\n\nSeverity: Low\n\nWhen ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()\na short invalid encoding can casuse allocation of large amounts of memory\npotentially consuming excessive resources or exhausting memory. \n\nAny application parsing untrusted data through d2i BIO functions is affected. \nThe memory based functions such as d2i_X509() are *not* affected. Since the\nmemory based functions are used by the TLS library, TLS applications are not\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 4th April 2016 by Brian Carpenter. \nThe fix was developed by Stephen Henson of the OpenSSL development team. \n\nEBCDIC overread (CVE-2016-2176)\n===============================\n\nSeverity: Low\n\nASN1 Strings that are over 1024 bytes can cause an overread in applications\nusing the X509_NAME_oneline() function on EBCDIC systems. This could result in\narbitrary stack data being returned in the buffer. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160503.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2176"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002477"
      },
      {
        "db": "BID",
        "id": "89746"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2176"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "169652"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2176",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "89746",
        "trust": 2.0
      },
      {
        "db": "PULSESECURE",
        "id": "SA40202",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-18",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1035721",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10160",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "136912",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU93163809",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94844193",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002477",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-084",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2176",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "142803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140056",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136893",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143513",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137958",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169652",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2176"
      },
      {
        "db": "BID",
        "id": "89746"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002477"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "169652"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-084"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2176"
      }
    ]
  },
  "id": "VAR-201605-0037",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.4305209371428571
  },
  "last_update_date": "2024-07-23T20:35:57.230000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
      },
      {
        "title": "HT206903",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206903"
      },
      {
        "title": "HT206903",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206903"
      },
      {
        "title": "SB10160",
        "trust": 0.8,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160"
      },
      {
        "title": "NV16-015",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv16-015.html"
      },
      {
        "title": "Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "Prevent EBCDIC overread for very long strings",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561"
      },
      {
        "title": "EBCDIC overread (CVE-2016-2176)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20160503.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "title": "SA40202",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202"
      },
      {
        "title": "October 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759\u0026actp=search"
      },
      {
        "title": "TLSA-2016-14",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-14j.html"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=61409"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/05/03/openssl_patches/"
      },
      {
        "title": "Red Hat: CVE-2016-2176",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2176"
      },
      {
        "title": "Tenable Security Advisories: [R5] OpenSSL \u002720160503\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-10"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-13"
      },
      {
        "title": "Symantec Security Advisories: SA123 : OpenSSL Vulnerabilities 3-May-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=5d65f6765e60e5fe9e6998a5bde1aadc"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2105, 2106, 2107, 2108, 2109, 2176 -- Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=01fd01e3d154696ffabfde89f4142310"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-18"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-2176 "
      },
      {
        "title": "alpine-cvecheck",
        "trust": 0.1,
        "url": "https://github.com/tomwillfixit/alpine-cvecheck "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2176"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002477"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-084"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002477"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2176"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://www.openssl.org/news/secadv/20160503.txt"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/89746"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201612-16"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht206903"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1035721"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa123"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-18"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03756en_us"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03765en_us"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2176"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu93163809/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94844193/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2176"
      },
      {
        "trust": 0.8,
        "url": "http://www.aratana.jp/security/detail.php?id=16"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2016/may/25"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023814"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024078"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099429"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000158"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021376"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "https://securityadvisories.paloaltonetworks.com/home/detail/56?aspxautodetectcookiesupport=1"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "https://support.asperasoft.com/hc/en-us/articles/229505687-security-bulletin-multiple-openssl-vulnerabilities-affect-ibm-aspera-shares-1-9-2-or-earlier-%20-ibm-aspera-console-3-0-6-or-earlier"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009147"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983158"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984323"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21984483"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984794"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984920"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984977"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986123"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986313"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986460"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986506"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986563"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986564"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986669"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21987174"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987175"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987671"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988055"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988071"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988081"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988350"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988383"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988976"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989958"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992493"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992894"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000192"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/tomwillfixit/alpine-cvecheck"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49332"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03756en_us"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://eprint.iacr.org/2016/594.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03765en_us"
      },
      {
        "trust": 0.1,
        "url": "http://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-a00006123en_"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4599"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4601"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4597"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4596"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4595"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9862"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4598"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4602"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht206900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/releasestrat.html),"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2176"
      },
      {
        "db": "BID",
        "id": "89746"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002477"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "169652"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-084"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2176"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2176"
      },
      {
        "db": "BID",
        "id": "89746"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002477"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "169652"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-084"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2176"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2176"
      },
      {
        "date": "2016-05-03T00:00:00",
        "db": "BID",
        "id": "89746"
      },
      {
        "date": "2016-05-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002477"
      },
      {
        "date": "2017-06-05T18:18:00",
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "date": "2016-12-07T16:37:31",
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "date": "2016-05-03T22:55:47",
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "date": "2017-07-26T17:44:00",
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "date": "2016-07-19T19:45:20",
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "date": "2016-05-03T12:12:12",
        "db": "PACKETSTORM",
        "id": "169652"
      },
      {
        "date": "2016-05-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-084"
      },
      {
        "date": "2016-05-05T01:59:06.340000",
        "db": "NVD",
        "id": "CVE-2016-2176"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2176"
      },
      {
        "date": "2017-05-02T01:10:00",
        "db": "BID",
        "id": "89746"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002477"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-084"
      },
      {
        "date": "2023-11-07T02:31:01.193000",
        "db": "NVD",
        "id": "CVE-2016-2176"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-084"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/x509/x509_obj.c of  X509_NAME_oneline Vulnerability in function that can retrieve important information from process stack memory",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002477"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-084"
      }
    ],
    "trust": 0.6
  }
}

var-201406-0445
Vulnerability from variot

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. Versions prior to OpenSSL 1.0.1 and 1.0.2-beta1 are vulnerable.

HP Connect IT / HP SPM CIT - 9.5x Please install: HP Connect IT 9.53.P2

For Windows http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00070

For Linux http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00071

For AIX http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00072

For HPUX http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00073

For Solaris http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00074

HP Connect IT / HP SPM CIT - 9.4x Please install: HP Connect IT 9.40.P1

For windows(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00075

For Linux(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00076

For AIX(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00077

For HPUX(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00078

For Solaris(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00079

HP Connect IT / HP SPM AM 5.2x Please install: HP Connect IT 9.41.P1

HISTORY Version:1 (rev.1) - 19 August 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. ============================================================================ Ubuntu Security Notice USN-2232-3 June 23, 2014

openssl regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 13.10
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

USN-2232-1 introduced a regression in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem.

Original advisory details:

J=C3=BCri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221) KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. (CVE-2014-0224) Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.4

Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.6

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.16

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.19

After a standard system update you need to reboot your computer to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2232-3 http://www.ubuntu.com/usn/usn-2232-1 https://launchpad.net/bugs/1332643

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.4 https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.6 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.16 https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.19 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201407-05

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: July 27, 2014 Bugs: #512506 ID: 201407-05

Synopsis

Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1h-r1 >= 0.9.8z_p5 >= 0.9.8z_p4 >= 0.9.8z_p1 >= 0.9.8z_p3 >= 0.9.8z_p2 >= 1.0.0m >= 1.0.1h-r1

Description

Multiple vulnerabilities have been discovered in OpenSSL.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1"

References

[ 1 ] CVE-2010-5298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298 [ 2 ] CVE-2014-0195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195 [ 3 ] CVE-2014-0198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198 [ 4 ] CVE-2014-0221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221 [ 5 ] CVE-2014-0224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224 [ 6 ] CVE-2014-3470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470 [ 7 ] OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201407-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04347622

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04347622 Version: 1

HPSBHF03052 rev.1 - HP Intelligent Management Center (iMC), HP Network Products including H3C and 3COM Routers and Switches running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Modification or Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-06-20 Last Updated: 2014-06-20

Potential Security Impact: Remote Denial of Service (DoS), code execution, unauthorized access, modification of information, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Intelligent Management Center (iMC), HP Network Products including 3COM and H3C routers and switches running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, modify or disclose information.

References:

CVE-2010-5298 Remote Denial of Service (DoS) or Modification of Information CVE-2014-0198 Remote Unauthorized Access (only iMC impacted) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information SSRT101561 Note: All products listed are impacted by CVE-2014-0224 . iMC is also impacted by CVE-2014-0198 and CVE-2010-5298

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION section below for a list of impacted products.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION On June 5th 2014, OpenSSL.org issued an advisory with several CVE vulnerabilities. HP Networking is working to release fixes for these vulnerabilities that impact the products in the table below. As fixed software is made available, this security bulletin will be updated to show the fixed versions. Until the software fixes are available, HP Networking is providing the following information including possible workarounds to mitigate the risks of these vulnerabilities.

Description

The most serious issue reported is CVE-2014-0224 and it is the one discussed here. To take advantage CVE-2014-0224, an attacker must:

be in between the OpenSSL client and OpenSSL server. be capable of intercepting and modifying packets between the OpenSSL client and OpenSSL server in real time.

Workarounds

HP Networking equipment is typically deployed inside firewalls and access to management interfaces and other protocols is more tightly controlled than in public environments. This deployment and security restrictions help to reduce the possibility of an attacker being able to intercept both OpenSSL client and OpenSSL server traffic.

Following the guidelines in the Hardening Comware-based devices can help to further reduce man-in-the-middle opportunities:

http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=c03536 920

For an HP Networking device acting as an OpenSSL Server, using a patched OpenSSL client or non-OpenSSL client eliminates the risk. As an example, most modern web browsers do not use the OpenSSL client and the sessions between the HP Networking OpenSSL server and the non-OpenSSL client are not at risk for this attack. For HP Networking Equipment that is using an OpenSSL client, patching the OpenSSL server will eliminate the risk of this attack.

Protocol Notes

The following details the protocols that use OpenSSL in Comware v5 and Comware v7:

Comware V7:

Server:

FIPS/HTTPS/Load Balancing/Session Initiation Protocol

Client:

Load Balancing/OpenFlow/Session Initiation Protocol/State Machine Based Anti-Spoofing/Dynamic DNS

Comware V5:

Server:

CAPWAP/EAP/SSLVPN

Client:

Dynamic DNS

Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted 3Com Branded Products Impacted

12900 Switch Series Fix in progress use mitigations JG619A HP FF 12910 Switch AC Chassis JG621A HP FF 12910 Main Processing Unit JG632A HP FF 12916 Switch AC Chassis JG634A HP FF 12916 Main Processing Unit

12500 Fix in progress use mitigations JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M)

12500 (Comware v7) Fix in progress use mitigations JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JG497A HP 12500 MPU w/Comware V7 OS JG782A HP FF 12508E AC Switch Chassis JG783A HP FF 12508E DC Switch Chassis JG784A HP FF 12518E AC Switch Chassis JG785A HP FF 12518E DC Switch Chassis JG802A HP FF 12500E MPU H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M)

11900 Switch Series Fix in progress use mitigations JG608A HP FF 11908-V Switch Chassis JG609A HP FF 11900 Main Processing Unit

10500 Switch Series (Comware v5) Fix in progress use mitigations JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC614A HP 10500 Main Processing Unit JC748A HP 10512 Switch Chassis JG375A HP 10500 TAA Main Processing Unit JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis

10500 Switch Series (Comware v7) Fix in progress use mitigations JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC748A HP 10512 Switch Chassis JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis JG496A HP 10500 Type A MPU w/Comware v7 OS

9500E Fix in progress use mitigations JC124A HP A9508 Switch Chassis JC124B HP 9505 Switch Chassis JC125A HP A9512 Switch Chassis JC125B HP 9512 Switch Chassis JC474A HP A9508-V Switch Chassis JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9512E Routing-Switch Chassis (0235A0G7) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9505E Chassis w/ Fans (0235A38P) H3C S9512E Chassis w/ Fans (0235A38R)

Router 8800 Fix in progress use mitigations JC147A HP A8802 Router Chassis JC147B HP 8802 Router Chassis JC148A HP A8805 Router Chassis JC148B HP 8805 Router Chassis JC149A HP A8808 Router Chassis JC149B HP 8808 Router Chassis JC150A HP A8812 Router Chassis JC150B HP 8812 Router Chassis JC141A HP 8802 Main Control Unit Module JC138A HP 8805/08/12 (1E) Main Cntrl Unit Mod JC137A HP 8805/08/12 (2E) Main Cntrl Unit Mod H3C SR8805 10G Core Router Chassis (0235A0G8) H3C SR8808 10G Core Router Chassis (0235A0G9) H3C SR8812 10G Core Router Chassis (0235A0GA) H3C SR8802 10G Core Router Chassis (0235A0GC) H3C SR8802 10G Core Router Chassis (0235A31B) H3C SR8805 10G Core Router Chassis (0235A31C) H3C SR8808 10G Core Router Chassis (0235A31D) H3C SR8812 10G Core Router Chassis (0235A31E)

7500 Switch Series Fix in progress use mitigations JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T JC697A HP A7502 TAA Main Processing Unit JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE JC700A HP A7500 384 Gbps TAA Fabric / MPU JC701A HP A7510 768 Gbps TAA Fabric / MPU JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports JD194A HP 384 Gbps Fabric A7500 Module JD194B HP 7500 384Gbps Fabric Module JD195A HP 7500 384Gbps Advanced Fabric Module JD196A HP 7502 Fabric Module JD220A HP 7500 768Gbps Fabric Module JD238A HP A7510 Switch Chassis JD238B HP 7510 Switch Chassis JD239A HP A7506 Switch Chassis JD239B HP 7506 Switch Chassis JD240A HP A7503 Switch Chassis JD240B HP 7503 Switch Chassis JD241A HP A7506 Vertical Switch Chassis JD241B HP 7506-V Switch Chassis JD242A HP A7502 Switch Chassis JD242B HP 7502 Switch Chassis JD243A HP A7503 Switch Chassis w/1 Fabric Slot JD243B HP 7503-S Switch Chassis w/1 Fabric Slot H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4) H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2) H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5) H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1) H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3) H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0) H3C S7502E Chassis w/ fans (0235A29A) H3C S7503E Chassis w/ fans (0235A27R) H3C S7503E-S Chassis w/ fans (0235A33R) H3C S7506E Chassis w/ fans (0235A27Q) H3C S7506E-V Chassis w/ fans (0235A27S)

HSR6800 Fix in progress use mitigations JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU

HSR6800 Russian Version Fix in progress use mitigations JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU

HSR6602 Fix in progress use mitigations JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router

HSR6602 Russian Version Fix in progress use mitigations JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router

A6600 Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

A6600 Russian Version Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

6600 MCP Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

6600 MCP Russian Version Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

5920 Switch Series Fix in progress use mitigations JG296A HP 5920AF-24XG Switch JG555A HP 5920AF-24XG TAA Switch

5900 Switch Series Fix in progress use mitigations JC772A HP 5900AF-48XG-4QSFP+ Switch JG336A HP 5900AF-48XGT-4QSFP+ Switch JG510A HP 5900AF-48G-4XG-2QSFP+ Switch JG554A HP 5900AF-48XG-4QSFP+ TAA Switch JG838A HP FF 5900CP-48XG-4QSFP+ Switch

5900 Virtual Switch Fix in progress use mitigations JG814AAE HP Virtual Switch 5900v VMware E-LTU JG815AAE HP VSO SW for 5900v VMware E-LTU

5830 Switch Series Fix in progress use mitigations JC691A HP A5830AF-48G Switch w/1 Interface Slot JC694A HP A5830AF-96G Switch JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot JG374A HP 5830AF-96G TAA Switch

5820 Switch Series Fix in progress use mitigations JC102A HP 5820-24XG-SFP+ Switch JC106A HP 5820-14XG-SFP+ Switch with 2 Slots JG219A HP 5820AF-24XG Switch JG243A HP 5820-24XG-SFP+ TAA-compliant Switch JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media modules Plus OSM (0235A37L) H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T (RJ45) (0235A370)

5800 Switch Series Fix in progress use mitigations JC099A HP 5800-24G-PoE Switch JC100A HP 5800-24G Switch JC101A HP 5800-48G Switch with 2 Slots JC103A HP 5800-24G-SFP Switch JC104A HP 5800-48G-PoE Switch JC105A HP 5800-48G Switch JG225A HP 5800AF-48G Switch JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots JG254A HP 5800-24G-PoE+ TAA-compliant Switch JG255A HP 5800-24G TAA-compliant Switch JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot JG258A HP 5800-48G TAA Switch w 1 Intf Slot H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot (0235A36U) H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X (SFP Plus ) Plus 1 media module PoE (0235A36S) H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus media module (no power) (0235A374) H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus ) Plus media module (0235A379) H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module (0235A378) H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM (0235A36W)

5500 HI Switch Series Fix in progress use mitigations JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt

5500 EI Switch Series Fix in progress use mitigations JD373A HP 5500-24G DC EI Switch JD374A HP 5500-24G-SFP EI Switch JD375A HP 5500-48G EI Switch JD376A HP 5500-48G-PoE EI Switch JD377A HP 5500-24G EI Switch JD378A HP 5500-24G-PoE EI Switch JD379A HP 5500-24G-SFP DC EI Switch JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts H3C S5500-28C-EI Ethernet Switch (0235A253) H3C S5500-28F-EI Eth Switch AC Single (0235A24U) H3C S5500-52C-EI Ethernet Switch (0235A24X) H3C S5500-28C-EI-DC Ethernet Switch (0235A24S) H3C S5500-28C-PWR-EI Ethernet Switch (0235A255) H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259) H3C S5500-52C-PWR-EI Ethernet Switch (0235A251)

5500 SI Switch Series Fix in progress use mitigations JD369A HP 5500-24G SI Switch JD370A HP 5500-48G SI Switch JD371A HP 5500-24G-PoE SI Switch JD372A HP 5500-48G-PoE SI Switch JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts H3C S5500-28C-SI Ethernet Switch (0235A04U) H3C S5500-52C-SI Ethernet Switch (0235A04V) H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H) H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)

5120 EI Switch Series Fix in progress use mitigations JE066A HP 5120-24G EI Switch JE067A HP 5120-48G EI Switch JE068A HP 5120-24G EI Switch with 2 Slots JE069A HP 5120-48G EI Switch with 2 Slots JE070A HP 5120-24G-PoE EI Switch with 2 Slots JE071A HP 5120-48G-PoE EI Switch with 2 Slots JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ) H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS) H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR) H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT) H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU) H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)

5120 SI switch Series Fix in progress use mitigations JE072A HP 5120-48G SI Switch JE073A HP 5120-16G SI Switch JE074A HP 5120-24G SI Switch JG091A HP 5120-24G-PoE+ (370W) SI Switch JG092A HP 5120-24G-PoE+ (170W) SI Switch H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W) H3C S5120-20P-SI L2 16GE Plus 4SFP (0235A42B) H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D) H3C S5120-28P-HPWR-SI (0235A0E5) H3C S5120-28P-PWR-SI (0235A0E3)

4800 G Switch Series Fix in progress use mitigations JD007A HP 4800-24G Switch JD008A HP 4800-24G-PoE Switch JD009A HP 4800-24G-SFP Switch JD010A HP 4800-48G Switch JD011A HP 4800-48G-PoE Switch

3Com Switch 4800G 24-Port (3CRS48G-24-91) 3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91) 3Com Switch 4800G 48-Port (3CRS48G-48-91) 3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91) 3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)

4510G Switch Series Fix in progress use mitigations JF428A HP 4510-48G Switch JF847A HP 4510-24G Switch

3Com Switch 4510G 48 Port (3CRS45G-48-91) 3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91) 3Com Switch E4510-24G (3CRS45G-24-91)

4210G Switch Series Fix in progress use mitigations JF844A HP 4210-24G Switch JF845A HP 4210-48G Switch JF846A HP 4210-24G-PoE Switch

3Com Switch 4210-24G (3CRS42G-24-91) 3Com Switch 4210-48G (3CRS42G-48-91) 3Com Switch E4210-24G-PoE (3CRS42G-24P-91)

3610 Switch Series Fix in progress use mitigations JD335A HP 3610-48 Switch JD336A HP 3610-24-4G-SFP Switch JD337A HP 3610-24-2G-2G-SFP Switch JD338A HP 3610-24-SFP Switch H3C S3610-52P - model LS-3610-52P-OVS (0235A22C) H3C S3610-28P - model LS-3610-28P-OVS (0235A22D) H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E) H3C S3610-28F - model LS-3610-28F-OVS (0235A22F)

3600 V2 Switch Series Fix in progress use mitigations JG299A HP 3600-24 v2 EI Switch JG300A HP 3600-48 v2 EI Switch JG301A HP 3600-24-PoE+ v2 EI Switch JG301B HP 3600-24-PoE+ v2 EI Switch JG302A HP 3600-48-PoE+ v2 EI Switch JG302B HP 3600-48-PoE+ v2 EI Switch JG303A HP 3600-24-SFP v2 EI Switch JG304A HP 3600-24 v2 SI Switch JG305A HP 3600-48 v2 SI Switch JG306A HP 3600-24-PoE+ v2 SI Switch JG306B HP 3600-24-PoE+ v2 SI Switch JG307A HP 3600-48-PoE+ v2 SI Switch JG307B HP 3600-48-PoE+ v2 SI Switch

3100V2 Fix in progress use mitigations JD313B HP 3100-24-PoE v2 EI Switch JD318B HP 3100-8 v2 EI Switch JD319B HP 3100-16 v2 EI Switch JD320B HP 3100-24 v2 EI Switch JG221A HP 3100-8 v2 SI Switch JG222A HP 3100-16 v2 SI Switch JG223A HP 3100-24 v2 SI Switch

3100V2-48 Fix in progress use mitigations JG315A HP 3100-48 v2 Switch

1910 Fix in progress use mitigations JE005A HP 1910-16G Switch JE006A HP 1910-24G Switch JE007A HP 1910-24G-PoE (365W) Switch JE008A HP 1910-24G-PoE(170W) Switch JE009A HP 1910-48G Switch JG348A HP 1910-8G Switch JG349A HP 1910-8G-PoE+ (65W) Switch JG350A HP 1910-8G-PoE+ (180W) Switch 3Com Baseline Plus Switch 2900 Gigabit Family - 52 port (3CRBSG5293) 3Com Baseline Plus Switch 2900G - 20 port (3CRBSG2093) 3Com Baseline Plus Switch 2900G - 28 port (3CRBSG2893) 3Com Baseline Plus Switch 2900G - 28HPWR (3CRBSG28HPWR93) 3Com Baseline Plus Switch 2900G - 28PWR (3CRBSG28PWR93)

1810v1 P2 Fix in progress use mitigations J9449A HP 1810-8G Switch J9450A HP 1810-24G Switch

1810v1 PK Fix in progress use mitigations J9660A HP 1810-48G Switch

MSR20 Fix in progress use mitigations JD432A HP A-MSR20-21 Multi-Service Router JD662A HP MSR20-20 Multi-Service Router JD663A HP MSR20-21 Multi-Service Router JD663B HP MSR20-21 Router JD664A HP MSR20-40 Multi-Service Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326) H3C MSR 20-20 (0235A19H) H3C MSR 20-21 (0235A325) H3C MSR 20-40 (0235A19K) H3C MSR-20-21 Router (0235A19J)

MSR20-1X Fix in progress use mitigations JD431A HP MSR20-10 Router JD667A HP MSR20-15 IW Multi-Service Router JD668A HP MSR20-13 Multi-Service Router JD669A HP MSR20-13 W Multi-Service Router JD670A HP MSR20-15 A Multi-Service Router JD671A HP MSR20-15 AW Multi-Service Router JD672A HP MSR20-15 I Multi-Service Router JD673A HP MSR20-11 Multi-Service Router JD674A HP MSR20-12 Multi-Service Router JD675A HP MSR20-12 W Multi-Service Router JD676A HP MSR20-12 T1 Multi-Service Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router JG209A HP MSR20-12-T-W Router (NA) JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) H3C MSR 20-10 (0235A0A7) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-11 (0235A31V) H3C MSR 20-12 (0235A32E) H3C MSR 20-12 T1 (0235A32B) H3C MSR 20-13 (0235A31W) H3C MSR 20-13 W (0235A31X) H3C MSR 20-15 A (0235A31Q) H3C MSR 20-15 A W (0235A31R) H3C MSR 20-15 I (0235A31N) H3C MSR 20-15 IW (0235A31P) H3C MSR20-12 W (0235A32G)

MSR30 Fix in progress use mitigations JD654A HP MSR30-60 POE Multi-Service Router JD657A HP MSR30-40 Multi-Service Router JD658A HP MSR30-60 Multi-Service Router JD660A HP MSR30-20 POE Multi-Service Router JD661A HP MSR30-40 POE Multi-Service Router JD666A HP MSR30-20 Multi-Service Router JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF232A HP RT-MSR3040-AC-OVS-AS-H3 JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S) H3C MSR 30-20 (0235A19L) H3C MSR 30-20 POE (0235A239) H3C MSR 30-40 (0235A20J) H3C MSR 30-40 POE (0235A25R) H3C MSR 30-60 (0235A20K) H3C MSR 30-60 POE (0235A25S) H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)

MSR30-16 Fix in progress use mitigations JD659A HP MSR30-16 POE Multi-Service Router JD665A HP MSR30-16 Multi-Service Router JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) H3C MSR 30-16 (0235A237) H3C MSR 30-16 POE (0235A238)

MSR30-1X Fix in progress use mitigations JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) H3C RT-MSR3011-AC-OVS-H3 (0235A29L)

MSR50 Fix in progress use mitigations JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR5040-DC-OVS-H3C (0235A20P) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L)

MSR50-G2 Fix in progress use mitigations JD429A HP MSR50 G2 Processor Module JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q) H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD(0231A0KL)

MSR20 Russian version Fix in progress use mitigations JD663B HP MSR20-21 Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326)

MSR20-1X Russian version Fix in progress use mitigations JD431A HP MSR20-10 Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)

MSR30 Russian version Fix in progress use mitigations JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)

MSR30-1X Russian version Fix in progress use mitigations JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L) H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)

MSR30-16 Russian version Fix in progress use mitigations JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)

MSR50 Russian version Fix in progress use mitigations JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR 50 Processor Module (0231A791) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR5040-DC-OVS-H3C (0235A20P)

MSR50 G2 Russian version Fix in progress use mitigations JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL)

MSR9XX Fix in progress use mitigations JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr JG207A HP MSR900-W Router (NA) JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)

MSR9XX Russian version Fix in progress use mitigations JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)

MSR93X Fix in progress use mitigations JG511A HP MSR930 Router JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router

MSR93X Russian version Fix in progress use mitigations JG511A HP MSR930 Router JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router

MSR1000 Fix in progress use mitigations JG732A HP MSR1003-8 AC Router

MSR2000 Fix in progress use mitigations JG411A HP MSR2003 AC Router

MSR3000 Fix in progress use mitigations JG404A HP MSR3064 Router JG405A HP MSR3044 Router JG406A HP MSR3024 AC Router JG409A HP MSR3012 AC Router JG861A HP MSR3024 TAA-compliant AC Router

MSR4000 Fix in progress use mitigations JG402A HP MSR4080 Router Chassis JG403A HP MSR4060 Router Chassis JG412A HP MSR4000 MPU-100 Main Processing Unit

F5000 Fix in progress use mitigations JG216A HP F5000 Firewall Standalone Chassis JD259A HP A5000-A5 VPN Firewall Chassis H3C SecPath F5000-A5 Host System (0150A0AG)

U200S and CS Fix in progress use mitigations JD268A HP 200-CS UTM Appliance JD273A HP U200-S UTM Appliance H3C SecPath U200-S (0235A36N)

U200A and M Fix in progress use mitigations JD274A HP 200-M UTM Appliance JD275A HP U200-A UTM Appliance H3C SecPath U200-A (0235A36Q)

F1000A and S Fix in progress use mitigations JD270A HP S1000-S VPN Firewall Appliance JD271A HP S1000-A VPN Firewall Appliance JG213A HP F1000-S-EI VPN Firewall Appliance JG214A HP F1000-A-EI VPN Firewall Appliance

SecBlade FW Fix in progress use mitigations JC635A HP 12500 VPN Firewall Module JD245A HP 9500 VPN Firewall Module JD249A HP 10500/7500 Advanced VPN Firewall Mod JD250A HP 6600 Firewall Processing Rtr Module JD251A HP 8800 Firewall Processing Module JD255A HP 5820 VPN Firewall Module H3C S9500E SecBlade VPN Firewall Module (0231A0AV) H3C S7500E SecBlade VPN Firewall Module (0231A832) H3C SR66 Gigabit Firewall Module (0231A88A) H3C SR88 Firewall Processing Module (0231A88L) H3C S5820 SecBlade VPN Firewall Module (0231A94J)

F1000E Fix in progress use mitigations JD272A HP S1000-E VPN Firewall Appliance

VSR1000 Fix in progress use mitigations JG810AAE HP VSR1001 Virtual Services Router JG811AAE HP VSR1001 Virtual Services Router JG812AAE HP VSR1004 Virtual Services Router JG813AAE HP VSR1008 Virtual Services Router

WX5002/5004 Fix in progress use mitigations JD441A HP 5800 ACM for 64-256 APs JD447B HP WX5002 Access Controller JD448A HP A-WX5004 Access Controller JD448B HP WX5004 Access Controller JD469A HP A-WX5004 (3Com) Access Controller JG261A HP 5800 Access Controller OAA TAA Mod

HP 850/870 Fix in progress use mitigations JG723A HP 870 Unified Wired-WLAN Appliance JG725A HP 870 Unifd Wrd-WLAN TAA Applnc

HP 830 Fix in progress use mitigations JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch

HP 6000 Fix in progress use mitigations JG639A HP 10500/7500 20G Unified Wired-WLAN Mod JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod

M220 Fix in progress use mitigations J9798A HP M220 802.11n AM Access Point J9799A HP M220 802.11n WW Access Point

NGFW Fix in progress use mitigations JC882A HP S1050F NGFW Aplnc w/DVLabs 1-yr Lic JC883A HP S3010F NGFW Aplnc w/DVLabs 1-yr Lic JC884A HP S3020F NGFW Aplnc w/DVLabs 1-yr Lic JC885A HP S8005F NGFW Aplnc w/DVLabs 1-yr Lic JC886A HP S8010F NGFW Aplnc w/DVLabs 1-yr Lic

iMC UAM 7.0 Fix in progress use mitigations JD144A HP IMC UAM S/W Module w/200-User License JF388A HP IMC UAM S/W Module w/200-user License JD435A HP IMC EAD Client Software JF388AAE HP IMC UAM S/W Module w/200-user E-LTU JG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU

iMC EAD 7.0 Fix in progress use mitigations JF391AAE HP IMC EAD S/W Module w/200-user E-LTU JG754AAE HP IMC EAD SW Module w/ 50-user E-LTU JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License JF391A HP IMC EAD S/W Module w/200-user License

iMC PLAT 7.0 Fix in progress use mitigations JF377AAE HP IMC Standard Edition Software Platform with 100-node E-LTU JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU JG747AAE HP IMC Standard Software Platform with 50-node E-LTU JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU JD125A HP IMC Standard Edition Software Platform with 100-node License JD815A HP IMC Standard Edition Software Platform with 100-node License JD816A HP A-IMC Standard Edition Software DVD Media JF377A HP IMC Standard Edition Software Platform with 100-node License JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU TJ635AAE HP IMC for ANM 50 node pack SW E-LTU (On HP Softwares CPL not HPNs) JF378AAE HP IMC Enterprise Edition Software Platform with 200-Node E-LTU JG748AAE HP IMC Enterprise Software Platform with 50-node E-LTU JD126A HP A-IMC Enterprise Software Platform with 200-node License JD808A HP A-IMC Enterprise Software Platform with 200-node License JD814A HP A-IMC Enterprise Edition Software DVD Media JF378A HP IMC Enterprise Edition Software Platform with 200-node License JG546AAE HP IMC Basic SW Platform w/50-node E-LTU JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU JG550AAE HP PMM to IMC Bsc WLM Upgr w/150 AP E-LTU JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU JG659AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU JG660AAE HP IMC Smart Connect w / WLAN Manager Virtual Appliance Edition E-LTU JG767AAE HP IMC Smart Connect with Wireless Service Manager Virtual Appliance Software E-LTU

HISTORY Version:1 (rev.1) - 20 June 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlOkrM4ACgkQ4B86/C0qfVn7/QCeK5T1H9dXfVQgIKSr5USqLmvq CtMAnjujH7e5aXfIOvxyyuB0FcSwIWCM =CEL7 -----END PGP SIGNATURE----- . OpenSSL is a 3rd party product that is embedded with some HP printer products. This bulletin notifies HP Printer customers about impacted products. To obtain the updated firmware, go to www.hp.com and follow these steps:

Select "Drivers & Software". Enter the appropriate product name listed in the table below into the search field. Click on "Search". Click on the appropriate product. Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" Note: If the "Cross operating system ..." link is not present, select applicable Windows operating system from the list. Select the appropriate firmware update under "Firmware".

Firmware Updates Table

Product Name Model Number Firmware Revision

HP Color LaserJet CM4540 MFP CC419A, CC420A, CC421A v 2302963_436067 (or higher)

HP Color LaserJet CP5525 CE707A,CE708A,CE709A v 2302963_436070 (or higher)

HP Color LaserJet Enterprise M750 D3L08A, D3L09A, D3L10A v 2302963_436077 (or higher)

HP Color LaserJet M651 CZ255A, CZ256A, CZ257A, CZ258A v 2302963_436073 (or higher)

HP Color LaserJet M680 CZ248A, CZ249A v 2302963_436072 (or higher)

HP Color LaserJet Flow M680 CZ250A, CA251A v 2302963_436072 (or higher)

HP LaserJet Enterprise 500 color MFP M575dn CD644A, CD645A v 2302963_436081 (or higher)

HP LaserJet Enterprise 500 MFP M525f CF116A, CF117A v 2302963_436069 (or higher)

HP LaserJet Enterprise 600 M601 Series CE989A, CE990A v 2302963_436082 (or higher)

HP LaserJet Enterprise 600 M602 Series CE991A, CE992A, CE993A v 2302963_436082 (or higher)

HP LaserJet Enterprise 600 M603 Series CE994A, CE995A, CE996A v 2302963_436082 (or higher)

HP LaserJet Enterprise MFP M630 series B3G84A, B3G85A, B3G86A, J7X28A v 2303714_233000041 (or higher)

HP LaserJet Enterprise 700 color M775 series CC522A, CC523A, CC524A, CF304A v 2302963_436079 (or higher)

HP LaserJet Enterprise 700 M712 series CF235A, CF236A, CF238A v 2302963_436080 (or higher)

HP LaserJet Enterprise 800 color M855 A2W77A, A2W78A, A2W79A v 2302963_436076 (or higher)

HP LaserJet Enterprise 800 color MFP M880 A2W76A, A2W75A, D7P70A, D7P71A v 2302963_436068 (or higher)

HP LaserJet Enterprise Color 500 M551 Series CF081A,CF082A,CF083A v 2302963_436083 (or higher)

HP LaserJet Enterprise color flow MFP M575c CD646A v 2302963_436081 (or higher)

HP LaserJet Enterprise flow M830z MFP CF367A v 2302963_436071 (or higher)

HP LaserJet Enterprise flow MFP M525c CF118A v 2302963_436069 (or higher)

HP LaserJet Enterprise M4555 MFP CE502A,CE503A, CE504A, CE738A v 2302963_436064 (or higher)

HP LaserJet Enterprise M806 CZ244A, CZ245A v 2302963_436075 (or higher)

HP LaserJet Enterprise MFP M725 CF066A, CF067A, CF068A, CF069A v 2302963_436078 (or higher)

HP Scanjet Enterprise 8500 Document Capture Workstation L2717A, L2719A v 2302963_436065 (or higher)

OfficeJet Enterprise Color MFP X585 B5L04A, B5L05A,B5L07A v 2302963_436066 (or higher)

OfficeJet Enterprise Color X555 C2S11A, C2S12A v 2302963_436074 (or higher)

HP Color LaserJet CP3525 CC468A, CC469A, CC470A, CC471A v 06.183.1 (or higher)

HP LaserJet M4345 Multifunction Printer CB425A, CB426A, CB427A, CB428A v 48.306.1 (or higher)

HP LaserJet M5025 Multifunction Printer Q7840A v 48.306.1 (or higher)

HP Color LaserJet CM6040 Multifunction Printer Q3938A, Q3939A v 52.256.1 (or higher)

HP Color LaserJet Enterprise CP4525 CC493A, CC494A, CC495A v 07.164.1 (or higher)

HP Color LaserJet Enterprise CP4025 CC489A, CC490A v 07.164.1 (or higher)

HP LaserJet M5035 Multifunction Printer Q7829A, Q7830A, Q7831A v 48.306.1 (or higher)

HP LaserJet M9050 Multifunction Printer CC395A v 51.256.1 (or higher)

HP LaserJet M9040 Multifunction Printer CC394A v 51.256.1 (or higher)

HP Color LaserJet CM4730 Multifunction Printer CB480A, CB481A, CB482A, CB483A v 50.286.1 (or higher)

HP LaserJet M3035 Multifunction Printer CB414A, CB415A, CC476A, CC477A v 48.306.1 (or higher)

HP 9250c Digital Sender CB472A v 48.293.1 (or higher)

HP LaserJet Enterprise P3015 CE525A,CE526A,CE527A,CE528A,CE595A v 07.186.1 (or higher)

HP LaserJet M3027 Multifunction Printer CB416A, CC479A v 48.306.1 (or higher)

HP LaserJet CM3530 Multifunction Printer CC519A, CC520A v 53.236.1 (or higher)

HP Color LaserJet CP6015 Q3931A, Q3932A, Q3933A, Q3934A, Q3935A v 04.203.1 (or higher)

HP LaserJet P4515 CB514A,CB515A, CB516A, CB517A v 04.213.1 (or higher)

HP Color LaserJet CM6030 Multifunction Printer CE664A, CE665A v 52.256.1 (or higher)

HP LaserJet P4015 CB509A, CB526A, CB511A, CB510A v 04.213.1 (or higher)

HP LaserJet P4014 CB507A, CB506A, CB512A v 04.213.1 (or higher)

HISTORY Version:1 (rev.1) - 22 September 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201406-0445",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "6.2.3"
      },
      {
        "model": "jboss enterprise web server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "2.0.1"
      },
      {
        "model": "jboss enterprise web platform",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "5.2.0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "ibm",
        "version": "7200"
      },
      {
        "model": "powerlinux 7r2",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8za"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "rox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.16.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "20"
      },
      {
        "model": "application processing engine",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0.2"
      },
      {
        "model": "python",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "python",
        "version": "3.4.2"
      },
      {
        "model": "s7-1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.6"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.2.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.29"
      },
      {
        "model": "python",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "python",
        "version": "2.7.8"
      },
      {
        "model": "server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "filezilla",
        "version": "0.9.45"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "19"
      },
      {
        "model": "storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "python",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "python",
        "version": "3.4.0"
      },
      {
        "model": "mariadb",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mariadb",
        "version": "10.0.13"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "cp1543-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.25"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "mariadb",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mariadb",
        "version": "10.0.0"
      },
      {
        "model": "python",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "python",
        "version": "2.7.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.2"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7100"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7400"
      },
      {
        "model": "powerlinux 7r1",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "bladecenter advanced management module 3.66e",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.9,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "5200"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "10.4"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "11.4"
      },
      {
        "model": "junos 11.4r9",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7700"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "10.1"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "10.0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "5700"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7800"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7300"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7500"
      },
      {
        "model": "junos 10.4s15",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "12.1x45"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "junos 13.2r2",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 10.4r15",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "11.1"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "junos 13.3r1",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 10.4s",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "11.2"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "10.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "11.4x27"
      },
      {
        "model": "junos 11.4r8",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 10.4r16",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x45-d10",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "junos 12.1r7",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "10.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.110.6"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "power ps702",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "cloudplatform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.30"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.117"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.112"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.46"
      },
      {
        "model": "chrome for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.141"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "fortigate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9.1"
      },
      {
        "model": "oncommand performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v210.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.10"
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.155"
      },
      {
        "model": "laserjet pro color printer m251n/nw cf147a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20020140919"
      },
      {
        "model": "horizon view feature pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.5"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.0"
      },
      {
        "model": "arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.4"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "cp1543-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2.2"
      },
      {
        "model": "vsphere virtual disk development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "laserjet p2055 printer series ce460a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20141201"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.35"
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datafort e-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571471.43"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v2-480"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "junos 11.4r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.4"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6.10"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos space ja1500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.3"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x571431.43"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "laserjet printer series q7543a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "laserjet enterprise flow mfp m525c cf118a 2302963 436069",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.20"
      },
      {
        "model": "fortios b0537",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.06"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "laserjet enterprise m806 cz244a 2302963 436075",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.3"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "9.1-release-p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "laserjet enterprise color m775 series cf304a 2302963 436079",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "fortirecorder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.4.2"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.00"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.3.3"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "rational build forge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.11"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.32"
      },
      {
        "model": "laserjet enterprise mfp m525f cf117a 2302963 436069",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "laserjet enterprise color m775 series cc522a 2302963 436079",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "secure analytics 2013.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "vpn client v100r001c02spc702",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet enterprise color mfp m880 d7p70a 2302963 436068",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.6"
      },
      {
        "model": "laserjet pro color mfp m276n/nw cf145a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20020140919"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.1.100.3"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "laserjet m9050 multifunction printer cc395a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.2"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310025820"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0"
      },
      {
        "model": "junos 13.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "integrity superdome and hp converged system for sap hana",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x9005.50.12"
      },
      {
        "model": "asset manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.20"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.3"
      },
      {
        "model": "algo one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.8"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "sdn for virtual environments",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.2"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.5.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.2"
      },
      {
        "model": "manageone v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7400"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.38"
      },
      {
        "model": "tivoli workload scheduler distributed ga level",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2.0"
      },
      {
        "model": "snapprotect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "junos r8-s2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.34"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "color laserjet enterprise cp4525 cc495a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "10.0-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.49"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.342"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "oneview",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.10"
      },
      {
        "model": "laserjet enterprise mfp m725 cf069a 2302963 436078",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.53"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.0.1"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.6"
      },
      {
        "model": "prime access registrar appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.48"
      },
      {
        "model": "nvp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.2.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.1"
      },
      {
        "model": "algo one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "database and middleware automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "tekelec hlr router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "open systems snapvault agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "agile controller v100r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web security gateway anywhere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7"
      },
      {
        "model": "laserjet p4515 cb515a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "laserjet pro mfp m425dn/dw cf286a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020140919"
      },
      {
        "model": "laserjet enterprise m712 series cf236a 2302963 436080",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.49"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mds switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart update manager for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3.5"
      },
      {
        "model": "idol speech software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.5.0.16091"
      },
      {
        "model": "laserjet enterprise color m551 series cf082a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.8"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.124"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.2"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.32"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.14"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "laserjet enterprise mfp m725 cf066a 2302963 436078",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.10"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "wx5002/5004 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "netscaler 9.3.e",
        "scope": null,
        "trust": 0.3,
        "vendor": "citrix",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.71"
      },
      {
        "model": "laserjet m9040 multifunction printer cc394a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51.256.1"
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "usg5000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.46"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "junos space 13.3r1.8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.4"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise communications broker pcz2.0.0m4p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "sparc enterprise m4000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.1"
      },
      {
        "model": "aura application server sip core pb23",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "vsr1000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.33"
      },
      {
        "model": "asg2000 v100r001c10sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.130.14"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.10"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.14"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.16"
      },
      {
        "model": "junos r4-s2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.128.3"
      },
      {
        "model": "virtuozzo containers for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "4.6"
      },
      {
        "model": "laserjet p4015 cb526a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "laserjet enterprise mfp m630 series j7x28a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "laserjet p3005 printer series q7813a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.190.3"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.4"
      },
      {
        "model": "vsphere virtual disk development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.24"
      },
      {
        "model": "vsm v200r002c00spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.37"
      },
      {
        "model": "10.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "710/7300"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.8"
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.08"
      },
      {
        "model": "airwave",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "7.4"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "0"
      },
      {
        "model": "nextscale nx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54550"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.52"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.110"
      },
      {
        "model": "network connect 8.0r3.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system chassis management module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.95"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.8"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "s5900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "watson explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0"
      },
      {
        "model": "p2000 g3 msa array system ts251p006",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "documentum content server p05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "laserjet printer series q5404a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42508.250.2"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.5"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.1.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "flex system p270",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7954-24x)0"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.04"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.10"
      },
      {
        "model": "laserjet p4015 cb509a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.2"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "endeca information discovery studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.18"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "10.0-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.3"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.5"
      },
      {
        "model": "laserjet m5035 multifunction printer q7829a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.38"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "8.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5.2.3"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6.1"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "laserjet enterprise m602 series ce992a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "fortiwifi",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "laserjet enterprise m712 series cf238a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.4"
      },
      {
        "model": "junos 12.1r8-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.344"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087220"
      },
      {
        "model": "9.2-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "content analysis system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.5.5"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sparc enterprise m9000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.14"
      },
      {
        "model": "advanced settings utility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "websphere datapower xml accelerator xa35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.7"
      },
      {
        "model": "(comware family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12500v7)0"
      },
      {
        "model": "automation stratix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "590015.6.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.11"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.50"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v5000-"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.72"
      },
      {
        "model": "nexus series fabric extenders",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "intelligencecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.2"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "strm 2012.1r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "financial services lending and leasing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "14.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "fortimail build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8546"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.55"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "documentum content server p02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "9.0.3"
      },
      {
        "model": "sbr global enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "color laserjet printer series q7533a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "300046.80.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.10"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.19"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "power ps700",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.7"
      },
      {
        "model": "communicator for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "laserjet enterprise m712 series cf235a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "color laserjet cp5525 ce708a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.12"
      },
      {
        "model": "desktop collaboration experience dx650",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura application server sip core pb28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "automation stratix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "59000"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "communicator for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0.2"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.48"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.5.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.41"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.9"
      },
      {
        "model": "secure analytics 2014.2r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "color laserjet cm4540 mfp cc421a 2302963 436067",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "color laserjet cp6015 q3934a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.21"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.6"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.24"
      },
      {
        "model": "telepresence ip gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "junos 12.1r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "p2000 g3 msa array system ts251p005",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "idol software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.8"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.1"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "open systems snapvault 3.0.1p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "key",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.2"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.14"
      },
      {
        "model": "laserjet p4515 cb515a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "worklight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "laserjet enterprise color m775 series cc523a 2302963 436079",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "9.3-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.01"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.11"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1"
      },
      {
        "model": "power 780",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "52056340"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.53"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7700"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.4"
      },
      {
        "model": "junos 12.2r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.7"
      },
      {
        "model": "u200s and cs family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "security threat response manager 2013.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.71"
      },
      {
        "model": "pulse desktop 5.0r4.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.2"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.7"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.1"
      },
      {
        "model": "winscp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.5.4"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.04"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.02"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.6"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "laserjet m3035 multifunction printer cc476a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "hsr6800 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.3"
      },
      {
        "model": "color laserjet m651 cz258a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v5)0"
      },
      {
        "model": "ddos secure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.14.1-1"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "3.4.1"
      },
      {
        "model": "9.3-beta1-p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "vsm v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "junos 12.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "message networking sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "officejet enterprise color mfp b5l05a 2302963 436066",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x585"
      },
      {
        "model": "color laserjet cm4540 mfp cc420a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "dgs-1210-52",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "4.00.025"
      },
      {
        "model": "ngfw family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "powervu d9190 comditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.31"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.57"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.3"
      },
      {
        "model": "msr9xx russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "junos 12.3r4-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.14"
      },
      {
        "model": "ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "10.0-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9.3"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1.1"
      },
      {
        "model": "ive os 7.4r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system p260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-23x)0"
      },
      {
        "model": "laserjet enterprise m806 cz244a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "usage meter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.3"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.73"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "softco v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "proxyav",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.4.2.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.3"
      },
      {
        "model": "s2700\u0026s3700 v100r006c05+v100r06h",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.56"
      },
      {
        "model": "horizon mirage edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.4.2"
      },
      {
        "model": "oceanstor s6800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "virtuozzo containers for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "4.6"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb480a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.54"
      },
      {
        "model": "sbr enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "laserjet enterprise p3015 ce527a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "telepresence mcu series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.8"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.014"
      },
      {
        "model": "asg2000 v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.154"
      },
      {
        "model": "idp 5.1r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "nac manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.4"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "smc2.0 v100r002c01b017sp17",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.6"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc519a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "laserjet pro color mfp m276n/nw cf144a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20020140919"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58000"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb481a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "email appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "3.7.0.0"
      },
      {
        "model": "email security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.3"
      },
      {
        "model": "junos os 12.1x46-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "10.0.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.10"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.43"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.13"
      },
      {
        "model": "junos 12.2r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.4"
      },
      {
        "model": "network connect 7.4r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "msa storage gl200r007",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1040"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.4"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.10"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "rox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "11.16.1"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "usg2000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet p4014 cb506a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.0"
      },
      {
        "model": "arubaos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.3.1.8"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.6"
      },
      {
        "model": "system x3500m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73801.42"
      },
      {
        "model": "licensing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325025830"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.53"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v7)0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.6"
      },
      {
        "model": "idol image server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.7"
      },
      {
        "model": "ecns600 v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u19** v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.5"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloudplatform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.2.1-x"
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "laserjet enterprise color m551 series cf081a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.0"
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.20"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.2"
      },
      {
        "model": "oceanstor s5600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "9.0--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "laserjet enterprise color m855 a2w78a 2302963 436076",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.2"
      },
      {
        "model": "color laserjet printer series q5984a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "380046.80.8"
      },
      {
        "model": "simatic cp1543-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.1"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "52056330"
      },
      {
        "model": "color laserjet cp5525 ce707a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "9.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system dx360m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73231.42"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "psb email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "10.00"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.3-66.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.23"
      },
      {
        "model": "laserjet p4014 cb507a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "bladecenter js43 with feature code",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x8446)0"
      },
      {
        "model": "toolscenter suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.53"
      },
      {
        "model": "unified communications series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.18"
      },
      {
        "model": "junos space 11.4r5.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system storage ts2900 tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0026"
      },
      {
        "model": "junos 12.1r7-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "8.4-release-p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "netcool/system service monitor fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.014"
      },
      {
        "model": "exalogic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x2-22.0.6.2.0"
      },
      {
        "model": "color laserjet m680 cz248a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "bbm for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.46"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.6.0"
      },
      {
        "model": "color laserjet enterprise cp4025 cc489a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.164.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "laserjet m3027 multifunction printer cb416a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security information and event management hf11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3.2"
      },
      {
        "model": "laserjet pro mfp m425dn/dw cf288a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020140919"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "junos 12.1r5-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x363071580"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.8"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.29"
      },
      {
        "model": "asset manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.30"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.1"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.1.1"
      },
      {
        "model": "content analysis system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "vsphere storage appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.1"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "elan",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.15"
      },
      {
        "model": "tivoli storage productivity center fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.0"
      },
      {
        "model": "laserjet m5035 multifunction printer q7831a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.2"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "msr2000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "email security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "color laserjet printer series cb433a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.3"
      },
      {
        "model": "laserjet enterprise m712 series cf236a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.12"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "communicator for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0.1"
      },
      {
        "model": "color laserjet printer series q7535a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "300046.80.2"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "8.1.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.7"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "svn2200 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "bladecenter js12 express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7998-60x)0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.12"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "laserjet multifunction printer series q3943a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43459.310.2"
      },
      {
        "model": "usg9500 v300r001c01spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet p4015 cb526a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "cms r16 r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "system x3200m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73271.42"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.115"
      },
      {
        "model": "cit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.52"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.3.2.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.12"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.0"
      },
      {
        "model": "color laserjet cp3505 printer series ce491a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.160.2"
      },
      {
        "model": "laserjet m5035 multifunction printer q7830a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "algo one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.4.0.15779"
      },
      {
        "model": "color laserjet cp3525 cc468a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.183.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "8.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application server sip core pb5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "view client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "host agent for oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "mcp russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66000"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.0.0.12141"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.159"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "ecns610 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.24"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.93"
      },
      {
        "model": "color laserjet printer series q7495a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "a6600 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.817"
      },
      {
        "model": "laserjet enterprise m602 series ce991a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "f5000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet cm6030 multifunction printer ce664a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52.256.1"
      },
      {
        "model": "9.2-release-p8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "color laserjet enterprise cp4025 cc489a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "network connect 7.4r9.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vcsa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "protection service for email",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.5"
      },
      {
        "model": "color laserjet cp3525 cc471a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.183.1"
      },
      {
        "model": "laserjet enterprise flow mfp m525c cf118a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos r11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "laserjet enterprise color flow mfp m575c cd646a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m3035 multifunction printer cb415a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "junos 10.4s13",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.3"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc520a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.7"
      },
      {
        "model": "sdn for virtual environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.0"
      },
      {
        "model": "oceanstor s5600t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "espace iad v300r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.44"
      },
      {
        "model": "color laserjet cp5525 ce708a 2302963 436070",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "cognos express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "pk family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1810v10"
      },
      {
        "model": "color laserjet cp6015 q3935a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "3par service processor sp-4.2.0.ga-29.p002",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.10"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet enterprise m602 series ce993a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.126"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-2"
      },
      {
        "model": "laserjet m4345 multifunction printer cb427a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6.1"
      },
      {
        "model": "laserjet p4515 cb517a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "color laserjet cp5525 ce709a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m5025 multifunction printer q7840a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "oceanstor s5800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "oceanstor s5800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "color laserjet cp6015 q3933a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.20"
      },
      {
        "model": "color laserjet flow m680 cz250a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 11.4r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vdi communicator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0.2"
      },
      {
        "model": "color laserjet cp3505 printer series cb444a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.160.2"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.3"
      },
      {
        "model": "icewall sso dfw r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.10"
      },
      {
        "model": "web security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7"
      },
      {
        "model": "color laserjet printer series cb432a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "cognos express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "horizon view client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.3.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.00"
      },
      {
        "model": "color laserjet multifunction printer series q7519a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.1.20"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.2"
      },
      {
        "model": "malware analysis appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.31"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.00"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5.6.2"
      },
      {
        "model": "junos os 12.1x47-d15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "junos 13.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vfabric application director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9900"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.10"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.2"
      },
      {
        "model": "cloud service automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.00"
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cluster network/management switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "vma san gateway g5.5.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "flex system p260 compute node /fc efd9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "10.0-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.92743"
      },
      {
        "model": "system storage ts2900 tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0025"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8300"
      },
      {
        "model": "color laserjet cm6040 multifunction printer q3938a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "chargeback manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "color laserjet m651 cz258a 2302963 436073",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5950"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.4"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "flex system p260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-22x)0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "tssc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.15"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.7"
      },
      {
        "model": "secblade fw family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.5.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.42"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "bbm for iphone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rim",
        "version": "2.2.1.24"
      },
      {
        "model": "vsphere sdk for perl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "laserjet enterprise color mfp m880 a2w76a 2302963 436068",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.59"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.1"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uacos c4.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "elog v100r003c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.2"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.0"
      },
      {
        "model": "ata series analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.7"
      },
      {
        "model": "flare experience for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.125"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.0.9.8"
      },
      {
        "model": "laserjet enterprise p3015 ce528a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.186.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.3"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "idol speech software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.7"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "color laserjet enterprise cp4525 cc494a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.7"
      },
      {
        "model": "vcenter operations manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.8.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9.5"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.30"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.51"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364160"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "msr50 g2 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "big-ip edge clients for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7080"
      },
      {
        "model": "dgs-1500-52",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "2.51.005"
      },
      {
        "model": "junos 11.4r6-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet m9040 multifunction printer cc394a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cms r17ac.h",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.1"
      },
      {
        "model": "color laserjet cp3525 cc470a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.122"
      },
      {
        "model": "laserjet pro color printer m251n/nw cf146a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20020140919"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "laserjet printer series q5401a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42508.250.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.47"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.10"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power ps703 blade",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7891-73x)0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "3.3.1"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.36"
      },
      {
        "model": "system storage ts3400 tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0039"
      },
      {
        "model": "dynamic system analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.6"
      },
      {
        "model": "s7700\u0026s9700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "flex system p460 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-43x)0"
      },
      {
        "model": "update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.6"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.3.4"
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.2"
      },
      {
        "model": "freedome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "0"
      },
      {
        "model": "fortios b0630",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.00"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.60"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "dsr-1000n 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project metasploit framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "metasploit",
        "version": "4.1.0"
      },
      {
        "model": "oncommand unified manager host package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      },
      {
        "model": "oceanstor s2200t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "icewall sso dfw r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.4.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.14"
      },
      {
        "model": "security enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "policy center v100r003c00spc305",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v19.7"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.11"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "flex system p270 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7954-24x)0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58200"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.52"
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cf285a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "crossbow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "system x3650m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79471.42"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.0"
      },
      {
        "model": "system x3200m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73281.42"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.16"
      },
      {
        "model": "ios software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.39"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "color laserjet cm6040 multifunction printer q3939a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "color laserjet cp6015 q3933a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.76"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "10.0-release-p5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "laserjet m3027 multifunction printer cc479a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.1"
      },
      {
        "model": "laserjet multifunction printer series q3942a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43459.310.2"
      },
      {
        "model": "crossbow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.2.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.2"
      },
      {
        "model": "junos 10.4s14",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.25"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "laserjet m4345 multifunction printer cb428a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uacos c4.4r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "dsr-500n 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "color laserjet m651 cz255a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.16"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.8"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.11"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "storeever msl6480 tape library",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.40"
      },
      {
        "model": "msr3000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "video surveillance series ip camera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "color laserjet enterprise m750 d3l09a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos space 13.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.013"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.3"
      },
      {
        "model": "laserjet enterprise color m855 a2w79a 2302963 436076",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.67"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "spa510 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "operations automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "5.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.20"
      },
      {
        "model": "4800g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "flex system p460",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-43x)0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.7"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.4"
      },
      {
        "model": "idp 4.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.00"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.5"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "usg9500 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.31"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce503a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.11"
      },
      {
        "model": "sylpheed",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "3.4.2"
      },
      {
        "model": "host checker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.3"
      },
      {
        "model": "junos space ja2500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise linux server eus 6.5.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.0"
      },
      {
        "model": "laserjet m5035 multifunction printer q7831a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.10"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "prime performance manager for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "receiver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.12"
      },
      {
        "model": "secure work space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "0"
      },
      {
        "model": "color laserjet cp6015 q3935a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "s7700\u0026s9700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.2"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb482a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.37"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "s3900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "model": "collaboration services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "unified communications widgets click to call",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.16"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.49"
      },
      {
        "model": "color laserjet cp6015 q3933a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "softco v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.6"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.13"
      },
      {
        "model": "telepresence t series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "idol software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "9.0.3"
      },
      {
        "model": "puredata system for hadoop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.02"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.1"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "idatplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v310.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.169"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1"
      },
      {
        "model": "fastsetup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.4"
      },
      {
        "model": "flare experience for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.26"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "laserjet printer series q5409a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43508.250.2"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g85a 2303714 233000041",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.2"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.0"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-3"
      },
      {
        "model": "color laserjet multifunction printer series cb483a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "jabber for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dgs-1500-28p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "2.51.005"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 11.4r12",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.1"
      },
      {
        "model": "a6600 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.1"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.1"
      },
      {
        "model": "laserjet multifunction printer series q3728a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.290.2"
      },
      {
        "model": "junos space 12.3r2.8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system x3650m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79451.42"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.36"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "color laserjet cp6015 q3932a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "operations analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.9"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "vcloud networking and security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1.2"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "vsphere support assistant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "manageone v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "model": "laserjet m4345 multifunction printer cb426a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.34"
      },
      {
        "model": "s7700\u0026s9700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.19"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "s6900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "14.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.65"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.3"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.1"
      },
      {
        "model": "ucs b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.7.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.16"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.011"
      },
      {
        "model": "junos r7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.29"
      },
      {
        "model": "storeever msl6480 tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "junos os 11.4r12-s1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2"
      },
      {
        "model": "3par service processor sp-4.3.0.ga-17.p001",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "laserjet printer series q5407a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43508.250.2"
      },
      {
        "model": "laserjet enterprise color mfp m880 a2w76a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "laserjet enterprise color m775 series cc524a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "laserjet p4515 cb515a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "junos 12.1r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "junos 11.4r10-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.45"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.41"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.116"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.73"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.67"
      },
      {
        "model": "junos 12.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.1"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.015"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.09"
      },
      {
        "model": "sbr carrier 8.0.0-r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "documentum content server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.1"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77109.7"
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cf399a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "color laserjet cp3525 cc469a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.183.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.1"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "quantum policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet enterprise color m775 series cc522a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "msr20 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.614"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "asset manager 9.41.p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "cloudsystem enterprise software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.6"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.57"
      },
      {
        "model": "msr1000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.88"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.3"
      },
      {
        "model": "9.2-rc2-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "utm manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.51"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.9"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3"
      },
      {
        "model": "cloud server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "6.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.16"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "system x3630m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73771.42"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "10.0.2"
      },
      {
        "model": "rational build forge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.22"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.4.1"
      },
      {
        "model": "enterprise linux long life 5.9.server",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "powerlinux 7r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "vcenter chargeback manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.6"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.1.0.18193"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "color laserjet cp6015 q3931a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "system dx360m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73211.42"
      },
      {
        "model": "telepresence mxp series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.2"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.123"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.7"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "jetdirect ew2500 802.11b/g wireless print server j8021a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "41.16"
      },
      {
        "model": "cit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.53"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb483a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50.286.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1"
      },
      {
        "model": "junos r2-s2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.12"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7900.00"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.50"
      },
      {
        "model": "project metasploit framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "metasploit",
        "version": "4.9.1"
      },
      {
        "model": "client connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.0"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4"
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.91"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce738a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos os 12.2r9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb480a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50.286.1"
      },
      {
        "model": "flare experience for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.2.2"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.1.4"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4"
      },
      {
        "model": "communicator for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "lifetime key management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.20"
      },
      {
        "model": "vix api",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.12"
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02spc800",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51200"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb481a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50.286.1"
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cf270a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "laserjet enterprise color m855 a2w78a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.15"
      },
      {
        "model": "message networking sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2"
      },
      {
        "model": "strm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2012.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.26"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "infosphere balanced warehouse d5100",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cc v200r001c31",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "junos 13.2r2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 11.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s12700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "xenmobile app controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "2.10"
      },
      {
        "model": "websphere datapower xml accelerator xa35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0"
      },
      {
        "model": "laserjet enterprise color m775 series cc523a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.10648"
      },
      {
        "model": "laserjet p4014 cb507a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xenmobile app controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "2.9"
      },
      {
        "model": "database and middleware automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.10"
      },
      {
        "model": "oceanstor s5500t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.0"
      },
      {
        "model": "8.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "netscaler build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "8.047.8"
      },
      {
        "model": "enterprise linux server eus 6.4.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "vcd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.11"
      },
      {
        "model": "security information and event management hf3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1.4"
      },
      {
        "model": "laserjet enterprise color m551 series cf083a 2302963 436083",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.2"
      },
      {
        "model": "documentum content server sp2 p13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "icewall sso dfw r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.5"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet p2055 printer series ce456a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20141201"
      },
      {
        "model": "messaging secure gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.1"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.01"
      },
      {
        "model": "9250c digital sender cb472a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "netiq admininstration console server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "0"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1.131"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.2"
      },
      {
        "model": "sparc m10-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "junos 13.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "software foundation python",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "python",
        "version": "3.5"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7100"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "laserjet enterprise color m855 a2w79a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.0-76.7"
      },
      {
        "model": "bbm for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.4"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "documentum content server sp2 p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "color laserjet cp6015 q3934a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "flex system enterprise chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8721"
      },
      {
        "model": "color laserjet m651 cz257a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.0"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce502a 2302963 436064",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "vsphere virtual disk development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "ive os 8.0r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system storage ts2900 tape librray",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0033"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce504a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc519a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.9"
      },
      {
        "model": "ecns600 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.0-77.5"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.3"
      },
      {
        "model": "laserjet p3005 printer series q7816a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.190.3"
      },
      {
        "model": "jabber voice for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.6"
      },
      {
        "model": "9.3-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos os 12.1x46-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet p4515 cb516a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.172"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "aura application server sip core pb19",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "bladecenter js22",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7998-61x)0"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.15"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.65"
      },
      {
        "model": "executive scorecard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.41"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.5"
      },
      {
        "model": "8.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.6"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.4"
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uacos c5.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "strm/jsa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "z/tpf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.10"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.40"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "laserjet enterprise color mfp m880 d7p70a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "laserjet p4515 cb514a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.2.0.9"
      },
      {
        "model": "puredata system for operational analytics a1791",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "dsm v100r002c05spc615",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.6"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.55"
      },
      {
        "model": "system x3400m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "78361.42"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "fortirecorder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.5"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos insight standalone fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "vdi communicator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "bladecenter js23",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x)0"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.5"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.0"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "msa storage gl200r007",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2040"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "icewall sso certd r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "command view server based management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.3.2"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "laserjet printer series q7697a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.161"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.5"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.6"
      },
      {
        "model": "fortigate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.5"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "9500e family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "ace application control engine module ace20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet enterprise m712 series cf235a 2302963 436080",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "fortisandbox build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.3.086"
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c09",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.4"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.94"
      },
      {
        "model": "agent desktop for cisco unified contact center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "vcenter site recovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0.31"
      },
      {
        "model": "dgs-1210-28p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "4.00.043"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.75"
      },
      {
        "model": "color laserjet m680 cz248a 2302963 436072",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.91"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "ape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "hyperdp v200r001c91spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x330073820"
      },
      {
        "model": "asset manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.40"
      },
      {
        "model": "unified attendant console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dsr-500 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.3-64.4"
      },
      {
        "model": "s3900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.19"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "enterprise linux server eus 6.3.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0"
      },
      {
        "model": "junos 10.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.10.140.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.32"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.1.3"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "6.5"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "laserjet p3005 printer series q7814a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.190.3"
      },
      {
        "model": "ace application control engine module ace10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v110.1"
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "20"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "36100"
      },
      {
        "model": "ive os 7.4r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.21"
      },
      {
        "model": "hi switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.7"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce503a 2302963 436064",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "msr9xx family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "vcenter site recovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1.1"
      },
      {
        "model": "nsx for multi-hypervisor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1.2"
      },
      {
        "model": "laserjet printer series q7698a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "sbr enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.17"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.63"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "junos os 13.3r2-s3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "msr30 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.3"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "manageone v100r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.0.4"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.0.2"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463011.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087330"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.20"
      },
      {
        "model": "esight-ewl v300r001c10spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ave2000 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "color laserjet enterprise cp4525 cc493a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.164.1"
      },
      {
        "model": "executive scorecard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.40"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.22"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.2"
      },
      {
        "model": "websphere datapower b2b appliance xb62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "laserjet multifunction printer series q3726a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.290.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.82"
      },
      {
        "model": "color laserjet cp4005 printer series cb504a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "46.230.6"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.0.74.4"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "junos space 12.3p2.8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.85"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.60"
      },
      {
        "model": "pulse desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "rational insight ifix1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "laserjet m4345 multifunction printer cb425a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "8.4-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "laserjet enterprise m602 series ce991a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "malware analysis appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1.2"
      },
      {
        "model": "usg9300 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.1.0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.126.0"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "anyoffice v200r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "color laserjet flow m680 ca251a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.4"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.9"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.0"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.1"
      },
      {
        "model": "bbm for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rim",
        "version": "2.2.1.40"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "13.10"
      },
      {
        "model": "virtual automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.68"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.0.0"
      },
      {
        "model": "color laserjet enterprise cp4025 cc490a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.34"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.50"
      },
      {
        "model": "color laserjet multifunction printer series cb481a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "laserjet printer series q7545a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "junos 13.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2143"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19100"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "usg9500 usg9500 v300r001c20",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet printer series q5406a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43508.250.2"
      },
      {
        "model": "espace u2990 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "forticlient build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0591"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.34"
      },
      {
        "model": "studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.60"
      },
      {
        "model": "aura conferencing sp1 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "laserjet enterprise mfp m525f cf116a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "color laserjet cp3525 cc468a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cloudplatform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.2"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.10"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66020"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.6"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4x27.62"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310054570"
      },
      {
        "model": "vcd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1.3"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.4"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "one-x mobile ces for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "junos os 13.3r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59200"
      },
      {
        "model": "security analytics platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1.3"
      },
      {
        "model": "oceanstor s6800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "manageone v100r001c02 spc901",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 11.4r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2"
      },
      {
        "model": "xiv storage system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "281011.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.20"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "junos 12.1x45-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "system x3500m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "78391.42"
      },
      {
        "model": "utm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "9.2"
      },
      {
        "model": "oceanstor s2600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "color laserjet cp5525 ce707a 2302963 436070",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "enterprise linux els",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3500-"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.26"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.13"
      },
      {
        "model": "email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "11.00"
      },
      {
        "model": "color laserjet cm6030 multifunction printer ce664a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "isoc v200r001c02spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "psb email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "9.20"
      },
      {
        "model": "color laserjet cp3525 cc471a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "9.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.155"
      },
      {
        "model": "ons series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154000"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos space r1.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.1.4"
      },
      {
        "model": "webapp secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "security threat response manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.11"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.70"
      },
      {
        "model": "utm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "8.3"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "policy center v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087180"
      },
      {
        "model": "laserjet enterprise p3015 ce526a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.50"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.14"
      },
      {
        "model": "junos 12.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.4"
      },
      {
        "model": "color laserjet cp6015 q3934a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.170"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3700-"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.92"
      },
      {
        "model": "colorqube ps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "88704.76.0"
      },
      {
        "model": "web security gateway anywhere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.1"
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "5.0"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart update manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4.1"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.21"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x638370"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.85"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0"
      },
      {
        "model": "color laserjet multifunction printer series cb480a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "vm virtualbox 4.2.0-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "color laserjet cm4540 mfp cc421a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.2"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.50"
      },
      {
        "model": "color laserjet multifunction printer series cb482a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "sdn for virtual environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "laserjet multifunction printer series q3944a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43459.310.2"
      },
      {
        "model": "watson explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "jabber video for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.2r5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.51"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.8"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.2"
      },
      {
        "model": "junos 10.4r14",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1"
      },
      {
        "model": "laserjet printer series q5403a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42508.250.2"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.56"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "webex connect client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vcsa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.343"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "color laserjet printer series q5982a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "380046.80.8"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.4"
      },
      {
        "model": "junos pulse 4.0r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.12"
      },
      {
        "model": "cognos planning fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "junos -d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "p2 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1810v10"
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.28"
      },
      {
        "model": "junos space 13.1r1.6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "view client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.3.1"
      },
      {
        "model": "junos 10.0s25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 10.4r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "10.00"
      },
      {
        "model": "system dx360m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73251.42"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.13"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "softco v200r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.52"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.3"
      },
      {
        "model": "color laserjet cm6040 multifunction printer q3939a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52.256.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.18"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.28"
      },
      {
        "model": "junos 10.4r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.1"
      },
      {
        "model": "vsphere storage appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1.3"
      },
      {
        "model": "laserjet p4015 cb511a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.0.1"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.17"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.18"
      },
      {
        "model": "junos 12.3r4-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.36"
      },
      {
        "model": "agile controller v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "nip2000\u00265000 v100r002c10hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.29"
      },
      {
        "model": "datafort s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.4"
      },
      {
        "model": "core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "junos r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.2"
      },
      {
        "model": "russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66020"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "management center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2.1.1"
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cf274a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smc2.0 v100r002c01b017sp16",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.0"
      },
      {
        "model": "blackberry link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "1.2"
      },
      {
        "model": "msr20-1x family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.77"
      },
      {
        "model": "8.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura conferencing standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.17"
      },
      {
        "model": "one-x mobile ces for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.4"
      },
      {
        "model": "system x3650m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54541.42"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.7"
      },
      {
        "model": "physical access gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325054580"
      },
      {
        "model": "cognos insight standalone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "session border controller enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "model": "junos 11.4r5-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os 8.0r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89410"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "isoc v200r001c01spc101",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.13"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.36"
      },
      {
        "model": "junos os 12.1x44-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "watson explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0"
      },
      {
        "model": "fortiweb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.1"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7600"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.114"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8.106"
      },
      {
        "model": "lifetime key management software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "vcenter converter standalone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb482a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50.286.1"
      },
      {
        "model": "10.0-beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.95"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.22"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "horizon workspace server gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.8.1"
      },
      {
        "model": "documentum content server p06",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.89"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "junos 12.1r8-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.07"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.56"
      },
      {
        "model": "laserjet multifunction printer series q3945a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43459.310.2"
      },
      {
        "model": "websphere datapower xml accelerator xa35",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.15"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "executive scorecard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.5"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.21"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.14"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.4"
      },
      {
        "model": "isoc v200r001c00spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "60000"
      },
      {
        "model": "one-x client enablement services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "small business isa500 series integrated security appliances",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.1"
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.21"
      },
      {
        "model": "netiq identity server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "color laserjet enterprise cp4525 cc495a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.164.1"
      },
      {
        "model": "junos 12.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.80"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.5.2"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.107"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.28"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "flex system p260 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-23x)0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g84a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.4"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.3"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "vcsa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "color laserjet enterprise m750 d3l10a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.27"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.170"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "idp 4.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "horizon workspace client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.8.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.20"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.1"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2"
      },
      {
        "model": "laserjet m3035 multifunction printer cc476a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "laserjet enterprise flow m830z mfp cf367a 2302963 436071",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "usg9500 usg9500 v300r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5750"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "config advisor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "color laserjet cm4540 mfp cc420a 2302963 436067",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "color laserjet enterprise cp4525 cc494a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.164.1"
      },
      {
        "model": "laserjet enterprise mfp m725 cf067a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "color laserjet printer series q7492a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.9"
      },
      {
        "model": "eucalyptus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "eucalyptus",
        "version": "4.0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "uma v200r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "color laserjet m680 cz249a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m3035 multifunction printer cc477a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "isoc v200r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.0"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "simatic wincc oa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.12"
      },
      {
        "model": "forticlient",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.22"
      },
      {
        "model": "eupp v100r001c10spc002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.0"
      },
      {
        "model": "websphere datapower low latency appliance xm70",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.15"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos insight standalone fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "oncommand balance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "f1000a and s family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "stunnel",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.02"
      },
      {
        "model": "u200a and m family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.57"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.6"
      },
      {
        "model": "flex system fc5022",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "850/8700"
      },
      {
        "model": "officejet enterprise color c2s12a 2302963 436074",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x555"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70000"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.2.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.11"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.4.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "oceanstor s5500t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.66"
      },
      {
        "model": "junos d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "color laserjet cm4540 mfp cc419a 2302963 436067",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.3"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.31"
      },
      {
        "model": "vcenter converter standalone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.4"
      },
      {
        "model": "hsr6602 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "wag310g wireless-g adsl2+ gateway with voip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "documentum content server p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.44"
      },
      {
        "model": "security threat response manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2012.1"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "unified wireless ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "29200"
      },
      {
        "model": "one-x mobile for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.5"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.50"
      },
      {
        "model": "9.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.14"
      },
      {
        "model": "laserjet m4345 multifunction printer cb425a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.6"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.07"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "ida pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hex ray",
        "version": "6.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.8"
      },
      {
        "model": "junos space 14.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4x27.44"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.22"
      },
      {
        "model": "9.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "color laserjet m651 cz255a 2302963 436073",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "si switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51200"
      },
      {
        "model": "scanjet enterprise document capture workstation l2717a 2302963 436065",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8500"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.19"
      },
      {
        "model": "laserjet p4015 cb510a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.99"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.168"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.02007"
      },
      {
        "model": "cloudsystem foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0.2"
      },
      {
        "model": "9.0-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "junos 13.3r2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.41"
      },
      {
        "model": "junos 12.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "vcd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.6.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x638370"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "smart call home",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "elan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8.3.3"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.1"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.3"
      },
      {
        "model": "laserjet enterprise color mfp m575dn cd645a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "system x3250m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "42511.42"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.3"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "laserjet enterprise m806 cz245a 2302963 436075",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.4"
      },
      {
        "model": "suse core for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9x86"
      },
      {
        "model": "ecns610 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "junos 13.2r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "documentum content server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "horizon workspace server data",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.8.1"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025308"
      },
      {
        "model": "9.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.81"
      },
      {
        "model": "storage encryption",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.4"
      },
      {
        "model": "laserjet m3027 multifunction printer cb416a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.99"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.108"
      },
      {
        "model": "xenclient enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.1.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g84a 2303714 233000041",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "netscaler ipmi/lom interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "8.4-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "msr20 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "colorqube ps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "85704.76.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.9"
      },
      {
        "model": "oceanstor s6800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "color laserjet m680 cz249a 2302963 436072",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.62"
      },
      {
        "model": "servicecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.30"
      },
      {
        "model": "sparc m10-4s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "fortiauthenticator build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.1.060"
      },
      {
        "model": "laserjet enterprise m601 series ce990a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129000"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "vcenter support assistant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.14"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0"
      },
      {
        "model": "sbr carrier 7.6.0-r10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.56"
      },
      {
        "model": "hsr6800 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet printer series q7552a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "scanjet enterprise document capture workstation l2717a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "85000"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.39"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.3.0"
      },
      {
        "model": "bladecenter js23/js43",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x)0"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.185"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.2"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "laserjet printer series q3721a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "flex system fabric en4093 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.5"
      },
      {
        "model": "manageone v100r002c10 spc320",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.10"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "svn2200 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "messagesight server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "secblade iii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "safe profile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.79"
      },
      {
        "model": "junos 13.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "laserjet m5035 multifunction printer q7830a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "jetdirect 640n eio card j8025a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "45.35"
      },
      {
        "model": "junos 13.2r5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.2"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.4.4"
      },
      {
        "model": "itbm standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.00"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.2"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "color laserjet cp3525 cc469a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 13.1r4-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.11"
      },
      {
        "model": "fortivoiceos build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.3165"
      },
      {
        "model": "laserjet enterprise color m551 series cf082a 2302963 436083",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "secure analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.4"
      },
      {
        "model": "eupp v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.17"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "laserjet printer series q3722a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.00"
      },
      {
        "model": "junos pulse 5.0r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.14"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.22"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "enterprise linux eus 5.9.z server",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.7.3"
      },
      {
        "model": "laserjet p4515 cb516a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.3"
      },
      {
        "model": "uma-db v2r1coospc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security information and event management hf6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2.2"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence exchange system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datafort management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "usg9300 usg9300 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.05"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "f1000e family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.113"
      },
      {
        "model": "laserjet enterprise m601 series ce989a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "oncommand unified manager core package 5.2.1p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "junos 11.4r6.6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.40"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19200"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.3"
      },
      {
        "model": "color laserjet cm4540 mfp cc419a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7600-"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.3"
      },
      {
        "model": "vsphere replication",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.6"
      },
      {
        "model": "espace u2990 v200r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "msr93x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "airwave",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.01"
      },
      {
        "model": "big data extensions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.1"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "junos space 12.3r1.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "dsr-1000n rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.19"
      },
      {
        "model": "junos 11.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "svn5500 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "msr50 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.2.0.1055"
      },
      {
        "model": "laserjet m5025 multifunction printer q7840a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "flex system p260 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-22x)0"
      },
      {
        "model": "tivoli netcool/system service monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "jabber voice for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "idp 4.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "virtuozzo containers for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "4.7"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5"
      },
      {
        "model": "junos 12.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet enterprise m603 series ce994a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "vsphere support assistant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.37"
      },
      {
        "model": "airwave",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "7.2"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "laserjet enterprise m806 cz245a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "color laserjet printer series q7493a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "msr50 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.0"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6.3"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.61"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.41"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "8.4-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "junos 10.0s28",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "algo one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.9"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "isoc v200r001c02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "color laserjet cp6015 q3931a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1"
      },
      {
        "model": "color laserjet enterprise cp4525 cc493a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "10.0-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.4.2"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "utm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "9.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.40"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.07"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1183.0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.7"
      },
      {
        "model": "fortigate build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0589"
      },
      {
        "model": "tivoli storage flashcopy manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.18"
      },
      {
        "model": "junos os 12.3r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cms r17 r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "horizon workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.8.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "websphere datapower b2b appliance xb62",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.10"
      },
      {
        "model": "color laserjet cm6030 multifunction printer ce665a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52.256.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.16"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.79"
      },
      {
        "model": "manageability sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.13"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "fortiwifi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "vix api",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.12"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.16"
      },
      {
        "model": "junos 5.0r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.33"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.3"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.9"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "6.4"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "3.3"
      },
      {
        "model": "web security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.1"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "vsphere replication",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.1"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.02"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.1.3"
      },
      {
        "model": "uacos c5.0r4.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet enterprise p3015 ce525a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 13.1r.3-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web filter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.6"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.152"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.6"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.10"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v20"
      },
      {
        "model": "laserjet p2055 printer series ce459a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20141201"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb483a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.3"
      },
      {
        "model": "netscaler build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.196.4"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.203"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "logcenter v200r003c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "dynamic system analysis",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "dgs-1210-28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "4.00.012"
      },
      {
        "model": "ssl vpn 7.4r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.20"
      },
      {
        "model": "laserjet enterprise m601 series ce989a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.3.0.13725"
      },
      {
        "model": "infosphere master data management server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.152"
      },
      {
        "model": "color laserjet printer series q7534a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "300046.80.2"
      },
      {
        "model": "horizon workspace client for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.8.1"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.51"
      },
      {
        "model": "rational build forge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "netiq access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "4.0"
      },
      {
        "model": "flex system enterprise chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7893"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "watson explorer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.4"
      },
      {
        "model": "s7700\u0026s9700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "netiq access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.2"
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "command view for tape libraries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "sparc enterprise m8000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "oceanstor s2600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet enterprise color mfp m575dn cd645a 2302963 436081",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "junos 12.1x45-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.2"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.4"
      },
      {
        "model": "9.2-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.0"
      },
      {
        "model": "msr30-16 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "fortiwifi build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0589"
      },
      {
        "model": "laserjet enterprise color m855 a2w77a 2302963 436076",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.4"
      },
      {
        "model": "puredata system for hadoop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.01"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.3"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloudsystem chargeback",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.40"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.10"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0.2354"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.3"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.0"
      },
      {
        "model": "aura application server sip core pb3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.3"
      },
      {
        "model": "netiq access gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "0"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.2"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.1"
      },
      {
        "model": "security threat response manager 2012.1r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "laserjet m3027 multifunction printer cc479a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "sparc enterprise m3000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "color laserjet cp6015 q3932a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.0"
      },
      {
        "model": "enterprise linux long life server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.6"
      },
      {
        "model": "laserjet enterprise mfp m525f cf117a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.134.14"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.0"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.3"
      },
      {
        "model": "junos 11.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.0.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.4"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.7"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "storage management initiative specification providers fo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.1"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "msr30-1x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.15"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.79"
      },
      {
        "model": "puremessage for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.04"
      },
      {
        "model": "junos 11.4r5.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.74"
      },
      {
        "model": "laserjet enterprise p3015 ce595a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet p4515 cb514a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.03"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "netscaler build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.070.5"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.1.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.11"
      },
      {
        "model": "security information and event management ga",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4.0"
      },
      {
        "model": "junos 11.4r12-s1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.2.4"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125000"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.2"
      },
      {
        "model": "8.4-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.55"
      },
      {
        "model": "officejet enterprise color c2s11a 2302963 436074",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x555"
      },
      {
        "model": "web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.9.0.0"
      },
      {
        "model": "tsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.12"
      },
      {
        "model": "msr30-16 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "imc ead",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.00"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.31"
      },
      {
        "model": "laserjet m5035 multifunction printer q7829a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "fortios b064",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.12"
      },
      {
        "model": "mysql",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "laserjet p4015 cb509a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "usg9500 v300r001c20sph102",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x353071600"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "laserjet m3035 multifunction printer cb414a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.25"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4x27.43"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.13"
      },
      {
        "model": "asa cx context-aware security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "color laserjet cp5525 ce709a 2302963 436070",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "horizon workspace client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.5"
      },
      {
        "model": "web filter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.52"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "unified im and presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "junos 11.4r7-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "laserjet enterprise color mfp m880 a2w75a 2302963 436068",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "elog v100r003c01spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "system storage ts3400 tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0040"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "cit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.40"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087520"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "s5900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "scanjet enterprise document capture workstation l2719a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "85000"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "s6900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web security gateway anywhere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7.3"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "junos 12.1r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "fusionsphere v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.5"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.015"
      },
      {
        "model": "tsm v100r002c07spc219",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vma san gateway g5.5.1.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.4.0.14619"
      },
      {
        "model": "one-x mobile lite for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.173"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "system dx360m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "63911.42"
      },
      {
        "model": "espace iad v300r002c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.4"
      },
      {
        "model": "documentum content server sp1 p28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.45"
      },
      {
        "model": "arubaos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.4.1.0"
      },
      {
        "model": "cognos express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "color laserjet cp6015 q3931a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "9.2-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.1"
      },
      {
        "model": "laserjet p3005 printer series q7815a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.190.3"
      },
      {
        "model": "datafort fc-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "vcac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "vcenter site recovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.1"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7200"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet printer series q5408a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43508.250.2"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "xiv storage system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "281011.3"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "4210g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "aura application server sip core pb25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.8"
      },
      {
        "model": "junos r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "14.1"
      },
      {
        "model": "laserjet enterprise m603 series ce995a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.118"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.88"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.4.3"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.95"
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "hyperdp v200r001c09spc501",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "nsx for multi-hypervisor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0.3"
      },
      {
        "model": "toolscenter suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079140"
      },
      {
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.3"
      },
      {
        "model": "utm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "9.203"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.3.1.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13100"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "laserjet enterprise mfp m725 cf069a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.10"
      },
      {
        "model": "laserjet printer series q7784a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42408.250.2"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59000"
      },
      {
        "model": "project metasploit framework",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "metasploit",
        "version": "4.9.3"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.0"
      },
      {
        "model": "usg2000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.86"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.12"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.3"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "project metasploit framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "metasploit",
        "version": "4.9.2"
      },
      {
        "model": "cloudsystem enterprise software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75000"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "junos r12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4"
      },
      {
        "model": "websphere datapower low latency appliance xm70",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.4"
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.7"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "laserjet enterprise mfp m725 cf068a 2302963 436078",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.59"
      },
      {
        "model": "laserjet enterprise mfp m725 cf068a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.3"
      },
      {
        "model": "laserjet enterprise color mfp m575dn cd644a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "junos os 14.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "8.4-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "operations analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "color laserjet cp3505 printer series cb442a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.160.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.2"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.32"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.42"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6"
      },
      {
        "model": "laserjet printer series q5400a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42508.250.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.1"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087220"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.2.0"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.3"
      },
      {
        "model": "laserjet printer series q7546a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "command view for tape libraries",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.8"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "laserjet printer series q7547a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "svn5500 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.01"
      },
      {
        "model": "rox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "22.6"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "power ps701",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "color laserjet m651 cz256a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.012"
      },
      {
        "model": "agent desktop for cisco unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.8"
      },
      {
        "model": "vdi communicator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0.3"
      },
      {
        "model": "oceanstor s5500t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet enterprise mfp m725 cf066a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g85a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.1"
      },
      {
        "model": "aura messaging sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.3"
      },
      {
        "model": "espace iad v300r001c07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "software foundation python",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "python",
        "version": "3.4"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "laserjet enterprise color m775 series cf304a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "9.2-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.119"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "laserjet printer series q5402a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42508.250.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "msr30-1x family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "vcloud networking and security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.2"
      },
      {
        "model": "color laserjet printer series q7491a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "4510g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.5"
      },
      {
        "model": "laserjet m3035 multifunction printer cb414a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "dsr-1000 rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "operations automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "5.0"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.5"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6.2"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.9"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.1"
      },
      {
        "model": "one-x mobile lite for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "documentum content server sp2 p16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "sparc enterprise m5000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.2"
      },
      {
        "model": "database and middleware automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.20"
      },
      {
        "model": "laserjet enterprise color mfp m575dn cd644a 2302963 436081",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.0.0.12875"
      },
      {
        "model": "power system s822",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "network connect 8.0r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.21-21"
      },
      {
        "model": "junos pulse for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.22"
      },
      {
        "model": "system x3550m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79441.42"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.40"
      },
      {
        "model": "airwave",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "7.2.2"
      },
      {
        "model": "vfabric application director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.2"
      },
      {
        "model": "color laserjet printer series q5981a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "380046.80.8"
      },
      {
        "model": "enterprise virtualization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "junos 11.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "ip video phone e20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.2.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.2.6"
      },
      {
        "model": "junos 10.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "proxysg sgos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5.4.4"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.5"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mate products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.2"
      },
      {
        "model": "websphere datapower xml accelerator xa35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.8"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cz195a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "integrity sd2 cb900s i2 and i4 server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.7.98"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.010"
      },
      {
        "model": "flex system p260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.4"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.9"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7.0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.37"
      },
      {
        "model": "pulse desktop 4.0r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet p4015 cb510a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.8"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "ive os 7.4r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.3r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "56000"
      },
      {
        "model": "puredata system for hadoop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.00"
      },
      {
        "model": "utm manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.29"
      },
      {
        "model": "laserjet printer series q7699a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "messaging secure gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.5"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.5"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.23"
      },
      {
        "model": "m220 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.03"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77009.7"
      },
      {
        "model": "8.4-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.2"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "unified agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58300"
      },
      {
        "model": "jetdirect 695n eio card j8024a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "41.16"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.3.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "laserjet printer series q5410a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43508.250.2"
      },
      {
        "model": "espace u19** v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "data recovery",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "uma v200r001c00spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.9.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.0"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350073830"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "idatplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.21"
      },
      {
        "model": "cms r16",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "color laserjet m651 cz256a 2302963 436073",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "oceanstor s6800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.12"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.121"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "vdi communicator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0.1"
      },
      {
        "model": "color laserjet printer series q7494a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "119000"
      },
      {
        "model": "secure analytics 2014.2r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "power ps704 blade",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7891-74x)0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.120"
      },
      {
        "model": "flashsystem 9843-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "laserjet enterprise mfp m725 cf067a 2302963 436078",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "laserjet enterprise p3015 ce525a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.186.1"
      },
      {
        "model": "nsx for vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.4"
      },
      {
        "model": "junos 13.1r3-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.24"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip edge clients for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7101"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "netscaler build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "8.157.3"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc519a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce738a 2302963 436064",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.48"
      },
      {
        "model": "horizon workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.5"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.9"
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "espace usm v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "idp series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "laserjet enterprise p3015 ce527a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.186.1"
      },
      {
        "model": "laserjet enterprise p3015 ce526a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.186.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5"
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "watson explorer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.4"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g86a 2303714 233000041",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system storage ts3400 tape library",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0042"
      },
      {
        "model": "email security gateway anywhere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.1"
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.143"
      },
      {
        "model": "nexus switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "31640"
      },
      {
        "model": "laserjet m3035 multifunction printer cb415a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc520a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "messagesight server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "ive os 8.0r4.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 11.4r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fusionsphere v100r003c10spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "msr93x family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.47"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.2"
      },
      {
        "model": "color laserjet multifunction printer series q7520a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "airwave",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "7.7.12"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.0"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "smc2.0 v100r002c01b025sp07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2700\u0026s3700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "espace cc v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "9250c digital sender cb472a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.293.1"
      },
      {
        "model": "protection service for email",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.1"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.31"
      },
      {
        "model": "laserjet enterprise color mfp m880 d7p71a 2302963 436068",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.8"
      },
      {
        "model": "netezza diagnostic tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0"
      },
      {
        "model": "laserjet m4345 multifunction printer cb427a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.21"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "8.1.68.7"
      },
      {
        "model": "elan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8.2"
      },
      {
        "model": "isoc v200r001c01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "laserjet enterprise color m855 a2w77a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.81"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2.15"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.2"
      },
      {
        "model": "dgs-1500-28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "2.51.005"
      },
      {
        "model": "3par service processor sp-4.2.0.ga-29.p003",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s7-1500",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.6"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "esight-ewl v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c91",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "virtual tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.70"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "cloud service automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.01"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "color laserjet multifunction printer series q7518a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "simatic wincc oa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.8"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "laserjet printer series q7544a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce502a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "oic v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos space 13.1p1.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "dgs-1210-20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "4.00.041"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "icewall sso dfw certd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet enterprise m603 series ce996a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.9"
      },
      {
        "model": "cit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.2"
      },
      {
        "model": "color laserjet cp6015 q3932a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.53"
      },
      {
        "model": "horizon workspace client for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.5"
      },
      {
        "model": "communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "via for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "2.0.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "color laserjet printer series q5983a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "380046.80.8"
      },
      {
        "model": "junos 11.4r9-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sbr enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.10"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.23"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.6"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "puremessage for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.05"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.4"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.19"
      },
      {
        "model": "tivoli storage productivity center fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.14"
      },
      {
        "model": "sterling connect:enterprise for unix ifix03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.3"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7300"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "officejet enterprise color mfp b5l04a 2302963 436066",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x585"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.01"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.5"
      },
      {
        "model": "via for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "2.0.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.17"
      },
      {
        "model": "pulse desktop 5.0r3.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.3.61.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.115"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.1.2"
      },
      {
        "model": "junos 5.0r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.1"
      },
      {
        "model": "fortios build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0589"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jetdirect 620n eio card j7934g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "29.26"
      },
      {
        "model": "junos 10.0s18",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "scanjet enterprise document capture workstation l2719a 2302963 436065",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8500"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.33"
      },
      {
        "model": "jabber im for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.12"
      },
      {
        "model": "small cell factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.4"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.45"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.2"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.31"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "flex system enterprise chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8724"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.78"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "color laserjet flow m680 ca251a 2302963 436072",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079150"
      },
      {
        "model": "exalogic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x3-22.0.6.2.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.10"
      },
      {
        "model": "espace vtm v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 10.4r",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.15"
      },
      {
        "model": "web security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.3"
      },
      {
        "model": "config manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.6"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.3"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.6"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "ssl vpn 8.0r4.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.4"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0"
      },
      {
        "model": "spa525 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4.0.15"
      },
      {
        "model": "cp1543-1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.1.25"
      },
      {
        "model": "laserjet m9050 multifunction printer cc395a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51.256.1"
      },
      {
        "model": "ive os 7.4r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.41"
      },
      {
        "model": "laserjet enterprise color m551 series cf081a 2302963 436083",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "advanced settings utility",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "msr30 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.0"
      },
      {
        "model": "color laserjet enterprise m750 d3l10a 2302963 436077",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "color laserjet cp3505 printer series cb443a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.160.2"
      },
      {
        "model": "laserjet enterprise m601 series ce990a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "proxysg sgos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.2.15.6"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.54"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087330"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.30"
      },
      {
        "model": "utm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "9.113"
      },
      {
        "model": "espace u2980 v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.9"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "color laserjet printer series q7536a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "300046.80.2"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.2.0"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jsa 2014.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.2"
      },
      {
        "model": "9.2-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.177"
      },
      {
        "model": "s12700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.35"
      },
      {
        "model": "8.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "oceanstor s2200t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.1"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x571431.43"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "hsr6602 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.18"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.1"
      },
      {
        "model": "laserjet enterprise color m775 series cc524a 2302963 436079",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "s7-1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.23"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v39.7"
      },
      {
        "model": "s2900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.10"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.21"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.32"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "datafort common criteria fc-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "junos 11.4r7-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.20"
      },
      {
        "model": "pulse desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.38"
      },
      {
        "model": "usg5000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "ovf tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5.1"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.9"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "message networking sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.1"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.00"
      },
      {
        "model": "chargeback manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5"
      },
      {
        "model": "web security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7.3"
      },
      {
        "model": "laserjet enterprise flow m830z mfp cf367a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "officejet enterprise color mfp b5l07a 2302963 436066",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x585"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7500"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.5.0.15"
      },
      {
        "model": "junos 12.1x45-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet m4345 multifunction printer cb428a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.8"
      },
      {
        "model": "junos 13.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.4"
      },
      {
        "model": "fortimail build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.3281"
      },
      {
        "model": "color laserjet enterprise m750 d3l08a 2302963 436077",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "s5900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight v2r3c10spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cf278a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "web security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.40"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.4"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.78"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.65"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.95"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.5"
      },
      {
        "model": "vma",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.11"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.31"
      },
      {
        "model": "s3900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.8"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1.6.3"
      },
      {
        "model": "proxyav",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5.21"
      },
      {
        "model": "anyoffice emm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "2.6.0601.0090"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.13"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.39"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.8"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.12"
      },
      {
        "model": "color laserjet enterprise m750 d3l09a 2302963 436077",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.3"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.33"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "system x3400m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73781.42"
      },
      {
        "model": "strm/jsa 2013.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.171"
      },
      {
        "model": "vcenter support assistant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.1"
      },
      {
        "model": "laserjet p4015 cb511a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "msr50-g2 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.21"
      },
      {
        "model": "exalogic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x4-22.0.6.2.0"
      },
      {
        "model": "system x3550m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79461.42"
      },
      {
        "model": "usg9500 usg9500 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.156"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc520a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.58"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "11.16"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0"
      },
      {
        "model": "jetdirect 690n eio card j8007a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "41.16"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "flex system p24l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "ovf tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.17"
      },
      {
        "model": "command view server based management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.3.3"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.2.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.18"
      },
      {
        "model": "oic v100r001c00spc402",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.0"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.14"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.30"
      },
      {
        "model": "algo one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7.1"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "s7700\u0026s9700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.3.1"
      },
      {
        "model": "9.2-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "color laserjet cm6030 multifunction printer ce665a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "vma san gateway g5.5.1.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "dsr-1000 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "laserjet enterprise m603 series ce996a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "tivoli storage flashcopy manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.4"
      },
      {
        "model": "vtm v100r001c30",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos space 13.3r4.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.4.4"
      },
      {
        "model": "oceanstor s5500t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571481.43"
      },
      {
        "model": "fortivoiceos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1"
      },
      {
        "model": "imc uam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.00"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8"
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.86"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.24"
      },
      {
        "model": "system x3650m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79491.42"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.213"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "espace u2980 v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "intelligent management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "laserjet enterprise m602 series ce993a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "watson explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.02"
      },
      {
        "model": "vsphere cli",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "junos 10.4r13",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet enterprise p3015 ce528a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.54"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "8.4-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "22.5"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x2.0.10"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos os 13.1r4-s2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "color laserjet enterprise m750 d3l08a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "system x3250m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "42521.42"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.112"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.2"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0.1880"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.15"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.32"
      },
      {
        "model": "ape",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2.0.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.43"
      },
      {
        "model": "laserjet m4345 multifunction printer cb426a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "8.4-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence ip vcr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "msr20-1x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "si switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "aura application server sip core pb26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.99"
      },
      {
        "model": "documentum content server sp1 p26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.3"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.10"
      },
      {
        "model": "9.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.0"
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.28"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "junos 12.1x45-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.178"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "eupp v100r001c01spc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5"
      },
      {
        "model": "flex system p460 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-42x)0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.2.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.76"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "ecns600 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 13.2r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "horizon view client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.4.6.1"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.21"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.8.11"
      },
      {
        "model": "oceanstor s2600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "color laserjet enterprise cp4025 cc490a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.164.1"
      },
      {
        "model": "communicator for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v29.7"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.131.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3"
      },
      {
        "model": "laserjet printer series q3723a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.06"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "3par service processor sp-4.3.0.ga-17.p000",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "color laserjet cp6015 q3935a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.27"
      },
      {
        "model": "sbr carrier 7.5.0-r11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet enterprise m603 series ce994a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "junos 12.2r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "ave2000 v100r001c00sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.19"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.21"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.4"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce504a 2302963 436064",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 10.4r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.60"
      },
      {
        "model": "digital sender 9200c q5916a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.271.3"
      },
      {
        "model": "laserjet m3035 multifunction printer cc477a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "system x3620m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73761.42"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v20"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "laserjet p3005 printer series q7812a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.190.3"
      },
      {
        "model": "documentum content server sp2 p15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "laserjet enterprise color flow mfp m575c cd646a 2302963 436081",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.55"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "9.2-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.90"
      },
      {
        "model": "laserjet p4515 cb514a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.16"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.0.3"
      },
      {
        "model": "10.0-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.13"
      },
      {
        "model": "msr4000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "system x3400m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "78371.42"
      },
      {
        "model": "junos 12.2r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.21"
      },
      {
        "model": "laserjet p4014 cb506a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "laserjet enterprise mfp m525f cf116a 2302963 436069",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "puremessage for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "5.5.4"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.5"
      },
      {
        "model": "financial services lending and leasing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "flex system p24l compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vpn client v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "metro ethernet series access devices",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12000"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "email security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "eucalyptus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "eucalyptus",
        "version": "3.4.2"
      },
      {
        "model": "3par service processor sp-4.1.0.ga-97.p011",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.25"
      },
      {
        "model": "3par service processor sp-4.1.0.ga-97.p010",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.20"
      },
      {
        "model": "cloudsystem foundation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1"
      },
      {
        "model": "database and middleware automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.01"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.30"
      },
      {
        "model": "jetdirect 635n eio card j7961g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "41.16"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.84"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.4.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.3"
      },
      {
        "model": "junos 13.3r2-s3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.36"
      },
      {
        "model": "prime infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "color laserjet multifunction printer series q7517a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "ace application control engine appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system p460",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-42x)0"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "junos pulse for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.01"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.18"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.05"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.2"
      },
      {
        "model": "tivoli network manager ip edition fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.94"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g86a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.8"
      },
      {
        "model": "dsr-500n rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "color laserjet m651 cz257a 2302963 436073",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.21"
      },
      {
        "model": "color laserjet cm6040 multifunction printer q3938a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52.256.1"
      },
      {
        "model": "netiq sslvpn server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.45"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4"
      },
      {
        "model": "ios xr software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.77"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "color laserjet cp4005 printer series cb503a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "46.230.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.18"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.75"
      },
      {
        "model": "sparc m10-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "nip2000\u00265000 v100r002c10spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.5"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "laserjet enterprise m603 series ce995a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.44"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "laserjet enterprise mfp m630 series j7x28a 2303714 233000041",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.166"
      },
      {
        "model": "junos 11.4r3.7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "eupp v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "junos 13.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.52"
      },
      {
        "model": "dsr-500 rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "dgs-1500.20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "2.51.005"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "laserjet enterprise m602 series ce992a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos d15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45-"
      },
      {
        "model": "update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "laserjet p2055 printer series ce457a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20141201"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.5"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "idol image server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.87"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.35"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087520"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "oceanstor s5800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.36"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.47"
      },
      {
        "model": "itbm standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.1"
      },
      {
        "model": "fortigate",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "mcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66000"
      },
      {
        "model": "color laserjet flow m680 cz250a 2302963 436072",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.32"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69000"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.6"
      },
      {
        "model": "host checker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "junos 12.2r8-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.21-20"
      },
      {
        "model": "oceanstor s5600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.38"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3.1"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.6"
      },
      {
        "model": "system x3400m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73791.42"
      },
      {
        "model": "laserjet enterprise color m551 series cf083a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.2"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.35"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.97"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.34"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.22"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.14"
      },
      {
        "model": "laserjet enterprise color mfp m880 d7p71a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "security module for cisco network registar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "color laserjet cp3525 cc470a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.183.1"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.11"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "laserjet p4014 cb512a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.145"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "cloudplatform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.3.0.1"
      },
      {
        "model": "data ontap storage management initiative specification a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0"
      },
      {
        "model": "aura application server sip core pb16",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "idp series 5.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s6900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "model": "cloudplatform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.2.1"
      },
      {
        "model": "puremessage for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "5.5.5"
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.1-122.17"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.5"
      },
      {
        "model": "fortimail build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6170"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9.4"
      },
      {
        "model": "junos 10.4r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.3.2"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30"
      },
      {
        "model": "vfabric web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.3.4"
      },
      {
        "model": "dsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "laserjet enterprise m712 series cf238a 2302963 436080",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "css series content services switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "115000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "unified agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "oceanstor s5800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.35"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.10"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.05"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.7"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.33"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.5"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "web security gateway anywhere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.3"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "junos space 13.3r1.9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet p4515 cb517a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "s7700\u0026s9700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "9.3-beta1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "software foundation python",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "python",
        "version": "2.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.98"
      },
      {
        "model": "laserjet enterprise color mfp m880 a2w75a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1"
      },
      {
        "model": "horizon workspace server gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.5"
      },
      {
        "model": "laserjet enterprise p3015 ce595a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.186.1"
      },
      {
        "model": "espace usm v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67899"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.0m",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.1h",
                "versionStartIncluding": "1.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.8za",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.45",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:application_processing_engine_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.0.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cp1543-1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.1.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cp1543-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:s7-1500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:s7-1500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:rox_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.16.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:rox:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.13",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.4.2",
                "versionStartIncluding": "3.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.7.8",
                "versionStartIncluding": "2.7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.10.29",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2014-0224",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-0224",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-0224",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201406-080",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-0224",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. \nVersions prior to OpenSSL 1.0.1 and 1.0.2-beta1 are vulnerable. \n\nHP Connect IT / HP SPM CIT - 9.5x\n Please install: HP Connect IT 9.53.P2\n\nFor Windows\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00070\n\nFor Linux\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00071\n\nFor AIX\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00072\n\nFor HPUX\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00073\n\nFor Solaris\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00074\n\nHP Connect IT / HP SPM CIT - 9.4x\n Please install: HP Connect IT 9.40.P1\n\nFor windows(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00075\n\nFor Linux(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00076\n\nFor AIX(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00077\n\nFor HPUX(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00078\n\nFor Solaris(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00079\n\nHP Connect IT / HP SPM AM  5.2x\n Please install: HP Connect IT 9.41.P1\n\nHISTORY\nVersion:1 (rev.1) - 19 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. ============================================================================\nUbuntu Security Notice USN-2232-3\nJune 23, 2014\n\nopenssl regression\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 13.10\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nUSN-2232-1 introduced a regression in OpenSSL. The upstream fix for\nCVE-2014-0224 caused a regression for certain applications that use\nrenegotiation, such as PostgreSQL. This update fixes the problem. \n\nOriginal advisory details:\n\n J=C3=BCri Aedla discovered that OpenSSL incorrectly handled invalid DTLS\n fragments. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\n Ubuntu 14.04 LTS. (CVE-2014-0195)\n  Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A\n remote attacker could use this issue to cause OpenSSL to crash, resulting\n in a denial of service. (CVE-2014-0221)\n  KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain\n handshakes. \n (CVE-2014-0224)\n  Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled\n anonymous ECDH ciphersuites. A remote attacker could use this issue to\n cause OpenSSL to crash, resulting in a denial of service. This issue only\n affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. \n (CVE-2014-3470)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.4\n\nUbuntu 13.10:\n  libssl1.0.0                     1.0.1e-3ubuntu1.6\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.16\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.19\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2232-3\n  http://www.ubuntu.com/usn/usn-2232-1\n  https://launchpad.net/bugs/1332643\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.4\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.6\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.16\n  https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.19\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201407-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: July 27, 2014\n     Bugs: #512506\n       ID: 201407-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, possibly allowing\nremote attackers to execute arbitrary code. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl           \u003c 1.0.1h-r1             *\u003e= 0.9.8z_p5\n                                                        *\u003e= 0.9.8z_p4\n                                                        *\u003e= 0.9.8z_p1\n                                                        *\u003e= 0.9.8z_p3\n                                                        *\u003e= 0.9.8z_p2\n                                                           *\u003e= 1.0.0m\n                                                         \u003e= 1.0.1h-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1h-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-5298\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298\n[ 2 ] CVE-2014-0195\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195\n[ 3 ] CVE-2014-0198\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198\n[ 4 ] CVE-2014-0221\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221\n[ 5 ] CVE-2014-0224\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224\n[ 6 ] CVE-2014-3470\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470\n[ 7 ] OpenSSL Security Advisory [05 Jun 2014]\n      http://www.openssl.org/news/secadv_20140605.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201407-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. The bulletin does not apply to any other 3rd party application\n(e.g. operating system, web server, or application server) that may be\nrequired to be installed by the customer according instructions in the\nproduct install guide. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04347622\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04347622\nVersion: 1\n\nHPSBHF03052 rev.1 - HP Intelligent Management Center (iMC), HP Network\nProducts including H3C and 3COM Routers and Switches running OpenSSL, Remote\nDenial of Service (DoS), Code Execution, Unauthorized Access, Modification or\nDisclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-06-20\nLast Updated: 2014-06-20\n\nPotential Security Impact: Remote Denial of Service (DoS), code execution,\nunauthorized access, modification of information, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Intelligent\nManagement Center (iMC), HP Network Products including 3COM and H3C routers\nand switches running OpenSSL. The vulnerabilities could be exploited remotely\nto create a Denial of Service (DoS), execute code, allow unauthorized access,\nmodify or disclose information. \n\nReferences:\n\nCVE-2010-5298 Remote Denial of Service (DoS) or Modification of Information\nCVE-2014-0198 Remote Unauthorized Access (only iMC impacted)\nCVE-2014-0224 Remote Unauthorized Access or Disclosure of Information\nSSRT101561\nNote: All products listed are impacted by CVE-2014-0224 . iMC is also\nimpacted by CVE-2014-0198 and CVE-2010-5298\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nPlease refer to the RESOLUTION\n section below for a list of impacted products. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5298    (AV:N/AC:H/Au:N/C:N/I:P/A:P)       4.0\nCVE-2014-0198    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0224    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\nOn June 5th 2014, OpenSSL.org issued an advisory with several CVE\nvulnerabilities. HP Networking is working to release fixes for these\nvulnerabilities that impact the products in the table below. As fixed\nsoftware is made available, this security bulletin will be updated to show\nthe fixed versions. Until the software fixes are available, HP Networking is\nproviding the following information including possible workarounds to\nmitigate the risks of these vulnerabilities. \n\nDescription\n\nThe most serious issue reported is CVE-2014-0224 and it is the one discussed\nhere. To take advantage CVE-2014-0224, an attacker must:\n\nbe in between the OpenSSL client and OpenSSL server. \nbe capable of intercepting and modifying packets between the OpenSSL client\nand OpenSSL server in real time. \n\nWorkarounds\n\nHP Networking equipment is typically deployed inside firewalls and access to\nmanagement interfaces and other protocols is more tightly controlled than in\npublic environments. This deployment and security restrictions help to reduce\nthe possibility of an attacker being able to intercept both OpenSSL client\nand OpenSSL server traffic. \n\nFollowing the guidelines in the Hardening Comware-based devices can help to\nfurther reduce man-in-the-middle opportunities:\n\nhttp://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=c03536\n920\n\nFor an HP Networking device acting as an OpenSSL Server, using a patched\nOpenSSL client or non-OpenSSL client eliminates the risk. As an example, most\nmodern web browsers do not use the OpenSSL client and the sessions between\nthe HP Networking OpenSSL server and the non-OpenSSL client are not at risk\nfor this attack. For HP Networking Equipment that is using an OpenSSL client,\npatching the OpenSSL server will eliminate the risk of this attack. \n\nProtocol Notes\n\nThe following details the protocols that use OpenSSL in Comware v5 and\nComware v7:\n\nComware V7:\n\nServer:\n\nFIPS/HTTPS/Load Balancing/Session Initiation Protocol\n\nClient:\n\nLoad Balancing/OpenFlow/Session Initiation Protocol/State Machine Based\nAnti-Spoofing/Dynamic DNS\n\nComware V5:\n\nServer:\n\nCAPWAP/EAP/SSLVPN\n\nClient:\n\nDynamic DNS\n\nFamily\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n 3Com Branded Products Impacted\n\n12900 Switch Series\n Fix in progress\nuse mitigations\n JG619A HP FF 12910 Switch AC Chassis\nJG621A HP FF 12910 Main Processing Unit\nJG632A HP FF 12916 Switch AC Chassis\nJG634A HP FF 12916 Main Processing Unit\n\n12500\n Fix in progress\nuse mitigations\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJC808A HP 12500 TAA Main Processing Unit\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\n\n12500 (Comware v7)\n Fix in progress\nuse mitigations\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJG497A HP 12500 MPU w/Comware V7 OS\nJG782A HP FF 12508E AC Switch Chassis\nJG783A HP FF 12508E DC Switch Chassis\nJG784A HP FF 12518E AC Switch Chassis\nJG785A HP FF 12518E DC Switch Chassis\nJG802A HP FF 12500E MPU\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\n\n11900 Switch Series\n Fix in progress\nuse mitigations\n JG608A HP FF 11908-V Switch Chassis\nJG609A HP FF 11900 Main Processing Unit\n\n10500 Switch Series (Comware v5)\n Fix in progress\nuse mitigations\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC614A HP 10500 Main Processing Unit\nJC748A HP 10512 Switch Chassis\nJG375A HP 10500 TAA Main Processing Unit\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\n\n10500 Switch Series (Comware v7)\n Fix in progress\nuse mitigations\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC748A HP 10512 Switch Chassis\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\nJG496A HP 10500 Type A MPU w/Comware v7 OS\n\n9500E\n Fix in progress\nuse mitigations\n JC124A HP A9508 Switch Chassis\nJC124B HP 9505 Switch Chassis\nJC125A HP A9512 Switch Chassis\nJC125B HP 9512 Switch Chassis\nJC474A HP A9508-V Switch Chassis\nJC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9512E Routing-Switch Chassis (0235A0G7)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9505E Chassis w/ Fans (0235A38P)\nH3C S9512E Chassis w/ Fans (0235A38R)\n\nRouter 8800\n Fix in progress\nuse mitigations\n JC147A HP A8802 Router Chassis\nJC147B HP 8802 Router Chassis\nJC148A HP A8805 Router Chassis\nJC148B HP 8805 Router Chassis\nJC149A HP A8808 Router Chassis\nJC149B HP 8808 Router Chassis\nJC150A HP A8812 Router Chassis\nJC150B HP 8812 Router Chassis\nJC141A HP 8802 Main Control Unit Module\nJC138A HP 8805/08/12 (1E) Main Cntrl Unit Mod\nJC137A HP 8805/08/12 (2E) Main Cntrl Unit Mod\n H3C SR8805 10G Core Router Chassis (0235A0G8)\nH3C SR8808 10G Core Router Chassis (0235A0G9)\nH3C SR8812 10G Core Router Chassis (0235A0GA)\nH3C SR8802 10G Core Router Chassis (0235A0GC)\nH3C SR8802 10G Core Router Chassis (0235A31B)\nH3C SR8805 10G Core Router Chassis (0235A31C)\nH3C SR8808 10G Core Router Chassis (0235A31D)\nH3C SR8812 10G Core Router Chassis (0235A31E)\n\n7500 Switch Series\n Fix in progress\nuse mitigations\n JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T\nJC697A HP A7502 TAA Main Processing Unit\nJC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE\nJC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE\nJC700A HP A7500 384 Gbps TAA Fabric / MPU\nJC701A HP A7510 768 Gbps TAA Fabric / MPU\nJD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports\nJD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports\nJD194A HP 384 Gbps Fabric A7500 Module\nJD194B HP 7500 384Gbps Fabric Module\nJD195A HP 7500 384Gbps Advanced Fabric Module\nJD196A HP 7502 Fabric Module\nJD220A HP 7500 768Gbps Fabric Module\nJD238A HP A7510 Switch Chassis\nJD238B HP 7510 Switch Chassis\nJD239A HP A7506 Switch Chassis\nJD239B HP 7506 Switch Chassis\nJD240A HP A7503 Switch Chassis\nJD240B HP 7503 Switch Chassis\nJD241A HP A7506 Vertical Switch Chassis\nJD241B HP 7506-V Switch Chassis\nJD242A HP A7502 Switch Chassis\nJD242B HP 7502 Switch Chassis\nJD243A HP A7503 Switch Chassis w/1 Fabric Slot\nJD243B HP 7503-S Switch Chassis w/1 Fabric Slot\n H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4)\nH3C S7503E Ethernet Switch Chassis with Fan (0235A0G2)\nH3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5)\nH3C S7506E Ethernet Switch Chassis with Fan (0235A0G1)\nH3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3)\nH3C S7510E Ethernet Switch Chassis with Fan (0235A0G0)\nH3C S7502E Chassis w/ fans (0235A29A)\nH3C S7503E Chassis w/ fans (0235A27R)\nH3C S7503E-S Chassis w/ fans (0235A33R)\nH3C S7506E Chassis w/ fans (0235A27Q)\nH3C S7506E-V Chassis w/ fans (0235A27S)\n\nHSR6800\n Fix in progress\nuse mitigations\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\nHSR6800 Russian Version\n Fix in progress\nuse mitigations\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\nHSR6602\n Fix in progress\nuse mitigations\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\nHSR6602 Russian Version\n Fix in progress\nuse mitigations\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\nA6600\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\nA6600 Russian Version\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n6600 MCP\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n6600 MCP Russian Version\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU\nJG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n5920 Switch Series\n Fix in progress\nuse mitigations\n JG296A HP 5920AF-24XG Switch\nJG555A HP 5920AF-24XG TAA Switch\n\n5900 Switch Series\n Fix in progress\nuse mitigations\n JC772A HP 5900AF-48XG-4QSFP+ Switch\nJG336A HP 5900AF-48XGT-4QSFP+ Switch\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch\nJG554A HP 5900AF-48XG-4QSFP+ TAA Switch\nJG838A HP FF 5900CP-48XG-4QSFP+ Switch\n\n5900 Virtual Switch\n Fix in progress\nuse mitigations\n JG814AAE HP Virtual Switch 5900v VMware E-LTU\nJG815AAE HP VSO SW for 5900v VMware E-LTU\n\n5830 Switch Series\n Fix in progress\nuse mitigations\n JC691A HP A5830AF-48G Switch w/1 Interface Slot\nJC694A HP A5830AF-96G Switch\nJG316A HP 5830AF-48G TAA Switch w/1 Intf Slot\nJG374A HP 5830AF-96G TAA Switch\n\n5820 Switch Series\n Fix in progress\nuse mitigations\n JC102A HP 5820-24XG-SFP+ Switch\nJC106A HP 5820-14XG-SFP+ Switch with 2 Slots\nJG219A HP 5820AF-24XG Switch\nJG243A HP 5820-24XG-SFP+ TAA-compliant Switch\nJG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots\n H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media\nmodules Plus OSM (0235A37L)\nH3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T\n(RJ45) (0235A370)\n\n5800 Switch Series\n Fix in progress\nuse mitigations\n JC099A HP 5800-24G-PoE Switch\nJC100A HP 5800-24G Switch\nJC101A HP 5800-48G Switch with 2 Slots\nJC103A HP 5800-24G-SFP Switch\nJC104A HP 5800-48G-PoE Switch\nJC105A HP 5800-48G Switch\nJG225A HP 5800AF-48G Switch\nJG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots\nJG254A HP 5800-24G-PoE+ TAA-compliant Switch\nJG255A HP 5800-24G TAA-compliant Switch\nJG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt\nJG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot\nJG258A HP 5800-48G TAA Switch w 1 Intf Slot\n H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot\n(0235A36U)\nH3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X\n(SFP Plus ) Plus 1 media module PoE (0235A36S)\nH3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus\nmedia module (no power) (0235A374)\nH3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus\n) Plus media module (0235A379)\nH3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module\n(0235A378)\nH3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM\n(0235A36W)\n\n5500 HI Switch Series\n Fix in progress\nuse mitigations\n JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch\nJG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch\nJG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt\nJG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt\nJG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt\nJG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt\nJG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt\nJG681A HP 5500-24G-SFP HI TAA Swch w/2Slt\n\n5500 EI Switch Series\n Fix in progress\nuse mitigations\n JD373A HP 5500-24G DC EI Switch\nJD374A HP 5500-24G-SFP EI Switch\nJD375A HP 5500-48G EI Switch\nJD376A HP 5500-48G-PoE EI Switch\nJD377A HP 5500-24G EI Switch\nJD378A HP 5500-24G-PoE EI Switch\nJD379A HP 5500-24G-SFP DC EI Switch\nJG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts\nJG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts\nJG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts\nJG250A HP 5500-24G EI TAA Switch w 2 Intf Slts\nJG251A HP 5500-48G EI TAA Switch w 2 Intf Slts\nJG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts\nJG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts\n H3C S5500-28C-EI Ethernet Switch (0235A253)\nH3C S5500-28F-EI Eth Switch AC Single (0235A24U)\nH3C S5500-52C-EI Ethernet Switch (0235A24X)\nH3C S5500-28C-EI-DC Ethernet Switch (0235A24S)\nH3C S5500-28C-PWR-EI Ethernet Switch (0235A255)\nH3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259)\nH3C S5500-52C-PWR-EI Ethernet Switch (0235A251)\n\n5500 SI Switch Series\n Fix in progress\nuse mitigations\n JD369A HP 5500-24G SI Switch\nJD370A HP 5500-48G SI Switch\nJD371A HP 5500-24G-PoE SI Switch\nJD372A HP 5500-48G-PoE SI Switch\nJG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts\nJG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts\n H3C S5500-28C-SI Ethernet Switch (0235A04U)\nH3C S5500-52C-SI Ethernet Switch (0235A04V)\nH3C S5500-28C-PWR-SI Ethernet Switch (0235A05H)\nH3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)\n\n5120 EI Switch Series\n Fix in progress\nuse mitigations\n JE066A HP 5120-24G EI Switch\nJE067A HP 5120-48G EI Switch\nJE068A HP 5120-24G EI Switch with 2 Slots\nJE069A HP 5120-48G EI Switch with 2 Slots\nJE070A HP 5120-24G-PoE EI Switch with 2 Slots\nJE071A HP 5120-48G-PoE EI Switch with 2 Slots\nJG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts\nJG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts\nJG245A HP 5120-24G EI TAA Switch w 2 Intf Slts\nJG246A HP 5120-48G EI TAA Switch w 2 Intf Slts\nJG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts\nJG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts\n H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ)\nH3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS)\nH3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR)\nH3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT)\nH3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU)\nH3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)\n\n5120 SI switch Series\n Fix in progress\nuse mitigations\n JE072A HP 5120-48G SI Switch\nJE073A HP 5120-16G SI Switch\nJE074A HP 5120-24G SI Switch\nJG091A HP 5120-24G-PoE+ (370W) SI Switch\nJG092A HP 5120-24G-PoE+ (170W) SI Switch\n H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W)\nH3C S5120-20P-SI L2\n16GE Plus 4SFP (0235A42B)\nH3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D)\nH3C S5120-28P-HPWR-SI (0235A0E5)\nH3C S5120-28P-PWR-SI (0235A0E3)\n\n4800 G Switch Series\n Fix in progress\nuse mitigations\n JD007A HP 4800-24G Switch\nJD008A HP 4800-24G-PoE Switch\nJD009A HP 4800-24G-SFP Switch\nJD010A HP 4800-48G Switch\nJD011A HP 4800-48G-PoE Switch\n\n 3Com Switch 4800G 24-Port (3CRS48G-24-91)\n3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91)\n3Com Switch 4800G 48-Port (3CRS48G-48-91)\n3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91)\n3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)\n\n4510G Switch Series\n Fix in progress\nuse mitigations\n JF428A HP 4510-48G Switch\nJF847A HP 4510-24G Switch\n\n 3Com Switch 4510G 48 Port (3CRS45G-48-91)\n3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91)\n3Com Switch E4510-24G (3CRS45G-24-91)\n\n4210G Switch Series\n Fix in progress\nuse mitigations\n JF844A HP 4210-24G Switch\nJF845A HP 4210-48G Switch\nJF846A HP 4210-24G-PoE Switch\n\n 3Com Switch 4210-24G (3CRS42G-24-91)\n3Com Switch 4210-48G (3CRS42G-48-91)\n3Com Switch E4210-24G-PoE (3CRS42G-24P-91)\n\n3610 Switch Series\n Fix in progress\nuse mitigations\n JD335A HP 3610-48 Switch\nJD336A HP 3610-24-4G-SFP Switch\nJD337A HP 3610-24-2G-2G-SFP Switch\nJD338A HP 3610-24-SFP Switch\n H3C S3610-52P - model LS-3610-52P-OVS (0235A22C)\nH3C S3610-28P - model LS-3610-28P-OVS (0235A22D)\nH3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E)\nH3C S3610-28F - model LS-3610-28F-OVS (0235A22F)\n\n3600 V2 Switch Series\n Fix in progress\nuse mitigations\n JG299A HP 3600-24 v2 EI Switch\nJG300A HP 3600-48 v2 EI Switch\nJG301A HP 3600-24-PoE+ v2 EI Switch\nJG301B HP 3600-24-PoE+ v2 EI Switch\nJG302A HP 3600-48-PoE+ v2 EI Switch\nJG302B HP 3600-48-PoE+ v2 EI Switch\nJG303A HP 3600-24-SFP v2 EI Switch\nJG304A HP 3600-24 v2 SI Switch\nJG305A HP 3600-48 v2 SI Switch\nJG306A HP 3600-24-PoE+ v2 SI Switch\nJG306B HP 3600-24-PoE+ v2 SI Switch\nJG307A HP 3600-48-PoE+ v2 SI Switch\nJG307B HP 3600-48-PoE+ v2 SI Switch\n\n3100V2\n Fix in progress\nuse mitigations\n JD313B HP 3100-24-PoE v2 EI Switch\nJD318B HP 3100-8 v2 EI Switch\nJD319B HP 3100-16 v2 EI Switch\nJD320B HP 3100-24 v2 EI Switch\nJG221A HP 3100-8 v2 SI Switch\nJG222A HP 3100-16 v2 SI Switch\nJG223A HP 3100-24 v2 SI Switch\n\n3100V2-48\n Fix in progress\nuse mitigations\n JG315A HP 3100-48 v2 Switch\n\n1910\n Fix in progress\nuse mitigations\n JE005A HP 1910-16G Switch\nJE006A HP 1910-24G Switch\nJE007A HP 1910-24G-PoE (365W) Switch\nJE008A HP 1910-24G-PoE(170W) Switch\nJE009A HP 1910-48G Switch\nJG348A HP 1910-8G Switch\nJG349A HP 1910-8G-PoE+ (65W) Switch\nJG350A HP 1910-8G-PoE+ (180W) Switch\n 3Com Baseline Plus Switch 2900 Gigabit Family - 52 port (3CRBSG5293)\n3Com Baseline Plus Switch 2900G - 20 port (3CRBSG2093)\n3Com Baseline Plus Switch 2900G - 28 port (3CRBSG2893)\n3Com Baseline Plus Switch 2900G - 28HPWR (3CRBSG28HPWR93)\n3Com Baseline Plus Switch 2900G - 28PWR (3CRBSG28PWR93)\n\n1810v1 P2\n Fix in progress\nuse mitigations\n J9449A HP 1810-8G Switch\nJ9450A HP 1810-24G Switch\n\n1810v1 PK\n Fix in progress\nuse mitigations\n J9660A HP 1810-48G Switch\n\nMSR20\n Fix in progress\nuse mitigations\n JD432A HP A-MSR20-21 Multi-Service Router\nJD662A HP MSR20-20 Multi-Service Router\nJD663A HP MSR20-21 Multi-Service Router\nJD663B HP MSR20-21 Router\nJD664A HP MSR20-40 Multi-Service Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\nH3C MSR 20-20 (0235A19H)\nH3C MSR 20-21 (0235A325)\nH3C MSR 20-40 (0235A19K)\nH3C MSR-20-21 Router (0235A19J)\n\nMSR20-1X\n Fix in progress\nuse mitigations\n JD431A HP MSR20-10 Router\nJD667A HP MSR20-15 IW Multi-Service Router\nJD668A HP MSR20-13 Multi-Service Router\nJD669A HP MSR20-13 W Multi-Service Router\nJD670A HP MSR20-15 A Multi-Service Router\nJD671A HP MSR20-15 AW Multi-Service Router\nJD672A HP MSR20-15 I Multi-Service Router\nJD673A HP MSR20-11 Multi-Service Router\nJD674A HP MSR20-12 Multi-Service Router\nJD675A HP MSR20-12 W Multi-Service Router\nJD676A HP MSR20-12 T1 Multi-Service Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\nJG209A HP MSR20-12-T-W Router (NA)\nJG210A HP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\nH3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-11 (0235A31V)\nH3C MSR 20-12 (0235A32E)\nH3C MSR 20-12 T1 (0235A32B)\nH3C MSR 20-13 (0235A31W)\nH3C MSR 20-13 W (0235A31X)\nH3C MSR 20-15 A (0235A31Q)\nH3C MSR 20-15 A W (0235A31R)\nH3C MSR 20-15 I (0235A31N)\nH3C MSR 20-15 IW (0235A31P)\nH3C MSR20-12 W (0235A32G)\n\nMSR30\n Fix in progress\nuse mitigations\n JD654A HP MSR30-60 POE Multi-Service Router\nJD657A HP MSR30-40 Multi-Service Router\nJD658A HP MSR30-60 Multi-Service Router\nJD660A HP MSR30-20 POE Multi-Service Router\nJD661A HP MSR30-40 POE Multi-Service Router\nJD666A HP MSR30-20 Multi-Service Router\nJF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF232A HP RT-MSR3040-AC-OVS-AS-H3\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)\nH3C MSR 30-20 (0235A19L)\nH3C MSR 30-20 POE (0235A239)\nH3C MSR 30-40 (0235A20J)\nH3C MSR 30-40 POE (0235A25R)\nH3C MSR 30-60 (0235A20K)\nH3C MSR 30-60 POE (0235A25S)\nH3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)\n\nMSR30-16\n Fix in progress\nuse mitigations\n JD659A HP MSR30-16 POE Multi-Service Router\nJD665A HP MSR30-16 Multi-Service Router\nJF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\nH3C MSR 30-16 (0235A237)\nH3C MSR 30-16 POE (0235A238)\n\nMSR30-1X\n Fix in progress\nuse mitigations\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\nH3C RT-MSR3011-AC-OVS-H3 (0235A29L)\n\nMSR50\n Fix in progress\nuse mitigations\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\n\nMSR50-G2\n Fix in progress\nuse mitigations\n JD429A HP MSR50 G2 Processor Module\nJD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q)\nH3C MSR 50 High Performance Main Processing Unit 3GE (Combo)\n256F/1GD(0231A0KL)\n\nMSR20 Russian version\n Fix in progress\nuse mitigations\n JD663B HP MSR20-21 Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\n\nMSR20-1X Russian version\n Fix in progress\nuse mitigations\n JD431A HP MSR20-10 Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\n\nMSR30 Russian version\n Fix in progress\nuse mitigations\n JF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n\nMSR30-1X Russian version\n Fix in progress\nuse mitigations\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L)\nH3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\n\nMSR30-16 Russian version\n Fix in progress\nuse mitigations\n JF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n\nMSR50 Russian version\n Fix in progress\nuse mitigations\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR 50 Processor Module (0231A791)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\n\nMSR50 G2 Russian version\n Fix in progress\nuse mitigations\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n\nMSR9XX\n Fix in progress\nuse mitigations\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\nJG207A HP MSR900-W Router (NA)\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2)\nH3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n\nMSR9XX Russian version\n Fix in progress\nuse mitigations\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\n H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\nH3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\n\nMSR93X\n Fix in progress\nuse mitigations\n JG511A HP MSR930 Router\nJG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\nMSR93X Russian version\n Fix in progress\nuse mitigations\n JG511A HP MSR930 Router\nJG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\nMSR1000\n Fix in progress\nuse mitigations\n JG732A HP MSR1003-8 AC Router\n\nMSR2000\n Fix in progress\nuse mitigations\n JG411A HP MSR2003 AC Router\n\nMSR3000\n Fix in progress\nuse mitigations\n JG404A HP MSR3064 Router\nJG405A HP MSR3044 Router\nJG406A HP MSR3024 AC Router\nJG409A HP MSR3012 AC Router\nJG861A HP MSR3024 TAA-compliant AC Router\n\nMSR4000\n Fix in progress\nuse mitigations\n JG402A HP MSR4080 Router Chassis\nJG403A HP MSR4060 Router Chassis\nJG412A HP MSR4000 MPU-100 Main Processing Unit\n\nF5000\n Fix in progress\nuse mitigations\n JG216A HP F5000 Firewall Standalone Chassis\nJD259A HP A5000-A5 VPN Firewall Chassis\n H3C SecPath F5000-A5 Host System (0150A0AG)\n\nU200S and CS\n Fix in progress\nuse mitigations\n JD268A HP 200-CS UTM Appliance\nJD273A HP U200-S UTM Appliance\n H3C SecPath U200-S (0235A36N)\n\nU200A and M\n Fix in progress\nuse mitigations\n JD274A HP 200-M UTM Appliance\nJD275A HP U200-A UTM Appliance\n H3C SecPath U200-A (0235A36Q)\n\nF1000A and S\n Fix in progress\nuse mitigations\n JD270A HP S1000-S VPN Firewall Appliance\nJD271A HP S1000-A VPN Firewall Appliance\nJG213A HP F1000-S-EI VPN Firewall Appliance\nJG214A HP F1000-A-EI VPN Firewall Appliance\n\nSecBlade FW\n Fix in progress\nuse mitigations\n JC635A HP 12500 VPN Firewall Module\nJD245A HP 9500 VPN Firewall Module\nJD249A HP 10500/7500 Advanced VPN Firewall Mod\nJD250A HP 6600 Firewall Processing Rtr Module\nJD251A HP 8800 Firewall Processing Module\nJD255A HP 5820 VPN Firewall Module\n H3C S9500E SecBlade VPN Firewall Module (0231A0AV)\nH3C S7500E SecBlade VPN Firewall Module (0231A832)\nH3C SR66 Gigabit Firewall Module (0231A88A)\nH3C SR88 Firewall Processing Module (0231A88L)\nH3C S5820 SecBlade VPN Firewall Module (0231A94J)\n\nF1000E\n Fix in progress\nuse mitigations\n JD272A HP S1000-E VPN Firewall Appliance\n\nVSR1000\n Fix in progress\nuse mitigations\n JG810AAE HP VSR1001 Virtual Services Router\nJG811AAE HP VSR1001 Virtual Services Router\nJG812AAE HP VSR1004 Virtual Services Router\nJG813AAE HP VSR1008 Virtual Services Router\n\nWX5002/5004\n Fix in progress\nuse mitigations\n JD441A HP 5800 ACM for 64-256 APs\nJD447B HP WX5002 Access Controller\nJD448A HP A-WX5004 Access Controller\nJD448B HP WX5004 Access Controller\nJD469A HP A-WX5004 (3Com) Access Controller\nJG261A HP 5800 Access Controller OAA TAA Mod\n\nHP 850/870\n Fix in progress\nuse mitigations\n JG723A HP 870 Unified Wired-WLAN Appliance\nJG725A HP 870 Unifd Wrd-WLAN TAA Applnc\n\nHP 830\n Fix in progress\nuse mitigations\n JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch\nJG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch\nJG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch\nJG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch\n\nHP 6000\n Fix in progress\nuse mitigations\n JG639A HP 10500/7500 20G Unified Wired-WLAN Mod\nJG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod\n\nM220\n Fix in progress\nuse mitigations\n J9798A HP M220 802.11n AM Access Point\nJ9799A HP M220 802.11n WW Access Point\n\nNGFW\n Fix in progress\nuse mitigations\n JC882A HP S1050F NGFW Aplnc w/DVLabs 1-yr Lic\nJC883A HP S3010F NGFW Aplnc w/DVLabs 1-yr Lic\nJC884A HP S3020F NGFW Aplnc w/DVLabs 1-yr Lic\nJC885A HP S8005F NGFW Aplnc w/DVLabs 1-yr Lic\nJC886A HP S8010F NGFW Aplnc w/DVLabs 1-yr Lic\n\niMC UAM 7.0\n Fix in progress\nuse mitigations\n JD144A HP IMC UAM S/W Module w/200-User License\nJF388A HP IMC UAM S/W Module w/200-user License\nJD435A HP IMC EAD Client Software\nJF388AAE HP IMC UAM S/W Module w/200-user E-LTU\nJG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU\n\niMC EAD 7.0\n Fix in progress\nuse mitigations\n JF391AAE HP IMC EAD S/W Module w/200-user E-LTU\nJG754AAE HP IMC EAD SW Module w/ 50-user E-LTU\nJD147A HP IMC Endpoint Admission Defense Software Module with 200-user\nLicense\nJF391A HP IMC EAD S/W Module w/200-user License\n\niMC PLAT 7.0\n Fix in progress\nuse mitigations\n JF377AAE HP IMC Standard Edition Software Platform with 100-node E-LTU\nJG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\nJG747AAE HP IMC Standard Software Platform with 50-node E-LTU\nJG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\nJD125A HP IMC Standard Edition Software Platform with 100-node License\nJD815A HP IMC Standard Edition Software Platform with 100-node License\nJD816A HP A-IMC Standard Edition Software DVD Media\nJF377A HP IMC Standard Edition Software Platform with 100-node License\nJF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU\nJF289AAE HP Enterprise Management System to Intelligent Management Center\nUpgrade E-LTU\nTJ635AAE HP IMC for ANM 50 node pack SW E-LTU (On HP Softwares CPL\nnot HPNs)\nJF378AAE HP IMC Enterprise Edition Software Platform with 200-Node E-LTU\nJG748AAE HP IMC Enterprise Software Platform with 50-node E-LTU\nJD126A HP A-IMC Enterprise Software Platform with 200-node License\nJD808A HP A-IMC Enterprise Software Platform with 200-node License\nJD814A HP A-IMC Enterprise Edition Software DVD Media\nJF378A HP IMC Enterprise Edition Software Platform with 200-node License\nJG546AAE HP IMC Basic SW Platform w/50-node E-LTU\nJG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\nJG550AAE HP PMM to IMC Bsc WLM Upgr w/150 AP E-LTU\nJG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\nJG659AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU\nJG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU\nJG660AAE HP IMC Smart Connect w / WLAN Manager Virtual Appliance Edition\nE-LTU\nJG767AAE HP IMC Smart Connect with Wireless Service Manager Virtual Appliance\nSoftware E-LTU\n\nHISTORY\nVersion:1 (rev.1) - 20 June 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlOkrM4ACgkQ4B86/C0qfVn7/QCeK5T1H9dXfVQgIKSr5USqLmvq\nCtMAnjujH7e5aXfIOvxyyuB0FcSwIWCM\n=CEL7\n-----END PGP SIGNATURE-----\n. \nOpenSSL is a 3rd party product that is embedded with some HP printer\nproducts. This bulletin notifies HP Printer customers about impacted\nproducts. To obtain the updated firmware, go to www.hp.com and follow\nthese steps:\n\nSelect \"Drivers \u0026 Software\". \nEnter the appropriate product name listed in the table below into the search\nfield. \nClick on \"Search\". \nClick on the appropriate product. \nUnder \"Select operating system\" click on \"Cross operating system (BIOS,\nFirmware, Diagnostics, etc.)\"\nNote: If the \"Cross operating system ...\" link is not present, select\napplicable Windows operating system from the list. \nSelect the appropriate firmware update under \"Firmware\". \n\nFirmware Updates Table\n\nProduct Name\n Model Number\n Firmware Revision\n\nHP Color LaserJet CM4540 MFP\n CC419A, CC420A, CC421A\n v 2302963_436067 (or higher)\n\nHP Color LaserJet CP5525\n CE707A,CE708A,CE709A\n v 2302963_436070 (or higher)\n\nHP Color LaserJet Enterprise M750\n D3L08A, D3L09A, D3L10A\n v 2302963_436077 (or higher)\n\nHP Color LaserJet M651\n CZ255A, CZ256A, CZ257A, CZ258A\n v 2302963_436073 (or higher)\n\nHP Color LaserJet M680\n CZ248A, CZ249A\n v 2302963_436072 (or higher)\n\nHP Color LaserJet Flow M680\n CZ250A, CA251A\n v 2302963_436072 (or higher)\n\nHP LaserJet Enterprise 500 color MFP M575dn\n CD644A, CD645A\n v 2302963_436081 (or higher)\n\nHP LaserJet Enterprise 500 MFP M525f\n CF116A, CF117A\n v 2302963_436069 (or higher)\n\nHP LaserJet Enterprise 600 M601 Series\n CE989A, CE990A\n v 2302963_436082 (or higher)\n\nHP LaserJet Enterprise 600 M602 Series\n CE991A, CE992A, CE993A\n v 2302963_436082 (or higher)\n\nHP LaserJet Enterprise 600 M603 Series\n CE994A, CE995A, CE996A\n v 2302963_436082 (or higher)\n\nHP LaserJet Enterprise MFP M630 series\n B3G84A, B3G85A, B3G86A, J7X28A\n v 2303714_233000041 (or higher)\n\nHP LaserJet Enterprise 700 color M775 series\n CC522A, CC523A, CC524A, CF304A\n v 2302963_436079 (or higher)\n\nHP LaserJet Enterprise 700 M712 series\n CF235A, CF236A, CF238A\n v 2302963_436080 (or higher)\n\nHP LaserJet Enterprise 800 color M855\n A2W77A, A2W78A, A2W79A\n v 2302963_436076 (or higher)\n\nHP LaserJet Enterprise 800 color MFP M880\n A2W76A, A2W75A, D7P70A, D7P71A\n v 2302963_436068 (or higher)\n\nHP LaserJet Enterprise Color 500 M551 Series\n CF081A,CF082A,CF083A\n v 2302963_436083 (or higher)\n\nHP LaserJet Enterprise color flow MFP M575c\n CD646A\n v 2302963_436081 (or higher)\n\nHP LaserJet Enterprise flow M830z MFP\n CF367A\n v 2302963_436071 (or higher)\n\nHP LaserJet Enterprise flow MFP M525c\n CF118A\n v 2302963_436069 (or higher)\n\nHP LaserJet Enterprise M4555 MFP\n CE502A,CE503A, CE504A, CE738A\n v 2302963_436064 (or higher)\n\nHP LaserJet Enterprise M806\n CZ244A, CZ245A\n v 2302963_436075 (or higher)\n\nHP LaserJet Enterprise MFP M725\n CF066A, CF067A, CF068A, CF069A\n v 2302963_436078 (or higher)\n\nHP Scanjet Enterprise 8500 Document Capture Workstation\n L2717A, L2719A\n v 2302963_436065 (or higher)\n\nOfficeJet Enterprise Color MFP X585\n B5L04A, B5L05A,B5L07A\n v 2302963_436066 (or higher)\n\nOfficeJet Enterprise Color X555\n C2S11A, C2S12A\n v 2302963_436074 (or higher)\n\nHP Color LaserJet CP3525\n CC468A, CC469A, CC470A, CC471A\n v 06.183.1 (or higher)\n\nHP LaserJet M4345 Multifunction Printer\n CB425A, CB426A, CB427A, CB428A\n v 48.306.1 (or higher)\n\nHP LaserJet M5025 Multifunction Printer\n Q7840A\n v 48.306.1 (or higher)\n\nHP Color LaserJet CM6040 Multifunction Printer\n Q3938A, Q3939A\n v 52.256.1 (or higher)\n\nHP Color LaserJet Enterprise CP4525\n CC493A, CC494A, CC495A\n v 07.164.1 (or higher)\n\nHP Color LaserJet Enterprise CP4025\n CC489A, CC490A\n v 07.164.1 (or higher)\n\nHP LaserJet M5035 Multifunction Printer\n Q7829A, Q7830A, Q7831A\n v 48.306.1 (or higher)\n\nHP LaserJet M9050 Multifunction Printer\n CC395A\n v 51.256.1 (or higher)\n\nHP LaserJet M9040 Multifunction Printer\n CC394A\n v 51.256.1 (or higher)\n\nHP Color LaserJet CM4730 Multifunction Printer\n CB480A, CB481A, CB482A, CB483A\n v 50.286.1 (or higher)\n\nHP LaserJet M3035 Multifunction Printer\n CB414A, CB415A, CC476A, CC477A\n v 48.306.1 (or higher)\n\nHP 9250c Digital Sender\n CB472A\n v 48.293.1 (or higher)\n\nHP LaserJet Enterprise P3015\n CE525A,CE526A,CE527A,CE528A,CE595A\n v 07.186.1 (or higher)\n\nHP LaserJet M3027 Multifunction Printer\n CB416A, CC479A\n v 48.306.1 (or higher)\n\nHP LaserJet CM3530 Multifunction Printer\n CC519A, CC520A\n v 53.236.1 (or higher)\n\nHP Color LaserJet CP6015\n Q3931A, Q3932A, Q3933A, Q3934A, Q3935A\n v 04.203.1 (or higher)\n\nHP LaserJet P4515\n CB514A,CB515A, CB516A, CB517A\n v 04.213.1 (or higher)\n\nHP Color LaserJet CM6030 Multifunction Printer\n CE664A, CE665A\n v 52.256.1 (or higher)\n\nHP LaserJet P4015\n CB509A, CB526A, CB511A, CB510A\n v 04.213.1 (or higher)\n\nHP LaserJet P4014\n CB507A, CB506A, CB512A\n v 04.213.1 (or higher)\n\nHISTORY\nVersion:1 (rev.1) - 22 September 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      },
      {
        "db": "BID",
        "id": "67899"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "db": "PACKETSTORM",
        "id": "127166"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0224",
        "trust": 2.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10629",
        "trust": 1.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#978508",
        "trust": 1.9
      },
      {
        "db": "MCAFEE",
        "id": "SB10075",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "59824",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59310",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59380",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59661",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59162",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59666",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59191",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59188",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60176",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59375",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59101",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59441",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59163",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59142",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59126",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59186",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60567",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59189",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59437",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59445",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58639",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59282",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59132",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59506",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59383",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59135",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59342",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59659",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59364",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58492",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60066",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58337",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60571",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59192",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58667",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59223",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59004",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59459",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59990",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59214",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59338",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59438",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59429",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59287",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60577",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59530",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59448",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58759",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59012",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59894",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59175",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59055",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59669",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59368",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59518",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58714",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58716",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60049",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59043",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59655",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59878",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59370",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59449",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59435",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59491",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59495",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59514",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59120",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58579",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59721",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59529",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59284",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59389",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58745",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59167",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58128",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58977",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59442",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59040",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58939",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59784",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59093",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59454",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59885",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58660",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59460",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59354",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58743",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59362",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58945",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59446",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59602",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59305",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58433",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59502",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59374",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59264",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59528",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58713",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59325",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59450",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58385",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60819",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59525",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59490",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59231",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59365",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "61254",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59301",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59440",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59202",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59451",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59190",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59447",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59589",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60522",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58742",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59677",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59300",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59306",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "61815",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59413",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59483",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59063",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58719",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59444",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59211",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59827",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59215",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59347",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58930",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59916",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58615",
        "trust": 1.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-234763",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1031594",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1031032",
        "trust": 1.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4645",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-24443",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080",
        "trust": 0.6
      },
      {
        "db": "DLINK",
        "id": "SAP10045",
        "trust": 0.3
      },
      {
        "db": "DLINK",
        "id": "SAP10046",
        "trust": 0.3
      },
      {
        "db": "JUNIPER",
        "id": "JSA10643",
        "trust": 0.3
      },
      {
        "db": "JUNIPER",
        "id": "JSA10659",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-094-04",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03F",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03G",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03B",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03C",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03D",
        "trust": 0.3
      },
      {
        "db": "JVN",
        "id": "JVN61247051",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "67899",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0224",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127936",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127166",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127630",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127422",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127403",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127190",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128345",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "db": "BID",
        "id": "67899"
      },
      {
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "db": "PACKETSTORM",
        "id": "127166"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "id": "VAR-201406-0445",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.4594171644
  },
  "last_update_date": "2024-07-23T21:30:24.345000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl-1.0.1h",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51081"
      },
      {
        "title": "openssl-1.0.0m",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51080"
      },
      {
        "title": "openssl-0.9.8za",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51079"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-351",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-351"
      },
      {
        "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03107 rev.3  -  Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=d0eef6c81e529a1b8e4ea4b72eaef4d0"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-350",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-350"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b92b65104373bc8476811ff1b99cd369"
      },
      {
        "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03107 rev.3  -  Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=a7d1e620ea07a6fd4d3ec24012763337"
      },
      {
        "title": "Red Hat: CVE-2014-0224",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0224"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-3"
      },
      {
        "title": "HP: HPSBPI03107 rev.3  -  Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbpi03107"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-4"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-2"
      },
      {
        "title": "Debian Security Advisories: DSA-2950-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=909292f2afe623fbec51f7ab6b32f790"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6"
      },
      {
        "title": "Tenable Security Advisories: [R8] Tenable Products Affected by OpenSSL \u0027CCS Injection\u0027 Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2014-03"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-349",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-349"
      },
      {
        "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60"
      },
      {
        "title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201"
      },
      {
        "title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2014-0224 "
      },
      {
        "title": "crochet-technologies",
        "trust": 0.1,
        "url": "https://github.com/crochet-technology/crochet-technologies "
      },
      {
        "title": "openssl-ccs-cve-2014-0224",
        "trust": 0.1,
        "url": "https://github.com/ssllabs/openssl-ccs-cve-2014-0224 "
      },
      {
        "title": "android-development-best-practices",
        "trust": 0.1,
        "url": "https://github.com/niharika2810/android-development-best-practices "
      },
      {
        "title": "ssl-grader",
        "trust": 0.1,
        "url": "https://github.com/sslyze410-sslgrader-wciphersuite-info/ssl-grader "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/dtarnawsky/capacitor-plugin-security-provider "
      },
      {
        "title": "qualysparser",
        "trust": 0.1,
        "url": "https://github.com/pr4jwal/qualysparser "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/wanderwille/13.01 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-326",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://support.citrix.com/article/ctx140876"
      },
      {
        "trust": 2.5,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html"
      },
      {
        "trust": 2.2,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1020948"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg1it02314"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676877"
      },
      {
        "trust": 2.2,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "trust": 2.2,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004678"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
      },
      {
        "trust": 2.0,
        "url": "http://www.openssl.org/news/secadv_20140605.txt"
      },
      {
        "trust": 1.9,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29217"
      },
      {
        "trust": 1.9,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629"
      },
      {
        "trust": 1.9,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1"
      },
      {
        "trust": 1.9,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678233"
      },
      {
        "trust": 1.9,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29195"
      },
      {
        "trust": 1.9,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html"
      },
      {
        "trust": 1.9,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037730"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037727"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
      },
      {
        "trust": 1.9,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757"
      },
      {
        "trust": 1.9,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676833"
      },
      {
        "trust": 1.9,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80"
      },
      {
        "trust": 1.9,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075"
      },
      {
        "trust": 1.9,
        "url": "http://www.fortiguard.com/advisory/fg-ir-14-018/"
      },
      {
        "trust": 1.9,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020172"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0630.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0631.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0633.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0632.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0627.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0680.html"
      },
      {
        "trust": 1.9,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755"
      },
      {
        "trust": 1.9,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
      },
      {
        "trust": 1.9,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095740"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677131"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676478"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037731"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037732"
      },
      {
        "trust": 1.9,
        "url": "http://www.kb.cert.org/vuls/id/978508"
      },
      {
        "trust": 1.7,
        "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
      },
      {
        "trust": 1.6,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59661"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59301"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59300"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59784"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59413"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59655"
      },
      {
        "trust": 1.6,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60522"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59659"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141383465822787\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "https://access.redhat.com/site/blogs/766093/posts/908133"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140784085708882\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59310"
      },
      {
        "trust": 1.6,
        "url": "http://linux.oracle.com/errata/elsa-2014-1053.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59666"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58337"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58579"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59305"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59306"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59669"
      },
      {
        "trust": 1.6,
        "url": "http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59429"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676333"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676334"
      },
      {
        "trust": 1.6,
        "url": "http://ccsinjection.lepidum.co.jp"
      },
      {
        "trust": 1.6,
        "url": "http://support.apple.com/kb/ht6443"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140852757108392\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6061\u0026myns=phmc\u0026mync=e"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58667"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59514"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59878"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59518"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140870499402361\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www.blackberry.com/btsc/kb36051"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60066"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141025641601169\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140386311427810\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59093"
      },
      {
        "trust": 1.6,
        "url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140369637402535\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59530"
      },
      {
        "trust": 1.6,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59894"
      },
      {
        "trust": 1.6,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2014/jun/38"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58433"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59885"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59525"
      },
      {
        "trust": 1.6,
        "url": "https://filezilla-project.org/versions.php?type=server"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141147110427269\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677567"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59529"
      },
      {
        "trust": 1.6,
        "url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/releasenotes_for_snare_for_mssql.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59528"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:105"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:106"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59063"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141383410222440\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59186"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59189"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/61815"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140604261522465\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59188"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60049"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/61254"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59190"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59192"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59191"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59990"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58660"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59502"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59506"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60176"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59040"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59282"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59163"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59284"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59162"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59043"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59167"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59287"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58742"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676845"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58743"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58745"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0624.html"
      },
      {
        "trust": 1.6,
        "url": "https://www.imperialviolet.org/2014/06/05/earlyccs.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59055"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59175"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140794476212181\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59721"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59602"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58759"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58639"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6060\u0026myns=phmc\u0026mync=e"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1031032"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59380"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59383"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59264"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59142"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0626.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59389"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140983229106599\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www.splunk.com/view/sp-caaam2d"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677390"
      },
      {
        "trust": 1.6,
        "url": "http://www.kerio.com/support/kerio-control/release-history"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60819"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037729"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2014/dec/23"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58977"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59824"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58615"
      },
      {
        "trust": 1.6,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103586"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59827"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
      },
      {
        "trust": 1.6,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59120"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59362"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59483"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59365"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59364"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59004"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58945"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59916"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
      },
      {
        "trust": 1.6,
        "url": "http://esupport.trendmicro.com/solution/en-us/1103813.aspx"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61506"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59370"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59491"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59490"
      },
      {
        "trust": 1.6,
        "url": "http://puppetlabs.com/security/cve/cve-2014-0224"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59132"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59374"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59495"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59012"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59375"
      },
      {
        "trust": 1.6,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140499864129699\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59135"
      },
      {
        "trust": 1.6,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59126"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59368"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58713"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020163"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58714"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58716"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58719"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1031594"
      },
      {
        "trust": 1.6,
        "url": "http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677080"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58492"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59460"
      },
      {
        "trust": 1.6,
        "url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/releasenotes_for_snare_for_windows.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59101"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59342"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59223"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59215"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60567"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004690"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59214"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58128"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59338"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59459"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676786"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59231"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59354"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58385"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59347"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59589"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60577"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140852826008699\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58930"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141164638606214\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf"
      },
      {
        "trust": 1.6,
        "url": "https://discussions.nessus.org/thread/7517"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676536"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58939"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60571"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59440"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59442"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59441"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59202"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59444"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59435"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59677"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59437"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037870"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59438"
      },
      {
        "trust": 1.6,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59451"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59450"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59211"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/docview.wss?uid=ssg1s1004670"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140672208601650\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59454"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/docview.wss?uid=ssg1s1004671"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59325"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59446"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59445"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59448"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59447"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59449"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=bc8923b1ec9c467755cd86f7848c50ee8812e441"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/solutions/len-24443"
      },
      {
        "trust": 0.5,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.5,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.5,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.3,
        "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032618"
      },
      {
        "trust": 0.3,
        "url": "http://www.sophos.com/en-us/support/knowledgebase/121112.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://sylpheed.sraoss.jp/en/news.html"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list\u0026showdraft=false"
      },
      {
        "trust": 0.3,
        "url": "http://www.arubanetworks.com/support/alerts/aid-06062014.txt"
      },
      {
        "trust": 0.3,
        "url": "http://googlechromereleases.blogspot.com/2014/06/chrome-for-android-update.html"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/"
      },
      {
        "trust": 0.3,
        "url": "http://bugs.python.org/issue21671"
      },
      {
        "trust": 0.3,
        "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10046"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004805"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04438404"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687640"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682840"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678123"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678073"
      },
      {
        "trust": 0.3,
        "url": "http://www.websense.com/support/article/kbarticle/july-2014-hotfix-summary-for-websense-solutions"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10643\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://jvn.jp/en/jp/jvn61247051/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.sophos.com/2014/06/10/openssl-man-in-the-middle-vulnerability-sophos-product-status-2/"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181245"
      },
      {
        "trust": 0.3,
        "url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20140606_001_en.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004758"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004747"
      },
      {
        "trust": 0.3,
        "url": "http://openvpn.net/index.php/open-source/downloads.html"
      },
      {
        "trust": 0.3,
        "url": "http://www8.hp.com/us/en/software-solutions/operations-analytics-operations-analysis/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "https://community.rapid7.com/community/metasploit/blog/2014/06/05/security-advisory-openssl-vulnerabilities-cve-2014-0224-cve-2014-0221-in-metasploit"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685551"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096059"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.splunk.com/2014/06/09/splunk-and-the-latest-openssl-vulnerabilities/"
      },
      {
        "trust": 0.3,
        "url": "http://www.marshut.com/ixwnpv/stunnel-5-02-released.html"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.sophos.com/2014/06/16/utm-up2date-9-113-released/"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.sophos.com/2014/06/18/utm-up2date-9-203-released/"
      },
      {
        "trust": 0.3,
        "url": " https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04404764"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04385138"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181099"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101007404"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100180978"
      },
      {
        "trust": 0.3,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-03"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/mar/21"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/mar/9"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03d"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03g"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181096"
      },
      {
        "trust": 0.3,
        "url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678040"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1it02314"
      },
      {
        "trust": 0.3,
        "url": "http://kb.parallels.com/en/121916"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24036409"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032650#5.0.0.15"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032651"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034955"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020948"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04401858"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04397114"
      },
      {
        "trust": 0.3,
        "url": " https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479505"
      },
      {
        "trust": 0.3,
        "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04512909"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04343424"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368264"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04347622"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04347711"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04351097"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04363613"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368546"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04370307"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04392919"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04398968"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04401666"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04337774"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04451722"
      },
      {
        "trust": 0.3,
        "url": "https://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay\u0026spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04406535-1%257cdoclocale%253d%"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04425253"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04595094"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04336637"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001840"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181215"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680546"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680511,swg21680439,swg21680673,swg21680546"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24037729"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678413"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680706,swg21680707,nas8n1020200,swg21680511,swg21680439,swg21680673,swg21680546"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680673,swg21680546"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680707,nas8n1020200,swg21680511,swg21680439,swg21680673,swg21680546"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004830"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676673"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678660"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680439,swg21680673,swg21680546"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677891"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676536"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095910"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/33a01-5228bdf5d027e/cert_security_mini-_bulletin_xrx15ao_for_cq8570-cq8870_v1-0.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015158"
      },
      {
        "trust": 0.3,
        "url": "http://securityadvisories.paloaltonetworks.com/home/detail/23?aspxautodetectcookiesupport=1"
      },
      {
        "trust": 0.3,
        "url": "http://www.freebsd.org/security/advisories/freebsd-sa-14:14.openssl.asc"
      },
      {
        "trust": 0.3,
        "url": "https://bto.bluecoat.com/security-advisory/sa80"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181079"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181566"
      },
      {
        "trust": 0.3,
        "url": "https://library.netapp.com/ecm/ecm_get_file/ecmp1636026"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676276"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676786"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676793"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676840"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677225"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682398"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095738"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020163"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683336"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682023"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021064"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682026"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682024"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677080"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676877"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095841"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690128"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004678"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004824"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004690"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676542"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676543"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004744"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676333"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678289"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004695"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676708"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676505"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03b"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03c"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03f"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
      },
      {
        "trust": 0.3,
        "url": "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update-for-chrome-os.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001842"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001839"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004821"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004670"
      },
      {
        "trust": 0.3,
        "url": "www-01.ibm.com/support/docview.wss?uid=ssg1s1004671"
      },
      {
        "trust": 0.3,
        "url": "http://www.ubuntu.com/usn/usn-2232-4/"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://winscp.net/eng/docs/history#5.5.4"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00073"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00074"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00070"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00076"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00079"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00071"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00075"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00078"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00072"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00077"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2232-3"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2232-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.6"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1332643"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.16"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.19"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/km01028458"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/km01020441"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=c03536"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67899"
      },
      {
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "db": "PACKETSTORM",
        "id": "127166"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "db": "BID",
        "id": "67899"
      },
      {
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "db": "PACKETSTORM",
        "id": "127166"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-06-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "date": "2014-06-05T00:00:00",
        "db": "BID",
        "id": "67899"
      },
      {
        "date": "2014-08-20T15:18:26",
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "date": "2014-06-24T00:52:51",
        "db": "PACKETSTORM",
        "id": "127166"
      },
      {
        "date": "2014-07-28T20:36:25",
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "date": "2014-07-11T21:05:34",
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "date": "2014-07-09T17:11:19",
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "date": "2014-06-24T01:45:14",
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "date": "2014-09-22T16:56:00",
        "db": "PACKETSTORM",
        "id": "128345"
      },
      {
        "date": "2014-06-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "date": "2014-06-05T21:55:07.817000",
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "date": "2017-10-19T03:03:00",
        "db": "BID",
        "id": "67899"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "date": "2023-11-07T02:18:13.190000",
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Encryption problem vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      }
    ],
    "trust": 0.6
  }
}

var-201609-0592
Vulnerability from variot

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. Supplementary information : CWE Vulnerability type by CWE-125: Out-of-bounds Read ( Read out of bounds ) Has been identified. http://cwe.mitre.org/data/definitions/125.htmlService disruption through the manipulation of crafted certificates by third parties ( Read out of bounds ) There is a possibility of being put into a state. OpenSSL is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-2178)

  • It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181)

  • An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. (CVE-2016-2182)

  • A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)

This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.

  • An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. (CVE-2016-6302)

  • Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)

  • An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm

ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm

s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm

ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm

s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm

s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

After installing the updated packages, the httpd daemon will be restarted automatically. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/

CVE-2016-2178

Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.

CVE-2016-2179 / CVE-2016-2181

Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4.

For the unstable distribution (sid), these problems will be fixed soon.

Gentoo Linux Security Advisory GLSA 201612-16

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2j >= 1.0.2j

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"

References

[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201612-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. ========================================================================== Ubuntu Security Notice USN-3087-1 September 22, 2016

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)

Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181)

Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182)

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183)

Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)

Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.4

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.20

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.37

After a standard system update you need to reboot your computer to make all the necessary changes. Description:

This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):

JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7

  1. OpenSSL Security Advisory [22 Sep 2016]

OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

Severity: High

A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.

Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.

OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

SSL_peek() hang on empty record (CVE-2016-6305)

Severity: Moderate

OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.

SWEET32 Mitigation (CVE-2016-2183)

Severity: Low

SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.

OOB write in MDC2_Update() (CVE-2016-6303)

Severity: Low

An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.

The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Malformed SHA512 ticket DoS (CVE-2016-6302)

Severity: Low

If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.

The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB write in BN_bn2dec() (CVE-2016-2182)

Severity: Low

The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB read in TS_OBJ_print_bio() (CVE-2016-2180)

Severity: Low

The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Pointer arithmetic undefined behaviour (CVE-2016-2177)

Severity: Low

Avoid some undefined pointer arithmetic

A common idiom in the codebase is to check limits in the following manner: "p + len > limit"

Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS message).

The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.

For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

Constant time flag not preserved in DSA signing (CVE-2016-2178)

Severity: Low

Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.

DTLS buffered message DoS (CVE-2016-2179)

Severity: Low

In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.

DTLS replay protection DoS (CVE-2016-2181)

Severity: Low

A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.

Certificate message OOB reads (CVE-2016-6306)

Severity: Low

In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.

The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.

OpenSSL 1.1.0 is not affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)

Severity: Low

A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect DTLS users.

OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)

Severity: Low

This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.

A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect TLS users.

OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0592",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.0.0"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1r"
      },
      {
        "model": "icewall sso",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "icewall federation agent",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.16"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.2.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1t"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.1.2"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.47"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.12.0"
      },
      {
        "model": "suse linux enterprise module for web scripting",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "12.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.0"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "(64)"
      },
      {
        "model": "web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "express"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional for plug-in"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- messaging"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "ucosminexus developer standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "(64)"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "01"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "certd"
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.4"
      },
      {
        "model": "ucosminexus developer light",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "agent option"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "sg3600 all series"
      },
      {
        "model": "application server for developers",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2i"
      },
      {
        "model": "linux enterprise module for web scripting",
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "st ard-r"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0 to  v8.1"
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base(64)"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "icewall federation agent",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "ix1000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "cosminexus http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "-r"
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions  (linux edition )"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "icewall mcrp",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "ucosminexus application server standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw"
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "node.js",
        "scope": null,
        "trust": 0.8,
        "vendor": "node js",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "webex centers t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "big-ip afm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "big-ip apm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13150-13"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip gtm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "nexus series blade switches 4.1 e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "big-ip analytics build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.110.104.180"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip aam build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "stealthwatch management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "tivoli provisioning manager for os deployment 5.1.fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.2"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.5"
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip ltm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.110.104.180"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip afm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router 1.2.1rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7.0"
      },
      {
        "model": "big-ip gtm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "big-ip analytics hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "big-ip afm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.14"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip link controller build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "big-ip apm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "nexus series switches standalone nx-os mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3.1"
      },
      {
        "model": "nexus series switches standalone nx-os mode 7.0 i5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip pem hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.26"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "big-ip pem hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "big-ip afm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip aam hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.11"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.9"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip afm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip link controller hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.8"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "telepresence sx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client hosted t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip aam hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip aam hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip aam hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0.1"
      },
      {
        "model": "big-ip afm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8200"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.9"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "unified communications manager im \u0026 presence service (formerly c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.5"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip afm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.20"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip asm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip gtm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "big-ip pem hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip gtm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.1.3"
      },
      {
        "model": "big-ip webaccelerator hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0.7"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.11"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "big-ip afm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "partner support service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip afm hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.9"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip pem hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "cloud web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "email gateway 7.6.2h968406",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip link controller hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "telepresence mx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "big-ip ltm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip link controller hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.8"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings client on-premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6(1)"
      },
      {
        "model": "services provisioning platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "nac appliance clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "big-ip link controller hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "big-ip afm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip link controller hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.405"
      },
      {
        "model": "big-ip gtm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip afm build 685-hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip gtm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "big-iq device hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "model": "big-ip apm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "services provisioning platform sfp1.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.8"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.5"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "jabber for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.4"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.9"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.1.0"
      },
      {
        "model": "big-ip dns build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "big-ip afm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.110.104.180"
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip pem hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3.8"
      },
      {
        "model": "big-ip dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip edge gateway 10.2.3-hf1",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.10"
      },
      {
        "model": "big-ip ltm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "stealthwatch identity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.0"
      },
      {
        "model": "big-ip aam hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2(1)"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip afm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "unified workforce optimization quality management solution 11.5 su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.2"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "big-ip link controller hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "universal small cell iuh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "big-ip afm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip pem hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "jabber client framework components",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip aam build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "big-ip ltm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings client on-premises t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dcm series d9900 digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip websafe hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip afm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.19"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.3"
      },
      {
        "model": "big-ip link controller hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip gtm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl 1.0.2i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "big-ip gtm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.110.104.180"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.4"
      },
      {
        "model": "bigfix remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "big-ip gtm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "prime network services controller 1.01u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.12"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip analytics hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9.15.9.8"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip apm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.10"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "big-ip link controller hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "big-ip aam hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103204.4"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.10"
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.1"
      },
      {
        "model": "telepresence system ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip ltm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "webex business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip aam hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.5(3)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.19"
      },
      {
        "model": "nexus series blade switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8204.4"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "big-ip pem hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.0.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-376.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "jabber for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "telepresence profile series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "big-ip analytics hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1.0.0"
      },
      {
        "model": "big-ip analytics hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.10"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.28"
      },
      {
        "model": "edge digital media player 1.6rb5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.12"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "big-ip gtm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip afm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.0.0"
      },
      {
        "model": "telepresence isdn gateway mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.6.1.0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wireless lan controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.5.0"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip gtm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.33"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "telepresence mx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "big-ip afm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip link controller hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip aam hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip apm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0.1"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "big-ip ltm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.401"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.8"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "bigfix remote control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.7"
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "big-ip afm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip gtm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "tandberg codian isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway 7.6.405h1165239",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip aam hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.9"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "digital media manager 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.4.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "big-ip asm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.2"
      },
      {
        "model": "project openssl 1.0.1t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-iq cloud hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.7"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "big-ip asm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.3"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "big-ip gtm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.19"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "big-ip ltm hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip apm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.110.104.180"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "big-ip aam build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "webex meetings server multimedia platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "unified ip conference phone 10.3.1sr4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.5"
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "series stackable managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "big-ip afm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.3.0"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "big-ip edge gateway hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.11"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "big-ip apm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip gtm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "aironet series access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27000"
      },
      {
        "model": "onepk all-in-one virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip link controller hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-iq centralized management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "5.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip pem hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-iq cloud hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.6.0.1"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "big-ip asm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip asm hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip asm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip afm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13006.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.7.0.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11006.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "big-ip gtm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip pem hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "telepresence sx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5"
      },
      {
        "model": "big-ip dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip apm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip afm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "nac appliance clean access server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip apm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.0.1"
      },
      {
        "model": "big-ip ltm build 685-hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "big-ip analytics hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.1"
      },
      {
        "model": "prime optical for service providers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart care",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.6.0"
      },
      {
        "model": "big-ip ltm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip ltm hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.11"
      },
      {
        "model": "edge digital media player 1.2rb1.0.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "340"
      },
      {
        "model": "network performance analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.19"
      },
      {
        "model": "big-ip asm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "big-ip afm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip afm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip link controller hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip afm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.5"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "big-ip analytics build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "big-ip afm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82.8"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.7"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.7"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "telepresence integrator c series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "big-ip aam build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.110.104.180"
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.9"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "big-ip pem hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "big-ip ltm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "content security management appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.140"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.8"
      },
      {
        "model": "big-ip aam hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-iq centralized management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.6"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.1"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip analytics hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.14"
      },
      {
        "model": "big-ip analytics hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "big-ip ltm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip link controller hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip analytics build 685-hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "jabber client framework components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "big-ip pem hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "big-ip link controller hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip afm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.403"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "unified sip proxy software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.3"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "telepresence server and mse",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087104.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.6"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "ucs series and series fabric interconnects",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "620063000"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.6.0.0"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip analytics hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.3.0"
      },
      {
        "model": "netflow generation appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(1)"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.6"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.11"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip apm hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.3-6513"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.28"
      },
      {
        "model": "big-ip pem hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.2.0"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "big-ip pem hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.9"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.29"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.18"
      },
      {
        "model": "big-ip dns hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip asm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.8.15.7.15"
      },
      {
        "model": "big-ip aam hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "prime infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "big-ip asm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.23"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "big-ip gtm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103200"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.24"
      },
      {
        "model": "content security appliance update servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "big-ip websafe hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "videoscape anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.7.2"
      },
      {
        "model": "big-iq centralized management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "5.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "big-ip ltm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip afm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.3"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip link controller build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.9"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip link controller hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip aam hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "universal small cell iuh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1.1"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.2"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.4"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-326.1"
      },
      {
        "model": "big-iq adc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.8"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "small business series managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.15"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "unity express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip analytics hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10006.1"
      },
      {
        "model": "telepresence isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "big-ip afm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "series smart plus switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2200"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.21"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "big-ip websafe hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip gtm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip link controller hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "big-ip asm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip gtm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip afm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip apm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "telepresence system series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30006.1"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.4"
      },
      {
        "model": "big-ip psm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.13"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.12"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.5"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.9"
      },
      {
        "model": "big-ip dns hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.6.0.0"
      },
      {
        "model": "big-ip analytics build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "big-ip aam hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.32"
      },
      {
        "model": "big-ip link controller hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-iq cloud and orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.0"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.9"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "mds series multilayer switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "big-ip analytics hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-3.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.1"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.2.0"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip gtm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip ltm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "smart net total care local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.12"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.8.9"
      },
      {
        "model": "big-ip aam build 685-hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "prime performance manager sp1611",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip gtm build 685-hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "unified ip phone 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.23"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.10"
      },
      {
        "model": "big-ip ltm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "telepresence server and mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087100"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "big-ip apm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.19"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270015.5(3)"
      },
      {
        "model": "big-ip ltm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.30"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.4"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.11"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip asm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "big-ip afm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "big-ip websafe hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "digital media manager 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified workforce optimization quality management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.23"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.13"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "big-ip asm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "cloud object storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.5"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "big-ip apm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "big-ip pem hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.4"
      },
      {
        "model": "big-ip analytics hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.4"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47100"
      },
      {
        "model": "big-ip asm build 685-hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "oss support tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.15.17.3.14"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.2"
      },
      {
        "model": "big-ip pem hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "prime infrastructure plug and play standalone gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.6"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.19"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "project openssl 1.0.1u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.3"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip websafe hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4.1"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "big-ip wom hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "big-ip link controller build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.8"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip psm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5(1.89)"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "big-ip asm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip afm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.003(002)"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.31"
      },
      {
        "model": "iworkflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0"
      },
      {
        "model": "big-ip dns hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.3"
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip asm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.110.104.180"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.13"
      },
      {
        "model": "big-ip gtm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip asm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.400"
      },
      {
        "model": "big-ip apm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "big-ip afm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "prime network",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "431"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.14"
      },
      {
        "model": "big-ip analytics hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.26"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "big-ip websafe hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "telepresence system ex series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "network analysis module 6.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "big-ip ltm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "mxe series media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip afm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "ip series phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.9"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.3"
      },
      {
        "model": "big-ip pem hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "big-ip afm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip aam hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.27"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.17"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.18"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2.0.0"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "big-ip aam hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.406-3402.103"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.1.1"
      },
      {
        "model": "unified meetingplace 8.6mr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.9"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "big-ip asm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip pem hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "spa525g 5-line ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.0"
      },
      {
        "model": "secure access control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "unified ip conference phone for third-party call control 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "big-ip ltm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.6"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-iq security hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway 7.6.405h1157986",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7"
      },
      {
        "model": "big-ip apm build 685-hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip pem hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.23"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip analytics hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.15"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.2"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "big-ip websafe hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip pem hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "big-ip pem hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1.30"
      },
      {
        "model": "big-iq device hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "big-ip gtm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip afm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.13"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.402"
      },
      {
        "model": "big-ip apm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93153"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004992"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6306"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_module_for_web_scripting:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.12.16",
                "versionStartIncluding": "0.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.10.47",
                "versionStartIncluding": "0.10.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.7.0",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.6.0",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.12.0",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6306"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2016-6306",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6306",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6306",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6306",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-6306",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6306"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004992"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6306"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. Supplementary information : CWE Vulnerability type by CWE-125: Out-of-bounds Read ( Read out of bounds ) Has been identified. http://cwe.mitre.org/data/definitions/125.htmlService disruption through the manipulation of crafted certificates by third parties ( Read out of bounds ) There is a possibility of being put into a state. OpenSSL is prone to a local denial-of-service vulnerability. \nA local attacker can exploit this issue to cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2016:1940-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1940.html\nIssue date:        2016-09-27\nCVE Names:         CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 \n                   CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 \n                   CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. \n(CVE-2016-2178)\n\n* It was discovered that the Datagram TLS (DTLS) implementation could fail\nto release memory in certain cases. A malicious DTLS client could cause a\nDTLS server using OpenSSL to consume an excessive amount of memory and,\npossibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw\nto make a DTLS server using OpenSSL to reject further packets sent from a\nDTLS client over an established DTLS connection. (CVE-2016-2181)\n\n* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()\nfunction. (CVE-2016-2182)\n\n* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL\nprotocol. A man-in-the-middle attacker could use this flaw to recover some\nplaintext data by capturing large amounts of encrypted traffic between\nTLS/SSL server and client if the communication used a DES/3DES based\nciphersuite. (CVE-2016-2183)\n\nThis update mitigates the CVE-2016-2183 issue by lowering priority of DES\ncipher suites so they are not preferred over cipher suites using AES. For\ncompatibility reasons, DES cipher suites remain enabled by default and\nincluded in the set of cipher suites identified by the HIGH cipher string. \nFuture updates may move them to MEDIUM or not enable them by default. \n\n* An integer underflow flaw leading to a buffer over-read was found in the\nway OpenSSL parsed TLS session tickets. (CVE-2016-6302)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* An out of bounds read flaw was found in the way OpenSSL formatted Public\nKey Infrastructure Time-Stamp Protocol data for printing. An attacker could\npossibly cause an application using OpenSSL to crash if it printed time\nstamp data from the attacker. A remote attacker could\npossibly use these flaws to crash a TLS/SSL server or client using OpenSSL. \n(CVE-2016-6306)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2179\nhttps://access.redhat.com/security/cve/CVE-2016-2180\nhttps://access.redhat.com/security/cve/CVE-2016-2181\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.openssl.org/news/secadv/20160922.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI\nxpTW7ApBLmKhVjs49DGYouI=\n=4VgY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Additional information can be found at\n    https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/    \n\nCVE-2016-2178\n\n    Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n    leak in the DSA code. \n\nCVE-2016-2179 / CVE-2016-2181\n\n    Quan Luo and the OCAP audit team discovered denial of service\n    vulnerabilities in DTLS. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4. \n\nFor the unstable distribution (sid), these problems will be fixed soon. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 07, 2016\n     Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n           #592082, #594500, #595186\n       ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2j                  \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[  1 ] CVE-2016-2105\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[  2 ] CVE-2016-2106\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[  3 ] CVE-2016-2107\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[  4 ] CVE-2016-2108\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[  5 ] CVE-2016-2109\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[  6 ] CVE-2016-2176\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[  7 ] CVE-2016-2177\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[  8 ] CVE-2016-2178\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[  9 ] CVE-2016-2180\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n       http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. ==========================================================================\nUbuntu Security Notice USN-3087-1\nSeptember 22, 2016\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This\nissue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n\nQuan Luo discovered that OpenSSL did not properly restrict the lifetime\nof queue entries in the DTLS implementation. (CVE-2016-2181)\n\nShi Lei discovered that OpenSSL incorrectly validated division results. \n(CVE-2016-2182)\n\nKarthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\nciphers were vulnerable to birthday attacks. \n(CVE-2016-2183)\n\nShi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)\n\nShi Lei discovered that OpenSSL incorrectly performed certain message\nlength checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.4\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.20\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.37\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Description:\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-373 - Errata for httpd 2.4.29 GA RHEL 7\n\n7. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2.  OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6306"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004992"
      },
      {
        "db": "BID",
        "id": "93153"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6306"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6306",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "93153",
        "trust": 1.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10215",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1036885",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-16",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-21",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-20",
        "trust": 1.1
      },
      {
        "db": "PULSESECURE",
        "id": "SA40312",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU98667810",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004992",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6306",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138870",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148521",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148525",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138817",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140056",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138820",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148524",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169633",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6306"
      },
      {
        "db": "BID",
        "id": "93153"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004992"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6306"
      }
    ]
  },
  "id": "VAR-201609-0592",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.39275403863636366
  },
  "last_update_date": "2024-07-04T21:32:12.934000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160927-openssl",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "title": "hitachi-sec-2017-102",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-102/index.html"
      },
      {
        "title": "HPSBGN03658",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05302448"
      },
      {
        "title": "1995039",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "title": "NV17-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "Security updates for all active release lines, September 2016",
        "trust": 0.8,
        "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
      },
      {
        "title": "Fix small OOB reads.",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9"
      },
      {
        "title": "Certificate message OOB reads (CVE-2016-6306)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "title": "SUSE-SU-2016:2470",
        "trust": 0.8,
        "url": "https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Oracle Linux Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "title": "SA40312",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "title": "SA132",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "title": "TNS-2016-16",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "title": "TLSA-2016-28",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-28j.html"
      },
      {
        "title": "hitachi-sec-2017-102",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2017-102/index.html"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182187 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29  RHEL 7 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182185 - security advisory"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182186 - security advisory"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-6306"
      },
      {
        "title": "Red Hat: CVE-2016-6306",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-6306"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-755",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24"
      },
      {
        "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c"
      },
      {
        "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16"
      },
      {
        "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
      },
      {
        "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-6306 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6306"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004992"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004992"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6306"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/93153"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201612-16"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2018:2187"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2018:2186"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2018:2185"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-3087-1"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
      },
      {
        "trust": 1.1,
        "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "trust": 1.1,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036885"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-21"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-20"
      },
      {
        "trust": 1.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2016/dsa-3673"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en\u0026docid=emr_na-hpesbhf03856en_us"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/csp/article/k90492697"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-3087-2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2017/jul/31"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05302448"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6306"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98667810/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6306"
      },
      {
        "trust": 0.8,
        "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-6306"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-2182"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-6302"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991896"
      },
      {
        "trust": 0.3,
        "url": "https://support.f5.com/kb/en-us/solutions/public/k/90/sol90492697.html?sr=59127107"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009586"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1009648"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992427"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992681"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993601"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3738"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3731"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3737"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3738"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3732"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-7055"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3737"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3736"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3736"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
      },
      {
        "trust": 0.2,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3087-2/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2181"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2179"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "http://eprint.iacr.org/2016/594.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://sweet32.info)"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6306"
      },
      {
        "db": "BID",
        "id": "93153"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004992"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6306"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6306"
      },
      {
        "db": "BID",
        "id": "93153"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004992"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6306"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6306"
      },
      {
        "date": "2016-09-23T00:00:00",
        "db": "BID",
        "id": "93153"
      },
      {
        "date": "2016-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004992"
      },
      {
        "date": "2016-09-27T19:32:00",
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "date": "2018-07-12T21:45:18",
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "date": "2018-07-12T21:48:57",
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "date": "2016-09-22T22:22:00",
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "date": "2016-12-07T16:37:31",
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "date": "2016-09-22T22:25:00",
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "date": "2018-07-12T21:48:49",
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "date": "2016-09-22T12:12:12",
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "date": "2016-09-26T19:59:02.910000",
        "db": "NVD",
        "id": "CVE-2016-6306"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6306"
      },
      {
        "date": "2017-12-19T22:37:00",
        "db": "BID",
        "id": "93153"
      },
      {
        "date": "2017-07-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004992"
      },
      {
        "date": "2023-11-07T02:33:57.240000",
        "db": "NVD",
        "id": "CVE-2016-6306"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      }
    ],
    "trust": 0.4
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Denial of service in a certificate parser  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004992"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "93153"
      }
    ],
    "trust": 0.3
  }
}

var-201609-0351
Vulnerability from variot

statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. OpenSSL is prone to denial-of-service vulnerability. OpenSSL 1.1.0 is vulnerable; other versions may also be affected. OpenSSL Security Advisory [22 Sep 2016] ========================================

OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

Severity: High

A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.

Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.

OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

SSL_peek() hang on empty record (CVE-2016-6305)

Severity: Moderate

OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.

SWEET32 Mitigation (CVE-2016-2183)

Severity: Low

SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.

OOB write in MDC2_Update() (CVE-2016-6303)

Severity: Low

An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.

The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Malformed SHA512 ticket DoS (CVE-2016-6302)

Severity: Low

If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.

The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB write in BN_bn2dec() (CVE-2016-2182)

Severity: Low

The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB read in TS_OBJ_print_bio() (CVE-2016-2180)

Severity: Low

The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Pointer arithmetic undefined behaviour (CVE-2016-2177)

Severity: Low

Avoid some undefined pointer arithmetic

A common idiom in the codebase is to check limits in the following manner: "p + len > limit"

Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS message).

The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.

For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

Constant time flag not preserved in DSA signing (CVE-2016-2178)

Severity: Low

Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.

DTLS buffered message DoS (CVE-2016-2179)

Severity: Low

In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.

DTLS replay protection DoS (CVE-2016-2181)

Severity: Low

A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.

Certificate message OOB reads (CVE-2016-6306)

Severity: Low

In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.

The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)

Severity: Low

A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect DTLS users.

OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)

Severity: Low

This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.

A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect TLS users.

OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0351",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions  (linux edition )"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.4"
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0a"
      },
      {
        "model": "ix1000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "sg3600 all series"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "webex centers t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13150-13"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series blade switches 4.1 e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "stealthwatch management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.2"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router 1.2.1rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "nexus series switches standalone nx-os mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches standalone nx-os mode 7.0 i5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.9"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.8"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "telepresence sx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0.1"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8200"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "unified communications manager im \u0026 presence service (formerly c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.1.3"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0.7"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.11"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "partner support service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.8"
      },
      {
        "model": "webex meetings client on-premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6(1)"
      },
      {
        "model": "services provisioning platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "nac appliance clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "services provisioning platform sfp1.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.4"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.9"
      },
      {
        "model": "stealthwatch identity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.2"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2(1)"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.1"
      },
      {
        "model": "unified workforce optimization quality management solution 11.5 su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "universal small cell iuh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber client framework components",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings client on-premises t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dcm series d9900 digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.19"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.4"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "prime network services controller 1.01u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9.15.9.8"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.10"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103204.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.5(3)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series blade switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-376.1"
      },
      {
        "model": "jabber for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence profile series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1.0.0"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.28"
      },
      {
        "model": "edge digital media player 1.6rb5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "telepresence isdn gateway mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "wireless lan controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.3"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "telepresence mx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.23"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "tandberg codian isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.9"
      },
      {
        "model": "digital media manager 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.2"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.7"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone 10.3.1sr4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "webex meetings server multimedia platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.5"
      },
      {
        "model": "series stackable managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "aironet series access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27000"
      },
      {
        "model": "onepk all-in-one virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13006.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7.1"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11006.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "telepresence sx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5"
      },
      {
        "model": "nac appliance clean access server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.0.1"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime optical for service providers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart care",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player 1.2rb1.0.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "340"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "network performance analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.19"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82.8"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.7"
      },
      {
        "model": "telepresence integrator c series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "content security management appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.140"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "jabber client framework components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "telepresence server and mse",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087104.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "ucs series and series fabric interconnects",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "620063000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "netflow generation appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(1)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.9"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.8.15.7.15"
      },
      {
        "model": "prime infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103200"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.1"
      },
      {
        "model": "content security appliance update servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "videoscape anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.7.2"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.9"
      },
      {
        "model": "universal small cell iuh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1.1"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.4"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-326.1"
      },
      {
        "model": "unity express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.8"
      },
      {
        "model": "small business series managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10006.1"
      },
      {
        "model": "telepresence isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "series smart plus switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2200"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "telepresence system series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30006.1"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.13"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.9"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.9"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "mds series multilayer switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-3.0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.1"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart net total care local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.12"
      },
      {
        "model": "project openssl 1.1.0a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.8.9"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "prime performance manager sp1611",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "unified ip phone 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "telepresence server and mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087100"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.19"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270015.5(3)"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.11"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "digital media manager 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified workforce optimization quality management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "cloud object storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47100"
      },
      {
        "model": "oss support tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.15.17.3.14"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x0"
      },
      {
        "model": "prime infrastructure plug and play standalone gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.6"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.19"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4.1"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.8"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5(1.89)"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.003(002)"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8204.4"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.3"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "prime network",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "431"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.26"
      },
      {
        "model": "network analysis module 6.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system ex series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mxe series media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip series phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "tandberg codian mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2.0.0"
      },
      {
        "model": "unified meetingplace 8.6mr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.9"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "spa525g 5-line ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone for third-party call control 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.6"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.23"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client hosted t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1.30"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93151"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004994"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6308"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-597"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6308"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-597"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-6308",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6308",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6308",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6308",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201609-597",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-6308",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6308"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004994"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6308"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-597"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. OpenSSL is prone to denial-of-service vulnerability. \nOpenSSL 1.1.0 is vulnerable; other versions may also be affected. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2.  OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6308"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004994"
      },
      {
        "db": "BID",
        "id": "93151"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6308"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6308",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "93151",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1036885",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-16",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-21",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-20",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU98667810",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004994",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-597",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6308",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169633",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6308"
      },
      {
        "db": "BID",
        "id": "93151"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004994"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6308"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-597"
      }
    ]
  },
  "id": "VAR-201609-0351",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.3797576935714285
  },
  "last_update_date": "2023-12-18T11:14:00.515000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160927-openssl",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "title": "1995039",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "title": "NV17-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html"
      },
      {
        "title": "OpenSSL 1.1.0 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.1.0-notes.html"
      },
      {
        "title": "Excessive allocation of memory in dtls1_preprocess_fragment()",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21e"
      },
      {
        "title": "Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "SA132",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "title": "TNS-2016-16",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=64375"
      },
      {
        "title": "Red Hat: CVE-2016-6308",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-6308"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16"
      },
      {
        "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20"
      },
      {
        "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-6308 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6308"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004994"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-597"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004994"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6308"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/93151"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1036885"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-21"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-20"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21e"
      },
      {
        "trust": 0.9,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6308"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98667810/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6308"
      },
      {
        "trust": 0.8,
        "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21e"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378203"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996181"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000242"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-6308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://sweet32.info)"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6308"
      },
      {
        "db": "BID",
        "id": "93151"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004994"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6308"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-597"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6308"
      },
      {
        "db": "BID",
        "id": "93151"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004994"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6308"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-597"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6308"
      },
      {
        "date": "2016-09-23T00:00:00",
        "db": "BID",
        "id": "93151"
      },
      {
        "date": "2016-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004994"
      },
      {
        "date": "2016-09-22T12:12:12",
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "date": "2016-09-26T19:59:05.033000",
        "db": "NVD",
        "id": "CVE-2016-6308"
      },
      {
        "date": "2016-09-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-597"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6308"
      },
      {
        "date": "2017-05-02T02:06:00",
        "db": "BID",
        "id": "93151"
      },
      {
        "date": "2017-07-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004994"
      },
      {
        "date": "2023-11-07T02:33:57.450000",
        "db": "NVD",
        "id": "CVE-2016-6308"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-597"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-597"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  DTLS Implementation of  statem/statem_dtls.c Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004994"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-597"
      }
    ],
    "trust": 0.6
  }
}

var-200609-1416
Vulnerability from variot

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users.

Background

OpenSSL is an implementation of the Secure Socket Layer and Transport Layer Security protocols.

Affected packages

-------------------------------------------------------------------
 Package           /   Vulnerable   /                   Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 0.9.8e-r3 >= 0.9.8e-r3

Description

Moritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication.

Impact

A remote attacker sending a specially crafted packet to an application relying on OpenSSL could possibly execute arbitrary code with the privileges of the user running the application. A local attacker could perform a side channel attack to retrieve the RSA private keys.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8e-r3"

References

[ 1 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 2 ] CVE-2007-3108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 [ 3 ] CVE-2007-5135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200710-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDKSA-2006:172-1 http://www.mandriva.com/security/

Package : openssl Date : October 2, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0

Problem Description:

Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).

During the parsing of certain invalid ASN1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory. (CVE-2006-2937)

Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. (CVE-2006-2940)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. (CVE-2006-3738)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code. (CVE-2006-4343)

Updated packages are patched to address these issues.

Update:

There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01118771 Version: 1

HPSBMA02250 SSRT061275 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-08-01 Last Updated: 2007-08-01

Potential Security Impact: Remote execution of arbitrary code and Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified HP System Management Homepage (SMH) for Linux and Windows. These vulnerabilities could by exploited remotely resulting in the execution of arbitrary code or a Denial of Service (DoS).

References: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-4339, CVE-2006-4343

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. A more recent version is available: System Management Homepage (SMH) version 2.1.8

HP System Management Homepage for Linux (x86) version 2.1.8-177 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26864.html

HP System Management Homepage for Linux (AMD64/EM64T) version 2.1.8-177 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26866.html

HP System Management Homepage for Windows version 2.1.8-179 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26977.html

PRODUCT SPECIFIC INFORMATION

HISTORY: Version:1 (rev.1) - 1 August 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1

iQA/AwUBRrIKieAfOvwtKn1ZEQJUJACfakfLP0u32ySuj4KuXa+P2KgKODEAoIag 4otTq1h8U9Q2sa0noibOymby =jOXf -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1416",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-26000"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.10"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.9"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "networks meridian option 61c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "systems management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.168"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "x8610.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux database server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "stonebeat fullcluster for gauntlet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1050"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "networks meridian option 51c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "aironet acs350 c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3502.6"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "6000"
      },
      {
        "model": "networks cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1000"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.5"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "fuji",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "networks meridian option 81c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.4"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "networks self-service mps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5000"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5.2"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "2700"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1740"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1010"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.1"
      },
      {
        "model": "networks communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1000"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0.0x64"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.50.3.45"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-45000"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-46000"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "17500"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5000"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "ciscosecure acs appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1111"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.6"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "networks ip address domain manager",
        "scope": null,
        "trust": 0.3,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "mds 9216i",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.3"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.10.2.65"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "networks meridian option 11c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0.1"
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1700"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "ciscosecure acs for windows and unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "stonebeat fullcluster for isa server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1100"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "networks wlan access point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "7250.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with the discovery of this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "20249"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-3738",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-3738",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nSuccessfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. \n\nBackground\n==========\n\nOpenSSL is an implementation of the Secure Socket Layer and Transport\nLayer Security protocols. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package           /   Vulnerable   /                   Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl      \u003c 0.9.8e-r3                    \u003e= 0.9.8e-r3\n\nDescription\n===========\n\nMoritz Jodeit reported an off-by-one error in the\nSSL_get_shared_ciphers() function, resulting from an incomplete fix of\nCVE-2006-3738. A flaw has also been reported in the\nBN_from_montgomery() function in crypto/bn/bn_mont.c when performing\nMontgomery multiplication. \n\nImpact\n======\n\nA remote attacker sending a specially crafted packet to an application\nrelying on OpenSSL could possibly execute arbitrary code with the\nprivileges of the user running the application. A local attacker could\nperform a side channel attack to retrieve the RSA private keys. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8e-r3\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 2 ] CVE-2007-3108\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108\n  [ 3 ] CVE-2007-5135\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200710-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                       MDKSA-2006:172-1\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : openssl\n Date    : October 2, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n Dr S N Henson of the OpenSSL core team and Open Network Security\n recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). \n\n During the parsing of certain invalid ASN1 structures an error\n condition is mishandled. This can result in an infinite loop which\n consumes system memory. (CVE-2006-2937)\n\n Certain types of public key can take disproportionate amounts of time\n to process. This could be used by an attacker in a denial of service\n attack. (CVE-2006-2940)\n\n Tavis Ormandy and Will Drewry of the Google Security Team discovered a\n buffer overflow in the SSL_get_shared_ciphers utility function, used by\n some applications such as exim and mysql.  An attacker could send a\n list of ciphers that would overrun a buffer. (CVE-2006-3738)\n\n Tavis Ormandy and Will Drewry of the Google Security Team discovered a\n possible DoS in the sslv2 client code. (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01118771\nVersion: 1\n\nHPSBMA02250 SSRT061275 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-08-01\nLast Updated: 2007-08-01\n\n\nPotential Security Impact: Remote execution of arbitrary code and Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified HP System Management Homepage (SMH) for Linux and Windows. These vulnerabilities could by exploited remotely resulting in the execution of arbitrary code or a Denial of Service (DoS). \n\nReferences: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-4339, CVE-2006-4343\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \nA more recent version is available: System Management Homepage (SMH) version 2.1.8 \n\nHP System Management Homepage for Linux (x86) version 2.1.8-177 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26864.html \n\nHP System Management Homepage for Linux (AMD64/EM64T) version 2.1.8-177 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26866.html \n\nHP System Management Homepage for Windows version 2.1.8-179 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26977.html \n\nPRODUCT SPECIFIC INFORMATION \n\nHISTORY: \nVersion:1 (rev.1) - 1 August 2007 Initial Release \n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux \nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRrIKieAfOvwtKn1ZEQJUJACfakfLP0u32ySuj4KuXa+P2KgKODEAoIag\n4otTq1h8U9Q2sa0noibOymby\n=jOXf\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "59899"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      }
    ],
    "trust": 3.69
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 2.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22654",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22633",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30161",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4314",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4443",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29262",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "59899",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "59899"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "id": "VAR-200609-1416",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.346980685
  },
  "last_update_date": "2024-06-08T21:03:24.683000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.6,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/547300"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22633"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22654"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30161"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29262"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20249"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4314"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4443"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026documentoid=498093\u0026renditionid=\u0026poid=8881"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4256"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9370"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/en/support/security_advisories/2909_2006.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "/archive/1/481217"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www116.nortelnetworks.com/pub/repository/clarify/document/2006/44/021420-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5135"
      },
      {
        "trust": 0.1,
        "url": "http://enigmail.mozdev.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5135"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3108"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3108"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "59899"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "PACKETSTORM",
        "id": "59899"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20249"
      },
      {
        "date": "2007-10-09T00:39:04",
        "db": "PACKETSTORM",
        "id": "59899"
      },
      {
        "date": "2006-10-04T00:47:19",
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2011-05-09T19:52:00",
        "db": "BID",
        "id": "20249"
      },
      {
        "date": "2018-10-17T21:29:08.090000",
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20249"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "20249"
      }
    ],
    "trust": 0.3
  }
}

var-200311-0091
Vulnerability from variot

Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. Multiple vulnerabilities exist in different vendors' SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL of ASN.1 (Abstract Syntax Notation number One) Structure (ASN1_TYPE) In the interpretation part of, there is a flaw in the process of releasing the memory allocated for the structure, and there is a vulnerability that destroys the values in the stack.OpenSSL Service disruption (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----

OpenSSL Security Advisory [30 September 2003]

Vulnerabilities in ASN.1 parsing

NISCC (www.niscc.gov.uk) prepared a test suite to check the operation of SSL/TLS software when presented with a wide range of malformed client certificates.

Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code when running the test suite.

Vulnerabilities

  1. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6.

  3. Exploitation of an affected application would result in a denial of service vulnerability.

  4. This by itself is not strictly speaking a vulnerability but it does mean that all SSL/TLS servers that use OpenSSL can be attacked using vulnerabilities 1, 2 and 3 even if they don't enable client authentication.

Who is affected?

All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected.

Any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.

Recommendations

Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications statically linked to OpenSSL libraries.

References

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0545 for issue 1:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545

and CAN-2003-0543 and CAN-2003-0544 for issue 2:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544

URL for this Security Advisory: http://www.openssl.org/news/secadv_20030930.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q x4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS 3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un xjGKYbcITrM= =fFTe -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200311-0091",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 4.0,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "mandrakesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ios 12.1 e",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security ab",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "check point",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "conectiva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cray",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "guardian digital",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ingrian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "novell",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sgi",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "secure computing",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stunnel",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "tawie server linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "wirex",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.0.2.2s"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.3"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "1.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.3"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.00"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.22"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "hp-ux apache-based web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "9"
      },
      {
        "model": "gsx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.15336"
      },
      {
        "model": "esx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.05257"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.5.2"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.30"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.200"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.11"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.10"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.01"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.0"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "one web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1x86"
      },
      {
        "model": "one directory server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1"
      },
      {
        "model": "one directory server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1"
      },
      {
        "model": "one directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1"
      },
      {
        "model": "one application server ur2 standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server ur2 platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server ur1 standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server ur1 platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "cluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.1"
      },
      {
        "model": "cluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.0"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.9"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.6"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.5"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.4"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.6.3"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.6.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.5.18"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.5.17"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat high availability",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.1"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat fullcluster for isa server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "stonebeat fullcluster for gauntlet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "ssleay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssleay",
        "version": "0.9.1"
      },
      {
        "model": "ssleay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssleay",
        "version": "0.9"
      },
      {
        "model": "ssleay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssleay",
        "version": "0.8.1"
      },
      {
        "model": "ssleay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssleay",
        "version": "0.6.6"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.5"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.4"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.3"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.2"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.1"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.8"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.7"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.6"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.5"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.4"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.3"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.2"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.1"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1"
      },
      {
        "model": "communications security ssh sentinel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.4"
      },
      {
        "model": "communications security ipsec express toolkit",
        "scope": null,
        "trust": 0.3,
        "vendor": "ssh",
        "version": null
      },
      {
        "model": "os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "snapgear",
        "version": "1.8.4"
      },
      {
        "model": "gpl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "smoothwall",
        "version": "1.0"
      },
      {
        "model": "express beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "smoothwall",
        "version": "2.0"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "2.3"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "2.2.1"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.22"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.7"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.6"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.5"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "9.0"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "oracle9i application server .1s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.4"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.3"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.2"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.1"
      },
      {
        "model": "nsure audit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.0.1"
      },
      {
        "model": "netware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "netware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.0"
      },
      {
        "model": "netware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "5.1"
      },
      {
        "model": "netmail e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.1"
      },
      {
        "model": "netmail b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.0.3"
      },
      {
        "model": "netmail a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.0.3"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.0.3"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.0.1"
      },
      {
        "model": "international cryptographic infostructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.6.1"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.0.2"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.0"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.5"
      },
      {
        "model": "ichain server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.2"
      },
      {
        "model": "ichain server fp1a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.2"
      },
      {
        "model": "ichain server fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.2"
      },
      {
        "model": "ichain server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.2"
      },
      {
        "model": "groupwise webaccess sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "groupwise webaccess sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "groupwise webaccess",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "groupwise webaccess sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.0"
      },
      {
        "model": "groupwise internet agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5.1"
      },
      {
        "model": "groupwise sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "groupwise sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.0"
      },
      {
        "model": "edirectory su1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.6.2"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.5.27"
      },
      {
        "model": "edirectory a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.5.12"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.5"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.0"
      },
      {
        "model": "bordermanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.8"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.2"
      },
      {
        "model": "linux mandrake ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "8.2"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.1"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.1"
      },
      {
        "model": "networks t-series router t640",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks t-series router t320",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1.1"
      },
      {
        "model": "networks sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1"
      },
      {
        "model": "networks m-series router m5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m40e",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m160",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "rational rose",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2000"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.47"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.42.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.42"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.28"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.26"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.19"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.12.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.12.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.12.2"
      },
      {
        "model": "hp-ux aaa server a.06.01.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.22"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.20"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "wbem services for hp-ux a.01.05.05",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "isman",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "firepass",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "ssh for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.3"
      },
      {
        "model": "ssh for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.2"
      },
      {
        "model": "ssh for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.1"
      },
      {
        "model": "ssh for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.2.3"
      },
      {
        "model": "ssh for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.2.0"
      },
      {
        "model": "ssh for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.1.0"
      },
      {
        "model": "ssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.1.0"
      },
      {
        "model": "ssh for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.0.1"
      },
      {
        "model": "open software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cray",
        "version": "3.4"
      },
      {
        "model": "associates etrust security command center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "threat response",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sn storage router sn5428-3.3.2-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-3.3.1-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-3.2.2-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-3.2.1-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-2.5.1-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-2-3.3.2-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-2-3.3.1-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure policy manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "520"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "515"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios 12.2sy",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sx",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "css11000 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css secure content accelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "css secure content accelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ciscoworks wireless lan solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1105"
      },
      {
        "model": "ciscoworks hosting solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1105"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "point software vpn-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software nokia voyager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software next generation fp3 hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp3 hf1",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp3",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "3.0"
      },
      {
        "model": "firewall server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "borderware",
        "version": "7.0"
      },
      {
        "model": "coat systems security gateway os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "3.0"
      },
      {
        "model": "coat systems security gateway os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "2.0"
      },
      {
        "model": "coat systems cacheos ca/sa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.1.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.40"
      },
      {
        "model": "solaris 8 x86",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 8 sparc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 7.0 x86",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one web server sp7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp14",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one directory server sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1"
      },
      {
        "model": "one application server ur2 upgrade standard",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server ur2 upgrade platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java system web server sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "cluster",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "2.2"
      },
      {
        "model": "cluster",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "2.1"
      },
      {
        "model": "communications security ssh2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.9"
      },
      {
        "model": "communications security ssh sentinel",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.4.1"
      },
      {
        "model": "os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "snapgear",
        "version": "1.8.5"
      },
      {
        "model": "project openssl c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "nsure audit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.0.3"
      },
      {
        "model": "nsure audit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.0.2"
      },
      {
        "model": "netmail f",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.1"
      },
      {
        "model": "imanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.5"
      },
      {
        "model": "edirectory su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "hp-ux aaa server a.06.01.02.04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "wbem services for hp-ux a.01.05.07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000287"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-033"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0545"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0545"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NISCC uniras@niscc.gov.uk",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-033"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2003-0545",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2003-0545",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2003-0545",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2003-0545",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#104280",
            "trust": 0.8,
            "value": "11.81"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#732952",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#686224",
            "trust": 0.8,
            "value": "1.50"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#935264",
            "trust": 0.8,
            "value": "21.52"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#380864",
            "trust": 0.8,
            "value": "11.25"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#255484",
            "trust": 0.8,
            "value": "11.25"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200311-033",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000287"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-033"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0545"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. Multiple vulnerabilities exist in different vendors\u0027 SSL/TLS implementations.  The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages.  This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL of ASN.1 (Abstract Syntax Notation number One) Structure (ASN1_TYPE) In the interpretation part of, there is a flaw in the process of releasing the memory allocated for the structure, and there is a vulnerability that destroys the values in the stack.OpenSSL Service disruption (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----\n\nOpenSSL Security Advisory [30 September 2003]\n\nVulnerabilities in ASN.1 parsing\n================================\n\nNISCC (www.niscc.gov.uk) prepared a test suite to check the operation\nof SSL/TLS software when presented with a wide range of malformed client\ncertificates. \n\nDr Stephen Henson (steve@openssl.org) of the OpenSSL core team\nidentified and prepared fixes for a number of vulnerabilities in the\nOpenSSL ASN1 code when running the test suite. \n\nVulnerabilities\n- ---------------\n\n1. Certain ASN.1 encodings that are rejected as invalid by the parser\ncan trigger a bug in the deallocation of the corresponding data\nstructure, corrupting the stack. This can be used as a denial of service\nattack. It is currently unknown whether this can be exploited to run\nmalicious code. This issue does not affect OpenSSL 0.9.6. \n\n2. \n\n3. Exploitation of an affected\napplication would result in a denial of service vulnerability. \n\n4. This by\nitself is not strictly speaking a vulnerability but it does mean that\n*all* SSL/TLS servers that use OpenSSL can be attacked using\nvulnerabilities 1, 2 and 3 even if they don\u0027t enable client authentication. \n\nWho is affected?\n- ----------------\n\nAll versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all\nversions of SSLeay are affected. \n\nAny application that makes use of OpenSSL\u0027s ASN1 library to parse\nuntrusted data. This includes all SSL or TLS applications, those using\nS/MIME (PKCS#7) or certificate generation routines. \n\nRecommendations\n- ---------------\n\nUpgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications\nstatically linked to OpenSSL libraries. \n\nReferences\n- ----------\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0545 for issue 1:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545\n\nand CAN-2003-0543 and CAN-2003-0544 for issue 2:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20030930.txt\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q\nx4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS\n3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un\nxjGKYbcITrM=\n=fFTe\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0545"
      },
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000287"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "PACKETSTORM",
        "id": "31738"
      }
    ],
    "trust": 6.3
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#935264",
        "trust": 3.5
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0545",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "8732",
        "trust": 2.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952",
        "trust": 1.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224",
        "trust": 1.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#104280",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3900",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "22249",
        "trust": 1.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484",
        "trust": 1.1
      },
      {
        "db": "XF",
        "id": "13315",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000287",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "CA-2003-26",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:2590",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2003:292",
        "trust": 0.6
      },
      {
        "db": "DEBIAN",
        "id": "DSA-394",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-033",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "31738",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000287"
      },
      {
        "db": "PACKETSTORM",
        "id": "31738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-033"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0545"
      }
    ]
  },
  "id": "VAR-200311-0091",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2022-05-29T21:30:21.532000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20030930-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
      },
      {
        "title": "HPSBUX00290",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0310-290"
      },
      {
        "title": "HPSBUX0310-284",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0310-284"
      },
      {
        "title": "HPSBUX00288",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00891831"
      },
      {
        "title": "HPSBUX00290",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0310-290.html"
      },
      {
        "title": "HPSBUX0310-284",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0310-284.html"
      },
      {
        "title": "openssl",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/data/openssl.html"
      },
      {
        "title": "secadv_20030930",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20030930.txt"
      },
      {
        "title": "#62",
        "trust": 0.8,
        "url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
      },
      {
        "title": "#62",
        "trust": 0.8,
        "url": "http://support.oracle.co.jp/open/owa/external_krown.search_doc?c_document_id=70482"
      },
      {
        "title": "RHSA-2003:292",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2003-292.html"
      },
      {
        "title": "cisco-sa-20030930-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20030930-ssl-j.shtml"
      },
      {
        "title": "RHSA-2003:292",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-292j.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000287"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000287"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0545"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 4.8,
        "url": "http://www.ietf.org/rfc/rfc2246.txt"
      },
      {
        "trust": 4.5,
        "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
      },
      {
        "trust": 4.0,
        "url": "http://wp.netscape.com/eng/ssl3/"
      },
      {
        "trust": 4.0,
        "url": "http://www.itu.int/itu-t/studygroups/com10/languages/"
      },
      {
        "trust": 3.9,
        "url": "http://www.openssl.org/news/secadv_20030930.txt"
      },
      {
        "trust": 3.2,
        "url": "http://www.ietf.org/html.charters/pkix-charter.html"
      },
      {
        "trust": 2.7,
        "url": "http://www.cert.org/advisories/ca-2003-26.html"
      },
      {
        "trust": 2.7,
        "url": "http://www.kb.cert.org/vuls/id/935264"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/8732"
      },
      {
        "trust": 1.9,
        "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
      },
      {
        "trust": 1.6,
        "url": "http://www.redhat.com/support/errata/rhsa-2003-292.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2003/dsa-394"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/22249"
      },
      {
        "trust": 1.1,
        "url": "http://www.kb.cert.org/vuls/id/686224"
      },
      {
        "trust": 1.1,
        "url": "http://www.kb.cert.org/vuls/id/732952"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3900"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2590"
      },
      {
        "trust": 0.9,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10087450.htm"
      },
      {
        "trust": 0.8,
        "url": "http://www.uniras.gov.uk/vuls/2003/006489/tls.htm"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/pkcs/"
      },
      {
        "trust": 0.8,
        "url": "http://wp.netscape.com/eng/ssl3/draft302.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.ciac.org/ciac/bulletins/n-159.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://www.ciac.org/ciac/bulletins/o-065.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0545"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20031104-00753.xml"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/13315"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnca-2003-26"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trca-2003-26"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0545"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20031104-00753.pdf?lang=en"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/104280"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/20031001_103420.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/3900"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:2590"
      },
      {
        "trust": 0.3,
        "url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-tech.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120400.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57599"
      },
      {
        "trust": 0.3,
        "url": "http://www.info.apple.com/usen/security/security_updates.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/swupdates/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967586.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968007.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/download/esx/esx2-openssh.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967420.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967421.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.borderware.com/products/firewall.php"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967425.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967411.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967408.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967399.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/download/gsx_security.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967175.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=mdksa-2003:098"
      },
      {
        "trust": 0.3,
        "url": "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/mss-oar-e01-2004.0422.1"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967210.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967209.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967208.htm"
      },
      {
        "trust": 0.3,
        "url": "http://cirt.dk/advisories/cirt-32-advisory.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.cirt.dk/advisories/cirt-31-advisory.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/document/art/3040.html"
      },
      {
        "trust": 0.3,
        "url": "http://metalink.oracle.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.smoothwall.org/home/news/item/20031001.01.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-331.php"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2003-293.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com/support/knowledge/advisory_openssl_asn_vulnerability.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/security-alerts/"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/document/art/3041.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ssh.com/company/newsroom/article/476/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ssh.com/company/newsroom/article/477/"
      },
      {
        "trust": 0.3,
        "url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57100"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57444"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57472"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57475"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57498"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/patches/linux/security.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.tarantella.com/security/bulletin-08.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097379.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.borderware.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/255484"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/380864"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/343055"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0545"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0545"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0543"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0544"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0544"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000287"
      },
      {
        "db": "PACKETSTORM",
        "id": "31738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-033"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0545"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000287"
      },
      {
        "db": "PACKETSTORM",
        "id": "31738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-033"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0545"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "BID",
        "id": "8732"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000287"
      },
      {
        "date": "2003-09-30T16:10:22",
        "db": "PACKETSTORM",
        "id": "31738"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200311-033"
      },
      {
        "date": "2003-11-17T05:00:00",
        "db": "NVD",
        "id": "CVE-2003-0545"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-08-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "date": "2016-07-06T14:32:00",
        "db": "BID",
        "id": "8732"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000287"
      },
      {
        "date": "2005-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200311-033"
      },
      {
        "date": "2018-05-03T01:29:00",
        "db": "NVD",
        "id": "CVE-2003-0545"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-033"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in SSL/TLS implementations",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-033"
      }
    ],
    "trust": 0.6
  }
}

var-201406-0137
Vulnerability from variot

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DTLS packets. The issue lies in the assumption that all fragments specify the same message size. An attacker could leverage this vulnerability to execute code in the context of the process using OpenSSL. The following are vulnerable: OpenSSL 0.9.8 prior to 0.9.8za OpenSSL 1.0.0 prior to 1.0.0m OpenSSL 1.0.1 prior to 1.0.1h. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications.

We apologize for the inconvenience. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. (CVE-2014-0224) Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.21

After a standard system update you need to reboot your computer to make all the necessary changes.

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).

The updated packages have been upgraded to the 1.0.0m version where these security flaws has been fixed.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://www.openssl.org/news/secadv_20140605.txt

Updated Packages:

Mandriva Business Server 1/X86_64: 857d06ddc6423ad124b23eb760459033 mbs1/x86_64/lib64openssl1.0.0-1.0.0m-1.mbs1.x86_64.rpm d7436f2f95df5c1d64d44a745f125bd8 mbs1/x86_64/lib64openssl-devel-1.0.0m-1.mbs1.x86_64.rpm 67f6cd6da42f01fb2f6054a2f96872af mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0m-1.mbs1.x86_64.rpm 5d7c5712c1ce70a2dd2596e803bc7004 mbs1/x86_64/lib64openssl-static-devel-1.0.0m-1.mbs1.x86_64.rpm 9866e03e1c112b0c4cb5587b142cfa63 mbs1/x86_64/openssl-1.0.0m-1.mbs1.x86_64.rpm 9ac714afa9a9b30419f2f1f5c9ec4e48 mbs1/SRPMS/openssl-1.0.0m-1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTlcuxmqjQ0CJFipgRAtEQAJsEeYwuETVPTeadp+pdK9wJfQqgOgCfXDif 30xyBHFmHJa6MS/00iqN2aY= =9sdw -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04355095

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04355095 Version: 1

HPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows running OpenSSL, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-08-08 Last Updated: 2014-08-08

Potential Security Impact: Remote denial of service (DoS), code execution, unauthorized access, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information.

HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. This bulletin provides the information needed to update the HP Insight Control server deployment solution.

Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware

References:

CVE-2010-5298 Remote Denial of Service CVE-2014-0076 Unauthorized Disclosure of Information CVE-2014-0195 Remote Unauthorized Access CVE-2014-0198 Remote Denial of Service CVE-2014-0221 Remote Denial of Service (DoS) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101628

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following updates to v7.3.1 of HP Insight Control server deployment to resolve this vulnerability. HP has provided manual update steps if a version upgrade is not possible; if users wish to remain at v7.1.2, v7.2.0, or v7.2.1.

Note: It is important to check your current running version of HP Insight Control server deployment and to follow the correct steps listed below. For HP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and follow the steps below to remove the vulnerability. The vulnerability known as Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server deployment v7.3.1. That Security Bulletin with instructions on how to upgrade to v7.3.1 can be found here:

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n a-c04267749

HP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should take the following steps to remove this vulnerability.

Delete the files smhamd64-.exe/smhx86-.exe" from Component Copy Location listed in the following table, rows 1 and 2. Delete the files "vcax86-.exe/vcaamd64-.exe from Component Copy Location listed in the following table, rows 3 and 4. Delete the files hpsmh-7.*.rpm" from Component Copy Location listed in row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location specified in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location

1 http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba smhamd64-ccp023716.exe \express\hpfeatures\hpagents-ws\components\Win2008

2 http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05 smhx86-cp023715.exe \express\hpfeatures\hpagents-ws\components\Win2008

3 http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13 vcax86-cp023742.exe \express\hpfeatures\hpagents-ws\components\Win2008

4 http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2 vcaamd64-cp023743.exe \express\hpfeatures\hpagents-ws\components\Win2008

5 http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components \express\hpfeatures\hpagents-sles10-x64\components \express\hpfeatures\hpagents-rhel5-x64\components \express\hpfeatures\hpagents-rhel6-x64\components

Download and extract the HPSUM 5.3.6 component from ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793

Copy all content from extracted ZIP folder and paste into \eXpress\hpfeatures\fw-proLiant\components Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 on targets running Windows.

HP Insight Control server deployment users with v7.2.2:

Please upgrade to Insight Control server deployment v7.3.1 and follow the steps below for v7.3.1.

HP Insight Control server deployment users with v7.3.1:

Perform steps 1 - 4 as outlined above for users with HP Insight Control server deployment v7.1.2, v7.2.0, and v7.2.1. Download the HP SUM ZIP file from http://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f

Extract the contents from the HP SUM ZIP file to \eXpress\hpfeatures\fw-proLiant\components location on the Insight Control server deployment server

Related security bulletins:

For System Management Homepage please see Security bulletin HPSBMU03051 https ://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04 345210

For HP Version Control Agent please see Security bulletin HPSBMU03057 https:/ /h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434 9897

HISTORY Version:1 (rev.1) - 8 August 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlPk9ewACgkQ4B86/C0qfVn1/gCfR2U/mZZXYwPms9ptZcBTua/5 MoQAn1qlQ3kmLRs7YFN5GzwBTRfSK5Go =r0qe -----END PGP SIGNATURE----- .

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1"

References

[ 1 ] CVE-2010-5298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298 [ 2 ] CVE-2014-0195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195 [ 3 ] CVE-2014-0198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198 [ 4 ] CVE-2014-0221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221 [ 5 ] CVE-2014-0224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224 [ 6 ] CVE-2014-3470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470 [ 7 ] OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201407-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . Summary

VMware product updates address OpenSSL security vulnerabilities.

  1. Problem Description

a. 

  OpenSSL libraries have been updated in multiple products to
  versions 0.9.8za and 1.0.1h in order to resolve multiple security
  issues.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)

  has assigned the names CVE-2014-0224, CVE-2014-0198, 
  CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to
  these issues. The most important of these issues is 
  CVE-2014-0224.

  CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to
  be of moderate severity. Exploitation is highly unlikely or is
  mitigated due to the application configuration.

  CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL 
  Security Advisory (see Reference section below), do not affect
  any VMware products. For readability
  the affected products have been split into 3 tables below, 
  based on the different client-server configurations and
  deployment scenarios. Applying these patches to 
  affected servers will mitigate the affected clients (See Table 1
  below).

  Clients that communicate over untrusted networks such as public
  Wi-Fi and communicate to a server running a vulnerable version of 
  OpenSSL 1.0.1. can be mitigated by using a secure network such as 
  VPN (see Table 2 below).

  Clients and servers that are deployed on an isolated network are
  less exposed to CVE-2014-0224 (see Table 3 below). The affected
  products are typically deployed to communicate over the
  management network.

  RECOMMENDATIONS

  VMware recommends customers evaluate and deploy patches for
  affected Servers in Table 1 below as these patches become
  available. Patching these servers will remove the ability to
  exploit the vulnerability described in CVE-2014-0224 on both
  clients and servers. VMware recommends customers consider 
  applying patches to products listed in Table 2 & 3 as required.

  Column 4 of the following tables lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

  VMware                          Product  Running   Replace with/
  Product                         Version  on        Apply Patch 
  ==============                  =======  =======   =============
  ESXi                            5.5       ESXi     ESXi550-
                                                     201406401-SG

  Big Data Extensions             1.1                patch pending 
  Charge Back Manager             2.6                patch pending

  Horizon Workspace Server 
  GATEWAY                         1.8.1              patch pending 
  Horizon Workspace Server 
  GATEWAY                         1.5                patch pending

  Horizon Workspace Server 
  DATA                            1.8.1              patch pending

  Horizon Mirage Edge Gateway     4.4.2              patch pending 
  Horizon View                    5.3.1              patch pending

  Horizon View Feature Pack       5.3 SP2            patch pending

  NSX for Multi-Hypervisor        4.1.2              patch pending 
  NSX for Multi-Hypervisor        4.0.3              patch pending 
  NSX for vSphere                 6.0.4              patch pending 
  NVP                             3.2.2              patch pending 
  vCAC                            6.0.1              patch pending

  vCloud Networking and Security  5.5.2          patch pending 
  vCloud Networking and Security  5.1.2          patch pending

  vFabric Web Server              5.3.4              patch pending

  vCHS - DPS-Data Protection      2.0                patch pending 
  Service

  Table 2
  ========
  Affected clients running a vulnerable version of OpenSSL 0.9.8 
  or 1.0.1 and communicating over an untrusted network.

  VMware                          Product  Running   Replace with/
  Product                         Version  on        Apply Patch 
  ==============                  =======  =======   =============
  vCSA                            5.5                patch pending 
  vCSA                            5.1                patch pending 
  vCSA                            5.0                patch pending


  ESXi                            5.1       ESXi     patch pending 
  ESXi                            5.0       ESXi     patch pending

  Workstation                     10.0.2    any      patch pending 
  Workstation                     9.0.3     any      patch pending 
  Fusion                          6.x       OSX      patch pending 
  Fusion                          5.x       OSX      patch pending 
  Player                          10.0.2    any      patch pending 
  Player                          9.0.3     any      patch pending

  Chargeback Manager              2.5.x              patch pending

  Horizon Workspace Client for    1.8.1    OSX       patch pending 
  Mac
  Horizon Workspace Client for    1.5      OSX       patch pending 
  Mac
  Horizon Workspace Client for    1.8.1    Windows   patch pending 
  Windows       
  Horizon Workspace Client for    1.5      Windows   patch pending

  OVF Tool                        3.5.1              patch pending 
  OVF Tool                        3.0.1              patch pending

  vCenter Operations Manager      5.8.1              patch pending

  vCenter Support Assistant       5.5.0              patch pending 
  vCenter Support Assistant       5.5.1              patch pending

  vCD                             5.1.2              patch pending    
  vCD                             5.1.3              patch pending 
  vCD                             5.5.1.1            patch pending 
  vCenter Site Recovery Manager   5.0.3.1            patch pending

  Table 3
  =======
  The following table lists all affected clients running a
  vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating
  over an untrusted network.

  VMware                          Product  Running   Replace with/
  Product                         Version  on        Apply Patch 
  ==============                  =======  =======   =============
  vCenter Server                  5.5       any      patch pending
  vCenter Server                  5.1       any      patch pending
  vCenter Server                  5.0       any      patch pending

  Update Manager                  5.5       Windows  patch pending
  Update Manager                  5.1       Windows  patch pending
  Update Manager                  5.0       Windows  patch pending

  Config Manager (VCM)            5.6                patch pending

  Horizon View Client             5.3.1              patch pending 
  Horizon View Client             4.x                patch pending
  Horizon Workspace               1.8.1              patch pending 
  Horizon Workspace               1.5                patch pending


  ITBM Standard                   1.0.1              patch pending 
  ITBM Standard                   1.0                patch pending

  Studio                          2.6.0.0            patch pending

  Usage Meter                     3.3                patch pending 
  vCenter Chargeback Manager      2.6                patch pending 
  vCenter Converter Standalone    5.5                patch pending 
  vCenter Converter Standalone    5.1                patch pending 
  vCD (VCHS)                      5.6.2              patch pending

  vCenter Site Recovery Manager   5.5.1              patch pending 
  vCenter Site Recovery Manager   5.1.1              patch pending

  vFabric Application Director    5.2.0              patch pending 
  vFabric Application Director    5.0.0              patch pending 
  View Client                     5.3.1              patch pending 
  View Client                     4.x                patch pending
  VIX API                         5.5                patch pending 
  VIX API                         1.12               patch pending

  vMA (Management Assistant)      5.1.0.1            patch pending


  VMware Data Recovery            2.0.3              patch pending

  VMware vSphere CLI              5.5                patch pending

  vSphere Replication             5.5.1              patch pending 
  vSphere Replication             5.6                patch pending 
  vSphere SDK for Perl            5.5                patch pending 
  vSphere Storage Appliance       5.5.1              patch pending 
  vSphere Storage Appliance       5.1.3              patch pending 
  vSphere Support Assistant       5.5.1              patch pending 
  vSphere Support Assistant       5.5.0              patch pending
  vSphere Virtual Disk            5.5                patch pending 
  Development Kit                  
  vSphere Virtual Disk            5.1                patch pending 
  Development Kit
  vSphere Virtual Disk            5.0                patch pending 
  Development Kit
  1. Solution

ESXi 5.5

Download: https://www.vmware.com/patchmgr/download.portal

Release Notes and Remediation Instructions: http://kb.vmware.com/kb/2077359

  1. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

https://www.openssl.org/news/secadv_20140605.txt

  1. Change Log

2014-06-10 VMSA-2014-0006 Initial security advisory in conjunction with the release of ESXi 5.5 updates on 2014-06-10

  1. Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html

Twitter https://twitter.com/VMwareSRC

Copyright 2014 VMware Inc. All rights reserved. The updates are available from the following location using ftp:

ftp://srt03046:Secure12@ftp.usa.hp.com

User name: srt03046 Password: Secure12 ( NOTE: Case sensitive)

HP-UX Release HP-UX OpenSSL version

B.11.11 (11i v1) A.00.09.08za.001_HP-UX_B.11.11_32+64.depot

B.11.23 (11i v2) A.00.09.08za.002_HP-UX_B.11.23_IA-PA.depot

B.11.31 (11i v3) A.00.09.08za.003_HP-UX_B.11.31_IA-PA.depot

MANUAL ACTIONS: Yes - Update

Install OpenSSL A.00.09.08za or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant. OpenSSL Security Advisory [05 Jun 2014]

SSL/TLS MITM vulnerability (CVE-2014-0224)

An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.

The attack can only be performed between a vulnerable client and server. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC.

The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi.

DTLS recursion flaw (CVE-2014-0221)

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.

Only applications using OpenSSL as a DTLS client are affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This issue was reported to OpenSSL on 9th May 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

DTLS invalid fragment vulnerability (CVE-2014-0195)

A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server.

Only applications using OpenSSL as a DTLS client or server affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Thanks to Jüri Aedla for reporting this issue. This issue was reported to OpenSSL on 23rd April 2014 via HP ZDI.

The fix was developed by Stephen Henson of the OpenSSL core team.

SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)

A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public. The fix was developed by Matt Caswell of the OpenSSL development team.

SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)

A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public.

Anonymous ECDH denial of service (CVE-2014-3470)

OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.

OpenSSL 0.9.8 users should upgrade to 0.9.8za OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.

Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this issue. This issue was reported to OpenSSL on 28th May 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

Other issues

OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g.

References

URL for this Security Advisory: http://www.openssl.org/news/secadv_20140605.txt

Note: the online version of the advisory may be updated with additional details over time.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures:

Red Hat Storage Server 2.1 - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. (CVE-2014-0195)

Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)

Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

  1. Package List:

Red Hat Storage Server 2.1:

Source: openssl-1.0.1e-16.el6_5.14.src.rpm

x86_64: openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201406-0137",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8za"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "19"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "mariadb",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mariadb",
        "version": "10.0.13"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "20"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "mariadb",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mariadb",
        "version": "10.0.0"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.2"
      },
      {
        "model": "bladecenter advanced management module 3.66e",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "3.0 (ibm pureapplication system and  xen)"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "3.0 (vmware)"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "patient hub 10.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "provider hub 10.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "standard/advanced edition 11.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "standard/advanced edition 11.3"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "patient hub 9.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "patient hub 9.7"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "provider hub 9.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "provider hub 9.7"
      },
      {
        "model": "sdk,",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "for node.js 1.1.0.3"
      },
      {
        "model": "smartcloud orchestrator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "smartcloud orchestrator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "2.3 fp1"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "2.1 for ibm provided software virtual appliance"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "2.3 fp1"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "4.1.1 (linux-ix86 and  linux-s390)"
      },
      {
        "model": "tivoli workload scheduler",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "distributed 8.4.0 fp07"
      },
      {
        "model": "tivoli workload scheduler",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "distributed 8.5.0 fp04"
      },
      {
        "model": "tivoli workload scheduler",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "distributed 8.5.1 fp05"
      },
      {
        "model": "tivoli workload scheduler",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "distributed 8.6.0 fp03"
      },
      {
        "model": "tivoli workload scheduler",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "distributed 9.1.0 fp01"
      },
      {
        "model": "tivoli workload scheduler",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "distributed 9.2.0 ga level"
      },
      {
        "model": "tivoli composite application manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "for transactions 7.2"
      },
      {
        "model": "tivoli composite application manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "for transactions 7.3"
      },
      {
        "model": "tivoli composite application manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "for transactions 7.4"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8 thats all  0.9.8za"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0 thats all  1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1 thats all  1.0.1h"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.7.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9 to  10.9.4"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.7.5"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.63"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.71"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.0"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "3.2.24"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "4.0.26"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "4.1.34"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "4.2.26"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "4.3.14"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "storage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "l20/300",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "lto6 drive",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "lx/30a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "integrated system ha database ready",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "symfoware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "analytics server"
      },
      {
        "model": "symfoware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "server"
      },
      {
        "model": "openssl",
        "scope": null,
        "trust": 0.7,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.14"
      },
      {
        "model": "security enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "policy center v100r003c00spc305",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "10.0-beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.20.5.0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "documentum content server p06",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "chrome for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.141"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip pem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "9.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "ip video phone e20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.2.6"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "ios software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mate products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "isoc v200r001c00spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.9"
      },
      {
        "model": "10.0-release-p5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "small business isa500 series integrated security appliances",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.28"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "56000"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.3"
      },
      {
        "model": "dsr-500n 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "big-ip analytics",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "9.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "messaging secure gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.5"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "video surveillance series ip camera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip link controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "idp 4.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortios b0537",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "8.4-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77009.7"
      },
      {
        "model": "9.1-release-p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "usg9500 usg9500 v300r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "spa510 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "espace u19** v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "uma v200r001c00spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "idp 4.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.5"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "usg9500 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "vpn client v100r001c02spc702",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "big-ip pem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "uma v200r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "oceanstor s6800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0"
      },
      {
        "model": "isoc v200r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "enterprise linux server eus 6.5.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "release-p4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "manageone v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "eupp v100r001c10spc002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "prime performance manager for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed ga level",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.0-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "9.1-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "s7700\u0026s9700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.6"
      },
      {
        "model": "prime access registrar appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "stunnel",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.02"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "flex system fc5022",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "s3900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "unified communications widgets click to call",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agile controller v100r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace usm v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "softco v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5500t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence t series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5"
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.1--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smart update manager for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3.5"
      },
      {
        "model": "mds switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip gtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.1"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "documentum content server p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "wag310g wireless-g adsl2+ gateway with voip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.4"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.2"
      },
      {
        "model": "nexus switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "31640"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.2"
      },
      {
        "model": "fastsetup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "unified wireless ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "29200"
      },
      {
        "model": "messagesight server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "fusionsphere v100r003c10spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "smc2.0 v100r002c01b025sp07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "s2700\u0026s3700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "espace cc v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ida pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hex ray",
        "version": "6.5"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "protection service for email",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "jabber for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-3"
      },
      {
        "model": "usg5000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.2"
      },
      {
        "model": "9.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "big-ip psm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "isoc v200r001c01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "operations analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.02007"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "esight-ewl v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c91",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.4"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "asg2000 v100r001c10sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "manageone v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.1-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "smart call home",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "s7700\u0026s9700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "oic v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "s6900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "icewall sso dfw certd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip afm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "vsm v200r002c00spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "ecns610 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "ucs b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "documentum content server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025308"
      },
      {
        "model": "big-ip gtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.4"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.99"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.4"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.9"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "8.4-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "s5900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "documentum content server p05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "oceanstor s6800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9"
      },
      {
        "model": "fortios build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0589"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0"
      },
      {
        "model": "documentum content server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "jabber im for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "snapdrive for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77109.7"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "small cell factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "quantum policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.0-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "manageone v100r002c10 spc320",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "svn2200 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5.2.3"
      },
      {
        "model": "messagesight server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "safe profile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "0"
      },
      {
        "model": "espace vtm v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.2-rc2-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "9.2-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "advanced settings utility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "9.1-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "spa525 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "automation stratix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "590015.6.3"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "advanced settings utility",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "eupp v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "nexus series fabric extenders",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.0"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "intelligencecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.2"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.2"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "telepresence mxp series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "documentum content server p02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "espace u2980 v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "uma-db v2r1coospc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security information and event management hf6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.2-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence exchange system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "usg9300 usg9300 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s12700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.12"
      },
      {
        "model": "desktop collaboration experience dx650",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "8.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "automation stratix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "59000"
      },
      {
        "model": "oncommand unified manager core package 5.2.1p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "oceanstor s2200t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7600-"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.3"
      },
      {
        "model": "espace u2990 v200r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "9.1-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02spc800",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "dsr-1000n rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "open source security information management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.10"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "svn5500 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "telepresence ip gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1"
      },
      {
        "model": "open systems snapvault 3.0.1p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.2.0.1055"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "key",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "0"
      },
      {
        "model": "tivoli netcool/system service monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "jabber voice for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "usg5000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "idp 4.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.9"
      },
      {
        "model": "big-ip apm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "9.3-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.1"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.00"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7700"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.4"
      },
      {
        "model": "cc v200r001c31",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "s12700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s5900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "xenmobile app controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "2.10"
      },
      {
        "model": "8.4-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.10648"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "xenmobile app controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "2.9"
      },
      {
        "model": "esight v2r3c10spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5500t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "isoc v200r001c02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.4"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "security information and event management hf3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1.4"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.6"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "10.0-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "icewall sso dfw r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "documentum content server sp2 p13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "big-ip afm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "messaging secure gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.1"
      },
      {
        "model": "s3900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "anyoffice emm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "2.6.0601.0090"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0"
      },
      {
        "model": "ddos secure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.14.1-1"
      },
      {
        "model": "9.3-beta1-p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7.0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.12"
      },
      {
        "model": "vsm v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "powervu d9190 comditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1.1"
      },
      {
        "model": "10.0-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "usg9500 usg9500 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "softco v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "documentum content server sp2 p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2700\u0026s3700 v100r006c05+v100r06h",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s6800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "big-ip psm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "ecns600 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "telepresence mcu series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "jabber voice for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asg2000 v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "idp 5.1r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "9.3-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "oic v100r001c00spc402",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "s7700\u0026s9700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "nac manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smc2.0 v100r002c01b017sp17",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.6"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "9.2-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.8"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.5"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.7"
      },
      {
        "model": "8.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "dsr-1000 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.13"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.4"
      },
      {
        "model": "big-ip afm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "vtm v100r001c30",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "logcenter v200r003c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5500t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "dynamic system analysis",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.2.0.9"
      },
      {
        "model": "puredata system for operational analytics a1791",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "usg2000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "dsm v100r002c05spc615",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "espace u2980 v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "big-ip apm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.6"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s7700\u0026s9700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ecns600 v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "8.4-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "icewall sso certd r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "oceanstor s2600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u19** v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.20"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.5"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "oceanstor s5600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "9.2-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "ace application control engine module ace20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.2"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "psb email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "10.00"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0.1880"
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c09",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.3"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.10"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0.2354"
      },
      {
        "model": "agent desktop for cisco unified contact center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "toolscenter suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.53"
      },
      {
        "model": "8.4-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence ip vcr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "unified communications series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "8.4-release-p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "netcool/system service monitor fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.014"
      },
      {
        "model": "hyperdp v200r001c91spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.1"
      },
      {
        "model": "unified attendant console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "dsr-500 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "s3900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "documentum content server sp1 p26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "9.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "security information and event management hf11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3.2"
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.3"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "eupp v100r001c01spc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ace application control engine module ace10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "ecns600 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "oceanstor s2600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.12"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "manageone v100r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463011.5"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "ave2000 v100r001c00sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security information and event management ga",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4.0"
      },
      {
        "model": "svn2200 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "8.4-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "esight-ewl v300r001c10spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ave2000 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "usg9500 v300r001c01spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "fortios b064",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-1"
      },
      {
        "model": "documentum content server sp2 p15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "usg9500 v300r001c20sph102",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "9.2-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "big-ip link controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "asa cx context-aware security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "10.0-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.13"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "unified im and presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "8.4-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "usg9300 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "elog v100r003c01spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "8.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "anyoffice v200r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.5"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.6"
      },
      {
        "model": "vpn client v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "metro ethernet series access devices",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12000"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "s5900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "13.10"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s6900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ecns610 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.0.0"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "9.2-release-p8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fusionsphere v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "usg9500 usg9500 v300r001c20",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tsm v100r002c07spc219",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u2990 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip pem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "prime infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "protection service for email",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.5"
      },
      {
        "model": "espace iad v300r002c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "ace application control engine appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.1-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "documentum content server sp1 p28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.01"
      },
      {
        "model": "oceanstor s5600t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace iad v300r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "oceanstor s6800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "manageone v100r001c02 spc901",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2"
      },
      {
        "model": "9.2-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-2"
      },
      {
        "model": "tivoli network manager ip edition fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.94"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "oceanstor s2600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "dsr-500n rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "11.00"
      },
      {
        "model": "oceanstor s5800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "psb email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "9.20"
      },
      {
        "model": "isoc v200r001c02spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "ios xr software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "9.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "ons series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154000"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nip2000\u00265000 v100r002c10spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hyperdp v200r001c09spc501",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "icewall sso dfw r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.1-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.1-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.166"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "eupp v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "toolscenter suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "dsr-500 rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.3"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.2"
      },
      {
        "model": "policy center v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13100"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.4"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9900"
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "oceanstor s5800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "usg2000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart update manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4.1"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "10.0-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.92743"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69000"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "oceanstor s5600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "10.0-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.7"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "jabber video for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tssc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.15"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.2"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.59"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "operations analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "8.4-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex connect client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "9.1-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "elog v100r003c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security module for cisco network registar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "cognos planning fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.2.0"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "10.00"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "softco v200r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "9.2-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "big-ip gtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "s6900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "svn5500 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.1"
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "9.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.4-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "agent desktop for cisco unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "cms r17ac.h",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "agile controller v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "nip2000\u00265000 v100r002c10hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "oceanstor s5800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5500t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "css series content services switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "115000"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.10"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smc2.0 v100r002c01b017sp16",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.10"
      },
      {
        "model": "espace iad v300r001c07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "dynamic system analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "s7700\u0026s9700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "9.2-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.6"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "freedome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "0"
      },
      {
        "model": "fortios b0630",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "physical access gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "dsr-1000 rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "session border controller enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "s7700\u0026s9700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "dsr-1000n 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89410"
      },
      {
        "model": "9.3-beta1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "isoc v200r001c01spc101",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "documentum content server sp2 p16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "oceanstor s2200t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "espace usm v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "icewall sso dfw r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-173"
      },
      {
        "db": "BID",
        "id": "67900"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002765"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0195"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.0m",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.1h",
                "versionStartIncluding": "1.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.8za",
                "versionStartIncluding": "0.9.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.13",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0195"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "J\u00fcri Aedla",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-173"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2014-0195",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-0195",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-0195",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-0195",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "ZDI",
            "id": "CVE-2014-0195",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-0195",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-173"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002765"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0195"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DTLS packets.  The issue lies in the assumption that all fragments specify the same message size.  An attacker could leverage this vulnerability to execute code in the context of the process using OpenSSL. \nThe following are vulnerable:\nOpenSSL 0.9.8 prior to 0.9.8za\nOpenSSL 1.0.0 prior to 1.0.0m\nOpenSSL 1.0.1 prior to 1.0.1h. One of the patch backports for\nUbuntu 10.04 LTS caused a regression for certain applications. \n\nWe apologize for the inconvenience. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\n Ubuntu 14.04 LTS. (CVE-2014-0195)\n  Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. \n (CVE-2014-0224)\n  Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled\n anonymous ECDH ciphersuites. This issue only\n affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. \n (CVE-2014-3470)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.21\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The updated packages have been upgraded to the 1.0.0m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://www.openssl.org/news/secadv_20140605.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 857d06ddc6423ad124b23eb760459033  mbs1/x86_64/lib64openssl1.0.0-1.0.0m-1.mbs1.x86_64.rpm\n d7436f2f95df5c1d64d44a745f125bd8  mbs1/x86_64/lib64openssl-devel-1.0.0m-1.mbs1.x86_64.rpm\n 67f6cd6da42f01fb2f6054a2f96872af  mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0m-1.mbs1.x86_64.rpm\n 5d7c5712c1ce70a2dd2596e803bc7004  mbs1/x86_64/lib64openssl-static-devel-1.0.0m-1.mbs1.x86_64.rpm\n 9866e03e1c112b0c4cb5587b142cfa63  mbs1/x86_64/openssl-1.0.0m-1.mbs1.x86_64.rpm \n 9ac714afa9a9b30419f2f1f5c9ec4e48  mbs1/SRPMS/openssl-1.0.0m-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFTlcuxmqjQ0CJFipgRAtEQAJsEeYwuETVPTeadp+pdK9wJfQqgOgCfXDif\n30xyBHFmHJa6MS/00iqN2aY=\n=9sdw\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04355095\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04355095\nVersion: 1\n\nHPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows\nrunning OpenSSL, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-08-08\nLast Updated: 2014-08-08\n\nPotential Security Impact: Remote denial of service (DoS), code execution,\nunauthorized access, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH), HP Smart Update Manager (SUM), and HP Version\nControl Agent (VCA) running on Linux and Windows. These components of HP\nInsight Control server deployment could be exploited remotely resulting in\ndenial of service (DoS), code execution, unauthorized access, or disclosure\nof information. \n\nHP Insight Control server deployment packages HP System Management Homepage\n(SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM)\nand deploys them through the following components. This bulletin provides the\ninformation needed to update the HP Insight Control server deployment\nsolution. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\nUpgrade Proliant Firmware\n\nReferences:\n\nCVE-2010-5298 Remote Denial of Service\nCVE-2014-0076 Unauthorized Disclosure of Information\nCVE-2014-0195 Remote Unauthorized Access\nCVE-2014-0198 Remote Denial of Service\nCVE-2014-0221 Remote Denial of Service (DoS)\nCVE-2014-0224 Remote Unauthorized Access or Disclosure of Information\nCVE-2014-3470 Remote Code Execution or Unauthorized Access\nSSRT101628\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5298    (AV:N/AC:H/Au:N/C:N/I:P/A:P)       4.0\nCVE-2014-0076    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-0195    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-0198    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0221    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0224    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-3470    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to v7.3.1 of HP Insight Control server\ndeployment to resolve this vulnerability. HP has provided manual update steps\nif a version upgrade is not possible; if users wish to remain at v7.1.2,\nv7.2.0, or v7.2.1. \n\nNote: It is important to check your current running version of HP Insight\nControl server deployment and to follow the correct steps listed below. For\nHP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and\nfollow the steps below to remove the vulnerability. The vulnerability known\nas Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server\ndeployment v7.3.1. That Security Bulletin with instructions on how to upgrade\nto v7.3.1 can be found here:\n\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n\na-c04267749\n\nHP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should\ntake the following steps to remove this vulnerability. \n\nDelete the files smhamd64-*.exe/smhx86-*.exe\" from Component Copy Location\nlisted in the following table, rows 1 and 2. \nDelete the files \"vcax86-*.exe/vcaamd64-*.exe from Component Copy Location\nlisted in the following table, rows 3 and 4. \nDelete the files hpsmh-7.*.rpm\" from Component Copy Location listed in row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nspecified in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba\n smhamd64-ccp023716.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n2\n http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05\n smhx86-cp023715.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n3\n http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13\n vcax86-cp023742.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2\n vcaamd64-cp023743.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\nDownload and extract the HPSUM 5.3.6 component from\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793\n\nCopy all content from extracted ZIP folder and paste into\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components\nInitiate Install HP Management Agents for SLES 11 x64 on targets running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on targets running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL\n6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL\n5 x64. \nInitiate Install HP Management Agents for Windows x86/x64 on targets running\nWindows. \n\nHP Insight Control server deployment users with v7.2.2:\n\nPlease upgrade to Insight Control server deployment v7.3.1 and follow the\nsteps below for v7.3.1. \n\nHP Insight Control server deployment users with v7.3.1:\n\nPerform steps 1 - 4 as outlined above for users with HP Insight Control\nserver deployment v7.1.2, v7.2.0, and v7.2.1. \nDownload the HP SUM ZIP file from\nhttp://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f\n\nExtract the contents from the HP SUM ZIP file to\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components location on the Insight Control\nserver deployment server\n\nRelated security bulletins:\n\nFor System Management Homepage please see Security bulletin HPSBMU03051 https\n://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04\n345210\n\nFor HP Version Control Agent please see Security bulletin HPSBMU03057 https:/\n/h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434\n9897\n\nHISTORY\nVersion:1 (rev.1) - 8 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlPk9ewACgkQ4B86/C0qfVn1/gCfR2U/mZZXYwPms9ptZcBTua/5\nMoQAn1qlQ3kmLRs7YFN5GzwBTRfSK5Go\n=r0qe\n-----END PGP SIGNATURE-----\n. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1h-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-5298\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298\n[ 2 ] CVE-2014-0195\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195\n[ 3 ] CVE-2014-0198\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198\n[ 4 ] CVE-2014-0221\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221\n[ 5 ] CVE-2014-0224\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224\n[ 6 ] CVE-2014-3470\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470\n[ 7 ] OpenSSL Security Advisory [05 Jun 2014]\n      http://www.openssl.org/news/secadv_20140605.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201407-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Summary\n\n   VMware product updates address OpenSSL security vulnerabilities. \n\n2. Problem Description\n\n   a. \n\n      OpenSSL libraries have been updated in multiple products to\n      versions 0.9.8za and 1.0.1h in order to resolve multiple security\n      issues. \n \n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n\n      has assigned the names CVE-2014-0224, CVE-2014-0198, \n      CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to\n      these issues. The most important of these issues is \n      CVE-2014-0224. \n\n      CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to\n      be of moderate severity. Exploitation is highly unlikely or is\n      mitigated due to the application configuration. \n\n      CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL \n      Security Advisory (see Reference section below), do not affect\n      any VMware products. For readability\n      the affected products have been split into 3 tables below, \n      based on the different client-server configurations and\n      deployment scenarios. Applying these patches to \n      affected servers will mitigate the affected clients (See Table 1\n      below). \n\n      Clients that communicate over untrusted networks such as public\n      Wi-Fi and communicate to a server running a vulnerable version of \n      OpenSSL 1.0.1. can be mitigated by using a secure network such as \n      VPN (see Table 2 below). \n      \n      Clients and servers that are deployed on an isolated network are\n      less exposed to CVE-2014-0224 (see Table 3 below). The affected\n      products are typically deployed to communicate over the\n      management network. \n\n      RECOMMENDATIONS\n\n      VMware recommends customers evaluate and deploy patches for\n      affected Servers in Table 1 below as these patches become\n      available. Patching these servers will remove the ability to\n      exploit the vulnerability described in CVE-2014-0224 on both\n      clients and servers. VMware recommends customers consider \n      applying patches to products listed in Table 2 \u0026 3 as required. \n\n      Column 4 of the following tables lists the action required to\n      remediate the vulnerability in each release, if a solution is\n      available. \n\n      VMware                          Product  Running   Replace with/\n      Product                         Version  on        Apply Patch \n      ==============                  =======  =======   =============\n      ESXi                            5.5       ESXi     ESXi550-\n                                                         201406401-SG \n\n      Big Data Extensions             1.1                patch pending \n      Charge Back Manager             2.6                patch pending \n\n      Horizon Workspace Server \n      GATEWAY                         1.8.1              patch pending \n      Horizon Workspace Server \n      GATEWAY                         1.5                patch pending \n\n      Horizon Workspace Server \n      DATA                            1.8.1              patch pending \n\n      Horizon Mirage Edge Gateway     4.4.2              patch pending \n      Horizon View                    5.3.1              patch pending \n\n      Horizon View Feature Pack       5.3 SP2            patch pending \n\n      NSX for Multi-Hypervisor        4.1.2              patch pending \n      NSX for Multi-Hypervisor        4.0.3              patch pending \n      NSX for vSphere                 6.0.4              patch pending \n      NVP                             3.2.2              patch pending \n      vCAC                            6.0.1              patch pending \n\n      vCloud Networking and Security  5.5.2 \t\t patch pending \n      vCloud Networking and Security  5.1.2 \t\t patch pending \n\n      vFabric Web Server              5.3.4              patch pending \n\n      vCHS - DPS-Data Protection      2.0                patch pending \n      Service\n\n      Table 2\n      ========\n      Affected clients running a vulnerable version of OpenSSL 0.9.8 \n      or 1.0.1 and communicating over an untrusted network. \n\n      VMware                          Product  Running   Replace with/\n      Product                         Version  on        Apply Patch \n      ==============                  =======  =======   =============\n      vCSA                            5.5                patch pending \n      vCSA                            5.1                patch pending \n      vCSA                            5.0                patch pending \n\n\n      ESXi                            5.1       ESXi     patch pending \n      ESXi                            5.0       ESXi     patch pending  \n\n      Workstation                     10.0.2    any      patch pending \n      Workstation                     9.0.3     any      patch pending \n      Fusion                          6.x       OSX      patch pending \n      Fusion                          5.x       OSX      patch pending \n      Player                          10.0.2    any      patch pending \n      Player                          9.0.3     any      patch pending \n\n      Chargeback Manager              2.5.x              patch pending \n\n      Horizon Workspace Client for    1.8.1    OSX       patch pending \n      Mac\n      Horizon Workspace Client for    1.5      OSX       patch pending \n      Mac\n      Horizon Workspace Client for    1.8.1    Windows   patch pending \n      Windows       \n      Horizon Workspace Client for    1.5      Windows   patch pending \n\n      OVF Tool                        3.5.1              patch pending \n      OVF Tool                        3.0.1              patch pending \n\n      vCenter Operations Manager      5.8.1              patch pending \n\n      vCenter Support Assistant       5.5.0              patch pending \n      vCenter Support Assistant       5.5.1              patch pending \n      \n      vCD                             5.1.2              patch pending    \n      vCD                             5.1.3              patch pending \n      vCD                             5.5.1.1            patch pending \n      vCenter Site Recovery Manager   5.0.3.1            patch pending \n\n      Table 3\n      =======\n      The following table lists all affected clients running a\n      vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating\n      over an untrusted network. \n\n      VMware                          Product  Running   Replace with/\n      Product                         Version  on        Apply Patch \n      ==============                  =======  =======   =============\n      vCenter Server                  5.5       any      patch pending\n      vCenter Server                  5.1       any      patch pending\n      vCenter Server                  5.0       any      patch pending\n\n      Update Manager                  5.5       Windows  patch pending\n      Update Manager                  5.1       Windows  patch pending\n      Update Manager                  5.0       Windows  patch pending \n\n      Config Manager (VCM)            5.6                patch pending \n\n      Horizon View Client             5.3.1              patch pending \n      Horizon View Client             4.x                patch pending\n      Horizon Workspace               1.8.1              patch pending \n      Horizon Workspace               1.5                patch pending     \n \n   \n      ITBM Standard                   1.0.1              patch pending \n      ITBM Standard                   1.0                patch pending \n   \n      Studio                          2.6.0.0            patch pending \n    \n      Usage Meter                     3.3                patch pending \n      vCenter Chargeback Manager      2.6                patch pending \n      vCenter Converter Standalone    5.5                patch pending \n      vCenter Converter Standalone    5.1                patch pending \n      vCD (VCHS)                      5.6.2              patch pending \n      \n      vCenter Site Recovery Manager   5.5.1              patch pending \n      vCenter Site Recovery Manager   5.1.1              patch pending\n\n      vFabric Application Director    5.2.0              patch pending \n      vFabric Application Director    5.0.0              patch pending \n      View Client                     5.3.1              patch pending \n      View Client                     4.x                patch pending\n      VIX API                         5.5                patch pending \n      VIX API                         1.12               patch pending \n      \n      vMA (Management Assistant)      5.1.0.1            patch pending     \n  \n\n      VMware Data Recovery            2.0.3              patch pending \n     \n      VMware vSphere CLI              5.5                patch pending \n     \n      vSphere Replication             5.5.1              patch pending \n      vSphere Replication             5.6                patch pending \n      vSphere SDK for Perl            5.5                patch pending \n      vSphere Storage Appliance       5.5.1              patch pending \n      vSphere Storage Appliance       5.1.3              patch pending \n      vSphere Support Assistant       5.5.1              patch pending \n      vSphere Support Assistant       5.5.0              patch pending\n      vSphere Virtual Disk            5.5                patch pending \n      Development Kit                  \n      vSphere Virtual Disk            5.1                patch pending \n      Development Kit\n      vSphere Virtual Disk            5.0                patch pending \n      Development Kit\n \n   4. Solution\n\n   ESXi 5.5\n   ----------------------------\n\n   Download:\n   https://www.vmware.com/patchmgr/download.portal\n\n   Release Notes and Remediation Instructions:\n   http://kb.vmware.com/kb/2077359\n\n   5. References\n\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n   \n   https://www.openssl.org/news/secadv_20140605.txt\n\n- -----------------------------------------------------------------------\n\n6. Change Log\n\n   2014-06-10 VMSA-2014-0006\n   Initial security advisory in conjunction with the release of\n   ESXi 5.5 updates on 2014-06-10\n\n- -----------------------------------------------------------------------\n \n7. Contact\n\n   E-mail list for product security notifications and announcements:\n   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n   This Security Advisory is posted to the following lists:\n\n    security-announce at lists.vmware.com\n    bugtraq at securityfocus.com\n    fulldisclosure at seclists.org\n\n   E-mail: security at vmware.com\n   PGP key at: http://kb.vmware.com/kb/1055\n\n   VMware Security Advisories\n   http://www.vmware.com/security/advisories\n\n   VMware Security Response Policy\n   https://www.vmware.com/support/policies/security_response.html\n\n   VMware Lifecycle Support Phases\n   https://www.vmware.com/support/policies/lifecycle.html\n \n   Twitter\n   https://twitter.com/VMwareSRC\n\n   Copyright 2014 VMware Inc.  All rights reserved. The\nupdates are available from the following location using ftp:\n\nftp://srt03046:Secure12@ftp.usa.hp.com\n\nUser name: srt03046\nPassword: Secure12 ( NOTE: Case sensitive)\n\nHP-UX Release\n HP-UX OpenSSL version\n\nB.11.11 (11i v1)\n A.00.09.08za.001_HP-UX_B.11.11_32+64.depot\n\nB.11.23 (11i v2)\n A.00.09.08za.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n A.00.09.08za.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08za or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. OpenSSL Security Advisory [05 Jun 2014]\n========================================\n\nSSL/TLS MITM vulnerability (CVE-2014-0224)\n===========================================\n\nAn attacker using a carefully crafted handshake can force the use of weak\nkeying material in OpenSSL SSL/TLS clients and servers. This can be exploited\nby a Man-in-the-middle (MITM) attack where the attacker can decrypt and \nmodify traffic from the attacked client and server. \n\nThe attack can only be performed between a vulnerable client *and*\nserver. Users\nof OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. \n\nOpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. \nOpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. \nOpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h. \n\nThanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and\nresearching this issue.  This issue was reported to OpenSSL on 1st May\n2014 via JPCERT/CC. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team partly based\non an original patch from KIKUCHI Masashi. \n\nDTLS recursion flaw (CVE-2014-0221)\n====================================\n\nBy sending an invalid DTLS handshake to an OpenSSL DTLS client the code\ncan be made to recurse eventually crashing in a DoS attack. \n\nOnly applications using OpenSSL as a DTLS client are affected. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.  This\nissue was reported to OpenSSL on 9th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nDTLS invalid fragment vulnerability (CVE-2014-0195)\n====================================================\n\nA buffer overrun attack can be triggered by sending invalid DTLS fragments\nto an OpenSSL DTLS client or server. \n\nOnly applications using OpenSSL as a DTLS client or server affected. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to J\u00fcri Aedla for reporting this issue.  This issue was\nreported to OpenSSL on 23rd April 2014 via HP ZDI. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nSSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)\n=================================================================\n\nA flaw in the do_ssl3_write function can allow remote attackers to\ncause a denial of service via a NULL pointer dereference.  This flaw\nonly affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is\nenabled, which is not the default and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public.  The fix was developed by\nMatt Caswell of the OpenSSL development team. \n\nSSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)\n===============================================================================\n \nA race condition in the ssl3_read_bytes function can allow remote\nattackers to inject data across sessions or cause a denial of service. \nThis flaw only affects multithreaded applications using OpenSSL 1.0.0\nand 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the\ndefault and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public.  \n\nAnonymous ECDH denial of service (CVE-2014-3470)\n================================================\n\nOpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a\ndenial of service attack. \n\nOpenSSL 0.9.8 users should upgrade to 0.9.8za\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThanks to Felix Gr\u00f6bert and Ivan Fratri\u0107 at Google for discovering this\nissue.  This issue was reported to OpenSSL on 28th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOther issues\n============\n\nOpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for\nCVE-2014-0076: Fix for the attack described in the paper \"Recovering\nOpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack\"\nReported by Yuval Yarom and Naomi Benger.  This issue was previously\nfixed in OpenSSL 1.0.1g. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20140605.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. Relevant releases/architectures:\n\nRed Hat Storage Server 2.1 - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. \nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Package List:\n\nRed Hat Storage Server 2.1:\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002765"
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-173"
      },
      {
        "db": "BID",
        "id": "67900"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0195"
      },
      {
        "db": "PACKETSTORM",
        "id": "127917"
      },
      {
        "db": "PACKETSTORM",
        "id": "127018"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127045"
      },
      {
        "db": "PACKETSTORM",
        "id": "127086"
      },
      {
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "db": "PACKETSTORM",
        "id": "126930"
      }
    ],
    "trust": 3.33
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0195",
        "trust": 3.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-173",
        "trust": 2.1
      },
      {
        "db": "BID",
        "id": "67900",
        "trust": 1.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10075",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "59659",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58977",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59310",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59305",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59189",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59721",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59587",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58337",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59491",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59300",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60571",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59287",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58939",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59162",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58743",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59449",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59364",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59990",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59192",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58945",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59126",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61254",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59175",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59655",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59451",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59429",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59040",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59306",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59518",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58660",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59530",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59490",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59666",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59514",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59784",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58615",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59188",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59413",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58713",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58883",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58714",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59365",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59441",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59223",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59454",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59450",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59301",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59895",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59342",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59669",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59437",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59528",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030337",
        "trust": 1.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10629",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU93868849",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002765",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-2304",
        "trust": 0.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-094-04",
        "trust": 0.4
      },
      {
        "db": "DLINK",
        "id": "SAP10045",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0195",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127917",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127018",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127807",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127630",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127045",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127086",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126961",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126930",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-173"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0195"
      },
      {
        "db": "BID",
        "id": "67900"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002765"
      },
      {
        "db": "PACKETSTORM",
        "id": "127917"
      },
      {
        "db": "PACKETSTORM",
        "id": "127018"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127045"
      },
      {
        "db": "PACKETSTORM",
        "id": "127086"
      },
      {
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "db": "PACKETSTORM",
        "id": "126930"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0195"
      }
    ]
  },
  "id": "VAR-201406-0137",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.40652013894736844
  },
  "last_update_date": "2024-07-23T21:11:52.075000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DTLS invalid fragment vulnerability (CVE-2014-0195)",
        "trust": 1.5,
        "url": "http://www.openssl.org/news/secadv_20140605.txt"
      },
      {
        "title": "HT6443",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht6443"
      },
      {
        "title": "HT6443",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht6443?viewlocale=ja_jp"
      },
      {
        "title": "KB36051",
        "trust": 0.8,
        "url": "http://www.blackberry.com/btsc/kb36051"
      },
      {
        "title": "cisco-sa-20140605-openssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl"
      },
      {
        "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "http://fedoraproject.org/ja/"
      },
      {
        "title": "Multiple Vulnerabilities in OpenSSL",
        "trust": 0.8,
        "url": "http://www.fortiguard.com/advisory/fg-ir-14-018/"
      },
      {
        "title": "HIRT-PUB14010",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/hirt/publications/hirt-pub14010/index.html"
      },
      {
        "title": "HPSBHF03293 SSRT101846",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04595951"
      },
      {
        "title": "Once Bled, Twice Shy (OpenSSL: CVE-2014-0195)",
        "trust": 0.8,
        "url": "http://h30499.www3.hp.com/t5/hp-security-research-blog/once-bled-twice-shy-openssl-cve-2014-0195/ba-p/6501048#.u5ulr1scgdu"
      },
      {
        "title": "ZDI-14-173/CVE-2014-0195 - OpenSSL DTLS Fragment Out-of-Bounds Write: Breaking up is hard to do",
        "trust": 0.8,
        "url": "http://h30499.www3.hp.com/t5/hp-security-research-blog/zdi-14-173-cve-2014-0195-openssl-dtls-fragment-out-of-bounds/ba-p/6501002#.u5ulsvscgdu"
      },
      {
        "title": "1673137",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
      },
      {
        "title": "1676035",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
      },
      {
        "title": "1676062",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
      },
      {
        "title": "1676419",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
      },
      {
        "title": "1677695",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
      },
      {
        "title": "1677828",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
      },
      {
        "title": "1676128",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128"
      },
      {
        "title": "1678167",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
      },
      {
        "title": "00001841",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
      },
      {
        "title": "1678289",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
      },
      {
        "title": "00001843",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
      },
      {
        "title": "2079783",
        "trust": 0.8,
        "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_us\u0026cmd=displaykc\u0026externalid=2079783"
      },
      {
        "title": "SB10075",
        "trust": 0.8,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075"
      },
      {
        "title": "Fix for CVE-2014-0195",
        "trust": 0.8,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1632ef744872edc2aa2a53d487d3e79c965a4ad3"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2014",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html"
      },
      {
        "title": "Bug 1103598",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103598"
      },
      {
        "title": "SA80",
        "trust": 0.8,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80"
      },
      {
        "title": "Huawei-SA-20140613-OpenSSL",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
      },
      {
        "title": "SOL15356: OpenSSL vulnerability CVE-2014-0195",
        "trust": 0.8,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html"
      },
      {
        "title": "January 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update"
      },
      {
        "title": "CVE-2014-0195 Buffer Errors vulnerability in OpenSSL",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0195_buffer_errors"
      },
      {
        "title": "VMSA-2014-0012",
        "trust": 0.8,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "title": "OpenSSL\u306e\u8106\u5f31\u6027(CVE-2014-0224\u4ed6)\u306b\u3088\u308b\u30c6\u30fc\u30d7\u30e9\u30a4\u30d6\u30e9\u30ea\u88c5\u7f6e\u3078\u306e\u5f71\u97ff\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/openssl_cve20140224_tape_library.html"
      },
      {
        "title": "cisco-sa-20140605-openssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1122/1122700_cisco-sa-20140605-openssl-j.html"
      },
      {
        "title": "Symfoware Server: OpenSSL\u306e\u8106\u5f31\u6027(CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470)(2014\u5e747\u670815\u65e5)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201404.html"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/07/25/how_long_is_too_long_to_wait_for_a_security_update/"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/06/06/thanks_for_nothing_openssl_cries_stonewalled_de_raadt/"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/06/05/openssl_bug_batch/"
      },
      {
        "title": "Red Hat: CVE-2014-0195",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0195"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-3"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-4"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-2"
      },
      {
        "title": "Debian Security Advisories: DSA-2950-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=909292f2afe623fbec51f7ab6b32f790"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-349",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-349"
      },
      {
        "title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201"
      },
      {
        "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60"
      },
      {
        "title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "CVE-2014-0195",
        "trust": 0.1,
        "url": "https://github.com/ricedu/cve-2014-0195 "
      },
      {
        "title": "changelog",
        "trust": 0.1,
        "url": "https://github.com/securityrouter/changelog "
      },
      {
        "title": "changelog",
        "trust": 0.1,
        "url": "https://github.com/halon/changelog "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/potterxma/linux-deployment-standard "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/sf4bin/seeker_dataset "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/hrbrmstr/internetdb "
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-173"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002765"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-120",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002765"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0195"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.openssl.org/news/secadv_20140605.txt"
      },
      {
        "trust": 1.4,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
      },
      {
        "trust": 1.4,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
      },
      {
        "trust": 1.4,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
      },
      {
        "trust": 1.4,
        "url": "http://www.fortiguard.com/advisory/fg-ir-14-018/"
      },
      {
        "trust": 1.4,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757"
      },
      {
        "trust": 1.4,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756"
      },
      {
        "trust": 1.4,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755"
      },
      {
        "trust": 1.4,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
      },
      {
        "trust": 1.4,
        "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
      },
      {
        "trust": 1.4,
        "url": "http://support.citrix.com/article/ctx140876"
      },
      {
        "trust": 1.4,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
      },
      {
        "trust": 1.2,
        "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
      },
      {
        "trust": 1.1,
        "url": "http://h30499.www3.hp.com/t5/hp-security-research-blog/once-bled-twice-shy-openssl-cve-2014-0195/ba-p/6501048"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103598"
      },
      {
        "trust": 1.1,
        "url": "http://h30499.www3.hp.com/t5/hp-security-research-blog/zdi-14-173-cve-2014-0195-openssl-dtls-fragment-out-of-bounds/ba-p/6501002"
      },
      {
        "trust": 1.1,
        "url": "http://www.blackberry.com/btsc/kb36051"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59301"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59450"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59491"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59721"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59655"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59659"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59162"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59528"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58939"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59666"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59587"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59126"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59490"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59514"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59669"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59413"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58883"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59300"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59895"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59530"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59342"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59451"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58743"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59990"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60571"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59784"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht6443"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/dec/23"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020163"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030337"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/67900"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:106"
      },
      {
        "trust": 1.1,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
      },
      {
        "trust": 1.1,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
      },
      {
        "trust": 1.1,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61254"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59518"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59454"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59449"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59441"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59437"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59429"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59365"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59364"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59310"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59306"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59305"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59287"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59223"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59192"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59189"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59188"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59175"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59040"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58977"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58945"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58714"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58713"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58660"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58615"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58337"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=1632ef744872edc2aa2a53d487d3e79c965a4ad3"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu93868849/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0195"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
      },
      {
        "trust": 0.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
      },
      {
        "trust": 0.3,
        "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045"
      },
      {
        "trust": 0.3,
        "url": "http://www.cerberusftp.com/products/releasenotes.html"
      },
      {
        "trust": 0.3,
        "url": "http://googlechromereleases.blogspot.com/2014/06/chrome-for-android-update.html"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/"
      },
      {
        "trust": 0.3,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0195_buffer_errors"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678123"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181245"
      },
      {
        "trust": 0.3,
        "url": "http://www8.hp.com/us/en/software-solutions/operations-analytics-operations-analysis/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685551"
      },
      {
        "trust": 0.3,
        "url": "http://www.marshut.com/ixwnpv/stunnel-5-02-released.html"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181099"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/mar/84"
      },
      {
        "trust": 0.3,
        "url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04343424"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04363613"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368523"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04337774"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04336637"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676673"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-14-173/"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html"
      },
      {
        "trust": 0.3,
        "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676793"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676840"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020163"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682023"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682024"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678289"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004695"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
      },
      {
        "trust": 0.3,
        "url": "http://www.ubuntu.com/usn/usn-2232-4/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.2,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/120.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/ricedu/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34546"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2232-3/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1356843"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2232-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.21"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2232-4"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-f6c141a7feeb4a358bbb28300f"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-bd9a1cf60e344c549c4888db93"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-3395d737d98f42149125b9bb05"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-c0d32bac154a4d93839d8cd1f2"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-8aefeaf490284a7691eca97d13"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-e8076c2a35804685ad65b2b1ba"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/vmwaresrc"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2077359"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/lifecycle.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/patchmgr/download.portal"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0224.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/site/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0198.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/site/solutions/906703"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/site/articles/904433"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2010-5298.html"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0628.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3470.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0221.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0195.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/#package"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-173"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0195"
      },
      {
        "db": "BID",
        "id": "67900"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002765"
      },
      {
        "db": "PACKETSTORM",
        "id": "127917"
      },
      {
        "db": "PACKETSTORM",
        "id": "127018"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127045"
      },
      {
        "db": "PACKETSTORM",
        "id": "127086"
      },
      {
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "db": "PACKETSTORM",
        "id": "126930"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0195"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-14-173"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0195"
      },
      {
        "db": "BID",
        "id": "67900"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002765"
      },
      {
        "db": "PACKETSTORM",
        "id": "127917"
      },
      {
        "db": "PACKETSTORM",
        "id": "127018"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127045"
      },
      {
        "db": "PACKETSTORM",
        "id": "127086"
      },
      {
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "db": "PACKETSTORM",
        "id": "126930"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0195"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-06-05T00:00:00",
        "db": "ZDI",
        "id": "ZDI-14-173"
      },
      {
        "date": "2014-06-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0195"
      },
      {
        "date": "2014-06-05T00:00:00",
        "db": "BID",
        "id": "67900"
      },
      {
        "date": "2014-06-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002765"
      },
      {
        "date": "2014-08-18T23:09:13",
        "db": "PACKETSTORM",
        "id": "127917"
      },
      {
        "date": "2014-06-10T17:34:04",
        "db": "PACKETSTORM",
        "id": "127018"
      },
      {
        "date": "2014-08-08T21:53:16",
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "date": "2014-07-28T20:36:25",
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "date": "2014-06-11T23:18:46",
        "db": "PACKETSTORM",
        "id": "127045"
      },
      {
        "date": "2014-06-13T13:31:32",
        "db": "PACKETSTORM",
        "id": "127086"
      },
      {
        "date": "2014-06-05T21:13:52",
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "date": "2014-06-05T15:19:35",
        "db": "PACKETSTORM",
        "id": "126930"
      },
      {
        "date": "2014-06-05T21:55:06.147000",
        "db": "NVD",
        "id": "CVE-2014-0195"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-06-05T00:00:00",
        "db": "ZDI",
        "id": "ZDI-14-173"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0195"
      },
      {
        "date": "2017-05-23T16:25:00",
        "db": "BID",
        "id": "67900"
      },
      {
        "date": "2015-12-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002765"
      },
      {
        "date": "2023-11-07T02:18:11.613000",
        "db": "NVD",
        "id": "CVE-2014-0195"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "67900"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  d1_both.c of  dtls1_reassemble_fragment Vulnerability in arbitrary code execution in function",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002765"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "67900"
      }
    ],
    "trust": 0.3
  }
}

var-200609-1445
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it.

Update:

There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

               VMware Security Advisory

Advisory ID: VMSA-2007-0001 Synopsis: VMware ESX server security updates Issue date: 2007-01-08 Updated on: 2007-01-08 CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-4980

  1. Summary:

Updated ESX Patches address several security issues.

  1. Relevant releases:

VMware ESX 3.0.1 without patch ESX-9986131 VMware ESX 3.0.0 without patch ESX-3069097

VMware ESX 2.5.4 prior to upgrade patch 3 VMware ESX 2.5.3 prior to upgrade patch 6 VMware ESX 2.1.3 prior to upgrade patch 4 VMware ESX 2.0.2 prior to upgrade patch 4

  1. Problem description:

Problems addressed by these patches:

a. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) assigned the name CVE-2006-3589 to this issue.

b. 

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
CVE-2006-4339, and CVE-2006-4343 to these issues.

c. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.

d. Object reuse problems with newly created virtual disk (.vmdk or .dsk) files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w.

e. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2006-4980 to this issue.
  1. Solution:

Please review the Patch notes for your version of ESX and verify the md5sum.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Contact:

http://www.vmware.com/security

VMware Security Response Policy http://www.vmware.com/vmtn/technology/security/security_response.html

E-mail: security@vmware.com

Copyright 2007 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE neFG0RikD74TCYeXKW6CBy4= =9/6k -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . This can result in an infinite loop which consumes system memory. ASN.1 Denial of Service Attack (2/2)

 Certain types of public key can take disproportionate amounts of
 time to process. This could be used by an attacker in a denial of
 service attack. SSL_get_shared_ciphers() Buffer Overflow

 A buffer overflow was discovered in the SSL_get_shared_ciphers()
 utility function. An attacker could send a list of ciphers to an
 application that uses this function and overrun a buffer. SSLv2 Client Crash

 A flaw in the SSLv2 client code was discovered.

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1445",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.2.6-p1"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.3.2-p1"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. Henson  of the OpenSSL core team and Open Network Security is credited  with the discovery of this vulnerability. He created the test suite that uncovered this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-2937",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2007-0001\nSynopsis:          VMware ESX server security updates\nIssue date:        2007-01-08\nUpdated on:        2007-01-08\nCVE:               CVE-2006-3589 CVE-2006-2937 CVE-2006-2940\n                   CVE-2006-3738 CVE-2006-4339 CVE-2006-4343\n                   CVE-2006-4980\n- -------------------------------------------------------------------\n\n1. Summary:\n\nUpdated ESX Patches address several security issues. \n\n2. Relevant releases:\n\nVMware ESX 3.0.1 without patch ESX-9986131\nVMware ESX 3.0.0 without patch ESX-3069097\n\nVMware ESX 2.5.4 prior to upgrade patch 3\nVMware ESX 2.5.3 prior to upgrade patch 6\nVMware ESX 2.1.3 prior to upgrade patch 4\nVMware ESX 2.0.2 prior to upgrade patch 4\n\n3. Problem description:\n\nProblems addressed by these patches:\n\na. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. The Common Vulnerabilities and Exposures project\n    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue. \n\nb. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,\n    CVE-2006-4339, and CVE-2006-4343 to these issues. \n\nc. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,\n    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues. \n\nd. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. \n\ne. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the name CVE-2006-4980 to this issue. \n\n4. Solution:\n\nPlease review the Patch notes for your version of ESX and verify the md5sum. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. Contact:\n\nhttp://www.vmware.com/security\n\nVMware Security Response Policy\nhttp://www.vmware.com/vmtn/technology/security/security_response.html\n\nE-mail:  security@vmware.com\n\nCopyright 2007 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE\nneFG0RikD74TCYeXKW6CBy4=\n=9/6k\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. This can result in an infinite loop which\n     consumes system memory. ASN.1 Denial of Service Attack (2/2)\n\n     Certain types of public key can take disproportionate amounts of\n     time to process. This could be used by an attacker in a denial of\n     service attack. SSL_get_shared_ciphers() Buffer Overflow\n\n     A buffer overflow was discovered in the SSL_get_shared_ciphers()\n     utility function. An attacker could send a list of ciphers to an\n     application that uses this function and overrun a buffer. SSLv2 Client Crash\n \n     A flaw in the SSLv2 client code was discovered. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nReferences: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      }
    ],
    "trust": 5.31
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.9
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101257",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200609-1445",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-05-20T22:28:41.668000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "BIND 9: OpenSSL Vulnerabilities",
        "trust": 0.8,
        "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "title": "102759",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.5,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2006-10-04T00:47:19",
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2011-05-10T00:45:11",
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  }
}

var-200110-0182
Vulnerability from variot

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. OpenSSL Library utility functions 1 First, output a list of encryption algorithms used for communication as a readable character string. SSL_get_shared_ciphers() there is. SSL_get_shared_ciphers() There is a buffer overflow vulnerability in the processing of.OpenSSL Any code may be executed with the privileges of the application that uses it. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication. A local attacker could perform a side channel attack to retrieve the RSA private keys. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

============================================================================= FreeBSD-SA-07:08.openssl Security Advisory The FreeBSD Project

Topic: Buffer overflow in OpenSSL SSL_get_shared_ciphers()

Category: contrib Module: openssl Announced: 2007-10-03 Credits: Moritz Jodeit Affects: All FreeBSD releases. Corrected: 2007-10-03 21:39:43 UTC (RELENG_6, 6.2-STABLE) 2007-10-03 21:40:35 UTC (RELENG_6_2, 6.2-RELEASE-p8) 2007-10-03 21:41:22 UTC (RELENG_6_1, 6.1-RELEASE-p20) 2007-10-03 21:42:00 UTC (RELENG_5, 5.5-STABLE) 2007-10-03 21:42:32 UTC (RELENG_5_5, 5.5-RELEASE-p16) CVE Name: CVE-2007-5135

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. Problem Description

A buffer overflow addressed in FreeBSD-SA-06:23.openssl has been found to be incorrectly fixed.

III.

IV. Workaround

No workaround is available, but only applications using the SSL_get_shared_ciphers() function are affected.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the correction date.

2) To patch your present system:

The following patch have been verified to apply to FreeBSD 5.5, 6.1, and 6.2 systems.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch

fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc

b) Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

cd /usr/src/secure/lib/libssl

make obj && make depend && make && make install

VI. Correction details

The following list contains the revision numbers of each file that was corrected in FreeBSD.

Branch Revision Path

RELENG_5 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.3 RELENG_5_5 src/UPDATING 1.342.2.35.2.16 src/sys/conf/newvers.sh 1.62.2.21.2.18 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.4.2 RELENG_6 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.2 RELENG_6_2 src/UPDATING 1.416.2.29.2.11 src/sys/conf/newvers.sh 1.69.2.13.2.11 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.1.2.1 RELENG_6_1 src/UPDATING 1.416.2.22.2.22 src/sys/conf/newvers.sh 1.69.2.11.2.22 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.6.2

VII. ASN.1 Denial of Service Attack (1/2)

 During the parsing of certain invalid ASN.1 structures an error
 condition is mishandled. This can result in an infinite loop which
 consumes system memory. The Common Vulnerabilities and Exposures
 (CVE) project assigned the id CVE-2006-2937 [2] to the problem. ASN.1 Denial of Service Attack (2/2)

 Certain types of public key can take disproportionate amounts of
 time to process. This could be used by an attacker in a denial of
 service attack. The Common Vulnerabilities and Exposures (CVE)
 project assigned the id CVE-2006-2940 [3] to the problem. SSL_get_shared_ciphers() Buffer Overflow

 A buffer overflow was discovered in the SSL_get_shared_ciphers()
 utility function. The
 Common Vulnerabilities and Exposures (CVE) project assigned the id
 CVE-2006-3780 [4] to the problem. SSLv2 Client Crash

 A flaw in the SSLv2 client code was discovered. The
 Common Vulnerabilities and Exposures (CVE) project assigned the id
 CVE-2006-4343 [5] to the problem.

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: PGP 8.1

iQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I otH/juFiPayhwdxQwX1pZwdm =e4BA -----END PGP SIGNATURE----- . HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code. Additionally Dr. Stephen N.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. (CVE-2006-4343)

Updated packages are patched to address these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

. The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

BACKGROUND

RESOLUTION

HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

PRODUCT SPECIFIC INFORMATION

The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0182",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10cu2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0.8"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux personal",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "11"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "11 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "wizpy",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-26000"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.10"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.9"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "networks meridian option 61c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "systems management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.168"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "x8610.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux database server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "stonebeat fullcluster for gauntlet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1050"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "networks meridian option 51c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "aironet acs350 c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3502.6"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "6000"
      },
      {
        "model": "networks cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1000"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.5"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "fuji",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "networks meridian option 81c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.4"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "networks self-service mps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5000"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5.2"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "2700"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1740"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1010"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.1"
      },
      {
        "model": "networks communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1000"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0.0x64"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.50.3.45"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-45000"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-46000"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "17500"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5000"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "ciscosecure acs appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1111"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.6"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "networks ip address domain manager",
        "scope": null,
        "trust": 0.3,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "mds 9216i",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.3"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.10.2.65"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "networks meridian option 11c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0.1"
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1700"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "ciscosecure acs for windows and unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "stonebeat fullcluster for isa server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1100"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "networks wlan access point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "7250.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.48"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.47"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.22"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i standard edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i personal edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i enterprise edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle8i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "oracle8i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4.0"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.5"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.4.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.0.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.2.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.1.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "identity management 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.0.1"
      },
      {
        "model": "9i application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0.2.2"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3"
      },
      {
        "model": "e-business suite 11i cu2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.9"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.8"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.7"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "developer suite 6i",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.2"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.1"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.0"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.2.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle for openview for linux ltu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1.1"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.7"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Tavis Ormandy taviso@gentoo.org Will Drewry wad@google.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-3738",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2006-3738",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-3738",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#221788",
            "trust": 0.8,
            "value": "4.20"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-536",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. OpenSSL Library utility functions 1 First, output a list of encryption algorithms used for communication as a readable character string. SSL_get_shared_ciphers() there is. SSL_get_shared_ciphers() There is a buffer overflow vulnerability in the processing of.OpenSSL Any code may be executed with the privileges of the application that uses it. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nSuccessfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. A flaw has also been reported in the\nBN_from_montgomery() function in crypto/bn/bn_mont.c when performing\nMontgomery multiplication. A local attacker could\nperform a side channel attack to retrieve the RSA private keys. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-07:08.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          Buffer overflow in OpenSSL SSL_get_shared_ciphers()\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2007-10-03\nCredits:        Moritz Jodeit\nAffects:        All FreeBSD releases. \nCorrected:      2007-10-03 21:39:43 UTC (RELENG_6, 6.2-STABLE)\n                2007-10-03 21:40:35 UTC (RELENG_6_2, 6.2-RELEASE-p8)\n                2007-10-03 21:41:22 UTC (RELENG_6_1, 6.1-RELEASE-p20)\n                2007-10-03 21:42:00 UTC (RELENG_5, 5.5-STABLE)\n                2007-10-03 21:42:32 UTC (RELENG_5_5, 5.5-RELEASE-p16)\nCVE Name:       CVE-2007-5135\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured,\nand Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII.  Problem Description\n\nA buffer overflow addressed in FreeBSD-SA-06:23.openssl has been found\nto be incorrectly fixed. \n\nIII. \n\nIV.  Workaround\n\nNo workaround is available, but only applications using the\nSSL_get_shared_ciphers() function are affected. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the\nRELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the\ncorrection date. \n\n2) To patch your present system:\n\nThe following patch have been verified to apply to FreeBSD 5.5, 6.1,\nand 6.2 systems. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch\n# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# cd /usr/src/secure/lib/libssl\n# make obj \u0026\u0026 make depend \u0026\u0026 make \u0026\u0026 make install\n\nVI.  Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nBranch                                                           Revision\n  Path\n- -------------------------------------------------------------------------\nRELENG_5\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.11.2.3\nRELENG_5_5\n  src/UPDATING                                            1.342.2.35.2.16\n  src/sys/conf/newvers.sh                                  1.62.2.21.2.18\n  src/crypto/openssl/ssl/ssl_lib.c                       1.1.1.11.2.1.4.2\nRELENG_6\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.2.2\nRELENG_6_2\n  src/UPDATING                                            1.416.2.29.2.11\n  src/sys/conf/newvers.sh                                  1.69.2.13.2.11\n  src/crypto/openssl/ssl/ssl_lib.c                       1.1.1.12.2.1.2.1\nRELENG_6_1\n  src/UPDATING                                            1.416.2.22.2.22\n  src/sys/conf/newvers.sh                                  1.69.2.11.2.22\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.6.2\n- -------------------------------------------------------------------------\n\nVII. ASN.1 Denial of Service Attack (1/2)\n\n     During the parsing of certain invalid ASN.1 structures an error\n     condition is mishandled. This can result in an infinite loop which\n     consumes system memory. The Common Vulnerabilities and Exposures\n     (CVE) project assigned the id CVE-2006-2937 [2] to the problem. ASN.1 Denial of Service Attack (2/2)\n\n     Certain types of public key can take disproportionate amounts of\n     time to process. This could be used by an attacker in a denial of\n     service attack. The Common Vulnerabilities and Exposures (CVE)\n     project assigned the id CVE-2006-2940 [3] to the problem. SSL_get_shared_ciphers() Buffer Overflow\n\n     A buffer overflow was discovered in the SSL_get_shared_ciphers()\n     utility function. The\n     Common Vulnerabilities and Exposures (CVE) project assigned the id\n     CVE-2006-3780 [4] to the problem. SSLv2 Client Crash\n \n     A flaw in the SSLv2 client code was discovered. The\n     Common Vulnerabilities and Exposures (CVE) project assigned the id\n     CVE-2006-4343 [5] to the problem. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nReferences: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I\notH/juFiPayhwdxQwX1pZwdm\n=e4BA\n-----END PGP SIGNATURE-----\n. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. Additionally Dr. Stephen N. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "59899"
      },
      {
        "db": "PACKETSTORM",
        "id": "59797"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      }
    ],
    "trust": 5.85
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738",
        "trust": 3.9
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 3.7
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 2.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22654",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22633",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30161",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4314",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4443",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29262",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "TA07-017A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "59899",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "59797",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "db": "PACKETSTORM",
        "id": "59899"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "59797"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "id": "VAR-200110-0182",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.346980685
  },
  "last_update_date": "2024-05-17T22:30:40.314000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Critical Patch Update - January 2007",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "openssl (V2.x)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1003"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102711",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "TLSA-2007-52",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2007/tlsa-2007-52.txt"
      },
      {
        "title": "Critical Patch Update - January 2007",
        "trust": 0.8,
        "url": "http://otn.oracle.co.jp/security/070119_77/top.html"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      },
      {
        "title": "TLSA-2007-52",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2007/tlsa-2007-52j.txt"
      },
      {
        "title": "vu386964-547300",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/vu386964-547300.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.7,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/547300"
      },
      {
        "trust": 1.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20249"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22633"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22654"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30161"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29262"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4314"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4443"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026documentoid=498093\u0026renditionid=\u0026poid=8881"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4256"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9370"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta07-017a/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta07-017a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3738"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta07-017a.html"
      },
      {
        "trust": 0.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.4,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.4,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/en/support/security_advisories/2909_2006.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "/archive/1/481217"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www116.nortelnetworks.com/pub/repository/clarify/document/2006/44/021420-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/index.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/221788"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/457193"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/464470"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458657"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458036"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458006"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458037"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458005"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458041"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458038"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458475"
      },
      {
        "trust": 0.3,
        "url": "http://docs.info.apple.com/article.html?artnum=307177"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.2,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5135"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5135"
      },
      {
        "trust": 0.2,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://enigmail.mozdev.org"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3108"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3108"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
      },
      {
        "trust": 0.1,
        "url": "http://h30097.www3.hp.com/cma/patches.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-07:08/openssl.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3738"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-07:08.openssl.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-07:08/openssl.patch"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=119091888624735"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "db": "PACKETSTORM",
        "id": "59899"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "59797"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "db": "PACKETSTORM",
        "id": "59899"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "59797"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20249"
      },
      {
        "date": "2007-01-16T00:00:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "date": "2007-10-09T00:39:04",
        "db": "PACKETSTORM",
        "id": "59899"
      },
      {
        "date": "2007-04-19T00:58:08",
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "date": "2007-10-05T05:29:31",
        "db": "PACKETSTORM",
        "id": "59797"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2011-05-10T00:45:11",
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2011-05-09T19:52:00",
        "db": "BID",
        "id": "20249"
      },
      {
        "date": "2008-05-20T23:05:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000594"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      },
      {
        "date": "2018-10-17T21:29:08.090000",
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      }
    ],
    "trust": 0.6
  }
}

var-201501-0436
Vulnerability from variot

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. OpenSSL is prone to a security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04604357

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04604357 Version: 1

HPSBGN03299 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information, Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-03-19 Last Updated: 2015-03-19

Potential Security Impact: Remote disclosure of information, unauthorized access

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL including:

The SSL vulnerability known as "FREAK", which could be exploited remotely to allow disclosure of information. Other vulnerabilities which could be exploited remotely resulting in unauthorized access.

References:

CVE-2014-3570 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 SSRT101987

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. CVE-2014-3572 and CVE-2015-0204

HP IceWall MCRP Version 2.1 and 3.0
HP IceWall SSO Dfw Version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and Version 10.0
HP IceWall SSO Certd Version 8.0R3 with DB plugin patch 2 and Version

10.0 HP IceWall Federation Agent Version 3.0

CVE-2014-3570 and CVE-2014-8275

HP IceWall MCRP v2.1, v3.0
HP IceWall SSO Dfw v8.0, v8.0 R1, v8.0 R2, v8.0 R3, and v10.0
HP IceWall SSO Agent v8.0 and v8.0 2007 Update Release 2

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP recommends the following software updates and workaround instructions to resolve the vulnerabilities for HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent. IceWall SSO Dfw 10.0 and Certd 10.0, which are running on RHEL, could be using either the OS bundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still using the OpenSSL bundled with HP IceWall, please switch to the OpenSSL library bundled with the OS, and then follow the instructions in step 3. 

   Documents are available at the following location with instructions to

switch to the OS bundled OpenSSL library:

   http://www.hp.com/jp/icewall_patchaccess

2. For IceWall SSO Dfw and Certd for SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3,

and SSO Certd 8.0 R3 with DB plugin patch 2, which bundle OpenSSL, please download the updated OpenSSL at the following location:

   http://www.hp.com/jp/icewall_patchaccess

3. For HP IceWall products running on RHEL and are using the OS bundled

OpenSSL, RHEL has provided patch or mitigation instructions at the following location:

   https://access.redhat.com/articles/1369543

   Note: For RHEL6 (only) and CVE-2014-8275, please apply the RHEL6 patch

for OpenSSL from the following location:

      https://access.redhat.com/security/cve/CVE-2014-8275

4. For IceWall products running on HP-UX which are using the OS bundled

OpenSSL, please apply the HP-UX OpenSSL update from the following location:

    https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?produ

ctNumber=OPENSSL11I

WORKAROUND INSTRUCTIONS

HP recommends the following information to protect against potential risk from CVE-2014-3572 and CVE-2015-0204 for the following HP IceWall products. 

HP IceWall SSO Dfw and MCRP

  - If possible, do not use the SHOST setting which allows IceWall SSO

Dfw or MCRP to use SSL/TLS protocol to back-end web servers. 

  - If possible, do not use EXPORT-grade ciphers on the back-end web

servers. 

HP IceWall SSO Certd (version 10.0 and 8.0R3 applied DB plugin patch

release 2)

  - If possible, do not use the LDAPSSL setting which allows IceWall SSO

Certd to connect to the LDAP server using SSL/TLS protocol. 

  - If possible, do not use EXPORT-grade ciphers on the LDAP server.

IceWall Federation Agent

  - If possible, use "bindings:HTTP-POST" instead of

"bindings:HTTP-Artifact" setting in the service provider meta file. The "bindings:HTTP-POST" setting would disable IWFA to use SSL for communicating with IdP server.

Note: The HP IceWall product is only available in Japan.

HISTORY Version:1 (rev.1) - 19 March 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe

Easy Update Via ThinPro / EasyUpdate (x86):

http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar

Via ThinPro / EasyUpdate (ARM):

http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar

Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem.

The updated packages have been upgraded to the 1.0.0p version where these security flaws has been fixed.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 https://www.openssl.org/news/secadv_20150108.txt

Updated Packages:

Mandriva Business Server 1/X86_64: 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb LHbCdAkBpYHYSuaUwpiAu1w= =ePa9 -----END PGP SIGNATURE----- . Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:

http://www.hp.com/go/insightupdates

Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.

HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins. OpenSSL Security Advisory [08 Jan 2015] =======================================

DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)

Severity: Moderate

A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd.

This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL core team.

DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)

Severity: Moderate

A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion.

This issue affects OpenSSL versions: 1.0.1 and 1.0.0.

OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.

This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also provided an initial patch. Further analysis was performed by Matt Caswell of the OpenSSL development team, who also developed the final patch.

no-ssl3 configuration sets method to NULL (CVE-2014-3569)

Severity: Low

When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The fix was developed by Kurt Roeckx.

ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)

Severity: Low

An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.

RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)

Severity: Low

An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.

DH client certificates accepted without verification [Server] (CVE-2015-0205)

Severity: Low

An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered.

This issue affects OpenSSL versions: 1.0.1 and 1.0.0.

OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p.

This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.

Certificate fingerprints can be modified (CVE-2014-8275)

Severity: Low

OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint.

This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

One variant of this issue was discovered by Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program and reported to OpenSSL on 1st December 2014 by NCSC-FI Vulnerability Co-ordination. Another variant was independently reported to OpenSSL on 12th December 2014 by Konrad Kraszewski from Google. Further analysis was conducted and fixes were developed by Stephen Henson of the OpenSSL core team.

Bignum squaring may produce incorrect results (CVE-2014-3570)

Severity: Low

Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. The following has been determined:

) The probability of BN_sqr producing an incorrect result at random is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and 1/2^128 on affected 64-bit platforms. ) On most platforms, RSA follows a different code path and RSA operations are not affected at all. For the remaining platforms (e.g. OpenSSL built without assembly support), pre-existing countermeasures thwart bug attacks [1]. ) Static ECDH is theoretically affected: it is possible to construct elliptic curve points that would falsely appear to be on the given curve. However, there is no known computationally feasible way to construct such points with low order, and so the security of static ECDH private keys is believed to be unaffected. ) Other routines known to be theoretically affected are modular exponentiation, primality testing, DSA, RSA blinding, JPAKE and SRP. No exploits are known and straightforward bug attacks fail - either the attacker cannot control when the bug triggers, or no private key material is involved.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille (Blockstream) who also suggested an initial fix. Further analysis was conducted by the OpenSSL development team and Adam Langley of Google. The final fix was developed by Andy Polyakov of the OpenSSL core team.

[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150108.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.

A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. (CVE-2014-3570)

It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2015-0205)

All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-30.el6_6.5.src.rpm

i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-30.el6_6.5.src.rpm

x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-30.el6_6.5.src.rpm

i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm

ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm

s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm

x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-30.el6_6.5.src.rpm

i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-34.el7_0.7.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-34.el7_0.7.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-34.el7_0.7.src.rpm

ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm

s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm

x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-34.el7_0.7.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0436",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "powerlinux 7r2",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "communications core session manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "7.3.5"
      },
      {
        "model": "communications core session manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "7.2.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zc"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7200"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7700"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7800"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7100"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.1"
      },
      {
        "model": "sparc enterprise m3000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "sparc enterprise m5000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "agent 8.0"
      },
      {
        "model": "sparc enterprise m9000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.2"
      },
      {
        "model": "xcp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "2260"
      },
      {
        "model": "sparc enterprise m4000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 5.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.63"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle mobile security suite mss 3.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.71"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "agent 8.0 2007 update release 2"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r2"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "3.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "xcp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.1"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.22 and earlier"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.4"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.4"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r1"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.2"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 10.0"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.3"
      },
      {
        "model": "xcp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1120"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 5.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.1"
      },
      {
        "model": "xcp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "(fujitsu m10-1/m10-4/m10-4s server )"
      },
      {
        "model": "sparc enterprise m8000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.1"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7400"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "5200"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "5700"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7300"
      },
      {
        "model": "powerlinux 7r1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.1"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.5"
      },
      {
        "model": "mate collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7600"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.60"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "power system s822",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "bladecenter advanced management module 25r5778",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1948"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "783.00"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5205635"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.80"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "flex system p270 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7954-24x)0"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "6"
      },
      {
        "model": "power systems e870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22025850"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.4"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.50"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.3"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355042540"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "85100"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "flex system p260 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-23x)0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "hunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "junos os 13.3r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.19"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.1"
      },
      {
        "model": "prime security manager 04.8 qa08",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.70"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.21"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.7"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "cognos planning interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.4"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.3"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0-68"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.7"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355041980"
      },
      {
        "model": "power systems 350.c0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.842"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5750"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "app for netapp data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "flex system manager node types",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79550"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2-77"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "telepresence te software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "linux enterprise software development kit sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.1.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350073830"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "7"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.2.2.2"
      },
      {
        "model": "network configuration and change management service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37001.1"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.8"
      },
      {
        "model": "power system s814",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310025820"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.21"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.2"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.60"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.3"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.6.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.40"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power systems 350.b1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "cognos planning interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.12"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24087380"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power systems 350.e0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.21"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "alienvault",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.1"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.12"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.96"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50001.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "power systems 350.e1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6.156"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.00"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.8"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12"
      },
      {
        "model": "system management homepage c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079450"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "enterprise content delivery service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4(7.26)"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8.0.10"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.19"
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.4"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "app for stream",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "power systems 350.a0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.6"
      },
      {
        "model": "systems insight manager sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.3"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1(5.106)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.3"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.1.8"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1.8"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22079060"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.4"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x638370"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x88042590"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79180"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.11"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.9"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.00"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.02"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.102"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.22"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "application policy infrastructure controller 1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "820.03"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nextscale nx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54550"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5205577"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15-210"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x571451.43"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "10g vfsm for bladecenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365042550"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571910"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0-103"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12.201"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.16"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.95"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.3.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.81"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0-95"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.6"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.00"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "ace30 application control engine module 3.0 a5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "junos os 12.3r10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified computing system b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.96"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079150"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571480"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.6"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.6"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.7"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2.127"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.50"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.2"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "cms r17 r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087220"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.4"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350073800"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.60"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "powerlinux 7r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1-73"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "power systems 350.b0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system idataplex dx360 m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x63910"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.5"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "wag310g residential gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "power ese",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0-14"
      },
      {
        "model": "hunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571460"
      },
      {
        "model": "sametime community server hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x571431.43"
      },
      {
        "model": "as infinity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8.1"
      },
      {
        "model": "cognos controller if1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "820.02"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.2"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.00"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.11"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.7"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "linux enterprise server for vmware sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux enterprise server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(0.625)"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "agent desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x88079030"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "sametime community server limited use",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "flex system p260 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-22x)0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24087370"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571470"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "jabber voice for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.10"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12.1"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "52056340"
      },
      {
        "model": "ctpos 7.0r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "system management homepage a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11.197"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "power system s824l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15210"
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365041990"
      },
      {
        "model": "system m4 hd type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054600"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "flex system interconnect fabric",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.80"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.30"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.0"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "hunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "560"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10g vfsm for bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "power 795",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.740"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "systems insight manager update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.31"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "system management homepage 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.51"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x571430"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system idataplex dx360 m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x73210"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.21"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "cms r17 r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22279160"
      },
      {
        "model": "1:10g switch for bladecenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.10.0"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power system s822l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571450"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5504667"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.10"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5205587"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system idataplex dx360 m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x63800"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "ringmaster appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.60"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.19"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.5"
      },
      {
        "model": "ctpview 7.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "cognos controller interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.41"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bladecenter js22",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7998-61x)0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vgw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.5"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "business process manager advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.20"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.32"
      },
      {
        "model": "1:10g switch for bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "system m4 bd type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054660"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.19"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.15"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "openssh for gpfs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "src series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079460"
      },
      {
        "model": "iptv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "linux enterprise desktop sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325025830"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2.106"
      },
      {
        "model": "web security appliance 9.0.0 -fcs",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "systems insight manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079440"
      },
      {
        "model": "bladecenter js23",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x)0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "42000"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mint",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage 7.3.2.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "3"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571920"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14.20"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.760"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.7"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "84200"
      },
      {
        "model": "physical access gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079470"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "52056330"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571490"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3"
      },
      {
        "model": "1:10g switch for bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.80"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "bladecenter js43 with feature code",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x8446)0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.51"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x330073820"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "2"
      },
      {
        "model": "power system s824",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "ctp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7500"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1.730"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x363071580"
      },
      {
        "model": "power systems e880",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "ctpos 7.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.5"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "flex system p460 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-42x)0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.5"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "bladecenter t advanced management module 32r0835",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.801"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.10"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8734-"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.5"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.20"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.3"
      },
      {
        "model": "mobile wireless transport manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mate design",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24078630"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.61"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.143"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "business process manager advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087330"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.20"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24089560"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.90"
      },
      {
        "model": "powervu d9190 conditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.02"
      },
      {
        "model": "bladecenter js12 express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7998-60x)0"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.1.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.3"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.7"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x353071600"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0(4.29)"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "mate live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0-12"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.50"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "mobile security suite mss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1.104"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.6"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.7"
      },
      {
        "model": "nsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.20"
      },
      {
        "model": "cognos controller if3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.10"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.11"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.6"
      },
      {
        "model": "flex system p24l compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.4"
      },
      {
        "model": "power system s812l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.10"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.2"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.1"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pulse secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087180"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8731-"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.5"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "systems insight manager sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1.73"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "45000"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310054570"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "783.01"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1"
      },
      {
        "model": "system idataplex dx360 m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x73230"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x363073770"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.10"
      },
      {
        "model": "flex system interconnect fabric",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1841"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "cognos controller fp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.3"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.4"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.179"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079140"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.20"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.01"
      },
      {
        "model": "power systems 350.d0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087520"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.40"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.2"
      },
      {
        "model": "vds service broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "74.90"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.40"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x638370"
      },
      {
        "model": "flex system p260 compute node /fc efd9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.2"
      },
      {
        "model": "app for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5950"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "junos os 12.3x48-d10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054540"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "004.000(1233)"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2.10"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.841"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.7"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "ctpos 6.6r5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "junos os 13.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.103"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.3"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.01"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.52"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "550"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350078390"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5504965"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "53000"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.0.121"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.60"
      },
      {
        "model": "ios 15.5 s",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.7"
      },
      {
        "model": "prime performance manager for sps ppm sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.70"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.6"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.31"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x44079170"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.1.2"
      },
      {
        "model": "flex system p460 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-43x)0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "systems insight manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.8"
      },
      {
        "model": "dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79190"
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.750"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.5"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325054580"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.00"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.1"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "71942"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007553"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3572"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zc",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3572"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "130985"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2014-3572",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-3572",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3572",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3572",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3572"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007553"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3572"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. OpenSSL is prone to a security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04604357\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04604357\nVersion: 1\n\nHPSBGN03299 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent\nrunning OpenSSL, Remote Disclosure of Information, Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-03-19\nLast Updated: 2015-03-19\n\nPotential Security Impact: Remote disclosure of information, unauthorized\naccess\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP IceWall SSO\nDfw, SSO Certd, MCRP, and Federation Agent running OpenSSL including:\n\nThe SSL vulnerability known as \"FREAK\", which could be exploited remotely to\nallow disclosure of information. \nOther vulnerabilities which could be exploited remotely resulting in\nunauthorized access. \n\nReferences:\n\nCVE-2014-3570\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\nSSRT101987\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n  CVE-2014-3572 and CVE-2015-0204\n\n    HP IceWall MCRP Version 2.1 and 3.0\n    HP IceWall SSO Dfw Version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and Version 10.0\n    HP IceWall SSO Certd Version 8.0R3 with DB plugin patch 2 and Version\n10.0\n    HP IceWall Federation Agent Version 3.0\n\n  CVE-2014-3570 and CVE-2014-8275\n\n    HP IceWall MCRP v2.1, v3.0\n    HP IceWall SSO Dfw v8.0, v8.0 R1, v8.0 R2, v8.0 R3, and v10.0\n    HP IceWall SSO Agent v8.0 and v8.0 2007 Update Release 2\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3570    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\nCVE-2014-3572    (AV:N/AC:L/Au:N/C:N/I:P/A:N)       5.0\nCVE-2014-8275    (AV:N/AC:L/Au:N/C:N/I:P/A:N)       5.0\nCVE-2015-0204    (AV:N/AC:L/Au:N/C:N/I:P/A:N)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\n  HP recommends the following software updates and workaround instructions to\nresolve the vulnerabilities for HP IceWall SSO Dfw, SSO Certd, MCRP, and\nFederation Agent. IceWall SSO Dfw 10.0 and Certd 10.0, which are running on RHEL, could\nbe using either the OS bundled OpenSSL library or the OpenSSL bundled with HP\nIceWall. If still using the OpenSSL bundled with HP IceWall, please switch to\nthe OpenSSL library bundled with the OS, and then follow the instructions in\nstep 3. \n\n       Documents are available at the following location with instructions to\nswitch to the OS bundled OpenSSL library:\n\n       http://www.hp.com/jp/icewall_patchaccess\n\n    2. For IceWall SSO Dfw and Certd for SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3,\nand SSO Certd 8.0 R3 with DB plugin patch 2, which bundle OpenSSL, please\ndownload the updated OpenSSL at the following location:\n\n       http://www.hp.com/jp/icewall_patchaccess\n\n    3. For HP IceWall products running on RHEL and are using the OS bundled\nOpenSSL, RHEL has provided patch or mitigation instructions at the following\nlocation:\n\n       https://access.redhat.com/articles/1369543\n\n       Note: For RHEL6 (only) and CVE-2014-8275, please apply the RHEL6 patch\nfor OpenSSL from the following location:\n\n          https://access.redhat.com/security/cve/CVE-2014-8275\n\n    4. For IceWall products running on HP-UX which are using the OS bundled\nOpenSSL, please apply the HP-UX OpenSSL update from the following location:\n\n        https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?produ\nctNumber=OPENSSL11I\n\nWORKAROUND INSTRUCTIONS\n\n  HP recommends the following information to protect against potential risk\nfrom CVE-2014-3572 and CVE-2015-0204 for the following HP IceWall products. \n\n    HP IceWall SSO Dfw and MCRP\n\n      - If possible, do not use the SHOST setting which allows IceWall SSO\nDfw or MCRP to use SSL/TLS protocol to back-end web servers. \n\n      - If possible, do not use EXPORT-grade ciphers on the back-end web\nservers. \n\n    HP IceWall SSO Certd (version 10.0 and 8.0R3 applied DB plugin patch\nrelease 2)\n\n      - If possible, do not use the LDAPSSL setting which allows IceWall SSO\nCertd to connect to the LDAP server using SSL/TLS protocol. \n\n      - If possible, do not use EXPORT-grade ciphers on the LDAP server. \n\n    IceWall Federation Agent\n\n      - If possible, use \"bindings:HTTP-POST\" instead of\n\"bindings:HTTP-Artifact\" setting in the service provider meta file. The\n\"bindings:HTTP-POST\" setting would disable IWFA to use SSL for communicating\nwith IdP server. \n\nNote: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 19 March 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. \n \n The updated packages have been upgraded to the 1.0.0p version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n https://www.openssl.org/news/secadv_20150108.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 08baba1b5ee61bdd0bfbcf81d465f154  mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n 51198a2b577e182d10ad72d28b67288e  mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm\n aa34fd335001d83bc71810d6c0b14e85  mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n c8b6fdaba18364b315e78761a5aa0c1c  mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm\n fc67f3da9fcd1077128845ce85be93e2  mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm \n ab8f672de2bf2f0f412034f89624aa32  mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb\nLHbCdAkBpYHYSuaUwpiAu1w=\n=ePa9\n-----END PGP SIGNATURE-----\n. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. OpenSSL Security Advisory [08 Jan 2015]\n=======================================\n\nDTLS segmentation fault in dtls1_get_record (CVE-2014-3571)\n===========================================================\n\nSeverity: Moderate\n\nA carefully crafted DTLS message can cause a segmentation fault in OpenSSL due\nto a NULL pointer dereference. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of\nCisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL\ncore team. \n\nDTLS memory leak in dtls1_buffer_record (CVE-2015-0206)\n=======================================================\n\nSeverity: Moderate\n\nA memory leak can occur in the dtls1_buffer_record function under certain\nconditions. In particular this could occur if an attacker sent repeated DTLS\nrecords with the same sequence number but for the next epoch. The memory leak\ncould be exploited by an attacker in a Denial of Service attack through memory\nexhaustion. \n\nThis issue affects OpenSSL versions: 1.0.1 and 1.0.0. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also\nprovided an initial patch. Further analysis was performed by Matt Caswell of the\nOpenSSL development team, who also developed the final patch. \n\nno-ssl3 configuration sets method to NULL (CVE-2014-3569)\n=========================================================\n\nSeverity: Low\n\nWhen openssl is built with the no-ssl3 option and a SSL v3 ClientHello is\nreceived the ssl method would be set to NULL which could later result in\na NULL pointer dereference. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The\nfix was developed by Kurt Roeckx. \n\n\nECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)\n==========================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite\nusing an ECDSA certificate if the server key exchange message is omitted. This\neffectively removes forward secrecy from the ciphersuite. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nRSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n==============================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept the use of an RSA temporary key in a non-export\nRSA key exchange ciphersuite. A server could present a weak temporary key\nand downgrade the security of the session. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nDH client certificates accepted without verification [Server] (CVE-2015-0205)\n=============================================================================\n\nSeverity: Low\n\nAn OpenSSL server will accept a DH certificate for client authentication\nwithout the certificate verify message. This effectively allows a client\nto authenticate without the use of a private key. This only affects servers\nwhich trust a client certificate authority which issues certificates\ncontaining DH keys: these are extremely rare and hardly ever encountered. \n\nThis issue affects OpenSSL versions: 1.0.1 and 1.0.0. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nCertificate fingerprints can be modified (CVE-2014-8275)\n========================================================\n\nSeverity: Low\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. By modifying the contents of the\nsignature algorithm or the encoding of the signature, it is possible\nto change the certificate\u0027s fingerprint. \n\nThis does not allow an attacker to forge certificates, and does not\naffect certificate verification or OpenSSL servers/clients in any\nother way. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and\n0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nOne variant of this issue was discovered by Antti Karjalainen and\nTuomo Untinen from the Codenomicon CROSS program and reported to\nOpenSSL on 1st December 2014 by NCSC-FI Vulnerability\nCo-ordination. Another variant was independently reported to OpenSSL\non 12th December 2014 by Konrad Kraszewski from Google. Further\nanalysis was conducted and fixes were developed by Stephen Henson of\nthe OpenSSL core team. \n\nBignum squaring may produce incorrect results (CVE-2014-3570)\n=============================================================\n\nSeverity: Low\n\nBignum squaring (BN_sqr) may produce incorrect results on some\nplatforms, including x86_64. This bug occurs at random with a very\nlow probability, and is not known to be exploitable in any way, though\nits exact impact is difficult to determine. The following has been\ndetermined:\n\n*) The probability of BN_sqr producing an incorrect result at random\nis very low: 1/2^64 on the single affected 32-bit platform (MIPS) and\n1/2^128 on affected 64-bit platforms. \n*) On most platforms, RSA follows a different code path and RSA\noperations are not affected at all. For the remaining platforms\n(e.g. OpenSSL built without assembly support), pre-existing\ncountermeasures thwart bug attacks [1]. \n*) Static ECDH is theoretically affected: it is possible to construct\nelliptic curve points that would falsely appear to be on the given\ncurve. However, there is no known computationally feasible way to\nconstruct such points with low order, and so the security of static\nECDH private keys is believed to be unaffected. \n*) Other routines known to be theoretically affected are modular\nexponentiation, primality testing, DSA, RSA blinding, JPAKE and\nSRP. No exploits are known and straightforward bug attacks fail -\neither the attacker cannot control when the bug triggers, or no\nprivate key material is involved. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille\n(Blockstream) who also suggested an initial fix. Further analysis was\nconducted by the OpenSSL development team and Adam Langley of\nGoogle. The final fix was developed by Andy Polyakov of the OpenSSL\ncore team. \n\n[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf\n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150108.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2015:0066-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-0066.html\nIssue date:        2015-01-20\nUpdated on:        2015-01-21\nCVE Names:         CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n                   CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 \n                   CVE-2015-0206 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites\n1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record\n1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record\n1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3571\nhttps://access.redhat.com/security/cve/CVE-2014-3572\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0205\nhttps://access.redhat.com/security/cve/CVE-2015-0206\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X\nENFobdxQdJ+gVAiRe8Qf54A=\n=wyAg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3572"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007553"
      },
      {
        "db": "BID",
        "id": "71942"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3572"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "130985"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "129867"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3572",
        "trust": 3.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10679",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "71942",
        "trust": 1.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10102",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10108",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1033378",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU98974537",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91828320",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007553",
        "trust": 0.8
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3572",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133317",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130985",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133316",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130987",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129870",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133325",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129867",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130051",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3572"
      },
      {
        "db": "BID",
        "id": "71942"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007553"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "130985"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "129867"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3572"
      }
    ]
  },
  "id": "VAR-201501-0436",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.36198661599999993
  },
  "last_update_date": "2024-07-23T21:40:45.003000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
      },
      {
        "title": "HT204659",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht204659"
      },
      {
        "title": "HT204659",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht204659"
      },
      {
        "title": "cisco-sa-20150310-ssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
      },
      {
        "title": "ECDH downgrade bug fix.",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63"
      },
      {
        "title": "HPSBUX03244 SSRT101885",
        "trust": 0.8,
        "url": "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04556853\u0026lang=en\u0026cc=us"
      },
      {
        "title": "HPSBGN03299",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
      },
      {
        "title": "HPSBHF03289",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
      },
      {
        "title": "NV15-017",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html"
      },
      {
        "title": "ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150108.txt"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Oracle Third Party Bulletin - January 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "title": "RHSA-2015:0066",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0066.html"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "July 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
      },
      {
        "title": "April 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "cisco-sa-20150310-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html"
      },
      {
        "title": "TLSA-2015-2",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html"
      },
      {
        "title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "http://buffalo.jp/support_s/s20150327b.html"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150066 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2014-3572",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3572"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2459-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-469",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-469"
      },
      {
        "title": "Splunk Security Announcements: Splunk Enterprise versions 6.1.7, 6.0.8, and 5.0.12 address two vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=e17c368f43499efc420edc223af663db"
      },
      {
        "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
      },
      {
        "title": "Splunk Security Announcements: Splunk Enterprise 6.2.2 addresses two vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=d9c34d2680d213e5c9dae973a42328f1"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "JPN_RIC13351-2",
        "trust": 0.1,
        "url": "https://github.com/neominds/jpn_ric13351-2 "
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3572"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007553"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007553"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3572"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html"
      },
      {
        "trust": 1.1,
        "url": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/71942"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3125"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht204659"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa88"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1033378"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98974537/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91828320/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3572"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.5,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.5,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
      },
      {
        "trust": 0.3,
        "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.splunk.com/view/sp-caaanv8#announce1"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/feb/160"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857"
      },
      {
        "trust": 0.3,
        "url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101008182"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022575"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097733"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883287"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097504"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903726"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150"
      },
      {
        "trust": 0.3,
        "url": "http://www.splunk.com/view/sp-caaanxd"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699052"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699810"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-3572"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/310.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:0066"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2459-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/jp/icewall_patchaccess"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/1369543"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayinstallinfo.do?produ"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5409"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result\u0026doc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5413"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5410"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5411"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/insightupdates"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3572"
      },
      {
        "db": "BID",
        "id": "71942"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007553"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "130985"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "129867"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3572"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3572"
      },
      {
        "db": "BID",
        "id": "71942"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007553"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "130985"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "129867"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3572"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-01-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3572"
      },
      {
        "date": "2015-01-08T00:00:00",
        "db": "BID",
        "id": "71942"
      },
      {
        "date": "2015-01-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007553"
      },
      {
        "date": "2015-08-26T01:33:18",
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "date": "2015-03-24T17:03:36",
        "db": "PACKETSTORM",
        "id": "130985"
      },
      {
        "date": "2015-08-26T01:33:07",
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "date": "2015-03-24T17:05:09",
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "date": "2015-01-09T17:43:35",
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "date": "2015-08-26T01:35:08",
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "date": "2015-01-09T02:01:10",
        "db": "PACKETSTORM",
        "id": "129867"
      },
      {
        "date": "2015-01-22T01:35:41",
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "date": "2015-01-09T02:59:02.320000",
        "db": "NVD",
        "id": "CVE-2014-3572"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3572"
      },
      {
        "date": "2017-01-23T00:09:00",
        "db": "BID",
        "id": "71942"
      },
      {
        "date": "2016-08-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007553"
      },
      {
        "date": "2017-11-15T02:29:05.313000",
        "db": "NVD",
        "id": "CVE-2014-3572"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "71942"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  s3_clnt.c Inside  ssl3_get_key_exchange In function  ECDHE-to-ECDH Vulnerabilities that are subject to downgrade attacks",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007553"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "71942"
      }
    ],
    "trust": 0.3
  }
}

var-201408-0092
Vulnerability from variot

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. OpenSSL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL prior to 0.9.8zb, 1.0.0n, and 1.0.1i are vulnerable. - The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. Alternatively, you may reboot your system.

For the testing distribution (jessie), these problems will be fixed soon. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04426586

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04426586 Version: 1

HPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS) or Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-09-12 Last Updated: 2014-09-12

Potential Security Impact: Remote Denial of Service (DoS), disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL.

References:

CVE-2014-3505 - Remote Denial of Service (DoS) CVE-2014-3506 - Remote Denial of Service (DoS) CVE-2014-3507 - Remote Denial of Service (DoS) CVE-2014-3508 - Remote Disclosure of Information CVE-2014-3510 - Remote Denial of Service (DoS)

SSRT101686

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL Version 1.4-476 and earlier for OpenVMS

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-3505 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3506 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3507 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3510 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software update available to resolve the vulnerabilities with HP OpenVMS running OpenSSL. 

HP SSL Version 1.4-493 for OpenVMS is available from the following

location:

    http://h71000.www7.hp.com/openvms/products/ssl/ssl.html

HISTORY Version:1 (rev.1) - 12 September 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2014:1052-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1052.html Issue date: 2014-08-13 CVE Names: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.

A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code. (CVE-2014-3509)

It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3508)

A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. (CVE-2014-3511)

Multiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3510)

All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions 1127498 - CVE-2014-3509 openssl: race condition in ssl_parse_serverhello_tlsext 1127499 - CVE-2014-3505 openssl: DTLS packet processing double free 1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion 1127502 - CVE-2014-3507 openssl: DTLS memory leak from zero-length fragments 1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service 1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm

x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm

ppc64: openssl-1.0.1e-16.el6_5.15.ppc.rpm openssl-1.0.1e-16.el6_5.15.ppc64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.ppc.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm openssl-devel-1.0.1e-16.el6_5.15.ppc.rpm openssl-devel-1.0.1e-16.el6_5.15.ppc64.rpm

s390x: openssl-1.0.1e-16.el6_5.15.s390.rpm openssl-1.0.1e-16.el6_5.15.s390x.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.s390.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm openssl-devel-1.0.1e-16.el6_5.15.s390.rpm openssl-devel-1.0.1e-16.el6_5.15.s390x.rpm

x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm openssl-perl-1.0.1e-16.el6_5.15.ppc64.rpm openssl-static-1.0.1e-16.el6_5.15.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm openssl-perl-1.0.1e-16.el6_5.15.s390x.rpm openssl-static-1.0.1e-16.el6_5.15.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm

x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source: openssl-1.0.1e-16.el6_5.15.src.rpm

i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-34.el7_0.4.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-34.el7_0.4.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-34.el7_0.4.src.rpm

ppc64: openssl-1.0.1e-34.el7_0.4.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.4.ppc.rpm openssl-devel-1.0.1e-34.el7_0.4.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.4.ppc.rpm openssl-libs-1.0.1e-34.el7_0.4.ppc64.rpm

s390x: openssl-1.0.1e-34.el7_0.4.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm openssl-devel-1.0.1e-34.el7_0.4.s390.rpm openssl-devel-1.0.1e-34.el7_0.4.s390x.rpm openssl-libs-1.0.1e-34.el7_0.4.s390.rpm openssl-libs-1.0.1e-34.el7_0.4.s390x.rpm

x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.4.ppc64.rpm openssl-static-1.0.1e-34.el7_0.4.ppc.rpm openssl-static-1.0.1e-34.el7_0.4.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm openssl-perl-1.0.1e-34.el7_0.4.s390x.rpm openssl-static-1.0.1e-34.el7_0.4.s390.rpm openssl-static-1.0.1e-34.el7_0.4.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-34.el7_0.4.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2014-3505.html https://www.redhat.com/security/data/cve/CVE-2014-3506.html https://www.redhat.com/security/data/cve/CVE-2014-3507.html https://www.redhat.com/security/data/cve/CVE-2014-3508.html https://www.redhat.com/security/data/cve/CVE-2014-3509.html https://www.redhat.com/security/data/cve/CVE-2014-3510.html https://www.redhat.com/security/data/cve/CVE-2014-3511.html https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20140806.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFT69raXlSAg2UNWIIRAiQAAKCbp6Iou4mHuootBfgs0jm7zP/wWACgt50C pHXxupQnHYYH+zJFOmk5u8o= =DwUW -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

The updated packages have been upgraded to the 1.0.0n version where these security flaws has been fixed.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510 http://www.openssl.org/news/secadv_20140806.txt

Updated Packages:

Mandriva Business Server 1/X86_64: 17007f558e739eb863c8507d520ffbc9 mbs1/x86_64/lib64openssl1.0.0-1.0.0n-1.mbs1.x86_64.rpm f810bbe20b2de26cb99d13ddaf0ac2fa mbs1/x86_64/lib64openssl-devel-1.0.0n-1.mbs1.x86_64.rpm 54d87a61ca0440dc5f344931de1ff43e mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0n-1.mbs1.x86_64.rpm 5b1748370e5a855cc31d3eec7673da5e mbs1/x86_64/lib64openssl-static-devel-1.0.0n-1.mbs1.x86_64.rpm 7e19a555629b4a2d3d4533be7786ce5e mbs1/x86_64/openssl-1.0.0n-1.mbs1.x86_64.rpm a9e74f2bab2878f601cfb44620c76dbb mbs1/SRPMS/openssl-1.0.0n-1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFT5HsDmqjQ0CJFipgRAhA5AJ0ZoDe2+SA7K7xk+NZLedQBVoFVvgCffPW9 5geoq7aMnxbnw5eTuuH+iIs= =CK7e -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-39

                                        http://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 26, 2014 Bugs: #494816, #519264, #525468 ID: 201412-39

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 1.0.1 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j"

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.

References

[ 1 ] CVE-2013-6449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449 [ 2 ] CVE-2013-6450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450 [ 3 ] CVE-2014-3505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505 [ 4 ] CVE-2014-3506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506 [ 5 ] CVE-2014-3507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507 [ 6 ] CVE-2014-3509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509 [ 7 ] CVE-2014-3510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510 [ 8 ] CVE-2014-3511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511 [ 9 ] CVE-2014-3512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512 [ 10 ] CVE-2014-3513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513 [ 11 ] CVE-2014-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567 [ 12 ] CVE-2014-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568 [ 13 ] CVE-2014-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201412-39.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2308-1 August 07, 2014

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain applications, an attacker may use this issue to possibly gain access to sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.5

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.17

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.20

After a standard system update you need to reboot your computer to make all the necessary changes. Description:

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. Solution:

The References section of this erratum contains a download link (you must log in to download the update). OpenSSL Security Advisory [6 Aug 2014] ========================================

Information leak in pretty printing functions (CVE-2014-3508)

A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.

Thanks to Ivan Fratric (Google) for discovering this issue. This issue was reported to OpenSSL on 19th June 2014.

The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL development team. This can be exploited through a Denial of Service attack.

OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. This issue was reported to OpenSSL on 2nd July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. This issue was reported to OpenSSL on 8th July 2014.

The fix was developed by Gabor Tyukasz.

Double Free when processing DTLS packets (CVE-2014-3505)

An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack.

Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley. This can be exploited through a Denial of Service attack.

Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley. This can be exploited through a Denial of Service attack.

Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley.

OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack.

OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.

Thanks to Felix Gröbert (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 18th July 2014.

The fix was developed by Emilia Käsper of the OpenSSL development team.

OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.

Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 21st July 2014.

The fix was developed by David Benjamin.

SRP buffer overrun (CVE-2014-3512)

A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.

Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC Group) for discovering this issue. This issue was reported to OpenSSL on 31st July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20140806.txt

Note: the online version of the advisory may be updated with additional details over time

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0092",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8w"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8za"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8u"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8t"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8y"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "8.4-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "10.0-beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "-release-p2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.8"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "big-ip webaccelerator hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "one-x client enablement services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "8.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "9.2-release-p11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "big-ip edge clients for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7110"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "vios fp-25 sp-02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.4"
      },
      {
        "model": "9.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.3-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7530061.121.225.06100"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.2"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "7.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.4-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip asm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "7.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge gateway hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "idatplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "jboss web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2407863"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "idatplex dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79180"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x35007383"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "78450"
      },
      {
        "model": "release-p4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip edge clients for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7101"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "72250"
      },
      {
        "model": "10.0-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "9.1-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2207906"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "megaraid storage manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "15.03.01.00"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "hp-ux b.11.23 (11i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v2)"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip webaccelerator hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "big-ip edge clients for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "x7101"
      },
      {
        "model": "-release/alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "8.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.1"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "model": "9.2-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5"
      },
      {
        "model": "2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "78350"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "9.1--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "idatplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "6.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "9.3-beta3-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "72200"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "57350"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7556061.121.225.06100"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "9.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "-stablepre2001-07-20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5855072.060.134.32804"
      },
      {
        "model": "8.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "6.3-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "9.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.0"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x33007382"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "7.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "big-ip edge clients for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "x7110"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "7.0-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "9.0-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.3"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "78300"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x638370"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "big-ip ltm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "9.1-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "7.1-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.2"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "7.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75300"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "9.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7955"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "nextscale nx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54550"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "7.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.2x"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "7.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.0-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "8.4-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2408738"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5875072.060.134.32804"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "8.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75450"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0.x"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.3-rc",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "9.3-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "8.4-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.0-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9301072.180.134.32804"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.7"
      },
      {
        "model": "big-ip edge gateway hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "-pre-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager utility services sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.16.1.0.9.8"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079150"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75560"
      },
      {
        "model": "8.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "enterprise linux load balancer eus 6.5.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "9.2-rc2-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "58750"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.2-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x35507914"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.1"
      },
      {
        "model": "8.3-release-p15",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge clients for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "x6500"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "9.1-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "9.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.3"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.5"
      },
      {
        "model": "7.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.2-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.3x"
      },
      {
        "model": "9.3-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4.0.15"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "8.3-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "-stablepre2002-03-07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087330"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.2"
      },
      {
        "model": "8.3-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.6.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "7.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.3"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "8.3-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.2-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "7.3-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "6.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand workflow automation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "oncommand unified manager core package 5.2.1p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "89000"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "8.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "7.4-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "big-ip edge gateway hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "8.3-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2202585"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "10.0-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "9.1-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "9.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.21"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75250"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "open systems snapvault 3.0.1p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.5"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7525061.121.225.06100"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.1"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-release-p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "9.3-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge gateway hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7835072.010.134.32804"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.5.0.15"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "8-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2227916"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "-release-p6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "8.4-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "8.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "8.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "7.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "8.4-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "-release-p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2-"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip wom hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "9.1-release-p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip analytics 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "10.0-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "7.3-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.4x"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0.x"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "7.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.3"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "10.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "hp-ux b.11.11 (11i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v1)"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.3"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.4"
      },
      {
        "model": "6.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x8804259"
      },
      {
        "model": "10.0-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge gateway hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.1-release-p15",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-493"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.21"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "7.0-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1.5.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x37508752"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "8700072.161.134.32804"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.3"
      },
      {
        "model": "8.2-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.3-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "8.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "6.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "9.2-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5x"
      },
      {
        "model": "8.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "-release-p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release-p32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "7.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x36307158"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "workcentre",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5745061.132.224.35203"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7830072.010.134.32804"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.0-release-p8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "93020"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "puredata system for operational analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "8.1-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "bladecenter advanced management module 3.66g",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip edge clients for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6500"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "8.4-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "58550"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "8900072.161.134.32804"
      },
      {
        "model": "9.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.1x"
      },
      {
        "model": "9.3-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2408737"
      },
      {
        "model": "9.0--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "9.2-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.2"
      },
      {
        "model": "7.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0.x"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9302072.180.134.32804"
      },
      {
        "model": "9.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "3655072.060.134.32804"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "release -p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2-"
      },
      {
        "model": "8.4-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.1-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "57550"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "9.3-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tivoli netcool system service monitor fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2x"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "7.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.0"
      },
      {
        "model": "9.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge clients for apple ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "big-ip edge clients for apple ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0.2"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "8-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "7.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "8.2-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x32502583"
      },
      {
        "model": "9.2-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "-release-p38",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.15"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "93030"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.4"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "workcentre",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5755061.132.224.35203"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.2"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip edge clients for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0.5"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "8.4-release-p15",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.4-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip edge clients for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7080"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7225072.030.134.32804"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x31002582"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "6.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1.5"
      },
      {
        "model": "9.2-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge clients for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0.4"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.4"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "58450"
      },
      {
        "model": "10.0-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.6"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5845072.060.134.32804"
      },
      {
        "model": "8.4-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.21"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1x"
      },
      {
        "model": "9.3-release-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "8.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "8.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tssc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.16"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.1"
      },
      {
        "model": "workcentre",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5740061.132.224.35203"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "57450"
      },
      {
        "model": "8.1-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.5"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "big-ip psm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.7.1"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "87000"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "9.1-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310054570"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1"
      },
      {
        "model": "system m4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x35307160"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.2"
      },
      {
        "model": "9.2-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6.1"
      },
      {
        "model": "7.2-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "big-ip edge clients for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7110"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "9.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "big-ip edge clients for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6500"
      },
      {
        "model": "7.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "flashsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8400"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "36550"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "release p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.3--"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7535061.121.225.06100"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "9.1-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.1-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release-p10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087180"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "66550"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.3-beta1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "cms r17ac.g",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "78550"
      },
      {
        "model": "idatplex dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79190"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.3"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x638370"
      },
      {
        "model": "10.0-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "57400"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "10.0-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "hp-ux b.11.31 (11i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v3)"
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x2408956"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8731"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "93010"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "big-ip edge clients for apple ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.0.6"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x8807903"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "9.2-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "8.4-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge clients for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7101"
      },
      {
        "model": "big-ip analytics hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "system m4 hd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x36305466"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "-release-p17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "7.0-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "9.1-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7845072.040.134.32804"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.0.9.8"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7545061.121.225.06100"
      },
      {
        "model": "10.0-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "flex system compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x4407917"
      },
      {
        "model": "flashsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v8400"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system m4 hd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x36505460"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087220"
      },
      {
        "model": "big-ip edge clients for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "x7080"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8734"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "model": "storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "79700"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "9.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip edge clients for apple ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7970072.200.134.32804"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "75350"
      },
      {
        "model": "big-ip edge clients for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7080"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7220072.030.134.32804"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "cms r17ac.h",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "colorqube r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9303072.180.134.32804"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "big-ip edge clients for apple ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.0.5"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "workcentre",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5735061.132.224.35203"
      },
      {
        "model": "big-ip edge gateway hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "9.2-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "8.2-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325054580"
      },
      {
        "model": "-release-p42",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "big-ip edge gateway hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7855072.040.134.32804"
      },
      {
        "model": "workcentre r14-11 spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "6655072.060.134.32804"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "6.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "6.4-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "69082"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-130"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3510"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3510"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Felix Gr\u0026amp;amp;ouml;bert",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-130"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2014-3510",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-3510",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3510",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201408-130",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3510",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3510"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-130"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3510"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. OpenSSL is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. \nOpenSSL prior to 0.9.8zb, 1.0.0n, and 1.0.1i are vulnerable. \n  - The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely\nresulting in disclosure of information. Alternatively, you may reboot your system. \n\nFor the testing distribution (jessie), these problems will be fixed\nsoon. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04426586\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04426586\nVersion: 1\n\nHPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service\n(DoS) or Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-09-12\nLast Updated: 2014-09-12\n\nPotential Security Impact: Remote Denial of Service (DoS), disclosure of\ninformation\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP OpenVMS\nrunning OpenSSL. \n\nReferences:\n\nCVE-2014-3505 - Remote Denial of Service (DoS)\nCVE-2014-3506 - Remote Denial of Service (DoS)\nCVE-2014-3507 - Remote Denial of Service (DoS)\nCVE-2014-3508 - Remote Disclosure of Information\nCVE-2014-3510 - Remote Denial of Service (DoS)\n\nSSRT101686\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL Version 1.4-476 and earlier for OpenVMS\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3505    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3506    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3507    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3508    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-3510    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software update available to resolve the\nvulnerabilities with HP OpenVMS running OpenSSL. \n\n    HP SSL Version 1.4-493 for OpenVMS is available from the following\nlocation:\n\n        http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\nHISTORY\nVersion:1 (rev.1) - 12 September 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2014:1052-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-1052.html\nIssue date:        2014-08-13\nCVE Names:         CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 \n                   CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 \n                   CVE-2014-3511 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets. \nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets. \nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions\n1127498 - CVE-2014-3509 openssl: race condition in ssl_parse_serverhello_tlsext\n1127499 - CVE-2014-3505 openssl: DTLS packet processing double free\n1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion\n1127502 - CVE-2014-3507 openssl: DTLS memory leak from zero-length fragments\n1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service\n1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\n\nppc64:\nopenssl-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-static-1.0.1e-16.el6_5.15.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.4.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.4.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-3505.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3506.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3507.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3508.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3509.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3510.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3511.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20140806.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFT69raXlSAg2UNWIIRAiQAAKCbp6Iou4mHuootBfgs0jm7zP/wWACgt50C\npHXxupQnHYYH+zJFOmk5u8o=\n=DwUW\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n \n The updated packages have been upgraded to the 1.0.0n version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n http://www.openssl.org/news/secadv_20140806.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 17007f558e739eb863c8507d520ffbc9  mbs1/x86_64/lib64openssl1.0.0-1.0.0n-1.mbs1.x86_64.rpm\n f810bbe20b2de26cb99d13ddaf0ac2fa  mbs1/x86_64/lib64openssl-devel-1.0.0n-1.mbs1.x86_64.rpm\n 54d87a61ca0440dc5f344931de1ff43e  mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0n-1.mbs1.x86_64.rpm\n 5b1748370e5a855cc31d3eec7673da5e  mbs1/x86_64/lib64openssl-static-devel-1.0.0n-1.mbs1.x86_64.rpm\n 7e19a555629b4a2d3d4533be7786ce5e  mbs1/x86_64/openssl-1.0.0n-1.mbs1.x86_64.rpm \n a9e74f2bab2878f601cfb44620c76dbb  mbs1/SRPMS/openssl-1.0.0n-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFT5HsDmqjQ0CJFipgRAhA5AJ0ZoDe2+SA7K7xk+NZLedQBVoFVvgCffPW9\n5geoq7aMnxbnw5eTuuH+iIs=\n=CK7e\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201412-39\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 26, 2014\n     Bugs: #494816, #519264, #525468\n       ID: 201412-39\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\ncould result in Denial of Service or Man-in-the-Middle attacks. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1j\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p2\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying these packages. \n\nReferences\n==========\n\n[  1 ] CVE-2013-6449\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449\n[  2 ] CVE-2013-6450\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450\n[  3 ] CVE-2014-3505\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505\n[  4 ] CVE-2014-3506\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506\n[  5 ] CVE-2014-3507\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507\n[  6 ] CVE-2014-3509\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509\n[  7 ] CVE-2014-3510\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510\n[  8 ] CVE-2014-3511\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511\n[  9 ] CVE-2014-3512\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512\n[ 10 ] CVE-2014-3513\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513\n[ 11 ] CVE-2014-3567\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567\n[ 12 ] CVE-2014-3568\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568\n[ 13 ] CVE-2014-5139\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-39.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2308-1\nAugust 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access to\nsensitive information. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-5139)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.17\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.20\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). OpenSSL Security Advisory [6 Aug 2014]\n========================================\n\nInformation leak in pretty printing functions (CVE-2014-3508)\n=============================================================\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information from the\nstack. Applications may be affected if they echo pretty printing output to the\nattacker. OpenSSL SSL/TLS clients and servers themselves are not affected. \n\nThanks to Ivan Fratric (Google) for discovering this issue. This issue\nwas reported to OpenSSL on 19th June 2014. \n\nThe fix was developed by Emilia K\u00e4sper and Stephen Henson of the OpenSSL\ndevelopment team. This can\nbe exploited through a Denial of Service attack. \n\nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Joonas Kuorilehto and Riku Hietam\u00e4ki (Codenomicon) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 2nd July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this\nissue. This issue was reported to OpenSSL on 8th July 2014. \n\nThe fix was developed by Gabor Tyukasz. \n\n\nDouble Free when processing DTLS packets (CVE-2014-3505)\n========================================================\n\nAn attacker can force an error condition which causes openssl to crash whilst\nprocessing DTLS packets due to memory being freed twice. This can be exploited\nthrough a Denial of Service attack. \n\nThanks to Adam Langley and Wan-Teh Chang (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 6th June\n2014. \n\nThe fix was developed by Adam Langley. This can be exploited through a Denial of\nService attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. This can be exploited through a Denial of Service attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\nOpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n===============================================================\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a\ndenial of service attack. \n\nOpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i. \n\nThanks to Felix Gr\u00f6bert (Google) for discovering and researching this issue. \nThis issue was reported to OpenSSL on 18th July 2014. \n\nThe fix was developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nOpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i. \n\nThanks to David Benjamin and Adam Langley (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 21st July 2014. \n\nThe fix was developed by David Benjamin. \n\n\nSRP buffer overrun (CVE-2014-3512)\n==================================\n\nA malicious client or server can send invalid SRP parameters and overrun\nan internal buffer. Only applications which are explicitly set up for SRP\nuse are affected. \n\nThanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC\nGroup) for discovering this issue. This issue was reported to OpenSSL\non 31st July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3510"
      },
      {
        "db": "BID",
        "id": "69082"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3510"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "127861"
      },
      {
        "db": "PACKETSTORM",
        "id": "127869"
      },
      {
        "db": "PACKETSTORM",
        "id": "128387"
      },
      {
        "db": "PACKETSTORM",
        "id": "127799"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "128297"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3510",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "69082",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "61250",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59710",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60687",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61184",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60938",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60684",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61775",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60493",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59221",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60221",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59743",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60778",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61045",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61017",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59756",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60921",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61959",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60917",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59700",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60803",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60824",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61100",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60022",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58962",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030693",
        "trust": 1.1
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-24443",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-130",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3510",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130868",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128248",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127861",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127869",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128387",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127799",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129721",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127790",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128297",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169648",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3510"
      },
      {
        "db": "BID",
        "id": "69082"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "127861"
      },
      {
        "db": "PACKETSTORM",
        "id": "127869"
      },
      {
        "db": "PACKETSTORM",
        "id": "128387"
      },
      {
        "db": "PACKETSTORM",
        "id": "127799"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "128297"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-130"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3510"
      }
    ]
  },
  "id": "VAR-201408-0092",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44374704200000004
  },
  "last_update_date": "2024-07-22T22:08:01.982000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl-1.0.0n",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51695"
      },
      {
        "title": "openssl-0.9.8zb",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51694"
      },
      {
        "title": "openssl-1.0.1i",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51696"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2308-1"
      },
      {
        "title": "Debian Security Advisories: DSA-2998-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=bfd576c692d8814b2a331baf29ad367c"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-391",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-391"
      },
      {
        "title": "Symantec Security Advisories: SA85 : OpenSSL Security Advisory 06-Aug-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=02a206cf2efb06aecdaf29aeca851b55"
      },
      {
        "title": "oval",
        "trust": 0.1,
        "url": "https://github.com/jumanjihouse/oval "
      },
      {
        "title": "wormhole",
        "trust": 0.1,
        "url": "https://github.com/jumanjihouse/wormhole "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/hrbrmstr/internetdb "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3510"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-130"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3510"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://www.openssl.org/news/secadv_20140806.txt"
      },
      {
        "trust": 1.5,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1256.html"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "trust": 1.4,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:18.openssl.asc"
      },
      {
        "trust": 1.4,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127503"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1297.html"
      },
      {
        "trust": 1.2,
        "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/69082"
      },
      {
        "trust": 1.1,
        "url": "http://linux.oracle.com/errata/elsa-2014-1053.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60687"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59221"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60824"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60917"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60938"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60921"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2014/dsa-2998"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61775"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61959"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59756"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030693"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:158"
      },
      {
        "trust": 1.1,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61250"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61184"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61100"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61045"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61017"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60803"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60778"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60684"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60493"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60221"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60022"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59743"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59710"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59700"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/58962"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
      },
      {
        "trust": 1.1,
        "url": "http://linux.oracle.com/errata/elsa-2014-1052.html"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95164"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=17160033765480453be0a41335fa6b833691c049"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/solutions/len-24443"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512"
      },
      {
        "trust": 0.4,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1052.html"
      },
      {
        "trust": 0.4,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1054.html"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3505.html"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3506.html"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3508.html"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3510.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684444"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684903"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004917"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004931"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004872"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/mar/84"
      },
      {
        "trust": 0.3,
        "url": "aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100182969"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04426586"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04404655"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684570"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2b8d8-513128526dd97/cert_security_mini-_bulletin_xrx15m_for_wc75xx_v1_1.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2a20e-5105457a515cc/cert_security_mini-_bulletin_xrx15e_for_wc57xx_v1_0.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2deee-50da9c14daae3/cert_mini_security_bulletin_xrx15a_v1-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2df3c-51055b159fd50/cert_security_mini_bulletin_xrx15f_for_connectkey_1.5_v1-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685467"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098196"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097658"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100182784"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684913"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683389"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097903"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098585"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686182"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685967"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096510"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966557"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.2,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3509.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3507.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3511.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2308-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.3"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6450"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6449"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6450"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5139"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3507"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6449"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2308-1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.1.0"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3510"
      },
      {
        "db": "BID",
        "id": "69082"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "127861"
      },
      {
        "db": "PACKETSTORM",
        "id": "127869"
      },
      {
        "db": "PACKETSTORM",
        "id": "128387"
      },
      {
        "db": "PACKETSTORM",
        "id": "127799"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "128297"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-130"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3510"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3510"
      },
      {
        "db": "BID",
        "id": "69082"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "db": "PACKETSTORM",
        "id": "127861"
      },
      {
        "db": "PACKETSTORM",
        "id": "127869"
      },
      {
        "db": "PACKETSTORM",
        "id": "128387"
      },
      {
        "db": "PACKETSTORM",
        "id": "127799"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "PACKETSTORM",
        "id": "128297"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-130"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3510"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-08-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3510"
      },
      {
        "date": "2014-08-06T00:00:00",
        "db": "BID",
        "id": "69082"
      },
      {
        "date": "2015-03-18T00:44:34",
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "date": "2014-08-08T21:50:05",
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "date": "2014-09-15T17:53:34",
        "db": "PACKETSTORM",
        "id": "128248"
      },
      {
        "date": "2014-08-14T02:24:57",
        "db": "PACKETSTORM",
        "id": "127861"
      },
      {
        "date": "2014-08-14T22:49:56",
        "db": "PACKETSTORM",
        "id": "127869"
      },
      {
        "date": "2014-09-25T00:05:16",
        "db": "PACKETSTORM",
        "id": "128387"
      },
      {
        "date": "2014-08-08T21:48:03",
        "db": "PACKETSTORM",
        "id": "127799"
      },
      {
        "date": "2014-12-26T15:46:37",
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "date": "2014-08-08T21:44:17",
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "date": "2014-09-17T20:46:27",
        "db": "PACKETSTORM",
        "id": "128297"
      },
      {
        "date": "2014-08-06T12:12:12",
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "date": "2014-08-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201408-130"
      },
      {
        "date": "2014-08-13T23:55:07.577000",
        "db": "NVD",
        "id": "CVE-2014-3510"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3510"
      },
      {
        "date": "2016-07-26T23:01:00",
        "db": "BID",
        "id": "69082"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201408-130"
      },
      {
        "date": "2023-11-07T02:20:10.593000",
        "db": "NVD",
        "id": "CVE-2014-3510"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127790"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-130"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-130"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "69082"
      }
    ],
    "trust": 0.3
  }
}

var-201810-0933
Vulnerability from variot

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). OpenSSL is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text.

For the stable distribution (stretch), these problems have been fixed in version 1.1.0j-1~deb9u1. Going forward, openssl security updates for stretch will be based on the 1.1.0x upstream releases.

For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8 TjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6 Udto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj 45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ VXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2 Dwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx /qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn q+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/ u8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM 9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT 7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61 P2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Low: openssl security, bug fix, and enhancement update Advisory ID: RHSA-2019:3700-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3700 Issue date: 2019-11-05 CVE Names: CVE-2018-0734 CVE-2018-0735 CVE-2019-1543 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

The following packages have been upgraded to a later upstream version: openssl (1.1.1c).

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1644356 - CVE-2018-0735 openssl: timing side channel attack in the ECDSA signature generation 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1668880 - ec man page lists -modulus but the tool doesn't support it 1686058 - specifying digest for signing time-stamping responses is mandatory 1686548 - Incorrect handling of fragmented KeyUpdate messages 1695954 - CVE-2019-1543 openssl: ChaCha20-Poly1305 with long nonces 1697915 - Race/segmentation fault on process shutdown in OpenSSL 1706104 - openssl asn1parse crashes with double free or corruption (!prev) 1706915 - OpenSSL should implement continuous random test or use the kernel AF_ALG interface for random 1712023 - openssl pkcs12 uses certpbe algorithm not compliant with FIPS by default 1714245 - DSA ciphers in TLS don't work with SHA-1 signatures even in LEGACY level

  1. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source: openssl-1.1.1c-2.el8.src.rpm

aarch64: openssl-1.1.1c-2.el8.aarch64.rpm openssl-debuginfo-1.1.1c-2.el8.aarch64.rpm openssl-debugsource-1.1.1c-2.el8.aarch64.rpm openssl-devel-1.1.1c-2.el8.aarch64.rpm openssl-libs-1.1.1c-2.el8.aarch64.rpm openssl-libs-debuginfo-1.1.1c-2.el8.aarch64.rpm openssl-perl-1.1.1c-2.el8.aarch64.rpm

ppc64le: openssl-1.1.1c-2.el8.ppc64le.rpm openssl-debuginfo-1.1.1c-2.el8.ppc64le.rpm openssl-debugsource-1.1.1c-2.el8.ppc64le.rpm openssl-devel-1.1.1c-2.el8.ppc64le.rpm openssl-libs-1.1.1c-2.el8.ppc64le.rpm openssl-libs-debuginfo-1.1.1c-2.el8.ppc64le.rpm openssl-perl-1.1.1c-2.el8.ppc64le.rpm

s390x: openssl-1.1.1c-2.el8.s390x.rpm openssl-debuginfo-1.1.1c-2.el8.s390x.rpm openssl-debugsource-1.1.1c-2.el8.s390x.rpm openssl-devel-1.1.1c-2.el8.s390x.rpm openssl-libs-1.1.1c-2.el8.s390x.rpm openssl-libs-debuginfo-1.1.1c-2.el8.s390x.rpm openssl-perl-1.1.1c-2.el8.s390x.rpm

x86_64: openssl-1.1.1c-2.el8.x86_64.rpm openssl-debuginfo-1.1.1c-2.el8.i686.rpm openssl-debuginfo-1.1.1c-2.el8.x86_64.rpm openssl-debugsource-1.1.1c-2.el8.i686.rpm openssl-debugsource-1.1.1c-2.el8.x86_64.rpm openssl-devel-1.1.1c-2.el8.i686.rpm openssl-devel-1.1.1c-2.el8.x86_64.rpm openssl-libs-1.1.1c-2.el8.i686.rpm openssl-libs-1.1.1c-2.el8.x86_64.rpm openssl-libs-debuginfo-1.1.1c-2.el8.i686.rpm openssl-libs-debuginfo-1.1.1c-2.el8.x86_64.rpm openssl-perl-1.1.1c-2.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2018-0734 https://access.redhat.com/security/cve/CVE-2018-0735 https://access.redhat.com/security/cve/CVE-2019-1543 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXcHzTdzjgjWX9erEAQjP6w/8D4eIfwgPbpKXdy3Y2kjmKhb9faqBJvHm eqpG5tewJQBtRAPm/R7SesrMVKGUEDAuiSKydQlQn8nuRIWDsKw14+uLRN7AyTQ3 jXy0pnp+C7O1hyJnwNEiXo9ZgUaXMMXLGyTk8v9gnzA/HYpZX1c4g4FXHf0ycBi/ thxllEiJx6CrEO3pszYzu1Lt9GFMOAJPvwbiW0S7mVmsNCI4n+5OfeNzmURXdObs 89/XCFrQO3CDAh3SXCZa08Ie8px7Aq8slmNWOswhlqIYkUWGUbICIpqW1+4XyAqz hVP8iqTY7TRwBPB0zoqmO5cxMY+jqMk/LphG+oTOF+ZA7YZH3bjDxJisCOr+ys+i WnTYAl1KFBqo5uhH4dBzNH2EE5PeiwKNKqu6Wws1qOblTFXb3AYSHsqLv6VB0m1B MXcUXrjSMwelSVAgK1eekJsYqCr3lT1+N8cA8P/sgT/DzGTNJhcoCE/OeJCUVBZL uGhke48CUs3GvXCKP0+PDpINRRllGwVqkkCQ7LtsXoB0hGaaGt+CNCd3aQj8rf02 mPi2Vab7CjBLUn1QGiNigLF4X4rKZlxiBcHDByyHdeCW+zHvGod7ksmJKXmHujvY pdg6toj/our0hhQp2dPTXFPKFtkO7GIIe19i+OZ6Rn0niVxSQbshiXyFFsvgZN0F 82vSbeKouJA= =mdzd -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3840-1 December 06, 2018

openssl, openssl1.0 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in OpenSSL. (CVE-2018-0734)

Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)

Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading (SMT) architectures are vulnerable to side-channel leakage. This issue is known as "PortSmash". (CVE-2018-5407)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10: libssl1.0.0 1.0.2n-1ubuntu6.1 libssl1.1 1.1.1-1ubuntu2.1

Ubuntu 18.04 LTS: libssl1.0.0 1.0.2n-1ubuntu5.2 libssl1.1 1.1.0g-2ubuntu4.3

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.14

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.27

After a standard system update you need to reboot your computer to make all the necessary changes.

Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.1 or 1.1.0 at this time. The fix is also available in commit b1d6d55ece (for 1.1.1) and commit 56fb454d28 (for 1.1.0) in the OpenSSL git repository.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20181029.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0933",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "openssl",
        "version": "1.1.1"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.0.1"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.3.3"
      },
      {
        "model": "santricity smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0i"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.13"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.8"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.7"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.12.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.0.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.0.5.0"
      },
      {
        "model": "cloud backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "tuxedo",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.1.0.0"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.6.42"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.1"
      },
      {
        "model": "cn1610",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.2.24"
      },
      {
        "model": "element software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "11.0.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.10"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "11.3.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.57"
      },
      {
        "model": "mysql",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.2.0.0.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "oncommand unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "*"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.0.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "snapdrive",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "0.9.8"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.24"
      },
      {
        "model": "steelstore",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.0.0"
      },
      {
        "model": "node.js",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.13.0"
      },
      {
        "model": "oncommand unified manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "9.4"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3.0.0.0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.4"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.56"
      },
      {
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "cn1610",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "cloud backup",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "oncommand unified manager core package",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "santricity smi-s provider",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "steelstore cloud integrated storage",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "node.js",
        "scope": null,
        "trust": 0.8,
        "vendor": "node js",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0 to  1.1.0i"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.1"
      },
      {
        "model": "project openssl 1.1.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.1.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.1.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.1.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.1.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.1.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.1.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.1.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.1.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "105750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014030"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0735"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.1.0i",
                "versionStartIncluding": "1.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:10.13.0:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3.0",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.12.0",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
                "cpe_name": [],
                "versionStartIncluding": "9.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "17.12",
                "versionStartIncluding": "17.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.7.24",
                "versionStartIncluding": "5.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.13",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.42",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.2.24",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0735"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Samuel Weiser.",
    "sources": [
      {
        "db": "BID",
        "id": "105750"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0735",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-0735",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-118937",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-0735",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-0735",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201810-1395",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118937",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-0735",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118937"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0735"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014030"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0735"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1395"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). OpenSSL is prone to a local information-disclosure vulnerability. \nLocal attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.0j-1~deb9u1. Going forward, openssl security updates for\nstretch will be based on the 1.1.0x upstream releases. \n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8\nTjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6\nUdto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj\n45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ\nVXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2\nDwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx\n/qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn\nq+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/\nu8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM\n9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT\n7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61\nP2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Low: openssl security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2019:3700-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:3700\nIssue date:        2019-11-05\nCVE Names:         CVE-2018-0734 CVE-2018-0735 CVE-2019-1543 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nThe following packages have been upgraded to a later upstream version:\nopenssl (1.1.1c). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1644356 - CVE-2018-0735 openssl: timing side channel attack in the ECDSA signature generation\n1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm\n1668880 - ec man page lists -modulus but the tool doesn\u0027t support it\n1686058 - specifying digest for signing time-stamping responses is mandatory\n1686548 - Incorrect handling of fragmented KeyUpdate messages\n1695954 - CVE-2019-1543 openssl: ChaCha20-Poly1305 with long nonces\n1697915 - Race/segmentation fault on process shutdown in OpenSSL\n1706104 - openssl asn1parse crashes with double free or corruption (!prev)\n1706915 - OpenSSL should implement continuous random test or use the kernel AF_ALG interface for random\n1712023 - openssl pkcs12 uses certpbe algorithm not compliant with FIPS by default\n1714245 - DSA ciphers in TLS don\u0027t work with SHA-1 signatures even in LEGACY level\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nopenssl-1.1.1c-2.el8.src.rpm\n\naarch64:\nopenssl-1.1.1c-2.el8.aarch64.rpm\nopenssl-debuginfo-1.1.1c-2.el8.aarch64.rpm\nopenssl-debugsource-1.1.1c-2.el8.aarch64.rpm\nopenssl-devel-1.1.1c-2.el8.aarch64.rpm\nopenssl-libs-1.1.1c-2.el8.aarch64.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.aarch64.rpm\nopenssl-perl-1.1.1c-2.el8.aarch64.rpm\n\nppc64le:\nopenssl-1.1.1c-2.el8.ppc64le.rpm\nopenssl-debuginfo-1.1.1c-2.el8.ppc64le.rpm\nopenssl-debugsource-1.1.1c-2.el8.ppc64le.rpm\nopenssl-devel-1.1.1c-2.el8.ppc64le.rpm\nopenssl-libs-1.1.1c-2.el8.ppc64le.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.ppc64le.rpm\nopenssl-perl-1.1.1c-2.el8.ppc64le.rpm\n\ns390x:\nopenssl-1.1.1c-2.el8.s390x.rpm\nopenssl-debuginfo-1.1.1c-2.el8.s390x.rpm\nopenssl-debugsource-1.1.1c-2.el8.s390x.rpm\nopenssl-devel-1.1.1c-2.el8.s390x.rpm\nopenssl-libs-1.1.1c-2.el8.s390x.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.s390x.rpm\nopenssl-perl-1.1.1c-2.el8.s390x.rpm\n\nx86_64:\nopenssl-1.1.1c-2.el8.x86_64.rpm\nopenssl-debuginfo-1.1.1c-2.el8.i686.rpm\nopenssl-debuginfo-1.1.1c-2.el8.x86_64.rpm\nopenssl-debugsource-1.1.1c-2.el8.i686.rpm\nopenssl-debugsource-1.1.1c-2.el8.x86_64.rpm\nopenssl-devel-1.1.1c-2.el8.i686.rpm\nopenssl-devel-1.1.1c-2.el8.x86_64.rpm\nopenssl-libs-1.1.1c-2.el8.i686.rpm\nopenssl-libs-1.1.1c-2.el8.x86_64.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.i686.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.x86_64.rpm\nopenssl-perl-1.1.1c-2.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0734\nhttps://access.redhat.com/security/cve/CVE-2018-0735\nhttps://access.redhat.com/security/cve/CVE-2019-1543\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXcHzTdzjgjWX9erEAQjP6w/8D4eIfwgPbpKXdy3Y2kjmKhb9faqBJvHm\neqpG5tewJQBtRAPm/R7SesrMVKGUEDAuiSKydQlQn8nuRIWDsKw14+uLRN7AyTQ3\njXy0pnp+C7O1hyJnwNEiXo9ZgUaXMMXLGyTk8v9gnzA/HYpZX1c4g4FXHf0ycBi/\nthxllEiJx6CrEO3pszYzu1Lt9GFMOAJPvwbiW0S7mVmsNCI4n+5OfeNzmURXdObs\n89/XCFrQO3CDAh3SXCZa08Ie8px7Aq8slmNWOswhlqIYkUWGUbICIpqW1+4XyAqz\nhVP8iqTY7TRwBPB0zoqmO5cxMY+jqMk/LphG+oTOF+ZA7YZH3bjDxJisCOr+ys+i\nWnTYAl1KFBqo5uhH4dBzNH2EE5PeiwKNKqu6Wws1qOblTFXb3AYSHsqLv6VB0m1B\nMXcUXrjSMwelSVAgK1eekJsYqCr3lT1+N8cA8P/sgT/DzGTNJhcoCE/OeJCUVBZL\nuGhke48CUs3GvXCKP0+PDpINRRllGwVqkkCQ7LtsXoB0hGaaGt+CNCd3aQj8rf02\nmPi2Vab7CjBLUn1QGiNigLF4X4rKZlxiBcHDByyHdeCW+zHvGod7ksmJKXmHujvY\npdg6toj/our0hhQp2dPTXFPKFtkO7GIIe19i+OZ6Rn0niVxSQbshiXyFFsvgZN0F\n82vSbeKouJA=\n=mdzd\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-3840-1\nDecember 06, 2018\n\nopenssl, openssl1.0 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. This issue only affected Ubuntu\n18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)\n\nBilly Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri,\nand Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading\n(SMT) architectures are vulnerable to side-channel leakage. This issue is\nknown as \"PortSmash\". (CVE-2018-5407)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n  libssl1.0.0                     1.0.2n-1ubuntu6.1\n  libssl1.1                       1.1.1-1ubuntu2.1\n\nUbuntu 18.04 LTS:\n  libssl1.0.0                     1.0.2n-1ubuntu5.2\n  libssl1.1                       1.1.0g-2ubuntu4.3\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.14\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.27\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nDue to the low severity of this issue we are not issuing a new release\nof OpenSSL 1.1.1 or 1.1.0 at this time. The fix\nis also available in commit b1d6d55ece (for 1.1.1) and commit 56fb454d28\n(for 1.1.0) in the OpenSSL git repository. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20181029.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0735"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014030"
      },
      {
        "db": "BID",
        "id": "105750"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118937"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0735"
      },
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155160"
      },
      {
        "db": "PACKETSTORM",
        "id": "150683"
      },
      {
        "db": "PACKETSTORM",
        "id": "169669"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0735",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "105750",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1041986",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014030",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1395",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0514",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1119",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0473",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0529",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3390.4",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-118937",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0735",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150561",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155160",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150683",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169669",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118937"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0735"
      },
      {
        "db": "BID",
        "id": "105750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014030"
      },
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155160"
      },
      {
        "db": "PACKETSTORM",
        "id": "150683"
      },
      {
        "db": "PACKETSTORM",
        "id": "169669"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0735"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1395"
      }
    ]
  },
  "id": "VAR-201810-0933",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118937"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:05:15.691000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "[SECURITY] [DLA 1586-1] openssl security update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
      },
      {
        "title": "DSA-4348",
        "trust": 0.8,
        "url": "https://www.debian.org/security/2018/dsa-4348"
      },
      {
        "title": "Timing vulnerability in ECDSA signature generation (CVE-2018-0735)(56fb454)",
        "trust": 0.8,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1"
      },
      {
        "title": "Timing vulnerability in ECDSA signature generation (CVE-2018-0735)(b1d6d55)",
        "trust": 0.8,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
      },
      {
        "title": "NTAP-20181105-0002",
        "trust": 0.8,
        "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
      },
      {
        "title": "November 2018 Security Releases",
        "trust": 0.8,
        "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
      },
      {
        "title": "Timing vulnerability in ECDSA signature generation (CVE-2018-0735)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20181029.txt"
      },
      {
        "title": "USN-3840-1",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/3840-1/"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86394"
      },
      {
        "title": "Red Hat: Low: openssl security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193700 - security advisory"
      },
      {
        "title": "Ubuntu Security Notice: openssl, openssl1.0 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3840-1"
      },
      {
        "title": "Red Hat: CVE-2018-0735",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-0735"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2018-0735"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201812-6] lib32-openssl: private key recovery",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201812-6"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201812-5] openssl: private key recovery",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201812-5"
      },
      {
        "title": "IBM: Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=11a896cf16b3849254ae662b7748b708"
      },
      {
        "title": "Debian Security Advisories: DSA-4348-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=322bd50b7b929759e38c99b73122a852"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Event Streams is affected by OpenSSL vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=efdce9b94f89918f3f2b2dfc69780ccd"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d04b79d120c8d1de061ffc3f57258fcb"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c829d56f5888779e791387897875c4b4"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private \u2013 Node.js",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2e571e7bc5566212c3e69e37ecfa5ad4"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2bd72b857f21f300d83d07a791be44cf"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=dce787e9d669a768893a91801bf5eea4"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=26f585287da19915b94b6cae2d1b864f"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private \u2013 fluentd",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=60de0933c28b353f38df30120aa2a908"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=aea3fcafd82c179d3a5dfa015e920864"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Release 1801-v",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=413b5f9466c1ebf3ab090a45e189b43e"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2018-0735 "
      },
      {
        "title": "vyger",
        "trust": 0.1,
        "url": "https://github.com/mrodden/vyger "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-0735"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014030"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1395"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-327",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-320",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014030"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0735"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/105750"
      },
      {
        "trust": 2.2,
        "url": "https://www.openssl.org/news/secadv/20181029.txt"
      },
      {
        "trust": 2.0,
        "url": "https://access.redhat.com/errata/rhsa-2019:3700"
      },
      {
        "trust": 1.9,
        "url": "https://usn.ubuntu.com/3840-1/"
      },
      {
        "trust": 1.8,
        "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2018/dsa-4348"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1041986"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0735"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=56fb454d281a023b3f950d969693553d3f3ceea1"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0735"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
      },
      {
        "trust": 0.6,
        "url": "https://support.symantec.com/us/en/article.symsa1490.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10876540"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0529/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/docview.wss?uid=ibm10869830"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10792231"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1143442"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10870936"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/78342"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3390.4/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1169932"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/75618"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-plus-cve-2018-0735-cve-2018-0734-cve-2018-5407/"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10873310"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/75802"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/openssl/openssl/commit/56fb454d281a023b3f950d969693553d3f3ceea1"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/openssl/openssl/commit/b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/327.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2018-0735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59068"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0732"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/openssl"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-0735"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-0734"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.14"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.27"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.0g-2ubuntu4.3"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3840-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu6.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.2"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118937"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0735"
      },
      {
        "db": "BID",
        "id": "105750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014030"
      },
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155160"
      },
      {
        "db": "PACKETSTORM",
        "id": "150683"
      },
      {
        "db": "PACKETSTORM",
        "id": "169669"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0735"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1395"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-118937"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0735"
      },
      {
        "db": "BID",
        "id": "105750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014030"
      },
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155160"
      },
      {
        "db": "PACKETSTORM",
        "id": "150683"
      },
      {
        "db": "PACKETSTORM",
        "id": "169669"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0735"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1395"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118937"
      },
      {
        "date": "2018-10-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-0735"
      },
      {
        "date": "2018-10-29T00:00:00",
        "db": "BID",
        "id": "105750"
      },
      {
        "date": "2019-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-014030"
      },
      {
        "date": "2018-12-03T21:06:37",
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "date": "2019-11-06T15:56:37",
        "db": "PACKETSTORM",
        "id": "155160"
      },
      {
        "date": "2018-12-07T01:03:36",
        "db": "PACKETSTORM",
        "id": "150683"
      },
      {
        "date": "2018-10-29T12:12:12",
        "db": "PACKETSTORM",
        "id": "169669"
      },
      {
        "date": "2018-10-29T13:29:00.263000",
        "db": "NVD",
        "id": "CVE-2018-0735"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-1395"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118937"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-0735"
      },
      {
        "date": "2018-10-29T00:00:00",
        "db": "BID",
        "id": "105750"
      },
      {
        "date": "2019-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-014030"
      },
      {
        "date": "2023-11-07T02:51:05.350000",
        "db": "NVD",
        "id": "CVE-2018-0735"
      },
      {
        "date": "2020-12-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-1395"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1395"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL ECDSA Vulnerabilities related to key management errors in signature algorithms",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014030"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1395"
      }
    ],
    "trust": 0.6
  }
}

var-200609-1252
Vulnerability from variot

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

               VMware Security Advisory

Advisory ID: VMSA-2007-0001 Synopsis: VMware ESX server security updates Issue date: 2007-01-08 Updated on: 2007-01-08 CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-4980

  1. Summary:

Updated ESX Patches address several security issues.

  1. Relevant releases:

VMware ESX 3.0.1 without patch ESX-9986131 VMware ESX 3.0.0 without patch ESX-3069097

VMware ESX 2.5.4 prior to upgrade patch 3 VMware ESX 2.5.3 prior to upgrade patch 6 VMware ESX 2.1.3 prior to upgrade patch 4 VMware ESX 2.0.2 prior to upgrade patch 4

  1. Problem description:

Problems addressed by these patches:

a. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) assigned the name CVE-2006-3589 to this issue.

b. OpenSSL library vulnerabilities:

ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

(CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
allows remote attackers to cause a denial of service (infinite
loop and memory consumption) via malformed ASN.1 structures that
trigger an improperly handled error condition.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4343) The get_server_hello function in the SSLv2 client
code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and
earlier versions allows remote servers to cause a denial of service
(client crash) via unknown vectors that trigger a null pointer
dereference.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
CVE-2006-4339, and CVE-2006-4343 to these issues.

c. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

(CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
SSH protocol, allows remote attackers to cause a denial of service
(CPU consumption) via an SSH packet that contains duplicate blocks,
which is not properly handled by the CRC compensation attack
detector.

NOTE: ESX by default disables version 1 SSH protocol.

(CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
allows remote attackers to cause a denial of service (crash), and
possibly execute arbitrary code if GSSAPI authentication is enabled,
via unspecified vectors that lead to a double-free.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.

d. Object reuse problems with newly created virtual disk (.vmdk or .dsk) files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w.

e. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings. Python applications
using this function can open a security vulnerability that could
allow the execution of arbitrary code.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2006-4980 to this issue.
  1. Solution:

Please review the Patch notes for your version of ESX and verify the md5sum.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Contact:

http://www.vmware.com/security

VMware Security Response Policy http://www.vmware.com/vmtn/technology/security/security_response.html

E-mail: security@vmware.com

Copyright 2007 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE neFG0RikD74TCYeXKW6CBy4= =9/6k -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01118771 Version: 1

HPSBMA02250 SSRT061275 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-08-01 Last Updated: 2007-08-01

Potential Security Impact: Remote execution of arbitrary code and Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified HP System Management Homepage (SMH) for Linux and Windows.

References: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-4339, CVE-2006-4343

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. A more recent version is available: System Management Homepage (SMH) version 2.1.8

HP System Management Homepage for Linux (x86) version 2.1.8-177 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26864.html

HP System Management Homepage for Linux (AMD64/EM64T) version 2.1.8-177 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26866.html

HP System Management Homepage for Windows version 2.1.8-179 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26977.html

PRODUCT SPECIFIC INFORMATION

HISTORY: Version:1 (rev.1) - 1 August 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1252",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": "jre 011",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 011",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 010",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 010",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 013",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 014",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": "sdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 15",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 015",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jdk 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jdk 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "jre 1.4.2 12",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "sdk 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre .0 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "sdk 07",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk b 005",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "sdk 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk .0 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk .0 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk .0 4",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk 008",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2"
      },
      {
        "model": "sdk 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre .0 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 015",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "sdk 012",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 014",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 009",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": "jre 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jdk 003",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk .0 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "sdk 13",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre .0 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jdk 006",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jdk 05",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk .0 03",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sybase",
        "version": "3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "jdk 06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre b 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jdk 002",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 008",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jdk 004",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "sdk 12",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk 009",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "jdk 004",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "sdk 013",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jdk b 007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "jre 012",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "jre 005",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "jre 009",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.5"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.1"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.9"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "java system web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.10"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.5"
      },
      {
        "model": "securecrt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "5.2.2"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ffi global fix lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "java web proxy server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.6"
      },
      {
        "model": "2-stable-20061018",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "jre b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "4,0 beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "jre .0 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "software opera web browser 1win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "jdk 09",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "7.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "6.2.3"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.51"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "sdk 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "java web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "thunderbird",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.5"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "jdk 1.5.0.0 06",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "one application server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "java system web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "sdk 04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.6"
      },
      {
        "model": "thunderbird",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.7"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "java system web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "solonde etl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.6"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "jsse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.2"
      },
      {
        "model": "one web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.54"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "one web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.51"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "one web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.1"
      },
      {
        "model": "java system web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "www-client/opera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gentoo",
        "version": "9.0.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.3"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.10"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.12"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.4"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "sdk 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.02"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-release-p32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.1.1"
      },
      {
        "model": "jre 007",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5.1"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "jre 01a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "reflection ftp client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "12.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "ffi global fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.1"
      },
      {
        "model": "jsse 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "java system web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "java system application server 2004q2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "java web proxy server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "jre 009",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.52"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "jre b 005",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "jsse 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "jre 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "international cryptographic infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.7.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "risk analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.54"
      },
      {
        "model": "software opera web browser beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "83"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.53"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.21"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "java system web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "data auditing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.5.3"
      },
      {
        "model": "openoffice",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.2"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "-release-p42",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "java system application server 2004q2 r1standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "seamonkey",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.5"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.0"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "data direct odbc/ole-db drivers for ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "java system web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "communications security tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "global fix lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.3"
      },
      {
        "model": "software opera web browser win32 beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.01"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.7"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.22"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.4"
      },
      {
        "model": "virtualvault a.04.50",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "jdk 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "integrated management",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "jre 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "one web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.2.1"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.1"
      },
      {
        "model": "jdk 1.5.0.0 04",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "java system web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.5"
      },
      {
        "model": "tomboy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "one application server platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "x0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "ecda",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.6"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.2"
      },
      {
        "model": "software opera web browser j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "solaris 8 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.1"
      },
      {
        "model": "one web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.50"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.06"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "ecda",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "sdk 05a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "java web proxy server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "3.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "software opera web browser beta build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.2012981"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "9"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.2"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "sdk 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.53"
      },
      {
        "model": "reflection sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.1"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "current pre20010701",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "jdk b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.7"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "-release-p38",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.13"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "corp banking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "java system application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "tomboy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.9"
      },
      {
        "model": "one web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.10"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.5"
      },
      {
        "model": "java system application server 2004q2 r1enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "jdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "seamonkey",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.3"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.1"
      },
      {
        "model": "-release-p17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "9.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0.4"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser .6win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "data integration suite di",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "1.0"
      },
      {
        "model": "linux enterprise sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0"
      },
      {
        "model": "rtds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "3.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.14"
      },
      {
        "model": "java web proxy server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "java system application server platform edition q1 ur1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "data auditing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.5.2"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.1"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.4"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0.2"
      },
      {
        "model": "stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "java system web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "sdk 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "4.10-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "java enterprise system 2005q1",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "reflection sftp client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "solaris 8 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "java system application server platform edition q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "iq extended enterpirse edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.7"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "jdk 13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "java system application server standard 2004q2 r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "sdk 07a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "interactive response",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.1"
      },
      {
        "model": "software opera web browser mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "6.1"
      },
      {
        "model": "java system application server enterprise edition 2005q1rhel2.1/rhel3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.1"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "international cryptographic infostructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.6.1"
      },
      {
        "model": "communications security ssh tectia k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.8"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "software opera web browser b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "project openssl k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.0"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "java system application server standard 2004q2 r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "9.01"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "java system application server 2004q2 r2 enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java system web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "current august",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "232006"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "jre 05a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "sdk 007",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "one web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.2"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.3"
      },
      {
        "model": "jdk 15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.11"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.0"
      },
      {
        "model": "cvlan",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "jre 099",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "java system application server 2004q2 r3 enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java enterprise system 2003q4",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "java system application server 2004q2 r3 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "jre beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.10"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "java system application server 2004q2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20090"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "3.1 rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "e-biz impact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.5"
      },
      {
        "model": "ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "11.5"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.02"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "java system application server enterprise 2004q2 r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "-release-p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "unwired accelerator and enterprise portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "8.0"
      },
      {
        "model": "one web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "jre 14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "jre 13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "10.5"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "jdk 12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "mach desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "jdk 11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "advanced linux environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "secure global desktop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.0.2"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "2.1.4"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "one web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "7.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "java system application server standard platform q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.52"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3)4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "webproxy a.02.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.4.2"
      },
      {
        "model": "java system application server enterprise 2004q2 r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0.0"
      },
      {
        "model": "java system web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "java system web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "one web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "project openssl c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bpi for healthcare",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2"
      },
      {
        "model": "jdk 099",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "jre 006",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "powerbuilder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "10.2.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.13"
      },
      {
        "model": "webproxy a.02.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "virtualvault a.04.70",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "11.0"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "e-biz impact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.4.5"
      },
      {
        "model": "java system application server enterprise edition q1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8.12005"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "jdk 1.5.0.0 03",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.3-1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "jdk 10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "ffi uofx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.50"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.0"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "java web proxy server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "reflection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "13.0.5"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "seamonkey",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.0.6"
      },
      {
        "model": "ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5.2"
      },
      {
        "model": "unwired orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.0"
      },
      {
        "model": "systems weblogic express for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.4"
      },
      {
        "model": "jsse 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "one web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "e1.0-solid",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "netscape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "7.2"
      },
      {
        "model": "-release/alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "ffi bptw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "java web proxy server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "java system application server 2004q2 r2 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "communications security ssh tectia j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3.2"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "virtualvault a.04.60",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "afaria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.3"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "10.0"
      },
      {
        "model": "java enterprise system 2005q4",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "hat fedora core5",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "one web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "sdk 01a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "solaris 9 x86 update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0.x"
      },
      {
        "model": "communications security ssh tectia manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "network security services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.11.3"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "jre 004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.23"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "rfid enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "systems weblogic server for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "8.1"
      },
      {
        "model": "legion of the bouncy castle java cryptography api",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "the",
        "version": "1.37"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "-stablepre2002-03-07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.0"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.2"
      },
      {
        "model": "communications security ssh tectia connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1"
      },
      {
        "model": "thunderbird",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.8"
      },
      {
        "model": "ffi cons banking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "0"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "java enterprise system 2004q2",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "securefx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "van dyke",
        "version": "4.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "java system web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.5"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "software opera web browser 3win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "java web proxy server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.0"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "jre 09",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "2.0.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "software opera web browser 2win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "8.01"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "appeon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.8"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.0.7"
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "bpi for healthcare",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.2.1"
      },
      {
        "model": "java web proxy server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "sdk .0 05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.20"
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.1.1"
      },
      {
        "model": "java system web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.14"
      },
      {
        "model": "sdk .0 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.12"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "systems weblogic server for win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "systems weblogic express for win32 sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.3"
      },
      {
        "model": "jre .0 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.3.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "mfolio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "2.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "communications security ssh tectia server for ibm z/os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "5.2.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.11"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "jdk 003",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "communications security ssh tectia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "software opera web browser win32 beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.02"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "systems weblogic express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "openoffice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openoffice",
        "version": "2.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.6"
      },
      {
        "model": "firefox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "1.5.8"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.11"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "jsse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.0.3"
      },
      {
        "model": "current pre20010805",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "software opera web browser win32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "java web proxy server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "5.0"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "eii avaki sdf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "legion of the bouncy castle java cryptography api",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "the",
        "version": "1.38"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "software opera web browser linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "6.0.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "java system web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "java web proxy server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.6"
      },
      {
        "model": "solaris update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "95"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "solonde etl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "4.0"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "12.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "vshell",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "van dyke",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "systems weblogic express sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "interactive response",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "easerver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sybase",
        "version": "5.1"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "communications security ssh tectia server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "4.4.3"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.48"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.47"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.22"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i standard edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i personal edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i enterprise edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle8i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "oracle8i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4.0"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.5"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.4.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.0.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.2.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.1.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "identity management 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.0.1"
      },
      {
        "model": "9i application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0.2.2"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3"
      },
      {
        "model": "e-business suite 11i cu2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.9"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.8"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.7"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "developer suite 6i",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.2"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.1"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.0"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.2.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle for openview for linux ltu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1.1"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.7"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Daniel Bleichenbacher reported this issue to the vendor.",
    "sources": [
      {
        "db": "BID",
        "id": "19849"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-4339",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4339",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. \nAll versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2007-0001\nSynopsis:          VMware ESX server security updates\nIssue date:        2007-01-08\nUpdated on:        2007-01-08\nCVE:               CVE-2006-3589 CVE-2006-2937 CVE-2006-2940\n                   CVE-2006-3738 CVE-2006-4339 CVE-2006-4343\n                   CVE-2006-4980\n- -------------------------------------------------------------------\n\n1. Summary:\n\nUpdated ESX Patches address several security issues. \n\n2. Relevant releases:\n\nVMware ESX 3.0.1 without patch ESX-9986131\nVMware ESX 3.0.0 without patch ESX-3069097\n\nVMware ESX 2.5.4 prior to upgrade patch 3\nVMware ESX 2.5.3 prior to upgrade patch 6\nVMware ESX 2.1.3 prior to upgrade patch 4\nVMware ESX 2.0.2 prior to upgrade patch 4\n\n3. Problem description:\n\nProblems addressed by these patches:\n\na. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. The Common Vulnerabilities and Exposures project\n    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue. \n\nb. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4343) The get_server_hello function in the SSLv2 client\n    code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and\n    earlier versions allows remote servers to cause a denial of service\n    (client crash) via unknown vectors that trigger a null pointer\n    dereference. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,\n    CVE-2006-4339, and CVE-2006-4343 to these issues. \n\nc. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4\n    allows remote attackers to cause a denial of service (crash), and\n    possibly execute arbitrary code if GSSAPI authentication is enabled,\n    via unspecified vectors that lead to a double-free. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,\n    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues. \n\nd. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. \n\ne. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. Python applications\n    using this function can open a security vulnerability that could\n    allow the execution of arbitrary code. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the name CVE-2006-4980 to this issue. \n\n4. Solution:\n\nPlease review the Patch notes for your version of ESX and verify the md5sum. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. Contact:\n\nhttp://www.vmware.com/security\n\nVMware Security Response Policy\nhttp://www.vmware.com/vmtn/technology/security/security_response.html\n\nE-mail:  security@vmware.com\n\nCopyright 2007 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE\nneFG0RikD74TCYeXKW6CBy4=\n=9/6k\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01118771\nVersion: 1\n\nHPSBMA02250 SSRT061275 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-08-01\nLast Updated: 2007-08-01\n\n\nPotential Security Impact: Remote execution of arbitrary code and Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified HP System Management Homepage (SMH) for Linux and Windows. \n\nReferences: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-4339, CVE-2006-4343\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \nA more recent version is available: System Management Homepage (SMH) version 2.1.8 \n\nHP System Management Homepage for Linux (x86) version 2.1.8-177 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26864.html \n\nHP System Management Homepage for Linux (AMD64/EM64T) version 2.1.8-177 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26866.html \n\nHP System Management Homepage for Windows version 2.1.8-179 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26977.html \n\nPRODUCT SPECIFIC INFORMATION \n\nHISTORY: \nVersion:1 (rev.1) - 1 August 2007 Initial Release \n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux \nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 1.8
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "19849",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "25399",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22936",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23841",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21785",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22325",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21870",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22044",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22934",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22689",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22036",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22509",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21927",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22939",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "28115",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22446",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22733",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22938",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21852",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22932",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21873",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22711",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22066",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "60799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "38567",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22937",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "41818",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21930",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "38568",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21776",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22523",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25649",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21982",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21767",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21906",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22232",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22513",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21846",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22949",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21823",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22161",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22940",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26893",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22226",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21778",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23455",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22948",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21812",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22585",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22545",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24099",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-4224",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4366",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3793",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4586",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4216",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-5146",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3899",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4205",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3730",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4206",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1945",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4744",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0366",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0254",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3453",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4207",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3748",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3566",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1815",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2163",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1016791",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000079",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "28549",
        "trust": 1.0
      },
      {
        "db": "JVN",
        "id": "JVN51615542",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#594904",
        "trust": 0.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "id": "VAR-200609-1252",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.32525984999999996
  },
  "last_update_date": "2024-03-16T20:18:27.377000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 1.6,
        "url": "http://docs.info.apple.com/article.html?artnum=307177"
      },
      {
        "trust": 1.3,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=3117"
      },
      {
        "trust": 1.3,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-188.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://support.attachmate.com/techdocs/2137.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.openssl.org/news/secadv_20060905.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.openoffice.org/security/cves/cve-2006-4339.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.bluecoat.com/support/knowledge/openssl_rsa_signature_forgery.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/845620"
      },
      {
        "trust": 1.3,
        "url": "https://secure-support.novell.com/kanisaplatform/publishing/41/3143224_f.sal_public.html"
      },
      {
        "trust": 1.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1"
      },
      {
        "trust": 1.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "trust": 1.3,
        "url": "http://www.sybase.com/detail?id=1047991"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://dev2dev.bea.com/pub/advisory/238"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c01070495"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://jvn.jp/en/jp/jvn51615542/index.html"
      },
      {
        "trust": 1.0,
        "url": "http://jvndb.jvn.jp/ja/contents/2012/jvndb-2012-000079.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2007/dec/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21709"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21767"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21776"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21778"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21785"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21812"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21823"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21846"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21852"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21870"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21873"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21906"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21927"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/21982"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22036"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22044"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22066"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22161"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22226"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22232"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22325"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22446"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22509"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22513"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22523"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22545"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22585"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22689"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22711"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22733"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22932"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22934"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22936"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22937"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22938"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22939"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22940"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22948"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22949"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23455"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23841"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24099"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25399"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25649"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26893"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/28115"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/38567"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/38568"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/41818"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/60799"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:19.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200609-05.xml"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200609-18.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016791"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.566955"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.605306"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2127.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2128.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/40ak-2006-04-fr-1.1_ssl360_openssl_rsa.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1174"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:161"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:207"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_61_opera.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openbsd.org/errata.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.com/security/advisories/openpkg-sa-2006.018.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.029-bind.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.opera.com/support/search/supsearch.dml?index=845"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/28549"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0661.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0062.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0072.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2007-0073.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/445231/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/445822/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/450327/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/19849"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-339-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.us.debian.org/security/2006/dsa-1173"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3453"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3566"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3730"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3748"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3793"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3899"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4205"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4206"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4207"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4216"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4366"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4586"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4744"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/5146"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0254"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1815"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1945"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2163"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/4224"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2010/0366"
      },
      {
        "trust": 1.0,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00771742"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28755"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-1633"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-616"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11656"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.6,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1\u0026searchclause="
      },
      {
        "trust": 0.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-196.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-224.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-246.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.cdc.informatik.tu-darmstadt.de/securebrowser/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
      },
      {
        "trust": 0.3,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2006-023.txt.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-451.php"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0735.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0661.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0675.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0676.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0677.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0733.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2006-0734.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/44ak-2006-04-en-1.1_ssl360_openssl_rsa.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www1.vandyke.com/support/advisory/2007/01/845620.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.slackware.com/security/list.php?l=slackware-security\u0026y=2006"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "/archive/1/446038"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2007-091.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-250.htm"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?admit=-1335382922+1174502331230+28353475\u0026docid=c00774579"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-january/051708.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2007-0062.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2007-0072.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/594904"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/221788"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/457193"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/464470"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458657"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458036"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458006"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458037"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458005"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458041"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458038"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458475"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-05T00:00:00",
        "db": "BID",
        "id": "19849"
      },
      {
        "date": "2007-01-16T00:00:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-09-05T17:04:00",
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2015-03-19T08:19:00",
        "db": "BID",
        "id": "19849"
      },
      {
        "date": "2008-05-20T23:05:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2018-10-17T21:35:10.617000",
        "db": "NVD",
        "id": "CVE-2006-4339"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "19849"
      },
      {
        "db": "BID",
        "id": "22083"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "19849"
      }
    ],
    "trust": 0.3
  }
}

var-201201-0169
Vulnerability from variot

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03360041

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03360041 Version: 1

HPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-06-26 Last Updated: 2012-06-26

Potential Security Impact: Remote unauthorized access, disclosure of information, data modification, Denial of Service (DoS), execution of arbitrary code

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code.

References: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS), CVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege Elevation), CVE-2012-2016 (Information disclosure), SSRT100336, SSRT100753, SSRT100669, SSRT100676, SSRT100695, SSRT100714, SSRT100760, SSRT100786, SSRT100787, SSRT100815, SSRT100840, SSRT100843, SSRT100869

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v7.1.1 running on Linux and Windows.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2012-2012 (AV:N/AC:L/Au:N/C:C/I:C/A:P) 9.7 CVE-2012-2013 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2012-2014 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 6.8 CVE-2012-2015 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 6.5 CVE-2012-2016 (AV:L/AC:M/Au:S/C:C/I:N/A:N) 4.4 CVE-2011-1944 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-2821 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-2834 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3379 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-4078 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-4415 (AV:L/AC:H/Au:N/C:N/I:N/A:P) 1.2 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4885 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2012-0027 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0036 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0057 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-1165 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided HP System Management Homepage v7.1.1 or subsequent to resolve the vulnerabilities. HP System Management Homepage v7.1.1 is available here:

HP System Management Homepage for Windows x64

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab 0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Windows x86

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7 c0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Linux (AMD64/EM64T)

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18 d373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Linux (x86)

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4006%257CswLang%253D8%257CswItem%253DMTX-9e 8a0188f97d48139dcb466509%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HISTORY Version:1 (rev.1) 26 June 2012 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-12

                                        http://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 06, 2012 Bugs: #397695, #399365 ID: 201203-12

Synopsis

Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to cause a Denial of Service or obtain sensitive information.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.0g *>= 0.9.8t >= 1.0.0g

Description

Multiple vulnerabilities have been found in OpenSSL:

  • Timing differences for decryption are exposed by CBC mode encryption in OpenSSL's implementation of DTLS (CVE-2011-4108).
  • An incorrect fix for CVE-2011-4108 creates an unspecified vulnerability for DTLS applications using OpenSSL (CVE-2012-0050).

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0g"

References

[ 1 ] CVE-2011-4108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108 [ 2 ] CVE-2011-4109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109 [ 3 ] CVE-2011-4576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576 [ 4 ] CVE-2011-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577 [ 5 ] CVE-2011-4619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619 [ 6 ] CVE-2012-0027 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027 [ 7 ] CVE-2012-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201203-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 .

Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code.

Warning: Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files).

All users of JBoss Enterprise Web Server 1.0.2 for Solaris and Microsoft Windows as provided from the Red Hat Customer Portal are advised to apply this update. Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2012:0059-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0059.html Issue date: 2012-01-24 CVE Names: CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)

An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)

A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially-crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577)

It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)

All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

  1. Bugs fixed (http://bugzilla.redhat.com/):

771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771778 - CVE-2011-4577 openssl: malformed RFC 3779 data can cause assertion failures 771780 - CVE-2011-4619 openssl: SGC restart DoS attack

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm

x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm

x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm

ppc64: openssl-1.0.0-20.el6_2.1.ppc.rpm openssl-1.0.0-20.el6_2.1.ppc64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-devel-1.0.0-20.el6_2.1.ppc.rpm openssl-devel-1.0.0-20.el6_2.1.ppc64.rpm

s390x: openssl-1.0.0-20.el6_2.1.s390.rpm openssl-1.0.0-20.el6_2.1.s390x.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-devel-1.0.0-20.el6_2.1.s390.rpm openssl-devel-1.0.0-20.el6_2.1.s390x.rpm

x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm

ppc64: openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-perl-1.0.0-20.el6_2.1.ppc64.rpm openssl-static-1.0.0-20.el6_2.1.ppc64.rpm

s390x: openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-perl-1.0.0-20.el6_2.1.s390x.rpm openssl-static-1.0.0-20.el6_2.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm

x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm

x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2011-4108.html https://www.redhat.com/security/data/cve/CVE-2011-4576.html https://www.redhat.com/security/data/cve/CVE-2011-4577.html https://www.redhat.com/security/data/cve/CVE-2011-4619.html https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPHySOXlSAg2UNWIIRAlYpAKCQCY5k4gZ5VKOHZekEaWFHDNjGZwCZAdR3 CJl5iUxU4cxJLOsSBESSRVs= =PMiS -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Content-Disposition: inline

==========================================================================Ubuntu Security Notice USN-1357-1 February 09, 2012

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.10
  • Ubuntu 10.04 LTS
  • Ubuntu 8.04 LTS

Summary:

Multiple vulnerabilities exist in OpenSSL that could expose sensitive information or cause applications to crash.

Software Description: - openssl: Secure Socket Layer (SSL) binary and related cryptographic tools

Details:

It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)

Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. This could allow a remote attacker to recover plaintext. This could allow a remote attacker to cause a denial of service. This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109)

It was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4576)

Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. This could allow a remote attacker to cause a denial of service. This could allow a remote attacker to cause a denial of service. (CVE-2011-4619)

Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL did not properly handle invalid parameters. This could allow a remote attacker to cause a denial of service via crafted data from a TLS client. This issue only affected Ubuntu 11.10. (CVE-2012-0027)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.10: libssl1.0.0 1.0.0e-2ubuntu4.2 openssl 1.0.0e-2ubuntu4.2

Ubuntu 11.04: libssl0.9.8 0.9.8o-5ubuntu1.2 openssl 0.9.8o-5ubuntu1.2

Ubuntu 10.10: libssl0.9.8 0.9.8o-1ubuntu4.6 openssl 0.9.8o-1ubuntu4.6

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.8 openssl 0.9.8k-7ubuntu8.8

Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.15 openssl 0.9.8g-4ubuntu3.15

After a standard system update you need to reboot your computer to make all the necessary changes. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPFFiBmqjQ0CJFipgRAkIUAJ9foScZELNgGkHUEaaSx9sgdWNMFwCgnsst eph27yO3eEECVX28+SNUKyw= =wTFq -----END PGP SIGNATURE----- . Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can be found at http://www.isg.rhul.ac.uk/~kp/dtls.pdf

Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann seggelmann@fh-muenster.de and Michael Tuexen tuexen@fh-muenster.de for preparing the fix.

Double-free in Policy Checks (CVE-2011-4109)

If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected.

This flaw was discovered by Ben Laurie and a fix provided by Emilia Kasper ekasper@google.com of Google. This affects both clients and servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with SSLv3_{server|client}method or SSLv23{server|client}_method. It does not affect TLS. This could include sensitive contents of previously freed memory.

However, in practice, most deployments do not use SSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer any any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue.

Thanks to Adam Langley agl@chromium.org for identifying and fixing this issue.

Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)

RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack.

Note, however, that in the standard release of OpenSSL, RFC 3779 support is disabled by default, and in this case OpenSSL is not vulnerable. Builds of OpenSSL are vulnerable if configured with "enable-rfc3779".

Thanks to Andrew Chi, BBN Technologies, for discovering the flaw, and Rob Austein sra@hactrn.net for fixing it.

Thanks to George Kadianakis desnacked@gmail.com for identifying this issue and to Adam Langley agl@chromium.org for fixing it.

Invalid GOST parameters DoS Attack (CVE-2012-0027)

A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack.

Only users of the OpenSSL GOST ENGINE are affected by this bug.

Thanks to Andrey Kulikov amdeich@gmail.com for identifying and fixing this issue.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20120104.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0169",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "efi",
        "version": null
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.32"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16.2"
      },
      {
        "model": "aura system platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "hardware management console 7r7.7.0",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux enterprise sdk sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.41"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.1"
      },
      {
        "model": "big-ip webaccelerator hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "aura system manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "hardware management console 7r7.2.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "hardware management console 7r7.1.0 sp4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "8.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "junos space ja1500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip asm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "proactive contact",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "voice portal",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.3"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "junos space ja2500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411.2"
      },
      {
        "model": "linux enterprise server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "reflection sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "aura communication manager sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.0.52"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip webaccelerator hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "8.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "xiv storage system gen3 mtm 11.1.0.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-114"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.44"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "hardware management console 7r7.1.0 sp3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "junos space 14.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "8.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "tivoli network manager fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "pfsense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.1"
      },
      {
        "model": "big-ip ltm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "junos space 13.1p1.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.2"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "reflection for ibm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20070"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "hardware management console 7r7.3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.3"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "big-ip ltm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "messaging storage server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.14"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "linux enterprise server sp3 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.01"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "voice portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "enterprise linux desktop version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.50"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.55"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56001"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "big-ip psm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.00"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.1.2"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411.1.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4"
      },
      {
        "model": "meeting exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "jboss enterprise web server for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "1.0.2"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411.2"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "tivoli remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "big-ip edge gateway hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "message networking sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux enterprise server for vmware sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "infosphere balanced warehouse d5100",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "hardware management console 7r7.2.0 sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.7"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip wom hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "messaging storage server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip analytics 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip afm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.2"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "onboard administrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.56"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.12"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.1"
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "xiv storage system gen3 mtm 11.0.1.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-114"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "fiery print controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "efi",
        "version": "2.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "docucolor dc260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "docucolor dc242",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "linux enterprise server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.13"
      },
      {
        "model": "aura sip enablement services sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "reflection for ibm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20080"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.5.0.15"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.1"
      },
      {
        "model": "7.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.9"
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "pfsense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.3"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.4"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411.1.1"
      },
      {
        "model": "reflection sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.1"
      },
      {
        "model": "big-ip psm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aura application server sip core pb26",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "xiv storage system gen3 mtm 11.1.0.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-114"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411"
      },
      {
        "model": "sterling connect:direct",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.61"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "enterprise virtualization hypervisor for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "60"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "linux enterprise sdk sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56002"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "76000"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "junos space r1.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.40"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.00"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux enterprise desktop sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "reflection for unix and openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20080"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0"
      },
      {
        "model": "enterprise virtualization hypervisor for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "50"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "tivoli network manager fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9"
      },
      {
        "model": "jboss enterprise web server for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "1.0.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77100"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "hardware management console 7r7.1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm 11.0.1.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-114"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip analytics hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77000"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16.3"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "docucolor dc252",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "ds8870",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "linux enterprise desktop sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip pem hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "aura conferencing standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "hardware management console 7r7.2.0 sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "pfsense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "message networking",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.5"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-057"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4108"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8r",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.0e",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4108"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nadhem Alfardan and Kenny Paterson, Information Security Group at Royal Holloway, University of London, Ben Laurie, Adam Langley, Andrew Chi, BBN Technologies and Andrey Kulikov",
    "sources": [
      {
        "db": "BID",
        "id": "51281"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-4108",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2011-4108",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-4108",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201201-057",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2011-4108",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2011-4108"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-057"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4108"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03360041\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03360041\nVersion: 1\n\nHPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on\nLinux and Windows, Remote Unauthorized Access, Disclosure of Information,\nData Modification, Denial of Service (DoS), Execution of Arbitrary Code\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2012-06-26\nLast Updated: 2012-06-26\n\nPotential Security Impact: Remote unauthorized access, disclosure of\ninformation, data modification, Denial of Service (DoS), execution of\narbitrary code\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) running on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in unauthorized access, disclosure of\ninformation, data modification, Denial of Service (DoS), and execution of\narbitrary code. \n\nReferences: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379,\nCVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317,\nCVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885,\nCVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053,\nCVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823,\nCVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS),\nCVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege\nElevation),\nCVE-2012-2016 (Information disclosure),\nSSRT100336, SSRT100753, SSRT100669, SSRT100676,\nSSRT100695, SSRT100714, SSRT100760, SSRT100786,\nSSRT100787, SSRT100815, SSRT100840, SSRT100843, SSRT100869\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) before v7.1.1 running on Linux and\nWindows. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2012-2012    (AV:N/AC:L/Au:N/C:C/I:C/A:P)       9.7\nCVE-2012-2013    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2012-2014    (AV:N/AC:M/Au:S/C:N/I:N/A:N)       6.8\nCVE-2012-2015    (AV:N/AC:M/Au:S/C:P/I:N/A:N)       6.5\nCVE-2012-2016    (AV:L/AC:M/Au:S/C:C/I:N/A:N)       4.4\nCVE-2011-1944    (AV:N/AC:M/Au:N/C:C/I:C/A:C)       9.3\nCVE-2011-2821    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2011-2834    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2011-3379    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2011-3607    (AV:L/AC:M/Au:N/C:P/I:P/A:P)       4.4\nCVE-2011-4078    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2011-4108    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2011-4153    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2011-4317    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2011-4415    (AV:L/AC:H/Au:N/C:N/I:N/A:P)       1.2\nCVE-2011-4576    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\nCVE-2011-4577    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2011-4619    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2011-4885    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2012-0021    (AV:N/AC:H/Au:N/C:N/I:N/A:P)       2.6\nCVE-2012-0027    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2012-0031    (AV:L/AC:L/Au:N/C:P/I:P/A:P)       4.6\nCVE-2012-0036    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2012-0053    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2012-0057    (AV:N/AC:L/Au:N/C:P/I:P/A:N)       6.4\nCVE-2012-0830    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2012-1165    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2012-1823    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided HP System Management Homepage v7.1.1 or subsequent to resolve\nthe vulnerabilities. HP System Management Homepage v7.1.1 is available here:\n\nHP System Management Homepage for Windows x64\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab\n0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Windows x86\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7\nc0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (AMD64/EM64T)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18\nd373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (x86)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4006%257CswLang%253D8%257CswItem%253DMTX-9e\n8a0188f97d48139dcb466509%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHISTORY\nVersion:1 (rev.1) 26 June 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201203-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: March 06, 2012\n     Bugs: #397695, #399365\n       ID: 201203-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, allowing remote\nattackers to cause a Denial of Service or obtain sensitive information. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.0g                 *\u003e= 0.9.8t\n                                                            \u003e= 1.0.0g\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL:\n\n* Timing differences for decryption are exposed by CBC mode encryption\n  in OpenSSL\u0027s implementation of DTLS (CVE-2011-4108). \n* An incorrect fix for CVE-2011-4108 creates an unspecified\n  vulnerability for DTLS applications using OpenSSL (CVE-2012-0050). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0g\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-4108\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108\n[ 2 ] CVE-2011-4109\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109\n[ 3 ] CVE-2011-4576\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576\n[ 4 ] CVE-2011-4577\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577\n[ 5 ] CVE-2011-4619\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619\n[ 6 ] CVE-2012-0027\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027\n[ 7 ] CVE-2012-0050\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-12.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\nfrom BIO (OpenSSL\u0027s I/O abstraction) inputs. Specially-crafted DER\n(Distinguished Encoding Rules) encoded data read from a file or other BIO\ninput could cause an application using the OpenSSL library to crash or,\npotentially, execute arbitrary code. \n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles). \n\nAll users of JBoss Enterprise Web Server 1.0.2 for Solaris and Microsoft\nWindows as provided from the Red Hat Customer Portal are advised to apply\nthis update. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2012:0059-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2012-0059.html\nIssue date:        2012-01-24\nCVE Names:         CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 \n                   CVE-2011-4619 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use this\nflaw to retrieve plain text from the encrypted packets by using a DTLS\nserver as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection. \n(CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application using\nOpenSSL exit unexpectedly by providing a specially-crafted X.509\ncertificate that has malformed RFC 3779 extension data. (CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake. \n(CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack\n771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding\n771778 - CVE-2011-4577 openssl: malformed RFC 3779 data can cause assertion failures\n771780 - CVE-2011-4619 openssl: SGC restart DoS attack\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\n\nppc64:\nopenssl-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-devel-1.0.0-20.el6_2.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.0-20.el6_2.1.s390.rpm\nopenssl-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-devel-1.0.0-20.el6_2.1.s390.rpm\nopenssl-devel-1.0.0-20.el6_2.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-static-1.0.0-20.el6_2.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-perl-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-static-1.0.0-20.el6_2.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-4108.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4576.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4577.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4619.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPHySOXlSAg2UNWIIRAlYpAKCQCY5k4gZ5VKOHZekEaWFHDNjGZwCZAdR3\nCJl5iUxU4cxJLOsSBESSRVs=\n=PMiS\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Content-Disposition: inline\n\n==========================================================================Ubuntu Security Notice USN-1357-1\nFebruary 09, 2012\n\nopenssl vulnerabilities\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nMultiple vulnerabilities exist in OpenSSL that could expose\nsensitive information or cause applications to crash. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) binary and related cryptographic tools\n\nDetails:\n\nIt was discovered that the elliptic curve cryptography (ECC) subsystem\nin OpenSSL, when using the Elliptic Curve Digital Signature Algorithm\n(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement\ncurves over binary fields. This could allow an attacker to determine\nprivate keys via a timing attack. This issue only affected Ubuntu 8.04\nLTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\nAdam Langley discovered that the ephemeral Elliptic Curve\nDiffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread\nsafety while processing handshake messages from clients. This\ncould allow a remote attacker to cause a denial of service via\nout-of-order messages that violate the TLS protocol. This issue only\naffected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu\n11.04. This could allow a remote\nattacker to recover plaintext. This could allow a remote\nattacker to cause a denial of service. This\ncould allow a remote attacker to cause a denial of service. This\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. (CVE-2011-4109)\n\nIt was discovered that OpenSSL, in certain circumstances involving\nECDH or ECDHE cipher suites, used an incorrect modular reduction\nalgorithm in its implementation of the P-256 and P-384 NIST elliptic\ncurves. This issue only\naffected Ubuntu 8.04 LTS. (CVE-2011-4576)\n\nAndrew Chi discovered that OpenSSL, when RFC 3779 support is enabled,\ncould trigger an assert when handling an X.509 certificate containing\ncertificate-extension data associated with IP address blocks or\nAutonomous System (AS) identifiers. This could allow a remote attacker\nto cause a denial of service. This could allow a remote attacker to cause a denial of\nservice. (CVE-2011-4619)\n\nAndrey Kulikov discovered that the GOST block cipher engine in OpenSSL\ndid not properly handle invalid parameters. This could allow a remote\nattacker to cause a denial of service via crafted data from a TLS\nclient. This issue only affected Ubuntu 11.10. (CVE-2012-0027)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n  libssl1.0.0                     1.0.0e-2ubuntu4.2\n  openssl                         1.0.0e-2ubuntu4.2\n\nUbuntu 11.04:\n  libssl0.9.8                     0.9.8o-5ubuntu1.2\n  openssl                         0.9.8o-5ubuntu1.2\n\nUbuntu 10.10:\n  libssl0.9.8                     0.9.8o-1ubuntu4.6\n  openssl                         0.9.8o-1ubuntu4.6\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.8\n  openssl                         0.9.8k-7ubuntu8.8\n\nUbuntu 8.04 LTS:\n  libssl0.9.8                     0.9.8g-4ubuntu3.15\n  openssl                         0.9.8g-4ubuntu3.15\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFPFFiBmqjQ0CJFipgRAkIUAJ9foScZELNgGkHUEaaSx9sgdWNMFwCgnsst\neph27yO3eEECVX28+SNUKyw=\n=wTFq\n-----END PGP SIGNATURE-----\n. Their attack exploits timing differences arising during\ndecryption processing. A research paper describing this attack can be\nfound at http://www.isg.rhul.ac.uk/~kp/dtls.pdf\n\nThanks go to Nadhem Alfardan and Kenny Paterson of the Information\nSecurity Group at Royal Holloway, University of London\n(www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann\n\u003cseggelmann@fh-muenster.de\u003e and Michael Tuexen \u003ctuexen@fh-muenster.de\u003e\nfor preparing the fix. \n\nDouble-free in Policy Checks (CVE-2011-4109)\n============================================\n\nIf X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy\ncheck failure can lead to a double-free. The bug does not occur \nunless this flag is set. Users of OpenSSL 1.0.0 are not affected. \n\nThis flaw was discovered by Ben Laurie and a fix provided by Emilia\nKasper \u003cekasper@google.com\u003e of Google. This affects both clients and\nservers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with\nSSLv3_{server|client}_method or SSLv23_{server|client}_method. It does\nnot affect TLS. This could include sensitive\ncontents of previously freed memory. \n\nHowever, in practice, most deployments do not use\nSSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per\nconnection. That write buffer is partially filled with non-sensitive,\nhandshake data at the beginning of the connection and, thereafter,\nonly records which are longer any any previously sent record leak any\nnon-encrypted data. This, combined with the small number of bytes\nleaked per record, serves to limit to severity of this issue. \n\nThanks to Adam Langley \u003cagl@chromium.org\u003e for identifying and fixing\nthis issue. \n\nMalformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)\n====================================================================\n\nRFC 3779 data can be included in certificates, and if it is malformed,\nmay trigger an assertion failure. This could be used in a\ndenial-of-service attack. \n\nNote, however, that in the standard release of OpenSSL, RFC 3779\nsupport is disabled by default, and in this case OpenSSL is not\nvulnerable. Builds of OpenSSL are vulnerable if configured with \n\"enable-rfc3779\". \n\nThanks to Andrew Chi, BBN Technologies, for discovering the flaw, and\nRob Austein \u003csra@hactrn.net\u003e for fixing it. \n\nThanks to George Kadianakis \u003cdesnacked@gmail.com\u003e for identifying\nthis issue and to Adam Langley \u003cagl@chromium.org\u003e for fixing it. \n\nInvalid GOST parameters DoS Attack (CVE-2012-0027)\n===================================================\n\nA malicious TLS client can send an invalid set of GOST parameters\nwhich will cause the server to crash due to lack of error checking. \nThis could be used in a denial-of-service attack. \n\nOnly users of the OpenSSL GOST ENGINE are affected by this bug. \n\nThanks to Andrey Kulikov \u003camdeich@gmail.com\u003e for identifying and fixing\nthis issue. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20120104.txt\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4108"
      },
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4108"
      },
      {
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "116825"
      },
      {
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "PACKETSTORM",
        "id": "169679"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-4108",
        "trust": 2.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#737740",
        "trust": 2.2
      },
      {
        "db": "SECUNIA",
        "id": "57260",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "48528",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57353",
        "trust": 1.1
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-24443",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-057",
        "trust": 0.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10659",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "51281",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4108",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116124",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116826",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "114272",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "110482",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116825",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109614",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "108735",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169679",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4108"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "PACKETSTORM",
        "id": "116124"
      },
      {
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "116825"
      },
      {
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "PACKETSTORM",
        "id": "169679"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-057"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4108"
      }
    ]
  },
  "id": "VAR-201201-0169",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.4440100783333334
  },
  "last_update_date": "2024-06-17T11:44:02.037000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl-1.0.0f",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42348"
      },
      {
        "title": "openssl-0.9.8s",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42347"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120059 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120060 - security advisory"
      },
      {
        "title": "Debian CVElist Bug Report Logs: CVE-2011-4354: OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ea25fd33228ddfe870d0eb9177265369"
      },
      {
        "title": "Debian Security Advisories: DSA-2390-1 openssl -- several vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e583d2cd94d02b09eb008edba3c25e28"
      },
      {
        "title": "Debian CVElist Bug Report Logs: Potential DTLS crasher bug",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=42b9da1ce27bbcacbdb9142890b6ad6b"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2012-038",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2012-038"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1357-1"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/hrbrmstr/internetdb "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2011-4108"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-057"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4108"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://www.openssl.org/news/secadv_20120104.txt"
      },
      {
        "trust": 1.5,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-1306.html"
      },
      {
        "trust": 1.5,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-1308.html"
      },
      {
        "trust": 1.5,
        "url": "http://www.kb.cert.org/vuls/id/737740"
      },
      {
        "trust": 1.4,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041"
      },
      {
        "trust": 1.4,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
      },
      {
        "trust": 1.4,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-1307.html"
      },
      {
        "trust": 1.4,
        "url": "http://support.apple.com/kb/ht5784"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564"
      },
      {
        "trust": 1.2,
        "url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf"
      },
      {
        "trust": 1.1,
        "url": "http://w3.efi.com/fiery"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:006"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:007"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/48528"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2012/dsa-2390"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2013/jun/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-november/092905.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57260"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57353"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "https://security.paloaltonetworks.com/cve-2011-4108"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576"
      },
      {
        "trust": 0.8,
        "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64"
      },
      {
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4109"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/solutions/len-24443"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027"
      },
      {
        "trust": 0.3,
        "url": "http://www.attachmate.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg400001530"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg400001529"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us"
      },
      {
        "trust": 0.3,
        "url": "https://www14.software.ibm.com/webapp/iwm/web/prelogin.do?source=aixbp"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100157565"
      },
      {
        "trust": 0.3,
        "url": "http://blog.pfsense.org/?p=676"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21637929"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/1708.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2502.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631429"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626257"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651196"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100156631"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100156392"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100157969"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100161892"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100161590"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643698"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912"
      },
      {
        "trust": 0.3,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03383940"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638022"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/support/docview.wss?uid=swg21619837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631322"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001560"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24030251"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033501"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004323"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643442"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651176"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21627934"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21633107"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635888"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638669"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638670"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643439"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643437"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15314.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15388.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15389.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15395.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15460.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15461.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643316"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100158312"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100150578"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100156392"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4619.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4108.html"
      },
      {
        "trust": 0.3,
        "url": "http://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4576.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2333"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4109.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-2333.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-2110.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0884"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-0884.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-1165.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0050"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/310.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2012:0059"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/1357-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4410"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4325"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0830"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4110"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5029"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2496"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2761"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3188"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5064"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4180"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0014"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1089"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2699"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4252"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4609"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3597"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4132"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4324"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2484"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.0.0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2016"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4078"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2014"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4415"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2012"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4577"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4576"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0027"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4619"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0050"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201203-12.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4109"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4108"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=1.0.2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/kb/docs/doc-11259"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4577.html"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-0059.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8g-4ubuntu3.15"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3210"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-1357-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1945"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8o-1ubuntu4.6"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4354"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8o-5ubuntu1.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.8"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.0e-2ubuntu4.2"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0027"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4108"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4576"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4619"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4109"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://www.isg.rhul.ac.uk)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4108"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "PACKETSTORM",
        "id": "116124"
      },
      {
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "116825"
      },
      {
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "PACKETSTORM",
        "id": "169679"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-057"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4108"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4108"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "PACKETSTORM",
        "id": "116124"
      },
      {
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "116825"
      },
      {
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "PACKETSTORM",
        "id": "169679"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-057"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4108"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-03-18T00:00:00",
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "date": "2012-01-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-4108"
      },
      {
        "date": "2012-01-05T00:00:00",
        "db": "BID",
        "id": "51281"
      },
      {
        "date": "2012-09-01T00:00:25",
        "db": "PACKETSTORM",
        "id": "116124"
      },
      {
        "date": "2012-09-25T00:15:41",
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "date": "2012-06-28T03:39:12",
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "date": "2012-03-06T23:57:33",
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "date": "2012-09-25T00:15:29",
        "db": "PACKETSTORM",
        "id": "116825"
      },
      {
        "date": "2012-01-24T23:58:58",
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "date": "2012-02-10T07:44:13",
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "date": "2012-01-17T01:20:23",
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "date": "2012-01-04T12:12:12",
        "db": "PACKETSTORM",
        "id": "169679"
      },
      {
        "date": "2012-01-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201201-057"
      },
      {
        "date": "2012-01-06T01:55:00.783000",
        "db": "NVD",
        "id": "CVE-2011-4108"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-05-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "date": "2016-08-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-4108"
      },
      {
        "date": "2015-04-13T21:31:00",
        "db": "BID",
        "id": "51281"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201201-057"
      },
      {
        "date": "2016-08-23T02:04:34.680000",
        "db": "NVD",
        "id": "CVE-2011-4108"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "109053"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-057"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-057"
      }
    ],
    "trust": 0.6
  }
}

var-201412-0519
Vulnerability from variot

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix. This vulnerability CVE-2014-3568 It became the problem after the correction. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions.

CVE-2014-3571

Markus Stenberg of Cisco Systems, Inc. A remote attacker could use this flaw
to mount a denial of service attack.

CVE-2014-3572

Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an
OpenSSL client would accept a handshake using an ephemeral ECDH
ciphersuite if the server key exchange message is omitted.

CVE-2015-0204

Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that
an OpenSSL client will accept the use of an ephemeral RSA key in a
non-export RSA key exchange ciphersuite, violating the TLS
standard.

CVE-2015-0206

Chris Mueller discovered a memory leak in the dtls1_buffer_record
function.

For the upcoming stable distribution (jessie), these problems will be fixed soon.

We recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2015:062 http://www.mandriva.com/en/support/security/

Package : openssl Date : March 27, 2015 Affected: Business Server 2.0

Problem Description:

Multiple vulnerabilities has been discovered and corrected in openssl:

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298).

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).

The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287).

The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt

Updated Packages:

Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04774019

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04774019 Version: 1

HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-08-24 Last Updated: 2015-08-24

Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.

References:

CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:

HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment

HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:

http://www.hp.com/go/insightupdates

Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.

HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.

HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location

HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744

HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=

HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169

HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115

HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021

HISTORY Version:1 (rev.1) - 24 August 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlXbREoACgkQ4B86/C0qfVl2EQCcC7+X+ufWAfXznICabd38dIqX /uwAmwTKaw3ON48Dwm7wtl1Cw1+vwZGJ =kie8 -----END PGP SIGNATURE----- .

References:

CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101885

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The updates are available from either of the following sites:

ftp://sl098ze:Secure12@h2.usa.hp.com

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I

HP-UX Release HP-UX OpenSSL depot name

B.11.11 (11i v1) OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot

B.11.23 (11i v2) OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot

B.11.31 (11i v3) OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot

MANUAL ACTIONS: Yes - Update

Install OpenSSL A.00.09.08ze or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0519",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "communications core session manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "7.3.5"
      },
      {
        "model": "communications core session manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "7.2.5"
      },
      {
        "model": "bladecenter advanced management module 3.66k",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8zc"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "integrated lights out manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "(sun system firmware) 8.7.2.b"
      },
      {
        "model": "integrated lights out manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "(sun system firmware) 9.4.2e"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle mobile security suite mss 3.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.63"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.71"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.1"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.1"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.2"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.3"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.4"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.1"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.2"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.3"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.4"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 5.0"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 5.1"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.1"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.5"
      },
      {
        "model": "mate collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "bladecenter advanced management module 25r5778",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1948"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22025850"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.4"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.3"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "85100"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "junos os 13.3r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.19"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.1"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "prime security manager 04.8 qa08",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0-68"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.842"
      },
      {
        "model": "flex system manager node types",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79550"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0"
      },
      {
        "model": "app for netapp data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2-77"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "telepresence te software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "linux enterprise software development kit sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.1.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350073830"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.2.2.2"
      },
      {
        "model": "network configuration and change management service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37001.1"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.8"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310025820"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.8"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24087380"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.96"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50001.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6.156"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.8"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "system management homepage c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4(7.26)"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8.0.10"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.19"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.10"
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "app for stream",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "systems insight manager sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.3"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1(5.106)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.3"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.1.8"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1.8"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22079060"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "physical access gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x638370"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.4"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x88042590"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79180"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.102"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "application policy infrastructure controller 1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nextscale nx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54550"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15-210"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0-103"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12.201"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.95"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.3.3"
      },
      {
        "model": "openflow agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0-95"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "ace30 application control engine module 3.0 a5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "junos os 12.3r10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.2"
      },
      {
        "model": "unified computing system b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.96"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079150"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.6"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.7"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2.127"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087220"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize 6.4storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3500v3700"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1-73"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "wag310g residential gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0-14"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "cognos controller if1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.3"
      },
      {
        "model": "sametime community server hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.7"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "linux enterprise server for vmware sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(0.625)"
      },
      {
        "model": "agent desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x88079030"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "sametime community server limited use",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24087370"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "jabber voice for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "ctpos 7.0r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "system management homepage a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11.197"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15210"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "system m4 hd type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054600"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.740"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "systems insight manager update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.31"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "system management homepage 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.1"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22279160"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ringmaster appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.19"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "ctpview 7.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.1"
      },
      {
        "model": "cognos controller interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vgw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.5"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "business process manager advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "system m4 bd type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054660"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.19"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "src series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "bladecenter t advanced management module 32r0835",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "iptv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "linux enterprise desktop sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325025830"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2.106"
      },
      {
        "model": "web security appliance 9.0.0 -fcs",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "systems insight manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "42000"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mint",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage 7.3.2.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14.20"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.760"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.7"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "84200"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x330073820"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ctp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1.730"
      },
      {
        "model": "ctpos 7.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x363071580"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.5"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.5"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.801"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8734-"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.5"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.3"
      },
      {
        "model": "mobile wireless transport manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "mate design",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24078630"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.143"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "business process manager advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087330"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24089560"
      },
      {
        "model": "powervu d9190 conditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.1.8"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.3"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x353071600"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.7"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0(4.29)"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "mate live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0-12"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "mobile security suite mss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1.104"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.6"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.7"
      },
      {
        "model": "nsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "cognos controller if3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.6"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.2"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.1"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pulse secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087180"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8731-"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "systems insight manager sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1.73"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "45000"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310054570"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1841"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "cognos controller fp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.3"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.2(3.1)"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.4"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.179"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079140"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087520"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.2"
      },
      {
        "model": "vds service broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35001.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.5"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x638370"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.2"
      },
      {
        "model": "app for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "junos os 12.3x48-d10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "004.000(1233)"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2.10"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.841"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.7"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "ctpos 6.6r5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "junos os 13.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.103"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "53000"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.0.121"
      },
      {
        "model": "ios 15.5 s",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "prime performance manager for sps ppm sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.6"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x44079170"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.1.2"
      },
      {
        "model": "systems insight manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.8"
      },
      {
        "model": "dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79190"
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.750"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.5"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325054580"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.1"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "71934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007389"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3569"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3569"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2014-3569",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-3569",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3569",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3569",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3569"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007389"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3569"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.  NOTE: this issue became relevant after the CVE-2014-3568 fix. This vulnerability CVE-2014-3568 It became the problem after the correction. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. \n\nCVE-2014-3571\n\n    Markus Stenberg of Cisco Systems, Inc. A remote attacker could use this flaw\n    to mount a denial of service attack. \n\nCVE-2014-3572\n\n    Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\n    OpenSSL client would accept a handshake using an ephemeral ECDH\n    ciphersuite if the server key exchange message is omitted. \n\nCVE-2015-0204\n\n    Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that\n    an OpenSSL client will accept the use of an ephemeral RSA key in a\n    non-export RSA key exchange ciphersuite, violating the TLS\n    standard. \n\nCVE-2015-0206\n\n    Chris Mueller discovered a memory leak in the dtls1_buffer_record\n    function. \n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon. \n\nWe recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2015:062\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : openssl\n Date    : March 27, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in openssl:\n \n Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows\n remote attackers to inject data across sessions or cause a denial of\n service (use-after-free and parsing error) via an SSL connection in\n a multithreaded environment (CVE-2010-5298). \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a does not reinitialize CHOICE and ADB data structures,\n which might allow attackers to cause a denial of service (invalid\n write operation and memory corruption) by leveraging an application\n that relies on ASN.1 structure reuse (CVE-2015-0287). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599  mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f  mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b  mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a  mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784  mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1  mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04774019\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04774019\nVersion: 1\n\nHPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5107    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2013-0248    (AV:L/AC:M/Au:N/C:N/I:P/A:P)        3.3\nCVE-2014-0118    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2014-0226    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2014-0231    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-1692    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-3523    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3569    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3570    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2014-3571    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3572    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-8142    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-8275    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-9427    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-9652    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-9653    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-9705    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0204    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2015-0205    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-0206    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0207    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0208    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-0209    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-0231    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0232    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-0273    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0285    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2015-0286    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0287    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0288    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0289    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0290    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0291    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0293    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-1787    (AV:N/AC:H/Au:N/C:N/I:N/A:P)        2.6\nCVE-2015-1788    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-2134    (AV:N/AC:M/Au:S/C:P/I:P/A:P)        6.0\nCVE-2015-2139    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\nCVE-2015-2140    (AV:N/AC:M/Au:S/C:P/I:P/A:N)        4.9\nCVE-2015-2301    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-2331    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-2348    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-2787    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-3113    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5122    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5123    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5402    (AV:L/AC:M/Au:N/C:C/I:C/A:C)        6.9\nCVE-2015-5403    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\nCVE-2015-5404    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5405    (AV:N/AC:M/Au:S/C:P/I:P/A:P)        6.0\nCVE-2015-5427    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5428    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5429    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5430    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2015-5431    (AV:N/AC:M/Au:S/C:P/I:P/A:N)        4.9\nCVE-2015-5432    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5433    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlXbREoACgkQ4B86/C0qfVl2EQCcC7+X+ufWAfXznICabd38dIqX\n/uwAmwTKaw3ON48Dwm7wtl1Cw1+vwZGJ\n=kie8\n-----END PGP SIGNATURE-----\n. \n\nReferences:\n\nCVE-2014-8275 Cryptographic Issues (CWE-310)\nCVE-2014-3569 Remote Denial of Service (DoS)\nCVE-2014-3570 Cryptographic Issues (CWE-310)\nCVE-2014-3571 Remote Denial of Service (DoS)\nCVE-2014-3572 Cryptographic Issues (CWE-310)\nCVE-2015-0204 Cryptographic Issues (CWE-310)\nSSRT101885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The\nupdates are available from either of the following sites:\n\nftp://sl098ze:Secure12@h2.usa.hp.com\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08ze or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3569"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007389"
      },
      {
        "db": "BID",
        "id": "71934"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3569"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "129880"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3569",
        "trust": 3.2
      },
      {
        "db": "JUNIPER",
        "id": "JSA10679",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "71934",
        "trust": 1.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10108",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10102",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1033378",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU98974537",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91828320",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007389",
        "trust": 0.8
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3569",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133318",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133317",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129880",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131044",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133316",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133325",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132763",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137201",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130545",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3569"
      },
      {
        "db": "BID",
        "id": "71934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007389"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "129880"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3569"
      }
    ]
  },
  "id": "VAR-201412-0519",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.396927715
  },
  "last_update_date": "2024-07-23T19:45:35.004000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "#3571: Re: [PATCH] Segfault in 1.0.1j BIO_reset() compiled",
        "trust": 1.6,
        "url": "http://rt.openssl.org/ticket/display.html?id=3571\u0026user=guest\u0026pass=guest"
      },
      {
        "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
      },
      {
        "title": "HT204659",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht204659"
      },
      {
        "title": "HT204659",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht204659"
      },
      {
        "title": "cisco-sa-20150310-ssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
      },
      {
        "title": "HPSBMU03397",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
      },
      {
        "title": "HPSBMU03409",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "title": "HPSBHF03289",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
      },
      {
        "title": "HPSBMU03413",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
      },
      {
        "title": "HPSBOV03318",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
      },
      {
        "title": "HPSBUX03162",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
      },
      {
        "title": "HPSBMU03380",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
      },
      {
        "title": "HPSBUX03244 SSRT101885",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04556853"
      },
      {
        "title": "HPSBMU03396",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
      },
      {
        "title": "HPSBMU03611",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "title": "HPSBMU03612",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "title": "NV15-017",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html"
      },
      {
        "title": "commit 392fa7a",
        "trust": 0.8,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5"
      },
      {
        "title": "commit b829247",
        "trust": 0.8,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b"
      },
      {
        "title": "no-ssl3 configuration sets method to NULL (CVE-2014-3569)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150108.txt"
      },
      {
        "title": "commit 6ce9687",
        "trust": 0.8,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "title": "Oracle Third Party Bulletin - January 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "title": "April 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "July 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
      },
      {
        "title": "CVE-2014-3569",
        "trust": 0.8,
        "url": "https://security-tracker.debian.org/tracker/cve-2014-3569"
      },
      {
        "title": "CVE-2014-3569",
        "trust": 0.8,
        "url": "http://people.canonical.com/~ubuntu-security/cve/2014/cve-2014-3569.html"
      },
      {
        "title": "cisco-sa-20150310-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html"
      },
      {
        "title": "TLSA-2015-2",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html"
      },
      {
        "title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "http://buffalo.jp/support_s/s20150327b.html"
      },
      {
        "title": "Red Hat: CVE-2014-3569",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3569"
      },
      {
        "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-469",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-469"
      },
      {
        "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3569"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007389"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007389"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3569"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.4,
        "url": "https://www.openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht204659"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa88"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1033378"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3125"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/71934"
      },
      {
        "trust": 1.1,
        "url": "https://security-tracker.debian.org/tracker/cve-2014-3569"
      },
      {
        "trust": 1.1,
        "url": "http://people.canonical.com/~ubuntu-security/cve/2014/cve-2014-3569.html"
      },
      {
        "trust": 1.1,
        "url": "http://rt.openssl.org/ticket/display.html?id=3571\u0026user=guest\u0026pass=guest"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=b82924741b4bd590da890619be671f4635e46c2b"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=6ce9687b5aba5391fc0de50e18779eb676d0e04d"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98974537/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91828320/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3569"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.6,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.6,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/feb/160"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903784"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902374"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903726"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959633"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.2,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38390"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5409"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result\u0026doc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5413"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5410"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5411"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightcontrol"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/insightupdates"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/smh"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightmanagement"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2019"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2018"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2021"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3569"
      },
      {
        "db": "BID",
        "id": "71934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007389"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "129880"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3569"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3569"
      },
      {
        "db": "BID",
        "id": "71934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007389"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "129880"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3569"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-12-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3569"
      },
      {
        "date": "2014-10-17T00:00:00",
        "db": "BID",
        "id": "71934"
      },
      {
        "date": "2014-12-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007389"
      },
      {
        "date": "2015-08-26T01:33:25",
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "date": "2015-08-26T01:33:18",
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "date": "2015-01-12T17:17:37",
        "db": "PACKETSTORM",
        "id": "129880"
      },
      {
        "date": "2015-03-27T20:42:44",
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "date": "2015-08-26T01:33:07",
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "date": "2016-06-02T19:12:12",
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "date": "2015-08-26T01:35:08",
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "date": "2015-07-21T13:37:51",
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "date": "2016-05-26T09:22:00",
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "date": "2015-02-26T17:13:09",
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "date": "2014-12-24T11:59:00.057000",
        "db": "NVD",
        "id": "CVE-2014-3569"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3569"
      },
      {
        "date": "2017-01-23T00:09:00",
        "db": "BID",
        "id": "71934"
      },
      {
        "date": "2016-10-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007389"
      },
      {
        "date": "2023-11-07T02:20:13.593000",
        "db": "NVD",
        "id": "CVE-2014-3569"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "71934"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  s23_srvr.c of  ssl23_get_client_hello Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007389"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "71934"
      }
    ],
    "trust": 0.3
  }
}

var-200609-1205
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it.

Update:

There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)

files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . ASN.1 Denial of Service Attack (2/2)

 Certain types of public key can take disproportionate amounts of
 time to process. SSL_get_shared_ciphers() Buffer Overflow

 A buffer overflow was discovered in the SSL_get_shared_ciphers()
 utility function. An attacker could send a list of ciphers to an
 application that uses this function and overrun a buffer. SSLv2 Client Crash

 A flaw in the SSLv2 client code was discovered.

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

BACKGROUND

RESOLUTION

HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

PRODUCT SPECIFIC INFORMATION

The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1205",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. Henson  of the OpenSSL core team and Open Network Security is credited  with the discovery of this vulnerability. He created the test suite that uncovered this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. ASN.1 Denial of Service Attack (2/2)\n\n     Certain types of public key can take disproportionate amounts of\n     time to process. SSL_get_shared_ciphers() Buffer Overflow\n\n     A buffer overflow was discovered in the SSL_get_shared_ciphers()\n     utility function. An attacker could send a list of ciphers to an\n     application that uses this function and overrun a buffer. SSLv2 Client Crash\n \n     A flaw in the SSLv2 client code was discovered. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      }
    ],
    "trust": 5.13
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200609-1205",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-06-16T02:33:25.492000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.5,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.2,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.6,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.6,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.6,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.4,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.4,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.4,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.4,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.4,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.2,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
      },
      {
        "trust": 0.1,
        "url": "http://h30097.www3.hp.com/cma/patches.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2006-10-04T00:47:19",
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2007-04-19T00:58:08",
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2011-05-10T00:45:11",
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  }
}

var-201501-0434
Vulnerability from variot

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. OpenSSL is prone to an unspecified security weakness. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004

OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address the following:

Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain admin privileges without properly authenticating Description: An issue existed when checking XPC entitlements. This issue was addressed with improved entitlement checking. CVE-ID CVE-2015-1130 : Emil Kvarnhammar at TrueSec

apache Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.10 and 2.2.29, including one that may allow a remote attacker to execute arbitrary code. These issues were addressed by updating Apache to versions 2.4.10 and 2.2.29 CVE-ID CVE-2013-0118 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523

ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in fontd. These issues were addressed through improved input validation. CVE-ID CVE-2015-1131 : Ian Beer of Google Project Zero CVE-2015-1132 : Ian Beer of Google Project Zero CVE-2015-1133 : Ian Beer of Google Project Zero CVE-2015-1134 : Ian Beer of Google Project Zero CVE-2015-1135 : Ian Beer of Google Project Zero

Certificate Trust Policy Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.

CFNetwork HTTPProtocol Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Cookies belonging to one origin may be sent to another origin Description: A cross-domain cookie issue existed in redirect handling. Cookies set in a redirect response could be passed on to a redirect target belonging to another origin. The issue was address through improved handling of redirects. CVE-ID CVE-2015-1089 : Niklas Keller

CFNetwork Session Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Authentication credentials may be sent to a server on another origin Description: A cross-domain HTTP request headers issue existed in redirect handling. HTTP request headers sent in a redirect response could be passed on to another origin. The issue was addressed through improved handling of redirects. CVE-ID CVE-2015-1091 : Diego Torres (http://dtorres.me)

CFURL Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-1088 : Luigi Galli

CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A use-after-free issue existed in CoreAnimation. This issue was addressed through improved mutex management. CVE-ID CVE-2015-1136 : Apple

FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1093 : Marc Schoenefeld

Graphics Driver Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A NULL pointer dereference existed in NVIDIA graphics driver's handling of certain IOService userclient types. This issue was addressed through additional context validation. CVE-ID CVE-2015-1137 : Frank Graziano and John Villamil of the Yahoo Pentest Team

Hypervisor Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the hypervisor framework. This issue was addressed through improved input validation. CVE-ID CVE-2015-1138 : Izik Eidus and Alex Fishman

ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted .sgi file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of .sgi files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1139 : Apple

IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1095 : Andrew Church

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative, Luca Todesco

IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4404 : Ian Beer of Google Project Zero

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties. CVE-ID CVE-2014-4405 : Ian Beer of Google Project Zero

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A user may be able to execute arbitrary code with system privileges Description: An out-of-bounds write issue exited in the IOHIDFamily driver. The issue was addressed through improved input validation. CVE-ID CVE-2014-4380 : cunzhang from Adlab of Venustech

Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system shutdown Description: An issue existed in the handling of virtual memory operations within the kernel. The issue is fixed through improved handling of the mach_vm_read operation. CVE-ID CVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc.

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc.

Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on OS X. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs

Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative

Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io

LaunchServices Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause the Finder to crash Description: An input validation issue existed in LaunchServices's handling of application localization data. This issue was addressed through improved validation of localization data. CVE-ID CVE-2015-1142

LaunchServices Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in LaunchServices's handling of localized strings. This issue was addressed through additional bounds checking. CVE-ID CVE-2015-1143 : Apple

libnetcore Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc.

ntp Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may brute force ntpd authentication keys Description: The config_auth function in ntpd generated a weak key when an authentication key was not configured. This issue was addressed by improved key generation. CVE-ID CVE-2014-9298

OpenLDAP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote unauthenticated client may be able to cause a denial of service Description: Multiple input validation issues existed in OpenLDAP. These issues were addressed by improved input validation. CVE-ID CVE-2015-1545 : Ryan Tandy CVE-2015-1546 : Ryan Tandy

OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL 0.9.8zc, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers. These issues were addressed by updating OpenSSL to version 0.9.8zd. CVE-ID CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204

Open Directory Client Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A password might be sent unencrypted over the network when using Open Directory from OS X Server Description: If an Open Directory client was bound to an OS X Server but did not install the certificates of the OS X Server, and then a user on that client changed their password, the password change request was sent over the network without encryption. This issue was addressed by having the client require encryption for this case. CVE-ID CVE-2015-1147 : Apple

PHP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.3.29, 5.4.38, and 5.5.20, including one which may have led to arbitrary code execution. This update addresses the issues by updating PHP to versions 5.3.29, 5.4.38, and 5.5.20. CVE-ID CVE-2013-6712 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-3981 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120

QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1098 : Christopher Hickstein

SceneKit Available for: OS X Mountain Lion v10.8.5 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. Viewing a maliciously crafted Collada file may have led to arbitrary code execution. This issue was addressed through improved validation of accessor elements. CVE-ID CVE-2014-8830 : Jose Duart of Google Security Team

Screen Sharing Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A user's password may be logged to a local file Description: In some circumstances, Screen Sharing may log a user's password that is not readable by other users on the system. This issue was addressed by removing logging of credential. CVE-ID CVE-2015-1148 : Apple

Security - Code Signing Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Tampered applications may not be prevented from launching Description: Applications containing specially crafted bundles may have been able to launch without a completely valid signature. This issue was addressed by adding additional checks. CVE-ID CVE-2015-1145 CVE-2015-1146

UniformTypeIdentifiers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in the way Uniform Type Identifiers were handled. This issue was addressed with improved bounds checking. CVE-ID CVE-2015-1144 : Apple

WebKit Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in WebKit. This issues was addressed through improved memory handling. CVE-ID CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative

Security Update 2015-004 (available for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5) also addresses an issue caused by the fix for CVE-2015-1067 in Security Update 2015-002. This issue prevented Remote Apple Events clients on any version from connecting to the Remote Apple Events server. In default configurations, Remote Apple Events is not enabled.

OS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. https://support.apple.com/en-us/HT204658

OS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg lhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l +I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6 DudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj cjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW kHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo pqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv D/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX kEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R 5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b 6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G vVE37tYUU4PnLfwlcazq =MOsT -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-15:01.openssl Security Advisory The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib Module: openssl Announced: 2015-01-14 Affects: All supported versions of FreeBSD. Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE) 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4) 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16) 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE) 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8) 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE) 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22) CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572 CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. Problem Description

A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. [CVE-2014-3571]

A memory leak can occur in the dtls1_buffer_record function under certain conditions. [CVE-2015-0206]

When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. [CVE-2014-3569] This does not affect FreeBSD's default build.

An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. [CVE-2014-3572]

An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. [CVE-2015-0204]

An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. [CVE-2015-0205]

OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. [CVE-2014-8275]

Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. [CVE-2014-3570]

III. Impact

An attacker who can send a carefully crafted DTLS message can cause server daemons that uses OpenSSL to crash, resulting a Denial of Service. [CVE-2014-3571]

An attacker who can send repeated DTLS records with the same sequence number but for the next epoch can exhaust the server's memory and result in a Denial of Service. [CVE-2015-0206]

A server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]

A server could present a weak temporary key and downgrade the security of the session. [CVE-2015-0204]

A client could authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys, which is extremely rare. [CVE-2015-0205]

By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint.

This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected. [CVE-2014-8275]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 8.4 and FreeBSD 9.3]

fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch

fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc

gpg --verify openssl-9.3.patch.asc

[FreeBSD 10.0]

fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch

fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc

gpg --verify openssl-10.0.patch.asc

[FreeBSD 10.1]

fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch

fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc

gpg --verify openssl-10.1.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r276865 releng/8.4/ r277195 stable/9/ r276865 releng/9.3/ r277195 stable/10/ r276864 releng/10.0/ r277195 releng/10.1/ r277195

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.1 (FreeBSD)

iQIcBAEBCgAGBQJUtuEaAAoJEO1n7NZdz2rnQCcP/A19v5HUUhjz5nMbUumRwAmB QCxNKEy6SbAuxtIwGNYJyyxKIK3R9vTHwlgyQZVb4q8FgMHcu4yABeRfov10mO5Q U7RkLOJyca6eqEngkrh+AFfbhqfxtccIMUQkDdegsQcqZd2Ya0VeNfjA8H0XIDoL JSEoCifmxjv6v8ZcpugahsUOBmEWx+vyHJUSPVSv/AsLubzV3hqi4iLpzLky3/dR 4LHGzPny07NkGPVqOBU7mjTs76SzCTS2c4NIVfvbphx8UojMvREbZ8ogCMEVGBXY fIWesi7Y6lhqbSgWj1EXyZF9NTo/Z4nr7Oh1ER5VSAfmhZAdyhEEEGQrg4Jq0VL3 DJ1Y35Up79xXmVjB14COxodI5UO+55wWnXb8r/zy/eh+wv0sHwlTz56wxo7SxAOa xOrQj0VJ7zghLhBO7azacbVYIKpfQkJafb7XRUOqu4wt2y3/jeL+0UkWJnNMROrq aQUB6SdGUVDwQsmodgF0rsGcQYXhaQBPu4KQo8yG8+rpqc2zewi537BJr/PWJvH0 sJ6yYcD7VGyIleVRDpxsg7uBWelnGn+AqHignbyUcic4j/N9lYlF00AVgka2TdOp i5eZtp7m95v53S4fEX2HGwWpOv+AfCrSKQZGpvdNx+9JyD3LyOvFBxs4k0oZWa6J 6FLFZ38YkLcUIzW6I6Kc =ztFk -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update Advisory ID: RHSA-2015:0849-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0849.html Issue date: 2015-04-16 CVE Names: CVE-2014-3570 CVE-2014-3586 CVE-2014-8111 CVE-2015-0204 CVE-2015-0226 CVE-2015-0227 CVE-2015-0277 =====================================================================

  1. Summary:

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available from the Red Hat Customer Portal.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Description:

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.

It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption (CVE-2011-2487) threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2015-0226)

A flaw was found in the way PicketLink's Service Provider and Identity Provider handled certain requests. A remote attacker could use this flaw to log to a victim's account via PicketLink. (CVE-2015-0277)

It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them. (CVE-2015-0204)

It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)

It was found that the Command Line Interface, as provided by Red Hat Enterprise Application Platform, created a history file named .jboss-cli-history in the user's home directory with insecure default file permissions. This could allow a malicious local user to gain information otherwise not accessible to them. (CVE-2014-3586)

The CVE-2015-0277 issue was discovered by Ondrej Kotek of Red Hat.

This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. Documentation for these changes will be available shortly from the JBoss Enterprise Application Platform 6.4.0 Release Notes, linked to in the References.

All users of Red Hat JBoss Enterprise Application Platform 6.3 as provided from the Red Hat Customer Portal are advised to apply this update. The JBoss server process must be restarted for the update to take effect. Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. Bugs fixed (https://bugzilla.redhat.com/):

1126687 - CVE-2014-3586 JBoss AS CLI: Insecure default permissions on history file 1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK) 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results 1182591 - CVE-2014-8111 Tomcat mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing 1191446 - CVE-2015-0226 wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487) 1191451 - CVE-2015-0227 wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property 1194832 - CVE-2015-0277 PicketLink: SP does not take Audience condition of a SAML assertion into account

  1. References:

https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3586 https://access.redhat.com/security/cve/CVE-2014-8111 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0226 https://access.redhat.com/security/cve/CVE-2015-0227 https://access.redhat.com/security/cve/CVE-2015-0277 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=appplatform&version=6.4 https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.

Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe

Easy Update Via ThinPro / EasyUpdate (x86):

http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar

Via ThinPro / EasyUpdate (ARM):

http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar

Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem.

References:

CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101934

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS: All versions prior to 1.4-502.

HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the following locations:

- HP SSL for OpenVMS website:

  http://h71000.www7.hp.com/openvms/products/ssl/ssl.html

- HP Support Center website:

  https://h20566.www2.hp.com/portal/site/hpsc/patch/home

  Note: Login using your HP Passport account.

Release Date: 2015-08-24 Last Updated: 2015-08-24

Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.

References:

CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:

HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment

HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:

http://www.hp.com/go/insightupdates

Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.

HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.

HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location

HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744

HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=

HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169

HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115

HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021

HISTORY Version:1 (rev.1) - 24 August 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0434",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "powerlinux 7r2",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "communications core session manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "7.3.5"
      },
      {
        "model": "communications core session manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "7.2.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zc"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7200"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7700"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7800"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7100"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.1"
      },
      {
        "model": "sparc enterprise m3000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.3"
      },
      {
        "model": "ip38x/fw120",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "rev.11.03.08 before"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "sparc enterprise m5000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "tuning manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "software"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "agent 8.0"
      },
      {
        "model": "sparc enterprise m9000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.2"
      },
      {
        "model": "xcp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "2260"
      },
      {
        "model": "sparc enterprise m4000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 5.0"
      },
      {
        "model": "ip38x/sr100",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.63"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle mobile security suite mss 3.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.71"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "agent 8.0 2007 update release 2"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r3"
      },
      {
        "model": "ip38x/3000",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r2"
      },
      {
        "model": "ip38x/58i",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "3.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "xcp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "ip38x/1200",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.1"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.22 and earlier"
      },
      {
        "model": "ip38x/3500",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.4"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.4"
      },
      {
        "model": "ip38x/n500",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r1"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.2"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 10.0"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.3"
      },
      {
        "model": "ip38x/1210",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "xcp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1120"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 5.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.1"
      },
      {
        "model": "xcp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "(fujitsu m10-1/m10-4/m10-4s server )"
      },
      {
        "model": "sparc enterprise m8000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "ip38x/5000",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.1"
      },
      {
        "model": "device manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "software"
      },
      {
        "model": "ip38x/810",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "rev.11.01.21 before"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7400"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "5200"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "5700"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7300"
      },
      {
        "model": "powerlinux 7r1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.1"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.5"
      },
      {
        "model": "mate collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7600"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.60"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "power system s822",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "bladecenter advanced management module 25r5778",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1948"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "783.00"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5205635"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.80"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "flex system p270 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7954-24x)0"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "6"
      },
      {
        "model": "sparc enterprise m5000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "power systems e870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22025850"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.4"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.50"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.3"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355042540"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "netezza platform software 7.0.4.7-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.1"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "85100"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2.2"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.0"
      },
      {
        "model": "cms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "17.0"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.2"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "flex system p260 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-23x)0"
      },
      {
        "model": "netezza platform software 7.2.0.4-p3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "hunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "junos os 13.3r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.19"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.1"
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "prime security manager 04.8 qa08",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.70"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.21"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "netezza platform software 7.0.2.16-p3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cognos planning interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.4"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0-68"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355041980"
      },
      {
        "model": "power systems 350.c0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.842"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5750"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "app for netapp data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "flex system manager node types",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79550"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2-77"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "telepresence te software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "linux enterprise software development kit sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.1.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350073830"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "7"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.2.2.2"
      },
      {
        "model": "network configuration and change management service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37001.1"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.8"
      },
      {
        "model": "power system s814",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310025820"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.2"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.21"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.60"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.3"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.6.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "10.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.40"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power systems 350.b1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "cognos planning interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.12"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24087380"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power systems 350.e0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "sparc enterprise m5000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.21"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "alienvault",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.1"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.96"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50001.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "power systems 350.e1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "netezza platform software 7.0.2.15-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6.156"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.00"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.8"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12"
      },
      {
        "model": "system management homepage c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079450"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "enterprise content delivery service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4(7.26)"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8.0.10"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.19"
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.4"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "app for stream",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.2"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "power systems 350.a0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "systems insight manager sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.3"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1(5.106)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.3"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "sparc enterprise m4000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.1.8"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1.8"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.3"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22079060"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.4"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x638370"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x88042590"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79180"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "content analysis system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.00"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.02"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.102"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.22"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "application policy infrastructure controller 1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "norman shark scada protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "820.03"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nextscale nx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54550"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5205577"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15-210"
      },
      {
        "model": "10g vfsm for bladecenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.6.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x571451.43"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365042550"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571910"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0-103"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12.201"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.16"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.95"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.3.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.81"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0-95"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.8"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.00"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "ace30 application control engine module 3.0 a5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "junos os 12.3r10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.45"
      },
      {
        "model": "unified computing system b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.96"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.3"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079150"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571480"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.6"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.7"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.1"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2.127"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.50"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.2"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "cms r17 r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087220"
      },
      {
        "model": "sparc enterprise m9000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350073800"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.60"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "netezza platform software 7.1.0.4-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "powerlinux 7r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "norman shark network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3.2"
      },
      {
        "model": "proxysg sgos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5.6.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1-73"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "power systems 350.b0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system idataplex dx360 m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x63910"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "sparc enterprise m4000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "wag310g residential gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "power ese",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0-14"
      },
      {
        "model": "hunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571460"
      },
      {
        "model": "sametime community server hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x571431.43"
      },
      {
        "model": "as infinity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8.1"
      },
      {
        "model": "cognos controller if1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "820.02"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.2"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.00"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.5"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.11"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.7"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.7"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "linux enterprise server for vmware sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux enterprise server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(0.625)"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "agent desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x88079030"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "sametime community server limited use",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "flex system p260 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-22x)0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24087370"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571470"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "jabber voice for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "netezza platform software 7.0.4.8-p3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12.1"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "52056340"
      },
      {
        "model": "ctpos 7.0r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "system management homepage a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11.197"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "power system s824l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15210"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365041990"
      },
      {
        "model": "system m4 hd type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054600"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "flex system interconnect fabric",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.80"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.30"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.0"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "hunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "560"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10g vfsm for bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3.2"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "power 795",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.740"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.3"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "systems insight manager update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.31"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "system management homepage 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.51"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x571430"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system idataplex dx360 m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x73210"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.21"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "cms r17 r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22279160"
      },
      {
        "model": "1:10g switch for bladecenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.10.0"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power system s822l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571450"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5504667"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.10"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5205587"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1.1"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system idataplex dx360 m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x63800"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "ringmaster appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.60"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.19"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.5"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "ctpview 7.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "cognos controller interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.41"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bladecenter js22",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7998-61x)0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vgw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.5"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "business process manager advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.20"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.32"
      },
      {
        "model": "1:10g switch for bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "system m4 bd type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054660"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.19"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.15"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "openssh for gpfs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "src series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079460"
      },
      {
        "model": "iptv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.2"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.8"
      },
      {
        "model": "linux enterprise desktop sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325025830"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.213"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2.106"
      },
      {
        "model": "web security appliance 9.0.0 -fcs",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "systems insight manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079440"
      },
      {
        "model": "bladecenter js23",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x)0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "42000"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mint",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage 7.3.2.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "3"
      },
      {
        "model": "sparc enterprise m8000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571920"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14.20"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.760"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.7"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "84200"
      },
      {
        "model": "physical access gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079470"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "52056330"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571490"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3"
      },
      {
        "model": "1:10g switch for bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.80"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "bladecenter js43 with feature code",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x8446)0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.51"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x330073820"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "2"
      },
      {
        "model": "power system s824",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "ctp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "sparc enterprise m3000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7500"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "sparc enterprise m3000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1.730"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x363071580"
      },
      {
        "model": "power systems e880",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.0"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.5"
      },
      {
        "model": "ctpos 7.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "flex system p460 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-42x)0"
      },
      {
        "model": "content analysis system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.5"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "bladecenter t advanced management module 32r0835",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.801"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.10"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8734-"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.5"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.20"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.12"
      },
      {
        "model": "sparc enterprise m9000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "mobile wireless transport manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mate design",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24078630"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.61"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.143"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "business process manager advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087330"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.20"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24089560"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.90"
      },
      {
        "model": "powervu d9190 conditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.02"
      },
      {
        "model": "bladecenter js12 express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7998-60x)0"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.4"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.1.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.3"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.7"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x353071600"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0(4.29)"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "mate live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0-12"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.50"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "mobile security suite mss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1.104"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.6"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.7"
      },
      {
        "model": "nsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.20"
      },
      {
        "model": "cognos controller if3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.10"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.11"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.6"
      },
      {
        "model": "flex system p24l compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "power system s812l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.10"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.2"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.1"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pulse secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087180"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8731-"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.11"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "systems insight manager sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1.73"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "45000"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310054570"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "783.01"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1"
      },
      {
        "model": "system idataplex dx360 m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x73230"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x363073770"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.10"
      },
      {
        "model": "flex system interconnect fabric",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1841"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "cognos controller fp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.3"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.2(3.1)"
      },
      {
        "model": "netezza platform software 7.1.0.5-p3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.4"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.179"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cms r16",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079140"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.20"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.6"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.01"
      },
      {
        "model": "power systems 350.d0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087520"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.40"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.2"
      },
      {
        "model": "vds service broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "74.90"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.40"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x638370"
      },
      {
        "model": "flex system p260 compute node /fc efd9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.2"
      },
      {
        "model": "app for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "sparc enterprise m4000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5950"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "junos os 12.3x48-d10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054540"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "004.000(1233)"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2.10"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.841"
      },
      {
        "model": "sparc enterprise m8000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.3"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "ctpos 6.6r5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.2"
      },
      {
        "model": "cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "junos os 13.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.103"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.3"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.01"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.52"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "550"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350078390"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "management center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.3.2.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5504965"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "53000"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "sparc enterprise m8000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.60"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.0.121"
      },
      {
        "model": "ios 15.5 s",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "prime performance manager for sps ppm sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.70"
      },
      {
        "model": "content analysis system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2.3.1"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.6"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.31"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x44079170"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.1.2"
      },
      {
        "model": "flex system p460 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-43x)0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "systems insight manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.8"
      },
      {
        "model": "sparc enterprise m9000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79190"
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.750"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.5"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325054580"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.00"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "sparc enterprise m3000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.1"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sparc enterprise m5000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "71939"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007551"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-160"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3570"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zc",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3570"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2014-3570",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-3570",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3570",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201501-160",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3570",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3570"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007551"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-160"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3570"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. OpenSSL is prone to an unspecified security weakness. \nLittle is known about this issue or its effects at this time. We will update this BID as more information emerges. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 are now available\nand address the following:\n\nAdmin Framework\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A process may gain admin privileges without properly\nauthenticating\nDescription:  An issue existed when checking XPC entitlements. This\nissue was addressed with improved entitlement checking. \nCVE-ID\nCVE-2015-1130 : Emil Kvarnhammar at TrueSec\n\napache\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Multiple vulnerabilities in Apache\nDescription:  Multiple vulnerabilities existed in Apache versions\nprior to 2.4.10 and 2.2.29, including one that may allow a remote\nattacker to execute arbitrary code. These issues were addressed by\nupdating Apache to versions 2.4.10 and 2.2.29\nCVE-ID\nCVE-2013-0118\nCVE-2013-5704\nCVE-2013-6438\nCVE-2014-0098\nCVE-2014-0117\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-3523\n\nATS\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  Multiple input validation issues existed in fontd. \nThese issues were addressed through improved input validation. \nCVE-ID\nCVE-2015-1131 : Ian Beer of Google Project Zero\nCVE-2015-1132 : Ian Beer of Google Project Zero\nCVE-2015-1133 : Ian Beer of Google Project Zero\nCVE-2015-1134 : Ian Beer of Google Project Zero\nCVE-2015-1135 : Ian Beer of Google Project Zero\n\nCertificate Trust Policy\nImpact:  Update to the certificate trust policy\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork HTTPProtocol\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Cookies belonging to one origin may be sent to another\norigin\nDescription:  A cross-domain cookie issue existed in redirect\nhandling. Cookies set in a redirect response could be passed on to a\nredirect target belonging to another origin. The issue was address\nthrough improved handling of redirects. \nCVE-ID\nCVE-2015-1089 : Niklas Keller\n\nCFNetwork Session\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Authentication credentials may be sent to a server on\nanother origin\nDescription:  A cross-domain HTTP request headers issue existed in\nredirect handling. HTTP request headers sent in a redirect response\ncould be passed on to another origin. The issue was addressed through\nimproved handling of redirects. \nCVE-ID\nCVE-2015-1091 : Diego Torres (http://dtorres.me)\n\nCFURL\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  An input validation issue existed within URL\nprocessing. This issue was addressed through improved URL validation. \nCVE-ID\nCVE-2015-1088 : Luigi Galli\n\nCoreAnimation\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A use-after-free issue existed in CoreAnimation. This\nissue was addressed through improved mutex management. \nCVE-ID\nCVE-2015-1136 : Apple\n\nFontParser\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nprocessing of font files. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1093 : Marc Schoenefeld\n\nGraphics Driver\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A NULL pointer dereference existed in NVIDIA graphics\ndriver\u0027s handling of certain IOService userclient types. This issue\nwas addressed through additional context validation. \nCVE-ID\nCVE-2015-1137 :\nFrank Graziano and John Villamil of the Yahoo Pentest Team\n\nHypervisor\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A local application may be able to cause a denial of service\nDescription:  An input validation issue existed in the hypervisor\nframework. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-1138 : Izik Eidus and Alex Fishman\n\nImageIO\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Processing a maliciously crafted .sgi file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\n.sgi files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-1139 : Apple\n\nIOHIDFamily\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A malicious HID device may be able to cause arbitrary code\nexecution\nDescription:  A memory corruption issue existed in an IOHIDFamily\nAPI. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1095 : Andrew Church\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A buffer overflow issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1140 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative,\nLuca Todesco\n\nIOHIDFamily\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in IOHIDFamily that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1096 : Ilja van Sprundel of IOActive\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A heap buffer overflow existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4404 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A null pointer dereference existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved validation of IOHIDFamily key-mapping properties. \nCVE-ID\nCVE-2014-4405 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact:  A user may be able to execute arbitrary code with system\nprivileges\nDescription:  An out-of-bounds write issue exited in the IOHIDFamily\ndriver. The issue was addressed through improved input validation. \nCVE-ID\nCVE-2014-4380 : cunzhang from Adlab of Venustech\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to cause unexpected system shutdown\nDescription:  An issue existed in the handling of virtual memory\noperations within the kernel. The issue is fixed through improved\nhandling of the mach_vm_read operation. \nCVE-ID\nCVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A race condition existed in the kernel\u0027s setreuid\nsystem call. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1099 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local application may escalate privileges using a\ncompromised service intended to run with reduced privileges\nDescription:  setreuid and setregid system calls failed to drop\nprivileges permanently. This issue was addressed by correctly\ndropping privileges. \nCVE-ID\nCVE-2015-1117 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  An attacker with a privileged network position may be able\nto redirect user traffic to arbitrary hosts\nDescription:  ICMP redirects were enabled by default on OS X. This\nissue was addressed by disabling ICMP redirects. \nCVE-ID\nCVE-2015-1103 : Zimperium Mobile Security Labs\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  An attacker with a privileged network position may be able\nto cause a denial of service\nDescription:  A state inconsistency existed in the processing of TCP\nheaders. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription:  A out of bounds memory access issue existed in the\nkernel. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1100 : Maxime Villard of m00nbsd\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A remote attacker may be able to bypass network filters\nDescription:  The system would treat some IPv6 packets from remote\nnetwork interfaces as local packets. The issue was addressed by\nrejecting these packets. \nCVE-ID\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1101 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A state inconsistency issue existed in the handling of\nTCP out of band data. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\n\nLaunchServices\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to cause the Finder to crash\nDescription:  An input validation issue existed in LaunchServices\u0027s\nhandling of application localization data. This issue was addressed\nthrough improved validation of localization data. \nCVE-ID\nCVE-2015-1142\n\nLaunchServices\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A type confusion issue existed in LaunchServices\u0027s\nhandling of localized strings. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2015-1143 : Apple\n\nlibnetcore\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Processing a maliciously crafted configuration profile may\nlead to unexpected application termination\nDescription:  A memory corruption issue existed in the handling of\nconfiguration profiles. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of\nFireEye, Inc. \n\nntp\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A remote attacker may brute force ntpd authentication keys\nDescription:  The config_auth function in ntpd generated a weak key\nwhen an authentication key was not configured. This issue was\naddressed by improved key generation. \nCVE-ID\nCVE-2014-9298\n\nOpenLDAP\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A remote unauthenticated client may be able to cause a\ndenial of service\nDescription:  Multiple input validation issues existed in OpenLDAP. \nThese issues were addressed by improved input validation. \nCVE-ID\nCVE-2015-1545 : Ryan Tandy\nCVE-2015-1546 : Ryan Tandy\n\nOpenSSL\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Multiple vulnerabilities in OpenSSL\nDescription:  Multiple vulnerabilities existed in OpenSSL 0.9.8zc,\nincluding one that may allow an attacker to intercept connections to\na server that supports export-grade ciphers. These issues were\naddressed by updating OpenSSL to version 0.9.8zd. \nCVE-ID\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\n\nOpen Directory Client\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A password might be sent unencrypted over the network when\nusing Open Directory from OS X Server\nDescription:  If an Open Directory client was bound to an OS X Server\nbut did not install the certificates of the OS X Server, and then a\nuser on that client changed their password, the password change\nrequest was sent over the network without encryption. This issue was\naddressed by having the client require encryption for this case. \nCVE-ID\nCVE-2015-1147 : Apple\n\nPHP\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Multiple vulnerabilities in PHP\nDescription:  Multiple vulnerabilities existed in PHP versions prior\nto 5.3.29, 5.4.38, and 5.5.20, including one which may have led to\narbitrary code execution. This update addresses the issues by\nupdating PHP to versions 5.3.29, 5.4.38, and 5.5.20. \nCVE-ID\nCVE-2013-6712\nCVE-2014-0207\nCVE-2014-0237\nCVE-2014-0238\nCVE-2014-2497\nCVE-2014-3478\nCVE-2014-3479\nCVE-2014-3480\nCVE-2014-3487\nCVE-2014-3538\nCVE-2014-3587\nCVE-2014-3597\nCVE-2014-3668\nCVE-2014-3669\nCVE-2014-3670\nCVE-2014-3710\nCVE-2014-3981\nCVE-2014-4049\nCVE-2014-4670\nCVE-2014-4698\nCVE-2014-5120\n\nQuickLook\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Opening a maliciously crafted iWork file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\niWork files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-1098 : Christopher Hickstein\n\nSceneKit\nAvailable for:  OS X Mountain Lion v10.8.5\nImpact:  Viewing a maliciously crafted Collada file may lead to\narbitrary code execution\nDescription:  A heap buffer overflow existed in SceneKit\u0027s handling\nof Collada files. Viewing a maliciously crafted Collada file may have\nled to arbitrary code execution. This issue was addressed through\nimproved validation of accessor elements. \nCVE-ID\nCVE-2014-8830 : Jose Duart of Google Security Team\n\nScreen Sharing\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A user\u0027s password may be logged to a local file\nDescription:  In some circumstances, Screen Sharing may log a user\u0027s\npassword that is not readable by other users on the system. This\nissue was addressed by removing logging of credential. \nCVE-ID\nCVE-2015-1148 : Apple\n\nSecurity - Code Signing\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Tampered applications may not be prevented from launching\nDescription:  Applications containing specially crafted bundles may\nhave been able to launch without a completely valid signature. This\nissue was addressed by adding additional checks. \nCVE-ID\nCVE-2015-1145\nCVE-2015-1146\n\nUniformTypeIdentifiers\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A buffer overflow existed in the way Uniform Type\nIdentifiers were handled. This issue was addressed with improved\nbounds checking. \nCVE-ID\nCVE-2015-1144 : Apple\n\nWebKit\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue existed in WebKit. This\nissues was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1069 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nSecurity Update 2015-004 (available for OS X Mountain Lion v10.8.5\nand OS X Mavericks v10.9.5) also addresses an issue caused by the fix\nfor CVE-2015-1067 in Security Update 2015-002. This issue prevented\nRemote Apple Events clients on any version from connecting to the\nRemote Apple Events server. In default configurations, Remote Apple\nEvents is not enabled. \n\nOS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. \nhttps://support.apple.com/en-us/HT204658\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg\nlhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l\n+I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6\nDudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj\ncjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW\nkHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo\npqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv\nD/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX\nkEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R\n5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b\n6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G\nvVE37tYUU4PnLfwlcazq\n=MOsT\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:01.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          OpenSSL multiple vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2015-01-14\nAffects:        All supported versions of FreeBSD. \nCorrected:      2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)\n                2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)\n                2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)\n                2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)\n                2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)\n                2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)\n                2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)\nCVE Name:       CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572\n                CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII.  Problem Description\n\nA carefully crafted DTLS message can cause a segmentation fault in OpenSSL\ndue to a NULL pointer dereference. [CVE-2014-3571]\n\nA memory leak can occur in the dtls1_buffer_record function under certain\nconditions. [CVE-2015-0206]\n\nWhen OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is\nreceived the ssl method would be set to NULL which could later result in\na NULL pointer dereference.  [CVE-2014-3569] This does not affect\nFreeBSD\u0027s default build. \n\nAn OpenSSL client will accept a handshake using an ephemeral ECDH\nciphersuite using an ECDSA certificate if the server key exchange message\nis omitted. [CVE-2014-3572]\n\nAn OpenSSL client will accept the use of an RSA temporary key in a non-export\nRSA key exchange ciphersuite. [CVE-2015-0204]\n\nAn OpenSSL server will accept a DH certificate for client authentication\nwithout the certificate verify message. [CVE-2015-0205]\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings.  OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. [CVE-2014-8275]\n\nBignum squaring (BN_sqr) may produce incorrect results on some\nplatforms, including x86_64. [CVE-2014-3570]\n\nIII. Impact\n\nAn attacker who can send a carefully crafted DTLS message can cause server\ndaemons that uses OpenSSL to crash, resulting a Denial of Service. \n[CVE-2014-3571]\n\nAn attacker who can send repeated DTLS records with the same sequence number\nbut for the next epoch can exhaust the server\u0027s memory and result in a Denial of\nService. [CVE-2015-0206]\n\nA server can remove forward secrecy from the ciphersuite.  [CVE-2014-3572]\n\nA server could present a weak temporary key and downgrade the security of\nthe session. [CVE-2015-0204]\n\nA client could authenticate without the use of a private key.  This only\naffects servers which trust a client certificate authority which issues\ncertificates containing DH keys, which is extremely rare.  [CVE-2015-0205]\n\nBy modifying the contents of the signature algorithm or the encoding of\nthe signature, it is possible to change the certificate\u0027s fingerprint. \n\nThis does not allow an attacker to forge certificates, and does not\naffect certificate verification or OpenSSL servers/clients in any\nother way. It also does not affect common revocation mechanisms.  Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected.  [CVE-2014-8275]\n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 10.0]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r276865\nreleng/8.4/                                                       r277195\nstable/9/                                                         r276865\nreleng/9.3/                                                       r277195\nstable/10/                                                        r276864\nreleng/10.0/                                                      r277195\nreleng/10.1/                                                      r277195\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20150108.txt\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:01.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.1 (FreeBSD)\n\niQIcBAEBCgAGBQJUtuEaAAoJEO1n7NZdz2rnQCcP/A19v5HUUhjz5nMbUumRwAmB\nQCxNKEy6SbAuxtIwGNYJyyxKIK3R9vTHwlgyQZVb4q8FgMHcu4yABeRfov10mO5Q\nU7RkLOJyca6eqEngkrh+AFfbhqfxtccIMUQkDdegsQcqZd2Ya0VeNfjA8H0XIDoL\nJSEoCifmxjv6v8ZcpugahsUOBmEWx+vyHJUSPVSv/AsLubzV3hqi4iLpzLky3/dR\n4LHGzPny07NkGPVqOBU7mjTs76SzCTS2c4NIVfvbphx8UojMvREbZ8ogCMEVGBXY\nfIWesi7Y6lhqbSgWj1EXyZF9NTo/Z4nr7Oh1ER5VSAfmhZAdyhEEEGQrg4Jq0VL3\nDJ1Y35Up79xXmVjB14COxodI5UO+55wWnXb8r/zy/eh+wv0sHwlTz56wxo7SxAOa\nxOrQj0VJ7zghLhBO7azacbVYIKpfQkJafb7XRUOqu4wt2y3/jeL+0UkWJnNMROrq\naQUB6SdGUVDwQsmodgF0rsGcQYXhaQBPu4KQo8yG8+rpqc2zewi537BJr/PWJvH0\nsJ6yYcD7VGyIleVRDpxsg7uBWelnGn+AqHignbyUcic4j/N9lYlF00AVgka2TdOp\ni5eZtp7m95v53S4fEX2HGwWpOv+AfCrSKQZGpvdNx+9JyD3LyOvFBxs4k0oZWa6J\n6FLFZ38YkLcUIzW6I6Kc\n=ztFk\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update\nAdvisory ID:       RHSA-2015:0849-01\nProduct:           Red Hat JBoss Enterprise Application Platform\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-0849.html\nIssue date:        2015-04-16\nCVE Names:         CVE-2014-3570 CVE-2014-3586 CVE-2014-8111 \n                   CVE-2015-0204 CVE-2015-0226 CVE-2015-0227 \n                   CVE-2015-0277 \n=====================================================================\n\n1. Summary:\n\nUpdated packages that provide Red Hat JBoss Enterprise Application Platform\n6.4.0, and fix multiple security issues, several bugs, and add various\nenhancements, are now available from the Red Hat Customer Portal. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nIt was found that a prior countermeasure in Apache WSS4J for\nBleichenbacher\u0027s attack on XML Encryption (CVE-2011-2487) threw an\nexception that permitted an attacker to determine the failure of the\nattempted attack, thereby leaving WSS4J vulnerable to the attack. \nThe original flaw allowed a remote attacker to recover the entire plain\ntext form of a symmetric key. (CVE-2015-0226)\n\nA flaw was found in the way PicketLink\u0027s Service Provider and Identity\nProvider handled certain requests. A remote attacker could use this flaw to\nlog to a victim\u0027s account via PicketLink. (CVE-2015-0277)\n\nIt was discovered that a JkUnmount rule for a subtree of a previous JkMount\nrule could be ignored. This could allow a remote attacker to potentially\naccess a private artifact in a tree that would otherwise not be accessible\nto them. (CVE-2015-0204)\n\nIt was found that Apache WSS4J permitted bypass of the\nrequireSignedEncryptedDataElements configuration property via XML Signature\nwrapping attacks. A remote attacker could use this flaw to modify the\ncontents of a signed request. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was found that the Command Line Interface, as provided by Red Hat\nEnterprise Application Platform, created a history file named\n.jboss-cli-history in the user\u0027s home directory with insecure default file\npermissions. This could allow a malicious local user to gain information\notherwise not accessible to them. (CVE-2014-3586)\n\nThe CVE-2015-0277 issue was discovered by Ondrej Kotek of Red Hat. \n\nThis release of JBoss Enterprise Application Platform also includes bug\nfixes and enhancements. Documentation for these changes will be available\nshortly from the JBoss Enterprise Application Platform 6.4.0 Release Notes,\nlinked to in the References. \n\nAll users of Red Hat JBoss Enterprise Application Platform 6.3 as provided\nfrom the Red Hat Customer Portal are advised to apply this update. \nThe JBoss server process must be restarted for the update to take effect. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting Red Hat JBoss Enterprise Application Platform installation and\ndeployed applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n1126687 - CVE-2014-3586 JBoss AS CLI: Insecure default permissions on history file\n1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n1182591 - CVE-2014-8111 Tomcat mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing\n1191446 - CVE-2015-0226 wss4j: Apache WSS4J is vulnerable to Bleichenbacher\u0027s attack (incomplete fix for CVE-2011-2487)\n1191451 - CVE-2015-0227 wss4j: Apache WSS4J doesn\u0027t correctly enforce the requireSignedEncryptedDataElements property\n1194832 - CVE-2015-0277 PicketLink: SP does not take Audience condition of a SAML assertion into account\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3586\nhttps://access.redhat.com/security/cve/CVE-2014-8111\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0226\nhttps://access.redhat.com/security/cve/CVE-2015-0227\nhttps://access.redhat.com/security/cve/CVE-2015-0277\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=appplatform\u0026version=6.4\nhttps://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. \n\nReferences:\n\n  CVE-2014-8275 Cryptographic Issues (CWE-310)\n  CVE-2014-3569 Remote Denial of Service (DoS)\n  CVE-2014-3570 Cryptographic Issues (CWE-310)\n  CVE-2014-3571 Remote Denial of Service (DoS)\n  CVE-2014-3572 Cryptographic Issues (CWE-310)\n  CVE-2015-0204 Cryptographic Issues (CWE-310)\n  SSRT101934\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL for OpenVMS: All versions prior to 1.4-502. \n\n  HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the\nfollowing locations:\n\n    - HP SSL for OpenVMS website:\n\n      http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\n    - HP Support Center website:\n\n      https://h20566.www2.hp.com/portal/site/hpsc/patch/home\n\n      Note: Login using your HP Passport account. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5107    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2013-0248    (AV:L/AC:M/Au:N/C:N/I:P/A:P)        3.3\nCVE-2014-0118    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2014-0226    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2014-0231    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-1692    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-3523    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3569    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3570    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2014-3571    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3572    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-8142    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-8275    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-9427    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-9652    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-9653    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-9705    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0204    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2015-0205    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-0206    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0207    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0208    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-0209    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-0231    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0232    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-0273    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0285    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2015-0286    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0287    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0288    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0289    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0290    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0291    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0293    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-1787    (AV:N/AC:H/Au:N/C:N/I:N/A:P)        2.6\nCVE-2015-1788    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-2134    (AV:N/AC:M/Au:S/C:P/I:P/A:P)        6.0\nCVE-2015-2139    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\nCVE-2015-2140    (AV:N/AC:M/Au:S/C:P/I:P/A:N)        4.9\nCVE-2015-2301    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-2331    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-2348    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-2787    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-3113    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5122    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5123    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5402    (AV:L/AC:M/Au:N/C:C/I:C/A:C)        6.9\nCVE-2015-5403    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\nCVE-2015-5404    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5405    (AV:N/AC:M/Au:S/C:P/I:P/A:P)        6.0\nCVE-2015-5427    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5428    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5429    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5430    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2015-5431    (AV:N/AC:M/Au:S/C:P/I:P/A:N)        4.9\nCVE-2015-5432    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5433    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3570"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007551"
      },
      {
        "db": "BID",
        "id": "71939"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3570"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "db": "PACKETSTORM",
        "id": "129973"
      },
      {
        "db": "PACKETSTORM",
        "id": "131471"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3570",
        "trust": 3.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10679",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "71939",
        "trust": 1.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10102",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10108",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1033378",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU91828320",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU98974537",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007551",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2148",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4252",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-160",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3570",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133318",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131359",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129973",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131471",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133316",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130987",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131408",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133325",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132763",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3570"
      },
      {
        "db": "BID",
        "id": "71939"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007551"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "db": "PACKETSTORM",
        "id": "129973"
      },
      {
        "db": "PACKETSTORM",
        "id": "131471"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-160"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3570"
      }
    ]
  },
  "id": "VAR-201501-0434",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.36198661599999993
  },
  "last_update_date": "2024-06-14T21:15:22.926000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
      },
      {
        "title": "HT204659",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht204659"
      },
      {
        "title": "HT204659",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht204659"
      },
      {
        "title": "cisco-sa-20150310-ssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
      },
      {
        "title": "Fix for CVE-2014-3570 (with minor bn_asm.c revamp).",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0"
      },
      {
        "title": "HS15-031",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs15-031/index.html"
      },
      {
        "title": "HPSBUX03244 SSRT101885",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04556853"
      },
      {
        "title": "HPSBGN03299",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
      },
      {
        "title": "HPSBHF03289",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
      },
      {
        "title": "NV15-017",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html"
      },
      {
        "title": "Bignum squaring may produce incorrect results (CVE-2014-3570)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150108.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Oracle Third Party Bulletin - January 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "title": "RHSA-2015:0066",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0066.html"
      },
      {
        "title": "RHSA-2015:0849 ",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0849.html"
      },
      {
        "title": "July 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "April 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "cisco-sa-20150310-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html"
      },
      {
        "title": "HS15-031",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs15-031/index.html"
      },
      {
        "title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "http://buffalo.jp/support_s/s20150327b.html"
      },
      {
        "title": "TLSA-2015-2",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html"
      },
      {
        "title": "openssl-1.0.0p",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53190"
      },
      {
        "title": "openssl-0.9.8zd",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53189"
      },
      {
        "title": "openssl-1.0.1k.tar.gz",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53191"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150066 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2014-3570",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3570"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2459-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150108\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-03"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-469",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-469"
      },
      {
        "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
      },
      {
        "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
      },
      {
        "title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3570"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007551"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-160"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007551"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3570"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0849.html"
      },
      {
        "trust": 1.4,
        "url": "https://www.openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.4,
        "url": "https://bto.bluecoat.com/security-advisory/sa88"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.1,
        "url": "https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/71939"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3125"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht204659"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1650.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1033378"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91828320/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98974537/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3570"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.6,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.6,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4252/"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
      },
      {
        "trust": 0.3,
        "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/feb/160"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101010784"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857"
      },
      {
        "trust": 0.3,
        "url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101008182"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022575"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097733"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883287"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097504"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699235"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903726"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411"
      },
      {
        "trust": 0.3,
        "url": "www-01.ibm.com/support/docview.wss?uid=swg21700028"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959002"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699052"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699810"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-3570"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/310.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36959"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2459-1/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0118"
      },
      {
        "trust": 0.1,
        "url": "https://www.frida.re"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht204658"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6438"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3597"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3670"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2497"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3587"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3669"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0098"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3538"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0117"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3668"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704"
      },
      {
        "trust": 0.1,
        "url": "http://dtorres.me)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6712"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20150108.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-15:01.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3586"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0277"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0277"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0226"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8111"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8111"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3586"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=appplatform\u0026version=6.4"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0227"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0227"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0226"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5409"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result\u0026doc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5413"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5410"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5411"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/patch/home"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/insightupdates"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/smh"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3570"
      },
      {
        "db": "BID",
        "id": "71939"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007551"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "db": "PACKETSTORM",
        "id": "129973"
      },
      {
        "db": "PACKETSTORM",
        "id": "131471"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-160"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3570"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3570"
      },
      {
        "db": "BID",
        "id": "71939"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007551"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "db": "PACKETSTORM",
        "id": "129973"
      },
      {
        "db": "PACKETSTORM",
        "id": "131471"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-160"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3570"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-01-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3570"
      },
      {
        "date": "2015-01-08T00:00:00",
        "db": "BID",
        "id": "71939"
      },
      {
        "date": "2015-01-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007551"
      },
      {
        "date": "2015-08-26T01:33:25",
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "date": "2015-04-09T16:30:50",
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "date": "2015-01-15T16:53:07",
        "db": "PACKETSTORM",
        "id": "129973"
      },
      {
        "date": "2015-04-17T06:44:37",
        "db": "PACKETSTORM",
        "id": "131471"
      },
      {
        "date": "2015-08-26T01:33:07",
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "date": "2015-03-24T17:05:09",
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "date": "2015-04-14T18:54:44",
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "date": "2015-08-26T01:35:08",
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "date": "2015-07-21T13:37:51",
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "date": "2015-01-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-160"
      },
      {
        "date": "2015-01-09T02:59:00.053000",
        "db": "NVD",
        "id": "CVE-2014-3570"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3570"
      },
      {
        "date": "2017-01-23T00:09:00",
        "db": "BID",
        "id": "71939"
      },
      {
        "date": "2016-08-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007551"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-160"
      },
      {
        "date": "2017-11-15T02:29:05.220000",
        "db": "NVD",
        "id": "CVE-2014-3570"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "131471"
      },
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-160"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  BN_sqr Vulnerability that breaks cryptographic protection mechanisms",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007551"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-160"
      }
    ],
    "trust": 0.6
  }
}

var-201401-0254
Vulnerability from variot

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. OpenSSL is prone to multiple security-bypass vulnerabilities. Successfully exploiting these issues may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. OpenSSL versions 0.9.8y, and 1.0.0 through 1.0.1e are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04239372

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04239372 Version: 4

HPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-04-13 Last Updated: 2014-05-13

Potential Security Impact: Remote disclosure of information, Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information.

References:

CVE-2014-0160 (SSRT101501) Disclosure of Information - "Heartbleed" CVE-2013-4353 Denial of Service (DoS) CVE-2013-6449 Denial of Service (DoS) CVE-2013-6450 Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3, v7.3.1 for Linux and Windows.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2013-4353 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-6449 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-6450 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH):

Product version/Platform Download Location

SMH 7.2.3 Windows x86 http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52

SMH 7.2.3 Windows x64 http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37

SMH 7.3.2.1(B) Windows x86 http://www.hp.com/swpublishing/MTX-27e03b2f9cd24e77adc9dba94a

SMH 7.3.2.1(B) Windows x64 http://www.hp.com/swpublishing/MTX-37075daeead2433cb41b59ae76

SMH 7.3.2 Linux x86 http://www.hp.com/swpublishing/MTX-3d92ccccf85f404e8ba36a8178

SMH 7.3.2 Linux x64 http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37

Notes

SMH 7.2.3 recommended for customers running Windows 2003 OS Updated OpenSSL to version 1.0.1g

Note: If you believe your SMH installation was exploited while it was running components vulnerable to heartbleed, there are some steps to perform after youve upgraded to the non-vulnerable components. These steps include revoking, recreating, and re-importing certificates and resetting passwords that might have been harvested by a malicious attacker using the heartbleed vulnerability.

Impact on VCA - VCRM communication: VCA configures VCRM by importing the SMH certificate from the SMH of VCA into the SMH of VCRM. When this certificate is deleted & regenerated (as suggested before), it needs to be (re)imported if the user wants to continue with Trust by Certificate option, and the outdated certificate should be revoked (deleted) from each location where it was previously imported. If you use HPSIMs 2-way trust feature, and have imported SMH certificates into HPSIM, you will also need to revoke those SMH certificated from HPSIM and reimport the newly created SMH certificates. Though SMH uses OS credentials using OS-based APIs, user provided credentials are passed from the client (browser) to the server (SMH) using the HTTPS protocol. If you suspect your systems using SMH were exploited while they were vulnerable to heartbleed, these passwords need to be reset.

Frequently Asked Questions

Will updated systems require a reboot after applying the SMH patch? No, reboot of the system will not be required. Installing the new build is sufficient to get back to the normal state. Is a Firmware Update necessary in addition to the SMH patch? No, only the SMH update is sufficient to remove the heartbleed-vulnerable version of SMH. Will new certificates be issued along with the patch, or need to be handled separately? If you suspect the certificate has been compromised due to this vulnerability, we do recommend to delete and revoke the certificate, or SMH will reuse the existing certificate. New certificate will be created when SMH service starts (at the end of the fresh / upgrade installation). Instructions on deleting the certificate are in the notes above. Where can I get SMH documentation? All major documents are available at: http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library Select HP Insight Management under Product and Solutions & check HP System Management Homepage to get SMH related documents.

What are the recommended upgrade paths? See the table below: SMH DVD SPP Recommended SMH update for Linux Recommended SMH update for Windows 2003 and Widows 2003 R2 Recommended SMH update for other Windows OS versions

v7.1.2 v7.1.2 2012.10.0 v7.3.2 v7.2.3 v7.3.2

v7.2.0 v7.2.0 2013.02.0(B) v7.3.2 v7.2.3 v7.3.2

v7.2.1 v7.2u1

v7.3.2 v7.2.3 v7.3.2

v7.2.2 v7.2u2 2013.09.0(B) v7.3.2 v7.2.3 v7.3.2

v7.3.0 v7.3.0

v7.3.2 not supported v7.3.2

v7.3.1 v7.3.1 2014.02.0 v7.3.2 not supported v7.3.2

How can I verify whether my setup is patched successfully? SMH version can be verified by executing following command on: Windows: hp\hpsmh\bin\smhlogreader version Linux: /opt/hp/hpsmh/bin/smhlogreader version Will VCA-VCRM communication be impacted due to the SMH certificate being deleted? VCA configures VCRM by importing the SMH certificate (sslshare\cert.pem) from the SMH of VCA to the SMH of VCRM. When this certificate is deleted & regenerated (as suggested before), it needs to be (re)imported if user wants to continue with Trust by Certificate option, and remove the old, previously imported certificate. Should I reset password on all managed nodes, where SMH was/is running? Though SMH uses OS credentials using OS based APIs, user-provided credentials are passed from the client (browser) to the server (SMH) using the HTTPS protocol. Passwords need to be reset if you suspect the vulnerable version of SMH was exploited by malicious users/ hackers.

HISTORY Version:1 (rev.1) - 13 April 2014 Initial release Version:2 (rev.2) - 17 April 2014 SMH 7.2.3 and 7.3.2 released Version:3 (rev.3) - 30 April 2014 SMH 7.3.2.1(B) released Version:4 (rev.4) - 13 May 2014 Added additional remediation steps for post update installation

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlNyLMAACgkQ4B86/C0qfVm6RQCg4JuHEt+iZq+td37hPIp27qrd fm4AoKM1d7+F05Xo87Bicnmh0OHidg/O =bK11 -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-2079-1 January 09, 2014

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.10
  • Ubuntu 13.04
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL. (CVE-2013-4353)

Ron Barber discovered that OpenSSL used an incorrect data structure to obtain a version number. (CVE-2013-6449)

Dmitry Sobinov discovered that OpenSSL incorrectly handled certain DTLS retransmissions. (CVE-2013-6450)

This update also disables the default use of the RdRand feature of certain Intel CPUs as the sole source of entropy.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.1

Ubuntu 13.04: libssl1.0.0 1.0.1c-4ubuntu8.2

Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.6

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.11

After a standard system update you need to reboot your computer to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2079-1 CVE-2013-4353, CVE-2013-6449, CVE-2013-6450

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.1 https://launchpad.net/ubuntu/+source/openssl/1.0.1c-4ubuntu8.2 https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.6 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.11

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-14:03.openssl Security Advisory The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib Module: openssl Announced: 2014-01-14 Affects: FreeBSD 10.0 prior to 10.0-RC5 Corrected: 2014-01-07 20:04:41 UTC (stable/10, 10.0-PRERELEASE) 2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC5) 2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC4-p1) 2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC3-p1) 2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC2-p1) 2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC1-p1) CVE Name: CVE-2013-4353, CVE-2013-6449, CVE-2013-6450

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. Problem Description

A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. [CVE-2013-4353]

A flaw in DTLS handling can cause an application using OpenSSL and DTLS to crash. [CVE-2013-6450]

A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2. [CVE-2013-6449]

III.

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

fetch http://security.FreeBSD.org/patches/SA-14:03/openssl.patch

fetch http://security.FreeBSD.org/patches/SA-14:03/openssl.patch.asc

gpg --verify openssl.patch.asc

b) Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

3) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/10/ r260404 releng/10.0/ r260405

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-39

                                        http://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 26, 2014 Bugs: #494816, #519264, #525468 ID: 201412-39

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1j *>= 0.9.8z_p2 >= 1.0.1j

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Resolution

All OpenSSL 1.0.1 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j"

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.

References

[ 1 ] CVE-2013-6449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449 [ 2 ] CVE-2013-6450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450 [ 3 ] CVE-2014-3505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505 [ 4 ] CVE-2014-3506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506 [ 5 ] CVE-2014-3507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507 [ 6 ] CVE-2014-3509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509 [ 7 ] CVE-2014-3510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510 [ 8 ] CVE-2014-3511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511 [ 9 ] CVE-2014-3512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512 [ 10 ] CVE-2014-3513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513 [ 11 ] CVE-2014-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567 [ 12 ] CVE-2014-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568 [ 13 ] CVE-2014-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201412-39.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

[slackware-security] openssl (SSA:2014-013-02)

New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1f-i486-1_slack14.1.txz: Upgraded. This update fixes the following security issues: Fix for TLS record tampering bug CVE-2013-4353 Fix for TLS version checking bug CVE-2013-6449 Fix for DTLS retransmission bug CVE-2013-6450 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450 ( Security fix ) patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1f-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1f-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1f-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1f-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1f-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1f-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1f-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1f-i486-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1f-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1f-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: f059432e11a6b17643e7b8f1d78c5ce3 openssl-0.9.8y-i486-1_slack13.0.txz 46c623b2e58053d308b3d9eb735be26b openssl-solibs-0.9.8y-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: 4fb6f07f85ec4ea26cc67d8b1c037fa9 openssl-0.9.8y-x86_64-1_slack13.0.txz 55bafd74f182806b1dcd076f31683743 openssl-solibs-0.9.8y-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 9713a64881622c63d0756ec9a5914980 openssl-0.9.8y-i486-1_slack13.1.txz 5d8e3984389bd080bc37b9d1276c7a7d openssl-solibs-0.9.8y-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 821c76387f3ffa388af9e5bf81185758 openssl-0.9.8y-x86_64-1_slack13.1.txz b6d525a53b4cda641166f19ee70a9650 openssl-solibs-0.9.8y-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 5195be05b85f5eb2bd4bf9ebf0a73ff9 openssl-0.9.8y-i486-1_slack13.37.txz 5248a839148fa91de52361335dc051f5 openssl-solibs-0.9.8y-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 15e13676d0def5f0dac1e7a4704e0016 openssl-0.9.8y-x86_64-1_slack13.37.txz d4e5bd308d2e918c6bd7616343370c49 openssl-solibs-0.9.8y-x86_64-1_slack13.37.txz

Slackware 14.0 packages: 1bb0907950c9f573899db21db15eb2b7 openssl-1.0.1f-i486-1_slack14.0.txz 677d7a6f86c4ae1ba507de9e9efba2f0 openssl-solibs-1.0.1f-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: e006bdbf032de2a5b6b6a3304e96473f openssl-1.0.1f-x86_64-1_slack14.0.txz 56958f463cc6e78451c9096a266d9085 openssl-solibs-1.0.1f-x86_64-1_slack14.0.txz

Slackware 14.1 packages: e0c4e52c930fb32aa4ddf23079ac1e42 openssl-1.0.1f-i486-1_slack14.1.txz 3e51d8f2c1a9b763f037aa8dd51ad548 openssl-solibs-1.0.1f-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 2f18bac7c335eab1251decd15d8fce4c openssl-1.0.1f-x86_64-1_slack14.1.txz a61b7c01a06974b55a692c7359d16183 openssl-solibs-1.0.1f-x86_64-1_slack14.1.txz

Slackware -current packages: c07a84c4dc4dd27cc0c452fb650f2b5b a/openssl-solibs-1.0.1f-i486-1.txz 454153984c2d8bb76ff631416cc3550a n/openssl-1.0.1f-i486-1.txz

Slackware x86_64 -current packages: 9bef5de5f7d04d5c4fdd5ad62801472e a/openssl-solibs-1.0.1f-x86_64-1.txz 6523e9d4befa8e1531ffd5a9377c897b n/openssl-1.0.1f-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1f-i486-1_slack14.1.txz openssl-solibs-1.0.1f-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.

For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u1.

For the unstable distribution (sid), these problems have been fixed in version 1.0.1e-5.

We recommend that you upgrade your openssl packages.

The updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450

Updated Packages:

Mandriva Business Server 1/X86_64: 0a21492e02429e199dfc88e8d502de88 mbs1/x86_64/lib64openssl1.0.0-1.0.0k-1.1.mbs1.x86_64.rpm 13eaad31a74bb167ce0d661eb25b5ca1 mbs1/x86_64/lib64openssl-devel-1.0.0k-1.1.mbs1.x86_64.rpm fca41114d79983a4d7600ba9a97cea3f mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0k-1.1.mbs1.x86_64.rpm acaf2f9638cf2bafeeb3a0aebc173e85 mbs1/x86_64/lib64openssl-static-devel-1.0.0k-1.1.mbs1.x86_64.rpm 8d7142a0c95315a29de750e2e29f2174 mbs1/x86_64/openssl-1.0.0k-1.1.mbs1.x86_64.rpm 35c5ec534b80c03ae237526e75c52c18 mbs1/SRPMS/openssl-1.0.0k-1.1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0254",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "cms r16 r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "virtual i/o server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "virtual i/o server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.21-21"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "13.10"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "10.0-beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.4"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "flex system common agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.20.5.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "tivoli storage productivity center fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.14"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2143"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "puppet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1.2"
      },
      {
        "model": "cms r16.3 r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.21"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.3"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56009.7"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.18"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.11"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "systems director common agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.4"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77109.7"
      },
      {
        "model": "systems director common agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.185"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "flex system platform agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.1"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.0.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1.1"
      },
      {
        "model": "virtual i/o server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "560010.1"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.18"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.17"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.10"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.4"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77009.7"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.33"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.26"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.4"
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.8.3"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.11"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.1.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "cms r17 r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.07"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "cms r16",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.3"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.15"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.170"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "sheep fencing llc pfsense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "electric",
        "version": "2.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.10"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.5"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.21"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.212"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.23"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.5"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.21-20"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "76009.7"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "smart analytics system for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10509.7"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.177"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.41"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.21"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "netcool/system service monitor fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.014"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.23"
      },
      {
        "model": "sheep fencing llc pfsense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "electric",
        "version": "2.1.1"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.4"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "systems director platform agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7"
      },
      {
        "model": "tivoli netcool system service monitors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.178"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.13"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.145"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57109.7"
      },
      {
        "model": "tivoli storage productivity center fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.10"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.22"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.13"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.5"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.143"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.20"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.13"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.3"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "cms r17 r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.40"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.32"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "infosphere balanced warehouse d5100",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.19"
      },
      {
        "model": "systems director platform agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.4"
      },
      {
        "model": "puppet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.14"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "cms r16 r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.5"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "virtual i/o server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "system management homepage 7.3.2.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "13.04"
      },
      {
        "model": "smart analytics system for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20509.7"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64618"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported these issues.",
    "sources": [
      {
        "db": "BID",
        "id": "64618"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-6450",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-6450",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201401-001",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. OpenSSL is prone to multiple security-bypass vulnerabilities. \nSuccessfully exploiting these issues may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. \nOpenSSL versions 0.9.8y, and 1.0.0 through 1.0.1e are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04239372\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04239372\nVersion: 4\n\nHPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on\nLinux and Windows, Remote Disclosure of Information, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-04-13\nLast Updated: 2014-05-13\n\nPotential Security Impact: Remote disclosure of information, Denial of\nService (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) running on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in Denial of Service (DoS). Also\nincluded is the OpenSSL vulnerability known as \"Heartbleed\" which could be\nexploited remotely resulting in disclosure of information. \n\nReferences:\n\nCVE-2014-0160 (SSRT101501) Disclosure of Information - \"Heartbleed\"\nCVE-2013-4353 Denial of Service (DoS)\nCVE-2013-6449 Denial of Service (DoS)\nCVE-2013-6450 Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3,\nv7.3.1 for Linux and Windows. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2013-4353    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2013-6449    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2013-6450    (AV:N/AC:M/Au:N/C:N/I:P/A:P)       5.8\nCVE-2014-0160    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities for the impacted versions of HP System Management Homepage\n(SMH):\n\nProduct version/Platform\n Download Location\n\nSMH 7.2.3 Windows x86\n http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52\n\nSMH 7.2.3 Windows x64\n http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37\n\nSMH 7.3.2.1(B) Windows x86\n http://www.hp.com/swpublishing/MTX-27e03b2f9cd24e77adc9dba94a\n\nSMH 7.3.2.1(B) Windows x64\n http://www.hp.com/swpublishing/MTX-37075daeead2433cb41b59ae76\n\nSMH 7.3.2 Linux x86\n http://www.hp.com/swpublishing/MTX-3d92ccccf85f404e8ba36a8178\n\nSMH 7.3.2 Linux x64\n http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37\n\nNotes\n\nSMH 7.2.3 recommended for customers running Windows 2003 OS\nUpdated OpenSSL to version 1.0.1g\n\nNote: If you believe your SMH installation was exploited while it was running\ncomponents vulnerable to heartbleed, there are some steps to perform after\nyouve upgraded to the non-vulnerable components. These steps include\nrevoking, recreating, and re-importing certificates and resetting passwords\nthat might have been harvested by a malicious attacker using the heartbleed\nvulnerability. \n\nImpact on VCA - VCRM communication: VCA configures VCRM by importing the SMH\ncertificate from the SMH of VCA into the SMH of VCRM. When this certificate\nis deleted \u0026 regenerated (as suggested before), it needs to be (re)imported\nif the user wants to continue with Trust by Certificate option, and the\noutdated certificate should be revoked (deleted) from each location where it\nwas previously imported. \nIf you use HPSIMs 2-way trust feature, and have imported SMH certificates\ninto HPSIM, you will also need to revoke those SMH certificated from HPSIM\nand reimport the newly created SMH certificates. \nThough SMH uses OS credentials using OS-based APIs, user provided credentials\nare passed from the client (browser) to the server (SMH) using the HTTPS\nprotocol. If you suspect your systems using SMH were exploited while they\nwere vulnerable to heartbleed, these passwords need to be reset. \n\nFrequently Asked Questions\n\nWill updated systems require a reboot after applying the SMH patch?\nNo, reboot of the system will not be required. Installing the new build is\nsufficient to get back to the normal state. \nIs a Firmware Update necessary in addition to the SMH patch?\nNo, only the SMH update is sufficient to remove the heartbleed-vulnerable\nversion of SMH. \nWill new certificates be issued along with the patch, or need to be handled\nseparately?\nIf you suspect the certificate has been compromised due to this\nvulnerability, we do recommend to delete and revoke the certificate, or SMH\nwill reuse the existing certificate. New certificate will be created when SMH\nservice starts (at the end of the fresh / upgrade installation). Instructions\non deleting the certificate are in the notes above. \nWhere can I get SMH documentation?\nAll major documents are available at:\nhttp://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library\nSelect HP Insight Management under Product and Solutions \u0026 check HP System\nManagement Homepage to get SMH related documents. \n\nWhat are the recommended upgrade paths?\nSee the table below:\nSMH\n DVD\n SPP\n Recommended SMH update for Linux\n Recommended SMH update for Windows 2003 and Widows 2003 R2\n Recommended SMH update for other Windows OS versions\n\nv7.1.2\n v7.1.2\n 2012.10.0\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.2.0\n v7.2.0\n 2013.02.0(B)\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.2.1\n v7.2u1\n\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.2.2\n v7.2u2\n 2013.09.0(B)\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.3.0\n v7.3.0\n\n v7.3.2\n not supported\n v7.3.2\n\nv7.3.1\n v7.3.1\n 2014.02.0\n v7.3.2\n not supported\n v7.3.2\n\nHow can I verify whether my setup is patched successfully?\nSMH version can be verified by executing following command on:\nWindows: hp\\hpsmh\\bin\\smhlogreader version\nLinux: /opt/hp/hpsmh/bin/smhlogreader version\nWill VCA-VCRM communication be impacted due to the SMH certificate being\ndeleted?\nVCA configures VCRM by importing the SMH certificate (sslshare\\cert.pem) from\nthe SMH of VCA to the SMH of VCRM. When this certificate is deleted \u0026\nregenerated (as suggested before), it needs to be (re)imported if user wants\nto continue with Trust by Certificate option, and remove the old, previously\nimported certificate. \nShould I reset password on all managed nodes, where SMH was/is running?\nThough SMH uses OS credentials using OS based APIs, user-provided credentials\nare passed from the client (browser) to the server (SMH) using the HTTPS\nprotocol. Passwords need to be reset if you suspect the vulnerable version of\nSMH was exploited by malicious users/ hackers. \n\nHISTORY\nVersion:1 (rev.1) - 13 April 2014 Initial release\nVersion:2 (rev.2) - 17 April 2014 SMH 7.2.3 and 7.3.2 released\nVersion:3 (rev.3) - 30 April 2014 SMH 7.3.2.1(B) released\nVersion:4 (rev.4) - 13 May 2014 Added additional remediation steps for post\nupdate installation\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlNyLMAACgkQ4B86/C0qfVm6RQCg4JuHEt+iZq+td37hPIp27qrd\nfm4AoKM1d7+F05Xo87Bicnmh0OHidg/O\n=bK11\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-2079-1\nJanuary 09, 2014\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.10\n- Ubuntu 13.04\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2013-4353)\n\nRon Barber discovered that OpenSSL used an incorrect data structure to\nobtain a version number. (CVE-2013-6449)\n\nDmitry Sobinov discovered that OpenSSL incorrectly handled certain DTLS\nretransmissions. (CVE-2013-6450)\n\nThis update also disables the default use of the RdRand feature of certain\nIntel CPUs as the sole source of entropy. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.10:\n  libssl1.0.0                     1.0.1e-3ubuntu1.1\n\nUbuntu 13.04:\n  libssl1.0.0                     1.0.1c-4ubuntu8.2\n\nUbuntu 12.10:\n  libssl1.0.0                     1.0.1c-3ubuntu2.6\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.11\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2079-1\n  CVE-2013-4353, CVE-2013-6449, CVE-2013-6450\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.1\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1c-4ubuntu8.2\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.6\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.11\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-14:03.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          OpenSSL multiple vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2014-01-14\nAffects:        FreeBSD 10.0 prior to 10.0-RC5\nCorrected:      2014-01-07 20:04:41 UTC (stable/10, 10.0-PRERELEASE)\n                2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC5)\n                2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC4-p1)\n                2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC3-p1)\n                2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC2-p1)\n                2014-01-07 20:06:20 UTC (releng/10.0, 10.0-RC1-p1)\nCVE Name:       CVE-2013-4353, CVE-2013-6449, CVE-2013-6450\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII.  Problem Description\n\nA carefully crafted invalid TLS handshake could crash OpenSSL with a NULL\npointer exception. [CVE-2013-4353]\n\nA flaw in DTLS handling can cause an application using OpenSSL and DTLS to\ncrash. [CVE-2013-6450]\n\nA flaw in OpenSSL can cause an application using OpenSSL to crash when using\nTLS version 1.2. [CVE-2013-6449]\n\nIII. \n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch http://security.FreeBSD.org/patches/SA-14:03/openssl.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:03/openssl.patch.asc\n# gpg --verify openssl.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nRecompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/10/                                                        r260404\nreleng/10.0/                                                      r260405\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201412-39\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 26, 2014\n     Bugs: #494816, #519264, #525468\n       ID: 201412-39\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\ncould result in Denial of Service or Man-in-the-Middle attacks. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.1j              *\u003e= 0.9.8z_p2\n                                                            \u003e= 1.0.1j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1j\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p2\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying these packages. \n\nReferences\n==========\n\n[  1 ] CVE-2013-6449\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449\n[  2 ] CVE-2013-6450\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450\n[  3 ] CVE-2014-3505\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505\n[  4 ] CVE-2014-3506\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506\n[  5 ] CVE-2014-3507\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507\n[  6 ] CVE-2014-3509\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509\n[  7 ] CVE-2014-3510\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510\n[  8 ] CVE-2014-3511\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511\n[  9 ] CVE-2014-3512\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512\n[ 10 ] CVE-2014-3513\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513\n[ 11 ] CVE-2014-3567\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567\n[ 12 ] CVE-2014-3568\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568\n[ 13 ] CVE-2014-5139\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-39.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security]  openssl (SSA:2014-013-02)\n\nNew openssl packages are available for Slackware 14.0, 14.1, and -current to\nfix security issues. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1f-i486-1_slack14.1.txz:  Upgraded. \n  This update fixes the following security issues:\n    Fix for TLS record tampering bug CVE-2013-4353\n    Fix for TLS version checking bug CVE-2013-6449\n    Fix for DTLS retransmission bug CVE-2013-6450\n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1f-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1f-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1f-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1f-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1f-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1f-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1f-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1f-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1f-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1f-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1f-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\nf059432e11a6b17643e7b8f1d78c5ce3  openssl-0.9.8y-i486-1_slack13.0.txz\n46c623b2e58053d308b3d9eb735be26b  openssl-solibs-0.9.8y-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n4fb6f07f85ec4ea26cc67d8b1c037fa9  openssl-0.9.8y-x86_64-1_slack13.0.txz\n55bafd74f182806b1dcd076f31683743  openssl-solibs-0.9.8y-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n9713a64881622c63d0756ec9a5914980  openssl-0.9.8y-i486-1_slack13.1.txz\n5d8e3984389bd080bc37b9d1276c7a7d  openssl-solibs-0.9.8y-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n821c76387f3ffa388af9e5bf81185758  openssl-0.9.8y-x86_64-1_slack13.1.txz\nb6d525a53b4cda641166f19ee70a9650  openssl-solibs-0.9.8y-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n5195be05b85f5eb2bd4bf9ebf0a73ff9  openssl-0.9.8y-i486-1_slack13.37.txz\n5248a839148fa91de52361335dc051f5  openssl-solibs-0.9.8y-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n15e13676d0def5f0dac1e7a4704e0016  openssl-0.9.8y-x86_64-1_slack13.37.txz\nd4e5bd308d2e918c6bd7616343370c49  openssl-solibs-0.9.8y-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n1bb0907950c9f573899db21db15eb2b7  openssl-1.0.1f-i486-1_slack14.0.txz\n677d7a6f86c4ae1ba507de9e9efba2f0  openssl-solibs-1.0.1f-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ne006bdbf032de2a5b6b6a3304e96473f  openssl-1.0.1f-x86_64-1_slack14.0.txz\n56958f463cc6e78451c9096a266d9085  openssl-solibs-1.0.1f-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\ne0c4e52c930fb32aa4ddf23079ac1e42  openssl-1.0.1f-i486-1_slack14.1.txz\n3e51d8f2c1a9b763f037aa8dd51ad548  openssl-solibs-1.0.1f-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n2f18bac7c335eab1251decd15d8fce4c  openssl-1.0.1f-x86_64-1_slack14.1.txz\na61b7c01a06974b55a692c7359d16183  openssl-solibs-1.0.1f-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\nc07a84c4dc4dd27cc0c452fb650f2b5b  a/openssl-solibs-1.0.1f-i486-1.txz\n454153984c2d8bb76ff631416cc3550a  n/openssl-1.0.1f-i486-1.txz\n\nSlackware x86_64 -current packages:\n9bef5de5f7d04d5c4fdd5ad62801472e  a/openssl-solibs-1.0.1f-x86_64-1.txz\n6523e9d4befa8e1531ffd5a9377c897b  n/openssl-1.0.1f-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1f-i486-1_slack14.1.txz openssl-solibs-1.0.1f-i486-1_slack14.1.txz \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1e-5. \n\nWe recommend that you upgrade your openssl packages. \n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 0a21492e02429e199dfc88e8d502de88  mbs1/x86_64/lib64openssl1.0.0-1.0.0k-1.1.mbs1.x86_64.rpm\n 13eaad31a74bb167ce0d661eb25b5ca1  mbs1/x86_64/lib64openssl-devel-1.0.0k-1.1.mbs1.x86_64.rpm\n fca41114d79983a4d7600ba9a97cea3f  mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0k-1.1.mbs1.x86_64.rpm\n acaf2f9638cf2bafeeb3a0aebc173e85  mbs1/x86_64/lib64openssl-static-devel-1.0.0k-1.1.mbs1.x86_64.rpm\n 8d7142a0c95315a29de750e2e29f2174  mbs1/x86_64/openssl-1.0.0k-1.1.mbs1.x86_64.rpm \n 35c5ec534b80c03ae237526e75c52c18  mbs1/SRPMS/openssl-1.0.0k-1.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6450"
      },
      {
        "db": "BID",
        "id": "64618"
      },
      {
        "db": "PACKETSTORM",
        "id": "126457"
      },
      {
        "db": "PACKETSTORM",
        "id": "126605"
      },
      {
        "db": "PACKETSTORM",
        "id": "124734"
      },
      {
        "db": "PACKETSTORM",
        "id": "124794"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "124782"
      },
      {
        "db": "PACKETSTORM",
        "id": "124640"
      },
      {
        "db": "PACKETSTORM",
        "id": "124824"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-6450",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "64618",
        "trust": 1.3
      },
      {
        "db": "SECTRACK",
        "id": "1031594",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1029549",
        "trust": 1.0
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "126457",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126605",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124734",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124794",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129721",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124782",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124640",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124824",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64618"
      },
      {
        "db": "PACKETSTORM",
        "id": "126457"
      },
      {
        "db": "PACKETSTORM",
        "id": "126605"
      },
      {
        "db": "PACKETSTORM",
        "id": "124734"
      },
      {
        "db": "PACKETSTORM",
        "id": "124794"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "124782"
      },
      {
        "db": "PACKETSTORM",
        "id": "124640"
      },
      {
        "db": "PACKETSTORM",
        "id": "124824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "id": "VAR-201401-0254",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44401007833333334
  },
  "last_update_date": "2024-07-23T22:18:17.213000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl-1.0.1f",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=47334"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2079-1"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
      },
      {
        "trust": 1.0,
        "url": "http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=34628967f1e65dc8f34e000f0f5518e21afbfc7b"
      },
      {
        "trust": 1.0,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00032.html"
      },
      {
        "trust": 1.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0015.html"
      },
      {
        "trust": 1.0,
        "url": "http://seclists.org/fulldisclosure/2014/dec/23"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2014/dsa-2833"
      },
      {
        "trust": 1.0,
        "url": "http://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/64618"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1029549"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1031594"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "trust": 1.0,
        "url": "https://puppet.com/security/cve/cve-2013-6450"
      },
      {
        "trust": 1.0,
        "url": "https://security-tracker.debian.org/tracker/cve-2013-6450"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6450"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6449"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4353"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-d1488fd987894bc4ab3fe0ef52"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.2,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-3d92ccccf85f404e8ba36a8178"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-4575754bbb614b58bf0ae1ac37"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-37075daeead2433cb41b59ae76"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-27e03b2f9cd24e77adc9dba94a"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-bfd3c0fb11184796b9428ced37"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6450"
      },
      {
        "trust": 0.1,
        "url": "http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1c-4ubuntu8.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.6"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.11"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.1"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:03/openssl.patch"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6449\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4353\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6450\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-14:03.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:03/openssl.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6450"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6449"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5139"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3507"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4353"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6449"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=openssl-announce\u0026m=138747119822324\u0026w=2"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64618"
      },
      {
        "db": "PACKETSTORM",
        "id": "126457"
      },
      {
        "db": "PACKETSTORM",
        "id": "126605"
      },
      {
        "db": "PACKETSTORM",
        "id": "124734"
      },
      {
        "db": "PACKETSTORM",
        "id": "124794"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "124782"
      },
      {
        "db": "PACKETSTORM",
        "id": "124640"
      },
      {
        "db": "PACKETSTORM",
        "id": "124824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "64618"
      },
      {
        "db": "PACKETSTORM",
        "id": "126457"
      },
      {
        "db": "PACKETSTORM",
        "id": "126605"
      },
      {
        "db": "PACKETSTORM",
        "id": "124734"
      },
      {
        "db": "PACKETSTORM",
        "id": "124794"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "124782"
      },
      {
        "db": "PACKETSTORM",
        "id": "124640"
      },
      {
        "db": "PACKETSTORM",
        "id": "124824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-12-20T00:00:00",
        "db": "BID",
        "id": "64618"
      },
      {
        "date": "2014-05-03T02:16:52",
        "db": "PACKETSTORM",
        "id": "126457"
      },
      {
        "date": "2014-05-13T18:24:00",
        "db": "PACKETSTORM",
        "id": "126605"
      },
      {
        "date": "2014-01-10T02:26:27",
        "db": "PACKETSTORM",
        "id": "124734"
      },
      {
        "date": "2014-01-15T18:02:22",
        "db": "PACKETSTORM",
        "id": "124794"
      },
      {
        "date": "2014-12-26T15:46:37",
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "date": "2014-01-14T22:22:00",
        "db": "PACKETSTORM",
        "id": "124782"
      },
      {
        "date": "2014-01-03T14:07:58",
        "db": "PACKETSTORM",
        "id": "124640"
      },
      {
        "date": "2014-01-18T03:07:40",
        "db": "PACKETSTORM",
        "id": "124824"
      },
      {
        "date": "2014-01-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      },
      {
        "date": "2014-01-01T16:05:15.017000",
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-12T19:46:00",
        "db": "BID",
        "id": "64618"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      },
      {
        "date": "2023-11-07T02:17:12.327000",
        "db": "NVD",
        "id": "CVE-2013-6450"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "124734"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-001"
      }
    ],
    "trust": 0.6
  }
}

var-200110-0207
Vulnerability from variot

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. (CVE-2006-4343)

Updated packages are patched to address these issues.

Update:

There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

Full-Disclosure - We believe in it.

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02824490 Version: 1

HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-05-05 Last Updated: 2011-05-05

Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications.

References: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html

CSWS_PHP V2.2 http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html

HISTORY Version:1 (rev.1) - 5 May 2011 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20060928.txt . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  2. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0207",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "5.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "6.06"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "5.10"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar410v2"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar450s"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar550s"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar570s"
      },
      {
        "model": "centrecom",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "allied telesis",
        "version": "ar740"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10cu2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0.8"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux personal",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "fitelnet-f series",
        "scope": null,
        "trust": 0.8,
        "vendor": "furukawa electric",
        "version": null
      },
      {
        "model": "mucho series",
        "scope": null,
        "trust": 0.8,
        "vendor": "furukawa electric",
        "version": null
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.10"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.9"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "x8610.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.50.3.45"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "ciscosecure acs appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1111"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "mds 9216i",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.10.2.65"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "ciscosecure acs for windows and unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.48"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.47"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.22"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i standard edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i personal edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i enterprise edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle8i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "oracle8i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4.0"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.5"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.4.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.0.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.2.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.1.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "identity management 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.0.1"
      },
      {
        "model": "9i application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0.2.2"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3"
      },
      {
        "model": "e-business suite 11i cu2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.9"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.8"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.7"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "developer suite 6i",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.2"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.1"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.0"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.2.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle for openview for linux ltu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1.1"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.7"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-4343",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-4343",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4343",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#221788",
            "trust": 0.8,
            "value": "4.20"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-534",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02824490\nVersion: 1\n\nHPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-05-05\nLast Updated: 2011-05-05\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. \n\nReferences: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \n http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html\n\nCSWS_PHP V2.2\n http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html\n\nHISTORY\nVersion:1 (rev.1) - 5 May 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n    -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n    -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20060928.txt\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      }
    ],
    "trust": 5.85
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343",
        "trust": 3.9
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 3.7
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 2.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25420",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1973",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4443",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29263",
        "trust": 1.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4773",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "50543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "id": "VAR-200110-0207",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.32525984999999996
  },
  "last_update_date": "2024-06-12T21:38:12.479000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Oracle Critical Patch Update - January 2007",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "openssl (V2.x)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1003"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102711",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "Oracle Critical Patch Update - January 2007",
        "trust": 0.8,
        "url": "http://otn.oracle.co.jp/security/070119_77/top.html"
      },
      {
        "title": "X.509\u8a3c\u660e\u66f8\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20071108.html"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      },
      {
        "title": "729618/NISCC/PARASITIC-KEYS",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/niscc729618.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-DesignError",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/386964"
      },
      {
        "trust": 1.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 1.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25420"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29263"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4443"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1973"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10207"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4356"
      },
      {
        "trust": 1.0,
        "url": "https://www.exploit-db.com/exploits/4773"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr044501.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/niscc/niscc-729618/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4343"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf?lang=en"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.3,
        "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/index.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/221788"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/457193"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/464470"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458657"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458036"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458006"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458037"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458005"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458041"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458038"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458475"
      },
      {
        "trust": 0.3,
        "url": "http://docs.info.apple.com/article.html?artnum=307177"
      },
      {
        "trust": 0.3,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.2,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20246"
      },
      {
        "date": "2007-01-16T00:00:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "date": "2006-10-04T00:47:19",
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2011-05-10T00:45:11",
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T09:25:00",
        "db": "BID",
        "id": "20246"
      },
      {
        "date": "2008-05-20T23:05:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000595"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "date": "2018-10-17T21:36:13.210000",
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "design error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      }
    ],
    "trust": 0.6
  }
}

var-202201-1080
Vulnerability from variot

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-02

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple Vulnerabilities Date: October 16, 2022 Bugs: #741570, #809980, #832339, #835343, #842489, #856592 ID: 202210-02

Synopsis

Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service.

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.1.1q >= 1.1.1q

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1q"

References

[ 1 ] CVE-2020-1968 https://nvd.nist.gov/vuln/detail/CVE-2020-1968 [ 2 ] CVE-2021-3711 https://nvd.nist.gov/vuln/detail/CVE-2021-3711 [ 3 ] CVE-2021-3712 https://nvd.nist.gov/vuln/detail/CVE-2021-3712 [ 4 ] CVE-2021-4160 https://nvd.nist.gov/vuln/detail/CVE-2021-4160 [ 5 ] CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 [ 6 ] CVE-2022-1292 https://nvd.nist.gov/vuln/detail/CVE-2022-1292 [ 7 ] CVE-2022-1473 https://nvd.nist.gov/vuln/detail/CVE-2022-1473 [ 8 ] CVE-2022-2097 https://nvd.nist.gov/vuln/detail/CVE-2022-2097

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202210-02

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-5103-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 15, 2022 https://www.debian.org/security/faq

Package : openssl CVE ID : CVE-2021-4160 CVE-2022-0778 Debian Bug : 989604

Tavis Ormandy discovered that the BN_mod_sqrt() function of OpenSSL could be tricked into an infinite loop. This could result in denial of service via malformed certificates.

For the oldstable distribution (buster), this problem has been fixed in version 1.1.1d-0+deb10u8.

For the stable distribution (bullseye), this problem has been fixed in version 1.1.1k-1+deb11u2.

For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIwxQtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R2qw//c0GbzcbXlLfibf7Nki5CMJUdWqx1si8O2uQ1vKxgC07rCAx1Lrw0TtIl Tq1vYRtSbvy8P4Qn3E6/lbSYTnM7JbkriZ1HS3Mw4VFlOBA8lWMif4KotrcMAoYE IOQlhhTCkKZM8cL4YKDwN7XSy5LSdt/sw5rIi1ZpgVTEXQeKIDPa5WK6YyIGNG6k h83TPYZp+8e3Fuoubb8RY5CUfFomdMHRazHcrCkjY+yvFTFdKbUza9RjUs44xu2Z ZUTfIddR8D8mWfKOyvAVMw0A7/zjFW1IX0vC0RhHwjrulLgJbqWvcYQgEJy/wOKd tWjVwGya7+Fxn6GFL0rHZP/OFq9mDwxyBDfDg/hD+TSnbxtyHIxUH4QoWdPPgJxP ahln2TNfsnQsCopdn9dJ/XOrkC35R7Jp11kmX8MCTP6k8ob4mdQIACcRND/jcPgT tOBoUBCrha98Qvdh6UAGegTxqOBaNhG52fpNjEegq/q7kxlugdOtbY1nZXvuHHI5 C9Gd6e4JqpRlMDuT7rC8qchXJM8VnhWdVdz95gkeQCA21+AGJ+CEvTpSRPY6qCrM rUvS3HVrBFNLWNlsA68or3y8CfxjFbpXnSxflCmoBtmAp6z9TXm59Fu7N6Qqkpom yV0hQAqqeFa9u3NZKoNrj/FGWYXZ+zMt+jifRLokuB0IhFUOJ70= =SB84 -----END PGP SIGNATURE----- . If that applies then:

OpenSSL 1.0.2 users should apply git commit 6fc1aaaf3 (premium support customers only) OpenSSL 1.1.1 users should upgrade to 1.1.1m OpenSSL 3.0.0 users should upgrade to 3.0.1

This issue was found on the 10th of December 2021 and subsequently fixed by Bernd Edlinger.

Note

OpenSSL 1.0.2 is out of support and no longer receiving public updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20220128.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202201-1080",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.4.0.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1m"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "3.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "model": "health sciences inform publisher",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.2.1.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "sinec ins",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "model": "sinec ins",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.59"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.2.6.3"
      },
      {
        "model": "health sciences inform publisher",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.3.1.1"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2zb"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "jd edwards world security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "a9.4"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.58"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-4160"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha14:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha16:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha17:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:alpha9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.2zb",
                "versionStartIncluding": "1.0.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.1m",
                "versionStartIncluding": "1.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-4160"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens reported these vulnerabilities to CISA.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2650"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-4160",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-4160",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-4160",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202201-2650",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-4160",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-4160"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-4160"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2650"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202210-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple Vulnerabilities\n     Date: October 16, 2022\n     Bugs: #741570, #809980, #832339, #835343, #842489, #856592\n       ID: 202210-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in OpenSSL, the worst of\nwhich could result in denial of service. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl           \u003c 1.1.1q                    \u003e= 1.1.1q\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.1.1q\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-1968\n      https://nvd.nist.gov/vuln/detail/CVE-2020-1968\n[ 2 ] CVE-2021-3711\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3711\n[ 3 ] CVE-2021-3712\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3712\n[ 4 ] CVE-2021-4160\n      https://nvd.nist.gov/vuln/detail/CVE-2021-4160\n[ 5 ] CVE-2022-0778\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0778\n[ 6 ] CVE-2022-1292\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1292\n[ 7 ] CVE-2022-1473\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1473\n[ 8 ] CVE-2022-2097\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2097\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202210-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5103-1                   security@debian.org\nhttps://www.debian.org/security/                     Salvatore Bonaccorso\nMarch 15, 2022                        https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : openssl\nCVE ID         : CVE-2021-4160 CVE-2022-0778\nDebian Bug     : 989604\n\nTavis Ormandy discovered that the BN_mod_sqrt() function of OpenSSL\ncould be tricked into an infinite loop. This could result in denial of\nservice via malformed certificates. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 1.1.1d-0+deb10u8. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 1.1.1k-1+deb11u2. \n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIwxQtfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0R2qw//c0GbzcbXlLfibf7Nki5CMJUdWqx1si8O2uQ1vKxgC07rCAx1Lrw0TtIl\nTq1vYRtSbvy8P4Qn3E6/lbSYTnM7JbkriZ1HS3Mw4VFlOBA8lWMif4KotrcMAoYE\nIOQlhhTCkKZM8cL4YKDwN7XSy5LSdt/sw5rIi1ZpgVTEXQeKIDPa5WK6YyIGNG6k\nh83TPYZp+8e3Fuoubb8RY5CUfFomdMHRazHcrCkjY+yvFTFdKbUza9RjUs44xu2Z\nZUTfIddR8D8mWfKOyvAVMw0A7/zjFW1IX0vC0RhHwjrulLgJbqWvcYQgEJy/wOKd\ntWjVwGya7+Fxn6GFL0rHZP/OFq9mDwxyBDfDg/hD+TSnbxtyHIxUH4QoWdPPgJxP\nahln2TNfsnQsCopdn9dJ/XOrkC35R7Jp11kmX8MCTP6k8ob4mdQIACcRND/jcPgT\ntOBoUBCrha98Qvdh6UAGegTxqOBaNhG52fpNjEegq/q7kxlugdOtbY1nZXvuHHI5\nC9Gd6e4JqpRlMDuT7rC8qchXJM8VnhWdVdz95gkeQCA21+AGJ+CEvTpSRPY6qCrM\nrUvS3HVrBFNLWNlsA68or3y8CfxjFbpXnSxflCmoBtmAp6z9TXm59Fu7N6Qqkpom\nyV0hQAqqeFa9u3NZKoNrj/FGWYXZ+zMt+jifRLokuB0IhFUOJ70=\n=SB84\n-----END PGP SIGNATURE-----\n. If that applies then:\n\nOpenSSL 1.0.2 users should apply git commit 6fc1aaaf3 (premium support\ncustomers only)\nOpenSSL 1.1.1 users should upgrade to 1.1.1m\nOpenSSL 3.0.0 users should upgrade to 3.0.1\n\nThis issue was found on the 10th of December 2021 and subsequently fixed\nby Bernd Edlinger. \n\nNote\n====\n\nOpenSSL 1.0.2 is out of support and no longer receiving public updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20220128.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-4160"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-4160"
      },
      {
        "db": "PACKETSTORM",
        "id": "168714"
      },
      {
        "db": "PACKETSTORM",
        "id": "169298"
      },
      {
        "db": "PACKETSTORM",
        "id": "169638"
      }
    ],
    "trust": 1.26
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-4160",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-637483",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-258-05",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "168714",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022062021",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012811",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060710",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031611",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042517",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022051735",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2512",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2191",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4616",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2417",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2650",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-4160",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169298",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169638",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-4160"
      },
      {
        "db": "PACKETSTORM",
        "id": "168714"
      },
      {
        "db": "PACKETSTORM",
        "id": "169298"
      },
      {
        "db": "PACKETSTORM",
        "id": "169638"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-4160"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2650"
      }
    ]
  },
  "id": "VAR-202201-1080",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.20766129
  },
  "last_update_date": "2023-12-18T11:16:08.642000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "OpenSSL Fixes for encryption problem vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=180884"
      },
      {
        "title": "Debian Security Advisories: DSA-5103-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=4ecbdda56426ff105b6a2939daf5c4e7"
      },
      {
        "title": "Red Hat: CVE-2021-4160",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-4160"
      },
      {
        "title": "IBM: Security Bulletin: IBM Sterling Control Center vulnerable to multiple issues to due IBM Cognos Analystics (CVE-2022-4160, CVE-2021-3733)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9d831a6a306a903e583b6a76777d1085"
      },
      {
        "title": "IBM: Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=316fcbda8419e3988baf55ecd43960a6"
      },
      {
        "title": "IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2022-34339, CVE-2021-3712, CVE-2021-3711, CVE-2021-4160, CVE-2021-29425, CVE-2021-3733, CVE-2021-3737, CVE-2022-0391, CVE-2021-43138, CVE-2022-24758)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=cbece86f0c3bef5a678f2bb3dbbb854b"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/actions-marketplace-validations/neuvector_scan-action "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/neuvector/scan-action "
      },
      {
        "title": "nodejs-helloworld",
        "trust": 0.1,
        "url": "https://github.com/andrewd-sysdig/nodejs-helloworld "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/tianocore-docs/thirdpartysecurityadvisories "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-4160"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2650"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-4160"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.openssl.org/news/secadv/20220128.txt"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2022/dsa-5103"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/202210-02"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4160"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6fc1aaaf303185aa5e483e06bdfae16daa9193a7"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3bf7b73ea7123045b8f972badc67ed6878e6c37f"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022051735"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2417"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4616"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-4160"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060710"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/openssl-weak-encryption-via-mips-bn-mod-exp-37400"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2191"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012811"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042517"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-258-05"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031611"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022062021"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168714/gentoo-linux-security-advisory-202210-02.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2512"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/actions-marketplace-validations/neuvector_scan-action"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1968"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3711"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1473"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/openssl"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20220315.txt"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/support/contracts.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0701"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-4160"
      },
      {
        "db": "PACKETSTORM",
        "id": "168714"
      },
      {
        "db": "PACKETSTORM",
        "id": "169298"
      },
      {
        "db": "PACKETSTORM",
        "id": "169638"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-4160"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2650"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-4160"
      },
      {
        "db": "PACKETSTORM",
        "id": "168714"
      },
      {
        "db": "PACKETSTORM",
        "id": "169298"
      },
      {
        "db": "PACKETSTORM",
        "id": "169638"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-4160"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2650"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-01-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-4160"
      },
      {
        "date": "2022-10-17T13:44:06",
        "db": "PACKETSTORM",
        "id": "168714"
      },
      {
        "date": "2022-03-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "169298"
      },
      {
        "date": "2022-01-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169638"
      },
      {
        "date": "2022-01-28T22:15:15.133000",
        "db": "NVD",
        "id": "CVE-2021-4160"
      },
      {
        "date": "2022-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202201-2650"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-11-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-4160"
      },
      {
        "date": "2023-11-07T03:40:17.080000",
        "db": "NVD",
        "id": "CVE-2021-4160"
      },
      {
        "date": "2022-10-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202201-2650"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2650"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Input validation error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2650"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-2650"
      }
    ],
    "trust": 0.6
  }
}

var-200609-0811
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDKSA-2006:172-1 http://www.mandriva.com/security/

Package : openssl Date : October 2, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0

Problem Description:

Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).

Update:

There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)

files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

BACKGROUND

RESOLUTION

HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

PRODUCT SPECIFIC INFORMATION

The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0811",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. Henson  of the OpenSSL core team and Open Network Security is credited  with the discovery of this vulnerability. He created the test suite that uncovered this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                       MDKSA-2006:172-1\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : openssl\n Date    : October 2, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n Dr S N Henson of the OpenSSL core team and Open Network Security\n recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      }
    ],
    "trust": 4.95
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 2.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200609-0811",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-06-09T20:28:15.610000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.5,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.4,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.4,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.4,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.2,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
      },
      {
        "trust": 0.1,
        "url": "http://h30097.www3.hp.com/cma/patches.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2006-10-04T00:47:19",
        "db": "PACKETSTORM",
        "id": "50543"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2007-04-19T00:58:08",
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2011-05-10T00:45:11",
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  }
}

var-201405-0244
Vulnerability from variot

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions.

The oldstable distribution (squeeze) is not affected.

For the stable distribution (wheezy), this problem has been fixed in version 1.0.1e-2+deb7u9.

For the testing distribution (jessie), this problem has been fixed in version 1.0.1g-4.

For the unstable distribution (sid), this problem has been fixed in version 1.0.1g-4.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://advisories.mageia.org/MGASA-2014-0204.html

Updated Packages:

Mandriva Business Server 1/X86_64: 0960978623ce1a63b660860f11a273cd mbs1/x86_64/lib64openssl1.0.0-1.0.0k-1.3.mbs1.x86_64.rpm a1f2e8359b1823df2bbf4cef25ed0fa5 mbs1/x86_64/lib64openssl-devel-1.0.0k-1.3.mbs1.x86_64.rpm 9caf8ee1e9151cd22cc8bbbcec6ddc64 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0k-1.3.mbs1.x86_64.rpm e7e8655dcdfcf3499b5d3280a7023beb mbs1/x86_64/lib64openssl-static-devel-1.0.0k-1.3.mbs1.x86_64.rpm 34ef39c4e07e20ed081ff466b744e6b1 mbs1/x86_64/openssl-1.0.0k-1.3.mbs1.x86_64.rpm 4c4315e35972686c692a095851d42cd4 mbs1/SRPMS/openssl-1.0.0k-1.3.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security.

HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. This bulletin provides the information needed to update the HP Insight Control server deployment solution. HP has provided manual update steps if a version upgrade is not possible; if users wish to remain at v7.1.2, v7.2.0, or v7.2.1.

Note: It is important to check your current running version of HP Insight Control server deployment and to follow the correct steps listed below. For HP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and follow the steps below to remove the vulnerability. That Security Bulletin with instructions on how to upgrade to v7.3.1 can be found here:

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n a-c04267749

HP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should take the following steps to remove this vulnerability.

Delete the files smhamd64-.exe/smhx86-.exe" from Component Copy Location listed in the following table, rows 1 and 2. Delete the files "vcax86-.exe/vcaamd64-.exe from Component Copy Location listed in the following table, rows 3 and 4. Delete the files hpsmh-7.*.rpm" from Component Copy Location listed in row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location specified in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location

1 http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba smhamd64-ccp023716.exe \express\hpfeatures\hpagents-ws\components\Win2008

2 http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05 smhx86-cp023715.exe \express\hpfeatures\hpagents-ws\components\Win2008

3 http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13 vcax86-cp023742.exe \express\hpfeatures\hpagents-ws\components\Win2008

4 http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2 vcaamd64-cp023743.exe \express\hpfeatures\hpagents-ws\components\Win2008

5 http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components \express\hpfeatures\hpagents-sles10-x64\components \express\hpfeatures\hpagents-rhel5-x64\components \express\hpfeatures\hpagents-rhel6-x64\components

Download and extract the HPSUM 5.3.6 component from ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793

Copy all content from extracted ZIP folder and paste into \eXpress\hpfeatures\fw-proLiant\components Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 on targets running Windows.

HP Insight Control server deployment users with v7.2.2:

Please upgrade to Insight Control server deployment v7.3.1 and follow the steps below for v7.3.1.

HP Insight Control server deployment users with v7.3.1:

Perform steps 1 - 4 as outlined above for users with HP Insight Control server deployment v7.1.2, v7.2.0, and v7.2.1. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201407-05

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: July 27, 2014 Bugs: #512506 ID: 201407-05

Synopsis

Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1"

References

[ 1 ] CVE-2010-5298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298 [ 2 ] CVE-2014-0195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195 [ 3 ] CVE-2014-0198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198 [ 4 ] CVE-2014-0221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221 [ 5 ] CVE-2014-0224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224 [ 6 ] CVE-2014-3470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470 [ 7 ] OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201407-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . These vulnerabilities include:

  • The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information.

  • HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5

  • HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2010-5298
  4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
  4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)

CVE-2014-0076
  4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)

CVE-2014-0195
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2014-0198
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2014-0221
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2014-0224
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2014-3470
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2014-3566
  3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
  4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE-2016-0705
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE recommends applying the following software updates to resolve the vulnerabilities in the impacted versions of HPE StoreVirtual products running HPE LeftHand OS.

LeftHand OS v11.5 - Patches 45019-00 and 45020 LeftHand OS v12.0 - Patches 50016-00 and 50017-00 LeftHand OS v12.5 - Patch 55016-00 LeftHand OS v12.6 - Patch 56002-00

Notes:

These patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision to OpenSSL v1.0.1e 48. These patches migrate Certificate Authority Hashing Algorithm from a weak hashing algorithm SHA1 to the stronger hashing algorithm SHA256. Summary

VMware product updates address OpenSSL security vulnerabilities.

  1. Relevant Releases

ESXi 5.5 prior to ESXi550-201406401-SG

  1. OpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h in order to resolve multiple security issues.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)

    has assigned the names CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to these issues. The most important of these issues is CVE-2014-0224.

    CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to be of moderate severity. Exploitation is highly unlikely or is mitigated due to the application configuration.

    CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL Security Advisory (see Reference section below), do not affect any VMware products. For readability the affected products have been split into 3 tables below, based on the different client-server configurations and deployment scenarios. Applying these patches to affected servers will mitigate the affected clients (See Table 1 below). can be mitigated by using a secure network such as VPN (see Table 2 below).

    Clients and servers that are deployed on an isolated network are less exposed to CVE-2014-0224 (see Table 3 below). The affected products are typically deployed to communicate over the management network.

    RECOMMENDATIONS

    VMware recommends customers evaluate and deploy patches for affected Servers in Table 1 below as these patches become available. Patching these servers will remove the ability to exploit the vulnerability described in CVE-2014-0224 on both clients and servers. VMware recommends customers consider applying patches to products listed in Table 2 & 3 as required.

    Column 4 of the following tables lists the action required to remediate the vulnerability in each release, if a solution is available.

    VMware Product Running Replace with/ Product Version on Apply Patch ============== ======= ======= ============= ESXi 5.5 ESXi ESXi550- 201406401-SG

    Big Data Extensions 1.1 patch pending Charge Back Manager 2.6 patch pending

    Horizon Workspace Server GATEWAY 1.8.1 patch pending Horizon Workspace Server GATEWAY 1.5 patch pending

    Horizon Workspace Server DATA 1.8.1 patch pending

    Horizon Mirage Edge Gateway 4.4.2 patch pending Horizon View 5.3.1 patch pending

    Horizon View Feature Pack 5.3 SP2 patch pending

    NSX for Multi-Hypervisor 4.1.2 patch pending NSX for Multi-Hypervisor 4.0.3 patch pending NSX for vSphere 6.0.4 patch pending NVP 3.2.2 patch pending vCAC 6.0.1 patch pending

    vCloud Networking and Security 5.5.2 patch pending vCloud Networking and Security 5.1.2 patch pending

    vFabric Web Server 5.3.4 patch pending

    vCHS - DPS-Data Protection 2.0 patch pending Service

    Table 2 ======== Affected clients running a vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating over an untrusted network.

    VMware Product Running Replace with/ Product Version on Apply Patch ============== ======= ======= ============= vCSA 5.5 patch pending vCSA 5.1 patch pending vCSA 5.0 patch pending

    ESXi 5.1 ESXi patch pending ESXi 5.0 ESXi patch pending

    Workstation 10.0.2 any patch pending Workstation 9.0.3 any patch pending Fusion 6.x OSX patch pending Fusion 5.x OSX patch pending Player 10.0.2 any patch pending Player 9.0.3 any patch pending

    Chargeback Manager 2.5.x patch pending

    Horizon Workspace Client for 1.8.1 OSX patch pending Mac Horizon Workspace Client for 1.5 OSX patch pending Mac Horizon Workspace Client for 1.8.1 Windows patch pending Windows
    Horizon Workspace Client for 1.5 Windows patch pending

    OVF Tool 3.5.1 patch pending OVF Tool 3.0.1 patch pending

    vCenter Operations Manager 5.8.1 patch pending

    vCenter Support Assistant 5.5.0 patch pending vCenter Support Assistant 5.5.1 patch pending

    vCD 5.1.2 patch pending
    vCD 5.1.3 patch pending vCD 5.5.1.1 patch pending vCenter Site Recovery Manager 5.0.3.1 patch pending

    Table 3 ======= The following table lists all affected clients running a vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating over an untrusted network.

    VMware Product Running Replace with/ Product Version on Apply Patch ============== ======= ======= ============= vCenter Server 5.5 any patch pending vCenter Server 5.1 any patch pending vCenter Server 5.0 any patch pending

    Update Manager 5.5 Windows patch pending Update Manager 5.1 Windows patch pending Update Manager 5.0 Windows patch pending

    Config Manager (VCM) 5.6 patch pending

    Horizon View Client 5.3.1 patch pending Horizon View Client 4.x patch pending Horizon Workspace 1.8.1 patch pending Horizon Workspace 1.5 patch pending

    ITBM Standard 1.0.1 patch pending ITBM Standard 1.0 patch pending

    Studio 2.6.0.0 patch pending

    Usage Meter 3.3 patch pending vCenter Chargeback Manager 2.6 patch pending vCenter Converter Standalone 5.5 patch pending vCenter Converter Standalone 5.1 patch pending vCD (VCHS) 5.6.2 patch pending

    vCenter Site Recovery Manager 5.5.1 patch pending vCenter Site Recovery Manager 5.1.1 patch pending

    vFabric Application Director 5.2.0 patch pending vFabric Application Director 5.0.0 patch pending View Client 5.3.1 patch pending View Client 4.x patch pending VIX API 5.5 patch pending VIX API 1.12 patch pending

    vMA (Management Assistant) 5.1.0.1 patch pending

    VMware Data Recovery 2.0.3 patch pending

    VMware vSphere CLI 5.5 patch pending

    vSphere Replication 5.5.1 patch pending vSphere Replication 5.6 patch pending vSphere SDK for Perl 5.5 patch pending vSphere Storage Appliance 5.5.1 patch pending vSphere Storage Appliance 5.1.3 patch pending vSphere Support Assistant 5.5.1 patch pending vSphere Support Assistant 5.5.0 patch pending vSphere Virtual Disk 5.5 patch pending Development Kit
    vSphere Virtual Disk 5.1 patch pending Development Kit vSphere Virtual Disk 5.0 patch pending Development Kit

  2. Solution

ESXi 5.5

Download: https://www.vmware.com/patchmgr/download.portal

Release Notes and Remediation Instructions: http://kb.vmware.com/kb/2077359

  1. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

https://www.openssl.org/news/secadv_20140605.txt

  1. Change Log

2014-06-10 VMSA-2014-0006 Initial security advisory in conjunction with the release of ESXi 5.5 updates on 2014-06-10

  1. Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html

Twitter https://twitter.com/VMwareSRC

Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04347622

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04347622 Version: 2

HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-06-20 Last Updated: 2014-11-20

Potential Security Impact: Remote Denial of Service (DoS), code execution, unauthorized access, modification of information, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Network Products running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, modify or disclose information.

References:

CVE-2010-5298 (SSRT101561) Remote Denial of Service (DoS) or Modification of Information CVE-2014-0198 (SSRT101561) Remote Unauthorized Access CVE-2014-0224 (SSRT101593) Remote Unauthorized Access or Disclosure of Information

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION section below for a list of impacted products.

NOTE:

All products listed are impacted by CVE-2014-0224. This is the vulnerability known as "Heartbleed". HP Intelligent Management Center (iMC) is also impacted by CVE-2014-0198 and CVE-2010-5298.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION On June 5th 2014, OpenSSL.org issued an advisory with several CVE vulnerabilities. HP Networking is working to release fixes for these vulnerabilities that impact the products in the table below. As fixed software is made available, this security bulletin will be updated to show the fixed versions. Until the software fixes are available, HP Networking is providing the following information including possible workarounds to mitigate the risks of these vulnerabilities.

Workarounds

HP Networking equipment is typically deployed inside firewalls and access

to management interfaces and other protocols is more tightly controlled than in public environments. 

Following the guidelines in the Hardening Comware-based devices can help

to further reduce man-in-the-middle opportunities:

  http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=

c03536920

For an HP Networking device acting as an OpenSSL Server, using a patched

OpenSSL client or non-OpenSSL client eliminates the risk.

Protocol Notes

The following details the protocols that use OpenSSL in Comware v5 and

Comware v7:

- Comware V7:

    Server:

      FIPS/HTTPS/Load Balancing/Session Initiation Protocol

    Client:

      Load Balancing/OpenFlow/Session Initiation Protocol/State Machine

Based Anti-Spoofing/Dynamic DNS

- Comware V5:

  Server:

    CAPWAP/EAP/SSLVPN

  Client:

    Dynamic DNS

Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted 3Com Branded Products Impacted

12900 Switch Series 12900_7.10.R1109 12900_7.10.R1005P07 JG619A HP FF 12910 Switch AC Chassis JG621A HP FF 12910 Main Processing Unit JG632A HP FF 12916 Switch AC Chassis JG634A HP FF 12916 Main Processing Unit

12500.0 12500_5.20.R1828P04 12500_5.20.R1828P04-US JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M)

12500 (Comware v7) 12500_7.10.R7328P03 JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JG497A HP 12500 MPU w/Comware V7 OS JG782A HP FF 12508E AC Switch Chassis JG783A HP FF 12508E DC Switch Chassis JG784A HP FF 12518E AC Switch Chassis JG785A HP FF 12518E DC Switch Chassis JG802A HP FF 12500E MPU H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M)

11900 Switch Series 11900_7.10.R2111P04 JG608A HP FF 11908-V Switch Chassis JG609A HP FF 11900 Main Processing Unit

10500 Switch Series (Comware v5) 10500_5.20.R1208P09 10500_5.20.R1208P09-US JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC614A HP 10500 Main Processing Unit JC748A HP 10512 Switch Chassis JG375A HP 10500 TAA Main Processing Unit JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis

10500 Switch Series (Comware v7) 10500_7.10.R2111P04 JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC748A HP 10512 Switch Chassis JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis JG496A HP 10500 Type A MPU w/Comware v7 OS

9500E S9500E_5.20.R1828P04 JC124A HP A9508 Switch Chassis JC124B HP 9505 Switch Chassis JC125A HP A9512 Switch Chassis JC125B HP 9512 Switch Chassis JC474A HP A9508-V Switch Chassis JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9512E Routing-Switch Chassis (0235A0G7) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9505E Chassis w/ Fans (0235A38P) H3C S9512E Chassis w/ Fans (0235A38R)

7900.0 7900_7.10.R2118 JG682A HP FlexFabric 7904 Switch Chassis

7500 Switch Series 7500_5.20.R6708P09 7500_5.20.R6708P09-US JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T JC697A HP A7502 TAA Main Processing Unit JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE JC700A HP A7500 384 Gbps TAA Fabric / MPU JC701A HP A7510 768 Gbps TAA Fabric / MPU JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports JD194A HP 384 Gbps Fabric A7500 Module JD194B HP 7500 384Gbps Fabric Module JD195A HP 7500 384Gbps Advanced Fabric Module JD196A HP 7502 Fabric Module JD220A HP 7500 768Gbps Fabric Module JD238A HP A7510 Switch Chassis JD238B HP 7510 Switch Chassis JD239A HP A7506 Switch Chassis JD239B HP 7506 Switch Chassis JD240A HP A7503 Switch Chassis JD240B HP 7503 Switch Chassis JD241A HP A7506 Vertical Switch Chassis JD241B HP 7506-V Switch Chassis JD242A HP A7502 Switch Chassis JD242B HP 7502 Switch Chassis JD243A HP A7503 Switch Chassis w/1 Fabric Slot JD243B HP 7503-S Switch Chassis w/1 Fabric Slot H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4) H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2) H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5) H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1) H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3) H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0) H3C S7502E Chassis w/ fans (0235A29A) H3C S7503E Chassis w/ fans (0235A27R) H3C S7503E-S Chassis w/ fans (0235A33R) H3C S7506E Chassis w/ fans (0235A27Q) H3C S7506E-V Chassis w/ fans (0235A27S)

HSR6800 HSR6800_5.20.R3303P10 HSR6800_5.20.R3303P10-US JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU

HSR6800 Russian Version HSR6800_5.20.R3303P10.RU JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU

HSR6602 HSR6602_5.20.R3303P10 HSR6602_5.20.R3303P10-US JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router

HSR6602 Russian Version HSR6602_5.20.R3303P10.RU JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router

6602.0 6602_5.20.R3303P10 6602_5.20.R3303P10-US JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D)

6602 Russian Version 6602_5.20.R3303P10.RU JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D)

A6600 6600.RPE_5.20.R3303P10 6600.RSE_5.20.R3303P10 6600.RPE_5.20.R3303P10-US 6600.RSE_5.20.R3303P10-US JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

A6600 Russian Version 6600.RPE_5.20.R3303P10.RU 6600.RSE_5.20.R3303P10.RU JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

6600 MCP HSR6602_5.20.R3303P10 HSR6602_5.20.R3303P10-US JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

6600 MCP Russian Version HSR6602_5.20.R3303P10.RU JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

5920 Switch Series 5900AF-5920AF_7.10.R2311P01 5900AF-5920AF_7.10.R2311P01-US JG296A HP 5920AF-24XG Switch JG555A HP 5920AF-24XG TAA Switch

5900 Switch Series 5900AF-5920AF_7.10.R2311P01 5900AF-5920AF_7.10.R2311P01-US JC772A HP 5900AF-48XG-4QSFP+ Switch JG336A HP 5900AF-48XGT-4QSFP+ Switch JG510A HP 5900AF-48G-4XG-2QSFP+ Switch JG554A HP 5900AF-48XG-4QSFP+ TAA Switch JG838A HP FF 5900CP-48XG-4QSFP+ Switch

5830 Switch Series 5830_5.20.R1118P09 5830_5.20.R1118P09-US JC691A HP A5830AF-48G Switch w/1 Interface Slot JC694A HP A5830AF-96G Switch JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot JG374A HP 5830AF-96G TAA Switch

5820 Switch Series 5800-5820X_5.20.R1808P25 5800-5820X_5.20.R1808P27-US JC102A HP 5820-24XG-SFP+ Switch JC106A HP 5820-14XG-SFP+ Switch with 2 Slots JG219A HP 5820AF-24XG Switch JG243A HP 5820-24XG-SFP+ TAA-compliant Switch JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media modules Plus OSM (0235A37L) H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T (RJ45) (0235A370)

5800 Switch Series 5800-5820X_5.20.R1808P25 5800-5820X_5.20.R1808P27-US JC099A HP 5800-24G-PoE Switch JC100A HP 5800-24G Switch JC101A HP 5800-48G Switch with 2 Slots JC103A HP 5800-24G-SFP Switch JC104A HP 5800-48G-PoE Switch JC105A HP 5800-48G Switch JG225A HP 5800AF-48G Switch JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots JG254A HP 5800-24G-PoE+ TAA-compliant Switch JG255A HP 5800-24G TAA-compliant Switch JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot JG258A HP 5800-48G TAA Switch w 1 Intf Slot H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot (0235A36U) H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X (SFP Plus ) Plus 1 media module PoE (0235A36S) H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus media module (no power) (0235A374) H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus ) Plus media module (0235A379) H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module (0235A378) H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM (0235A36W)

5500 HI Switch Series 5500.HI_5.20.R5501P02 5500.HI_5.20.R5501P02-US JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt

5500 EI Switch Series 5500.EI-4800G_5.20.R2221P05 5500.EI-4800G_5.20.R2221P04-US JD373A HP 5500-24G DC EI Switch JD374A HP 5500-24G-SFP EI Switch JD375A HP 5500-48G EI Switch JD376A HP 5500-48G-PoE EI Switch JD377A HP 5500-24G EI Switch JD378A HP 5500-24G-PoE EI Switch JD379A HP 5500-24G-SFP DC EI Switch JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts H3C S5500-28C-EI Ethernet Switch (0235A253) H3C S5500-28F-EI Eth Switch AC Single (0235A24U) H3C S5500-52C-EI Ethernet Switch (0235A24X) H3C S5500-28C-EI-DC Ethernet Switch (0235A24S) H3C S5500-28C-PWR-EI Ethernet Switch (0235A255) H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259) H3C S5500-52C-PWR-EI Ethernet Switch (0235A251)

5500 SI Switch Series 5500.SI_5.20.R2221P04 JD369A HP 5500-24G SI Switch JD370A HP 5500-48G SI Switch JD371A HP 5500-24G-PoE SI Switch JD372A HP 5500-48G-PoE SI Switch JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts H3C S5500-28C-SI Ethernet Switch (0235A04U) H3C S5500-52C-SI Ethernet Switch (0235A04V) H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H) H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)

5120 EI Switch Series 5120.EI-4210G-4510G_5.20.R2221P04 5120.EI-4210G-4510G_5.20.R2221P04-US JE066A HP 5120-24G EI Switch JE067A HP 5120-48G EI Switch JE068A HP 5120-24G EI Switch with 2 Slots JE069A HP 5120-48G EI Switch with 2 Slots JE070A HP 5120-24G-PoE EI Switch with 2 Slots JE071A HP 5120-48G-PoE EI Switch with 2 Slots JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ) H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS) H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR) H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT) H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU) H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)

5120 SI switch Series 5120.SI_5.20.R1513P86 JE072A HP 5120-48G SI Switch JE073A HP 5120-16G SI Switch JE074A HP 5120-24G SI Switch JG091A HP 5120-24G-PoE+ (370W) SI Switch JG092A HP 5120-24G-PoE+ (170W) SI Switch H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W) H3C S5120-20P-SI L2 16GE Plus 4SFP (0235A42B) H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D) H3C S5120-28P-HPWR-SI (0235A0E5) H3C S5120-28P-PWR-SI (0235A0E3)

4800 G Switch Series 5500.EI-4800G_5.20.R2221P05 5500.EI-4800G_5.20.R2221P04-US JD007A HP 4800-24G Switch JD008A HP 4800-24G-PoE Switch JD009A HP 4800-24G-SFP Switch JD010A HP 4800-48G Switch JD011A HP 4800-48G-PoE Switch

3Com Switch 4800G 24-Port (3CRS48G-24-91) 3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91) 3Com Switch 4800G 48-Port (3CRS48G-48-91) 3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91) 3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)

4510G Switch Series 5500.EI-4800G_5.20.R2221P05 5500.EI-4800G_5.20.R2221P04-US JF428A HP 4510-48G Switch JF847A HP 4510-24G Switch

3Com Switch 4510G 48 Port (3CRS45G-48-91) 3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91) 3Com Switch E4510-24G (3CRS45G-24-91)

4210G Switch Series 5120.EI-4210G-4510G_5.20.R2221P04 5120.EI-4210G-4510G_5.20.R2221P04-US JF844A HP 4210-24G Switch JF845A HP 4210-48G Switch JF846A HP 4210-24G-PoE Switch

3Com Switch 4210-24G (3CRS42G-24-91) 3Com Switch 4210-48G (3CRS42G-48-91) 3Com Switch E4210-24G-PoE (3CRS42G-24P-91)

3610 Switch Series S3610-5510_5.20.R5319P08 JD335A HP 3610-48 Switch JD336A HP 3610-24-4G-SFP Switch JD337A HP 3610-24-2G-2G-SFP Switch JD338A HP 3610-24-SFP Switch H3C S3610-52P - model LS-3610-52P-OVS (0235A22C) H3C S3610-28P - model LS-3610-28P-OVS (0235A22D) H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E) H3C S3610-28F - model LS-3610-28F-OVS (0235A22F)

3600 V2 Switch Series 3600V2_5.20.R2109P05 JG299A HP 3600-24 v2 EI Switch JG300A HP 3600-48 v2 EI Switch JG301A HP 3600-24-PoE+ v2 EI Switch JG301B HP 3600-24-PoE+ v2 EI Switch JG302A HP 3600-48-PoE+ v2 EI Switch JG302B HP 3600-48-PoE+ v2 EI Switch JG303A HP 3600-24-SFP v2 EI Switch JG304A HP 3600-24 v2 SI Switch JG305A HP 3600-48 v2 SI Switch JG306A HP 3600-24-PoE+ v2 SI Switch JG306B HP 3600-24-PoE+ v2 SI Switch JG307A HP 3600-48-PoE+ v2 SI Switch JG307B HP 3600-48-PoE+ v2 SI Switch

3100V2 3100V2_5.20.R5203P07 JD313B HP 3100-24-PoE v2 EI Switch JD318B HP 3100-8 v2 EI Switch JD319B HP 3100-16 v2 EI Switch JD320B HP 3100-24 v2 EI Switch JG221A HP 3100-8 v2 SI Switch JG222A HP 3100-16 v2 SI Switch JG223A HP 3100-24 v2 SI Switch

3100V2-48 3100V2.48_5.20.R2109P05 JG315A HP 3100-48 v2 Switch

1920.0 1920-48G-JG927A_5.20.R1104 1920-8G-PoE-65W-JG921A_5.20.R1104 1920-8G-JG920A_5.20.R1104 1920-24G-PoE-370W-JG926A_5.20.R1104 1920-24G-PoE-180W-JG925A_5.20.R1104 1920-24G-JG924A_5.20.R1104 1920-16G-JG923A_5.20.R1104 1920-8G-PoE-180W-JG922A_5.20.R1104 JG927A HP 1920-48G Switch JG921A HP 1920-8G-PoE+ (65W) Switch JG920A HP 1920-8G Switch JG926A HP 1920-24G-PoE+ (370W) Switch JG925A HP 1920-24G-PoE+ (180W) Switch JG924A HP 1920-24G Switch JG923A HP 1920-16G Switch JG922A HP 1920-8G-PoE+ (180W) Switch

1910.0 1910-8-POE-JG537_5.20.R1106 1910-48-JG540_5.20.R1106 1910-24-JG538_5.20.R1106 1910-24-POE-JG539_5.20.R1106 1910-8-JG536_5.20.R1106 JG537A HP 1910-8 -PoE+ Switch JG540A HP 1910-48 Switch JG538A HP 1910-24 Switch JG539A HP 1910-24-PoE+ Switch JG536A HP 1910-8 Switch

1810v1 P2 Fix in progress use mitigations J9449A HP 1810-8G Switch J9450A HP 1810-24G Switch

1810v1 PK Fix in progress use mitigations J9660A HP 1810-48G Switch

MSR20 MSR20.SI_5.20.R2513P02 JD432A HP A-MSR20-21 Multi-Service Router JD662A HP MSR20-20 Multi-Service Router JD663A HP MSR20-21 Multi-Service Router JD663B HP MSR20-21 Router JD664A HP MSR20-40 Multi-Service Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326) H3C MSR 20-20 (0235A19H) H3C MSR 20-21 (0235A325) H3C MSR 20-40 (0235A19K) H3C MSR-20-21 Router (0235A19J)

MSR20-1X MSR201X_5.20.R2513P02 JD431A HP MSR20-10 Router JD667A HP MSR20-15 IW Multi-Service Router JD668A HP MSR20-13 Multi-Service Router JD669A HP MSR20-13 W Multi-Service Router JD670A HP MSR20-15 A Multi-Service Router JD671A HP MSR20-15 AW Multi-Service Router JD672A HP MSR20-15 I Multi-Service Router JD673A HP MSR20-11 Multi-Service Router JD674A HP MSR20-12 Multi-Service Router JD675A HP MSR20-12 W Multi-Service Router JD676A HP MSR20-12 T1 Multi-Service Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router JG209A HP MSR20-12-T-W Router (NA) JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) H3C MSR 20-10 (0235A0A7) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-11 (0235A31V) H3C MSR 20-12 (0235A32E) H3C MSR 20-12 T1 (0235A32B) H3C MSR 20-13 (0235A31W) H3C MSR 20-13 W (0235A31X) H3C MSR 20-15 A (0235A31Q) H3C MSR 20-15 A W (0235A31R) H3C MSR 20-15 I (0235A31N) H3C MSR 20-15 IW (0235A31P) H3C MSR20-12 W (0235A32G)

MSR30 MSR30.SI_5.20.R2513P02 JD654A HP MSR30-60 POE Multi-Service Router JD657A HP MSR30-40 Multi-Service Router JD658A HP MSR30-60 Multi-Service Router JD660A HP MSR30-20 POE Multi-Service Router JD661A HP MSR30-40 POE Multi-Service Router JD666A HP MSR30-20 Multi-Service Router JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF232A HP RT-MSR3040-AC-OVS-AS-H3 JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S) H3C MSR 30-20 (0235A19L) H3C MSR 30-20 POE (0235A239) H3C MSR 30-40 (0235A20J) H3C MSR 30-40 POE (0235A25R) H3C MSR 30-60 (0235A20K) H3C MSR 30-60 POE (0235A25S) H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)

MSR30-16 MSR3016.SI_5.20.R2513P02 JD659A HP MSR30-16 POE Multi-Service Router JD665A HP MSR30-16 Multi-Service Router JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) H3C MSR 30-16 (0235A237) H3C MSR 30-16 POE (0235A238)

MSR30-1X MSR301X.SI_5.20.R2513P09 JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) H3C RT-MSR3011-AC-OVS-H3 (0235A29L)

MSR50 MSR50.SI_5.20.R2513P02 JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR5040-DC-OVS-H3C (0235A20P) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L)

MSR50-G2 MSR50.EPUSI_5.20.R2513P02 JD429A HP MSR50 G2 Processor Module JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q) H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD(0231A0KL)

MSR20 Russian version MSR20.SI_5.20.R2513L03.RU JD663B HP MSR20-21 Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326)

MSR20-1X Russian version MSR201X_5.20.R2513L03.RU JD431A HP MSR20-10 Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)

MSR30 Russian version MSR30.SI_5.20.R2513L03.RU JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)

MSR30-16 Russian version MSR3016.SI_5.20.R2513L03.RU JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)

MSR30-1X Russian version MSR301X.SI_5.20.R2513L03.RU JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L) H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)

MSR50 Russian version MSR50.SI_5.20.R2513L03.RU JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR 50 Processor Module (0231A791) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR5040-DC-OVS-H3C (0235A20P)

MSR50 G2 Russian version MSR50.EPUSI_5.20.R2513L03.RU JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL)

MSR9XX MSR9XX_5.20.R2513P02 JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr JG207A HP MSR900-W Router (NA) JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)

MSR93X MSR93X_5.20.R2513P02 JG511A HP MSR930 Router JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router

MSR1000 MSR1000_5.20.R2513P02 JG732A HP MSR1003-8 AC Router

MSR1000 Russian version MSR1000_5.20.R2513L03-RU JG732A HP MSR1003-8 AC Router

MSR2000 MSR2000_7.10.R0106P02 JG411A HP MSR2003 AC Router

MSR3000 MSR3000_7.10.R0106P02 JG404A HP MSR3064 Router JG405A HP MSR3044 Router JG406A HP MSR3024 AC Router JG409A HP MSR3012 AC Router JG861A HP MSR3024 TAA-compliant AC Router

MSR4000 MSR4000_7.10.R0106P02 JG402A HP MSR4080 Router Chassis JG403A HP MSR4060 Router Chassis JG412A HP MSR4000 MPU-100 Main Processing Unit

F5000 SECPATH5000FA_5.20.F3210P20 JG216A HP F5000 Firewall Standalone Chassis JD259A HP A5000-A5 VPN Firewall Chassis H3C SecPath F5000-A5 Host System (0150A0AG)

F5000 C F5000C_5.20.R3811 JG650A HP F5000-C VPN Firewall Appliance

F5000 S F5000S_5.20.R3811 JG370A HP F5000-S VPN Firewall Appliance

U200S and CS U200S_U200CS_5.20.F5123P27 JD268A HP 200-CS UTM Appliance JD273A HP U200-S UTM Appliance H3C SecPath U200-S (0235A36N)

U200A and M U200A_U200M_5.20.F5123P27 JD274A HP 200-M UTM Appliance JD275A HP U200-A UTM Appliance H3C SecPath U200-A (0235A36Q)

F1000A and S AF1000S.EI_3.40.R3734 JD270A HP S1000-S VPN Firewall Appliance JD271A HP S1000-A VPN Firewall Appliance JG213A HP F1000-S-EI VPN Firewall Appliance JG214A HP F1000-A-EI VPN Firewall Appliance

SecBlade III SECBLADEIII.FW_5.20.R3820 JG371A HP 12500 20Gbps VPN Firewall Module JG372A HP 10500/11900/7500 20Gbps VPN FW Mod

SecBlade FW SECBLADE2-FW_5.20.R3181 JC635A HP 12500 VPN Firewall Module JD245A HP 9500 VPN Firewall Module JD249A HP 10500/7500 Advanced VPN Firewall Mod JD250A HP 6600 Firewall Processing Rtr Module JD251A HP 8800 Firewall Processing Module JD255A HP 5820 VPN Firewall Module H3C S9500E SecBlade VPN Firewall Module (0231A0AV) H3C S7500E SecBlade VPN Firewall Module (0231A832) H3C SR66 Gigabit Firewall Module (0231A88A) H3C SR88 Firewall Processing Module (0231A88L) H3C S5820 SecBlade VPN Firewall Module (0231A94J)

F1000E SECPATH1000FE_5.20.R3181 JD272A HP S1000-E VPN Firewall Appliance

VSR1000 VSR1000_7.10.R0203 JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software JG811AAE HP VSR1001 Comware 7 Virtual Services Router JG812AAE HP VSR1004 Comware 7 Virtual Services Router JG813AAE HP VSR1008 Comware 7 Virtual Services Router

WX5002/5004 WX5002-WX5004_5.20.R2507P26 JD441A HP 5800 ACM for 64-256 APs JD447B HP WX5002 Access Controller JD448A HP A-WX5004 Access Controller JD448B HP WX5004 Access Controller JD469A HP A-WX5004 (3Com) Access Controller JG261A HP 5800 Access Controller OAA TAA Mod

HP 850/870 850-870_5.20.R2607P26 JG723A HP 870 Unified Wired-WLAN Appliance JG725A HP 870 Unifd Wrd-WLAN TAA Applnc JG722A HP 850 Unified Wired-WLAN Appliance JG724A HP 850 Unifd Wrd-WLAN TAA Applnc

HP 830 830_5.20.R3507P26 JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch

HP 6000 6000_5.20.R2507P27 JG639A HP 10500/7500 20G Unified Wired-WLAN Mod JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod

M220 Fix in progress use mitigations J9798A HP M220 802.11n AM Access Point J9799A HP M220 802.11n WW Access Point

NGFW The Software Downloads and software release notes for your NGFW Appliance(s) can be acquired with a valid support contract by accessing the Threat Management Center (TMC). In your web browser open https://tmc.tippingpoint.com. JC882A HP S1050F NGFW Aplnc w/DVLabs 1-yr Lic JC883A HP S3010F NGFW Aplnc w/DVLabs 1-yr Lic JC884A HP S3020F NGFW Aplnc w/DVLabs 1-yr Lic JC885A HP S8005F NGFW Aplnc w/DVLabs 1-yr Lic JC886A HP S8010F NGFW Aplnc w/DVLabs 1-yr Lic

iMC UAM 7.x 5.x iMC UAM 7.0 (E0203P04) JD144A HP IMC UAM S/W Module w/200-User License JF388A HP IMC UAM S/W Module w/200-user License JD435A HP IMC EAD Client Software JF388AAE HP IMC UAM S/W Module w/200-user E-LTU JG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU

iMC EAD 7.x 5.x iMC EAD v7.1 (E0301) JF391AAE HP IMC EAD S/W Module w/200-user E-LTU JG754AAE HP IMC EAD SW Module w/ 50-user E-LTU JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License JF391A HP IMC EAD S/W Module w/200-user License

HISTORY Version:1 (rev.1) - 20 June 2014 Initial release Version:2 (rev.2) - 20 November 2014 Removed iMC Platform Products, 5900 virtual switch, and Router 8800 products. Further analysis revealed that those products as not vulnerable. Added additional products.

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux)

iEYEARECAAYFAlRuJqYACgkQ4B86/C0qfVkBZwCg+M/bssV0KI2Nfe2delq1N6KO 2ZUAoKT/5gXpIsdJb4Jyh8GVclzk70rZ =9QSF -----END PGP SIGNATURE----- . OpenSSL Security Advisory [05 Jun 2014] ========================================

SSL/TLS MITM vulnerability (CVE-2014-0224)

An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.

The attack can only be performed between a vulnerable client and server. OpenSSL clients are vulnerable in all versions of OpenSSL. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC.

The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi.

DTLS recursion flaw (CVE-2014-0221)

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.

Only applications using OpenSSL as a DTLS client are affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This issue was reported to OpenSSL on 9th May 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

DTLS invalid fragment vulnerability (CVE-2014-0195)

A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server.

Only applications using OpenSSL as a DTLS client or server affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Thanks to Jüri Aedla for reporting this issue. This issue was reported to OpenSSL on 23rd April 2014 via HP ZDI.

The fix was developed by Stephen Henson of the OpenSSL core team. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public. The fix was developed by Matt Caswell of the OpenSSL development team.

SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)

A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public.

Anonymous ECDH denial of service (CVE-2014-3470)

OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.

OpenSSL 0.9.8 users should upgrade to 0.9.8za OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.

Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this issue. This issue was reported to OpenSSL on 28th May 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

Other issues

OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g.

References

URL for this Security Advisory: http://www.openssl.org/news/secadv_20140605.txt

Note: the online version of the advisory may be updated with additional details over time.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures:

Red Hat Storage Server 2.1 - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. (CVE-2014-0195)

Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)

Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

  1. Package List:

Red Hat Storage Server 2.1:

Source: openssl-1.0.1e-16.el6_5.14.src.rpm

x86_64: openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201405-0244",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "19"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "mariadb",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mariadb",
        "version": "10.0.13"
      },
      {
        "model": "linux enterprise software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "20"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "mariadb",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mariadb",
        "version": "10.0.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "12.3"
      },
      {
        "model": "linux enterprise workstation extension",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "bladecenter advanced management module 3.66e",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "security enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8.106"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "policy center v100r003c00spc305",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.20.5.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "documentum content server p06",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58200"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800"
      },
      {
        "model": "junos os 13.1r4-s3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "junos 12.1r8-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "ip video phone e20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "ios software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.5"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mate products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.2"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "cp1543-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "junos 12.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "isoc v200r001c00spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "60000"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.9"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "small business isa500 series integrated security appliances",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.2"
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1"
      },
      {
        "model": "junos 12.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os 7.4r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "junos os 11.4r12-s4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v2-480"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "junos 11.4r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.28"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "56000"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.3"
      },
      {
        "model": "uacos c4.4r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "dsr-500n 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "msr3000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "video surveillance series ip camera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "idp 4.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "10.4"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.3"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2"
      },
      {
        "model": "m220 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "usg9500 usg9500 v300r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58300"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "spa510 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "espace u19** v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "4800g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "uma v200r001c00spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "idp 4.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.5"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "usg9500 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "vpn client v100r001c02spc702",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "secure analytics 2013.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "uma v200r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "oceanstor s6800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "isoc v200r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "119000"
      },
      {
        "model": "secure analytics 2014.2r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "enterprise linux server eus 6.5.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.10"
      },
      {
        "model": "simatic wincc oa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.12"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.2"
      },
      {
        "model": "junos 13.1r3-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "manageone v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "eupp v100r001c10spc002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "10"
      },
      {
        "model": "prime performance manager for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "oneview",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.10"
      },
      {
        "model": "f1000a and s family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "s7700\u0026s9700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.6"
      },
      {
        "model": "prime access registrar appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "u200a and m family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.10"
      },
      {
        "model": "flex system fc5022",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "850/8700"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "junos 11.4r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "s3900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "unified communications widgets click to call",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agile controller v100r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace usm v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "softco v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5500t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence t series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5"
      },
      {
        "model": "junos d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mds switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart update manager for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.1"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "documentum content server p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "hsr6602 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.4"
      },
      {
        "model": "wag310g wireless-g adsl2+ gateway with voip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "security threat response manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2012.1"
      },
      {
        "model": "nexus switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "31640"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.2"
      },
      {
        "model": "fastsetup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "unified wireless ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "29200"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.5"
      },
      {
        "model": "fusionsphere v100r003c10spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ive os 8.0r4.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "msr93x family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "smc2.0 v100r002c01b025sp07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "s2700\u0026s3700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace cc v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "wx5002/5004 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "ida pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hex ray",
        "version": "6.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-3"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "jabber for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "usg5000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "junos 11.4r12",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "a6600 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "isoc v200r001c01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "si switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51200"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vsr1000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "esight-ewl v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 13.3r2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.4"
      },
      {
        "model": "junos 12.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "10.1"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c91",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "asg2000 v100r001c10sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "manageone v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "10.2"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart call home",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "simatic wincc oa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.8"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "s7700\u0026s9700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.3"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "oic v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "s6900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vsm v200r002c00spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "ecns610 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ucs b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "junos 13.2r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos r7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "documentum content server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.4"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.9"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "msr20 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 12.1r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s5900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 13.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 11.4r10-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "documentum content server p05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "oceanstor s6800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "junos 5.0r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129000"
      },
      {
        "model": "fortios build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0589"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "documentum content server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "hsr6800 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "jabber im for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "snapdrive for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.1"
      },
      {
        "model": "small cell factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "quantum policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "msr20 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "manageone v100r002c10 spc320",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "svn2200 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "msr1000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.1"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "secblade iii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "espace vtm v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 10.4r",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "junos 12.1r8-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "ssl vpn 8.0r4.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "advanced settings utility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "msr1000 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "spa525 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "junos 13.1r4-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "(comware family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12500v7)0"
      },
      {
        "model": "automation stratix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "590015.6.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.2"
      },
      {
        "model": "cp1543-1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.1.25"
      },
      {
        "model": "ive os 7.4r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "secure analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "advanced settings utility",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "eupp v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "msr30 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "nexus series fabric extenders",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.0"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "strm 2012.1r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "junos pulse 5.0r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "telepresence mxp series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "junos 13.3r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "documentum content server p02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "sbr global enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "espace u2980 v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "uma-db v2r1coospc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security information and event management hf6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jsa 2014.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.2"
      },
      {
        "model": "telepresence exchange system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7900.00"
      },
      {
        "model": "usg9300 usg9300 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s12700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "f1000e family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "desktop collaboration experience dx650",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos os 12.2r9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "oncommand unified manager core package 5.2.1p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "automation stratix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "59000"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "oceanstor s2200t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19200"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.3"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7600-"
      },
      {
        "model": "hsr6602 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "espace u2990 v200r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.0"
      },
      {
        "model": "secure analytics 2014.2r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s7-1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "s2900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02spc800",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "dsr-1000n rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.10"
      },
      {
        "model": "junos 13.3r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.6"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51200"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.21"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "svn5500 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "telepresence ip gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1"
      },
      {
        "model": "junos 12.1r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "simatic s7-1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.5.0"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.2.0.1055"
      },
      {
        "model": "msr50 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "open systems snapvault 3.0.1p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.2"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "usg5000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "jabber voice for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "idp 4.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.9"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7700"
      },
      {
        "model": "strm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2012.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.4"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "msr50 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4x27"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "junos 12.1x45-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cc v200r001c31",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.4"
      },
      {
        "model": "junos 13.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "junos 13.2r2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "u200s and cs family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security threat response manager 2013.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s12700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s5900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "xenmobile app controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "2.10"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.10648"
      },
      {
        "model": "xenmobile app controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "2.9"
      },
      {
        "model": "esight v2r3c10spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5500t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "isoc v200r001c02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.1"
      },
      {
        "model": "software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.4"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "security information and event management hf3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1.4"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.6"
      },
      {
        "model": "hsr6800 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "documentum content server sp2 p13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.5"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "s3900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.01"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v5)0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "anyoffice emm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "2.6.0601.0090"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ddos secure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.14.1-1"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.2"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "tivoli storage flashcopy manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.12"
      },
      {
        "model": "vsm v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos os 12.3r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "simatic s7-1500",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.6"
      },
      {
        "model": "strm/jsa 2013.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ngfw family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "powervu d9190 comditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.3"
      },
      {
        "model": "junos 10.4r16",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "junos 12.3r4-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.203"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "msr50-g2 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "ive os 7.4r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.21"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "usg9500 usg9500 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "softco v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "documentum content server sp2 p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "junos 5.0r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2700\u0026s3700 v100r006c05+v100r06h",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os 8.0r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "oceanstor s6800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "11.16"
      },
      {
        "model": "junos os 14.1r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "junos os 13.2r5-s1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "ecns600 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "sbr enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "telepresence mcu series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "jabber voice for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asg2000 v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "idp 5.1r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "oic v100r001c00spc402",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.0"
      },
      {
        "model": "junos os 12.1x46-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "uacos c5.0r4.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 13.1r.3-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "nac manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s7700\u0026s9700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smc2.0 v100r002c01b017sp17",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.6"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58000"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.8"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.5"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.7"
      },
      {
        "model": "junos os 12.1x46-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.6"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "dsr-1000 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v20"
      },
      {
        "model": "junos 12.1x45-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "tivoli storage flashcopy manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "uacos c5.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "strm/jsa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vtm v100r001c30",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "logcenter v200r003c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "oceanstor s5500t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "dynamic system analysis",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "imc uam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.00"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "ssl vpn 7.4r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.2.0.9"
      },
      {
        "model": "usg2000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "dsm v100r002c05spc615",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 10.4s",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.6"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "espace u2980 v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "intelligent management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v7)0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 11.4r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.6"
      },
      {
        "model": "s7700\u0026s9700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ecns600 v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oceanstor s2600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u19** v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.20"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.5"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "oceanstor s5600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "9500e family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ace application control engine module ace20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "msr30-16 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.2"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "f5000 c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0.1880"
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c09",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.10"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0.2354"
      },
      {
        "model": "agent desktop for cisco unified contact center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "toolscenter suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.53"
      },
      {
        "model": "f5000 s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "simatic s7-1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "telepresence ip vcr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "msr20-1x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "unified communications series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "si switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "ape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "hyperdp v200r001c91spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.1"
      },
      {
        "model": "unified attendant console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security threat response manager 2012.1r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "dsr-500 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "s3900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "documentum content server sp1 p26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.1"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security information and event management hf11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3.2"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.3"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "junos 12.1x45-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "eupp v100r001c01spc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ace application control engine module ace10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "20"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.4"
      },
      {
        "model": "junos 10.4s15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ecns600 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "36100"
      },
      {
        "model": "junos 13.2r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os 7.4r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hi switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "msr30-1x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.7"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "oceanstor s2600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "msr9xx family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "msr2000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "10.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.12"
      },
      {
        "model": "msr30 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "manageone v100r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463011.5"
      },
      {
        "model": "junos 12.2r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "ave2000 v100r001c00sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security information and event management ga",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4.0"
      },
      {
        "model": "svn2200 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125000"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.2"
      },
      {
        "model": "esight-ewl v300r001c10spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ave2000 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.4"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "tsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "msr30-16 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "usg9500 v300r001c01spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "imc ead",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.00"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v20"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "fortios b064",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-1"
      },
      {
        "model": "documentum content server sp2 p15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "10.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.3"
      },
      {
        "model": "usg9500 v300r001c20sph102",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "asa cx context-aware security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.13"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "msr4000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "unified im and presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.2r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.21"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "usg9300 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "elog v100r003c01spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "anyoffice v200r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.5"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.6"
      },
      {
        "model": "vpn client v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "metro ethernet series access devices",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12000"
      },
      {
        "model": "mcp russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66000"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.1"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.2"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "s5900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "13.10"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s6900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ecns610 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.0.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.1"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "a6600 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "junos 12.1r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "f5000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19100"
      },
      {
        "model": "fusionsphere v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "usg9500 usg9500 v300r001c20",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tsm v100r002c07spc219",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u2990 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "prime infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "espace iad v300r002c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos r11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "ace application control engine appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "documentum content server sp1 p28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66020"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4x27.62"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "oceanstor s5600t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "espace iad v300r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "pk family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1810v10"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "junos os 13.3r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59200"
      },
      {
        "model": "oceanstor s6800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "manageone v100r001c02 spc901",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 11.4r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-2"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x45-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6.1"
      },
      {
        "model": "oceanstor s2600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "dsr-500n rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "4210g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "oceanstor s5800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "isoc v200r001c02spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "ios xr software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "ons series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154000"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nip2000\u00265000 v100r002c10spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hyperdp v200r001c09spc501",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "webapp secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7.0"
      },
      {
        "model": "security threat response manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "eupp v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "toolscenter suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "junos 13.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "dsr-500 rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "policy center v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "junos d15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45-"
      },
      {
        "model": "telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13100"
      },
      {
        "model": "junos os 12.1x47-d15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9900"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59000"
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "oceanstor s5800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "usg2000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart update manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4.1"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "mcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66000"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.92743"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75000"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69000"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8300"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "junos 12.2r8-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "oceanstor s5600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.7"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "jabber video for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secblade fw family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tssc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.15"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.2"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.2"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "webex connect client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "junos 10.4r15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "uacos c4.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "elog v100r003c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos pulse 4.0r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security module for cisco network registar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6"
      },
      {
        "model": "junos 14.1r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "p2 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1810v10"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "junos 10.0s25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "softco v200r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "s6900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "svn5500 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.2"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.1"
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "msr50 g2 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "junos 10.4r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "agent desktop for cisco unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.3r4-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "dsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "cms r17ac.h",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "agile controller v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.1"
      },
      {
        "model": "nip2000\u00265000 v100r002c10hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66020"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.4"
      },
      {
        "model": "junos r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "oceanstor s5800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5500t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "css series content services switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "115000"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.10"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smc2.0 v100r002c01b017sp16",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.10"
      },
      {
        "model": "espace iad v300r001c07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.0"
      },
      {
        "model": "dynamic system analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "s7700\u0026s9700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "blackberry link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "1.2"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.05"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "msr20-1x family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.107"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.6"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "msr30-1x family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "4510g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "physical access gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "dsr-1000 rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "session border controller enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "s7700\u0026s9700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "dsr-1000n 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "junos 12.1r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os 8.0r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89410"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "isoc v200r001c01spc101",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      },
      {
        "model": "documentum content server sp2 p16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "oceanstor s2200t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "espace usm v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos os 12.1x44-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67193"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-057"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0198"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.1g",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.13",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0198"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127326"
      },
      {
        "db": "PACKETSTORM",
        "id": "129218"
      },
      {
        "db": "PACKETSTORM",
        "id": "127265"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2014-0198",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-0198",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-0198",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201405-057",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-0198",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-057"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0198"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application, resulting  in denial-of-service conditions. \n\nThe oldstable distribution (squeeze) is not affected. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.0.1e-2+deb7u9. \n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.0.1g-4. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.0.1g-4. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://advisories.mageia.org/MGASA-2014-0204.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 0960978623ce1a63b660860f11a273cd  mbs1/x86_64/lib64openssl1.0.0-1.0.0k-1.3.mbs1.x86_64.rpm\n a1f2e8359b1823df2bbf4cef25ed0fa5  mbs1/x86_64/lib64openssl-devel-1.0.0k-1.3.mbs1.x86_64.rpm\n 9caf8ee1e9151cd22cc8bbbcec6ddc64  mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0k-1.3.mbs1.x86_64.rpm\n e7e8655dcdfcf3499b5d3280a7023beb  mbs1/x86_64/lib64openssl-static-devel-1.0.0k-1.3.mbs1.x86_64.rpm\n 34ef39c4e07e20ed081ff466b744e6b1  mbs1/x86_64/openssl-1.0.0k-1.3.mbs1.x86_64.rpm \n 4c4315e35972686c692a095851d42cd4  mbs1/SRPMS/openssl-1.0.0k-1.3.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \n\nHP Insight Control server deployment packages HP System Management Homepage\n(SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM)\nand deploys them through the following components. This bulletin provides the\ninformation needed to update the HP Insight Control server deployment\nsolution. HP has provided manual update steps\nif a version upgrade is not possible; if users wish to remain at v7.1.2,\nv7.2.0, or v7.2.1. \n\nNote: It is important to check your current running version of HP Insight\nControl server deployment and to follow the correct steps listed below. For\nHP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and\nfollow the steps below to remove the vulnerability. That Security Bulletin with instructions on how to upgrade\nto v7.3.1 can be found here:\n\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n\na-c04267749\n\nHP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should\ntake the following steps to remove this vulnerability. \n\nDelete the files smhamd64-*.exe/smhx86-*.exe\" from Component Copy Location\nlisted in the following table, rows 1 and 2. \nDelete the files \"vcax86-*.exe/vcaamd64-*.exe from Component Copy Location\nlisted in the following table, rows 3 and 4. \nDelete the files hpsmh-7.*.rpm\" from Component Copy Location listed in row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nspecified in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba\n smhamd64-ccp023716.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n2\n http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05\n smhx86-cp023715.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n3\n http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13\n vcax86-cp023742.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2\n vcaamd64-cp023743.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\nDownload and extract the HPSUM 5.3.6 component from\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793\n\nCopy all content from extracted ZIP folder and paste into\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components\nInitiate Install HP Management Agents for SLES 11 x64 on targets running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on targets running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL\n6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL\n5 x64. \nInitiate Install HP Management Agents for Windows x86/x64 on targets running\nWindows. \n\nHP Insight Control server deployment users with v7.2.2:\n\nPlease upgrade to Insight Control server deployment v7.3.1 and follow the\nsteps below for v7.3.1. \n\nHP Insight Control server deployment users with v7.3.1:\n\nPerform steps 1 - 4 as outlined above for users with HP Insight Control\nserver deployment v7.1.2, v7.2.0, and v7.2.1. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201407-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: July 27, 2014\n     Bugs: #512506\n       ID: 201407-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, possibly allowing\nremote attackers to execute arbitrary code. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1h-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-5298\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298\n[ 2 ] CVE-2014-0195\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195\n[ 3 ] CVE-2014-0198\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198\n[ 4 ] CVE-2014-0221\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221\n[ 5 ] CVE-2014-0224\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224\n[ 6 ] CVE-2014-3470\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470\n[ 7 ] OpenSSL Security Advisory [05 Jun 2014]\n      http://www.openssl.org/news/secadv_20140605.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201407-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. These vulnerabilities include: \n\n* The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"POODLE\", which could be exploited remotely\nresulting in disclosure of information. \n\n  - HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2010-5298\n      4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\n      4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)\n\n    CVE-2014-0076\n      4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n      1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)\n\n    CVE-2014-0195\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-0198\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2014-0221\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2014-0224\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-3470\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2014-3566\n      3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\n      4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n    CVE-2016-0705\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE recommends applying the following software updates to resolve the\nvulnerabilities in the impacted versions of HPE StoreVirtual products running\nHPE LeftHand OS. \n\nLeftHand OS v11.5 - Patches 45019-00 and 45020 \nLeftHand OS v12.0 - Patches 50016-00 and 50017-00 \nLeftHand OS v12.5 - Patch 55016-00 \nLeftHand OS v12.6 - Patch 56002-00 \n\n**Notes:**\n\nThese patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision\nto OpenSSL v1.0.1e 48. \nThese patches migrate Certificate Authority Hashing Algorithm from a weak\nhashing algorithm SHA1 to the stronger hashing algorithm SHA256. Summary\n\n   VMware product updates address OpenSSL security vulnerabilities. \n\n2. Relevant Releases\n\n   ESXi 5.5 prior to ESXi550-201406401-SG\n\n\n3. \n\n      OpenSSL libraries have been updated in multiple products to\n      versions 0.9.8za and 1.0.1h in order to resolve multiple security\n      issues. \n \n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n\n      has assigned the names CVE-2014-0224, CVE-2014-0198, \n      CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to\n      these issues. The most important of these issues is \n      CVE-2014-0224. \n\n      CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to\n      be of moderate severity. Exploitation is highly unlikely or is\n      mitigated due to the application configuration. \n\n      CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL \n      Security Advisory (see Reference section below), do not affect\n      any VMware products. For readability\n      the affected products have been split into 3 tables below, \n      based on the different client-server configurations and\n      deployment scenarios. Applying these patches to \n      affected servers will mitigate the affected clients (See Table 1\n      below). can be mitigated by using a secure network such as \n      VPN (see Table 2 below). \n      \n      Clients and servers that are deployed on an isolated network are\n      less exposed to CVE-2014-0224 (see Table 3 below). The affected\n      products are typically deployed to communicate over the\n      management network. \n\n      RECOMMENDATIONS\n\n      VMware recommends customers evaluate and deploy patches for\n      affected Servers in Table 1 below as these patches become\n      available. Patching these servers will remove the ability to\n      exploit the vulnerability described in CVE-2014-0224 on both\n      clients and servers. VMware recommends customers consider \n      applying patches to products listed in Table 2 \u0026 3 as required. \n\n      Column 4 of the following tables lists the action required to\n      remediate the vulnerability in each release, if a solution is\n      available. \n\n      VMware                          Product  Running   Replace with/\n      Product                         Version  on        Apply Patch \n      ==============                  =======  =======   =============\n      ESXi                            5.5       ESXi     ESXi550-\n                                                         201406401-SG \n\n      Big Data Extensions             1.1                patch pending \n      Charge Back Manager             2.6                patch pending \n\n      Horizon Workspace Server \n      GATEWAY                         1.8.1              patch pending \n      Horizon Workspace Server \n      GATEWAY                         1.5                patch pending \n\n      Horizon Workspace Server \n      DATA                            1.8.1              patch pending \n\n      Horizon Mirage Edge Gateway     4.4.2              patch pending \n      Horizon View                    5.3.1              patch pending \n\n      Horizon View Feature Pack       5.3 SP2            patch pending \n\n      NSX for Multi-Hypervisor        4.1.2              patch pending \n      NSX for Multi-Hypervisor        4.0.3              patch pending \n      NSX for vSphere                 6.0.4              patch pending \n      NVP                             3.2.2              patch pending \n      vCAC                            6.0.1              patch pending \n\n      vCloud Networking and Security  5.5.2 \t\t patch pending \n      vCloud Networking and Security  5.1.2 \t\t patch pending \n\n      vFabric Web Server              5.3.4              patch pending \n\n      vCHS - DPS-Data Protection      2.0                patch pending \n      Service\n\n      Table 2\n      ========\n      Affected clients running a vulnerable version of OpenSSL 0.9.8 \n      or 1.0.1 and communicating over an untrusted network. \n\n      VMware                          Product  Running   Replace with/\n      Product                         Version  on        Apply Patch \n      ==============                  =======  =======   =============\n      vCSA                            5.5                patch pending \n      vCSA                            5.1                patch pending \n      vCSA                            5.0                patch pending \n\n\n      ESXi                            5.1       ESXi     patch pending \n      ESXi                            5.0       ESXi     patch pending  \n\n      Workstation                     10.0.2    any      patch pending \n      Workstation                     9.0.3     any      patch pending \n      Fusion                          6.x       OSX      patch pending \n      Fusion                          5.x       OSX      patch pending \n      Player                          10.0.2    any      patch pending \n      Player                          9.0.3     any      patch pending \n\n      Chargeback Manager              2.5.x              patch pending \n\n      Horizon Workspace Client for    1.8.1    OSX       patch pending \n      Mac\n      Horizon Workspace Client for    1.5      OSX       patch pending \n      Mac\n      Horizon Workspace Client for    1.8.1    Windows   patch pending \n      Windows       \n      Horizon Workspace Client for    1.5      Windows   patch pending \n\n      OVF Tool                        3.5.1              patch pending \n      OVF Tool                        3.0.1              patch pending \n\n      vCenter Operations Manager      5.8.1              patch pending \n\n      vCenter Support Assistant       5.5.0              patch pending \n      vCenter Support Assistant       5.5.1              patch pending \n      \n      vCD                             5.1.2              patch pending    \n      vCD                             5.1.3              patch pending \n      vCD                             5.5.1.1            patch pending \n      vCenter Site Recovery Manager   5.0.3.1            patch pending \n\n      Table 3\n      =======\n      The following table lists all affected clients running a\n      vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating\n      over an untrusted network. \n\n      VMware                          Product  Running   Replace with/\n      Product                         Version  on        Apply Patch \n      ==============                  =======  =======   =============\n      vCenter Server                  5.5       any      patch pending\n      vCenter Server                  5.1       any      patch pending\n      vCenter Server                  5.0       any      patch pending\n\n      Update Manager                  5.5       Windows  patch pending\n      Update Manager                  5.1       Windows  patch pending\n      Update Manager                  5.0       Windows  patch pending \n\n      Config Manager (VCM)            5.6                patch pending \n\n      Horizon View Client             5.3.1              patch pending \n      Horizon View Client             4.x                patch pending\n      Horizon Workspace               1.8.1              patch pending \n      Horizon Workspace               1.5                patch pending     \n \n   \n      ITBM Standard                   1.0.1              patch pending \n      ITBM Standard                   1.0                patch pending \n   \n      Studio                          2.6.0.0            patch pending \n    \n      Usage Meter                     3.3                patch pending \n      vCenter Chargeback Manager      2.6                patch pending \n      vCenter Converter Standalone    5.5                patch pending \n      vCenter Converter Standalone    5.1                patch pending \n      vCD (VCHS)                      5.6.2              patch pending \n      \n      vCenter Site Recovery Manager   5.5.1              patch pending \n      vCenter Site Recovery Manager   5.1.1              patch pending\n\n      vFabric Application Director    5.2.0              patch pending \n      vFabric Application Director    5.0.0              patch pending \n      View Client                     5.3.1              patch pending \n      View Client                     4.x                patch pending\n      VIX API                         5.5                patch pending \n      VIX API                         1.12               patch pending \n      \n      vMA (Management Assistant)      5.1.0.1            patch pending     \n  \n\n      VMware Data Recovery            2.0.3              patch pending \n     \n      VMware vSphere CLI              5.5                patch pending \n     \n      vSphere Replication             5.5.1              patch pending \n      vSphere Replication             5.6                patch pending \n      vSphere SDK for Perl            5.5                patch pending \n      vSphere Storage Appliance       5.5.1              patch pending \n      vSphere Storage Appliance       5.1.3              patch pending \n      vSphere Support Assistant       5.5.1              patch pending \n      vSphere Support Assistant       5.5.0              patch pending\n      vSphere Virtual Disk            5.5                patch pending \n      Development Kit                  \n      vSphere Virtual Disk            5.1                patch pending \n      Development Kit\n      vSphere Virtual Disk            5.0                patch pending \n      Development Kit\n \n   4. Solution\n\n   ESXi 5.5\n   ----------------------------\n\n   Download:\n   https://www.vmware.com/patchmgr/download.portal\n\n   Release Notes and Remediation Instructions:\n   http://kb.vmware.com/kb/2077359\n\n   5. References\n\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n   \n   https://www.openssl.org/news/secadv_20140605.txt\n\n- -----------------------------------------------------------------------\n\n6. Change Log\n\n   2014-06-10 VMSA-2014-0006\n   Initial security advisory in conjunction with the release of\n   ESXi 5.5 updates on 2014-06-10\n\n- -----------------------------------------------------------------------\n \n7. Contact\n\n   E-mail list for product security notifications and announcements:\n   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n   This Security Advisory is posted to the following lists:\n\n    security-announce at lists.vmware.com\n    bugtraq at securityfocus.com\n    fulldisclosure at seclists.org\n\n   E-mail: security at vmware.com\n   PGP key at: http://kb.vmware.com/kb/1055\n\n   VMware Security Advisories\n   http://www.vmware.com/security/advisories\n\n   VMware Security Response Policy\n   https://www.vmware.com/support/policies/security_response.html\n\n   VMware Lifecycle Support Phases\n   https://www.vmware.com/support/policies/lifecycle.html\n \n   Twitter\n   https://twitter.com/VMwareSRC\n\n   Copyright 2014 VMware Inc.  All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04347622\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04347622\nVersion: 2\n\nHPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote\nVulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-06-20\nLast Updated: 2014-11-20\n\nPotential Security Impact: Remote Denial of Service (DoS), code execution,\nunauthorized access, modification of information, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Network\nProducts running OpenSSL. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS), execute code, allow unauthorized access,\nmodify or disclose information. \n\nReferences:\n\n  CVE-2010-5298 (SSRT101561) Remote Denial of Service (DoS) or Modification\nof Information\n  CVE-2014-0198 (SSRT101561) Remote Unauthorized Access\n  CVE-2014-0224 (SSRT101593) Remote Unauthorized Access or Disclosure of\nInformation\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nPlease refer to the RESOLUTION\n section below for a list of impacted products. \n\nNOTE:\n\nAll products listed are impacted by CVE-2014-0224. This is the vulnerability\nknown as \"Heartbleed\". \nHP Intelligent Management Center (iMC) is also impacted by CVE-2014-0198 and\nCVE-2010-5298. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5298    (AV:N/AC:H/Au:N/C:N/I:P/A:P)       4.0\nCVE-2014-0198    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0224    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\nOn June 5th 2014, OpenSSL.org issued an advisory with several CVE\nvulnerabilities. HP Networking is working to release fixes for these\nvulnerabilities that impact the products in the table below. As fixed\nsoftware is made available, this security bulletin will be updated to show\nthe fixed versions. Until the software fixes are available, HP Networking is\nproviding the following information including possible workarounds to\nmitigate the risks of these vulnerabilities. \n\n  Workarounds\n\n    HP Networking equipment is typically deployed inside firewalls and access\nto management interfaces and other protocols is more tightly controlled than\nin public environments. \n\n    Following the guidelines in the Hardening Comware-based devices can help\nto further reduce man-in-the-middle opportunities:\n\n      http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=\nc03536920\n\n    For an HP Networking device acting as an OpenSSL Server, using a patched\nOpenSSL client or non-OpenSSL client eliminates the risk. \n\n  Protocol Notes\n\n    The following details the protocols that use OpenSSL in Comware v5 and\nComware v7:\n\n    - Comware V7:\n\n        Server:\n\n          FIPS/HTTPS/Load Balancing/Session Initiation Protocol\n\n        Client:\n\n          Load Balancing/OpenFlow/Session Initiation Protocol/State Machine\nBased Anti-Spoofing/Dynamic DNS\n\n    - Comware V5:\n\n      Server:\n\n        CAPWAP/EAP/SSLVPN\n\n      Client:\n\n        Dynamic DNS\n\nFamily\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n 3Com Branded Products Impacted\n\n12900 Switch Series\n 12900_7.10.R1109\n12900_7.10.R1005P07\n JG619A HP FF 12910 Switch AC Chassis\nJG621A HP FF 12910 Main Processing Unit\nJG632A HP FF 12916 Switch AC Chassis\nJG634A HP FF 12916 Main Processing Unit\n\n12500.0\n 12500_5.20.R1828P04\n12500_5.20.R1828P04-US\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJC808A HP 12500 TAA Main Processing Unit\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\n\n12500 (Comware v7)\n 12500_7.10.R7328P03\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJG497A HP 12500 MPU w/Comware V7 OS\nJG782A HP FF 12508E AC Switch Chassis\nJG783A HP FF 12508E DC Switch Chassis\nJG784A HP FF 12518E AC Switch Chassis\nJG785A HP FF 12518E DC Switch Chassis\nJG802A HP FF 12500E MPU\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\n\n11900 Switch Series\n 11900_7.10.R2111P04\n JG608A HP FF 11908-V Switch Chassis\nJG609A HP FF 11900 Main Processing Unit\n\n10500 Switch Series (Comware v5)\n 10500_5.20.R1208P09 10500_5.20.R1208P09-US\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC614A HP 10500 Main Processing Unit\nJC748A HP 10512 Switch Chassis\nJG375A HP 10500 TAA Main Processing Unit\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\n\n10500 Switch Series (Comware v7)\n 10500_7.10.R2111P04\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC748A HP 10512 Switch Chassis\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\nJG496A HP 10500 Type A MPU w/Comware v7 OS\n\n9500E\n S9500E_5.20.R1828P04\n JC124A HP A9508 Switch Chassis\nJC124B HP 9505 Switch Chassis\nJC125A HP A9512 Switch Chassis\nJC125B HP 9512 Switch Chassis\nJC474A HP A9508-V Switch Chassis\nJC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9512E Routing-Switch Chassis (0235A0G7)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9505E Chassis w/ Fans (0235A38P)\nH3C S9512E Chassis w/ Fans (0235A38R)\n\n7900.0\n 7900_7.10.R2118\n JG682A HP FlexFabric 7904 Switch Chassis\n\n7500 Switch Series\n 7500_5.20.R6708P09\n7500_5.20.R6708P09-US\n JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T\nJC697A HP A7502 TAA Main Processing Unit\nJC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE\nJC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE\nJC700A HP A7500 384 Gbps TAA Fabric / MPU\nJC701A HP A7510 768 Gbps TAA Fabric / MPU\nJD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports\nJD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports\nJD194A HP 384 Gbps Fabric A7500 Module\nJD194B HP 7500 384Gbps Fabric Module\nJD195A HP 7500 384Gbps Advanced Fabric Module\nJD196A HP 7502 Fabric Module\nJD220A HP 7500 768Gbps Fabric Module\nJD238A HP A7510 Switch Chassis\nJD238B HP 7510 Switch Chassis\nJD239A HP A7506 Switch Chassis\nJD239B HP 7506 Switch Chassis\nJD240A HP A7503 Switch Chassis\nJD240B HP 7503 Switch Chassis\nJD241A HP A7506 Vertical Switch Chassis\nJD241B HP 7506-V Switch Chassis\nJD242A HP A7502 Switch Chassis\nJD242B HP 7502 Switch Chassis\nJD243A HP A7503 Switch Chassis w/1 Fabric Slot\nJD243B HP 7503-S Switch Chassis w/1 Fabric Slot\n H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4)\nH3C S7503E Ethernet Switch Chassis with Fan (0235A0G2)\nH3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5)\nH3C S7506E Ethernet Switch Chassis with Fan (0235A0G1)\nH3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3)\nH3C S7510E Ethernet Switch Chassis with Fan (0235A0G0)\nH3C S7502E Chassis w/ fans (0235A29A)\nH3C S7503E Chassis w/ fans (0235A27R)\nH3C S7503E-S Chassis w/ fans (0235A33R)\nH3C S7506E Chassis w/ fans (0235A27Q)\nH3C S7506E-V Chassis w/ fans (0235A27S)\n\nHSR6800\n HSR6800_5.20.R3303P10\nHSR6800_5.20.R3303P10-US\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\nHSR6800 Russian Version\n HSR6800_5.20.R3303P10.RU\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\nHSR6602\n HSR6602_5.20.R3303P10\nHSR6602_5.20.R3303P10-US\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\nHSR6602 Russian Version\n HSR6602_5.20.R3303P10.RU\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\n6602.0\n 6602_5.20.R3303P10\n6602_5.20.R3303P10-US\n JC176A HP 6602 Router Chassis\n H3C SR6602 1U Router Host (0235A27D)\n\n6602 Russian Version\n 6602_5.20.R3303P10.RU\n JC176A HP 6602 Router Chassis\n H3C SR6602 1U Router Host (0235A27D)\n\nA6600\n 6600.RPE_5.20.R3303P10\n6600.RSE_5.20.R3303P10\n6600.RPE_5.20.R3303P10-US\n6600.RSE_5.20.R3303P10-US\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\nA6600 Russian Version\n 6600.RPE_5.20.R3303P10.RU\n6600.RSE_5.20.R3303P10.RU\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n6600 MCP\n HSR6602_5.20.R3303P10\nHSR6602_5.20.R3303P10-US\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n6600 MCP Russian Version\n HSR6602_5.20.R3303P10.RU\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU\nJG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n5920 Switch Series\n 5900AF-5920AF_7.10.R2311P01\n5900AF-5920AF_7.10.R2311P01-US\n JG296A HP 5920AF-24XG Switch\nJG555A HP 5920AF-24XG TAA Switch\n\n5900 Switch Series\n 5900AF-5920AF_7.10.R2311P01\n5900AF-5920AF_7.10.R2311P01-US\n JC772A HP 5900AF-48XG-4QSFP+ Switch\nJG336A HP 5900AF-48XGT-4QSFP+ Switch\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch\nJG554A HP 5900AF-48XG-4QSFP+ TAA Switch\nJG838A HP FF 5900CP-48XG-4QSFP+ Switch\n\n5830 Switch Series\n 5830_5.20.R1118P09\n5830_5.20.R1118P09-US\n JC691A HP A5830AF-48G Switch w/1 Interface Slot\nJC694A HP A5830AF-96G Switch\nJG316A HP 5830AF-48G TAA Switch w/1 Intf Slot\nJG374A HP 5830AF-96G TAA Switch\n\n5820 Switch Series\n 5800-5820X_5.20.R1808P25\n5800-5820X_5.20.R1808P27-US\n JC102A HP 5820-24XG-SFP+ Switch\nJC106A HP 5820-14XG-SFP+ Switch with 2 Slots\nJG219A HP 5820AF-24XG Switch\nJG243A HP 5820-24XG-SFP+ TAA-compliant Switch\nJG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots\n H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media\nmodules Plus OSM (0235A37L)\nH3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T\n(RJ45) (0235A370)\n\n5800 Switch Series\n 5800-5820X_5.20.R1808P25\n5800-5820X_5.20.R1808P27-US\n JC099A HP 5800-24G-PoE Switch\nJC100A HP 5800-24G Switch\nJC101A HP 5800-48G Switch with 2 Slots\nJC103A HP 5800-24G-SFP Switch\nJC104A HP 5800-48G-PoE Switch\nJC105A HP 5800-48G Switch\nJG225A HP 5800AF-48G Switch\nJG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots\nJG254A HP 5800-24G-PoE+ TAA-compliant Switch\nJG255A HP 5800-24G TAA-compliant Switch\nJG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt\nJG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot\nJG258A HP 5800-48G TAA Switch w 1 Intf Slot\n H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot\n(0235A36U)\nH3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X\n(SFP Plus ) Plus 1 media module PoE (0235A36S)\nH3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus\nmedia module (no power) (0235A374)\nH3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus\n) Plus media module (0235A379)\nH3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module\n(0235A378)\nH3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM\n(0235A36W)\n\n5500 HI Switch Series\n 5500.HI_5.20.R5501P02\n5500.HI_5.20.R5501P02-US\n JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch\nJG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch\nJG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt\nJG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt\nJG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt\nJG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt\nJG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt\nJG681A HP 5500-24G-SFP HI TAA Swch w/2Slt\n\n5500 EI Switch Series\n 5500.EI-4800G_5.20.R2221P05\n5500.EI-4800G_5.20.R2221P04-US\n JD373A HP 5500-24G DC EI Switch\nJD374A HP 5500-24G-SFP EI Switch\nJD375A HP 5500-48G EI Switch\nJD376A HP 5500-48G-PoE EI Switch\nJD377A HP 5500-24G EI Switch\nJD378A HP 5500-24G-PoE EI Switch\nJD379A HP 5500-24G-SFP DC EI Switch\nJG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts\nJG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts\nJG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts\nJG250A HP 5500-24G EI TAA Switch w 2 Intf Slts\nJG251A HP 5500-48G EI TAA Switch w 2 Intf Slts\nJG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts\nJG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts\n H3C S5500-28C-EI Ethernet Switch (0235A253)\nH3C S5500-28F-EI Eth Switch AC Single (0235A24U)\nH3C S5500-52C-EI Ethernet Switch (0235A24X)\nH3C S5500-28C-EI-DC Ethernet Switch (0235A24S)\nH3C S5500-28C-PWR-EI Ethernet Switch (0235A255)\nH3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259)\nH3C S5500-52C-PWR-EI Ethernet Switch (0235A251)\n\n5500 SI Switch Series\n 5500.SI_5.20.R2221P04\n JD369A HP 5500-24G SI Switch\nJD370A HP 5500-48G SI Switch\nJD371A HP 5500-24G-PoE SI Switch\nJD372A HP 5500-48G-PoE SI Switch\nJG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts\nJG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts\n H3C S5500-28C-SI Ethernet Switch (0235A04U)\nH3C S5500-52C-SI Ethernet Switch (0235A04V)\nH3C S5500-28C-PWR-SI Ethernet Switch (0235A05H)\nH3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)\n\n5120 EI Switch Series\n 5120.EI-4210G-4510G_5.20.R2221P04\n5120.EI-4210G-4510G_5.20.R2221P04-US\n JE066A HP 5120-24G EI Switch\nJE067A HP 5120-48G EI Switch\nJE068A HP 5120-24G EI Switch with 2 Slots\nJE069A HP 5120-48G EI Switch with 2 Slots\nJE070A HP 5120-24G-PoE EI Switch with 2 Slots\nJE071A HP 5120-48G-PoE EI Switch with 2 Slots\nJG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts\nJG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts\nJG245A HP 5120-24G EI TAA Switch w 2 Intf Slts\nJG246A HP 5120-48G EI TAA Switch w 2 Intf Slts\nJG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts\nJG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts\n H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ)\nH3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS)\nH3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR)\nH3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT)\nH3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU)\nH3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)\n\n5120 SI switch Series\n 5120.SI_5.20.R1513P86\n JE072A HP 5120-48G SI Switch\nJE073A HP 5120-16G SI Switch\nJE074A HP 5120-24G SI Switch\nJG091A HP 5120-24G-PoE+ (370W) SI Switch\nJG092A HP 5120-24G-PoE+ (170W) SI Switch\n H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W)\nH3C S5120-20P-SI L2\n16GE Plus 4SFP (0235A42B)\nH3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D)\nH3C S5120-28P-HPWR-SI (0235A0E5)\nH3C S5120-28P-PWR-SI (0235A0E3)\n\n4800 G Switch Series\n 5500.EI-4800G_5.20.R2221P05\n5500.EI-4800G_5.20.R2221P04-US\n JD007A HP 4800-24G Switch\nJD008A HP 4800-24G-PoE Switch\nJD009A HP 4800-24G-SFP Switch\nJD010A HP 4800-48G Switch\nJD011A HP 4800-48G-PoE Switch\n\n 3Com Switch 4800G 24-Port (3CRS48G-24-91)\n3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91)\n3Com Switch 4800G 48-Port (3CRS48G-48-91)\n3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91)\n3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)\n\n4510G Switch Series\n 5500.EI-4800G_5.20.R2221P05\n5500.EI-4800G_5.20.R2221P04-US\n JF428A HP 4510-48G Switch\nJF847A HP 4510-24G Switch\n\n 3Com Switch 4510G 48 Port (3CRS45G-48-91)\n3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91)\n3Com Switch E4510-24G (3CRS45G-24-91)\n\n4210G Switch Series\n 5120.EI-4210G-4510G_5.20.R2221P04\n5120.EI-4210G-4510G_5.20.R2221P04-US\n JF844A HP 4210-24G Switch\nJF845A HP 4210-48G Switch\nJF846A HP 4210-24G-PoE Switch\n\n 3Com Switch 4210-24G (3CRS42G-24-91)\n3Com Switch 4210-48G (3CRS42G-48-91)\n3Com Switch E4210-24G-PoE (3CRS42G-24P-91)\n\n3610 Switch Series\n S3610-5510_5.20.R5319P08\n JD335A HP 3610-48 Switch\nJD336A HP 3610-24-4G-SFP Switch\nJD337A HP 3610-24-2G-2G-SFP Switch\nJD338A HP 3610-24-SFP Switch\n H3C S3610-52P - model LS-3610-52P-OVS (0235A22C)\nH3C S3610-28P - model LS-3610-28P-OVS (0235A22D)\nH3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E)\nH3C S3610-28F - model LS-3610-28F-OVS (0235A22F)\n\n3600 V2 Switch Series\n 3600V2_5.20.R2109P05\n JG299A HP 3600-24 v2 EI Switch\nJG300A HP 3600-48 v2 EI Switch\nJG301A HP 3600-24-PoE+ v2 EI Switch\nJG301B HP 3600-24-PoE+ v2 EI Switch\nJG302A HP 3600-48-PoE+ v2 EI Switch\nJG302B HP 3600-48-PoE+ v2 EI Switch\nJG303A HP 3600-24-SFP v2 EI Switch\nJG304A HP 3600-24 v2 SI Switch\nJG305A HP 3600-48 v2 SI Switch\nJG306A HP 3600-24-PoE+ v2 SI Switch\nJG306B HP 3600-24-PoE+ v2 SI Switch\nJG307A HP 3600-48-PoE+ v2 SI Switch\nJG307B HP 3600-48-PoE+ v2 SI Switch\n\n3100V2\n 3100V2_5.20.R5203P07\n JD313B HP 3100-24-PoE v2 EI Switch\nJD318B HP 3100-8 v2 EI Switch\nJD319B HP 3100-16 v2 EI Switch\nJD320B HP 3100-24 v2 EI Switch\nJG221A HP 3100-8 v2 SI Switch\nJG222A HP 3100-16 v2 SI Switch\nJG223A HP 3100-24 v2 SI Switch\n\n3100V2-48\n 3100V2.48_5.20.R2109P05\n JG315A HP 3100-48 v2 Switch\n\n1920.0\n 1920-48G-JG927A_5.20.R1104\n1920-8G-PoE-65W-JG921A_5.20.R1104\n1920-8G-JG920A_5.20.R1104\n1920-24G-PoE-370W-JG926A_5.20.R1104\n1920-24G-PoE-180W-JG925A_5.20.R1104\n1920-24G-JG924A_5.20.R1104\n1920-16G-JG923A_5.20.R1104\n1920-8G-PoE-180W-JG922A_5.20.R1104\n JG927A HP 1920-48G Switch\nJG921A HP 1920-8G-PoE+ (65W) Switch\nJG920A HP 1920-8G Switch\nJG926A HP 1920-24G-PoE+ (370W) Switch\nJG925A HP 1920-24G-PoE+ (180W) Switch\nJG924A HP 1920-24G Switch\nJG923A HP 1920-16G Switch\nJG922A HP 1920-8G-PoE+ (180W) Switch\n\n1910.0\n 1910-8-POE-JG537_5.20.R1106\n1910-48-JG540_5.20.R1106\n1910-24-JG538_5.20.R1106\n1910-24-POE-JG539_5.20.R1106\n1910-8-JG536_5.20.R1106\n JG537A HP 1910-8 -PoE+ Switch\nJG540A HP 1910-48 Switch\nJG538A HP 1910-24 Switch\nJG539A HP 1910-24-PoE+ Switch\nJG536A HP 1910-8 Switch\n\n1810v1 P2\n Fix in progress\nuse mitigations\n J9449A HP 1810-8G Switch\nJ9450A HP 1810-24G Switch\n\n1810v1 PK\n Fix in progress\nuse mitigations\n J9660A HP 1810-48G Switch\n\nMSR20\n MSR20.SI_5.20.R2513P02\n JD432A HP A-MSR20-21 Multi-Service Router\nJD662A HP MSR20-20 Multi-Service Router\nJD663A HP MSR20-21 Multi-Service Router\nJD663B HP MSR20-21 Router\nJD664A HP MSR20-40 Multi-Service Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\nH3C MSR 20-20 (0235A19H)\nH3C MSR 20-21 (0235A325)\nH3C MSR 20-40 (0235A19K)\nH3C MSR-20-21 Router (0235A19J)\n\nMSR20-1X\n MSR201X_5.20.R2513P02\n JD431A HP MSR20-10 Router\nJD667A HP MSR20-15 IW Multi-Service Router\nJD668A HP MSR20-13 Multi-Service Router\nJD669A HP MSR20-13 W Multi-Service Router\nJD670A HP MSR20-15 A Multi-Service Router\nJD671A HP MSR20-15 AW Multi-Service Router\nJD672A HP MSR20-15 I Multi-Service Router\nJD673A HP MSR20-11 Multi-Service Router\nJD674A HP MSR20-12 Multi-Service Router\nJD675A HP MSR20-12 W Multi-Service Router\nJD676A HP MSR20-12 T1 Multi-Service Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\nJG209A HP MSR20-12-T-W Router (NA)\nJG210A HP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\nH3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-11 (0235A31V)\nH3C MSR 20-12 (0235A32E)\nH3C MSR 20-12 T1 (0235A32B)\nH3C MSR 20-13 (0235A31W)\nH3C MSR 20-13 W (0235A31X)\nH3C MSR 20-15 A (0235A31Q)\nH3C MSR 20-15 A W (0235A31R)\nH3C MSR 20-15 I (0235A31N)\nH3C MSR 20-15 IW (0235A31P)\nH3C MSR20-12 W (0235A32G)\n\nMSR30\n MSR30.SI_5.20.R2513P02\n JD654A HP MSR30-60 POE Multi-Service Router\nJD657A HP MSR30-40 Multi-Service Router\nJD658A HP MSR30-60 Multi-Service Router\nJD660A HP MSR30-20 POE Multi-Service Router\nJD661A HP MSR30-40 POE Multi-Service Router\nJD666A HP MSR30-20 Multi-Service Router\nJF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF232A HP RT-MSR3040-AC-OVS-AS-H3\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)\nH3C MSR 30-20 (0235A19L)\nH3C MSR 30-20 POE (0235A239)\nH3C MSR 30-40 (0235A20J)\nH3C MSR 30-40 POE (0235A25R)\nH3C MSR 30-60 (0235A20K)\nH3C MSR 30-60 POE (0235A25S)\nH3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)\n\nMSR30-16\n MSR3016.SI_5.20.R2513P02\n JD659A HP MSR30-16 POE Multi-Service Router\nJD665A HP MSR30-16 Multi-Service Router\nJF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\nH3C MSR 30-16 (0235A237)\nH3C MSR 30-16 POE (0235A238)\n\nMSR30-1X\n MSR301X.SI_5.20.R2513P09\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\nH3C RT-MSR3011-AC-OVS-H3 (0235A29L)\n\nMSR50\n MSR50.SI_5.20.R2513P02\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\n\nMSR50-G2\n MSR50.EPUSI_5.20.R2513P02\n JD429A HP MSR50 G2 Processor Module\nJD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q)\nH3C MSR 50 High Performance Main Processing Unit 3GE (Combo)\n256F/1GD(0231A0KL)\n\nMSR20 Russian version\n MSR20.SI_5.20.R2513L03.RU\n JD663B HP MSR20-21 Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\n\nMSR20-1X Russian version\n MSR201X_5.20.R2513L03.RU\n JD431A HP MSR20-10 Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\n\nMSR30 Russian version\n MSR30.SI_5.20.R2513L03.RU\n JF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n\nMSR30-16 Russian version\n MSR3016.SI_5.20.R2513L03.RU\n JF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n\nMSR30-1X Russian version\n MSR301X.SI_5.20.R2513L03.RU\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L)\nH3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\n\nMSR50 Russian version\n MSR50.SI_5.20.R2513L03.RU\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR 50 Processor Module (0231A791)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\n\nMSR50 G2 Russian version\n MSR50.EPUSI_5.20.R2513L03.RU\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n\nMSR9XX\n MSR9XX_5.20.R2513P02\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\nJG207A HP MSR900-W Router (NA)\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2)\nH3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n\nMSR93X\n MSR93X_5.20.R2513P02\n JG511A HP MSR930 Router\nJG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\nMSR1000\n MSR1000_5.20.R2513P02\n JG732A HP MSR1003-8 AC Router\n\nMSR1000 Russian version\n MSR1000_5.20.R2513L03-RU\n JG732A HP MSR1003-8 AC Router\n\nMSR2000\n MSR2000_7.10.R0106P02\n JG411A HP MSR2003 AC Router\n\nMSR3000\n MSR3000_7.10.R0106P02\n JG404A HP MSR3064 Router\nJG405A HP MSR3044 Router\nJG406A HP MSR3024 AC Router\nJG409A HP MSR3012 AC Router\nJG861A HP MSR3024 TAA-compliant AC Router\n\nMSR4000\n MSR4000_7.10.R0106P02\n JG402A HP MSR4080 Router Chassis\nJG403A HP MSR4060 Router Chassis\nJG412A HP MSR4000 MPU-100 Main Processing Unit\n\nF5000\n SECPATH5000FA_5.20.F3210P20\n JG216A HP F5000 Firewall Standalone Chassis\nJD259A HP A5000-A5 VPN Firewall Chassis\n H3C SecPath F5000-A5 Host System (0150A0AG)\n\nF5000 C\n F5000C_5.20.R3811\n JG650A HP F5000-C VPN Firewall Appliance\n\nF5000 S\n F5000S_5.20.R3811\n JG370A HP F5000-S VPN Firewall Appliance\n\nU200S and CS\n U200S_U200CS_5.20.F5123P27\n JD268A HP 200-CS UTM Appliance\nJD273A HP U200-S UTM Appliance\n H3C SecPath U200-S (0235A36N)\n\nU200A and M\n U200A_U200M_5.20.F5123P27\n JD274A HP 200-M UTM Appliance\nJD275A HP U200-A UTM Appliance\n H3C SecPath U200-A (0235A36Q)\n\nF1000A and S\n AF1000S.EI_3.40.R3734\n JD270A HP S1000-S VPN Firewall Appliance\nJD271A HP S1000-A VPN Firewall Appliance\nJG213A HP F1000-S-EI VPN Firewall Appliance\nJG214A HP F1000-A-EI VPN Firewall Appliance\n\nSecBlade III\n SECBLADEIII.FW_5.20.R3820\n JG371A HP 12500 20Gbps VPN Firewall Module\nJG372A HP 10500/11900/7500 20Gbps VPN FW Mod\n\nSecBlade FW\n SECBLADE2-FW_5.20.R3181\n JC635A HP 12500 VPN Firewall Module\nJD245A HP 9500 VPN Firewall Module\nJD249A HP 10500/7500 Advanced VPN Firewall Mod\nJD250A HP 6600 Firewall Processing Rtr Module\nJD251A HP 8800 Firewall Processing Module\nJD255A HP 5820 VPN Firewall Module\n H3C S9500E SecBlade VPN Firewall Module (0231A0AV)\nH3C S7500E SecBlade VPN Firewall Module (0231A832)\nH3C SR66 Gigabit Firewall Module (0231A88A)\nH3C SR88 Firewall Processing Module (0231A88L)\nH3C S5820 SecBlade VPN Firewall Module (0231A94J)\n\nF1000E\n SECPATH1000FE_5.20.R3181\n JD272A HP S1000-E VPN Firewall Appliance\n\nVSR1000\n VSR1000_7.10.R0203\n JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software\nJG811AAE HP VSR1001 Comware 7 Virtual Services Router\nJG812AAE HP VSR1004 Comware 7 Virtual Services Router\nJG813AAE HP VSR1008 Comware 7 Virtual Services Router\n\nWX5002/5004\n WX5002-WX5004_5.20.R2507P26\n JD441A HP 5800 ACM for 64-256 APs\nJD447B HP WX5002 Access Controller\nJD448A HP A-WX5004 Access Controller\nJD448B HP WX5004 Access Controller\nJD469A HP A-WX5004 (3Com) Access Controller\nJG261A HP 5800 Access Controller OAA TAA Mod\n\nHP 850/870\n 850-870_5.20.R2607P26\n JG723A HP 870 Unified Wired-WLAN Appliance\nJG725A HP 870 Unifd Wrd-WLAN TAA Applnc\nJG722A HP 850 Unified Wired-WLAN Appliance\nJG724A HP 850 Unifd Wrd-WLAN TAA Applnc\n\nHP 830\n 830_5.20.R3507P26\n JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch\nJG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch\nJG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch\nJG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch\n\nHP 6000\n 6000_5.20.R2507P27\n JG639A HP 10500/7500 20G Unified Wired-WLAN Mod\nJG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod\n\nM220\n Fix in progress\nuse mitigations\n J9798A HP M220 802.11n AM Access Point\nJ9799A HP M220 802.11n WW Access Point\n\nNGFW\n The Software Downloads and software release notes for your NGFW Appliance(s)\ncan be acquired with a valid support contract by accessing the Threat\nManagement Center (TMC). In your web browser\nopen https://tmc.tippingpoint.com. \n JC882A HP S1050F NGFW Aplnc w/DVLabs 1-yr Lic\nJC883A HP S3010F NGFW Aplnc w/DVLabs 1-yr Lic\nJC884A HP S3020F NGFW Aplnc w/DVLabs 1-yr Lic\nJC885A HP S8005F NGFW Aplnc w/DVLabs 1-yr Lic\nJC886A HP S8010F NGFW Aplnc w/DVLabs 1-yr Lic\n\niMC UAM 7.x\n5.x\n iMC UAM 7.0 (E0203P04)\n JD144A HP IMC UAM S/W Module w/200-User License\nJF388A HP IMC UAM S/W Module w/200-user License\nJD435A HP IMC EAD Client Software\nJF388AAE HP IMC UAM S/W Module w/200-user E-LTU\nJG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU\n\niMC EAD 7.x\n5.x\n iMC EAD v7.1 (E0301)\n JF391AAE HP IMC EAD S/W Module w/200-user E-LTU\nJG754AAE HP IMC EAD SW Module w/ 50-user E-LTU\nJD147A HP IMC Endpoint Admission Defense Software Module with 200-user\nLicense\nJF391A HP IMC EAD S/W Module w/200-user License\n\nHISTORY\nVersion:1 (rev.1) - 20 June 2014 Initial release\nVersion:2 (rev.2) - 20 November 2014 Removed iMC Platform Products, 5900\nvirtual switch, and Router 8800 products. Further analysis revealed that\nthose products as not vulnerable. Added additional products. \n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.19 (GNU/Linux)\n\niEYEARECAAYFAlRuJqYACgkQ4B86/C0qfVkBZwCg+M/bssV0KI2Nfe2delq1N6KO\n2ZUAoKT/5gXpIsdJb4Jyh8GVclzk70rZ\n=9QSF\n-----END PGP SIGNATURE-----\n. OpenSSL Security Advisory [05 Jun 2014]\n========================================\n\nSSL/TLS MITM vulnerability (CVE-2014-0224)\n===========================================\n\nAn attacker using a carefully crafted handshake can force the use of weak\nkeying material in OpenSSL SSL/TLS clients and servers. This can be exploited\nby a Man-in-the-middle (MITM) attack where the attacker can decrypt and \nmodify traffic from the attacked client and server. \n\nThe attack can only be performed between a vulnerable client *and*\nserver. OpenSSL clients are vulnerable in all versions of OpenSSL. Users\nof OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. \n\nOpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. \nOpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. \nOpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h. \n\nThanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and\nresearching this issue.  This issue was reported to OpenSSL on 1st May\n2014 via JPCERT/CC. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team partly based\non an original patch from KIKUCHI Masashi. \n\nDTLS recursion flaw (CVE-2014-0221)\n====================================\n\nBy sending an invalid DTLS handshake to an OpenSSL DTLS client the code\ncan be made to recurse eventually crashing in a DoS attack. \n\nOnly applications using OpenSSL as a DTLS client are affected. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.  This\nissue was reported to OpenSSL on 9th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nDTLS invalid fragment vulnerability (CVE-2014-0195)\n====================================================\n\nA buffer overrun attack can be triggered by sending invalid DTLS fragments\nto an OpenSSL DTLS client or server. This is potentially exploitable to\nrun arbitrary code on a vulnerable client or server. \n\nOnly applications using OpenSSL as a DTLS client or server affected. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to J\u00fcri Aedla for reporting this issue.  This issue was\nreported to OpenSSL on 23rd April 2014 via HP ZDI. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team.  This flaw\nonly affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is\nenabled, which is not the default and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public.  The fix was developed by\nMatt Caswell of the OpenSSL development team. \n\nSSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)\n===============================================================================\n \nA race condition in the ssl3_read_bytes function can allow remote\nattackers to inject data across sessions or cause a denial of service. \nThis flaw only affects multithreaded applications using OpenSSL 1.0.0\nand 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the\ndefault and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public.  \n\nAnonymous ECDH denial of service (CVE-2014-3470)\n================================================\n\nOpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a\ndenial of service attack. \n\nOpenSSL 0.9.8 users should upgrade to 0.9.8za\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThanks to Felix Gr\u00f6bert and Ivan Fratri\u0107 at Google for discovering this\nissue.  This issue was reported to OpenSSL on 28th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOther issues\n============\n\nOpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for\nCVE-2014-0076: Fix for the attack described in the paper \"Recovering\nOpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack\"\nReported by Yuval Yarom and Naomi Benger.  This issue was previously\nfixed in OpenSSL 1.0.1g. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20140605.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. Relevant releases/architectures:\n\nRed Hat Storage Server 2.1 - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. \nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Package List:\n\nRed Hat Storage Server 2.1:\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0198"
      },
      {
        "db": "BID",
        "id": "67193"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0198"
      },
      {
        "db": "PACKETSTORM",
        "id": "126710"
      },
      {
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "db": "PACKETSTORM",
        "id": "126532"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127326"
      },
      {
        "db": "PACKETSTORM",
        "id": "127045"
      },
      {
        "db": "PACKETSTORM",
        "id": "129218"
      },
      {
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "db": "PACKETSTORM",
        "id": "127265"
      },
      {
        "db": "PACKETSTORM",
        "id": "126930"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0198",
        "trust": 3.2
      },
      {
        "db": "JUNIPER",
        "id": "JSA10629",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "67193",
        "trust": 2.0
      },
      {
        "db": "MCAFEE",
        "id": "SB10075",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "59413",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58337",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59284",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59990",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "60049",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58939",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "60066",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59437",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59514",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59491",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58667",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58713",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "61254",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59301",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59655",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59449",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59669",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59374",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59264",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59438",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59310",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59450",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59306",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59529",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59287",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59784",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59398",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59202",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59190",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59162",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59666",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59490",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59440",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59721",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58945",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59282",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59163",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58977",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59300",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59126",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59342",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58714",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "60571",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59525",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-234763",
        "trust": 1.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2148",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-057",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03G",
        "trust": 0.4
      },
      {
        "db": "DLINK",
        "id": "SAP10045",
        "trust": 0.3
      },
      {
        "db": "JUNIPER",
        "id": "JSA10643",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-094-04",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03F",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03B",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03C",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03D",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0198",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126710",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127213",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126532",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127807",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127630",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140720",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127326",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127045",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129218",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126961",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127265",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126930",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0198"
      },
      {
        "db": "BID",
        "id": "67193"
      },
      {
        "db": "PACKETSTORM",
        "id": "126710"
      },
      {
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "db": "PACKETSTORM",
        "id": "126532"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127326"
      },
      {
        "db": "PACKETSTORM",
        "id": "127045"
      },
      {
        "db": "PACKETSTORM",
        "id": "129218"
      },
      {
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "db": "PACKETSTORM",
        "id": "127265"
      },
      {
        "db": "PACKETSTORM",
        "id": "126930"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-057"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0198"
      }
    ]
  },
  "id": "VAR-201405-0244",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.416493127826087
  },
  "last_update_date": "2024-07-23T22:12:00.239000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ssl-s3_pkt.c",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49771"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/07/10/fireeye_patches_os_torpedo_exploitdb_disclosure/"
      },
      {
        "title": "Debian Security Advisories: DSA-2931-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=828d990b615b0dfea284a3530e6fe590"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2192-1"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0198 Null pointer dereference bug in OpenSSL 1.0.1g and earlier",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=94b6140bb563b66b3bcd98992e854bf3"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b92b65104373bc8476811ff1b99cd369"
      },
      {
        "title": "Red Hat: CVE-2014-0198",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0198"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-349",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-349"
      },
      {
        "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
      },
      {
        "title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201"
      },
      {
        "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60"
      },
      {
        "title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-057"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0198"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.openssl.org/news/secadv_20140605.txt"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
      },
      {
        "trust": 2.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
      },
      {
        "trust": 2.0,
        "url": "http://www.fortiguard.com/advisory/fg-ir-14-018/"
      },
      {
        "trust": 2.0,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757"
      },
      {
        "trust": 2.0,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756"
      },
      {
        "trust": 2.0,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755"
      },
      {
        "trust": 2.0,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
      },
      {
        "trust": 2.0,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.html"
      },
      {
        "trust": 2.0,
        "url": "http://support.citrix.com/article/ctx140876"
      },
      {
        "trust": 2.0,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29195"
      },
      {
        "trust": 2.0,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629"
      },
      {
        "trust": 2.0,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
      },
      {
        "trust": 1.8,
        "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
      },
      {
        "trust": 1.8,
        "url": "http://advisories.mageia.org/mgasa-2014-0204.html"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093837"
      },
      {
        "trust": 1.7,
        "url": "http://www.openbsd.org/errata55.html#005_openssl"
      },
      {
        "trust": 1.7,
        "url": "https://rt.openssl.org/ticket/display.html?user=guest\u0026pass=guest\u0026id=3321"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00036.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2014/dsa-2931"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00037.html"
      },
      {
        "trust": 1.7,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80"
      },
      {
        "trust": 1.7,
        "url": "http://www.blackberry.com/btsc/kb36051"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59438"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59301"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59450"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59491"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59721"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59655"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59162"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58939"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59666"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59126"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59490"
      },
      {
        "trust": 1.7,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59514"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59669"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59413"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59300"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59342"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/60049"
      },
      {
        "trust": 1.7,
        "url": "http://puppetlabs.com/security/cve/cve-2014-0198"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/60066"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59990"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/60571"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59784"
      },
      {
        "trust": 1.7,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2014/dec/23"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020163"
      },
      {
        "trust": 1.7,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/67193"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:080"
      },
      {
        "trust": 1.7,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
      },
      {
        "trust": 1.7,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/61254"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59529"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59525"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59449"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59440"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59437"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59398"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59374"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59310"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59306"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59287"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59284"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59282"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59264"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59202"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59190"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59163"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58977"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58945"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58714"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58713"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58667"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58337"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/"
      },
      {
        "trust": 0.5,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.5,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.5,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
      },
      {
        "trust": 0.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03g"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946"
      },
      {
        "trust": 0.3,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0198_buffer_errors"
      },
      {
        "trust": 0.3,
        "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29217"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list\u0026showdraft=false"
      },
      {
        "trust": 0.3,
        "url": "http://www.cerberusftp.com/products/releasenotes.html"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10643\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://anoncvs.estpak.ee/cgi-bin/cgit/openbsd-src/commit/lib/libssl?id=e76e308f1fab2253ab5b4ef52a1865c5ffecdf21"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2014/may/67"
      },
      {
        "trust": 0.3,
        "url": "http://ftp.openbsd.org/pub/openbsd/patches/5.5/common/005_openssl.patch.sig"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181245"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181099"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100180978"
      },
      {
        "trust": 0.3,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-03"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03d"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
      },
      {
        "trust": 0.3,
        "url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368264"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04347622"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004830"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html"
      },
      {
        "trust": 0.3,
        "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020163"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690128"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004695"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03b"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03c"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03f"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-bd9a1cf60e344c549c4888db93"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-3395d737d98f42149125b9bb05"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-e8076c2a35804685ad65b2b1ba"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-c0d32bac154a4d93839d8cd1f2"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-8aefeaf490284a7691eca97d13"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/476.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/./dsa-2931"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2192-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34106"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-511c3e0b2f6f4f6bbc796fc619"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-3a7aa5e233904ebe847a5e1555"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-d775367b0a28449ca05660778b"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-f6c141a7feeb4a358bbb28300f"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "http://h17007.www1.hp.com/us/en/enterprise/servers/products/service_pack/hpsu"
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/vmwaresrc"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2077359"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/lifecycle.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/patchmgr/download.portal"
      },
      {
        "trust": 0.1,
        "url": "https://tmc.tippingpoint.com."
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid="
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-8208c3987b1b4a5093f3e8fcc3"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0224.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/site/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0198.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/site/solutions/906703"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/site/articles/904433"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2010-5298.html"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0628.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3470.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0221.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0195.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/#package"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0198"
      },
      {
        "db": "BID",
        "id": "67193"
      },
      {
        "db": "PACKETSTORM",
        "id": "126710"
      },
      {
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "db": "PACKETSTORM",
        "id": "126532"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127326"
      },
      {
        "db": "PACKETSTORM",
        "id": "127045"
      },
      {
        "db": "PACKETSTORM",
        "id": "129218"
      },
      {
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "db": "PACKETSTORM",
        "id": "127265"
      },
      {
        "db": "PACKETSTORM",
        "id": "126930"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-057"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0198"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0198"
      },
      {
        "db": "BID",
        "id": "67193"
      },
      {
        "db": "PACKETSTORM",
        "id": "126710"
      },
      {
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "db": "PACKETSTORM",
        "id": "126532"
      },
      {
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127326"
      },
      {
        "db": "PACKETSTORM",
        "id": "127045"
      },
      {
        "db": "PACKETSTORM",
        "id": "129218"
      },
      {
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "db": "PACKETSTORM",
        "id": "127265"
      },
      {
        "db": "PACKETSTORM",
        "id": "126930"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-057"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0198"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-05-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0198"
      },
      {
        "date": "2014-05-02T00:00:00",
        "db": "BID",
        "id": "67193"
      },
      {
        "date": "2014-05-19T17:01:19",
        "db": "PACKETSTORM",
        "id": "126710"
      },
      {
        "date": "2014-06-25T21:32:38",
        "db": "PACKETSTORM",
        "id": "127213"
      },
      {
        "date": "2014-05-08T17:00:26",
        "db": "PACKETSTORM",
        "id": "126532"
      },
      {
        "date": "2014-08-08T21:53:16",
        "db": "PACKETSTORM",
        "id": "127807"
      },
      {
        "date": "2014-07-28T20:36:25",
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "date": "2017-01-25T21:54:44",
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "date": "2014-07-02T21:43:37",
        "db": "PACKETSTORM",
        "id": "127326"
      },
      {
        "date": "2014-06-11T23:18:46",
        "db": "PACKETSTORM",
        "id": "127045"
      },
      {
        "date": "2014-11-21T18:56:39",
        "db": "PACKETSTORM",
        "id": "129218"
      },
      {
        "date": "2014-06-05T21:13:52",
        "db": "PACKETSTORM",
        "id": "126961"
      },
      {
        "date": "2014-06-27T18:43:23",
        "db": "PACKETSTORM",
        "id": "127265"
      },
      {
        "date": "2014-06-05T15:19:35",
        "db": "PACKETSTORM",
        "id": "126930"
      },
      {
        "date": "2014-05-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201405-057"
      },
      {
        "date": "2014-05-06T10:44:05.470000",
        "db": "NVD",
        "id": "CVE-2014-0198"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-08-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0198"
      },
      {
        "date": "2017-05-23T16:24:00",
        "db": "BID",
        "id": "67193"
      },
      {
        "date": "2022-08-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201405-057"
      },
      {
        "date": "2022-08-29T20:50:31.340000",
        "db": "NVD",
        "id": "CVE-2014-0198"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-057"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL \u2018 do_ssl3_write \u2018Function buffer error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-057"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-057"
      }
    ],
    "trust": 0.6
  }
}

var-201201-0030
Vulnerability from variot

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code.

Warning: Before applying this update, back up your JBoss Enterprise Application Platform's "server/[PROFILE]/deploy/" directory, along with all other customized configuration files. Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Application Platform installation (including all applications and configuration files).

JBoss server instances configured to use the Tomcat Native library must be restarted for this update to take effect. HP System Management Homepage (SMH) before v7.1.1 running on Linux and Windows. HP System Management Homepage v7.1.1 is available here:

HP System Management Homepage for Windows x64

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab 0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Windows x86

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7 c0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Linux (AMD64/EM64T)

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18 d373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Linux (x86)

[Download here] or enter the following URL into the browser address window. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: rhev-hypervisor5 security and bug fix update Advisory ID: RHSA-2012:0168-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0168.html Issue date: 2012-02-21 CVE Names: CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 CVE-2012-0029 CVE-2012-0207 =====================================================================

  1. Summary:

An updated rhev-hypervisor5 package that fixes several security issues and various bugs is now available.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

RHEV Hypervisor for RHEL-5 - noarch

  1. Description:

The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.

A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029)

A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207)

A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially-crafted policy extension data. (CVE-2011-4109)

An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. (CVE-2011-4576)

It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)

Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029, and Simon McVittie for reporting CVE-2012-0207.

This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers:

CVE-2006-1168 and CVE-2011-2716 (busybox issues)

CVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc issues)

CVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and CVE-2012-0028 (kernel issues)

CVE-2011-1526 (krb5 issue)

CVE-2011-4347 (kvm issue)

CVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2011-1944 (libxml2 issues)

CVE-2011-1749 (nfs-utils issue)

CVE-2011-4108 (openssl issue)

CVE-2011-0010 (sudo issue)

CVE-2011-1675 and CVE-2011-1677 (util-linux issues)

CVE-2010-0424 (vixie-cron issue)

This updated rhev-hypervisor5 package fixes various bugs. Documentation of these changes will be available shortly in the Technical Notes document:

https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html

Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.

  1. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

  1. Bugs fixed (http://bugzilla.redhat.com/):

606191 - after upgrade , reboot can't shut off network successfully and back to firstboot menu again 627538 - System will not boot sometimes when using rhevm to do upgrade twice. 650179 - rhevm bridge came up instead of breth0 after fail to configure network 675325 - Changes to networking always clear the contents of resolv.conf 696875 - RHEVH bootup hanging in ovirt-early when doing LVM scanning 717535 - [RFE] No confirm message for ntp server setting 728895 - RHEV-H rpm should include a versions text file 732948 - CCISS: Auto install fail at creating physical volume. 734110 - rhevh - upgrade ovirt node fails due to nonexistent breth0 734480 - [RFE] Add virt-who package to RHEVH 734710 - Register RHN satellite will fail if RHN satellite password include space. 740127 - Provide our CPE name in a new system file 743938 - Make rhev-hypervisor RPM multi-installable like the kernel 747519 - RHEV-H 5.8 register to RHN will fail. 747647 - Change rhev-hypervisor RPM to be rhev-hypervisor5 to allow coinstallations with rhev-hypervisor6 756178 - remove redundant brcm-iscsi.log rotation from ovirt-node now that it is in iscsi-initiator-utils 758465 - RHEV-H 5.8 register to RHN will fail if password contains quotes or spaces 759462 - Can not retrieve running guests UUID in RHEVH node. 759632 - virt-who debugging output going to stderr always 759635 - Revert workaround of virt-who output 761357 - Multipathd service is stopped by default cause change password failed in single mode. 768256 - network layout is incorrect when configure network with nic up 771771 - CVE-2011-4109 openssl: double-free in policy checks 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771780 - CVE-2011-4619 openssl: SGC restart DoS attack 772075 - CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow 772867 - CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries 783625 - The setup command should only allow password setting and viewing logs in single mode.

  1. Package List:

RHEV Hypervisor for RHEL-5:

noarch: rhev-hypervisor5-5.8-20120202.0.el5.noarch.rpm rhev-hypervisor5-tools-5.8-20120202.0.el5.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2011-4109.html https://www.redhat.com/security/data/cve/CVE-2011-4576.html https://www.redhat.com/security/data/cve/CVE-2011-4619.html https://www.redhat.com/security/data/cve/CVE-2012-0029.html https://www.redhat.com/security/data/cve/CVE-2012-0207.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQ1yHXlSAg2UNWIIRAl9/AJ9JmPpSO5U2xwDBKDZA8y5To8EVcwCfZFGN bzF952CZ/r5T3LUF9kY6X8c= =IdNq -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.

CVE-2011-4109 A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check.

CVE-2011-4354 On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server.

For the oldstable distribution (lenny), these problems have been fixed in version 0.9.8g-15+lenny15.

For the stable distribution (squeeze), these problems have been fixed in version 0.9.8o-4squeeze5.

For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1.0.0f-1.

We recommend that you upgrade your openssl packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0027 http://www.openssl.org/news/secadv_20120104.txt

Updated Packages:

Mandriva Linux 2011: 2291c13c44539a5e25f58750a5d6bf8f 2011/i586/libopenssl1.0.0-1.0.0d-2.2-mdv2011.0.i586.rpm c610330d2c4c7397feb126247b1fa94f 2011/i586/libopenssl-devel-1.0.0d-2.2-mdv2011.0.i586.rpm 36c86a84320e1c8a17a74e4e68bc7d5a 2011/i586/libopenssl-engines1.0.0-1.0.0d-2.2-mdv2011.0.i586.rpm 4b8054f2c169d2b3223195053bd15802 2011/i586/libopenssl-static-devel-1.0.0d-2.2-mdv2011.0.i586.rpm 3c48b209b941a83a6acfef439c3f78b7 2011/i586/openssl-1.0.0d-2.2-mdv2011.0.i586.rpm 7af9d175d066db069aeb82248df9772b 2011/SRPMS/openssl-1.0.0d-2.2.src.rpm

Mandriva Linux 2011/X86_64: 21a50bd2be83839266f033c9a0f0fabc 2011/x86_64/lib64openssl1.0.0-1.0.0d-2.2-mdv2011.0.x86_64.rpm 7e80ee8e2d445c5f1985cd52d2316658 2011/x86_64/lib64openssl-devel-1.0.0d-2.2-mdv2011.0.x86_64.rpm e1f4faa3162a6bbc14b37e4cb8d1e8e2 2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.2-mdv2011.0.x86_64.rpm 6e3ac6d57cf0f4e13ed8e275a9bd2ff8 2011/x86_64/lib64openssl-static-devel-1.0.0d-2.2-mdv2011.0.x86_64.rpm e9e0306f8dc9f398915a646547e262e2 2011/x86_64/openssl-1.0.0d-2.2-mdv2011.0.x86_64.rpm 7af9d175d066db069aeb82248df9772b 2011/SRPMS/openssl-1.0.0d-2.2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

Now, if no valid disks are found for Hypervisor installation, a message is displayed informing the user that there are no valid disks for installation. (BZ#781471)

  • Previously, the user interface for the Hypervisor did not indicate whether the system was registered with Red Hat Network (RHN) Classic or RHN Satellite. As a result, customers could not easily determine the registration status of their Hypervisor installations.

The TUI has been updated to display the registration status of the Hypervisor. (BZ#788223)

  • Previously, autoinstall would fail if the firstboot or reinstall options were passed but local_boot or upgrade were not passed. Now, neither the local_boot or upgrade parameters are required for autoinstall. 788225 - autoinstall fails when local_boot or upgrade not passed on command line 788226 - rhev-hypervisor6 6.2 Update 2 Release bugzilla

Release Date: 2012-01-19 Last Updated: 2012-01-19

Potential Security Impact: Remote Denial of Service (DoS), unauthorized access

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08s.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4109 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 9.3 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided upgrades to resolve this vulnerability. The upgrades are available from the following location ftp://ossl098s:Secure12@ftp.usa.hp.com

HP-UX Release / Depot Name

B.11.11 PA (32 and 64) / OpenSSL_A.00.09.08s.001_HP-UX_B.11.11_32+64.depot

B.11.23 (PA and IA) / OpenSSL_A.00.09.08s.002_HP-UX_B.11.23_IA-PA.depot

B.11.31 (PA and IA) / OpenSSL_A.00.09.08s.003_HP-UX_B.11.31_IA-PA.depot

MANUAL ACTIONS: Yes - Update

Install OpenSSL A.00.09.08s or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.11

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.001 or subsequent

HP-UX B.11.23

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.002 or subsequent

HP-UX B.11.31

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.003 or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) 19 January 2012 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0030",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "esx",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "efi",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.6.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.7 to  v10.7.5"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.x"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.8 to  v10.8.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.6.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.7 to  v10.7.5"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.32"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16.2"
      },
      {
        "model": "aura system platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "hardware management console 7r7.7.0",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux enterprise sdk sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.41"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.1"
      },
      {
        "model": "big-ip webaccelerator hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "aura system manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "hardware management console 7r7.2.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "hardware management console 7r7.1.0 sp4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "8.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "junos space ja1500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip asm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "proactive contact",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "voice portal",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.3"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "junos space ja2500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411.2"
      },
      {
        "model": "linux enterprise server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "reflection sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "aura communication manager sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.0.52"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip webaccelerator hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "8.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "xiv storage system gen3 mtm 11.1.0.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-114"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.44"
      },
      {
        "model": "hardware management console 7r7.1.0 sp3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "junos space 14.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "8.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "tivoli network manager fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "pfsense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.1"
      },
      {
        "model": "big-ip ltm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "junos space 13.1p1.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.2"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "reflection for ibm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20070"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "hardware management console 7r7.3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.3"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "big-ip ltm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "messaging storage server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.14"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "linux enterprise server sp3 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.01"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "voice portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "enterprise linux desktop version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.50"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.55"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56001"
      },
      {
        "model": "big-ip psm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.00"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.1.2"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411.1.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4"
      },
      {
        "model": "meeting exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "jboss enterprise web server for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "1.0.2"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411.2"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "tivoli remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "big-ip edge gateway hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "message networking sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux enterprise server for vmware sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "infosphere balanced warehouse d5100",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "hardware management console 7r7.2.0 sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.7"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip wom hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "messaging storage server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip analytics 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip afm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.2"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "onboard administrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.56"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.12"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.1"
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "xiv storage system gen3 mtm 11.0.1.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-114"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "fiery print controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "efi",
        "version": "2.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "docucolor dc260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "docucolor dc242",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "linux enterprise server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.13"
      },
      {
        "model": "aura sip enablement services sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "reflection for ibm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20080"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.5.0.15"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.1"
      },
      {
        "model": "7.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.9"
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "pfsense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.3"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.4"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411.1.1"
      },
      {
        "model": "reflection sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.1"
      },
      {
        "model": "big-ip psm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aura application server sip core pb26",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "xiv storage system gen3 mtm 11.1.0.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-114"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411"
      },
      {
        "model": "sterling connect:direct",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.61"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "enterprise virtualization hypervisor for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "60"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "linux enterprise sdk sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56002"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "76000"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "junos space r1.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.40"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.00"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux enterprise desktop sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "reflection for unix and openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20080"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0"
      },
      {
        "model": "enterprise virtualization hypervisor for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "50"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "tivoli network manager fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9"
      },
      {
        "model": "jboss enterprise web server for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "1.0.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77100"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "hardware management console 7r7.1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm 11.0.1.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-114"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip analytics hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77000"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16.3"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "docucolor dc252",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "ds8870",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "linux enterprise desktop sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip pem hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "aura conferencing standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "hardware management console 7r7.2.0 sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "pfsense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "message networking",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.5"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001019"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4576"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8r",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.0e",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4576"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "116824"
      },
      {
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "db": "PACKETSTORM",
        "id": "109788"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2011-4576",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2011-4576",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-4576",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2011-4576",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2011-4576"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001019"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4576"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\nfrom BIO (OpenSSL\u0027s I/O abstraction) inputs. Specially-crafted DER\n(Distinguished Encoding Rules) encoded data read from a file or other BIO\ninput could cause an application using the OpenSSL library to crash or,\npotentially, execute arbitrary code. \n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform\u0027s \"server/[PROFILE]/deploy/\" directory, along with all\nother customized configuration files. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files). \n\nJBoss server instances configured to use the Tomcat Native library must be\nrestarted for this update to take effect. \nHP System Management Homepage (SMH) before v7.1.1 running on Linux and\nWindows. HP System Management Homepage v7.1.1 is available here:\n\nHP System Management Homepage for Windows x64\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab\n0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Windows x86\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7\nc0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (AMD64/EM64T)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18\nd373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (x86)\n\n[Download here] or enter the following URL into the browser address window. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: rhev-hypervisor5 security and bug fix update\nAdvisory ID:       RHSA-2012:0168-01\nProduct:           Red Hat Enterprise Virtualization\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2012-0168.html\nIssue date:        2012-02-21\nCVE Names:         CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 \n                   CVE-2012-0029 CVE-2012-0207 \n=====================================================================\n\n1. Summary:\n\nAn updated rhev-hypervisor5 package that fixes several security issues and\nvarious bugs is now available. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEV Hypervisor for RHEL-5 - noarch\n\n3. Description:\n\nThe rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization\nHypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. \nIt includes everything necessary to run and manage virtual machines: A\nsubset of the Red Hat Enterprise Linux operating environment and the Red\nHat Enterprise Virtualization Agent. \n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions. \n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nA divide-by-zero flaw was found in the Linux kernel\u0027s igmp_heard_query()\nfunction. An attacker able to send certain IGMP (Internet Group Management\nProtocol) packets to a target system could use this flaw to cause a denial\nof service. (CVE-2012-0207)\n\nA double free flaw was discovered in the policy checking code in OpenSSL. \nA remote attacker could use this flaw to crash an application that uses\nOpenSSL by providing an X.509 certificate that has specially-crafted\npolicy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. \n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake. \n(CVE-2011-4619)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029,\nand Simon McVittie for reporting CVE-2012-0207. \n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2006-1168 and CVE-2011-2716 (busybox issues)\n\nCVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc\nissues)\n\nCVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and\nCVE-2012-0028 (kernel issues)\n\nCVE-2011-1526 (krb5 issue)\n\nCVE-2011-4347 (kvm issue)\n\nCVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919\nand CVE-2011-1944 (libxml2 issues)\n\nCVE-2011-1749 (nfs-utils issue)\n\nCVE-2011-4108 (openssl issue)\n\nCVE-2011-0010 (sudo issue)\n\nCVE-2011-1675 and CVE-2011-1677 (util-linux issues)\n\nCVE-2010-0424 (vixie-cron issue)\n\nThis updated rhev-hypervisor5 package fixes various bugs. Documentation of\nthese changes will be available shortly in the Technical Notes document:\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n606191 - after upgrade , reboot can\u0027t shut off network successfully and back to firstboot menu again\n627538 - System will not boot sometimes when using rhevm to do upgrade twice. \n650179 - rhevm bridge came up instead of breth0 after fail to configure network\n675325 - Changes to networking always clear the contents of resolv.conf\n696875 - RHEVH bootup hanging in ovirt-early when doing LVM scanning\n717535 - [RFE] No confirm message for ntp server setting\n728895 - RHEV-H rpm should include a versions text file\n732948 - CCISS: Auto install fail at creating physical volume. \n734110 - rhevh - upgrade ovirt node fails due to nonexistent breth0\n734480 - [RFE] Add virt-who package to RHEVH\n734710 - Register RHN satellite will fail if RHN satellite password include space. \n740127 - Provide our CPE name in a new system file\n743938 - Make rhev-hypervisor RPM multi-installable like the kernel\n747519 - RHEV-H 5.8 register to RHN will fail. \n747647 - Change rhev-hypervisor RPM to be rhev-hypervisor5 to allow coinstallations with rhev-hypervisor6\n756178 - remove redundant brcm-iscsi.log rotation from ovirt-node now that it is in iscsi-initiator-utils\n758465 - RHEV-H 5.8 register to RHN will fail if password contains quotes or spaces\n759462 - Can not retrieve running guests UUID in RHEVH node. \n759632 - virt-who debugging output going to stderr always\n759635 - Revert workaround of virt-who output\n761357 - Multipathd service is stopped by default cause change password failed in single mode. \n768256 - network layout is incorrect when configure network with  nic up\n771771 - CVE-2011-4109 openssl: double-free in policy checks\n771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding\n771780 - CVE-2011-4619 openssl: SGC restart DoS attack\n772075 - CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow\n772867 - CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries\n783625 - The setup command should only allow password setting and viewing logs in single mode. \n\n6. Package List:\n\nRHEV Hypervisor for RHEL-5:\n\nnoarch:\nrhev-hypervisor5-5.8-20120202.0.el5.noarch.rpm\nrhev-hypervisor5-tools-5.8-20120202.0.el5.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-4109.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4576.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4619.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0029.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0207.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPQ1yHXlSAg2UNWIIRAl9/AJ9JmPpSO5U2xwDBKDZA8y5To8EVcwCfZFGN\nbzF952CZ/r5T3LUF9kY6X8c=\n=IdNq\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n.  The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:\n\nCVE-2011-4108\n\tThe DTLS implementation performs a MAC check only if certain\n\tpadding is valid, which makes it easier for remote attackers\n\tto recover plaintext via a padding oracle attack. \n\nCVE-2011-4109 \n\tA double free vulnerability when X509_V_FLAG_POLICY_CHECK is\n\tenabled, allows remote attackers to cause applications crashes\n\tand potentially allow execution of arbitrary code by\n\ttriggering failure of a policy check. \n\nCVE-2011-4354\n\tOn 32-bit systems, the operations on NIST elliptic curves\n\tP-256 and P-384 are not correctly implemented, potentially\n\tleaking the private ECC key of a TLS server. \n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.9.8g-15+lenny15. \n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.9.8o-4squeeze5. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.0.0f-1. \n\nWe recommend that you upgrade your openssl packages. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0027\n http://www.openssl.org/news/secadv_20120104.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2011:\n 2291c13c44539a5e25f58750a5d6bf8f  2011/i586/libopenssl1.0.0-1.0.0d-2.2-mdv2011.0.i586.rpm\n c610330d2c4c7397feb126247b1fa94f  2011/i586/libopenssl-devel-1.0.0d-2.2-mdv2011.0.i586.rpm\n 36c86a84320e1c8a17a74e4e68bc7d5a  2011/i586/libopenssl-engines1.0.0-1.0.0d-2.2-mdv2011.0.i586.rpm\n 4b8054f2c169d2b3223195053bd15802  2011/i586/libopenssl-static-devel-1.0.0d-2.2-mdv2011.0.i586.rpm\n 3c48b209b941a83a6acfef439c3f78b7  2011/i586/openssl-1.0.0d-2.2-mdv2011.0.i586.rpm \n 7af9d175d066db069aeb82248df9772b  2011/SRPMS/openssl-1.0.0d-2.2.src.rpm\n\n Mandriva Linux 2011/X86_64:\n 21a50bd2be83839266f033c9a0f0fabc  2011/x86_64/lib64openssl1.0.0-1.0.0d-2.2-mdv2011.0.x86_64.rpm\n 7e80ee8e2d445c5f1985cd52d2316658  2011/x86_64/lib64openssl-devel-1.0.0d-2.2-mdv2011.0.x86_64.rpm\n e1f4faa3162a6bbc14b37e4cb8d1e8e2  2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.2-mdv2011.0.x86_64.rpm\n 6e3ac6d57cf0f4e13ed8e275a9bd2ff8  2011/x86_64/lib64openssl-static-devel-1.0.0d-2.2-mdv2011.0.x86_64.rpm\n e9e0306f8dc9f398915a646547e262e2  2011/x86_64/openssl-1.0.0d-2.2-mdv2011.0.x86_64.rpm \n 7af9d175d066db069aeb82248df9772b  2011/SRPMS/openssl-1.0.0d-2.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\nNow, if no valid disks are found for Hypervisor installation, a message is\ndisplayed informing the user that there are no valid disks for\ninstallation. (BZ#781471)\n\n* Previously, the user interface for the Hypervisor did not indicate\nwhether the system was registered with Red Hat Network (RHN) Classic or RHN\nSatellite. As a result, customers could not easily determine the\nregistration status of their Hypervisor installations. \n\nThe TUI has been updated to display the registration status of the\nHypervisor. (BZ#788223)\n\n* Previously, autoinstall would fail if the firstboot or reinstall options\nwere passed but local_boot or upgrade were not passed. Now, neither the\nlocal_boot or upgrade parameters are required for autoinstall. \n788225 - autoinstall fails when local_boot or upgrade not passed on command line\n788226 - rhev-hypervisor6 6.2 Update 2 Release bugzilla\n\n6. \n\nRelease Date: 2012-01-19\nLast Updated: 2012-01-19\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized access\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08s. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2011-3210    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2011-4108    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2011-4109    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       9.3\nCVE-2011-4576    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\nCVE-2011-4577    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2011-4619    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided upgrades to resolve this vulnerability. \nThe upgrades are available from the following location\nftp://ossl098s:Secure12@ftp.usa.hp.com\n\nHP-UX Release / Depot Name\n\nB.11.11 PA (32 and 64) / OpenSSL_A.00.09.08s.001_HP-UX_B.11.11_32+64.depot\n\nB.11.23 (PA and IA) / OpenSSL_A.00.09.08s.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (PA and IA) / OpenSSL_A.00.09.08s.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08s or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 19 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel.  For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4576"
      },
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001019"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4576"
      },
      {
        "db": "PACKETSTORM",
        "id": "116824"
      },
      {
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "db": "PACKETSTORM",
        "id": "108700"
      },
      {
        "db": "PACKETSTORM",
        "id": "113582"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "PACKETSTORM",
        "id": "109788"
      },
      {
        "db": "PACKETSTORM",
        "id": "109073"
      }
    ],
    "trust": 3.51
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-4576",
        "trust": 3.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#737740",
        "trust": 2.2
      },
      {
        "db": "SECUNIA",
        "id": "48528",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57353",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "55069",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU91284469",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU92046435",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001019",
        "trust": 0.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA10659",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "51281",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4576",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116824",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116124",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116826",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "114272",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "110012",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "108700",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "113582",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "108735",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109788",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109073",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4576"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001019"
      },
      {
        "db": "PACKETSTORM",
        "id": "116824"
      },
      {
        "db": "PACKETSTORM",
        "id": "116124"
      },
      {
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "db": "PACKETSTORM",
        "id": "108700"
      },
      {
        "db": "PACKETSTORM",
        "id": "113582"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "PACKETSTORM",
        "id": "109788"
      },
      {
        "db": "PACKETSTORM",
        "id": "109073"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4576"
      }
    ]
  },
  "id": "VAR-201201-0030",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44401007833333334
  },
  "last_update_date": "2024-07-23T21:16:40.308000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2013-06-04-1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2013/jun/msg00000.html"
      },
      {
        "title": "HT5784",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht5784"
      },
      {
        "title": "HT5784",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht5784?viewlocale=ja_jp"
      },
      {
        "title": "DTLS Plaintext Recovery Attack",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20120104.txt"
      },
      {
        "title": "CVE-2011-4576 Information Disclosure vulnerability in OpenSSL",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_4576_information_disclosure"
      },
      {
        "title": "Multiple vulnerabilities in OpenSSL",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl"
      },
      {
        "title": "TLSA-2014-1",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2014/tlsa-2014-1j.html"
      },
      {
        "title": "VMSA-2012-0013",
        "trust": 0.8,
        "url": "http://www.vmware.com/jp/support/support-resources/advisories/vmsa-2012-0013.html"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120086 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120060 - security advisory"
      },
      {
        "title": "Red Hat: Important: rhev-hypervisor6 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120109 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120059 - security advisory"
      },
      {
        "title": "Debian CVElist Bug Report Logs: CVE-2011-4354: OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ea25fd33228ddfe870d0eb9177265369"
      },
      {
        "title": "Debian CVElist Bug Report Logs: Potential DTLS crasher bug",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=42b9da1ce27bbcacbdb9142890b6ad6b"
      },
      {
        "title": "Debian Security Advisories: DSA-2390-1 openssl -- several vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e583d2cd94d02b09eb008edba3c25e28"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2012-038",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2012-038"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1357-1"
      },
      {
        "title": "VMware Security Advisories: VMware vSphere and vCOps updates to third party libraries",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=ebfa7ecfec1f973ff975279d7fce2976"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2011-4576"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001019"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001019"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4576"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "http://www.openssl.org/news/secadv_20120104.txt"
      },
      {
        "trust": 1.5,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-1307.html"
      },
      {
        "trust": 1.5,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-1308.html"
      },
      {
        "trust": 1.5,
        "url": "http://www.kb.cert.org/vuls/id/737740"
      },
      {
        "trust": 1.4,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041"
      },
      {
        "trust": 1.4,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
      },
      {
        "trust": 1.4,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-1306.html"
      },
      {
        "trust": 1.4,
        "url": "http://support.apple.com/kb/ht5784"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564"
      },
      {
        "trust": 1.1,
        "url": "http://w3.efi.com/fiery"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:006"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:007"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/48528"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2012/dsa-2390"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2013/jun/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-november/092905.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/55069"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57353"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4576"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619"
      },
      {
        "trust": 0.8,
        "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64"
      },
      {
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu91284469/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu92046435/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4576"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4109"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4576.html"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4619.html"
      },
      {
        "trust": 0.4,
        "url": "http://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577"
      },
      {
        "trust": 0.3,
        "url": "http://www.attachmate.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg400001530"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg400001529"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us"
      },
      {
        "trust": 0.3,
        "url": "https://www14.software.ibm.com/webapp/iwm/web/prelogin.do?source=aixbp"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100157565"
      },
      {
        "trust": 0.3,
        "url": "http://blog.pfsense.org/?p=676"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21637929"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/1708.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2502.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631429"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626257"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651196"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100156631"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100156392"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100157969"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100161892"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100161590"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643698"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912"
      },
      {
        "trust": 0.3,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03383940"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638022"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/support/docview.wss?uid=swg21619837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631322"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001560"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24030251"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033501"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004323"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643442"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651176"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21627934"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21633107"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635888"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638669"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638670"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643439"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643437"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15314.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15388.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15389.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15395.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15460.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15461.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643316"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100158312"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100150578"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100156392"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4109.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0884"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110"
      },
      {
        "trust": 0.3,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.3,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2333"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-2333.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-2110.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-0884.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4108.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-1165.html"
      },
      {
        "trust": 0.2,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/kb/docs/doc-11259"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-0029.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0029"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/310.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2012:0086"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/1357-1/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=5.1.2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4410"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4325"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0830"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4110"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5029"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2496"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2761"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3188"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5064"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4180"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0014"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1089"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2699"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4252"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4609"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3597"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4132"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4324"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2484"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.0.0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2016"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4078"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2014"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4415"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2012"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-0168.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-0207.html"
      },
      {
        "trust": 0.1,
        "url": "https://docs.redhat.com/docs/en-us/red_hat_enterprise_virtualization_for_servers/2.2/html/technical_notes/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4354"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1473"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-e41b71e6cfbe471dbd029deaab"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0050"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1583"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3192"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2691"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0027"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4108"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4619"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4109"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-0109.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4577.html"
      },
      {
        "trust": 0.1,
        "url": "http://docs.redhat.com/docs/en-us/red_hat_enterprise_virtualization/3.0/html/technical_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3210"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4576"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001019"
      },
      {
        "db": "PACKETSTORM",
        "id": "116824"
      },
      {
        "db": "PACKETSTORM",
        "id": "116124"
      },
      {
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "db": "PACKETSTORM",
        "id": "108700"
      },
      {
        "db": "PACKETSTORM",
        "id": "113582"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "PACKETSTORM",
        "id": "109788"
      },
      {
        "db": "PACKETSTORM",
        "id": "109073"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4576"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4576"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001019"
      },
      {
        "db": "PACKETSTORM",
        "id": "116824"
      },
      {
        "db": "PACKETSTORM",
        "id": "116124"
      },
      {
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "db": "PACKETSTORM",
        "id": "108700"
      },
      {
        "db": "PACKETSTORM",
        "id": "113582"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "PACKETSTORM",
        "id": "109788"
      },
      {
        "db": "PACKETSTORM",
        "id": "109073"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4576"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-03-18T00:00:00",
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "date": "2012-01-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-4576"
      },
      {
        "date": "2012-01-05T00:00:00",
        "db": "BID",
        "id": "51281"
      },
      {
        "date": "2012-01-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001019"
      },
      {
        "date": "2012-09-25T00:15:05",
        "db": "PACKETSTORM",
        "id": "116824"
      },
      {
        "date": "2012-09-01T00:00:25",
        "db": "PACKETSTORM",
        "id": "116124"
      },
      {
        "date": "2012-09-25T00:15:41",
        "db": "PACKETSTORM",
        "id": "116826"
      },
      {
        "date": "2012-06-28T03:39:12",
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "date": "2012-02-21T15:34:06",
        "db": "PACKETSTORM",
        "id": "110012"
      },
      {
        "date": "2012-01-16T02:59:37",
        "db": "PACKETSTORM",
        "id": "108700"
      },
      {
        "date": "2012-06-12T22:49:22",
        "db": "PACKETSTORM",
        "id": "113582"
      },
      {
        "date": "2012-01-17T01:20:23",
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "date": "2012-02-15T22:44:29",
        "db": "PACKETSTORM",
        "id": "109788"
      },
      {
        "date": "2012-01-25T16:35:29",
        "db": "PACKETSTORM",
        "id": "109073"
      },
      {
        "date": "2012-01-06T01:55:00.877000",
        "db": "NVD",
        "id": "CVE-2011-4576"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-05-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "date": "2016-08-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-4576"
      },
      {
        "date": "2015-04-13T21:31:00",
        "db": "BID",
        "id": "51281"
      },
      {
        "date": "2014-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001019"
      },
      {
        "date": "2016-08-23T02:04:39.383000",
        "db": "NVD",
        "id": "CVE-2011-4576"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "51281"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "51281"
      }
    ],
    "trust": 0.3
  }
}

var-200110-0343
Vulnerability from variot

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: PGP 8.1

iQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I otH/juFiPayhwdxQwX1pZwdm =e4BA -----END PGP SIGNATURE----- . OpenSSL Security Advisory [28th September 2006]

New OpenSSL releases are now available to correct four security issues.

ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)

Vulnerability

Dr. S. N. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940).

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. N. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

Acknowledgements

The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Acknowledgements

The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20060928.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0343",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "5.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "6.06"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "5.10"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.10"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.9"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "x8610.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.50.3.45"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "ciscosecure acs appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1111"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "mds 9216i",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.10.2.65"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "ciscosecure acs for windows and unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.48"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.47"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.22"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i standard edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i personal edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i enterprise edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle8i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "oracle8i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4.0"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.5"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.4.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.0.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.2.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.1.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "identity management 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.0.1"
      },
      {
        "model": "9i application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0.2.2"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3"
      },
      {
        "model": "e-business suite 11i cu2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.9"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.8"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.7"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "developer suite 6i",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.2"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.1"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.0"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.2.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle for openview for linux ltu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1.1"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.7"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with the discovery of this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "20246"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-4343",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4343",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#221788",
            "trust": 0.8,
            "value": "4.20"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nReferences: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I\notH/juFiPayhwdxQwX1pZwdm\n=e4BA\n-----END PGP SIGNATURE-----\n. OpenSSL Security Advisory [28th September 2006]\n\nNew OpenSSL releases are now available to correct four security\nissues. \n\n\nASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)\n==============================================================\n\nVulnerability\n-------------\n\nDr. S. N. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  This can result in an infinite loop which\nconsumes system memory (CVE-2006-2937).  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. This could be used by an attacker in a denial of\nservice attack (CVE-2006-2940). \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. N. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20060928.txt\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      }
    ],
    "trust": 4.68
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 3.7
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 2.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 2.1
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25420",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1973",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4443",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29263",
        "trust": 1.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4773",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "id": "VAR-200110-0343",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.32525984999999996
  },
  "last_update_date": "2024-05-21T19:25:53.228000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.7,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 1.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/386964"
      },
      {
        "trust": 1.2,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25420"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29263"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4443"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1973"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10207"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4356"
      },
      {
        "trust": 1.0,
        "url": "https://www.exploit-db.com/exploits/4773"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/index.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/221788"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/457193"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/464470"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458657"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458036"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458006"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458037"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458005"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458041"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458038"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458475"
      },
      {
        "trust": 0.3,
        "url": "http://docs.info.apple.com/article.html?artnum=307177"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20246"
      },
      {
        "date": "2007-01-16T00:00:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T09:25:00",
        "db": "BID",
        "id": "20246"
      },
      {
        "date": "2008-05-20T23:05:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2018-10-17T21:36:13.210000",
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "20246"
      }
    ],
    "trust": 0.3
  }
}

var-200609-1209
Vulnerability from variot

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

               VMware Security Advisory

Advisory ID: VMSA-2007-0001 Synopsis: VMware ESX server security updates Issue date: 2007-01-08 Updated on: 2007-01-08 CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-4980

  1. Summary:

Updated ESX Patches address several security issues.

  1. Relevant releases:

VMware ESX 3.0.1 without patch ESX-9986131 VMware ESX 3.0.0 without patch ESX-3069097

VMware ESX 2.5.4 prior to upgrade patch 3 VMware ESX 2.5.3 prior to upgrade patch 6 VMware ESX 2.1.3 prior to upgrade patch 4 VMware ESX 2.0.2 prior to upgrade patch 4

  1. Problem description:

Problems addressed by these patches:

a. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) assigned the name CVE-2006-3589 to this issue.

b. OpenSSL library vulnerabilities:

ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

(CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
allows remote attackers to cause a denial of service (infinite
loop and memory consumption) via malformed ASN.1 structures that
trigger an improperly handled error condition.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
CVE-2006-4339, and CVE-2006-4343 to these issues.

c. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

(CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
SSH protocol, allows remote attackers to cause a denial of service
(CPU consumption) via an SSH packet that contains duplicate blocks,
which is not properly handled by the CRC compensation attack
detector.

NOTE: ESX by default disables version 1 SSH protocol.

(CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
allows remote attackers to cause a denial of service (crash), and
possibly execute arbitrary code if GSSAPI authentication is enabled,
via unspecified vectors that lead to a double-free.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.

d. Object reuse problems with newly created virtual disk (.vmdk or .dsk) files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w.

e. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2006-4980 to this issue.
  1. Solution:

Please review the Patch notes for your version of ESX and verify the md5sum.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Contact:

http://www.vmware.com/security

VMware Security Response Policy http://www.vmware.com/vmtn/technology/security/security_response.html

E-mail: security@vmware.com

Copyright 2007 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE neFG0RikD74TCYeXKW6CBy4= =9/6k -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

BACKGROUND

RESOLUTION

HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

PRODUCT SPECIFIC INFORMATION

The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code. Additionally Dr.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

. OpenSSL Security Advisory [28th September 2006]

New OpenSSL releases are now available to correct four security issues.

ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)

Vulnerability

Dr. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940).

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

Acknowledgements

The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Acknowledgements

The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. Corrected: 2007-10-03 21:39:43 UTC (RELENG_6, 6.2-STABLE) 2007-10-03 21:40:35 UTC (RELENG_6_2, 6.2-RELEASE-p8) 2007-10-03 21:41:22 UTC (RELENG_6_1, 6.1-RELEASE-p20) 2007-10-03 21:42:00 UTC (RELENG_5, 5.5-STABLE) 2007-10-03 21:42:32 UTC (RELENG_5_5, 5.5-RELEASE-p16) CVE Name: CVE-2007-5135

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II.

III.

IV. Workaround

No workaround is available, but only applications using the SSL_get_shared_ciphers() function are affected. Solution

Perform one of the following:

1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the correction date.

2) To patch your present system:

The following patch have been verified to apply to FreeBSD 5.5, 6.1, and 6.2 systems.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch

fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc

b) Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

cd /usr/src/secure/lib/libssl

make obj && make depend && make && make install

VI. Correction details

The following list contains the revision numbers of each file that was corrected in FreeBSD.

Branch Revision Path

RELENG_5 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.3 RELENG_5_5 src/UPDATING 1.342.2.35.2.16 src/sys/conf/newvers.sh 1.62.2.21.2.18 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.4.2 RELENG_6 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.2 RELENG_6_2 src/UPDATING 1.416.2.29.2.11 src/sys/conf/newvers.sh 1.69.2.13.2.11 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.1.2.1 RELENG_6_1 src/UPDATING 1.416.2.22.2.22 src/sys/conf/newvers.sh 1.69.2.11.2.22 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.6.2

VII

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1209",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-26000"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.10"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.9"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "networks meridian option 61c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "systems management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.168"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "x8610.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux database server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "stonebeat fullcluster for gauntlet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1050"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "networks meridian option 51c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "aironet acs350 c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3502.6"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "6000"
      },
      {
        "model": "networks cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1000"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.5"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "fuji",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "networks meridian option 81c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.4"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "networks self-service mps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5000"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5.2"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "2700"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1740"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1010"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "stonegate ips sensor and analyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.1"
      },
      {
        "model": "networks communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1000"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0.0x64"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.50.3.45"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-45000"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "networks vpn router contivity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "-46000"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "17500"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "5000"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "ciscosecure acs appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1111"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.6"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "networks ip address domain manager",
        "scope": null,
        "trust": 0.3,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "mds 9216i",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6.3"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.10.2.65"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "networks meridian option 11c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1-0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0.1"
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1700"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "ciscosecure acs for windows and unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "stonebeat fullcluster for isa server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "networks vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "1100"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "stonegate high availability firewall and vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.6"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "networks wlan access point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "7250.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.48"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.47"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.22"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i standard edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i personal edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i enterprise edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle8i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "oracle8i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4.0"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.5"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.4.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.0.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.2.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.1.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "identity management 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.0.1"
      },
      {
        "model": "9i application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0.2.2"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3"
      },
      {
        "model": "e-business suite 11i cu2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.9"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.8"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.7"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "developer suite 6i",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.2"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.1"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.0"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.2.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle for openview for linux ltu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1.1"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.7"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Tavis Ormandy taviso@gentoo.org Will Drewry wad@google.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-3738",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-3738",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#221788",
            "trust": 0.8,
            "value": "4.20"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-536",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nSuccessfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2007-0001\nSynopsis:          VMware ESX server security updates\nIssue date:        2007-01-08\nUpdated on:        2007-01-08\nCVE:               CVE-2006-3589 CVE-2006-2937 CVE-2006-2940\n                   CVE-2006-3738 CVE-2006-4339 CVE-2006-4343\n                   CVE-2006-4980\n- -------------------------------------------------------------------\n\n1. Summary:\n\nUpdated ESX Patches address several security issues. \n\n2. Relevant releases:\n\nVMware ESX 3.0.1 without patch ESX-9986131\nVMware ESX 3.0.0 without patch ESX-3069097\n\nVMware ESX 2.5.4 prior to upgrade patch 3\nVMware ESX 2.5.3 prior to upgrade patch 6\nVMware ESX 2.1.3 prior to upgrade patch 4\nVMware ESX 2.0.2 prior to upgrade patch 4\n\n3. Problem description:\n\nProblems addressed by these patches:\n\na. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. The Common Vulnerabilities and Exposures project\n    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue. \n\nb. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,\n    CVE-2006-4339, and CVE-2006-4343 to these issues. \n\nc. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4\n    allows remote attackers to cause a denial of service (crash), and\n    possibly execute arbitrary code if GSSAPI authentication is enabled,\n    via unspecified vectors that lead to a double-free. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,\n    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues. \n\nd. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. \n\ne. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the name CVE-2006-4980 to this issue. \n\n4. Solution:\n\nPlease review the Patch notes for your version of ESX and verify the md5sum. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. Contact:\n\nhttp://www.vmware.com/security\n\nVMware Security Response Policy\nhttp://www.vmware.com/vmtn/technology/security/security_response.html\n\nE-mail:  security@vmware.com\n\nCopyright 2007 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE\nneFG0RikD74TCYeXKW6CBy4=\n=9/6k\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nReferences: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. Additionally Dr. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n. OpenSSL Security Advisory [28th September 2006]\n\nNew OpenSSL releases are now available to correct four security\nissues. \n\n\nASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)\n==============================================================\n\nVulnerability\n-------------\n\nDr. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  This can result in an infinite loop which\nconsumes system memory (CVE-2006-2937).  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. This could be used by an attacker in a denial of\nservice attack (CVE-2006-2940). \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. \nCorrected:      2007-10-03 21:39:43 UTC (RELENG_6, 6.2-STABLE)\n                2007-10-03 21:40:35 UTC (RELENG_6_2, 6.2-RELEASE-p8)\n                2007-10-03 21:41:22 UTC (RELENG_6_1, 6.1-RELEASE-p20)\n                2007-10-03 21:42:00 UTC (RELENG_5, 5.5-STABLE)\n                2007-10-03 21:42:32 UTC (RELENG_5_5, 5.5-RELEASE-p16)\nCVE Name:       CVE-2007-5135\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured,\nand Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. \n\nIII. \n\nIV.  Workaround\n\nNo workaround is available, but only applications using the\nSSL_get_shared_ciphers() function are affected.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the\nRELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the\ncorrection date. \n\n2) To patch your present system:\n\nThe following patch have been verified to apply to FreeBSD 5.5, 6.1,\nand 6.2 systems. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch\n# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# cd /usr/src/secure/lib/libssl\n# make obj \u0026\u0026 make depend \u0026\u0026 make \u0026\u0026 make install\n\nVI.  Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nBranch                                                           Revision\n  Path\n- -------------------------------------------------------------------------\nRELENG_5\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.11.2.3\nRELENG_5_5\n  src/UPDATING                                            1.342.2.35.2.16\n  src/sys/conf/newvers.sh                                  1.62.2.21.2.18\n  src/crypto/openssl/ssl/ssl_lib.c                       1.1.1.11.2.1.4.2\nRELENG_6\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.2.2\nRELENG_6_2\n  src/UPDATING                                            1.416.2.29.2.11\n  src/sys/conf/newvers.sh                                  1.69.2.13.2.11\n  src/crypto/openssl/ssl/ssl_lib.c                       1.1.1.12.2.1.2.1\nRELENG_6_1\n  src/UPDATING                                            1.416.2.22.2.22\n  src/sys/conf/newvers.sh                                  1.69.2.11.2.22\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.6.2\n- -------------------------------------------------------------------------\n\nVII",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "PACKETSTORM",
        "id": "59797"
      }
    ],
    "trust": 5.22
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 3.7
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738",
        "trust": 3.2
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 2.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22654",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22633",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30161",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4314",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4443",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29262",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "59797",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "59797"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "id": "VAR-200609-1209",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.346980685
  },
  "last_update_date": "2024-05-24T22:28:34.807000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/547300"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22633"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22654"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30161"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29262"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20249"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4314"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4443"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026documentoid=498093\u0026renditionid=\u0026poid=8881"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4256"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9370"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.4,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.4,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.4,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/en/support/security_advisories/2909_2006.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "/archive/1/481217"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www116.nortelnetworks.com/pub/repository/clarify/document/2006/44/021420-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/index.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/221788"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/457193"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/464470"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458657"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458036"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458006"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458037"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458005"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458041"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458038"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458475"
      },
      {
        "trust": 0.3,
        "url": "http://docs.info.apple.com/article.html?artnum=307177"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
      },
      {
        "trust": 0.1,
        "url": "http://h30097.www3.hp.com/cma/patches.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5135"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-07:08/openssl.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3738"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5135"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-07:08.openssl.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-07:08/openssl.patch"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=119091888624735"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "59797"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20249"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "59797"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20249"
      },
      {
        "date": "2007-01-16T00:00:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2007-04-19T00:58:08",
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "date": "2007-10-05T05:29:31",
        "db": "PACKETSTORM",
        "id": "59797"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2011-05-10T00:45:11",
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2011-05-09T19:52:00",
        "db": "BID",
        "id": "20249"
      },
      {
        "date": "2008-05-20T23:05:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      },
      {
        "date": "2018-10-17T21:29:08.090000",
        "db": "NVD",
        "id": "CVE-2006-3738"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-536"
      }
    ],
    "trust": 0.6
  }
}

var-200911-0398
Vulnerability from variot

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Hitachi Web Server for, SSL There is a vulnerability in which arbitrary data is inserted at the beginning of communication data when using the function.Arbitrary data may be inserted at the beginning of communication data by a third party. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction.

SOLUTION: Apply updates (please see the vendor's advisory for details). =========================================================== Ubuntu Security Notice USN-860-1 November 19, 2009 apache2 vulnerabilities CVE-2009-3094, CVE-2009-3095, CVE-2009-3555 ===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.9

Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.14

Ubuntu 8.10: apache2.2-common 2.2.9-7ubuntu3.5

Ubuntu 9.04: apache2.2-common 2.2.11-2ubuntu2.5

Ubuntu 9.10: apache2.2-common 2.2.12-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. The flaw is with TLS renegotiation and potentially affects any software that supports this feature. Attacks against the HTTPS protocol are known, with the severity of the issue depending on the safeguards used in the web application. Until the TLS protocol and underlying libraries are adjusted to defend against this vulnerability, a partial, temporary workaround has been applied to Apache that disables client initiated TLS renegotiation. This update does not protect against server initiated TLS renegotiation when using SSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. Users can defend againt server inititiated TLS renegotiation attacks by adjusting their Apache configuration to use SSLVerifyClient and SSLCipherSuite only on the server or virtual host level. (CVE-2009-3555)

It was discovered that mod_proxy_ftp in Apache did not properly sanitize its input when processing replies to EPASV and PASV commands. An attacker could use this to cause a denial of service in the Apache child process. (CVE-2009-3094)

Another flaw was discovered in mod_proxy_ftp. (CVE-2009-3095)

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz
  Size/MD5:   130638 5d172b0ca228238e211940fad6b0935d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc
  Size/MD5:     1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
  Size/MD5:  6092031 45e32c9432a8e3cf4227f5af91b03622

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb
  Size/MD5:  2125884 643115e9135b9bf626f3a65cfc5f2ed3

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:   834492 818915da9848657833480b1ead6b4a12
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:   229578 9086ac3033e0425ecd150b31b377ee76
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:   224594 85a4480344a072868758c466f6a98747
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:   229128 446b52088b9744fb776e53155403a474
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:   172850 17e4cd95ecb9d0390274fca9625c2e5e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:   173636 b501407d01fa07e5807c28cd1db16cd7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:    95454 a06ee30ec14b35003ebcb821624bc2af
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:    37510 4c063b1b8d831ea8a02d5ec691995dec
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:   287048 9cdc7502ebc526d4bc7df9b59a9d8925
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:   145624 4b613a57da2ca57678e8c8f0c1628556

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:   787870 67b1855dc984e5296ac9580e2a2f0a0c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:   204122 edf40b0ff5c1824b2d6232da247ce480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:   200060 6267a56fcef78f6300372810ce36ea41
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:   203580 c487929bbf45b5a4dc3d035d86f7b3a0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:   172876 bae257127c3d137e407a7db744f3d57a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:   173660 9dd0e108ab4d3382799b29d901bf4502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:    93410 d5d602c75a28873f1cd7523857e0dd80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:    37508 22049e1ea8ea88259ff3f6e94482cfb3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:   263066 43fa2ae3b43c4743c98c45ac22fb0250
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:   133484 e70b7f81859cb92e0c50084e92216526

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   860622 6d386da8da90d363414846dbc7fa7f08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   221470 8c207b379f7ba646c94759d3e9079dd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   217132 069cab77278b101c3c4a5b172f36ba9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   220968 2f6ba65769fc964eb6dfec8a842f7621
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   172874 89137c84b5a33f526daf3f8b4c047a7e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   173662 23e576721faccb4aef732cf98e2358d4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   105198 44f9e698567784555db7d7d971b9fce2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:    37518 fe7caa2a3cf6d4227ac34692de30635e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   282644 ec0306c04778cf8c8edd622aabb0363c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   142730 d43356422176ca29440f3e0572678093

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:   805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:   211674 eb19532b9b759c806e9a95a4ffbfad9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:   207344 9e5770a4c94cbc4f9bc8cc11a6a038f1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:   210948 6d1d2357cec5b88c1c2269e5c16724bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:   172882 d04dd123def1bc4cfbf2ac0095432eea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:   173662 6be46bbb9e92224020da49d657cb4cd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:    94510 9df6ae07a9218d6159b1eebde5d58606
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:    37506 89856bb1433e67fb23c8d34423d3e0a5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:   269070 bf585dec777b0306cd80663c11b020df
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:   131466 340eaf2d2c1f129c7676a152776cfcf3

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz
  Size/MD5:   141838 37d5c93b425758839cbef5afea5353a2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc
  Size/MD5:     1381 78c9a13cc2af0dbf3958a3fc98aeea84
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz
  Size/MD5:  6125771 39a755eb0f584c279336387b321e3dfc

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb
  Size/MD5:  1929318 d4faaf64c2c0af807848ea171a4efa90
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb
  Size/MD5:    72920 065d63c19b22f0f7a8f7c28952b0b408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb
  Size/MD5:  6258048 33c48a093bbb868ea108a50c051437cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb
  Size/MD5:    45850 07a9463a8e4fdf1a48766d5ad08b9a3c

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb
  Size/MD5:   253080 3c6467ee604002a5b8ebffff8554c568
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb
  Size/MD5:   248676 3c83ce9eb0a27f18b9c3a8c3e651cafa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb
  Size/MD5:   252490 cf379a515d967d89d2009be9e06d4833
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb
  Size/MD5:   205592 af6cb62114d2e70bf859c32008a66433
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb
  Size/MD5:   206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb
  Size/MD5:   141660 958585d6391847cd5a618464054f7d37
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb
  Size/MD5:   803974 76d23bd94465a2f96711dc1c41b31af0

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb
  Size/MD5:   236060 ad4c00dc10b406cc312982b7113fa468
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb
  Size/MD5:   231580 07ae6a192e6c859e49d48f2b2158df40
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb
  Size/MD5:   235308 18a44bbffcebde8f2d66fe3a6bdbab6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb
  Size/MD5:   205594 73ec71599d4c8a42a69ac3099b9d50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb
  Size/MD5:   206374 c1524e4fa8265e7eaac046b114b8c463
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb
  Size/MD5:   140644 379a125b8b5b51ff8033449755ab87b8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb
  Size/MD5:   755574 9de96c8719740c2525e3c0cf7836d60b

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb
  Size/MD5:   235578 0265d4f6ccee2d7b5ee10cfff48fed08
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb
  Size/MD5:   231234 611499fb33808ecdd232e2c5350f6838
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb
  Size/MD5:   234738 d7757d2da2e542ce0fdad5994be1d8bd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb
  Size/MD5:   205592 c10ac9eb401184c379b7993b6a62cde3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb
  Size/MD5:   206358 fc91c0159b096e744c42014e6e5f8909
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb
  Size/MD5:   141212 f87d5f443e5d8e1c3eda6f976b3ceb06
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb
  Size/MD5:   749716 86ae389b81b057288ff3c0b69ef68656

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb
  Size/MD5:   254134 4337f858972022fa196c9a1f9bb724fb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb
  Size/MD5:   249596 44a6e21ff8fa81d09dab19cab4caffdb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb
  Size/MD5:   253698 f101a1709f21320716d4c9afb356f24f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb
  Size/MD5:   205604 3f4d4f6733257a7037e35101ef792352
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb
  Size/MD5:   206386 06402188459de8dab5279b5bfef768fa
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb
  Size/MD5:   158390 0acffbdb7e5602b434c4f2805f8dc4d0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb
  Size/MD5:   906022 28c3e8b63d123a4ca0632b3fed6720b5

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb
  Size/MD5:   237422 5651f53b09c0f36e1333c569980a0eb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb
  Size/MD5:   233152 1165607c64c57c84212b6b106254e885
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb
  Size/MD5:   236606 bbe00d0707c279a16eca35258dd8f13a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb
  Size/MD5:   205598 76afcd4085fa6f39055a5a3f1ef34a43
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb
  Size/MD5:   206372 5c67270e0a19d1558cf17cb21a114833
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb
  Size/MD5:   143838 28e9c3811feeac70b846279e82c23430
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb
  Size/MD5:   765398 92c5b054b80b6258a1c4caac8248a40a

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz
  Size/MD5:   137715 0e8a6128ff37a1c064d4ce881b5d3df9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc
  Size/MD5:     1788 5e3c3d53b68ea3053bcca3a5e19f5911
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz
  Size/MD5:  6396996 80d3754fc278338033296f0d41ef2c04

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb
  Size/MD5:  2041786 cd1e98fb2064bad51f7845f203a07d79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb
  Size/MD5:  6538578 32e07db65f1e7b3002aedc3afce1748c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb
  Size/MD5:    45474 0f1b4fb499af61a596241bd4f0f4d35d

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:   254968 f2004f847cc5cbc730599352ad1f7dc6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:   249196 fb001fc4f192e9b8ae1bb7161925413c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:   254360 419b942bad4cf4d959afcfa3ce4314e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:   208524 0d87bf6acbf1ab5dc48c68debe7c0d26
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:    84490 2a4df4b619debe549f48ac3e9e764305
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:    82838 215665711684d5b5dd04cdfa23d36462
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:   209550 496d387e315370c0cd83489db663a356
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:   147762 48061b9015c78b39b7afd834f4c81ae0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:   820242 3497441009bc9db76a87fd2447ba433c

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:   241376 488812d1a311fd67dafd5b18b6813920
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:   236082 9256681808703f40e822c81b53f4ce3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:   240668 2b6b7c11a88ed5a280f603305bee880e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:   208532 e0eccceba6cae5fb12f431ff0283a23e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:    83922 ea5f69f36e344e493cce5d9c0bc69c46
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:    82320 0d9b2f9afff4b9efe924b59e9bb039ea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:   209554 f4e53148ae30d5c4f060d455e4f11f95
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:   146596 5ed6a4af9378bacfb7d4a034d9923915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:   778564 ffd7752394933004094c13b00113b263

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:   238358 4955c7d577496ea4f3573345fad028a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:   232964 76aecf38baba17a8a968329b818ec74a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:   237626 83f32bd08e2e206bbdb9f92cfb1a37e5
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:   208528 6672fb116e108687669c89197732fbb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:    83870 b8f875f197017aec0fe8203c203065d7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:    82296 d6724391ed540b351e2b660ba98af1ca
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:   209550 263b43fb11c6d954d5a4bf7839e720a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:   146282 a225b8d0f48e141eea28b2369d4595c0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:   766494 454c737e191429c43ad3f28c9e0294a0

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:   261510 d3e1155682726cc28859156e647d97b3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:   256082 e49d894a6e9ab612a3cbd2f189ca3d8d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:   260850 bc3cd7677cd630ac00424e73a3a6b343
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:   208542 ae1cc6b1323832528ad8f0e7130ec87d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:    84558 68452b686e89320007e9c5367ce36345
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:    82908 2b8c5fc4bdec1017735dc16eba41d0a6
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:   209562 a8da7487e3dcd1bdff008956728b8dd3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:   161030 a5ffe07d5e3050c8a54c4fccd3732263
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:   926240 8282583e86e84bd256959540f39a515d

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:   246720 e54b4b9b354001a910ec9027dc90b0d2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:   241280 1eea25472875056e34cd2c3283c60171
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:   246024 5709e7421814ecfb83fff5804d429971
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:   208528 25cdfd0177da7e5484d3d44f93257863
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:    84096 3ffbacffcc23ffc640a2ce05d35437bf
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:    82470 17d1ca84f9455c492013f4f754a1d365
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:   209546 696ef3652703523aea6208a4e51e48f1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:   150932 44c89e0249c85eed09b6f3a6a23db59d
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:   783902 773a80d7a85a452016da3b10b1f3ae43

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz
  Size/MD5:   141023 50d6737005a6d4fe601e223a39293f99
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc
  Size/MD5:     1795 59720f4d7ad291c986d92ec120750c3d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz
  Size/MD5:  6806786 03e0a99a5de0f3f568a0087fb9993af9

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb
  Size/MD5:  2219326 d29c903489b894ddf88b23a0fec23e5c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb
  Size/MD5:    46636 ee03585b00f277ed98c0de07a683317a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb
  Size/MD5:  6948222 a3505a83c13cf36c86248079127dd84d

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:   259028 5e9bddefad4c58c3ef9fd15d7a06988d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:   253218 ee1bfbb759ffade3a52a6782e2f4b66d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:   258414 8ef063026de9790bac1965427ce1b584
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:   213294 09701d434bd102e4205e551b4525afd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:   214258 e98de48ea01e1132c5f1248a9a018745
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:   151140 2f7c7f14b843b2c24de8c67356406449
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:   826834 28abdf1c7be886e9be2825d351abaec7
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:    87818 670c62615e107920c45893b3377ab2a0
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:    86094 5a7c68fd37066287b4819cba4cfed1f2

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:   245538 952540b7679ebc8d3ffc953f32d3be0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:   240048 08a7fd4888ffd9188890e57c613c4be7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:   244914 955bb5121da808d44aa994386d90723f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:   213308 dd16143608ff8c41cb2d5cd27212a57e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:   214280 1e1f5d6feef40413f823a19126a018e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:   150046 0769d86d26282d1d31615050ae5b8915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:   784198 8760e9c37147d0472dbbfe941c058829
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:    87182 21980cb1035d05f69b857870bbcbc085
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:    85572 6a1b8a5e4cb19e815e88335757b06cf3

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:   242386 859ad63822b7e82c81cd6dcaca088c4a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:   236924 200538ce94218c9d8af8532636bfd40a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:   241822 3a3183ea4ee77d2677919d3b698f92a1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:   213286 bf81273b1db0a4a621085171c2b2b421
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:   214264 ed278dab71289d2baae2ea409382fbf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:   149758 75f6e2d7bd1cdfe5b1806062c3c859df
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:   773424 c7cdc26051bd9443ae25b73776537fb5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:    87132 32e7ea89c96a0afce7ce1da457d947fb
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:    85550 1d9b5963aa6ea5c01492ec417ab8510a

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:   265476 5d03fe6b2da8de98c876941ff78b066f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:   260478 3e3aeaaf496cc86c62a831c59994c1f2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:   265154 5eae30e7a33c09b37483f3aab595d0e9
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:   213314 879534ebabbb8be86b606e1800dc9cf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:   214286 922033231a6aa67ecca1c400d47f09c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:   164444 74faf68f0baeffcd011155ca9b201039
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:   932416 2911758e4ad1b3b401369621301ea76f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:    87876 1d45c033ec5498c092f30188cf1d481e
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:    86154 52c1d8806d52fef6f43ab53662953953

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:   250786 4e8e98dcba5543394ed5f07d141ce408
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:   245094 a82bf04fc92b8c275b0c0f25cc81ff91
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:   250110 092cf734813ae1d127d7b4f498f936c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:   213312 98d7062a6bdb58637f7e850b76bfbc80
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:   214286 a378e2e0418631cec0f398379a446172
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:   154284 ce8b7bbccd359675b70426df15becfed
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:   789298 11f088b18425b97367d5bc141da2ef2f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:    87384 477b6594866c8c73a8a3603e7e646c68
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:    85686 5562ea5a0e6f01ba12adda3afb65c1b0

Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz
  Size/MD5:   185244 1ef59f9642bd9efa35e0808ea804cd0b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc
  Size/MD5:     1888 d3bfdecefdd8b1adec8ab35dcf85d2b3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz
  Size/MD5:  6678149 17f017b571f88aa60abebfe2945d7caf

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb
  Size/MD5:  2246560 be12bcc117bf165ffd3401486186762e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb
  Size/MD5:     2336 009d381342b0be5280835a46c91f01d9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb
  Size/MD5:     2374 7545a3750acea08e95bee86f6a3247e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb
  Size/MD5:     2314 17719223d92d46821098ce178b5947d6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb
  Size/MD5:   284782 4321e3201d8e8d1a9e3c6fbe6864102b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb
  Size/MD5:     1424 7b4d96008368549d5600a8c1f64a7559
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb
  Size/MD5:     2366 46add3d428c97fa69a8848a3e4025bb0

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb
  Size/MD5:   137080 91e4f72d0f1f0abe91555e1497558fc2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb
  Size/MD5:   138176 5fd6a5ed536306528f9f2c1a0281ad70
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb
  Size/MD5:   156646 cfa55666363303b3f44a24fa2929bf01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb
  Size/MD5:  1399630 82b36d57faa29a646e72a1125600c11c
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb
  Size/MD5:    92488 ddebef9d1a537520380f85b63c512bef
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb
  Size/MD5:    90880 c6d163edf145da8ff6d102dc0dd1f8d7

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb
  Size/MD5:   137102 69dcd0519ca612e02102f52dcb50bf7f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb
  Size/MD5:   138200 17221b53903d664823a55faa1ec4d9a9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb
  Size/MD5:   155166 4347806710edff47fc051b4a68d5b448
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb
  Size/MD5:  1309136 d9a7df212b315fc6f77fc87fa8eb4a04
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb
  Size/MD5:    91876 289bf732dd4750a2ce61ab121b04b079
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb
  Size/MD5:    90316 add7f446f6b524343c0066a486dd299a

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb
  Size/MD5:   137088 571e9f0370b5687acff25f71c4efe33e
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb
  Size/MD5:   138192 816a6e033f02114553bbb3627b9c6f9c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb
  Size/MD5:   155090 af8272dc794250c30cd2f66b82486dc2
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb
  Size/MD5:  1290606 4c51de07f5a6fe9612de45369e6f35a5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb
  Size/MD5:    91830 06866386df811127f4fd71d6fb2a9e2a
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb
  Size/MD5:    90312 9e68bd8111503135a4eae7265b0084ae

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb
  Size/MD5:   137096 61b24dbeb12d7998e5d7014c26410a99
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb
  Size/MD5:   138202 599898ff374bde8bfa388e2615064c5a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb
  Size/MD5:   161058 fea8f5b9a80bef9c4cb3405bc37160af
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb
  Size/MD5:  1390150 fb1a244728a509586b77d02930fcf10f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb
  Size/MD5:    92400 572c3b0aa5ab717e8c4e4e8248aff1ff
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb
  Size/MD5:    90774 82011ebc757d31e690698cf9913e3adc

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb
  Size/MD5:   137098 7f566dfade1678c72eac7dd923ab5987
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb
  Size/MD5:   138202 09fbc3145d768cf1f204d47b50e21528
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb
  Size/MD5:   159488 7cb6c81588adaee162b8c85a1f69e7a7
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb
  Size/MD5:  1297936 106b0b71f5e928c1d543973b5b1f015b
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb
  Size/MD5:    92166 28899fe31226880dfa961d8b05e8fa43
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb
  Size/MD5:    90554 f207de0099ed259e2af736e8c82f91c2

. USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue.

After updating openssl, an Apache server will allow both patched and unpatched web browsers to connect, but unpatched browsers will not be able to renegotiate. This update introduces the new SSLInsecureRenegotiation directive for Apache that may be used to re-enable insecure renegotiations with unpatched web browsers. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2009:323 http://www.mandriva.com/security/

Package : apache Date : December 7, 2009 Affected: 2008.0

Problem Description:

Multiple vulnerabilities has been found and corrected in apache:

Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm (CVE-2008-1678). Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only).

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0.

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195).

The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890).

Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891).

The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command (CVE-2009-3094).

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095).

Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555).

Packages for 2008.0 are being provided due to extended support for Corporate products.

This update provides a solution to these vulnerabilities.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2

Updated Packages:

Mandriva Linux 2008.0: dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64: 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu MUj4lK2Wsb+qzbv2V+Ih30U= =VdZS -----END PGP SIGNATURE----- .

Additionally the NSPR package has been upgraded to 4.8.4 that brings numerous upstream fixes.

This update provides the latest versions of NSS and NSPR libraries and for which NSS is not vulnerable to this attack. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Aruba Networks Security Advisory

Title: TLS Protocol Session Renegotiation Security Vulnerability

Aruba Advisory ID: AID-020810 Revision: 1.0

For Public Release on 02/08/2010

+----------------------------------------------------

SUMMARY

This advisory addresses the renegotiation related vulnerability disclosed recently in Transport Layer Security protocol [1][2].

The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. If a client browser (victim) is configured to authenticate to the WebUI over HTTPS using a client certificate, an attacker can potentially use the victim's credentials temporarily to execute arbitrary HTTP request for each initiation of an HTTPS session from the victim to the WebUI. This would happen without any HTTPS/TLS warnings to the victim. This condition can essentially be exploited by an attacker for command injection in beginning of a HTTPS session between the victim and the ArubaOS WebUI.

ArubaOS itself does not initiate TLS renegotiation at any point and hence is only vulnerable to scenario where a client explicitly requests TLS renegotiation. Captive Portal users do not seem vulnerable to this issue unless somehow client certificates are being used to authenticate captive portal users.

AFFECTED ArubaOS VERSIONS

2.5.6.x, 3.3.2.x, 3.3.3.x, 3.4.0.x, 3.4.1.x, RN 3.1.x, 3.3.2.x-FIPS, 2.4.8.x-FIPS

CHECK IF YOU ARE VULNERABLE

The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. ArubaOS is vulnerable only if its configuration permits WebUI administration interface clients to connect using either username/password or client certificates. If only one of the two authentication method is allowed, this issue does not seem to apply.

Check if the following line appears in your configuration:

web-server mgmt-auth username/password certificate

If the exact line does not appear in the configuration, this issue does not apply.

DETAILS

An industry wide vulnerability was discovered in TLS protocol's renegotiation feature, which allows a client and server who already have a TLS connection to negotiate new session parameters and generate new key material. Renegotiation is carried out in the existing TLS connection. However there is no cryptographic binding between the renegotiated TLS session and the original TLS session. An attacker who has established MITM between client and server may be able to take advantage of this and inject arbitrary data into the beginning of the application protocol stream protected by TLS. Specifically arbitrary HTTP requests can be injected in a HTTPS session where attacker (MITM) blocks HTTPS session initiation between client and server, establishes HTTPS session with the server itself, injects HTTP data and initiates TLS renegotiation with the server. Then attacker allows the renegotiation to occur between the client and the server. After successful HTTPS session establishment with the server, now the client sends its HTTP request along with its HTTP credentials (cookie) to the server. However due to format of attacker's injected HTTP data, the client's HTTP request is not processed, rather the attacker's HTTP request gets executed with credentials of the client. The attacker is not able to view the results of the injected HTTP request due to the fact that data between the client and the server is encrypted over HTTPS.

ArubaOS itself does not initiate TLS renegotiation at any point. The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface.

Pre-requisites for this attack : 1. The attacker must be able to establish a MITM between the client and the server (ArubaOS WebUI). 2. The attacker must be able to establish a successful HTTPS session with the server (ArubaOS WebUI) 3. ArubaOS must be configured to allow certificate based HTTPS authentication for WebUI clients (client certs).

Captive Portal users do not seem vulnerable to this issue unless somehow client certificates are being used to authenticate captive portal users.

CVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)

WORKAROUNDS

Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical. However, in the event that a patch cannot immediately be applied, the following steps will help to mitigate the risk:

      • Disable certificate based HTTPS authentication (and only allow username-password based authentication) for WebUI clients. Client's username-password authentication POST request will prohibit attacker's injected HTTP data from executing with client's cookie. CLI command: web-server mgmt-auth username/password
      • Permit certificate based HTTPS authentication ONLY and disable username-password based authentication to WebUI. This will prohibit attacker from establishing a HTTPS session with ArubaOS (for MITM) without a valid client cert. CLI command: web-server mgmt-auth certificate

    Note: This step won't stop command injection from attackers who have valid client certificates but their assigned management role privileges are lower than that of the admin. This attack may allow them to run commands at higher privilege than what is permitted in their role.

      • Do not expose the Mobility Controller administrative interface to untrusted networks such as the Internet.

SOLUTION

Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical.

The following patches have the fix (any newer patch will also have the fix):

        • 2.5.6.24
        • 3.3.2.23
        • 3.3.3.2
        • 3.4.0.7
        • 3.4.1.1
        • RN 3.1.4

Please contact Aruba support for obtaining patched FIPS releases.

Please note: We highly recommend that you upgrade your Mobility Controller to the latest available patch on the Aruba support site corresponding to your currently installed release.

REFERENCES

[1] http://extendedsubset.com/?p=8

[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

+----------------------------------------------------

OBTAINING FIXED FIRMWARE

Aruba customers can obtain the firmware on the support website: http://www.arubanetworks.com/support.

Aruba Support contacts are as follows:

1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)

+1-408-754-1200 (toll call from anywhere in the world)

e-mail: support(at)arubanetworks.com

Please, do not contact either "wsirt(at)arubanetworks.com" or "security(at)arubanetworks.com" for software upgrades.

EXPLOITATION AND PUBLIC ANNOUNCEMENTS

This vulnerability will be announced at

Aruba W.S.I.R.T. Advisory: http://www.arubanetworks.com/support/alerts/aid-020810.txt

SecurityFocus Bugtraq http://www.securityfocus.com/archive/1

STATUS OF THIS NOTICE: Final

Although Aruba Networks cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Aruba Networks does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Aruba Networks may update this advisory.

A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.

DISTRIBUTION OF THIS ANNOUNCEMENT

This advisory will be posted on Aruba's website at: http://www.arubanetworks.com/support/alerts/aid-020810.txt

Future updates of this advisory, if any, will be placed on Aruba's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.

REVISION HISTORY

  Revision 1.0 / 02-08-2010 / Initial release

ARUBA WSIRT SECURITY PROCEDURES

Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at http://www.arubanetworks.com/support/wsirt.php

For reporting NEW Aruba Networks security issues, email can be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.arubanetworks.com/support/wsirt.php

  (c) Copyright 2010 by Aruba Networks, Inc.

This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktwksYACgkQp6KijA4qefXErQCeKJW3YU3Nl7JY4+2Hp2zqM3bN bWAAoJWQT+yeWX2q+02hNEwHWQtGf1YP =CrHf -----END PGP SIGNATURE----- . Transport Layer Security (TLS) is a protocol for ensuring the privacy of communication applications and their users over the Internet. Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01963123 Version: 1

HPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of

Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2009-12-21 Last Updated: 2009-12-21

Potential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running Apache v2.0.59.12 and earlier. The

vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).

References: CVE-2009-3555

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.12 and previous.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following temporary software updates to resolve the vulnerability.

NOTE: The vulnerability is resolved in OpenSSL 0.9.8l. HP-UX Apache v2.0.59.X versions use statically linked

libraries. HP-UX Apache v2.0.59.13 is compiled with OpenSSL 0.9.8l. Other versions of HP-UX Apache require the

HP-UX OpenSSL packages recommended in HPSBUX02482 SSRT090249, available here

http://www.itrc.hp.com/service/cki/secBullArchive.do

To review previously published Security Bulletins visit http://www.itrc.hp.com/service/cki/secBullArchive.do

The depots are available are available using ftp. Host / Account / Password

ftp.usa.hp.com / sb02498 / Secure12

HP-UX Release / Temporary Depot name / SHA-1 Sum

B.11.11 (IPv4 and IPv6) / Apache 2.0.59.13 PA-64-32-1111.depot / 3B6BE547403C28926482192408D5D5AB603A403D

B.11.23 PA-32 / Apache 2.0.59.13 IA-PA-32-1123.depot / 4809BAF0F83F78F60B7EC73FAF584D221B1CB4A7

B.11.23 IA-64 / Apache 2.0.59.13 IA-PA-64-1123.depot / 1D65F7D49883399F4D202E16754CF7DAE71E3B47

B.11.31 PA-32 / Apache 2.0.59.13 IA-PA-32-1131.depot / 943E21D4621B480B5E8E651ACB605B8F7EA47304

B.11.31 IA-64 / Apache 2.0.59.13 IA-PA-64-1131.depot / B8836FDB73434A3C26FB411E3F7CB3211129E5AC

MANUAL ACTIONS: Yes Install Apache v2.0.59.13 or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security

Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a

specific HP-UX system. It can also download patches and create a depot automatically. For more information

see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

For Apache IPv4 and IPv6 HP-UX B.11.11 ============= hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.13 or subsequent

HP-UX B.11.23

hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.13 or subsequent

HP-UX B.11.31

hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.13 or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 21 December 2009 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

References: CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740. The upgrades are available from the following location.

For Debian 7 (wheezy) this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default (CVE-2009-3555). TLS compression is disabled (CVE-2012-4929), although this is normally already disabled by the OpenSSL system library. Finally it adds the ability to disable the SSLv3 protocol (CVE-2014-3566) entirely via the new "DisableSSLv3" configuration directive, although it will not disabled by default in this update.

For Debian 8 (jessie) these issues have been fixed prior to the release, with the exception of client-initiated renegotiation (CVE-2009-3555). This update addresses that issue for jessie.

For the oldstable distribution (wheezy), these problems have been fixed in version 2.6-2+deb7u1.

For the stable distribution (jessie), these problems have been fixed in version 2.6-6+deb8u1.

For the unstable distribution (sid), these problems have been fixed in version 2.6-6.1.

We recommend that you upgrade your pound packages. ----------------------------------------------------------------------

Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management

Free webinars

http://secunia.com/vulnerability_scanning/corporate/webinars/

TITLE: OpenOffice.org Data Manipulation and Code Execution Vulnerabilities

SECUNIA ADVISORY ID: SA40070

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40070/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40070

RELEASE DATE: 2010-06-08

DISCUSS ADVISORY: http://secunia.com/advisories/40070/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/40070/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=40070

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to manipulate certain data or compromise a user's system.

1) An error in the TLS protocol while handling session re-negotiations in included libraries can be exploited to manipulate session data.

For more information see vulnerability #1 in: SA37291

2) An error when exploring python code through the scripting IDE can be exploited to potentially execute arbitrary code.

The vulnerabilities are reported in versions prior to 3.2.1.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2009-3555.html http://www.openoffice.org/security/cves/CVE-2010-0395.html

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. This could force the server to process an attacker's request as if authenticated using the victim's credentials.

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169 (CVE-2013-1619).

The updated packages have been patched to correct these issues. HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Due to a bug in lighttpd, the server fails to start in some configurations if using the updated openssl libraries.

The packages for the hppa, mips, and mipsel architectures are not yet available. They will be released as soon as they have been built

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200911-0398",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "10.10"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "9.04"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "13"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "nginx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "0.8.22"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "14"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "0.1.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "8.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "8.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "9.10"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "12"
      },
      {
        "model": "gnutls",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "gnu",
        "version": "2.8.5"
      },
      {
        "model": "http server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.2.14"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "11"
      },
      {
        "model": "nss",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "3.12.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "10.04"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "barracuda",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "hp virtual connect",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
        "version": null
      },
      {
        "model": "hpe matrix operating environment",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
        "version": null
      },
      {
        "model": "hpe systems insight manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
        "version": null
      },
      {
        "model": "hitachi web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#120541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.2.14",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8k",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.8.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.12.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.8.22",
                "versionStartIncluding": "0.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mandriva",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "83521"
      },
      {
        "db": "PACKETSTORM",
        "id": "88167"
      },
      {
        "db": "PACKETSTORM",
        "id": "84181"
      },
      {
        "db": "PACKETSTORM",
        "id": "120714"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2009-3555",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2011-001632",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-41001",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-3555",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-3555",
            "trust": 0.8,
            "value": "0"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2011-001632",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "VULHUB",
            "id": "VHN-41001",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#120541"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41001"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue. Hitachi Web Server for, SSL There is a vulnerability in which arbitrary data is inserted at the beginning of communication data when using the function.Arbitrary data may be inserted at the beginning of communication data by a third party. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). ===========================================================\nUbuntu Security Notice USN-860-1          November 19, 2009\napache2 vulnerabilities\nCVE-2009-3094, CVE-2009-3095, CVE-2009-3555\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 8.10\nUbuntu 9.04\nUbuntu 9.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n  apache2-common                  2.0.55-4ubuntu2.9\n\nUbuntu 8.04 LTS:\n  apache2.2-common                2.2.8-1ubuntu0.14\n\nUbuntu 8.10:\n  apache2.2-common                2.2.9-7ubuntu3.5\n\nUbuntu 9.04:\n  apache2.2-common                2.2.11-2ubuntu2.5\n\nUbuntu 9.10:\n  apache2.2-common                2.2.12-1ubuntu2.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\nprotocols. The flaw is with TLS renegotiation and\npotentially affects any software that supports this feature. Attacks\nagainst the HTTPS protocol are known, with the severity of the issue\ndepending on the safeguards used in the web application. Until the TLS\nprotocol and underlying libraries are adjusted to defend against this\nvulnerability, a partial, temporary workaround has been applied to Apache\nthat disables client initiated TLS renegotiation. This update does not\nprotect against server initiated TLS renegotiation when using\nSSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. \nUsers can defend againt server inititiated TLS renegotiation attacks by\nadjusting their Apache configuration to use SSLVerifyClient and\nSSLCipherSuite only on the server or virtual host level. (CVE-2009-3555)\n\nIt was discovered that mod_proxy_ftp in Apache did not properly sanitize\nits input when processing replies to EPASV and PASV commands. An attacker\ncould use this to cause a denial of service in the Apache child process. \n(CVE-2009-3094)\n\nAnother flaw was discovered in mod_proxy_ftp. \n(CVE-2009-3095)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz\n      Size/MD5:   130638 5d172b0ca228238e211940fad6b0935d\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc\n      Size/MD5:     1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n      Size/MD5:  6092031 45e32c9432a8e3cf4227f5af91b03622\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb\n      Size/MD5:  2125884 643115e9135b9bf626f3a65cfc5f2ed3\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:   834492 818915da9848657833480b1ead6b4a12\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:   229578 9086ac3033e0425ecd150b31b377ee76\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:   224594 85a4480344a072868758c466f6a98747\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:   229128 446b52088b9744fb776e53155403a474\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:   172850 17e4cd95ecb9d0390274fca9625c2e5e\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:   173636 b501407d01fa07e5807c28cd1db16cd7\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:    95454 a06ee30ec14b35003ebcb821624bc2af\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:    37510 4c063b1b8d831ea8a02d5ec691995dec\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:   287048 9cdc7502ebc526d4bc7df9b59a9d8925\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:   145624 4b613a57da2ca57678e8c8f0c1628556\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:   787870 67b1855dc984e5296ac9580e2a2f0a0c\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:   204122 edf40b0ff5c1824b2d6232da247ce480\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:   200060 6267a56fcef78f6300372810ce36ea41\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:   203580 c487929bbf45b5a4dc3d035d86f7b3a0\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:   172876 bae257127c3d137e407a7db744f3d57a\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:   173660 9dd0e108ab4d3382799b29d901bf4502\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:    93410 d5d602c75a28873f1cd7523857e0dd80\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:    37508 22049e1ea8ea88259ff3f6e94482cfb3\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:   263066 43fa2ae3b43c4743c98c45ac22fb0250\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:   133484 e70b7f81859cb92e0c50084e92216526\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   860622 6d386da8da90d363414846dbc7fa7f08\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   221470 8c207b379f7ba646c94759d3e9079dd4\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   217132 069cab77278b101c3c4a5b172f36ba9b\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   220968 2f6ba65769fc964eb6dfec8a842f7621\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   172874 89137c84b5a33f526daf3f8b4c047a7e\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   173662 23e576721faccb4aef732cf98e2358d4\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   105198 44f9e698567784555db7d7d971b9fce2\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:    37518 fe7caa2a3cf6d4227ac34692de30635e\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   282644 ec0306c04778cf8c8edd622aabb0363c\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   142730 d43356422176ca29440f3e0572678093\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:   805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:   211674 eb19532b9b759c806e9a95a4ffbfad9b\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:   207344 9e5770a4c94cbc4f9bc8cc11a6a038f1\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:   210948 6d1d2357cec5b88c1c2269e5c16724bc\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:   172882 d04dd123def1bc4cfbf2ac0095432eea\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:   173662 6be46bbb9e92224020da49d657cb4cd4\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:    94510 9df6ae07a9218d6159b1eebde5d58606\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:    37506 89856bb1433e67fb23c8d34423d3e0a5\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:   269070 bf585dec777b0306cd80663c11b020df\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:   131466 340eaf2d2c1f129c7676a152776cfcf3\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz\n      Size/MD5:   141838 37d5c93b425758839cbef5afea5353a2\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc\n      Size/MD5:     1381 78c9a13cc2af0dbf3958a3fc98aeea84\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz\n      Size/MD5:  6125771 39a755eb0f584c279336387b321e3dfc\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb\n      Size/MD5:  1929318 d4faaf64c2c0af807848ea171a4efa90\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb\n      Size/MD5:    72920 065d63c19b22f0f7a8f7c28952b0b408\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb\n      Size/MD5:  6258048 33c48a093bbb868ea108a50c051437cf\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb\n      Size/MD5:    45850 07a9463a8e4fdf1a48766d5ad08b9a3c\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb\n      Size/MD5:   253080 3c6467ee604002a5b8ebffff8554c568\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb\n      Size/MD5:   248676 3c83ce9eb0a27f18b9c3a8c3e651cafa\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb\n      Size/MD5:   252490 cf379a515d967d89d2009be9e06d4833\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb\n      Size/MD5:   205592 af6cb62114d2e70bf859c32008a66433\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb\n      Size/MD5:   206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb\n      Size/MD5:   141660 958585d6391847cd5a618464054f7d37\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb\n      Size/MD5:   803974 76d23bd94465a2f96711dc1c41b31af0\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb\n      Size/MD5:   236060 ad4c00dc10b406cc312982b7113fa468\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb\n      Size/MD5:   231580 07ae6a192e6c859e49d48f2b2158df40\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb\n      Size/MD5:   235308 18a44bbffcebde8f2d66fe3a6bdbab6d\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb\n      Size/MD5:   205594 73ec71599d4c8a42a69ac3099b9d50cf\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb\n      Size/MD5:   206374 c1524e4fa8265e7eaac046b114b8c463\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb\n      Size/MD5:   140644 379a125b8b5b51ff8033449755ab87b8\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb\n      Size/MD5:   755574 9de96c8719740c2525e3c0cf7836d60b\n\n  lpia architecture (Low Power Intel Architecture):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb\n      Size/MD5:   235578 0265d4f6ccee2d7b5ee10cfff48fed08\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb\n      Size/MD5:   231234 611499fb33808ecdd232e2c5350f6838\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb\n      Size/MD5:   234738 d7757d2da2e542ce0fdad5994be1d8bd\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb\n      Size/MD5:   205592 c10ac9eb401184c379b7993b6a62cde3\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb\n      Size/MD5:   206358 fc91c0159b096e744c42014e6e5f8909\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb\n      Size/MD5:   141212 f87d5f443e5d8e1c3eda6f976b3ceb06\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb\n      Size/MD5:   749716 86ae389b81b057288ff3c0b69ef68656\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb\n      Size/MD5:   254134 4337f858972022fa196c9a1f9bb724fb\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb\n      Size/MD5:   249596 44a6e21ff8fa81d09dab19cab4caffdb\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb\n      Size/MD5:   253698 f101a1709f21320716d4c9afb356f24f\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb\n      Size/MD5:   205604 3f4d4f6733257a7037e35101ef792352\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb\n      Size/MD5:   206386 06402188459de8dab5279b5bfef768fa\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb\n      Size/MD5:   158390 0acffbdb7e5602b434c4f2805f8dc4d0\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb\n      Size/MD5:   906022 28c3e8b63d123a4ca0632b3fed6720b5\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb\n      Size/MD5:   237422 5651f53b09c0f36e1333c569980a0eb0\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb\n      Size/MD5:   233152 1165607c64c57c84212b6b106254e885\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb\n      Size/MD5:   236606 bbe00d0707c279a16eca35258dd8f13a\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb\n      Size/MD5:   205598 76afcd4085fa6f39055a5a3f1ef34a43\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb\n      Size/MD5:   206372 5c67270e0a19d1558cf17cb21a114833\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb\n      Size/MD5:   143838 28e9c3811feeac70b846279e82c23430\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb\n      Size/MD5:   765398 92c5b054b80b6258a1c4caac8248a40a\n\nUpdated packages for Ubuntu 8.10:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz\n      Size/MD5:   137715 0e8a6128ff37a1c064d4ce881b5d3df9\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc\n      Size/MD5:     1788 5e3c3d53b68ea3053bcca3a5e19f5911\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz\n      Size/MD5:  6396996 80d3754fc278338033296f0d41ef2c04\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb\n      Size/MD5:  2041786 cd1e98fb2064bad51f7845f203a07d79\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb\n      Size/MD5:  6538578 32e07db65f1e7b3002aedc3afce1748c\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb\n      Size/MD5:    45474 0f1b4fb499af61a596241bd4f0f4d35d\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:   254968 f2004f847cc5cbc730599352ad1f7dc6\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:   249196 fb001fc4f192e9b8ae1bb7161925413c\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:   254360 419b942bad4cf4d959afcfa3ce4314e2\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:   208524 0d87bf6acbf1ab5dc48c68debe7c0d26\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:    84490 2a4df4b619debe549f48ac3e9e764305\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:    82838 215665711684d5b5dd04cdfa23d36462\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:   209550 496d387e315370c0cd83489db663a356\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:   147762 48061b9015c78b39b7afd834f4c81ae0\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:   820242 3497441009bc9db76a87fd2447ba433c\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:   241376 488812d1a311fd67dafd5b18b6813920\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:   236082 9256681808703f40e822c81b53f4ce3e\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:   240668 2b6b7c11a88ed5a280f603305bee880e\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:   208532 e0eccceba6cae5fb12f431ff0283a23e\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:    83922 ea5f69f36e344e493cce5d9c0bc69c46\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:    82320 0d9b2f9afff4b9efe924b59e9bb039ea\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:   209554 f4e53148ae30d5c4f060d455e4f11f95\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:   146596 5ed6a4af9378bacfb7d4a034d9923915\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:   778564 ffd7752394933004094c13b00113b263\n\n  lpia architecture (Low Power Intel Architecture):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:   238358 4955c7d577496ea4f3573345fad028a4\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:   232964 76aecf38baba17a8a968329b818ec74a\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:   237626 83f32bd08e2e206bbdb9f92cfb1a37e5\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:   208528 6672fb116e108687669c89197732fbb0\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:    83870 b8f875f197017aec0fe8203c203065d7\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:    82296 d6724391ed540b351e2b660ba98af1ca\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:   209550 263b43fb11c6d954d5a4bf7839e720a4\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:   146282 a225b8d0f48e141eea28b2369d4595c0\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:   766494 454c737e191429c43ad3f28c9e0294a0\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:   261510 d3e1155682726cc28859156e647d97b3\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:   256082 e49d894a6e9ab612a3cbd2f189ca3d8d\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:   260850 bc3cd7677cd630ac00424e73a3a6b343\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:   208542 ae1cc6b1323832528ad8f0e7130ec87d\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:    84558 68452b686e89320007e9c5367ce36345\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:    82908 2b8c5fc4bdec1017735dc16eba41d0a6\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:   209562 a8da7487e3dcd1bdff008956728b8dd3\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:   161030 a5ffe07d5e3050c8a54c4fccd3732263\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:   926240 8282583e86e84bd256959540f39a515d\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:   246720 e54b4b9b354001a910ec9027dc90b0d2\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:   241280 1eea25472875056e34cd2c3283c60171\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:   246024 5709e7421814ecfb83fff5804d429971\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:   208528 25cdfd0177da7e5484d3d44f93257863\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:    84096 3ffbacffcc23ffc640a2ce05d35437bf\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:    82470 17d1ca84f9455c492013f4f754a1d365\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:   209546 696ef3652703523aea6208a4e51e48f1\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:   150932 44c89e0249c85eed09b6f3a6a23db59d\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:   783902 773a80d7a85a452016da3b10b1f3ae43\n\nUpdated packages for Ubuntu 9.04:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz\n      Size/MD5:   141023 50d6737005a6d4fe601e223a39293f99\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc\n      Size/MD5:     1795 59720f4d7ad291c986d92ec120750c3d\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz\n      Size/MD5:  6806786 03e0a99a5de0f3f568a0087fb9993af9\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb\n      Size/MD5:  2219326 d29c903489b894ddf88b23a0fec23e5c\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb\n      Size/MD5:    46636 ee03585b00f277ed98c0de07a683317a\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb\n      Size/MD5:  6948222 a3505a83c13cf36c86248079127dd84d\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:   259028 5e9bddefad4c58c3ef9fd15d7a06988d\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:   253218 ee1bfbb759ffade3a52a6782e2f4b66d\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:   258414 8ef063026de9790bac1965427ce1b584\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:   213294 09701d434bd102e4205e551b4525afd1\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:   214258 e98de48ea01e1132c5f1248a9a018745\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:   151140 2f7c7f14b843b2c24de8c67356406449\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:   826834 28abdf1c7be886e9be2825d351abaec7\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:    87818 670c62615e107920c45893b3377ab2a0\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:    86094 5a7c68fd37066287b4819cba4cfed1f2\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:   245538 952540b7679ebc8d3ffc953f32d3be0f\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:   240048 08a7fd4888ffd9188890e57c613c4be7\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:   244914 955bb5121da808d44aa994386d90723f\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:   213308 dd16143608ff8c41cb2d5cd27212a57e\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:   214280 1e1f5d6feef40413f823a19126a018e3\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:   150046 0769d86d26282d1d31615050ae5b8915\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:   784198 8760e9c37147d0472dbbfe941c058829\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:    87182 21980cb1035d05f69b857870bbcbc085\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:    85572 6a1b8a5e4cb19e815e88335757b06cf3\n\n  lpia architecture (Low Power Intel Architecture):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:   242386 859ad63822b7e82c81cd6dcaca088c4a\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:   236924 200538ce94218c9d8af8532636bfd40a\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:   241822 3a3183ea4ee77d2677919d3b698f92a1\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:   213286 bf81273b1db0a4a621085171c2b2b421\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:   214264 ed278dab71289d2baae2ea409382fbf8\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:   149758 75f6e2d7bd1cdfe5b1806062c3c859df\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:   773424 c7cdc26051bd9443ae25b73776537fb5\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:    87132 32e7ea89c96a0afce7ce1da457d947fb\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:    85550 1d9b5963aa6ea5c01492ec417ab8510a\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:   265476 5d03fe6b2da8de98c876941ff78b066f\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:   260478 3e3aeaaf496cc86c62a831c59994c1f2\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:   265154 5eae30e7a33c09b37483f3aab595d0e9\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:   213314 879534ebabbb8be86b606e1800dc9cf8\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:   214286 922033231a6aa67ecca1c400d47f09c1\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:   164444 74faf68f0baeffcd011155ca9b201039\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:   932416 2911758e4ad1b3b401369621301ea76f\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:    87876 1d45c033ec5498c092f30188cf1d481e\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:    86154 52c1d8806d52fef6f43ab53662953953\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:   250786 4e8e98dcba5543394ed5f07d141ce408\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:   245094 a82bf04fc92b8c275b0c0f25cc81ff91\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:   250110 092cf734813ae1d127d7b4f498f936c1\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:   213312 98d7062a6bdb58637f7e850b76bfbc80\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:   214286 a378e2e0418631cec0f398379a446172\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:   154284 ce8b7bbccd359675b70426df15becfed\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:   789298 11f088b18425b97367d5bc141da2ef2f\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:    87384 477b6594866c8c73a8a3603e7e646c68\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:    85686 5562ea5a0e6f01ba12adda3afb65c1b0\n\nUpdated packages for Ubuntu 9.10:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz\n      Size/MD5:   185244 1ef59f9642bd9efa35e0808ea804cd0b\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc\n      Size/MD5:     1888 d3bfdecefdd8b1adec8ab35dcf85d2b3\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz\n      Size/MD5:  6678149 17f017b571f88aa60abebfe2945d7caf\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb\n      Size/MD5:  2246560 be12bcc117bf165ffd3401486186762e\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb\n      Size/MD5:     2336 009d381342b0be5280835a46c91f01d9\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb\n      Size/MD5:     2374 7545a3750acea08e95bee86f6a3247e2\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb\n      Size/MD5:     2314 17719223d92d46821098ce178b5947d6\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb\n      Size/MD5:   284782 4321e3201d8e8d1a9e3c6fbe6864102b\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb\n      Size/MD5:     1424 7b4d96008368549d5600a8c1f64a7559\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb\n      Size/MD5:     2366 46add3d428c97fa69a8848a3e4025bb0\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb\n      Size/MD5:   137080 91e4f72d0f1f0abe91555e1497558fc2\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb\n      Size/MD5:   138176 5fd6a5ed536306528f9f2c1a0281ad70\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb\n      Size/MD5:   156646 cfa55666363303b3f44a24fa2929bf01\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb\n      Size/MD5:  1399630 82b36d57faa29a646e72a1125600c11c\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb\n      Size/MD5:    92488 ddebef9d1a537520380f85b63c512bef\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb\n      Size/MD5:    90880 c6d163edf145da8ff6d102dc0dd1f8d7\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb\n      Size/MD5:   137102 69dcd0519ca612e02102f52dcb50bf7f\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb\n      Size/MD5:   138200 17221b53903d664823a55faa1ec4d9a9\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb\n      Size/MD5:   155166 4347806710edff47fc051b4a68d5b448\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb\n      Size/MD5:  1309136 d9a7df212b315fc6f77fc87fa8eb4a04\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb\n      Size/MD5:    91876 289bf732dd4750a2ce61ab121b04b079\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb\n      Size/MD5:    90316 add7f446f6b524343c0066a486dd299a\n\n  lpia architecture (Low Power Intel Architecture):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb\n      Size/MD5:   137088 571e9f0370b5687acff25f71c4efe33e\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb\n      Size/MD5:   138192 816a6e033f02114553bbb3627b9c6f9c\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb\n      Size/MD5:   155090 af8272dc794250c30cd2f66b82486dc2\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb\n      Size/MD5:  1290606 4c51de07f5a6fe9612de45369e6f35a5\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb\n      Size/MD5:    91830 06866386df811127f4fd71d6fb2a9e2a\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb\n      Size/MD5:    90312 9e68bd8111503135a4eae7265b0084ae\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb\n      Size/MD5:   137096 61b24dbeb12d7998e5d7014c26410a99\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb\n      Size/MD5:   138202 599898ff374bde8bfa388e2615064c5a\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb\n      Size/MD5:   161058 fea8f5b9a80bef9c4cb3405bc37160af\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb\n      Size/MD5:  1390150 fb1a244728a509586b77d02930fcf10f\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb\n      Size/MD5:    92400 572c3b0aa5ab717e8c4e4e8248aff1ff\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb\n      Size/MD5:    90774 82011ebc757d31e690698cf9913e3adc\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb\n      Size/MD5:   137098 7f566dfade1678c72eac7dd923ab5987\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb\n      Size/MD5:   138202 09fbc3145d768cf1f204d47b50e21528\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb\n      Size/MD5:   159488 7cb6c81588adaee162b8c85a1f69e7a7\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb\n      Size/MD5:  1297936 106b0b71f5e928c1d543973b5b1f015b\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb\n      Size/MD5:    92166 28899fe31226880dfa961d8b05e8fa43\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb\n      Size/MD5:    90554 f207de0099ed259e2af736e8c82f91c2\n\n\n. USN-990-1\nintroduced the new RFC5746 renegotiation extension in openssl, and\ncompletely resolves the issue. \n\nAfter updating openssl, an Apache server will allow both patched and\nunpatched web browsers to connect, but unpatched browsers will not be able\nto renegotiate. This update introduces the new SSLInsecureRenegotiation\ndirective for Apache that may be used to re-enable insecure renegotiations\nwith unpatched web browsers. This update adds backported support\n for the new RFC5746 renegotiation extension and will use it when both the\n client and the server support it. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2009:323\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : apache\n Date    : December 7, 2009\n Affected: 2008.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been found and corrected in apache:\n \n Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c\n in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to\n cause a denial of service (memory consumption) via multiple calls, as\n demonstrated by initial SSL client handshakes to the Apache HTTP Server\n mod_ssl that specify a compression algorithm (CVE-2008-1678). Note\n that this security issue does not really apply as zlib compression\n is not enabled in the openssl build provided by Mandriva, but apache\n is patched to address this issue anyway (conserns 2008.1 only). \n \n Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the\n mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c\n in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,\n allows remote attackers to inject arbitrary web script or HTML via\n wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this\n security issue was initially addressed with MDVSA-2008:195 but the\n patch fixing the issue was added but not applied in 2009.0. \n \n The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not\n properly handle Options=IncludesNOEXEC in the AllowOverride directive,\n which allows local users to gain privileges by configuring (1) Options\n Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a\n .htaccess file, and then inserting an exec element in a .shtml file\n (CVE-2009-1195). \n \n The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy\n module in the Apache HTTP Server before 2.3.3, when a reverse proxy\n is configured, does not properly handle an amount of streamed data\n that exceeds the Content-Length value, which allows remote attackers\n to cause a denial of service (CPU consumption) via crafted requests\n (CVE-2009-1890). \n \n Fix a potential Denial-of-Service attack against mod_deflate or other\n modules, by forcing the server to consume CPU time in compressing a\n large file after a client disconnects (CVE-2009-1891). \n \n The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in\n the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13\n allows remote FTP servers to cause a denial of service (NULL pointer\n dereference and child process crash) via a malformed reply to an EPSV\n command (CVE-2009-3094). \n \n The mod_proxy_ftp module in the Apache HTTP Server allows remote\n attackers to bypass intended access restrictions and send arbitrary\n commands to an FTP server via vectors related to the embedding of these\n commands in the Authorization HTTP header, as demonstrated by a certain\n module in VulnDisco Pack Professional 8.11.  NOTE: as of 20090903,\n this disclosure has no actionable information. However, because the\n VulnDisco Pack author is a reliable researcher, the issue is being\n assigned a CVE identifier for tracking purposes (CVE-2009-3095). \n \n Apache is affected by SSL injection or man-in-the-middle attacks\n due to a design flaw in the SSL and/or TLS protocols. A short term\n solution was released Sat Nov 07 2009 by the ASF team to mitigate\n these problems. Apache will now reject in-session renegotiation\n (CVE-2009-3555). \n \n Packages for 2008.0 are being provided due to extended support for\n Corporate products. \n \n This update provides a solution to these vulnerabilities. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n dd2bebdd6726d2d865331d37068a90b7  2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm\n 6de9d36a91b125cc03bafe911b7a38a2  2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm\n ab7963efad1b7951c94a24075a2070e7  2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm\n 42a53b597d5547fb88b7427cacd617a1  2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm\n 1dff9d313e93c94e907d8c72348ed2e0  2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm\n b575ede2978ad47e41d355bd8b192725  2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm\n 8ff3dee24d2d2d9a8d13e567cf1eaced  2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm\n 7bae541dfec14b21700878514750de83  2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm\n 19cab766a26ce53bd7e7973ed92f0db4  2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm\n a1336e4ab4f282c388d7565bde4557fd  2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm\n 6b2f2eb949977349390fa3b06cf257e7  2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm\n 3640bbef5262ec0407126e31dd5ddde3  2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm\n 98793747365606baabc08f22e36a0a04  2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm\n d7fe4d88f25d2a01b0809ab5292b0999  2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm\n 4c9f48adbd0b1d45a874f06b9275ebe3  2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm\n e5a1d9476316ccc9f183cb1ae5bbcf31  2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm\n 44f7810695a40519c68930695829f124  2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm\n d6f666e9954422664d1f029fc147b591  2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm\n 75e205ddbc9313b8d02519e57919923a  2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm\n 6d68e8fa7baccc2ad090c703fb33458e  2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm\n 331f18ce48403472fc7f8af6d5daee8e  2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm\n c75e69bcabc104938cb9033e591d1de8  2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm \n 23fcdf29e21b0146fb5646baca2fa63b  2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 3d4afe3f8da8369d80b6c195e132c5c0  2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm\n 37034ee7c7eb813de2a00a6945a10248  2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm\n ba296f9aa229a616a2c406d1a16912c3  2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm\n 77fa75d36e7a4bbe154c846e3271e7a3  2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm\n ca29e2db08b29e319f2392b46ea4c3fe  2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n 3fbf5a0276adaa2d887a92482d81313f  2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm\n 9c66e471c2d2d3e43462302d0cc6f1c9  2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm\n 05020102a26a28b96319b23e3b6e43d6  2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm\n 7191542417b30ed77334f1b8366628aa  2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n f4177dbdcfd2e3dc8e66be731ad731c4  2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n fea417664f0a2689fa12308bd80c2fe4  2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm\n 9cf956fa426e6bdf6497337b6e26a2ab  2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n 0d9d04ca878bb3f19f4764152da42d82  2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm\n dbbcd75dd83779f54f98fa3e16b59f13  2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm\n dce8db6742ba28a71e18b86bb38688c8  2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm\n 2ff69d6e9c2cd3250f6746d4a7d921fd  2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm\n f298827d4dfa631a77907f7f5733fa29  2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm\n 6f02fb080e308ca0826fdb1ef00a1489  2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm\n b886d30d73c60a515b3ed36d7f186378  2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm\n 62d7754a5aa7af596cc06cd540d4025f  2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm\n d3438e0967978e580be896bd85f1d953  2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm\n e72af335ec7c3c02b5a494fbd6e99e0e  2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm \n 23fcdf29e21b0146fb5646baca2fa63b  2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu\nMUj4lK2Wsb+qzbv2V+Ih30U=\n=VdZS\n-----END PGP SIGNATURE-----\n. \n \n Additionally the NSPR package has been upgraded to 4.8.4 that brings\n numerous upstream fixes. \n \n This update provides the latest versions of NSS and NSPR libraries\n and for which NSS is not vulnerable to this attack. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAruba Networks Security Advisory\n\nTitle: TLS Protocol Session Renegotiation Security Vulnerability\n\nAruba Advisory ID: AID-020810\nRevision: 1.0\n\nFor Public Release on 02/08/2010\n\n+----------------------------------------------------\n\nSUMMARY\n\nThis advisory addresses the renegotiation related vulnerability\ndisclosed recently in Transport Layer Security protocol [1][2]. \n\nThe only ArubaOS component that seems affected by this issue is the\nHTTPS WebUI administration interface. If a client browser (victim) is\nconfigured to authenticate to the WebUI over HTTPS using a client\ncertificate, an attacker can potentially use the victim\u0027s credentials\ntemporarily to execute arbitrary HTTP request for each initiation of an\nHTTPS session from the victim to the WebUI. This would happen without\nany HTTPS/TLS warnings to the victim. This condition can essentially be\nexploited by an attacker for command injection in beginning of a HTTPS\nsession between the victim and the ArubaOS WebUI. \n\nArubaOS itself does not initiate TLS renegotiation at any point and\nhence is only vulnerable to scenario where a client explicitly requests\nTLS renegotiation. Captive Portal users do not seem vulnerable to this\nissue unless  somehow client certificates are being used to authenticate\ncaptive portal users. \n\nAFFECTED ArubaOS VERSIONS\n\n   2.5.6.x, 3.3.2.x, 3.3.3.x, 3.4.0.x, 3.4.1.x, RN 3.1.x, 3.3.2.x-FIPS,\n2.4.8.x-FIPS\n\n\nCHECK IF YOU ARE VULNERABLE\n\nThe only ArubaOS component that seems affected by this issue is the\nHTTPS WebUI administration interface. ArubaOS is vulnerable only if its\nconfiguration permits WebUI administration interface clients to connect\nusing either username/password or client certificates. If only one of\nthe two authentication method is allowed, this issue does not seem to apply. \n\nCheck if the following line appears in your configuration:\n\t\n\tweb-server mgmt-auth username/password certificate\n\nIf the exact line does not appear in the configuration, this issue does\nnot apply. \n\t\n\nDETAILS\n\nAn industry wide vulnerability was discovered in TLS protocol\u0027s\nrenegotiation feature, which allows a client and server who already have\na TLS connection to negotiate new session parameters and generate new\nkey material.  Renegotiation is carried out in the existing TLS\nconnection. However there is no cryptographic binding between the\nrenegotiated TLS session and the original TLS session. An attacker who\nhas established MITM between client and server may be able to take\nadvantage of this and inject arbitrary data into the beginning of the\napplication protocol stream protected by TLS. Specifically arbitrary\nHTTP requests can be injected in a HTTPS session where attacker (MITM)\nblocks HTTPS session initiation between client and server, establishes\nHTTPS session with the server itself, injects HTTP data and initiates\nTLS renegotiation with the server. Then attacker allows the\nrenegotiation to occur between the client and the server. After\nsuccessful HTTPS session establishment with the server, now the client\nsends its HTTP request along with its HTTP credentials (cookie) to the\nserver. However due to format of attacker\u0027s injected HTTP data, the\nclient\u0027s HTTP request is not processed, rather the attacker\u0027s HTTP\nrequest gets executed with credentials of the client. The attacker is\nnot able to view the results of the injected HTTP request due to the\nfact that data between the client and the server is encrypted over\nHTTPS. \n\nArubaOS itself does not initiate TLS renegotiation at any point. The only ArubaOS component that seems affected\nby this issue is the HTTPS WebUI administration interface. \n\nPre-requisites for this attack :\n 1. The attacker must be able to establish a MITM between the client and\nthe server (ArubaOS WebUI). \n 2. The attacker must be able to establish a successful HTTPS session\nwith the server (ArubaOS WebUI)\n 3. ArubaOS must be configured to allow certificate based HTTPS\nauthentication for WebUI clients (client certs). \n\nCaptive Portal users do not seem vulnerable to this issue unless somehow\nclient certificates are being used to authenticate captive portal users. \n\nCVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n\nWORKAROUNDS\n\nAruba Networks recommends that all customers apply the appropriate\npatch(es) as soon as practical. However, in the event that a patch\ncannot immediately be applied, the following steps will help to mitigate\nthe risk:\n\n- - - Disable certificate based HTTPS authentication (and only allow\nusername-password based authentication) for WebUI clients. Client\u0027s\nusername-password authentication POST request will prohibit attacker\u0027s\ninjected HTTP data from executing with client\u0027s cookie. \n     CLI command: web-server mgmt-auth username/password\n\n- - - Permit certificate based HTTPS authentication ONLY and disable\nusername-password based authentication to WebUI. This will prohibit\nattacker from establishing a HTTPS session with ArubaOS (for MITM)\nwithout a valid client cert. \n\t CLI command: web-server mgmt-auth certificate\n\t\n\tNote: This step won\u0027t stop command injection from attackers who have\nvalid client certificates but their assigned management role privileges\nare lower than that of the admin. This attack may allow them to run\ncommands at higher privilege than what is permitted in their role. \n\n- - - Do not expose the Mobility Controller administrative interface to\nuntrusted networks such as the Internet. \n\n\n\nSOLUTION\n\nAruba Networks recommends that all customers apply the appropriate\npatch(es) as soon as practical. \n\nThe following patches have the fix (any newer patch will also have the fix):\n\n- - - - 2.5.6.24\n- - - - 3.3.2.23\n- - - - 3.3.3.2\n- - - - 3.4.0.7\n- - - - 3.4.1.1\n- - - - RN 3.1.4\n\nPlease contact Aruba support for obtaining patched FIPS releases. \n\nPlease note: We highly recommend that you upgrade your Mobility\nController to the latest available patch on the Aruba support site\ncorresponding to your currently installed release. \n\n\nREFERENCES\n\n[1] http://extendedsubset.com/?p=8\n\n[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n\n\n\n\n+----------------------------------------------------\n\nOBTAINING FIXED FIRMWARE\n\nAruba customers can obtain the firmware on the support website:\n\thttp://www.arubanetworks.com/support. \n\nAruba Support contacts are as follows:\n\n\t1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)\n\n\t+1-408-754-1200 (toll call from anywhere in the world)\n\n\te-mail: support(at)arubanetworks.com\n\nPlease, do not contact either \"wsirt(at)arubanetworks.com\" or\n\"security(at)arubanetworks.com\" for software upgrades. \n\n\nEXPLOITATION AND PUBLIC ANNOUNCEMENTS\n\nThis vulnerability will be announced at\n\nAruba W.S.I.R.T. Advisory:\nhttp://www.arubanetworks.com/support/alerts/aid-020810.txt\n\nSecurityFocus Bugtraq\nhttp://www.securityfocus.com/archive/1\n\n\nSTATUS OF THIS NOTICE: Final\n\nAlthough Aruba Networks cannot guarantee the accuracy of all statements\nin this advisory, all of the facts have been checked to the best of our\nability. Aruba Networks does not anticipate issuing updated versions of\nthis advisory unless there is some material change in the facts. Should\nthere be a significant change in the facts, Aruba Networks may update\nthis advisory. \n\nA stand-alone copy or paraphrase of the text of this security advisory\nthat omits the distribution URL in the following section is an uncontrolled\ncopy, and may lack important information or contain factual errors. \n\n\nDISTRIBUTION OF THIS ANNOUNCEMENT\n\nThis advisory will be posted on Aruba\u0027s website at:\nhttp://www.arubanetworks.com/support/alerts/aid-020810.txt\n\n\nFuture updates of this advisory, if any, will be placed on Aruba\u0027s worldwide\nwebsite, but may or may not be actively announced on mailing lists or\nnewsgroups. Users concerned about this problem are encouraged to check the\nabove URL for any updates. \n\n\nREVISION HISTORY\n\n      Revision 1.0 / 02-08-2010 / Initial release\n\n\nARUBA WSIRT SECURITY PROCEDURES\n\nComplete information on reporting security vulnerabilities in Aruba Networks\nproducts, obtaining assistance with security incidents is available at\n      http://www.arubanetworks.com/support/wsirt.php\n\n\nFor reporting *NEW* Aruba Networks security issues, email can be sent to\nwsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive\ninformation we encourage the use of PGP encryption. Our public keys can be\nfound at\n\thttp://www.arubanetworks.com/support/wsirt.php\n\n\n      (c) Copyright 2010 by Aruba Networks, Inc. \nThis advisory may be redistributed freely after the release date given at\nthe top of the text, provided that redistributed copies are complete and\nunmodified, including all date and version information. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.14 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n\niEYEARECAAYFAktwksYACgkQp6KijA4qefXErQCeKJW3YU3Nl7JY4+2Hp2zqM3bN\nbWAAoJWQT+yeWX2q+02hNEwHWQtGf1YP\n=CrHf\n-----END PGP SIGNATURE-----\n. Transport Layer Security (TLS) is a protocol for ensuring the privacy of communication applications and their users over the Internet. Service (DoS)\n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01963123\nVersion: 1\n\nHPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of\n\nService (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-12-21\nLast Updated: 2009-12-21\n\nPotential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running Apache v2.0.59.12 and earlier. The\n\nvulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS). \n\nReferences: CVE-2009-3555\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.12 and previous. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2009-3555    (AV:N/AC:L/Au:N/C:N/I:P/A:P)       6.4\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following temporary software updates to resolve the vulnerability. \n\nNOTE: The vulnerability is resolved in OpenSSL 0.9.8l. HP-UX Apache v2.0.59.X versions use statically linked\n\nlibraries. HP-UX Apache v2.0.59.13 is compiled with OpenSSL 0.9.8l. Other versions of HP-UX Apache require the\n\nHP-UX OpenSSL packages recommended in HPSBUX02482 SSRT090249, available here\n\nhttp://www.itrc.hp.com/service/cki/secBullArchive.do\n\nTo review previously published Security Bulletins visit http://www.itrc.hp.com/service/cki/secBullArchive.do\n\nThe depots are available are available using ftp. \nHost / Account / Password\n\nftp.usa.hp.com / sb02498 / Secure12\n\nHP-UX Release / Temporary Depot name / SHA-1 Sum\n\nB.11.11 (IPv4 and IPv6) / Apache 2.0.59.13 PA-64-32-1111.depot /\n 3B6BE547403C28926482192408D5D5AB603A403D\n\nB.11.23 PA-32 / Apache 2.0.59.13 IA-PA-32-1123.depot /\n 4809BAF0F83F78F60B7EC73FAF584D221B1CB4A7\n\nB.11.23 IA-64 / Apache 2.0.59.13 IA-PA-64-1123.depot /\n 1D65F7D49883399F4D202E16754CF7DAE71E3B47\n\nB.11.31 PA-32 / Apache 2.0.59.13 IA-PA-32-1131.depot /\n 943E21D4621B480B5E8E651ACB605B8F7EA47304\n\nB.11.31 IA-64 / Apache 2.0.59.13 IA-PA-64-1131.depot /\n B8836FDB73434A3C26FB411E3F7CB3211129E5AC\n\nMANUAL ACTIONS: Yes\nInstall Apache v2.0.59.13 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security\n\nPatch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a\n\nspecific HP-UX system. It can also download patches and create a depot automatically. For more information\n\nsee: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nFor Apache IPv4 and IPv6\nHP-UX B.11.11\n=============\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.13 or subsequent\n\nHP-UX B.11.23\n=============\nhpuxwsAPCH32.APACHE\nhpuxwsAPCH32.APACHE2\nhpuxwsAPCH32.AUTH_LDAP\nhpuxwsAPCH32.AUTH_LDAP2\nhpuxwsAPCH32.MOD_JK\nhpuxwsAPCH32.MOD_JK2\nhpuxwsAPCH32.MOD_PERL\nhpuxwsAPCH32.MOD_PERL2\nhpuxwsAPCH32.PHP\nhpuxwsAPCH32.PHP2\nhpuxwsAPCH32.WEBPROXY\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.13 or subsequent\n\nHP-UX B.11.31\n=============\nhpuxwsAPCH32.APACHE\nhpuxwsAPCH32.APACHE2\nhpuxwsAPCH32.AUTH_LDAP\nhpuxwsAPCH32.AUTH_LDAP2\nhpuxwsAPCH32.MOD_JK\nhpuxwsAPCH32.MOD_JK2\nhpuxwsAPCH32.MOD_PERL\nhpuxwsAPCH32.MOD_PERL2\nhpuxwsAPCH32.PHP\nhpuxwsAPCH32.PHP2\nhpuxwsAPCH32.WEBPROXY\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.13 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 21 December 2009 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n    -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n    -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\nReferences: CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740. \nThe upgrades are available from the following location. \n\nFor Debian 7 (wheezy) this update adds a missing part to make it\nactually possible to disable client-initiated renegotiation and\ndisables it by default (CVE-2009-3555). TLS compression is disabled\n(CVE-2012-4929), although this is normally already disabled by the OpenSSL\nsystem library. Finally it adds the ability to disable the SSLv3 protocol\n(CVE-2014-3566) entirely via the new \"DisableSSLv3\" configuration\ndirective, although it will not disabled by default in this update. \n\nFor Debian 8 (jessie) these issues have been fixed prior to the release,\nwith the exception of client-initiated renegotiation (CVE-2009-3555). \nThis update addresses that issue for jessie. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 2.6-2+deb7u1. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.6-6+deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6-6.1. \n\nWe recommend that you upgrade your pound packages. ----------------------------------------------------------------------\n\n\nSecunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management\n\nFree webinars\n\nhttp://secunia.com/vulnerability_scanning/corporate/webinars/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nOpenOffice.org Data Manipulation and Code Execution Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA40070\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40070/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40070\n\nRELEASE DATE:\n2010-06-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40070/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40070/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40070\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in OpenOffice.org, which can\nbe exploited by malicious people to manipulate certain data or\ncompromise a user\u0027s system. \n\n1) An error in the TLS protocol while handling session\nre-negotiations in included libraries can be exploited to manipulate\nsession data. \n\nFor more information see vulnerability #1 in:\nSA37291\n\n2) An error when exploring python code through the scripting IDE can\nbe exploited to potentially execute arbitrary code. \n\nThe vulnerabilities are reported in versions prior to 3.2.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.openoffice.org/security/cves/CVE-2009-3555.html\nhttp://www.openoffice.org/security/cves/CVE-2010-0395.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This could force the server to\n process an attacker\u0026#039;s request as if authenticated using the victim\u0026#039;s\n credentials. \n \n The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28,\n and 3.1.x before 3.1.7 does not properly consider timing side-channel\n attacks on a noncompliant MAC check operation during the processing\n of malformed CBC padding, which allows remote attackers to conduct\n distinguishing attacks and plaintext-recovery attacks via statistical\n analysis of timing data for crafted packets, a related issue to\n CVE-2013-0169 (CVE-2013-1619). \n \n The updated packages have been patched to correct these issues. \nHP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier.  For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Due\nto a bug in lighttpd, the server fails to start in some configurations\nif using the updated openssl libraries. \n\nThe packages for the hppa, mips, and mipsel architectures are not yet\navailable. They will be released as soon as they have been built",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-3555"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "db": "CERT/CC",
        "id": "VU#120541"
      },
      {
        "db": "PACKETSTORM",
        "id": "100765"
      },
      {
        "db": "PACKETSTORM",
        "id": "82799"
      },
      {
        "db": "PACKETSTORM",
        "id": "94088"
      },
      {
        "db": "PACKETSTORM",
        "id": "83521"
      },
      {
        "db": "PACKETSTORM",
        "id": "88167"
      },
      {
        "db": "PACKETSTORM",
        "id": "86075"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41001"
      },
      {
        "db": "PACKETSTORM",
        "id": "84183"
      },
      {
        "db": "PACKETSTORM",
        "id": "88387"
      },
      {
        "db": "PACKETSTORM",
        "id": "131826"
      },
      {
        "db": "PACKETSTORM",
        "id": "90344"
      },
      {
        "db": "PACKETSTORM",
        "id": "84181"
      },
      {
        "db": "PACKETSTORM",
        "id": "120714"
      },
      {
        "db": "PACKETSTORM",
        "id": "89667"
      },
      {
        "db": "PACKETSTORM",
        "id": "111920"
      },
      {
        "db": "PACKETSTORM",
        "id": "97489"
      }
    ],
    "trust": 3.78
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-41001",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41001"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-3555",
        "trust": 4.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#120541",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "40070",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "38781",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42377",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37501",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39632",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37604",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "41972",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "43308",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "38241",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37859",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "41818",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39292",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42816",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42379",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39317",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "38020",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42467",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37320",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37640",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37656",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37383",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42724",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "38003",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "44183",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42733",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "38484",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "40545",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "40866",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39242",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "38056",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39278",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39243",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42808",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37675",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39127",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39461",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39819",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37453",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "40747",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "41490",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39628",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "44954",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39500",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "48577",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42811",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37291",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "41480",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37292",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37399",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39713",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "38687",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37504",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39136",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "41967",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023217",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023273",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023274",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023206",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023272",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023427",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023218",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023163",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023214",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023211",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023219",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023216",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1024789",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023148",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023213",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023271",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023243",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023209",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023215",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023208",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023411",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023204",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023224",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023210",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023207",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023426",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023428",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023205",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023275",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023270",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023212",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-2745",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3353",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3069",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0086",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3354",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3484",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1793",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3310",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0982",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0033",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3220",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-2010",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1639",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1107",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3126",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0916",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3164",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0032",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0086",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3313",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0748",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1350",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3521",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0994",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3086",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1191",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0173",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3587",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0933",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3205",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1054",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0848",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1673",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3165",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2009/11/05/3",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2009/11/07/3",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2009/11/23/10",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2009/11/05/5",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2009/11/20/1",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2009/11/06/3",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "65202",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "62210",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "60521",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "60972",
        "trust": 1.1
      },
      {
        "db": "HITACHI",
        "id": "HS10-030",
        "trust": 1.1
      },
      {
        "db": "USCERT",
        "id": "TA10-222A",
        "trust": 1.1
      },
      {
        "db": "USCERT",
        "id": "TA10-287A",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "36935",
        "trust": 1.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-160-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95298925",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002319",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "88167",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "120714",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "97489",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "131826",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "94088",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "89667",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "84183",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "86075",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "84181",
        "trust": 0.2
      },
      {
        "db": "EXPLOIT-DB",
        "id": "10071",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "10579",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "82657",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "82770",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130868",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "83271",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "90262",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88173",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "91309",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "120365",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "106155",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "83415",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "111273",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "83414",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "92095",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124088",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "82652",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "94087",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "95279",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137201",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "102374",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "106156",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "89136",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "92497",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88621",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88698",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "84112",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "90286",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127267",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "114810",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88224",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "123380",
        "trust": 0.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-069",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-67231",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-41001",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "44292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "100765",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "82799",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "83521",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88387",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "90344",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "111920",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#120541"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41001"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "db": "PACKETSTORM",
        "id": "100765"
      },
      {
        "db": "PACKETSTORM",
        "id": "82799"
      },
      {
        "db": "PACKETSTORM",
        "id": "94088"
      },
      {
        "db": "PACKETSTORM",
        "id": "83521"
      },
      {
        "db": "PACKETSTORM",
        "id": "88167"
      },
      {
        "db": "PACKETSTORM",
        "id": "86075"
      },
      {
        "db": "PACKETSTORM",
        "id": "97489"
      },
      {
        "db": "PACKETSTORM",
        "id": "84183"
      },
      {
        "db": "PACKETSTORM",
        "id": "88387"
      },
      {
        "db": "PACKETSTORM",
        "id": "131826"
      },
      {
        "db": "PACKETSTORM",
        "id": "90344"
      },
      {
        "db": "PACKETSTORM",
        "id": "84181"
      },
      {
        "db": "PACKETSTORM",
        "id": "120714"
      },
      {
        "db": "PACKETSTORM",
        "id": "89667"
      },
      {
        "db": "PACKETSTORM",
        "id": "111920"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "id": "VAR-200911-0398",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41001"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:54:40.707000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HS11-006 Software product security information",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-295",
        "trust": 1.1
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [IPA evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-310",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41001"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://extendedsubset.com/?p=8"
      },
      {
        "trust": 1.9,
        "url": "http://www.links.org/?p=780"
      },
      {
        "trust": 1.9,
        "url": "http://www.links.org/?p=786"
      },
      {
        "trust": 1.9,
        "url": "http://www.links.org/?p=789"
      },
      {
        "trust": 1.9,
        "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
      },
      {
        "trust": 1.9,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
      },
      {
        "trust": 1.9,
        "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
      },
      {
        "trust": 1.9,
        "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 1.2,
        "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
      },
      {
        "trust": 1.2,
        "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.openoffice.org/security/cves/cve-2009-3555.html"
      },
      {
        "trust": 1.1,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
      },
      {
        "trust": 1.1,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
      },
      {
        "trust": 1.1,
        "url": "http://securitytracker.com/id?1023148"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023163"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023204"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023205"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023206"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023207"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023208"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023209"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023210"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023211"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023212"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023213"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023214"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023215"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023216"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023217"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023218"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023219"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023224"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023243"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023270"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023271"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023272"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023273"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023274"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023275"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023411"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023426"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023427"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023428"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1024789"
      },
      {
        "trust": 1.1,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b01d1d.shtml"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2009/nov/139"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
      },
      {
        "trust": 1.1,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
      },
      {
        "trust": 1.1,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
      },
      {
        "trust": 1.1,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/36935"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37291"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37292"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37320"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37383"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37399"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37453"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37501"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37504"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37604"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37640"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37656"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37675"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37859"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/38003"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/38020"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/38056"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/38241"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/38484"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/38687"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/38781"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39127"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39136"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39242"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39243"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39278"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39292"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39317"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39461"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39500"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39628"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39632"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39713"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39819"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/40070"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/40545"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/40747"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/40866"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/41480"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/41490"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/41818"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/41967"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/41972"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42377"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42379"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42467"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42724"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42733"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42808"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42811"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42816"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/43308"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/44183"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/44954"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/48577"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/60521"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/60972"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/62210"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/65202"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3164"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3165"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3205"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3220"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3310"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3313"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3353"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3354"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3484"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3521"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3587"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/0086"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/0173"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/0748"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/0848"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/0916"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/0933"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/0982"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/0994"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/1054"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/1107"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/1191"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/1350"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/1639"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/1673"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/1793"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/2010"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/2745"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/3069"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/3086"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/3126"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0032"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0033"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0086"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2010/jan/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2010//may/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2010//may/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2009/dsa-1934"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2011/dsa-2141"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3253"
      },
      {
        "trust": 1.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01029.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01020.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00634.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049702.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049528.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049455.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039561.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
      },
      {
        "trust": 1.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02436041"
      },
      {
        "trust": 1.1,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02273751"
      },
      {
        "trust": 1.1,
        "url": "http://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/522176"
      },
      {
        "trust": 1.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01945686"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic67848"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68054"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68055"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:076"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:084"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:089"
      },
      {
        "trust": 1.1,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0119.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0130.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0155.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0165.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0167.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0337.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0338.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0339.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0768.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0770.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0786.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0807.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0865.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0986.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0987.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2011-0880.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta10-222a.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta10-287a.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-1010-1"
      },
      {
        "trust": 1.1,
        "url": "http://ubuntu.com/usn/usn-923-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-927-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-927-4"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-927-5"
      },
      {
        "trust": 1.1,
        "url": "http://www.kb.cert.org/vuls/id/120541"
      },
      {
        "trust": 1.1,
        "url": "http://openbsd.org/errata45.html#010_openssl"
      },
      {
        "trust": 1.1,
        "url": "http://openbsd.org/errata46.html#004_openssl"
      },
      {
        "trust": 1.1,
        "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
      },
      {
        "trust": 1.1,
        "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
      },
      {
        "trust": 1.1,
        "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
      },
      {
        "trust": 1.1,
        "url": "http://clicky.me/tlsvuln"
      },
      {
        "trust": 1.1,
        "url": "http://extendedsubset.com/renegotiating_tls.pdf"
      },
      {
        "trust": 1.1,
        "url": "http://kbase.redhat.com/faq/docs/doc-20491"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4004"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4170"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4171"
      },
      {
        "trust": 1.1,
        "url": "http://support.avaya.com/css/p8/documents/100070150"
      },
      {
        "trust": 1.1,
        "url": "http://support.avaya.com/css/p8/documents/100081611"
      },
      {
        "trust": 1.1,
        "url": "http://support.avaya.com/css/p8/documents/100114315"
      },
      {
        "trust": 1.1,
        "url": "http://support.avaya.com/css/p8/documents/100114327"
      },
      {
        "trust": 1.1,
        "url": "http://support.citrix.com/article/ctx123359"
      },
      {
        "trust": 1.1,
        "url": "http://support.zeus.com/zws/media/docs/4.3/release_notes"
      },
      {
        "trust": 1.1,
        "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
      },
      {
        "trust": 1.1,
        "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
      },
      {
        "trust": 1.1,
        "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
      },
      {
        "trust": 1.1,
        "url": "http://wiki.rpath.com/advisories:rpsa-2009-0155"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
      },
      {
        "trust": 1.1,
        "url": "http://www.betanews.com/article/1257452450"
      },
      {
        "trust": 1.1,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-030/index.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ingate.com/relnote.php?ver=481"
      },
      {
        "trust": 1.1,
        "url": "http://www.openssl.org/news/secadv_20091111.txt"
      },
      {
        "trust": 1.1,
        "url": "http://www.opera.com/docs/changelogs/unix/1060/"
      },
      {
        "trust": 1.1,
        "url": "http://www.opera.com/support/search/view/944/"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.proftpd.org/docs/release_notes-1.3.2c"
      },
      {
        "trust": 1.1,
        "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.tombom.co.uk/blog/?p=85"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/security/advisories/vmsa-2010-0019.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/security/advisories/vmsa-2011-0003.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
      },
      {
        "trust": 1.1,
        "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10088"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11578"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11617"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7315"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7478"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7973"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8366"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8535"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
      },
      {
        "trust": 1.0,
        "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=pm00675\u0026apar=only"
      },
      {
        "trust": 1.0,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa50"
      },
      {
        "trust": 0.8,
        "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html"
      },
      {
        "trust": 0.8,
        "url": "http://cvs.openssl.org/chngview?cn=18790"
      },
      {
        "trust": 0.8,
        "url": "http://www.links.org/files/no-renegotiation-2.patch"
      },
      {
        "trust": 0.8,
        "url": "http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95298925/"
      },
      {
        "trust": 0.8,
        "url": "http://jvndb.jvn.jp/ja/contents/2009/jvndb-2009-002319.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3555"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-160-01"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555"
      },
      {
        "trust": 0.3,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.3,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.3,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.3,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.2,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz"
      },
      {
        "trust": 0.2,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz"
      },
      {
        "trust": 0.2,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz"
      },
      {
        "trust": 0.2,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3094"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.2,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=132077688910227\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=127419602507642\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=134254866602253\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=130497311408250\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=133469267822771\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=126150535619567\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=127128920008563\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=127557596201693\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026amp;q=pm00675\u0026amp;apar=only"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2009\u0026amp;m=slackware-security.597446"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=apache-httpd-announce\u0026amp;m=125755783724966\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=cryptography\u0026amp;m=125752275331877\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "https://kb.bluecoat.com/index?page=content\u0026amp;id=sa50"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/44292/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/research/"
      },
      {
        "trust": 0.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#appendixas"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44292"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/company/jobs/open_positions/reverse_engineer"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/44292/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.7.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.11_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.11_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.18_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.11_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.7.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.7_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.11_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.3.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.11_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.11_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.11_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.18_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.11_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.11_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.11_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.11_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.14-5ubuntu8.2_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.11_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.3_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.3_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.11_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.3.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.11_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.18_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.11_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.11_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.11_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.18_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.7_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.11_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.11_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.11_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.11_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.11_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.7_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.3_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.11_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.3_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.11_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.11_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.3_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.18.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.11_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.11_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.3_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.3_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.11_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.11_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.11_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.18.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.11_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.11_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.11_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.11_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.11_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.11_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.11_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslinsecurerenegotiation"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1195"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1890"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1890"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1678"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2939"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1195"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1191"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1191"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1678"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3094"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.arubanetworks.com/support."
      },
      {
        "trust": 0.1,
        "url": "http://enigmail.mozdev.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.arubanetworks.com/support/wsirt.php"
      },
      {
        "trust": 0.1,
        "url": "http://www.securityfocus.com/archive/1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0740"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0433"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4355"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4929"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "http://www.openoffice.org/security/cves/cve-2010-0395.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40070/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/webinars/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40070/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40070"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.proftpd.org/show_bug.cgi?id=3324"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1619"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1619"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-6a3f2fa832db4ddf9b3398f04c"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-1b189d95582249b58d9ca94c45"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-4311cc1b61fd42a4874b13d714"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java.html"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#120541"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41001"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "db": "PACKETSTORM",
        "id": "100765"
      },
      {
        "db": "PACKETSTORM",
        "id": "82799"
      },
      {
        "db": "PACKETSTORM",
        "id": "94088"
      },
      {
        "db": "PACKETSTORM",
        "id": "83521"
      },
      {
        "db": "PACKETSTORM",
        "id": "88167"
      },
      {
        "db": "PACKETSTORM",
        "id": "86075"
      },
      {
        "db": "PACKETSTORM",
        "id": "97489"
      },
      {
        "db": "PACKETSTORM",
        "id": "84183"
      },
      {
        "db": "PACKETSTORM",
        "id": "88387"
      },
      {
        "db": "PACKETSTORM",
        "id": "131826"
      },
      {
        "db": "PACKETSTORM",
        "id": "90344"
      },
      {
        "db": "PACKETSTORM",
        "id": "84181"
      },
      {
        "db": "PACKETSTORM",
        "id": "120714"
      },
      {
        "db": "PACKETSTORM",
        "id": "89667"
      },
      {
        "db": "PACKETSTORM",
        "id": "111920"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#120541"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41001"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "db": "PACKETSTORM",
        "id": "100765"
      },
      {
        "db": "PACKETSTORM",
        "id": "82799"
      },
      {
        "db": "PACKETSTORM",
        "id": "94088"
      },
      {
        "db": "PACKETSTORM",
        "id": "83521"
      },
      {
        "db": "PACKETSTORM",
        "id": "88167"
      },
      {
        "db": "PACKETSTORM",
        "id": "86075"
      },
      {
        "db": "PACKETSTORM",
        "id": "97489"
      },
      {
        "db": "PACKETSTORM",
        "id": "84183"
      },
      {
        "db": "PACKETSTORM",
        "id": "88387"
      },
      {
        "db": "PACKETSTORM",
        "id": "131826"
      },
      {
        "db": "PACKETSTORM",
        "id": "90344"
      },
      {
        "db": "PACKETSTORM",
        "id": "84181"
      },
      {
        "db": "PACKETSTORM",
        "id": "120714"
      },
      {
        "db": "PACKETSTORM",
        "id": "89667"
      },
      {
        "db": "PACKETSTORM",
        "id": "111920"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-11-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#120541"
      },
      {
        "date": "2009-11-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-41001"
      },
      {
        "date": "2011-05-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "date": "2011-04-24T07:03:17",
        "db": "PACKETSTORM",
        "id": "100765"
      },
      {
        "date": "2009-11-19T18:46:00",
        "db": "PACKETSTORM",
        "id": "82799"
      },
      {
        "date": "2010-09-21T22:55:35",
        "db": "PACKETSTORM",
        "id": "94088"
      },
      {
        "date": "2009-12-07T21:57:59",
        "db": "PACKETSTORM",
        "id": "83521"
      },
      {
        "date": "2010-04-07T02:30:56",
        "db": "PACKETSTORM",
        "id": "88167"
      },
      {
        "date": "2010-02-09T18:53:40",
        "db": "PACKETSTORM",
        "id": "86075"
      },
      {
        "date": "2011-01-13T03:33:06",
        "db": "PACKETSTORM",
        "id": "97489"
      },
      {
        "date": "2009-12-22T20:50:12",
        "db": "PACKETSTORM",
        "id": "84183"
      },
      {
        "date": "2010-04-15T22:26:05",
        "db": "PACKETSTORM",
        "id": "88387"
      },
      {
        "date": "2015-05-08T13:32:34",
        "db": "PACKETSTORM",
        "id": "131826"
      },
      {
        "date": "2010-06-07T16:47:06",
        "db": "PACKETSTORM",
        "id": "90344"
      },
      {
        "date": "2009-12-22T20:42:09",
        "db": "PACKETSTORM",
        "id": "84181"
      },
      {
        "date": "2013-03-08T04:15:53",
        "db": "PACKETSTORM",
        "id": "120714"
      },
      {
        "date": "2010-05-19T05:44:26",
        "db": "PACKETSTORM",
        "id": "89667"
      },
      {
        "date": "2012-04-17T20:41:11",
        "db": "PACKETSTORM",
        "id": "111920"
      },
      {
        "date": "2009-11-09T17:30:00.407000",
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#120541"
      },
      {
        "date": "2023-02-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-41001"
      },
      {
        "date": "2022-06-13T05:59:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "date": "2023-02-13T02:20:27.983000",
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "120714"
      }
    ],
    "trust": 0.1
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SSL and TLS protocols renegotiation vulnerability",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#120541"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "arbitrary",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "82799"
      },
      {
        "db": "PACKETSTORM",
        "id": "94088"
      },
      {
        "db": "PACKETSTORM",
        "id": "86075"
      },
      {
        "db": "PACKETSTORM",
        "id": "120714"
      }
    ],
    "trust": 0.4
  }
}

var-201902-0192
Vulnerability from variot

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). OpenSSL Contains an information disclosure vulnerability.Information may be obtained. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A vulnerability in OpenSSL could allow an unauthenticated, remote malicious user to access sensitive information on a targeted system. An attacker who is able to perform man-in-the-middle attacks could exploit the vulnerability by persuading a user to access a link that submits malicious input to the affected software. A successful exploit could allow the malicious user to intercept and modify the browser requests and then observe the server behavior in order to conduct a padding oracle attack and decrypt sensitive information. The appliance is available to download as an OVA file from the Customer Portal. ========================================================================== Ubuntu Security Notice USN-4376-2 July 09, 2020

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Cesar Pereida Garc\xeda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. A remote attacker could possibly use this issue to decrypt data. (CVE-2019-1559)

Bernd Edlinger discovered that OpenSSL incorrectly handled certain decryption functions. (CVE-2019-1563)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM: libssl1.0.0 1.0.1f-1ubuntu2.27+esm1

Ubuntu 12.04 ESM: libssl1.0.0 1.0.1-4ubuntu5.44

After a standard system update you need to reboot your computer to make all the necessary changes. Description:

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2019:2304-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2304 Issue date: 2019-08-06 CVE Names: CVE-2018-0734 CVE-2019-1559 ==================================================================== 1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • openssl: 0-byte record padding oracle (CVE-2019-1559)

  • openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1649568 - openssl: microarchitectural and timing side channel padding oracle attack against RSA 1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.2k-19.el7.src.rpm

x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.2k-19.el7.src.rpm

x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.2k-19.el7.src.rpm

ppc64: openssl-1.0.2k-19.el7.ppc64.rpm openssl-debuginfo-1.0.2k-19.el7.ppc.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64.rpm openssl-devel-1.0.2k-19.el7.ppc.rpm openssl-devel-1.0.2k-19.el7.ppc64.rpm openssl-libs-1.0.2k-19.el7.ppc.rpm openssl-libs-1.0.2k-19.el7.ppc64.rpm

ppc64le: openssl-1.0.2k-19.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm openssl-devel-1.0.2k-19.el7.ppc64le.rpm openssl-libs-1.0.2k-19.el7.ppc64le.rpm

s390x: openssl-1.0.2k-19.el7.s390x.rpm openssl-debuginfo-1.0.2k-19.el7.s390.rpm openssl-debuginfo-1.0.2k-19.el7.s390x.rpm openssl-devel-1.0.2k-19.el7.s390.rpm openssl-devel-1.0.2k-19.el7.s390x.rpm openssl-libs-1.0.2k-19.el7.s390.rpm openssl-libs-1.0.2k-19.el7.s390x.rpm

x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.2k-19.el7.ppc.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64.rpm openssl-perl-1.0.2k-19.el7.ppc64.rpm openssl-static-1.0.2k-19.el7.ppc.rpm openssl-static-1.0.2k-19.el7.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm openssl-perl-1.0.2k-19.el7.ppc64le.rpm openssl-static-1.0.2k-19.el7.ppc64le.rpm

s390x: openssl-debuginfo-1.0.2k-19.el7.s390.rpm openssl-debuginfo-1.0.2k-19.el7.s390x.rpm openssl-perl-1.0.2k-19.el7.s390x.rpm openssl-static-1.0.2k-19.el7.s390.rpm openssl-static-1.0.2k-19.el7.s390x.rpm

x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.2k-19.el7.src.rpm

x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2018-0734 https://access.redhat.com/security/cve/CVE-2019-1559 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXUl3otzjgjWX9erEAQgZQQ//XNcjRJGLVmjAzbVGiwxEqfFUvDVNiu97 fW0vLXuV9TnQTveOVqOAWmmMv2iShkVIRPDvzlOfUsYrrDEYHKr0N38R/fhDEZsM WQrJh54WK9IjEGNevLTCePKMhVuII1WnHrLDwZ6hxYGdcap/sJrf+N428b5LvHbM B39vWl3vqJYXoiI5dmIYL8ko2SfLms5Cg+dR0hLrNohf9gK2La+jhWb/j2xw6X6q /LXw5+hi/G+USbnNFfjt9G0fNjMMZRX2bukUvY6UWJRYTOXpIUOFqqp5w9zgM7tZ uX7TMTC9xe6te4mBCAFDdt+kYYLYSHfSkFlFq+S7V0MY8DmnIzqBJE4lJIDTVp9F JbrMIPs9G5jdnzPUKZw/gH9WLgka8Q8AYI+KA2xSxFX9VZ20Z+EDDC9/4uwj3i0A gLeIB68OwD70jn4sjuQqizr7TCviQhTUoKVd/mTBAxSEFZLcE8Sy/BEYxLPm81z0 veL16l6pmfg9uLac4V576ImfYNWlBEnJspA5E9K5CqQRPuZpCQFov7/D17Qm8v/x IcVKUaXiGquBwzHmIsD5lTCpl7CrGoU1PfNJ6Y/4xrVFOh1DLA4y6nnfysyO9eZx zBfuYS2VmfIq/tp1CjagI/DmJC4ezXeE4Phq9jm0EBASXtnLzVmc5j7kkqWjCcfm BtpJTAdr1kE=7kKR -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

The following packages have been upgraded to a later upstream version: imgbased (1.1.9), ovirt-node-ng (4.3.5), redhat-release-virtualization-host (4.3.5), redhat-virtualization-host (4.3.5). Bugs fixed (https://bugzilla.redhat.com/):

1640820 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions 1658366 - CVE-2018-16881 rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled 1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle 1687920 - RHVH fails to reinstall if required size is exceeding the available disk space due to anaconda bug 1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service 1702223 - Rebase RHV-H on RHEL 7.7 1709829 - CVE-2019-10139 cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment 1718388 - CVE-2019-10160 python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc 1720156 - RHVH 4.3.4 version info is incorrect in plymouth and "/etc/os-release" 1720160 - RHVH 4.3.4: Incorrect info in /etc/system-release-cpe 1720310 - RHV-H post-installation scripts failing, due to existing tags 1720434 - RHVH 7.7 brand is wrong in Anaconda GUI. 1720435 - Failed to install RHVH 7.7 1720436 - RHVH 7.7 should based on RHEL 7.7 server but not workstation. 1724044 - Failed dependencies occur during install systemtap package. 1726534 - dhclient fails to load libdns-export.so.1102 after upgrade if the user installed library is not persisted on the new layer 1727007 - Update RHVH 7.7 branding with new Red Hat logo 1727859 - Failed to boot after upgrading a host with a custom kernel 1728998 - "nodectl info" displays error after RHVH installation 1729023 - The error message is inappropriate when run imgbase layout --init on current layout

This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt. It was reported to OpenSSL on 10th December 2018.

Note: Advisory updated to make it clearer that AEAD ciphersuites are not impacted.

Note

OpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support for 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end on 11th September 2019. Users of these versions should upgrade to OpenSSL 1.1.1.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20190226.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0192",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "big-ip advanced firewall manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "santricity smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.9.0"
      },
      {
        "model": "web gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "7.0.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "hyper converged infrastructure",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip domain name system",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-iq centralized management",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "7.1.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "model": "services tools bundle",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.2"
      },
      {
        "model": "a800",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "cloud backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.0.5.0"
      },
      {
        "model": "pan-os",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "7.1.0"
      },
      {
        "model": "storagegrid",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "9.0.0"
      },
      {
        "model": "a220",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "pan-os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "8.0.20"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1"
      },
      {
        "model": "communications performance intelligence center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.4.0.2"
      },
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.4"
      },
      {
        "model": "snapcenter",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "jd edwards world security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "a9.3"
      },
      {
        "model": "jd edwards world security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "a9.4"
      },
      {
        "model": "traffix signaling delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "5.0.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "30"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.0.8"
      },
      {
        "model": "big-ip analytics",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "model": "big-ip link controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.0.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.7.0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.3.3"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.56"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.15"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "model": "c190",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "agent",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "5.6.4"
      },
      {
        "model": "traffix signaling delivery controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "5.1.0"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.6.43"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.9.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "29"
      },
      {
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2"
      },
      {
        "model": "big-ip link controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "ontap select deploy administration utility",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ontap select deploy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "threat intelligence exchange server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "3.0.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip domain name system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-iq centralized management",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "7.0.0"
      },
      {
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "big-ip domain name system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.57"
      },
      {
        "model": "mysql",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.17.0"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "model": "communications unified session manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.5"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0"
      },
      {
        "model": "nessus",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "8.2.3"
      },
      {
        "model": "jboss enterprise web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0.0"
      },
      {
        "model": "traffix signaling delivery controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "4.4.0"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "model": "pan-os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "8.1.8"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "model": "big-ip link controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "model": "pan-os",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "8.0.0"
      },
      {
        "model": "pan-os",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "9.0.0"
      },
      {
        "model": "big-ip domain name system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.3"
      },
      {
        "model": "virtualization host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "big-ip domain name system",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "model": "altavault",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "model": "big-ip analytics",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.1.9.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "jd edwards world security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "a9.3.1"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.14"
      },
      {
        "model": "mysql",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "model": "element software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "9.0.2"
      },
      {
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "communications unified session manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.3.5"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.2.0.0.0"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.2"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "snapdrive",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "storage automation store",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1"
      },
      {
        "model": "smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "8.1.0"
      },
      {
        "model": "threat intelligence exchange server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "2.0.0"
      },
      {
        "model": "oncommand unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "big-iq centralized management",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "6.0.0"
      },
      {
        "model": "snapprotect",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "model": "storagegrid",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "9.0.4"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "model": "fas2750",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.4"
      },
      {
        "model": "big-ip domain name system",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.8.1"
      },
      {
        "model": "fas2720",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "model": "web gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "9.0.0"
      },
      {
        "model": "big-iq centralized management",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "6.1.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "model": "active iq unified manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "9.5"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2"
      },
      {
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.0"
      },
      {
        "model": "steelstore cloud integrated storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "model": "hci compute node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "storagegrid",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "model": "mysql workbench",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.16"
      },
      {
        "model": "data exchange layer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "4.0.0"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip domain name system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2"
      },
      {
        "model": "mysql",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.6.0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "cn1610",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.15.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.10"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.0.0"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.25"
      },
      {
        "model": "a320",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.3"
      },
      {
        "model": "service processor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "big-ip domain name system",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "data exchange layer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "6.0.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.4"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.5"
      },
      {
        "model": "agent",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "5.6.0"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.0"
      },
      {
        "model": "active iq unified manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "netapp",
        "version": "7.3"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "model": "active iq unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "paloaltonetworks",
        "version": "7.1.15"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "31"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.8.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2r"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.0.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3.0.0.0"
      },
      {
        "model": "oncommand insight",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.4.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "jp1/snmp system observer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "steelstore cloud integrated storage",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "oncommand workflow automation",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "jp1/operations analytics",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "job management system partern 1/automatic job management system 3",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "storagegrid webscale",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "nessus",
        "scope": null,
        "trust": 0.8,
        "vendor": "tenable",
        "version": null
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "leap",
        "scope": null,
        "trust": 0.8,
        "vendor": "opensuse",
        "version": null
      },
      {
        "model": "jp1/automatic job management system 3",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "traffix sdc",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "jp1/data highway",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "openssl",
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ucosminexus primary server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "model": "ucosminexus service platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "santricity smi-s provider",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "ontap select deploy administration utility",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "jp1/it desktop management 2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/performance management",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "ontap select deploy",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "snapdrive",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "oncommand unified manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "jp1/automatic operation",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "cosminexus http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "hyper converged infrastructure",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "element software",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1559"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.2r",
                "versionStartIncluding": "1.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.4",
                "versionStartIncluding": "9.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionStartIncluding": "7.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "versionStartIncluding": "9.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.1.0",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.1.0",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.5",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.1.3",
                "versionStartIncluding": "13.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.2",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.5",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.1.3",
                "versionStartIncluding": "13.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.2",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.5",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.1.3",
                "versionStartIncluding": "13.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.2",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.5",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.1.3",
                "versionStartIncluding": "13.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.2",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.5",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.1.3",
                "versionStartIncluding": "13.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.2",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.5",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.1.3",
                "versionStartIncluding": "13.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.2",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.5",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.1.3",
                "versionStartIncluding": "13.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.2",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.5",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.1.3",
                "versionStartIncluding": "13.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.2",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.5",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.1.3",
                "versionStartIncluding": "13.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.2",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.5",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.1.3",
                "versionStartIncluding": "13.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.2",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.5",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.1.3",
                "versionStartIncluding": "13.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.2",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.5",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.1.3",
                "versionStartIncluding": "13.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.2",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.5",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.1.3",
                "versionStartIncluding": "13.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.2",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.1.0",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.1.0",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.1.0",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.1.0",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.1.0",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.1.0",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.1.0",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.1.0",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.1.0",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.1.0",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.1.0",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.1.0",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.1.0",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1.0",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.0",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.4",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0.0",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.0.0",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.15",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.7.25",
                "versionStartIncluding": "5.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.43",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.14",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.0.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.16",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.20",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.1.8",
                "versionStartIncluding": "8.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.0.2",
                "versionStartIncluding": "9.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.1.15",
                "versionStartIncluding": "7.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.8.1",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.8.1",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.17.0",
                "versionStartIncluding": "6.9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.15.1",
                "versionStartIncluding": "8.9.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-1559"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt,Red Hat,Slackware Security Team,Juraj Somorovsky",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-1559",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-1559",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-147651",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-1559",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-1559",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201902-956",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-147651",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-1559",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147651"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1559"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1559"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). OpenSSL Contains an information disclosure vulnerability.Information may be obtained. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A vulnerability in OpenSSL could allow an unauthenticated, remote malicious user to access sensitive information on a targeted system. An attacker who is able to perform man-in-the-middle attacks could exploit the vulnerability by persuading a user to access a link that submits malicious input to the affected software. A successful exploit could allow the malicious user to intercept and modify the browser requests and then observe the server behavior in order to conduct a padding oracle attack and decrypt sensitive information. The appliance is available\nto download as an OVA file from the Customer Portal. ==========================================================================\nUbuntu Security Notice USN-4376-2\nJuly 09, 2020\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n Cesar Pereida Garc\\xeda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin,\n Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL\n incorrectly handled ECDSA signatures. An attacker could possibly use this\n issue to perform a timing side-channel attack and recover private ECDSA\n keys. A remote attacker could possibly use this issue to decrypt\n data. (CVE-2019-1559)\n\n Bernd Edlinger discovered that OpenSSL incorrectly handled certain\n decryption functions. (CVE-2019-1563)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n  libssl1.0.0                     1.0.1f-1ubuntu2.27+esm1\n\nUbuntu 12.04 ESM:\n  libssl1.0.0                     1.0.1-4ubuntu5.44\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: openssl security and bug fix update\nAdvisory ID:       RHSA-2019:2304-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:2304\nIssue date:        2019-08-06\nCVE Names:         CVE-2018-0734 CVE-2019-1559\n====================================================================\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* openssl: timing side channel attack in the DSA signature algorithm\n(CVE-2018-0734)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm\n1649568 - openssl: microarchitectural and timing side channel padding oracle attack against RSA\n1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nppc64:\nopenssl-1.0.2k-19.el7.ppc64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc64.rpm\nopenssl-devel-1.0.2k-19.el7.ppc.rpm\nopenssl-devel-1.0.2k-19.el7.ppc64.rpm\nopenssl-libs-1.0.2k-19.el7.ppc.rpm\nopenssl-libs-1.0.2k-19.el7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.2k-19.el7.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm\nopenssl-devel-1.0.2k-19.el7.ppc64le.rpm\nopenssl-libs-1.0.2k-19.el7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-19.el7.s390x.rpm\nopenssl-debuginfo-1.0.2k-19.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-19.el7.s390x.rpm\nopenssl-devel-1.0.2k-19.el7.s390.rpm\nopenssl-devel-1.0.2k-19.el7.s390x.rpm\nopenssl-libs-1.0.2k-19.el7.s390.rpm\nopenssl-libs-1.0.2k-19.el7.s390x.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.2k-19.el7.ppc.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc64.rpm\nopenssl-perl-1.0.2k-19.el7.ppc64.rpm\nopenssl-static-1.0.2k-19.el7.ppc.rpm\nopenssl-static-1.0.2k-19.el7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm\nopenssl-perl-1.0.2k-19.el7.ppc64le.rpm\nopenssl-static-1.0.2k-19.el7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-19.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-19.el7.s390x.rpm\nopenssl-perl-1.0.2k-19.el7.s390x.rpm\nopenssl-static-1.0.2k-19.el7.s390.rpm\nopenssl-static-1.0.2k-19.el7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0734\nhttps://access.redhat.com/security/cve/CVE-2019-1559\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXUl3otzjgjWX9erEAQgZQQ//XNcjRJGLVmjAzbVGiwxEqfFUvDVNiu97\nfW0vLXuV9TnQTveOVqOAWmmMv2iShkVIRPDvzlOfUsYrrDEYHKr0N38R/fhDEZsM\nWQrJh54WK9IjEGNevLTCePKMhVuII1WnHrLDwZ6hxYGdcap/sJrf+N428b5LvHbM\nB39vWl3vqJYXoiI5dmIYL8ko2SfLms5Cg+dR0hLrNohf9gK2La+jhWb/j2xw6X6q\n/LXw5+hi/G+USbnNFfjt9G0fNjMMZRX2bukUvY6UWJRYTOXpIUOFqqp5w9zgM7tZ\nuX7TMTC9xe6te4mBCAFDdt+kYYLYSHfSkFlFq+S7V0MY8DmnIzqBJE4lJIDTVp9F\nJbrMIPs9G5jdnzPUKZw/gH9WLgka8Q8AYI+KA2xSxFX9VZ20Z+EDDC9/4uwj3i0A\ngLeIB68OwD70jn4sjuQqizr7TCviQhTUoKVd/mTBAxSEFZLcE8Sy/BEYxLPm81z0\nveL16l6pmfg9uLac4V576ImfYNWlBEnJspA5E9K5CqQRPuZpCQFov7/D17Qm8v/x\nIcVKUaXiGquBwzHmIsD5lTCpl7CrGoU1PfNJ6Y/4xrVFOh1DLA4y6nnfysyO9eZx\nzBfuYS2VmfIq/tp1CjagI/DmJC4ezXeE4Phq9jm0EBASXtnLzVmc5j7kkqWjCcfm\nBtpJTAdr1kE=7kKR\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. \n\nThe following packages have been upgraded to a later upstream version:\nimgbased (1.1.9), ovirt-node-ng (4.3.5), redhat-release-virtualization-host\n(4.3.5), redhat-virtualization-host (4.3.5). Bugs fixed (https://bugzilla.redhat.com/):\n\n1640820 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions\n1658366 - CVE-2018-16881 rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled\n1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle\n1687920 - RHVH fails to reinstall if required size is exceeding the available disk space due to anaconda bug\n1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service\n1702223 - Rebase RHV-H on RHEL 7.7\n1709829 - CVE-2019-10139 cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment\n1718388 - CVE-2019-10160 python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc\n1720156 - RHVH 4.3.4 version info is incorrect in plymouth and \"/etc/os-release\"\n1720160 - RHVH 4.3.4: Incorrect info in /etc/system-release-cpe\n1720310 - RHV-H post-installation scripts failing, due to existing tags\n1720434 - RHVH 7.7 brand is wrong in Anaconda GUI. \n1720435 - Failed to install RHVH 7.7\n1720436 - RHVH 7.7 should based on RHEL 7.7 server but not workstation. \n1724044 - Failed dependencies occur during install systemtap package. \n1726534 - dhclient fails to load libdns-export.so.1102 after upgrade if the user installed library is not persisted on the new layer\n1727007 - Update RHVH 7.7 branding with new Red Hat logo\n1727859 - Failed to boot after upgrading a host with a custom kernel\n1728998 - \"nodectl info\" displays error after RHVH installation\n1729023 - The error message is inappropriate when run `imgbase layout --init` on current layout\n\n6. \n\nThis issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod Aviram,\nwith additional investigation by Steven Collison and Andrew Hourselt. It was\nreported to OpenSSL on 10th December 2018. \n\nNote: Advisory updated to make it clearer that AEAD ciphersuites are not impacted. \n\nNote\n====\n\nOpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support\nfor 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end on 11th\nSeptember 2019. Users of these versions should upgrade to OpenSSL 1.1.1. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20190226.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-1559"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      },
      {
        "db": "VULHUB",
        "id": "VHN-147651"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1559"
      },
      {
        "db": "PACKETSTORM",
        "id": "154009"
      },
      {
        "db": "PACKETSTORM",
        "id": "158377"
      },
      {
        "db": "PACKETSTORM",
        "id": "155413"
      },
      {
        "db": "PACKETSTORM",
        "id": "151885"
      },
      {
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "db": "PACKETSTORM",
        "id": "153932"
      },
      {
        "db": "PACKETSTORM",
        "id": "154008"
      },
      {
        "db": "PACKETSTORM",
        "id": "169635"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-1559",
        "trust": 3.4
      },
      {
        "db": "TENABLE",
        "id": "TNS-2019-03",
        "trust": 1.8
      },
      {
        "db": "TENABLE",
        "id": "TNS-2019-02",
        "trust": 1.8
      },
      {
        "db": "MCAFEE",
        "id": "SB10282",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "107174",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "151886",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "158377",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "155415",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4479.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3729",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0102",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2383",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3462",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0487",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4083",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0620",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0751.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4558",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0192",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4479",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0032",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4255",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4297",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0666",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4405",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3390.4",
        "trust": 0.6
      },
      {
        "db": "PULSESECURE",
        "id": "SA44019",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "151885",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "151918",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154042",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-147651",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1559",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154009",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155413",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "153932",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154008",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169635",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147651"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1559"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      },
      {
        "db": "PACKETSTORM",
        "id": "154009"
      },
      {
        "db": "PACKETSTORM",
        "id": "158377"
      },
      {
        "db": "PACKETSTORM",
        "id": "155413"
      },
      {
        "db": "PACKETSTORM",
        "id": "151885"
      },
      {
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "db": "PACKETSTORM",
        "id": "153932"
      },
      {
        "db": "PACKETSTORM",
        "id": "154008"
      },
      {
        "db": "PACKETSTORM",
        "id": "169635"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1559"
      }
    ]
  },
  "id": "VAR-201902-0192",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147651"
      }
    ],
    "trust": 0.36447732666666666
  },
  "last_update_date": "2024-07-23T20:34:36.580000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "hitachi-sec-2019-132 Software product security information",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/3899-1/"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89673"
      },
      {
        "title": "Red Hat: Moderate: openssl security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192304 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192471 - security advisory"
      },
      {
        "title": "Ubuntu Security Notice: openssl, openssl1.0 vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3899-1"
      },
      {
        "title": "Debian Security Advisories: DSA-4400-1 openssl1.0 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=675a6469b3fad3c9a56addc922ae8d9d"
      },
      {
        "title": "Red Hat: Moderate: rhvm-appliance security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192439 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193929 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193931 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat Virtualization security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192437 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2019-1559",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2019-1559"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201903-2] openssl-1.0: information disclosure",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201903-2"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201903-6] lib32-openssl-1.0: information disclosure",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201903-6"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2019-1559"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2019-1188",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1188"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2019-1362",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1362"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2019-1188",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1188"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=884ffe1be805ead0a804f06f7c14072c"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1092f7b64100b0110232688947fb97ed"
      },
      {
        "title": "IBM: IBM Security Bulletin: Guardium StealthBits Integration is affected by an OpenSSL vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6b4ff04f16b62df96980d37251dc9ae0"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7856a174f729c96cf2ba970cfef5f604"
      },
      {
        "title": "IBM: IBM Security Bulletin: OpenSSL vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=04a72ac59f1cc3a5b02c155d941c5cfd"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM DataPower Gateway is affected by a padding oracle vulnerability (CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9c55c211aa2410823d4d568143afa117"
      },
      {
        "title": "IBM: Security Bulletin: OpenSSL vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera Desktop Client 3.9.1 and earlier (CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c233af3070d7248dcbafadb6b367e2a1"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by openssl vulnerabilities (CVE-2019-1559, CVE-2018-0734)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7ceb7cf440b088f91358d1c597d5a414"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c0b11f80d1ecd798a97f3bda2b68f830"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerability CVE-2019-1559 in OpenSSL affects IBM i",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=12860155d0bf31ea6e2e3ffcef7ea7e0"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2019-1559) Security Bulletin",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2709308a62e1e2fafc2e4989ef440aa3"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1b873a45dce8bb56ff011908a9402b67"
      },
      {
        "title": "IBM: IBM Security Bulletin: Node.js as used in IBM QRadar Packet Capture is vulnerable to the following CVE\u2019s (CVE-2019-1559, CVE-2019-5737, CVE-2019-5739)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=aae1f2192c5cf9375ed61f7a27d08f64"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private (CVE-2019-5739 CVE-2019-5737 CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8b00742d4b57e0eaab4fd3f9a2125634"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 \u0026 GCM32 and LCM8 \u0026 LCM16 KVM Switch Firmware (CVE-2018-0732 CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ca67e77b9edd2ad304d2f2da1853223f"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analytics",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ac5ccbde4e4ddbcabd10cacf82487a11"
      },
      {
        "title": "IBM: Security Bulletin: Vulnerabities in SSL in IBM DataPower Gateway",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5fc1433ca504461e3bbb1d30e408592c"
      },
      {
        "title": "Hitachi Security Advisories: Vulnerability in Cosminexus HTTP Server",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-112"
      },
      {
        "title": "Hitachi Security Advisories: Vulnerability in JP1",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-132"
      },
      {
        "title": "IBM: IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e59d7f075c856823d6f7370dea35e662"
      },
      {
        "title": "Debian CVElist Bug Report Logs: mysql-5.7: Security fixes from the April 2019 CPU",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5f1bd0287d0770973261ab8500c6982b"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerability in Node.js affects IBM Integration Bus \u0026 IBM App Connect Enterprise V11",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1a7cb34592ef045ece1d2b32c150f2a2"
      },
      {
        "title": "IBM: IBM Security Bulletin: Secure Gateway is affected by multiple vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=28830011b173eee360fbb2a55c68c9d3"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8db7a9036f52f1664d12ac73d7a3506f"
      },
      {
        "title": "IBM: IBM Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6b74f45222d8029af7ffef49314f6056"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=4ee609eeae78bbbd0d0c827f33a7f87f"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus Agent 7.4.0 Fixes One Third-party Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2019-03"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2018-0734 and CVE-2019-1559 (OpenSSL)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=b508c983da563a8786bf80c360afb887"
      },
      {
        "title": "Hitachi Security Advisories: Multiple Vulnerabilities in JP1/Automatic Job Management System 3 - Web Operation Assistant",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-121"
      },
      {
        "title": "Palo Alto Networks Security Advisory: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=217c2f4028735d91500e325e8ba1cbba"
      },
      {
        "title": "Palo Alto Networks Security Advisory: CVE-2019-1559 OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=a16107c1f899993837417057168db200"
      },
      {
        "title": "IBM: IBM Security Bulletin:IBM Security Identity Adapters has released a fix in response to the OpenSSL vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=00b8bc7d11e5484e8721f3f62ec2ce87"
      },
      {
        "title": "IBM: Security Bulletin: Vulnerabilities have been identified in OpenSSL and the Kernel shipped with the DS8000 Hardware Management Console (HMC)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=423d1da688755122eb2591196e4cc160"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM Watson Assistant for IBM Cloud Pak for Data",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1e6142e07a3e9637110bdfa17e331459"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Vulnerabilities in Watson Openscale (Liberty, Java, node.js)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a47e10150b300f15d2fd55b9cdaed12d"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus 8.3.0 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2019-02"
      },
      {
        "title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0b05dc856c1be71db871bcea94f6fa8d"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=800337bc69aa7ad92ac88a2adcc7d426"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Releases 1801-w and 1801-y",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=bf3f2299a8658b7cd3984c40e7060666"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2019-1559 "
      },
      {
        "title": "Centos-6-openssl-1.0.1e-58.pd1trfir",
        "trust": 0.1,
        "url": "https://github.com/datourist/centos-6-openssl-1.0.1e-58.pd1trfir "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/tls-attacker/tls-padding-oracles "
      },
      {
        "title": "TLS-Padding-Oracles",
        "trust": 0.1,
        "url": "https://github.com/rub-nds/tls-padding-oracles "
      },
      {
        "title": "vyger",
        "trust": 0.1,
        "url": "https://github.com/mrodden/vyger "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-1559"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-203",
        "trust": 1.1
      },
      {
        "problemtype": "information leak (CWE-200) [NVD Evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147651"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1559"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.6,
        "url": "http://www.securityfocus.com/bid/107174"
      },
      {
        "trust": 2.5,
        "url": "https://access.redhat.com/errata/rhsa-2019:3929"
      },
      {
        "trust": 2.5,
        "url": "https://access.redhat.com/errata/rhsa-2019:3931"
      },
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
      },
      {
        "trust": 2.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1559"
      },
      {
        "trust": 2.0,
        "url": "https://access.redhat.com/errata/rhsa-2019:2304"
      },
      {
        "trust": 1.9,
        "url": "https://www.openssl.org/news/secadv/20190226.txt"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/errata/rhsa-2019:2437"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/errata/rhsa-2019:2439"
      },
      {
        "trust": 1.9,
        "url": "https://usn.ubuntu.com/3899-1/"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
      },
      {
        "trust": 1.8,
        "url": "https://www.tenable.com/security/tns-2019-02"
      },
      {
        "trust": 1.8,
        "url": "https://www.tenable.com/security/tns-2019-03"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2019/dsa-4400"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201903-10"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:2471"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
      },
      {
        "trust": 1.8,
        "url": "https://usn.ubuntu.com/4376-2/"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10282"
      },
      {
        "trust": 1.2,
        "url": "https://support.f5.com/csp/article/k18549143"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/csp/article/k18549143?utm_source=f5support\u0026amp%3butm_medium=rss"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/"
      },
      {
        "trust": 0.6,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory30.asc"
      },
      {
        "trust": 0.6,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44019/?l=en_us\u0026atype=sa\u0026fs=search\u0026pn=1\u0026atype=sa"
      },
      {
        "trust": 0.6,
        "url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2019-5462008.html"
      },
      {
        "trust": 0.6,
        "url": "https://github.com/rub-nds/tls-padding-oracles"
      },
      {
        "trust": 0.6,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k18549143?utm_source=f5support\u0026utm_medium=rss"
      },
      {
        "trust": 0.6,
        "url": "https://support.symantec.com/us/en/article.symsa1490.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170328"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170340"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170334"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170322"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170352"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1170346"
      },
      {
        "trust": 0.6,
        "url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190572-1/"
      },
      {
        "trust": 0.6,
        "url": "https://usn.ubuntu.com/4212-1/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1115655"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1115649"
      },
      {
        "trust": 0.6,
        "url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/   hitachi-sec-2019-132/index.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/2016771"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/2020677"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/2027745"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1126581"
      },
      {
        "trust": 0.6,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-132/index.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.ubuntu.com/usn/usn-3899-1"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76438"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4405/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1116357"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4558/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4479/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3729/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76230"
      },
      {
        "trust": 0.6,
        "url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0032/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0487/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1115643"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/openssl-1-0-2-information-disclosure-via-0-byte-record-padding-oracle-28600"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/3517185"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1167202"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qradar-siem-is-missing-a-required-cryptographic-step-cve-2019-1559/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0192/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3390.4/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-integrated-analytics-system/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4479.2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3462/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4083"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155415/red-hat-security-advisory-2019-3929-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6520674"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-identified-in-openssl-and-the-kernel-shipped-with-the-ds8000-hardware-management-console-hmc/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76782"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-the-following-opensll-vulnerability/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2383/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4255/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4297/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0102/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1143442"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-openssh-and-openssl-shipped-with-ibm-security-access-manager-appliance-cve-2018-15473-cve-2019-1559/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1105965"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158377/ubuntu-security-notice-usn-4376-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1106553"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-public-disclosed-vulnerability-from-openssl-affect-ibm-netezza-host-management/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/151886/slackware-security-advisory-openssl-updates.html"
      },
      {
        "trust": 0.5,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.5,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2019-1559"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/2974891"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-16881"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16881"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-10072"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0221"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-5407"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0221"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10072"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10282"
      },
      {
        "trust": 0.1,
        "url": "https://support.f5.com/csp/article/k18549143?utm_source=f5support\u0026amp;amp;utm_medium=rss"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/203.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2019-1559"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59697"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3888"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1547"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1563"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4376-1"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4376-2"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3899-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.15"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu6.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.3"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-0734"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10160"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0161"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0161"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10139"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10139"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147651"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1559"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      },
      {
        "db": "PACKETSTORM",
        "id": "154009"
      },
      {
        "db": "PACKETSTORM",
        "id": "158377"
      },
      {
        "db": "PACKETSTORM",
        "id": "155413"
      },
      {
        "db": "PACKETSTORM",
        "id": "151885"
      },
      {
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "db": "PACKETSTORM",
        "id": "153932"
      },
      {
        "db": "PACKETSTORM",
        "id": "154008"
      },
      {
        "db": "PACKETSTORM",
        "id": "169635"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1559"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-147651"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1559"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      },
      {
        "db": "PACKETSTORM",
        "id": "154009"
      },
      {
        "db": "PACKETSTORM",
        "id": "158377"
      },
      {
        "db": "PACKETSTORM",
        "id": "155413"
      },
      {
        "db": "PACKETSTORM",
        "id": "151885"
      },
      {
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "db": "PACKETSTORM",
        "id": "153932"
      },
      {
        "db": "PACKETSTORM",
        "id": "154008"
      },
      {
        "db": "PACKETSTORM",
        "id": "169635"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1559"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-02-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-147651"
      },
      {
        "date": "2019-02-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-1559"
      },
      {
        "date": "2019-04-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      },
      {
        "date": "2019-08-12T17:13:13",
        "db": "PACKETSTORM",
        "id": "154009"
      },
      {
        "date": "2020-07-09T18:42:27",
        "db": "PACKETSTORM",
        "id": "158377"
      },
      {
        "date": "2019-11-20T20:32:22",
        "db": "PACKETSTORM",
        "id": "155413"
      },
      {
        "date": "2019-02-27T19:19:00",
        "db": "PACKETSTORM",
        "id": "151885"
      },
      {
        "date": "2019-11-20T20:44:44",
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "date": "2019-08-06T21:09:19",
        "db": "PACKETSTORM",
        "id": "153932"
      },
      {
        "date": "2019-08-12T17:13:02",
        "db": "PACKETSTORM",
        "id": "154008"
      },
      {
        "date": "2019-02-26T12:12:12",
        "db": "PACKETSTORM",
        "id": "169635"
      },
      {
        "date": "2019-02-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      },
      {
        "date": "2019-02-27T23:29:00.277000",
        "db": "NVD",
        "id": "CVE-2019-1559"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-08-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-147651"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-1559"
      },
      {
        "date": "2021-07-15T06:04:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      },
      {
        "date": "2022-03-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      },
      {
        "date": "2023-11-07T03:08:30.953000",
        "db": "NVD",
        "id": "CVE-2019-1559"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "151885"
      },
      {
        "db": "PACKETSTORM",
        "id": "169635"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL\u00a0 Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002098"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-956"
      }
    ],
    "trust": 0.6
  }
}

var-202103-1464
Vulnerability from variot

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an malicious user to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.

Security Fix(es):

  • NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Currently, a newly restored PVC cannot be mounted if some of the OpenShift Container Platform nodes are running on a version of Red Hat Enterprise Linux which is less than 8.2, and the snapshot from which the PVC was restored is deleted. Workaround: Do not delete the snapshot from which the PVC was restored until the restored PVC is deleted. (BZ#1962483)

  • Previously, the default backingstore was not created on AWS S3 when OpenShift Container Storage was deployed, due to incorrect identification of AWS S3. With this update, the default backingstore gets created when OpenShift Container Storage is deployed on AWS S3. (BZ#1927307)

  • Previously, log messages were printed to the endpoint pod log even if the debug option was not set. With this update, the log messages are printed to the endpoint pod log only when the debug option is set. (BZ#1938106)

  • Previously, the PVCs could not be provisioned as the rook-ceph-mds did not register the pod IP on the monitor servers, and hence every mount on the filesystem timed out, resulting in CephFS volume provisioning failure. With this update, an argument --public-addr=podIP is added to the MDS pod when the host network is not enabled, and hence the CephFS volume provisioning does not fail. (BZ#1949558)

  • Previously, OpenShift Container Storage 4.2 clusters were not updated with the correct cache value, and hence MDSs in standby-replay might report an oversized cache, as rook did not apply the mds_cache_memory_limit argument during upgrades. With this update, the mds_cache_memory_limit argument is applied during upgrades and the mds daemon operates normally. (BZ#1951348)

  • Previously, the coredumps were not generated in the correct location as rook was setting the config option log_file to an empty string since logging happened on stdout and not on the files, and hence Ceph read the value of the log_file to build the dump path. With this update, rook does not set the log_file and keeps Ceph's internal default, and hence the coredumps are generated in the correct location and are accessible under /var/log/ceph/. (BZ#1938049)

  • Previously, Ceph became inaccessible, as the mons lose quorum if a mon pod was drained while another mon was failing over. With this update, voluntary mon drains are prevented while a mon is failing over, and hence Ceph does not become inaccessible. (BZ#1946573)

  • Previously, the mon quorum was at risk, as the operator could erroneously remove the new mon if the operator was restarted during a mon failover. With this update, the operator completes the same mon failover after the operator is restarted, and hence the mon quorum is more reliable in the node drains and mon failover scenarios. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod 1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b 1951348 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay 1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore 1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files 1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version] 1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover 1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout 1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod

Bug Fix(es):

  • WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)

  • LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)

  • Telemetry info not completely available to identify windows nodes (BZ#1955319)

  • WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)

  • kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)

  • Solution:

For Windows Machine Config Operator upgrades, see the following documentation:

https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html

  1. Bugs fixed (https://bugzilla.redhat.com/):

1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service

  1. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images

Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/

Security:

  • fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321)

  • fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322)

  • nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)

  • redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)

  • redis: Integer overflow via COPY command for large intsets (CVE-2021-29478)

  • nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)

  • nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)

  • golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing

  • -u- extension (CVE-2020-28851)

  • golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)

  • nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)

  • oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)

  • redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)

  • nodejs-lodash: command injection via template (CVE-2021-23337)

  • nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362)

  • browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)

  • nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)

  • nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)

  • nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)

  • nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)

  • openssl: integer overflow in CipherUpdate (CVE-2021-23840)

  • openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)

  • nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)

  • grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358)

  • nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)

  • nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)

  • ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)

  • normalize-url: ReDoS for data URLs (CVE-2021-33502)

  • nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)

  • nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)

  • html-parse-stringify: Regular Expression DoS (CVE-2021-23346)

  • openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)

For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.

Bugs:

  • RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444)

  • cluster became offline after apiserver health check (BZ# 1942589)

  • Bugs fixed (https://bugzilla.redhat.com/):

1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters

  1. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: OpenShift Container Platform 4.10.3 security update Advisory ID: RHSA-2022:0056-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0056 Issue date: 2022-03-10 CVE Names: CVE-2014-3577 CVE-2016-10228 CVE-2017-14502 CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9169 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 CVE-2019-19906 CVE-2019-20454 CVE-2019-20807 CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 CVE-2020-25660 CVE-2020-25677 CVE-2020-27618 CVE-2020-27781 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2021-3121 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 CVE-2021-3733 CVE-2021-3749 CVE-2021-20305 CVE-2021-21684 CVE-2021-22946 CVE-2021-22947 CVE-2021-25215 CVE-2021-27218 CVE-2021-30666 CVE-2021-30761 CVE-2021-30762 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 CVE-2021-36222 CVE-2021-37750 CVE-2021-39226 CVE-2021-41190 CVE-2021-43813 CVE-2021-44716 CVE-2021-44717 CVE-2022-0532 CVE-2022-21673 CVE-2022-24407 =====================================================================

  1. Summary:

Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.3. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2022:0055

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

Security Fix(es):

  • gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
  • grafana: Snapshot authentication bypass (CVE-2021-39226)
  • golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
  • nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
  • golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
  • grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
  • grafana: directory traversal vulnerability (CVE-2021-43813)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-x86_64

The image digest is sha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-s390x

The image digest is sha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le

The image digest is sha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c

All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

  1. Solution:

For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for moderate instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

  1. Bugs fixed (https://bugzilla.redhat.com/):

1808240 - Always return metrics value for pods under the user's namespace 1815189 - feature flagged UI does not always become available after operator installation 1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters 1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly 1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal 1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered 1878925 - 'oc adm upgrade --to ...' rejects versions which occur only in history, while the cluster-version operator supports history fallback 1880738 - origin e2e test deletes original worker 1882983 - oVirt csi driver should refuse to provision RWX and ROX PV 1886450 - Keepalived router id check not documented for RHV/VMware IPI 1889488 - The metrics endpoint for the Scheduler is not protected by RBAC 1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom 1896474 - Path based routing is broken for some combinations 1897431 - CIDR support for additional network attachment with the bridge CNI plug-in 1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes 1907433 - Excessive logging in image operator 1909906 - The router fails with PANIC error when stats port already in use 1911173 - [MSTR-998] Many charts' legend names show {{}} instead of words 1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting. 1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true) 1917893 - [ovirt] install fails: due to terraform error "Cannot attach Virtual Disk: Disk is locked" on vm resource 1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1926522 - oc adm catalog does not clean temporary files 1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes. 1928141 - kube-storage-version-migrator constantly reporting type "Upgradeable" status Unknown 1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it's storageclass is not yet finished, confusing users 1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x 1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade 1937085 - RHV UPI inventory playbook missing guarantee_memory 1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion 1938236 - vsphere-problem-detector does not support overriding log levels via storage CR 1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods 1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer 1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s] 1942913 - ThanosSidecarUnhealthy isn't resilient to WAL replays. 1943363 - [ovn] CNO should gracefully terminate ovn-northd 1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17 1948080 - authentication should not set Available=False APIServices_Error with 503s 1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set 1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0 1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer 1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs 1953264 - "remote error: tls: bad certificate" logs in prometheus-operator container 1955300 - Machine config operator reports unavailable for 23m during upgrade 1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set 1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set 1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters 1956496 - Needs SR-IOV Docs Upstream 1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret 1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid 1956964 - upload a boot-source to OpenShift virtualization using the console 1957547 - [RFE]VM name is not auto filled in dev console 1958349 - ovn-controller doesn't release the memory after cluster-density run 1959352 - [scale] failed to get pod annotation: timed out waiting for annotations 1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not 1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial] 1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects 1961391 - String updates 1961509 - DHCP daemon pod should have CPU and memory requests set but not limits 1962066 - Edit machine/machineset specs not working 1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent 1963053 - oc whoami --show-console should show the web console URL, not the server api URL 1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters 1964327 - Support containers with name:tag@digest 1964789 - Send keys and disconnect does not work for VNC console 1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7 1966445 - Unmasking a service doesn't work if it masked using MCO 1966477 - Use GA version in KAS/OAS/OauthAS to avoid: "audit.k8s.io/v1beta1" is deprecated and will be removed in a future release, use "audit.k8s.io/v1" instead 1966521 - kube-proxy's userspace implementation consumes excessive CPU 1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up 1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount 1970218 - MCO writes incorrect file contents if compression field is specified 1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel] 1970805 - Cannot create build when docker image url contains dir structure 1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io 1972827 - image registry does not remain available during upgrade 1972962 - Should set the minimum value for the --max-icsp-size flag of oc adm catalog mirror 1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run 1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established 1976301 - [ci] e2e-azure-upi is permafailing 1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change. 1976674 - CCO didn't set Upgradeable to False when cco mode is configured to Manual on azure platform 1976894 - Unidling a StatefulSet does not work as expected 1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases 1977414 - Build Config timed out waiting for condition 400: Bad Request 1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus 1978528 - systemd-coredump started and failed intermittently for unknown reasons 1978581 - machine-config-operator: remove runlevel from mco namespace 1979562 - Cluster operators: don't show messages when neither progressing, degraded or unavailable 1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9 1979966 - OCP builds always fail when run on RHEL7 nodes 1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading 1981549 - Machine-config daemon does not recover from broken Proxy configuration 1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel] 1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues 1982063 - 'Control Plane' is not translated in Simplified Chinese language in Home->Overview page 1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands 1982662 - Workloads - DaemonSets - Add storage: i18n misses 1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE "/secrets/encryption-config" on single node clusters 1983758 - upgrades are failing on disruptive tests 1983964 - Need Device plugin configuration for the NIC "needVhostNet" & "isRdma" 1984592 - global pull secret not working in OCP4.7.4+ for additional private registries 1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs 1985486 - Cluster Proxy not used during installation on OSP with Kuryr 1985724 - VM Details Page missing translations 1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted 1985933 - Downstream image registry recommendation 1985965 - oVirt CSI driver does not report volume stats 1986216 - [scale] SNO: Slow Pod recovery due to "timed out waiting for OVS port binding" 1986237 - "MachineNotYetDeleted" in Pending state , alert not fired 1986239 - crictl create fails with "PID namespace requested, but sandbox infra container invalid" 1986302 - console continues to fetch prometheus alert and silences for normal user 1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI 1986338 - error creating list of resources in Import YAML 1986502 - yaml multi file dnd duplicates previous dragged files 1986819 - fix string typos for hot-plug disks 1987044 - [OCPV48] Shutoff VM is being shown as "Starting" in WebUI when using spec.runStrategy Manual/RerunOnFailure 1987136 - Declare operatorframework.io/arch. labels for all operators 1987257 - Go-http-client user-agent being used for oc adm mirror requests 1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold 1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP 1988406 - SSH key dropped when selecting "Customize virtual machine" in UI 1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade 1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with "Unable to connect to the server" 1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs 1989438 - expected replicas is wrong 1989502 - Developer Catalog is disappearing after short time 1989843 - 'More' and 'Show Less' functions are not translated on several page 1990014 - oc debug does not work for Windows pods 1990190 - e2e testing failed with basic manifest: reason/ExternalProvisioning waiting for a volume to be created 1990193 - 'more' and 'Show Less' is not being translated on Home -> Search page 1990255 - Partial or all of the Nodes/StorageClasses don't appear back on UI after text is removed from search bar 1990489 - etcdHighNumberOfFailedGRPCRequests fires only on metal env in CI 1990506 - Missing udev rules in initramfs for /dev/disk/by-id/scsi- symlinks 1990556 - get-resources.sh doesn't honor the no_proxy settings even with no_proxy var 1990625 - Ironic agent registers with SLAAC address with privacy-stable 1990635 - CVO does not recognize the channel change if desired version and channel changed at the same time 1991067 - github.com can not be resolved inside pods where cluster is running on openstack. 1991573 - Enable typescript strictNullCheck on network-policies files 1991641 - Baremetal Cluster Operator still Available After Delete Provisioning 1991770 - The logLevel and operatorLogLevel values do not work with Cloud Credential Operator 1991819 - Misspelled word "ocurred" in oc inspect cmd 1991942 - Alignment and spacing fixes 1992414 - Two rootdisks show on storage step if 'This is a CD-ROM boot source' is checked 1992453 - The configMap failed to save on VM environment tab 1992466 - The button 'Save' and 'Reload' are not translated on vm environment tab 1992475 - The button 'Open console in New Window' and 'Disconnect' are not translated on vm console tab 1992509 - Could not customize boot source due to source PVC not found 1992541 - all the alert rules' annotations "summary" and "description" should comply with the OpenShift alerting guidelines 1992580 - storageProfile should stay with the same value by check/uncheck the apply button 1992592 - list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply 1992777 - [IBMCLOUD] Default "ibm_iam_authorization_policy" is not working as expected in all scenarios 1993364 - cluster destruction fails to remove router in BYON with Kuryr as primary network (even after BZ 1940159 got fixed) 1993376 - periodic-ci-openshift-release-master-ci-4.6-upgrade-from-stable-4.5-e2e-azure-upgrade is permfailing 1994094 - Some hardcodes are detected at the code level in OpenShift console components 1994142 - Missing required cloud config fields for IBM Cloud 1994733 - MetalLB: IP address is not assigned to service if there is duplicate IP address in two address pools 1995021 - resolv.conf and corefile sync slows down/stops after keepalived container restart 1995335 - [SCALE] ovnkube CNI: remove ovs flows check 1995493 - Add Secret to workload button and Actions button are not aligned on secret details page 1995531 - Create RDO-based Ironic image to be promoted to OKD 1995545 - Project drop-down amalgamates inside main screen while creating storage system for odf-operator 1995887 - [OVN]After reboot egress node, lr-policy-list was not correct, some duplicate records or missed internal IPs 1995924 - CMO should report Upgradeable: false when HA workload is incorrectly spread 1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole 1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN 1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down 1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page 1996647 - Provide more useful degraded message in auth operator on DNS errors 1996736 - Large number of 501 lr-policies in INCI2 env 1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes 1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP 1996928 - Enable default operator indexes on ARM 1997028 - prometheus-operator update removes env var support for thanos-sidecar 1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used 1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller. 1997245 - "Subscription already exists in openshift-storage namespace" error message is seen while installing odf-operator via UI 1997269 - Have to refresh console to install kube-descheduler 1997478 - Storage operator is not available after reboot cluster instances 1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 1997967 - storageClass is not reserved from default wizard to customize wizard 1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order 1998038 - [e2e][automation] add tests for UI for VM disk hot-plug 1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus 1998174 - Create storageclass gp3-csi after install ocp cluster on aws 1998183 - "r: Bad Gateway" info is improper 1998235 - Firefox warning: Cookie “csrf-token” will be soon rejected 1998377 - Filesystem table head is not full displayed in disk tab 1998378 - Virtual Machine is 'Not available' in Home -> Overview -> Cluster inventory 1998519 - Add fstype when create localvolumeset instance on web console 1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses 1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page 1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable 1999091 - Console update toast notification can appear multiple times 1999133 - removing and recreating static pod manifest leaves pod in error state 1999246 - .indexignore is not ingore when oc command load dc configuration 1999250 - ArgoCD in GitOps operator can't manage namespaces 1999255 - ovnkube-node always crashes out the first time it starts 1999261 - ovnkube-node log spam (and security token leak?) 1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -> Operator Installation page 1999314 - console-operator is slow to mark Degraded as False once console starts working 1999425 - kube-apiserver with "[SHOULD NOT HAPPEN] failed to update managedFields" err="failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck) 1999556 - "master" pool should be updated before the CVO reports available at the new version occurred 1999578 - AWS EFS CSI tests are constantly failing 1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages 1999619 - cloudinit is malformatted if a user sets a password during VM creation flow 1999621 - Empty ssh_authorized_keys entry is added to VM's cloudinit if created from a customize flow 1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined 1999668 - openshift-install destroy cluster panic's when given invalid credentials to cloud provider (Azure Stack Hub) 1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource 1999771 - revert "force cert rotation every couple days for development" in 4.10 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 1999796 - Openshift Console Helm tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace. 1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions 1999903 - Click "This is a CD-ROM boot source" ticking "Use template size PVC" on pvc upload form 1999983 - No way to clear upload error from template boot source 2000081 - [IPI baremetal] The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter 2000096 - Git URL is not re-validated on edit build-config form reload 2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig 2000236 - Confusing usage message from dynkeepalived CLI 2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported 2000430 - bump cluster-api-provider-ovirt version in installer 2000450 - 4.10: Enable static PV multi-az test 2000490 - All critical alerts shipped by CMO should have links to a runbook 2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded) 2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster 2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled 2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console 2000754 - IPerf2 tests should be lower 2000846 - Structure logs in the entire codebase of Local Storage Operator 2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24 2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM 2000938 - CVO does not respect changes to a Deployment strategy 2000963 - 'Inline-volume (default fs)] volumes should store data' tests are failing on OKD with updated selinux-policy 2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don't have snapshot and should be fullClone 2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole 2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api 2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error 2001337 - Details Card in ODF Dashboard mentions OCS 2001339 - fix text content hotplug 2001413 - [e2e][automation] add/delete nic and disk to template 2001441 - Test: oc adm must-gather runs successfully for audit logs - fail due to startup log 2001442 - Empty termination.log file for the kube-apiserver has too permissive mode 2001479 - IBM Cloud DNS unable to create/update records 2001566 - Enable alerts for prometheus operator in UWM 2001575 - Clicking on the perspective switcher shows a white page with loader 2001577 - Quick search placeholder is not displayed properly when the search string is removed 2001578 - [e2e][automation] add tests for vm dashboard tab 2001605 - PVs remain in Released state for a long time after the claim is deleted 2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options 2001620 - Cluster becomes degraded if it can't talk to Manila 2001760 - While creating 'Backing Store', 'Bucket Class', 'Namespace Store' user is navigated to 'Installed Operators' page after clicking on ODF 2001761 - Unable to apply cluster operator storage for SNO on GCP platform. 2001765 - Some error message in the log of diskmaker-manager caused confusion 2001784 - show loading page before final results instead of showing a transient message No log files exist 2001804 - Reload feature on Environment section in Build Config form does not work properly 2001810 - cluster admin unable to view BuildConfigs in all namespaces 2001817 - Failed to load RoleBindings list that will lead to ‘Role name’ is not able to be selected on Create RoleBinding page as well 2001823 - OCM controller must update operator status 2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start 2001835 - Could not select image tag version when create app from dev console 2001855 - Add capacity is disabled for ocs-storagecluster 2001856 - Repeating event: MissingVersion no image found for operand pod 2001959 - Side nav list borders don't extend to edges of container 2002007 - Layout issue on "Something went wrong" page 2002010 - ovn-kube may never attempt to retry a pod creation 2002012 - Cannot change volume mode when cloning a VM from a template 2002027 - Two instances of Dotnet helm chart show as one in topology 2002075 - opm render does not automatically pulling in the image(s) used in the deployments 2002121 - [OVN] upgrades failed for IPI OSP16 OVN IPSec cluster 2002125 - Network policy details page heading should be updated to Network Policy details 2002133 - [e2e][automation] add support/virtualization and improve deleteResource 2002134 - [e2e][automation] add test to verify vm details tab 2002215 - Multipath day1 not working on s390x 2002238 - Image stream tag is not persisted when switching from yaml to form editor 2002262 - [vSphere] Incorrect user agent in vCenter sessions list 2002266 - SinkBinding create form doesn't allow to use subject name, instead of label selector 2002276 - OLM fails to upgrade operators immediately 2002300 - Altering the Schedule Profile configurations doesn't affect the placement of the pods 2002354 - Missing DU configuration "Done" status reporting during ZTP flow 2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn't use commonjs 2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation 2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN 2002397 - Resources search is inconsistent 2002434 - CRI-O leaks some children PIDs 2002443 - Getting undefined error on create local volume set page 2002461 - DNS operator performs spurious updates in response to API's defaulting of service's internalTrafficPolicy 2002504 - When the openshift-cluster-storage-operator is degraded because of "VSphereProblemDetectorController_SyncError", the insights operator is not sending the logs from all pods. 2002559 - User preference for topology list view does not follow when a new namespace is created 2002567 - Upstream SR-IOV worker doc has broken links 2002588 - Change text to be sentence case to align with PF 2002657 - ovn-kube egress IP monitoring is using a random port over the node network 2002713 - CNO: OVN logs should have millisecond resolution 2002748 - [ICNI2] 'ErrorAddingLogicalPort' failed to handle external GW check: timeout waiting for namespace event 2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite 2002763 - Two storage systems getting created with external mode RHCS 2002808 - KCM does not use web identity credentials 2002834 - Cluster-version operator does not remove unrecognized volume mounts 2002896 - Incorrect result return when user filter data by name on search page 2002950 - Why spec.containers.command is not created with "oc create deploymentconfig --image= -- " 2003096 - [e2e][automation] check bootsource URL is displaying on review step 2003113 - OpenShift Baremetal IPI installer uses first three defined nodes under hosts in install-config for master nodes instead of filtering the hosts with the master role 2003120 - CI: Uncaught error with ResizeObserver on operand details page 2003145 - Duplicate operand tab titles causes "two children with the same key" warning 2003164 - OLM, fatal error: concurrent map writes 2003178 - [FLAKE][knative] The UI doesn't show updated traffic distribution after accepting the form 2003193 - Kubelet/crio leaks netns and veth ports in the host 2003195 - OVN CNI should ensure host veths are removed 2003204 - Jenkins all new container images (openshift4/ose-jenkins) not supporting '-e JENKINS_PASSWORD=password' ENV which was working for old container images 2003206 - Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace 2003239 - "[sig-builds][Feature:Builds][Slow] can use private repositories as build input" tests fail outside of CI 2003244 - Revert libovsdb client code 2003251 - Patternfly components with list element has list item bullet when they should not. 2003252 - "[sig-builds][Feature:Builds][Slow] starting a build using CLI start-build test context override environment BUILD_LOGLEVEL in buildconfig" tests do not work as expected outside of CI 2003269 - Rejected pods should be filtered from admission regression 2003357 - QE- Removing the epic tags for gherkin tags related to 4.9 Release 2003426 - [e2e][automation] add test for vm details bootorder 2003496 - [e2e][automation] add test for vm resources requirment settings 2003641 - All metal ipi jobs are failing in 4.10 2003651 - ODF4.9+LSO4.8 installation via UI, StorageCluster move to error state 2003655 - [IPI ON-PREM] Keepalived chk_default_ingress track script failed even though default router pod runs on node 2003683 - Samples operator is panicking in CI 2003711 - [UI] Empty file ceph-external-cluster-details-exporter.py downloaded from external cluster "Connection Details" page 2003715 - Error on creating local volume set after selection of the volume mode 2003743 - Remove workaround keeping /boot RW for kdump support 2003775 - etcd pod on CrashLoopBackOff after master replacement procedure 2003788 - CSR reconciler report error constantly when BYOH CSR approved by other Approver 2003792 - Monitoring metrics query graph flyover panel is useless 2003808 - Add Sprint 207 translations 2003845 - Project admin cannot access image vulnerabilities view 2003859 - sdn emits events with garbage messages 2003896 - (release-4.10) ApiRequestCounts conditional gatherer 2004009 - 4.10: Fix multi-az zone scheduling e2e for 5 control plane replicas 2004051 - CMO can report as being Degraded while node-exporter is deployed on all nodes 2004059 - [e2e][automation] fix current tests for downstream 2004060 - Trying to use basic spring boot sample causes crash on Firefox 2004101 - [UI] When creating storageSystem deployment type dropdown under advanced setting doesn't close after selection 2004127 - [flake] openshift-controller-manager event reason/SuccessfulDelete occurs too frequently 2004203 - build config's created prior to 4.8 with image change triggers can result in trigger storm in OCM/openshift-apiserver 2004313 - [RHOCP 4.9.0-rc.0] Failing to deploy Azure cluster from the macOS installer - ignition_bootstrap.ign: no such file or directory 2004449 - Boot option recovery menu prevents image boot 2004451 - The backup filename displayed in the RecentBackup message is incorrect 2004459 - QE - Modified the AddFlow gherkin scripts and automation scripts 2004508 - TuneD issues with the recent ConfigParser changes. 2004510 - openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions 2004542 - [osp][octavia lb] cannot create LoadBalancer type svcs 2004578 - Monitoring and node labels missing for an external storage platform 2004585 - prometheus-k8s-0 cpu usage keeps increasing for the first 3 days 2004596 - [4.10] Bootimage bump tracker 2004597 - Duplicate ramdisk log containers running 2004600 - Duplicate ramdisk log containers running 2004609 - output of "crictl inspectp" is not complete 2004625 - BMC credentials could be logged if they change 2004632 - When LE takes a large amount of time, multiple whereabouts are seen 2004721 - ptp/worker custom threshold doesn't change ptp events threshold 2004736 - [knative] Create button on new Broker form is inactive despite form being filled 2004796 - [e2e][automation] add test for vm scheduling policy 2004814 - (release-4.10) OCM controller - change type of the etc-pki-entitlement secret to opaque 2004870 - [External Mode] Insufficient spacing along y-axis in RGW Latency Performance Card 2004901 - [e2e][automation] improve kubevirt devconsole tests 2004962 - Console frontend job consuming too much CPU in CI 2005014 - state of ODF StorageSystem is misreported during installation or uninstallation 2005052 - Adding a MachineSet selector matchLabel causes orphaned Machines 2005179 - pods status filter is not taking effect 2005182 - sync list of deprecated apis about to be removed 2005282 - Storage cluster name is given as title in StorageSystem details page 2005355 - setuptools 58 makes Kuryr CI fail 2005407 - ClusterNotUpgradeable Alert should be set to Severity Info 2005415 - PTP operator with sidecar api configured throws bind: address already in use 2005507 - SNO spoke cluster failing to reach coreos.live.rootfs_url is missing url in console 2005554 - The switch status of the button "Show default project" is not revealed correctly in code 2005581 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable 2005761 - QE - Implementing crw-basic feature file 2005783 - Fix accessibility issues in the "Internal" and "Internal - Attached Mode" Installation Flow 2005811 - vSphere Problem Detector operator - ServerFaultCode: InvalidProperty 2005854 - SSH NodePort service is created for each VM 2005901 - KS, KCM and KA going Degraded during master nodes upgrade 2005902 - Current UI flow for MCG only deployment is confusing and doesn't reciprocate any message to the end-user 2005926 - PTP operator NodeOutOfPTPSync rule is using max offset from the master instead of openshift_ptp_clock_state metrics 2005971 - Change telemeter to report the Application Services product usage metrics 2005997 - SELinux domain container_logreader_t does not have a policy to follow sym links for log files 2006025 - Description to use an existing StorageClass while creating StorageSystem needs to be re-phrased 2006060 - ocs-storagecluster-storagesystem details are missing on UI for MCG Only and MCG only in LSO mode deployment types 2006101 - Power off fails for drivers that don't support Soft power off 2006243 - Metal IPI upgrade jobs are running out of disk space 2006291 - bootstrapProvisioningIP set incorrectly when provisioningNetworkCIDR doesn't use the 0th address 2006308 - Backing Store YAML tab on click displays a blank screen on UI 2006325 - Multicast is broken across nodes 2006329 - Console only allows Web Terminal Operator to be installed in OpenShift Operators 2006364 - IBM Cloud: Set resourceGroupId for resourceGroups, not simply resource 2006561 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't have failing rules evaluation [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2006690 - OS boot failure "x64 Exception Type 06 - Invalid Opcode Exception" 2006714 - add retry for etcd errors in kube-apiserver 2006767 - KubePodCrashLooping may not fire 2006803 - Set CoreDNS cache entries for forwarded zones 2006861 - Add Sprint 207 part 2 translations 2006945 - race condition can cause crashlooping bootstrap kube-apiserver in cluster-bootstrap 2006947 - e2e-aws-proxy for 4.10 is permafailing with samples operator errors 2006975 - clusteroperator/etcd status condition should not change reasons frequently due to EtcdEndpointsDegraded 2007085 - Intermittent failure mounting /run/media/iso when booting live ISO from USB stick 2007136 - Creation of BackingStore, BucketClass, NamespaceStore fails 2007271 - CI Integration for Knative test cases 2007289 - kubevirt tests are failing in CI 2007322 - Devfile/Dockerfile import does not work for unsupported git host 2007328 - Updated patternfly to v4.125.3 and pf.quickstarts to v1.2.3. 2007379 - Events are not generated for master offset for ordinary clock 2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace 2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address 2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error 2007522 - No new local-storage-operator-metadata-container is build for 4.10 2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10 2007580 - Azure cilium installs are failing e2e tests 2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10 2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes 2007692 - 4.9 "old-rhcos" jobs are permafailing with storage test failures 2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow 2007757 - must-gather extracts imagestreams in the "openshift" namespace, but not Templates 2007802 - AWS machine actuator get stuck if machine is completely missing 2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator 2008119 - The serviceAccountIssuer field on Authentication CR is reseted to “” when installation process 2008151 - Topology breaks on clicking in empty state 2008185 - Console operator go.mod should use go 1.16.version 2008201 - openstack-az job is failing on haproxy idle test 2008207 - vsphere CSI driver doesn't set resource limits 2008223 - gather_audit_logs: fix oc command line to get the current audit profile 2008235 - The Save button in the Edit DC form remains disabled 2008256 - Update Internationalization README with scope info 2008321 - Add correct documentation link for MON_DISK_LOW 2008462 - Disable PodSecurity feature gate for 4.10 2008490 - Backing store details page does not contain all the kebab actions. 2008521 - gcp-hostname service should correct invalid search entries in resolv.conf 2008532 - CreateContainerConfigError:: failed to prepare subPath for volumeMount 2008539 - Registry doesn't fall back to secondary ImageContentSourcePolicy Mirror 2008540 - HighlyAvailableWorkloadIncorrectlySpread always fires on upgrade on cluster with two workers 2008599 - Azure Stack UPI does not have Internal Load Balancer 2008612 - Plugin asset proxy does not pass through browser cache headers 2008712 - VPA webhook timeout prevents all pods from starting 2008733 - kube-scheduler: exposed /debug/pprof port 2008911 - Prometheus repeatedly scaling prometheus-operator replica set 2008926 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial] 2008987 - OpenShift SDN Hosted Egress IP's are not being scheduled to nodes after upgrade to 4.8.12 2009055 - Instances of OCS to be replaced with ODF on UI 2009078 - NetworkPodsCrashLooping alerts in upgrade CI jobs 2009083 - opm blocks pruning of existing bundles during add 2009111 - [IPI-on-GCP] 'Install a cluster with nested virtualization enabled' failed due to unable to launch compute instances 2009131 - [e2e][automation] add more test about vmi 2009148 - [e2e][automation] test vm nic presets and options 2009233 - ACM policy object generated by PolicyGen conflicting with OLM Operator 2009253 - [BM] [IPI] [DualStack] apiVIP and ingressVIP should be of the same primary IP family 2009298 - Service created for VM SSH access is not owned by the VM and thus is not deleted if the VM is deleted 2009384 - UI changes to support BindableKinds CRD changes 2009404 - ovnkube-node pod enters CrashLoopBackOff after OVN_IMAGE is swapped 2009424 - Deployment upgrade is failing availability check 2009454 - Change web terminal subscription permissions from get to list 2009465 - container-selinux should come from rhel8-appstream 2009514 - Bump OVS to 2.16-15 2009555 - Supermicro X11 system not booting from vMedia with AI 2009623 - Console: Observe > Metrics page: Table pagination menu shows bullet points 2009664 - Git Import: Edit of knative service doesn't work as expected for git import flow 2009699 - Failure to validate flavor RAM 2009754 - Footer is not sticky anymore in import forms 2009785 - CRI-O's version file should be pinned by MCO 2009791 - Installer: ibmcloud ignores install-config values 2009823 - [sig-arch] events should not repeat pathologically - reason/VSphereOlderVersionDetected Marking cluster un-upgradeable because one or more VMs are on hardware version vmx-13 2009840 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo 2009859 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests 2009873 - Stale Logical Router Policies and Annotations for a given node 2009879 - There should be test-suite coverage to ensure admin-acks work as expected 2009888 - SRO package name collision between official and community version 2010073 - uninstalling and then reinstalling sriov-network-operator is not working 2010174 - 2 PVs get created unexpectedly with different paths that actually refer to the same device on the node. 2010181 - Environment variables not getting reset on reload on deployment edit form 2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2010341 - OpenShift Alerting Rules Style-Guide Compliance 2010342 - Local console builds can have out of memory errors 2010345 - OpenShift Alerting Rules Style-Guide Compliance 2010348 - Reverts PIE build mode for K8S components 2010352 - OpenShift Alerting Rules Style-Guide Compliance 2010354 - OpenShift Alerting Rules Style-Guide Compliance 2010359 - OpenShift Alerting Rules Style-Guide Compliance 2010368 - OpenShift Alerting Rules Style-Guide Compliance 2010376 - OpenShift Alerting Rules Style-Guide Compliance 2010662 - Cluster is unhealthy after image-registry-operator tests 2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent) 2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API 2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address 2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing 2010864 - Failure building EFS operator 2010910 - ptp worker events unable to identify interface for multiple interfaces 2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24 2010921 - Azure Stack Hub does not handle additionalTrustBundle 2010931 - SRO CSV uses non default category "Drivers and plugins" 2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well. 2011038 - optional operator conditions are confusing 2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass 2011171 - diskmaker-manager constantly redeployed by LSO when creating LV's 2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image 2011368 - Tooltip in pipeline visualization shows misleading data 2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels 2011411 - Managed Service's Cluster overview page contains link to missing Storage dashboards 2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster 2011513 - Kubelet rejects pods that use resources that should be freed by completed pods 2011668 - Machine stuck in deleting phase in VMware "reconciler failed to Delete machine" 2011693 - (release-4.10) "insightsclient_request_recvreport_total" metric is always incremented 2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn't export namespace labels anymore 2011733 - Repository README points to broken documentarion link 2011753 - Ironic resumes clean before raid configuration job is actually completed 2011809 - The nodes page in the openshift console doesn't work. You just get a blank page 2011822 - Obfuscation doesn't work at clusters with OVN 2011882 - SRO helm charts not synced with templates 2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot 2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages 2011903 - vsphere-problem-detector: session leak 2011927 - OLM should allow users to specify a proxy for GRPC connections 2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods 2011960 - [tracker] Storage operator is not available after reboot cluster instances 2011971 - ICNI2 pods are stuck in ContainerCreating state 2011972 - Ingress operator not creating wildcard route for hypershift clusters 2011977 - SRO bundle references non-existent image 2012069 - Refactoring Status controller 2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI 2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group 2012233 - [IBMCLOUD] IPI: "Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)" 2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig 2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off 2012407 - [e2e][automation] improve vm tab console tests 2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don't have namespace label 2012562 - migration condition is not detected in list view 2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written 2012780 - The port 50936 used by haproxy is occupied by kube-apiserver 2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working 2012902 - Neutron Ports assigned to Completed Pods are not reused Edit 2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack 2012971 - Disable operands deletes 2013034 - Cannot install to openshift-nmstate namespace 2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine) 2013199 - post reboot of node SRIOV policy taking huge time 2013203 - UI breaks when trying to create block pool before storage cluster/system creation 2013222 - Full breakage for nightly payload promotion 2013273 - Nil pointer exception when phc2sys options are missing 2013321 - TuneD: high CPU utilization of the TuneD daemon. 2013416 - Multiple assets emit different content to the same filename 2013431 - Application selector dropdown has incorrect font-size and positioning 2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8 2013545 - Service binding created outside topology is not visible 2013599 - Scorecard support storage is not included in ocp4.9 2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide) 2013646 - fsync controller will show false positive if gaps in metrics are observed. 2013710 - ZTP Operator subscriptions for 4.9 release branch should point to 4.9 by default 2013751 - Service details page is showing wrong in-cluster hostname 2013787 - There are two tittle 'Network Attachment Definition Details' on NAD details page 2013871 - Resource table headings are not aligned with their column data 2013895 - Cannot enable accelerated network via MachineSets on Azure 2013920 - "--collector.filesystem.ignored-mount-points is DEPRECATED and will be removed in 2.0.0, use --collector.filesystem.mount-points-exclude" 2013930 - Create Buttons enabled for Bucket Class, Backingstore and Namespace Store in the absence of Storagesystem(or MCG) 2013969 - oVIrt CSI driver fails on creating PVCs on hosted engine storage domain 2013990 - Observe dashboard crashs on reload when perspective has changed (in another tab) 2013996 - Project detail page: Action "Delete Project" does nothing for the default project 2014071 - Payload imagestream new tags not properly updated during cluster upgrade 2014153 - SRIOV exclusive pooling 2014202 - [OCP-4.8.10] OVN-Kubernetes: service IP is not responding when egressIP set to the namespace 2014238 - AWS console test is failing on importing duplicate YAML definitions 2014245 - Several aria-labels, external links, and labels aren't internationalized 2014248 - Several files aren't internationalized 2014352 - Could not filter out machine by using node name on machines page 2014464 - Unexpected spacing/padding below navigation groups in developer perspective 2014471 - Helm Release notes tab is not automatically open after installing a chart for other languages 2014486 - Integration Tests: OLM single namespace operator tests failing 2014488 - Custom operator cannot change orders of condition tables 2014497 - Regex slows down different forms and creates too much recursion errors in the log 2014538 - Kuryr controller crash looping on self._get_vip_port(loadbalancer).id 'NoneType' object has no attribute 'id' 2014614 - Metrics scraping requests should be assigned to exempt priority level 2014710 - TestIngressStatus test is broken on Azure 2014954 - The prometheus-k8s-{0,1} pods are CrashLoopBackoff repeatedly 2014995 - oc adm must-gather cannot gather audit logs with 'None' audit profile 2015115 - [RFE] PCI passthrough 2015133 - [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl '--resource-group-name' parameter 2015154 - Support ports defined networks and primarySubnet 2015274 - Yarn dev fails after updates to dynamic plugin JSON schema logic 2015337 - 4.9.0 GA MetalLB operator image references need to be adjusted to match production 2015386 - Possibility to add labels to the built-in OCP alerts 2015395 - Table head on Affinity Rules modal is not fully expanded 2015416 - CI implementation for Topology plugin 2015418 - Project Filesystem query returns No datapoints found 2015420 - No vm resource in project view's inventory 2015422 - No conflict checking on snapshot name 2015472 - Form and YAML view switch button should have distinguishable status 2015481 - [4.10] sriov-network-operator daemon pods are failing to start 2015493 - Cloud Controller Manager Operator does not respect 'additionalTrustBundle' setting 2015496 - Storage - PersistentVolumes : Claim colum value 'No Claim' in English 2015498 - [UI] Add capacity when not applicable (for MCG only deployment and External mode cluster) fails to pass any info. to user and tries to just load a blank screen on 'Add Capacity' button click 2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu 2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain. 2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart 'x% used' is in English 2015549 - Observe - Metrics: Column heading and pagination text is in English 2015557 - Workloads - DeploymentConfigs : Error message is in English 2015568 - Compute - Nodes : CPU column's values are in English 2015635 - Storage operator fails causing installation to fail on ASH 2015660 - "Finishing boot source customization" screen should not use term "patched" 2015793 - [hypershift] The collect-profiles job's pods should run on the control-plane node 2015806 - Metrics view in Deployment reports "Forbidden" when not cluster-admin 2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning 2015837 - OS_CLOUD overwrites install-config's platform.openstack.cloud 2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch 2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail 2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed) 2016008 - [4.10] Bootimage bump tracker 2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver 2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator 2016054 - No e2e CI presubmit configured for release component cluster-autoscaler 2016055 - No e2e CI presubmit configured for release component console 2016058 - openshift-sync does not synchronise in "ose-jenkins:v4.8" 2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager 2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers 2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters. 2016179 - Add Sprint 208 translations 2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager 2016235 - should update to 7.5.11 for grafana resources version label 2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails 2016334 - shiftstack: SRIOV nic reported as not supported 2016352 - Some pods start before CA resources are present 2016367 - Empty task box is getting created for a pipeline without finally task 2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts 2016438 - Feature flag gating is missing in few extensions contributed via knative plugin 2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc 2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets 2016453 - Complete i18n for GaugeChart defaults 2016479 - iface-id-ver is not getting updated for existing lsp 2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear 2016951 - dynamic actions list is not disabling "open console" for stopped vms 2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available 2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances 2017016 - [REF] Virtualization menu 2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn 2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly 2017130 - t is not a function error navigating to details page 2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue 2017244 - ovirt csi operator static files creation is in the wrong order 2017276 - [4.10] Volume mounts not created with the correct security context 2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed. 2017427 - NTO does not restart TuneD daemon when profile application is taking too long 2017535 - Broken Argo CD link image on GitOps Details Page 2017547 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references 2017564 - On-prem prepender dispatcher script overwrites DNS search settings 2017565 - CCMO does not handle additionalTrustBundle on Azure Stack 2017566 - MetalLB: Web Console -Create Address pool form shows address pool name twice 2017606 - [e2e][automation] add test to verify send key for VNC console 2017650 - [OVN]EgressFirewall cannot be applied correctly if cluster has windows nodes 2017656 - VM IP address is "undefined" under VM details -> ssh field 2017663 - SSH password authentication is disabled when public key is not supplied 2017680 - [gcp] Couldn’t enable support for instances with GPUs on GCP 2017732 - [KMS] Prevent creation of encryption enabled storageclass without KMS connection set 2017752 - (release-4.10) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource 2017756 - overlaySize setting on containerruntimeconfig is ignored due to cri-o defaults 2017761 - [e2e][automation] dummy bug for 4.9 test dependency 2017872 - Add Sprint 209 translations 2017874 - The installer is incorrectly checking the quota for X instances instead of G and VT instances 2017879 - Add Chinese translation for "alternate" 2017882 - multus: add handling of pod UIDs passed from runtime 2017909 - [ICNI 2.0] ovnkube-masters stop processing add/del events for pods 2018042 - HorizontalPodAutoscaler CPU averageValue did not show up in HPA metrics GUI 2018093 - Managed cluster should ensure control plane pods do not run in best-effort QoS 2018094 - the tooltip length is limited 2018152 - CNI pod is not restarted when It cannot start servers due to ports being used 2018208 - e2e-metal-ipi-ovn-ipv6 are failing 75% of the time 2018234 - user settings are saved in local storage instead of on cluster 2018264 - Delete Export button doesn't work in topology sidebar (general issue with unknown CSV?) 2018272 - Deployment managed by link and topology sidebar links to invalid resource page (at least for Exports) 2018275 - Topology graph doesn't show context menu for Export CSV 2018279 - Edit and Delete confirmation modals for managed resource should close when the managed resource is clicked 2018380 - Migrate docs links to access.redhat.com 2018413 - Error: context deadline exceeded, OCP 4.8.9 2018428 - PVC is deleted along with VM even with "Delete Disks" unchecked 2018445 - [e2e][automation] enhance tests for downstream 2018446 - [e2e][automation] move tests to different level 2018449 - [e2e][automation] add test about create/delete network attachment definition 2018490 - [4.10] Image provisioning fails with file name too long 2018495 - Fix typo in internationalization README 2018542 - Kernel upgrade does not reconcile DaemonSet 2018880 - Get 'No datapoints found.' when query metrics about alert rule KubeCPUQuotaOvercommit and KubeMemoryQuotaOvercommit 2018884 - QE - Adapt crw-basic feature file to OCP 4.9/4.10 changes 2018935 - go.sum not updated, that ART extracts version string from, WAS: Missing backport from 4.9 for Kube bump PR#950 2018965 - e2e-metal-ipi-upgrade is permafailing in 4.10 2018985 - The rootdisk size is 15Gi of windows VM in customize wizard 2019001 - AWS: Operator degraded (CredentialsFailing): 1 of 6 credentials requests are failing to sync. 2019096 - Update SRO leader election timeout to support SNO 2019129 - SRO in operator hub points to wrong repo for README 2019181 - Performance profile does not apply 2019198 - ptp offset metrics are not named according to the log output 2019219 - [IBMCLOUD]: cloud-provider-ibm missing IAM permissions in CCCMO CredentialRequest 2019284 - Stop action should not in the action list while VMI is not running 2019346 - zombie processes accumulation and Argument list too long 2019360 - [RFE] Virtualization Overview page 2019452 - Logger object in LSO appends to existing logger recursively 2019591 - Operator install modal body that scrolls has incorrect padding causing shadow position to be incorrect 2019634 - Pause and migration is enabled in action list for a user who has view only permission 2019636 - Actions in VM tabs should be disabled when user has view only permission 2019639 - "Take snapshot" should be disabled while VM image is still been importing 2019645 - Create button is not removed on "Virtual Machines" page for view only user 2019646 - Permission error should pop-up immediately while clicking "Create VM" button on template page for view only user 2019647 - "Remove favorite" and "Create new Template" should be disabled in template action list for view only user 2019717 - cant delete VM with un-owned pvc attached 2019722 - The shared-resource-csi-driver-node pod runs as “BestEffort” qosClass 2019739 - The shared-resource-csi-driver-node uses imagePullPolicy as "Always" 2019744 - [RFE] Suggest users to download newest RHEL 8 version 2019809 - [OVN][Upgrade] After upgrade to 4.7.34 ovnkube-master pods are in CrashLoopBackOff/ContainerCreating and other multiple issues at OVS/OVN level 2019827 - Display issue with top-level menu items running demo plugin 2019832 - 4.10 Nightlies blocked: Failed to upgrade authentication, operator was degraded 2019886 - Kuryr unable to finish ports recovery upon controller restart 2019948 - [RFE] Restructring Virtualization links 2019972 - The Nodes section doesn't display the csr of the nodes that are trying to join the cluster 2019977 - Installer doesn't validate region causing binary to hang with a 60 minute timeout 2019986 - Dynamic demo plugin fails to build 2019992 - instance:node_memory_utilisation:ratio metric is incorrect 2020001 - Update dockerfile for demo dynamic plugin to reflect dir change 2020003 - MCD does not regard "dangling" symlinks as a files, attempts to write through them on next backup, resulting in "not writing through dangling symlink" error and degradation. 2020107 - cluster-version-operator: remove runlevel from CVO namespace 2020153 - Creation of Windows high performance VM fails 2020216 - installer: Azure storage container blob where is stored bootstrap.ign file shouldn't be public 2020250 - Replacing deprecated ioutil 2020257 - Dynamic plugin with multiple webpack compilation passes may fail to build 2020275 - ClusterOperators link in console returns blank page during upgrades 2020377 - permissions error while using tcpdump option with must-gather 2020489 - coredns_dns metrics don't include the custom zone metrics data due to CoreDNS prometheus plugin is not defined 2020498 - "Show PromQL" button is disabled 2020625 - [AUTH-52] User fails to login from web console with keycloak OpenID IDP after enable group membership sync feature 2020638 - [4.7] CI conformance test failures related to CustomResourcePublishOpenAPI 2020664 - DOWN subports are not cleaned up 2020904 - When trying to create a connection from the Developer view between VMs, it fails 2021016 - 'Prometheus Stats' of dashboard 'Prometheus Overview' miss data on console compared with Grafana 2021017 - 404 page not found error on knative eventing page 2021031 - QE - Fix the topology CI scripts 2021048 - [RFE] Added MAC Spoof check 2021053 - Metallb operator presented as community operator 2021067 - Extensive number of requests from storage version operator in cluster 2021081 - Missing PolicyGenTemplate for configuring Local Storage Operator LocalVolumes 2021135 - [azure-file-csi-driver] "make unit-test" returns non-zero code, but tests pass 2021141 - Cluster should allow a fast rollout of kube-apiserver is failing on single node 2021151 - Sometimes the DU node does not get the performance profile configuration applied and MachineConfigPool stays stuck in Updating 2021152 - imagePullPolicy is "Always" for ptp operator images 2021191 - Project admins should be able to list available network attachment defintions 2021205 - Invalid URL in git import form causes validation to not happen on URL change 2021322 - cluster-api-provider-azure should populate purchase plan information 2021337 - Dynamic Plugins: ResourceLink doesn't render when passed a groupVersionKind 2021364 - Installer requires invalid AWS permission s3:GetBucketReplication 2021400 - Bump documentationBaseURL to 4.10 2021405 - [e2e][automation] VM creation wizard Cloud Init editor 2021433 - "[sig-builds][Feature:Builds][pullsearch] docker build where the registry is not specified" test fail permanently on disconnected 2021466 - [e2e][automation] Windows guest tool mount 2021544 - OCP 4.6.44 - Ingress VIP assigned as secondary IP in ovs-if-br-ex and added to resolv.conf as nameserver 2021551 - Build is not recognizing the USER group from an s2i image 2021607 - Unable to run openshift-install with a vcenter hostname that begins with a numeric character 2021629 - api request counts for current hour are incorrect 2021632 - [UI] Clicking on odf-operator breadcrumb from StorageCluster details page displays empty page 2021693 - Modals assigned modal-lg class are no longer the correct width 2021724 - Observe > Dashboards: Graph lines are not visible when obscured by other lines 2021731 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled 2021936 - Kubelet version in RPMs should be using Dockerfile label instead of git tags 2022050 - [BM][IPI] Failed during bootstrap - unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem 2022053 - dpdk application with vhost-net is not able to start 2022114 - Console logging every proxy request 2022144 - 1 of 3 ovnkube-master pods stuck in clbo after ipi bm deployment - dualstack (Intermittent) 2022251 - wait interval in case of a failed upload due to 403 is unnecessarily long 2022399 - MON_DISK_LOW troubleshooting guide link when clicked, gives 404 error . 2022447 - ServiceAccount in manifests conflicts with OLM 2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules. 2022509 - getOverrideForManifest does not check manifest.GVK.Group 2022536 - WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache 2022612 - no namespace field for "Kubernetes / Compute Resources / Namespace (Pods)" admin console dashboard 2022627 - Machine object not picking up external FIP added to an openstack vm 2022646 - configure-ovs.sh failure - Error: unknown connection 'WARN:' 2022707 - Observe / monitoring dashboard shows forbidden errors on Dev Sandbox 2022801 - Add Sprint 210 translations 2022811 - Fix kubelet log rotation file handle leak 2022812 - [SCALE] ovn-kube service controller executes unnecessary load balancer operations 2022824 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests 2022880 - Pipeline renders with minor visual artifact with certain task dependencies 2022886 - Incorrect URL in operator description 2023042 - CRI-O filters custom runtime allowed annotation when both custom workload and custom runtime sections specified under the config 2023060 - [e2e][automation] Windows VM with CDROM migration 2023077 - [e2e][automation] Home Overview Virtualization status 2023090 - [e2e][automation] Examples of Import URL for VM templates 2023102 - [e2e][automation] Cloudinit disk of VM from custom template 2023216 - ACL for a deleted egressfirewall still present on node join switch 2023228 - Remove Tech preview badge on Trigger components 1.6 OSP on OCP 4.9 2023238 - [sig-devex][Feature:ImageEcosystem][python][Slow] hot deploy for openshift python image Django example should work with hot deploy 2023342 - SCC admission should take ephemeralContainers into account 2023356 - Devfiles can't be loaded in Safari on macOS (403 - Forbidden) 2023434 - Update Azure Machine Spec API to accept Marketplace Images 2023500 - Latency experienced while waiting for volumes to attach to node 2023522 - can't remove package from index: database is locked 2023560 - "Network Attachment Definitions" has no project field on the top in the list view 2023592 - [e2e][automation] add mac spoof check for nad 2023604 - ACL violation when deleting a provisioning-configuration resource 2023607 - console returns blank page when normal user without any projects visit Installed Operators page 2023638 - Downgrade support level for extended control plane integration to Dev Preview 2023657 - inconsistent behaviours of adding ssh key on rhel node between 4.9 and 4.10 2023675 - Changing CNV Namespace 2023779 - Fix Patch 104847 in 4.9 2023781 - initial hardware devices is not loading in wizard 2023832 - CCO updates lastTransitionTime for non-Status changes 2023839 - Bump recommended FCOS to 34.20211031.3.0 2023865 - Console css overrides prevent dynamic plug-in PatternFly tables from displaying correctly 2023950 - make test-e2e-operator on kubernetes-nmstate results in failure to pull image from "registry:5000" repository 2023985 - [4.10] OVN idle service cannot be accessed after upgrade from 4.8 2024055 - External DNS added extra prefix for the TXT record 2024108 - Occasionally node remains in SchedulingDisabled state even after update has been completed sucessfully 2024190 - e2e-metal UPI is permafailing with inability to find rhcos.json 2024199 - 400 Bad Request error for some queries for the non admin user 2024220 - Cluster monitoring checkbox flickers when installing Operator in all-namespace mode 2024262 - Sample catalog is not displayed when one API call to the backend fails 2024309 - cluster-etcd-operator: defrag controller needs to provide proper observability 2024316 - modal about support displays wrong annotation 2024328 - [oVirt / RHV] PV disks are lost when machine deleted while node is disconnected 2024399 - Extra space is in the translated text of "Add/Remove alternate service" on Create Route page 2024448 - When ssh_authorized_keys is empty in form view it should not appear in yaml view 2024493 - Observe > Alerting > Alerting rules page throws error trying to destructure undefined 2024515 - test-blocker: Ceph-storage-plugin tests failing 2024535 - hotplug disk missing OwnerReference 2024537 - WINDOWS_IMAGE_LINK does not refer to windows cloud image 2024547 - Detail page is breaking for namespace store , backing store and bucket class. 2024551 - KMS resources not getting created for IBM FlashSystem storage 2024586 - Special Resource Operator(SRO) - Empty image in BuildConfig when using RT kernel 2024613 - pod-identity-webhook starts without tls 2024617 - vSphere CSI tests constantly failing with Rollout of the monitoring stack failed and is degraded 2024665 - Bindable services are not shown on topology 2024731 - linuxptp container: unnecessary checking of interfaces 2024750 - i18n some remaining OLM items 2024804 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured 2024826 - [RHOS/IPI] Masters are not joining a clusters when installing on OpenStack 2024841 - test Keycloak with latest tag 2024859 - Not able to deploy an existing image from private image registry using developer console 2024880 - Egress IP breaks when network policies are applied 2024900 - Operator upgrade kube-apiserver 2024932 - console throws "Unauthorized" error after logging out 2024933 - openshift-sync plugin does not sync existing secrets/configMaps on start up 2025093 - Installer does not honour diskformat specified in storage policy and defaults to zeroedthick 2025230 - ClusterAutoscalerUnschedulablePods should not be a warning 2025266 - CreateResource route has exact prop which need to be removed 2025301 - [e2e][automation] VM actions availability in different VM states 2025304 - overwrite storage section of the DV spec instead of the pvc section 2025431 - [RFE]Provide specific windows source link 2025458 - [IPI-AWS] cluster-baremetal-operator pod in a crashloop state after patching from 4.7.21 to 4.7.36 2025464 - [aws] openshift-install gather bootstrap collects logs for bootstrap and only one master node 2025467 - [OVN-K][ETP=local] Host to service backed by ovn pods doesn't work for ExternalTrafficPolicy=local 2025481 - Update VM Snapshots UI 2025488 - [DOCS] Update the doc for nmstate operator installation 2025592 - ODC 4.9 supports invalid devfiles only 2025765 - It should not try to load from storageProfile after unchecking"Apply optimized StorageProfile settings" 2025767 - VMs orphaned during machineset scaleup 2025770 - [e2e] non-priv seems looking for v2v-vmware configMap in ns "kubevirt-hyperconverged" while using customize wizard 2025788 - [IPI on azure]Pre-check on IPI Azure, should check VM Size’s vCPUsAvailable instead of vCPUs for the sku. 2025821 - Make "Network Attachment Definitions" available to regular user 2025823 - The console nav bar ignores plugin separator in existing sections 2025830 - CentOS capitalizaion is wrong 2025837 - Warn users that the RHEL URL expire 2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin- 2025903 - [UI] RoleBindings tab doesn't show correct rolebindings 2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2026178 - OpenShift Alerting Rules Style-Guide Compliance 2026209 - Updation of task is getting failed (tekton hub integration) 2026223 - Internal error occurred: failed calling webhook "ptpconfigvalidationwebhook.openshift.io" 2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates 2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct 2026352 - Kube-Scheduler revision-pruner fail during install of new cluster 2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment 2026383 - Error when rendering custom Grafana dashboard through ConfigMap 2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation 2026396 - Cachito Issues: sriov-network-operator Image build failure 2026488 - openshift-controller-manager - delete event is repeating pathologically 2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined. 2026560 - Cluster-version operator does not remove unrecognized volume mounts 2026699 - fixed a bug with missing metadata 2026813 - add Mellanox CX-6 Lx DeviceID 101f NIC support in SR-IOV Operator 2026898 - Description/details are missing for Local Storage Operator 2027132 - Use the specific icon for Fedora and CentOS template 2027238 - "Node Exporter / USE Method / Cluster" CPU utilization graph shows incorrect legend 2027272 - KubeMemoryOvercommit alert should be human readable 2027281 - [Azure] External-DNS cannot find the private DNS zone in the resource group 2027288 - Devfile samples can't be loaded after fixing it on Safari (redirect caching issue) 2027299 - The status of checkbox component is not revealed correctly in code 2027311 - K8s watch hooks do not work when fetching core resources 2027342 - Alert ClusterVersionOperatorDown is firing on OpenShift Container Platform after ca certificate rotation 2027363 - The azure-file-csi-driver and azure-file-csi-driver-operator don't use the downstream images 2027387 - [IBMCLOUD] Terraform ibmcloud-provider buffers entirely the qcow2 image causing spikes of 5GB of RAM during installation 2027498 - [IBMCloud] SG Name character length limitation 2027501 - [4.10] Bootimage bump tracker 2027524 - Delete Application doesn't delete Channels or Brokers 2027563 - e2e/add-flow-ci.feature fix accessibility violations 2027585 - CVO crashes when changing spec.upstream to a cincinnati graph which includes invalid conditional edges 2027629 - Gather ValidatingWebhookConfiguration and MutatingWebhookConfiguration resource definitions 2027685 - openshift-cluster-csi-drivers pods crashing on PSI 2027745 - default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced 2027824 - ovnkube-master CrashLoopBackoff: panic: Expected slice or struct but got string 2027917 - No settings in hostfirmwaresettings and schema objects for masters 2027927 - sandbox creation fails due to obsolete option in /etc/containers/storage.conf 2027982 - nncp stucked at ConfigurationProgressing 2028019 - Max pending serving CSRs allowed in cluster machine approver is not right for UPI clusters 2028024 - After deleting a SpecialResource, the node is still tagged although the driver is removed 2028030 - Panic detected in cluster-image-registry-operator pod 2028042 - Desktop viewer for Windows VM shows "no Service for the RDP (Remote Desktop Protocol) can be found" 2028054 - Cloud controller manager operator can't get leader lease when upgrading from 4.8 up to 4.9 2028106 - [RFE] Use dynamic plugin actions for kubevirt plugin 2028141 - Console tests doesn't pass on Node.js 15 and 16 2028160 - Remove i18nKey in network-policy-peer-selectors.tsx 2028162 - Add Sprint 210 translations 2028170 - Remove leading and trailing whitespace 2028174 - Add Sprint 210 part 2 translations 2028187 - Console build doesn't pass on Node.js 16 because node-sass doesn't support it 2028217 - Cluster-version operator does not default Deployment replicas to one 2028240 - Multiple CatalogSources causing higher CPU use than necessary 2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn't be set in HostFirmwareSettings 2028325 - disableDrain should be set automatically on SNO 2028484 - AWS EBS CSI driver's livenessprobe does not respect operator's loglevel 2028531 - Missing netFilter to the list of parameters when platform is OpenStack 2028610 - Installer doesn't retry on GCP rate limiting 2028685 - LSO repeatedly reports errors while diskmaker-discovery pod is starting 2028695 - destroy cluster does not prune bootstrap instance profile 2028731 - The containerruntimeconfig controller has wrong assumption regarding the number of containerruntimeconfigs 2028802 - CRI-O panic due to invalid memory address or nil pointer dereference 2028816 - VLAN IDs not released on failures 2028881 - Override not working for the PerformanceProfile template 2028885 - Console should show an error context if it logs an error object 2028949 - Masthead dropdown item hover text color is incorrect 2028963 - Whereabouts should reconcile stranded IP addresses 2029034 - enabling ExternalCloudProvider leads to inoperative cluster 2029178 - Create VM with wizard - page is not displayed 2029181 - Missing CR from PGT 2029273 - wizard is not able to use if project field is "All Projects" 2029369 - Cypress tests github rate limit errors 2029371 - patch pipeline--worker nodes unexpectedly reboot during scale out 2029394 - missing empty text for hardware devices at wizard review 2029414 - Alibaba Disk snapshots with XFS filesystem cannot be used 2029416 - Alibaba Disk CSI driver does not use credentials provided by CCO / ccoctl 2029521 - EFS CSI driver cannot delete volumes under load 2029570 - Azure Stack Hub: CSI Driver does not use user-ca-bundle 2029579 - Clicking on an Application which has a Helm Release in it causes an error 2029644 - New resource FirmwareSchema - reset_required exists for Dell machines and doesn't for HPE 2029645 - Sync upstream 1.15.0 downstream 2029671 - VM action "pause" and "clone" should be disabled while VM disk is still being importing 2029742 - [ovn] Stale lr-policy-list and snat rules left for egressip 2029750 - cvo keep restart due to it fail to get feature gate value during the initial start stage 2029785 - CVO panic when an edge is included in both edges and conditionaledges 2029843 - Downstream ztp-site-generate-rhel8 4.10 container image missing content(/home/ztp) 2030003 - HFS CRD: Attempt to set Integer parameter to not-numeric string value - no error 2030029 - [4.10][goroutine]Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace 2030228 - Fix StorageSpec resources field to use correct API 2030229 - Mirroring status card reflect wrong data 2030240 - Hide overview page for non-privileged user 2030305 - Export App job do not completes 2030347 - kube-state-metrics exposes metrics about resource annotations 2030364 - Shared resource CSI driver monitoring is not setup correctly 2030488 - Numerous Azure CI jobs are Failing with Partially Rendered machinesets 2030534 - Node selector/tolerations rules are evaluated too early 2030539 - Prometheus is not highly available 2030556 - Don't display Description or Message fields for alerting rules if those annotations are missing 2030568 - Operator installation fails to parse operatorframework.io/initialization-resource annotation 2030574 - console service uses older "service.alpha.openshift.io" for the service serving certificates. 2030677 - BOND CNI: There is no option to configure MTU on a Bond interface 2030692 - NPE in PipelineJobListener.upsertWorkflowJob 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2030847 - PerformanceProfile API version should be v2 2030961 - Customizing the OAuth server URL does not apply to upgraded cluster 2031006 - Application name input field is not autofocused when user selects "Create application" 2031012 - Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex 2031040 - Error screen when open topology sidebar for a Serverless / knative service which couldn't be started 2031049 - [vsphere upi] pod machine-config-operator cannot be started due to panic issue 2031057 - Topology sidebar for Knative services shows a small pod ring with "0 undefined" as tooltip 2031060 - Failing CSR Unit test due to expired test certificate 2031085 - ovs-vswitchd running more threads than expected 2031141 - Some pods not able to reach k8s api svc IP 198.223.0.1 2031228 - CVE-2021-43813 grafana: directory traversal vulnerability 2031502 - [RFE] New common templates crash the ui 2031685 - Duplicated forward upstreams should be removed from the dns operator 2031699 - The displayed ipv6 address of a dns upstream should be case sensitive 2031797 - [RFE] Order and text of Boot source type input are wrong 2031826 - CI tests needed to confirm driver-toolkit image contents 2031831 - OCP Console - Global CSS overrides affecting dynamic plugins 2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional 2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled) 2031875 - [RFE]: Provide online documentation for the SRO CRD (via oc explain) 2031926 - [ipv6dualstack] After SVC conversion from single stack only to RequireDualStack, cannot curl NodePort from the node itself 2032006 - openshift-gitops-application-controller-0 failed to schedule with sufficient node allocatable resource 2032111 - arm64 cluster, create project and deploy the example deployment, pod is CrashLoopBackOff due to the image is built on linux+amd64 2032141 - open the alertrule link in new tab, got empty page 2032179 - [PROXY] external dns pod cannot reach to cloud API in the cluster behind a proxy 2032296 - Cannot create machine with ephemeral disk on Azure 2032407 - UI will show the default openshift template wizard for HANA template 2032415 - Templates page - remove "support level" badge and add "support level" column which should not be hard coded 2032421 - [RFE] UI integration with automatic updated images 2032516 - Not able to import git repo with .devfile.yaml 2032521 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the aws_vpc_dhcp_options_association resource 2032547 - hardware devices table have filter when table is empty 2032565 - Deploying compressed files with a MachineConfig resource degrades the MachineConfigPool 2032566 - Cluster-ingress-router does not support Azure Stack 2032573 - Adopting enforces deploy_kernel/ramdisk which does not work with deploy_iso 2032589 - DeploymentConfigs ignore resolve-names annotation 2032732 - Fix styling conflicts due to recent console-wide CSS changes 2032831 - Knative Services and Revisions are not shown when Service has no ownerReference 2032851 - Networking is "not available" in Virtualization Overview 2032926 - Machine API components should use K8s 1.23 dependencies 2032994 - AddressPool IP is not allocated to service external IP wtih aggregationLength 24 2032998 - Can not achieve 250 pods/node with OVNKubernetes in a multiple worker node cluster 2033013 - Project dropdown in user preferences page is broken 2033044 - Unable to change import strategy if devfile is invalid 2033098 - Conjunction in ProgressiveListFooter.tsx is not translatable 2033111 - IBM VPC operator library bump removed global CLI args 2033138 - "No model registered for Templates" shows on customize wizard 2033215 - Flaky CI: crud/other-routes.spec.ts fails sometimes with an cypress ace/a11y AssertionError: 1 accessibility violation was detected 2033239 - [IPI on Alibabacloud] 'openshift-install' gets the wrong region (‘cn-hangzhou’) selected 2033257 - unable to use configmap for helm charts 2033271 - [IPI on Alibabacloud] destroying cluster succeeded, but the resource group deletion wasn’t triggered 2033290 - Product builds for console are failing 2033382 - MAPO is missing machine annotations 2033391 - csi-driver-shared-resource-operator sets unused CVO-manifest annotations 2033403 - Devfile catalog does not show provider information 2033404 - Cloud event schema is missing source type and resource field is using wrong value 2033407 - Secure route data is not pre-filled in edit flow form 2033422 - CNO not allowing LGW conversion from SGW in runtime 2033434 - Offer darwin/arm64 oc in clidownloads 2033489 - CCM operator failing on baremetal platform 2033518 - [aws-efs-csi-driver]Should not accept invalid FSType in sc for AWS EFS driver 2033524 - [IPI on Alibabacloud] interactive installer cannot list existing base domains 2033536 - [IPI on Alibabacloud] bootstrap complains invalid value for alibabaCloud.resourceGroupID when updating "cluster-infrastructure-02-config.yml" status, which leads to bootstrap failed and all master nodes NotReady 2033538 - Gather Cost Management Metrics Custom Resource 2033579 - SRO cannot update the special-resource-lifecycle ConfigMap if the data field is undefined 2033587 - Flaky CI test project-dashboard.scenario.ts: Resource Quotas Card was not found on project detail page 2033634 - list-style-type: disc is applied to the modal dropdowns 2033720 - Update samples in 4.10 2033728 - Bump OVS to 2.16.0-33 2033729 - remove runtime request timeout restriction for azure 2033745 - Cluster-version operator makes upstream update service / Cincinnati requests more frequently than intended 2033749 - Azure Stack Terraform fails without Local Provider 2033750 - Local volume should pull multi-arch image for kube-rbac-proxy 2033751 - Bump kubernetes to 1.23 2033752 - make verify fails due to missing yaml-patch 2033784 - set kube-apiserver degraded=true if webhook matches a virtual resource 2034004 - [e2e][automation] add tests for VM snapshot improvements 2034068 - [e2e][automation] Enhance tests for 4.10 downstream 2034087 - [OVN] EgressIP was assigned to the node which is not egress node anymore 2034097 - [OVN] After edit EgressIP object, the status is not correct 2034102 - [OVN] Recreate the deleted EgressIP object got InvalidEgressIP warning 2034129 - blank page returned when clicking 'Get started' button 2034144 - [OVN AWS] ovn-kube egress IP monitoring cannot detect the failure on ovn-k8s-mp0 2034153 - CNO does not verify MTU migration for OpenShiftSDN 2034155 - [OVN-K] [Multiple External Gateways] Per pod SNAT is disabled 2034170 - Use function.knative.dev for Knative Functions related labels 2034190 - unable to add new VirtIO disks to VMs 2034192 - Prometheus fails to insert reporting metrics when the sample limit is met 2034243 - regular user cant load template list 2034245 - installing a cluster on aws, gcp always fails with "Error: Incompatible provider version" 2034248 - GPU/Host device modal is too small 2034257 - regular user Create VM missing permissions alert 2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial] 2034287 - do not block upgrades if we can't create storageclass in 4.10 in vsphere 2034300 - Du validator policy is NonCompliant after DU configuration completed 2034319 - Negation constraint is not validating packages 2034322 - CNO doesn't pick up settings required when ExternalControlPlane topology 2034350 - The CNO should implement the Whereabouts IP reconciliation cron job 2034362 - update description of disk interface 2034398 - The Whereabouts IPPools CRD should include the podref field 2034409 - Default CatalogSources should be pointing to 4.10 index images 2034410 - Metallb BGP, BFD: prometheus is not scraping the frr metrics 2034413 - cloud-network-config-controller fails to init with secret "cloud-credentials" not found in manual credential mode 2034460 - Summary: cloud-network-config-controller does not account for different environment 2034474 - Template's boot source is "Unknown source" before and after set enableCommonBootImageImport to true 2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren't working properly 2034493 - Change cluster version operator log level 2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list 2034527 - IPI deployment fails 'timeout reached while inspecting the node' when provisioning network ipv6 2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer 2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART 2034537 - Update team 2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds 2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success 2034577 - Current OVN gateway mode should be reflected on node annotation as well 2034621 - context menu not popping up for application group 2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10 2034624 - Warn about unsupported CSI driver in vsphere operator 2034647 - missing volumes list in snapshot modal 2034648 - Rebase openshift-controller-manager to 1.23 2034650 - Rebase openshift/builder to 1.23 2034705 - vSphere: storage e2e tests logging configuration data 2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail. 2034766 - Special Resource Operator(SRO) - no cert-manager pod created in dual stack environment 2034785 - ptpconfig with summary_interval cannot be applied 2034823 - RHEL9 should be starred in template list 2034838 - An external router can inject routes if no service is added 2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent 2034879 - Lifecycle hook's name and owner shouldn't be allowed to be empty 2034881 - Cloud providers components should use K8s 1.23 dependencies 2034884 - ART cannot build the image because it tries to download controller-gen 2034889 - oc adm prune deployments does not work 2034898 - Regression in recently added Events feature 2034957 - update openshift-apiserver to kube 1.23.1 2035015 - ClusterLogForwarding CR remains stuck remediating forever 2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster 2035141 - [RFE] Show GPU/Host devices in template's details tab 2035146 - "kubevirt-plugin~PVC cannot be empty" shows on add-disk modal while adding existing PVC 2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting 2035199 - IPv6 support in mtu-migration-dispatcher.yaml 2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing 2035250 - Peering with ebgp peer over multi-hops doesn't work 2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices 2035315 - invalid test cases for AWS passthrough mode 2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env 2035321 - Add Sprint 211 translations 2035326 - [ExternalCloudProvider] installation with additional network on workers fails 2035328 - Ccoctl does not ignore credentials request manifest marked for deletion 2035333 - Kuryr orphans ports on 504 errors from Neutron 2035348 - Fix two grammar issues in kubevirt-plugin.json strings 2035393 - oc set data --dry-run=server makes persistent changes to configmaps and secrets 2035409 - OLM E2E test depends on operator package that's no longer published 2035439 - SDN Automatic assignment EgressIP on GCP returned node IP adress not egressIP address 2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to 'ecs-cn-hangzhou.aliyuncs.com' timeout, although the specified region is 'us-east-1' 2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster 2035467 - UI: Queried metrics can't be ordered on Oberve->Metrics page 2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers 2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class 2035602 - [e2e][automation] add tests for Virtualization Overview page cards 2035703 - Roles -> RoleBindings tab doesn't show RoleBindings correctly 2035704 - RoleBindings list page filter doesn't apply 2035705 - Azure 'Destroy cluster' get stuck when the cluster resource group is already not existing. 2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed 2035772 - AccessMode and VolumeMode is not reserved for customize wizard 2035847 - Two dashes in the Cronjob / Job pod name 2035859 - the output of opm render doesn't contain olm.constraint which is defined in dependencies.yaml 2035882 - [BIOS setting values] Create events for all invalid settings in spec 2035903 - One redundant capi-operator credential requests in “oc adm extract --credentials-requests” 2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen 2035927 - Cannot enable HighNodeUtilization scheduler profile 2035933 - volume mode and access mode are empty in customize wizard review tab 2035969 - "ip a " shows "Error: Peer netns reference is invalid" after create test pods 2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation 2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error 2036029 - New added cloud-network-config operator doesn’t supported aws sts format credential 2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend 2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes 2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23 2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23 2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments 2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists 2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected 2036826 - oc adm prune deployments can prune the RC/RS 2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform 2036861 - kube-apiserver is degraded while enable multitenant 2036937 - Command line tools page shows wrong download ODO link 2036940 - oc registry login fails if the file is empty or stdout 2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container 2036989 - Route URL copy to clipboard button wraps to a separate line by itself 2036990 - ZTP "DU Done inform policy" never becomes compliant on multi-node clusters 2036993 - Machine API components should use Go lang version 1.17 2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log. 2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api 2037073 - Alertmanager container fails to start because of startup probe never being successful 2037075 - Builds do not support CSI volumes 2037167 - Some log level in ibm-vpc-block-csi-controller are hard code 2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles 2037182 - PingSource badge color is not matched with knativeEventing color 2037203 - "Running VMs" card is too small in Virtualization Overview 2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly 2037237 - Add "This is a CD-ROM boot source" to customize wizard 2037241 - default TTL for noobaa cache buckets should be 0 2037246 - Cannot customize auto-update boot source 2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately 2037288 - Remove stale image reference 2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources 2037483 - Rbacs for Pods within the CBO should be more restrictive 2037484 - Bump dependencies to k8s 1.23 2037554 - Mismatched wave number error message should include the wave numbers that are in conflict 2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform] 2037635 - impossible to configure custom certs for default console route in ingress config 2037637 - configure custom certificate for default console route doesn't take effect for OCP >= 4.8 2037638 - Builds do not support CSI volumes as volume sources 2037664 - text formatting issue in Installed Operators list table 2037680 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080 2037689 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080 2037801 - Serverless installation is failing on CI jobs for e2e tests 2037813 - Metal Day 1 Networking - networkConfig Field Only Accepts String Format 2037856 - use lease for leader election 2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10 2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests 2037904 - upgrade operator deployment failed due to memory limit too low for manager container 2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation] 2038034 - non-privileged user cannot see auto-update boot source 2038053 - Bump dependencies to k8s 1.23 2038088 - Remove ipa-downloader references 2038160 - The default project missed the annotation : openshift.io/node-selector: "" 2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional 2038196 - must-gather is missing collecting some metal3 resources 2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777) 2038253 - Validator Policies are long lived 2038272 - Failures to build a PreprovisioningImage are not reported 2038384 - Azure Default Instance Types are Incorrect 2038389 - Failing test: [sig-arch] events should not repeat pathologically 2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket 2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips 2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained 2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect 2038663 - update kubevirt-plugin OWNERS 2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via "oc adm groups new" 2038705 - Update ptp reviewers 2038761 - Open Observe->Targets page, wait for a while, page become blank 2038768 - All the filters on the Observe->Targets page can't work 2038772 - Some monitors failed to display on Observe->Targets page 2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node 2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces 2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard 2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation 2038864 - E2E tests fail because multi-hop-net was not created 2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console 2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured 2038968 - Move feature gates from a carry patch to openshift/api 2039056 - Layout issue with breadcrumbs on API explorer page 2039057 - Kind column is not wide enough in API explorer page 2039064 - Bulk Import e2e test flaking at a high rate 2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled 2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters 2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost 2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy 2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator 2039170 - [upgrade]Error shown on registry operator "missing the cloud-provider-config configmap" after upgrade 2039227 - Improve image customization server parameter passing during installation 2039241 - Improve image customization server parameter passing during installation 2039244 - Helm Release revision history page crashes the UI 2039294 - SDN controller metrics cannot be consumed correctly by prometheus 2039311 - oc Does Not Describe Build CSI Volumes 2039315 - Helm release list page should only fetch secrets for deployed charts 2039321 - SDN controller metrics are not being consumed by prometheus 2039330 - Create NMState button doesn't work in OperatorHub web console 2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations 2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters. 2039359 - oc adm prune deployments can't prune the RS where the associated Deployment no longer exists 2039382 - gather_metallb_logs does not have execution permission 2039406 - logout from rest session after vsphere operator sync is finished 2039408 - Add GCP region northamerica-northeast2 to allowed regions 2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration 2039425 - No need to set KlusterletAddonConfig CR applicationManager->enabled: true in RAN ztp deployment 2039491 - oc - git:// protocol used in unit tests 2039516 - Bump OVN to ovn21.12-21.12.0-25 2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate 2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled 2039541 - Resolv-prepender script duplicating entries 2039586 - [e2e] update centos8 to centos stream8 2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty 2039619 - [AWS] In tree provisioner storageclass aws disk type should contain 'gp3' and csi provisioner storageclass default aws disk type should be 'gp3' 2039670 - Create PDBs for control plane components 2039678 - Page goes blank when create image pull secret 2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported 2039743 - React missing key warning when open operator hub detail page (and maybe others as well) 2039756 - React missing key warning when open KnativeServing details 2039770 - Observe dashboard doesn't react on time-range changes after browser reload when perspective is changed in another tab 2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard 2039781 - [GSS] OBC is not visible by admin of a Project on Console 2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector 2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled 2039880 - Log level too low for control plane metrics 2039919 - Add E2E test for router compression feature 2039981 - ZTP for standard clusters installs stalld on master nodes 2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead 2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced 2040143 - [IPI on Alibabacloud] suggest to remove region "cn-nanjing" or provide better error message 2040150 - Update ConfigMap keys for IBM HPCS 2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth 2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository 2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp 2040376 - "unknown instance type" error for supported m6i.xlarge instance 2040394 - Controller: enqueue the failed configmap till services update 2040467 - Cannot build ztp-site-generator container image 2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn't take affect in OpenShift 4 2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps 2040535 - Auto-update boot source is not available in customize wizard 2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name 2040603 - rhel worker scaleup playbook failed because missing some dependency of podman 2040616 - rolebindings page doesn't load for normal users 2040620 - [MAPO] Error pulling MAPO image on installation 2040653 - Topology sidebar warns that another component is updated while rendering 2040655 - User settings update fails when selecting application in topology sidebar 2040661 - Different react warnings about updating state on unmounted components when leaving topology 2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation 2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi 2040694 - Three upstream HTTPClientConfig struct fields missing in the operator 2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers 2040710 - cluster-baremetal-operator cannot update BMC subscription CR 2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms 2040782 - Import YAML page blocks input with more then one generateName attribute 2040783 - The Import from YAML summary page doesn't show the resource name if created via generateName attribute 2040791 - Default PGT policies must be 'inform' to integrate with the Lifecycle Operator 2040793 - Fix snapshot e2e failures 2040880 - do not block upgrades if we can't connect to vcenter 2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10 2041093 - autounattend.xml missing 2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates 2041319 - [IPI on Alibabacloud] installation in region "cn-shanghai" failed, due to "Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped" 2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23 2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller 2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener 2041441 - Provision volume with size 3000Gi even if sizeRange: '[10-2000]GiB' in storageclass on IBM cloud 2041466 - Kubedescheduler version is missing from the operator logs 2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses 2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR is missing (controller and speaker pods) 2041492 - Spacing between resources in inventory card is too small 2041509 - GCP Cloud provider components should use K8s 1.23 dependencies 2041510 - cluster-baremetal-operator doesn't run baremetal-operator's subscription webhook 2041541 - audit: ManagedFields are dropped using API not annotation 2041546 - ovnkube: set election timer at RAFT cluster creation time 2041554 - use lease for leader election 2041581 - KubeDescheduler operator log shows "Use of insecure cipher detected" 2041583 - etcd and api server cpu mask interferes with a guaranteed workload 2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure 2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation 2041620 - bundle CSV alm-examples does not parse 2041641 - Fix inotify leak and kubelet retaining memory 2041671 - Delete templates leads to 404 page 2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category 2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled 2041750 - [IPI on Alibabacloud] trying "create install-config" with region "cn-wulanchabu (China (Ulanqab))" (or "ap-southeast-6 (Philippines (Manila))", "cn-guangzhou (China (Guangzhou))") failed due to invalid endpoint 2041763 - The Observe > Alerting pages no longer have their default sort order applied 2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken 2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied 2041882 - cloud-network-config operator can't work normal on GCP workload identity cluster 2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases 2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist 2041971 - [vsphere] Reconciliation of mutating webhooks didn't happen 2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile 2041999 - [PROXY] external dns pod cannot recognize custom proxy CA 2042001 - unexpectedly found multiple load balancers 2042029 - kubedescheduler fails to install completely 2042036 - [IBMCLOUD] "openshift-install explain installconfig.platform.ibmcloud" contains not yet supported custom vpc parameters 2042049 - Seeing warning related to unrecognized feature gate in kubescheduler & KCM logs 2042059 - update discovery burst to reflect lots of CRDs on openshift clusters 2042069 - Revert toolbox to rhcos-toolbox 2042169 - Can not delete egressnetworkpolicy in Foreground propagation 2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool 2042265 - [IBM]"--scale-down-utilization-threshold" doesn't work on IBMCloud 2042274 - Storage API should be used when creating a PVC 2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection 2042366 - Lifecycle hooks should be independently managed 2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway 2042382 - [e2e][automation] CI takes more then 2 hours to run 2042395 - Add prerequisites for active health checks test 2042438 - Missing rpms in openstack-installer image 2042466 - Selection does not happen when switching from Topology Graph to List View 2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver 2042567 - insufficient info on CodeReady Containers configuration 2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk 2042619 - Overview page of the console is broken for hypershift clusters 2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running 2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud 2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud 2042770 - [IPI on Alibabacloud] with vpcID & vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly 2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring) 2042851 - Create template from SAP HANA template flow - VM is created instead of a new template 2042906 - Edit machineset with same machine deletion hook name succeed 2042960 - azure-file CI fails with "gid(0) in storageClass and pod fsgroup(1000) are not equal" 2043003 - [IPI on Alibabacloud] 'destroy cluster' of a failed installation (bug2041694) stuck after 'stage=Nat gateways' 2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial] 2043043 - Cluster Autoscaler should use K8s 1.23 dependencies 2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props) 2043078 - Favorite system projects not visible in the project selector after toggling "Show default projects". 2043117 - Recommended operators links are erroneously treated as external 2043130 - Update CSI sidecars to the latest release for 4.10 2043234 - Missing validation when creating several BGPPeers with the same peerAddress 2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler 2043254 - crio does not bind the security profiles directory 2043296 - Ignition fails when reusing existing statically-keyed LUKS volume 2043297 - [4.10] Bootimage bump tracker 2043316 - RHCOS VM fails to boot on Nutanix AOS 2043446 - Rebase aws-efs-utils to the latest upstream version. 2043556 - Add proper ci-operator configuration to ironic and ironic-agent images 2043577 - DPU network operator 2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator 2043675 - Too many machines deleted by cluster autoscaler when scaling down 2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation 2043709 - Logging flags no longer being bound to command line 2043721 - Installer bootstrap hosts using outdated kubelet containing bugs 2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather 2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23 2043780 - Bump router to k8s.io/api 1.23 2043787 - Bump cluster-dns-operator to k8s.io/api 1.23 2043801 - Bump CoreDNS to k8s.io/api 1.23 2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown 2043961 - [OVN-K] If pod creation fails, retry doesn't work as expected. 2044201 - Templates golden image parameters names should be supported 2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8] 2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter “csi.storage.k8s.io/fstype” create pvc,pod successfully but write data to the pod's volume failed of "Permission denied" 2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects 2044347 - Bump to kubernetes 1.23.3 2044481 - collect sharedresource cluster scoped instances with must-gather 2044496 - Unable to create hardware events subscription - failed to add finalizers 2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources 2044680 - Additional libovsdb performance and resource consumption fixes 2044704 - Observe > Alerting pages should not show runbook links in 4.10 2044717 - [e2e] improve tests for upstream test environment 2044724 - Remove namespace column on VM list page when a project is selected 2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff 2044808 - machine-config-daemon-pull.service: use cp instead of cat when extracting MCD in OKD 2045024 - CustomNoUpgrade alerts should be ignored 2045112 - vsphere-problem-detector has missing rbac rules for leases 2045199 - SnapShot with Disk Hot-plug hangs 2045561 - Cluster Autoscaler should use the same default Group value as Cluster API 2045591 - Reconciliation of aws pod identity mutating webhook did not happen 2045849 - Add Sprint 212 translations 2045866 - MCO Operator pod spam "Error creating event" warning messages in 4.10 2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin 2045916 - [IBMCloud] Default machine profile in installer is unreliable 2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment 2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify 2046137 - oc output for unknown commands is not human readable 2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance 2046297 - Bump DB reconnect timeout 2046517 - In Notification drawer, the "Recommendations" header shows when there isn't any recommendations 2046597 - Observe > Targets page may show the wrong service monitor is multiple monitors have the same namespace & label selectors 2046626 - Allow setting custom metrics for Ansible-based Operators 2046683 - [AliCloud]"--scale-down-utilization-threshold" doesn't work on AliCloud 2047025 - Installation fails because of Alibaba CSI driver operator is degraded 2047190 - Bump Alibaba CSI driver for 4.10 2047238 - When using communities and localpreferences together, only localpreference gets applied 2047255 - alibaba: resourceGroupID not found 2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions 2047317 - Update HELM OWNERS files under Dev Console 2047455 - [IBM Cloud] Update custom image os type 2047496 - Add image digest feature 2047779 - do not degrade cluster if storagepolicy creation fails 2047927 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used 2047929 - use lease for leader election 2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2048046 - New route annotation to show another URL or hide topology URL decorator doesn't work for Knative Services 2048048 - Application tab in User Preferences dropdown menus are too wide. 2048050 - Topology list view items are not highlighted on keyboard navigation 2048117 - [IBM]Shouldn't change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value 2048413 - Bond CNI: Failed to attach Bond NAD to pod 2048443 - Image registry operator panics when finalizes config deletion 2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-* 2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt 2048598 - Web terminal view is broken 2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure 2048891 - Topology page is crashed 2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class 2049043 - Cannot create VM from template 2049156 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used 2049886 - Placeholder bug for OCP 4.10.0 metadata release 2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning 2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2 2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0 2050227 - Installation on PSI fails with: 'openstack platform does not have the required standard-attr-tag network extension' 2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s] 2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members 2050310 - ContainerCreateError when trying to launch large (>500) numbers of pods across nodes 2050370 - alert data for burn budget needs to be updated to prevent regression 2050393 - ZTP missing support for local image registry and custom machine config 2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud 2050737 - Remove metrics and events for master port offsets 2050801 - Vsphere upi tries to access vsphere during manifests generation phase 2050883 - Logger object in LSO does not log source location accurately 2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit 2052062 - Whereabouts should implement client-go 1.22+ 2052125 - [4.10] Crio appears to be coredumping in some scenarios 2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config 2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. 2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests 2052598 - kube-scheduler should use configmap lease 2052599 - kube-controller-manger should use configmap lease 2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh 2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics vsphere_rwx_volumes_total not valid 2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop 2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. 2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1 2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch 2052756 - [4.10] PVs are not being cleaned up after PVC deletion 2053175 - oc adm catalog mirror throws 'missing signature key' error when using file://local/index 2053218 - ImagePull fails with error "unable to pull manifest from example.com/busy.box:v5 invalid reference format" 2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs 2053268 - inability to detect static lifecycle failure 2053314 - requestheader IDP test doesn't wait for cleanup, causing high failure rates 2053323 - OpenShift-Ansible BYOH Unit Tests are Broken 2053339 - Remove dev preview badge from IBM FlashSystem deployment windows 2053751 - ztp-site-generate container is missing convenience entrypoint 2053945 - [4.10] Failed to apply sriov policy on intel nics 2054109 - Missing "app" label 2054154 - RoleBinding in project without subject is causing "Project access" page to fail 2054244 - Latest pipeline run should be listed on the top of the pipeline run list 2054288 - console-master-e2e-gcp-console is broken 2054562 - DPU network operator 4.10 branch need to sync with master 2054897 - Unable to deploy hw-event-proxy operator 2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently 2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line 2055371 - Remove Check which enforces summary_interval must match logSyncInterval 2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11 2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API 2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured 2056479 - ovirt-csi-driver-node pods are crashing intermittently 2056572 - reconcilePrecaching error: cannot list resource "clusterserviceversions" in API group "operators.coreos.com" at the cluster scope" 2056629 - [4.10] EFS CSI driver can't unmount volumes with "wait: no child processes" 2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs 2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation 2056948 - post 1.23 rebase: regression in service-load balancer reliability 2057438 - Service Level Agreement (SLA) always show 'Unknown' 2057721 - Fix Proxy support in RHACM 2.4.2 2057724 - Image creation fails when NMstateConfig CR is empty 2058641 - [4.10] Pod density test causing problems when using kube-burner 2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install 2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials 2060956 - service domain can't be resolved when networkpolicy is used in OCP 4.10-rc

  1. References:

https://access.redhat.com/security/cve/CVE-2014-3577 https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2018-1000858 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-9952 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-25660 https://access.redhat.com/security/cve/CVE-2020-25677 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27781 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-21684 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/cve/CVE-2021-27218 https://access.redhat.com/security/cve/CVE-2021-30666 https://access.redhat.com/security/cve/CVE-2021-30761 https://access.redhat.com/security/cve/CVE-2021-30762 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/cve/CVE-2021-39226 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2021-43813 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0532 https://access.redhat.com/security/cve/CVE-2022-21673 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL 0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne eGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM CEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF aDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC Y/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp sQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO RDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN rs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry bSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z 7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT b5PUYUBIZLc= =GUDA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Solution:

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

The References section of this erratum contains a download link for the update. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):

1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing

  1. ========================================================================== Ubuntu Security Notice USN-5038-1 August 12, 2021

postgresql-10, postgresql-12, postgresql-13 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 21.04
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in PostgreSQL.

Software Description: - postgresql-13: Object-relational SQL database - postgresql-12: Object-relational SQL database - postgresql-10: Object-relational SQL database

Details:

It was discovered that the PostgresQL planner could create incorrect plans in certain circumstances. A remote attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly obtain sensitive information from memory. (CVE-2021-3677)

It was discovered that PostgreSQL incorrectly handled certain SSL renegotiation ClientHello messages from clients. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2021-3449)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.04: postgresql-13 13.4-0ubuntu0.21.04.1

Ubuntu 20.04 LTS: postgresql-12 12.8-0ubuntu0.20.04.1

Ubuntu 18.04 LTS: postgresql-10 10.18-0ubuntu0.18.04.1

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes.

Security Fix(es):

  • golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
  • golang: net: lookup functions may return invalid host names (CVE-2021-33195)
  • golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
  • golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
  • golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
  • golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
  • golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)

It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. Bugs fixed (https://bugzilla.redhat.com/):

1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196

5. OpenSSL Security Advisory [25 March 2021]

CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)

Severity: High

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default.

Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check.

An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates.

If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application.

In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose.

This issue was reported to OpenSSL on 18th March 2021 by Benjamin Kaduk from Akamai and was discovered by Xiang Ding and others at Akamai. The fix was developed by Tomáš Mráz.

This issue was reported to OpenSSL on 17th March 2021 by Nokia. The fix was developed by Peter Kästle and Samuel Sapalski from Nokia.

Note

OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended support is available for premium support customers: https://www.openssl.org/support/contracts.html

OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20210325.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202103-1464",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nessus",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "8.13.1"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.57"
      },
      {
        "model": "mysql workbench",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.23"
      },
      {
        "model": "scalance s627-2m",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1"
      },
      {
        "model": "sonicos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "7.0.1.0"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "12.12.0"
      },
      {
        "model": "scalance xr-300wg",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.3"
      },
      {
        "model": "mysql server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.15"
      },
      {
        "model": "quantum security management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "r81"
      },
      {
        "model": "scalance xp-200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.3"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.0.0"
      },
      {
        "model": "sinamics connect 300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance xc-200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.3"
      },
      {
        "model": "simatic net cp 1543-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic net cp 1542sp-1 irc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "12.13.0"
      },
      {
        "model": "scalance xr526-8c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "simatic net cp1243-7 lte us",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "model": "ontap select deploy administration utility",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "scalance w700",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.5"
      },
      {
        "model": "sinec infrastructure network services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.1.1"
      },
      {
        "model": "scalance xr552-12",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.4"
      },
      {
        "model": "simatic mv500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance xm-400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.4"
      },
      {
        "model": "scalance s615",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.2"
      },
      {
        "model": "tia administrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "log correlation engine",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "6.0.9"
      },
      {
        "model": "multi-domain management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "r80.40"
      },
      {
        "model": "capture client",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "3.5"
      },
      {
        "model": "simatic cloud connect 7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "web gateway cloud service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "8.2.19"
      },
      {
        "model": "simatic pcs neo",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic rf186c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic s7-1200 cpu 1212c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 1242-7 gprs v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic s7-1200 cpu 1215 fc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic logon",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.6.0.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "freebsd",
        "version": "12.2"
      },
      {
        "model": "simatic logon",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "simatic hmi basic panels 2nd generation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "quantum security gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "r81"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "14.16.1"
      },
      {
        "model": "primavera unifier",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12"
      },
      {
        "model": "simatic rf188ci",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "oncommand insight",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "sinec nms",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "14.0.0"
      },
      {
        "model": "nessus network monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.12.0"
      },
      {
        "model": "nessus network monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.12.1"
      },
      {
        "model": "scalance xr524-8c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.4"
      },
      {
        "model": "tim 1531 irc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "sinec pni",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "storagegrid",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "12.22.1"
      },
      {
        "model": "communications communications policy management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.6.0.0.0"
      },
      {
        "model": "scalance s612",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1"
      },
      {
        "model": "simatic hmi ktp mobile panels",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "15.0.0"
      },
      {
        "model": "sinumerik opc ua server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "web gateway cloud service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "9.2.10"
      },
      {
        "model": "e-series performance analyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "simatic cp 1242-7 gprs v2",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "model": "tenable.sc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.17.0"
      },
      {
        "model": "zfs storage appliance kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.8"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.24.0"
      },
      {
        "model": "jd edwards world security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "a9.4"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.12.0"
      },
      {
        "model": "simatic wincc runtime advanced",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic process historian opc ua server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019"
      },
      {
        "model": "simatic net cp 1545-1",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "model": "ruggedcom rcm1224",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.2"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "8.2.19"
      },
      {
        "model": "simatic cloud connect 7",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1"
      },
      {
        "model": "scalance xr528-6m",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.4"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "14.14.0"
      },
      {
        "model": "cloud volumes ontap mediator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "multi-domain management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "r81"
      },
      {
        "model": "scalance xf-200ba",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.3"
      },
      {
        "model": "simatic s7-1500 cpu 1518-4 pn\\/dp mfp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "nessus network monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.13.0"
      },
      {
        "model": "primavera unifier",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.12"
      },
      {
        "model": "scalance m-800",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.2"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1k"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "14.15.0"
      },
      {
        "model": "snapcenter",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "scalance lpe9403",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic hmi comfort outdoor panels",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance sc-600",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "quantum security management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "r80.40"
      },
      {
        "model": "active iq unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.3.5"
      },
      {
        "model": "mysql server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.23"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.59"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.58"
      },
      {
        "model": "sma100",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "10.2.1.0-17sv"
      },
      {
        "model": "simatic rf186ci",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "primavera unifier",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "20.12"
      },
      {
        "model": "sinema server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "14.0"
      },
      {
        "model": "simatic net cp 1243-1",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "model": "simatic s7-1200 cpu 1217c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "primavera unifier",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.7"
      },
      {
        "model": "simatic rf185c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "tenable.sc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.13.0"
      },
      {
        "model": "santricity smi-s provider",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "primavera unifier",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.12"
      },
      {
        "model": "simatic s7-1200 cpu 1211c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "scalance s623",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1"
      },
      {
        "model": "simatic s7-1200 cpu 1215c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "9.2.10"
      },
      {
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.0.0.2"
      },
      {
        "model": "simatic rf166c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "tim 1531 irc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.2"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.13.0"
      },
      {
        "model": "simatic net cp 1543sp-1",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "10.1.1"
      },
      {
        "model": "scalance w1700",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "mysql server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.33"
      },
      {
        "model": "simatic s7-1200 cpu 1212fc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic net cp1243-7 lte eu",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "model": "simatic wincc telecontrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic net cp 1243-8 irc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "model": "simatic pcs 7 telecontrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "15.14.0"
      },
      {
        "model": "simatic rf360r",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "sma100",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "10.2.0.0"
      },
      {
        "model": "scalance xb-200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.3"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1"
      },
      {
        "model": "scalance s602",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "12.0.0"
      },
      {
        "model": "nessus network monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.11.0"
      },
      {
        "model": "quantum security gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "r80.40"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "nessus network monitor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.11.1"
      },
      {
        "model": "essbase",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.2"
      },
      {
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "20.3.1.2"
      },
      {
        "model": "mysql connectors",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.23"
      },
      {
        "model": "secure backup",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.1.0.1.0"
      },
      {
        "model": "simatic net cp 1543-1",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.2"
      },
      {
        "model": "simatic s7-1200 cpu 1214 fc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "web gateway cloud service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "10.1.1"
      },
      {
        "model": "simatic rf188c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic s7-1200 cpu 1214c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "enterprise manager for storage management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.4.0.0"
      },
      {
        "model": "simatic pdm",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "9.1.0.7"
      },
      {
        "model": "hitachi ops center analyzer viewpoint",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "storagegrid",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ontap select deploy administration utility",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "quantum security gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba",
        "version": null
      },
      {
        "model": "tenable.sc",
        "scope": null,
        "trust": 0.8,
        "vendor": "tenable",
        "version": null
      },
      {
        "model": "nessus",
        "scope": null,
        "trust": 0.8,
        "vendor": "tenable",
        "version": null
      },
      {
        "model": "oncommand workflow automation",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": null,
        "trust": 0.8,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "hitachi ops center common services",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "santricity smi-s provider",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "mcafee web gateway \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30ab\u30d5\u30a3\u30fc",
        "version": null
      },
      {
        "model": "e-series performance analyzer",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "model": "jp1/file transmission server/ftp",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "quantum security management",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba",
        "version": null
      },
      {
        "model": "openssl",
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud volumes ontap \u30e1\u30c7\u30a3\u30a8\u30fc\u30bf",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "jp1/base",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "web gateway cloud service",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30ab\u30d5\u30a3\u30fc",
        "version": null
      },
      {
        "model": "multi-domain management",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001383"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3449"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.1k",
                "versionStartIncluding": "1.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.17.0",
                "versionStartIncluding": "5.13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.13.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.9",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway_cloud_service:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway_cloud_service:9.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway_cloud_service:8.2.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:9.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:8.2.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:checkpoint:quantum_security_management_firmware:r80.40:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:checkpoint:quantum_security_management_firmware:r81:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:checkpoint:quantum_security_management:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:checkpoint:multi-domain_management_firmware:r80.40:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:checkpoint:multi-domain_management_firmware:r81:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:checkpoint:multi-domain_management:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "17.12",
                "versionStartIncluding": "17.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.23",
                "versionStartIncluding": "8.0.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.7.33",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.23",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.23",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "18.1.0.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sonicwall:sma100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.2.1.0-17sv",
                    "versionStartIncluding": "10.2.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:capture_client:3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:7.0.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rcm1224_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rcm1224:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_s602_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "4.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_s602:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_s612_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "4.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_s612:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_s623_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "4.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_s623:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_s627-2m_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "4.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_s627-2m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_sc-600_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_sc-600:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_w700_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "6.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_w700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_w1700_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_w1700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xf-200ba_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xf-200ba:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xr524-8c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xr526-8c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xr528-6m_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xr528-6m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xr552-12_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xr552-12:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cloud_connect_7_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cloud_connect_7_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cloud_connect_7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "3.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1242-7_gprs_v2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_basic_panels_2nd_generation_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_basic_panels_2nd_generation:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_mv500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_mv500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_net_cp_1243-1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "3.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_net_cp_1243-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "3.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_eu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_us_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "3.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_us:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "3.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "2.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.0",
                    "versionStartIncluding": "2.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_net_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "2.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_pcs_7_telecontrol_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_pcs_7_telecontrol:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_pcs_neo_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_pcs_neo:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_pdm_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "9.1.0.7",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_pdm:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_process_historian_opc_ua_server_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "2019",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_process_historian_opc_ua_server:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf166c_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf166c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf185c_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf185c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf186c_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf186c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf186ci_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf186ci:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf188c_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf188c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf188ci_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf188ci:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf360r_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf360r:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215_fc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\\/dp_mfp_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\\/dp_mfp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:sinamics_connect_300_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:sinamics_connect_300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.2",
                    "versionStartIncluding": "2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinema_server:14.0:sp2_update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinema_server:14.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinema_server:14.0:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinema_server:14.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_logon:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionStartIncluding": "1.6.0.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_logon:1.5:sp3_update_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_telecontrol:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_nms:1.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_nms:1.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_pni:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:tia_administrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinema_server:14.0:sp2_update2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinumerik_opc_ua_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.14.0",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.12.0",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.12.0",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.16.1",
                "versionStartIncluding": "14.15.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.22.1",
                "versionStartIncluding": "12.13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.24.0",
                "versionStartIncluding": "10.13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.14.0",
                "versionStartIncluding": "15.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-3449"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163209"
      },
      {
        "db": "PACKETSTORM",
        "id": "163257"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "162183"
      },
      {
        "db": "PACKETSTORM",
        "id": "166279"
      },
      {
        "db": "PACKETSTORM",
        "id": "162197"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2021-3449",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-3449",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-388130",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-3449",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-3449",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-388130",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-3449",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-388130"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-3449"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001383"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3449"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. \nExploitation of these vulnerabilities could allow an malicious user to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition. \nThis advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd. In addition to persistent storage, Red Hat\nOpenShift Container Storage provisions a multicloud data management service\nwith an S3 compatible API. \n\nSecurity Fix(es):\n\n* NooBaa: noobaa-operator leaking RPC AuthToken into log files\n(CVE-2021-3528)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nBug Fix(es):\n\n* Currently, a newly restored PVC cannot be mounted if some of the\nOpenShift Container Platform nodes are running on a version of Red Hat\nEnterprise Linux which is less than 8.2, and the snapshot from which the\nPVC was restored is deleted. \nWorkaround: Do not delete the snapshot from which the PVC was restored\nuntil the restored PVC is deleted. (BZ#1962483)\n\n* Previously, the default backingstore was not created on AWS S3 when\nOpenShift Container Storage was deployed, due to incorrect identification\nof AWS S3. With this update, the default backingstore gets created when\nOpenShift Container Storage is deployed on AWS S3. (BZ#1927307)\n\n* Previously, log messages were printed to the endpoint pod log even if the\ndebug option was not set. With this update, the log messages are printed to\nthe endpoint pod log only when the debug option is set. (BZ#1938106)\n\n* Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did\nnot register the pod IP on the monitor servers, and hence every mount on\nthe filesystem timed out, resulting in CephFS volume provisioning failure. \nWith this update, an argument `--public-addr=podIP` is added to the MDS pod\nwhen the host network is not enabled, and hence the CephFS volume\nprovisioning does not fail. (BZ#1949558)\n\n* Previously, OpenShift Container Storage 4.2 clusters were not updated\nwith the correct cache value, and hence MDSs in standby-replay might report\nan oversized cache, as rook did not apply the `mds_cache_memory_limit`\nargument during upgrades. With this update, the `mds_cache_memory_limit`\nargument is applied during upgrades and the mds daemon operates normally. \n(BZ#1951348)\n\n* Previously, the coredumps were not generated in the correct location as\nrook was setting the config option `log_file` to an empty string since\nlogging happened on stdout and not on the files, and hence Ceph read the\nvalue of the `log_file` to build the dump path. With this update, rook does\nnot set the `log_file` and keeps Ceph\u0027s internal default, and hence the\ncoredumps are generated in the correct location and are accessible under\n`/var/log/ceph/`. (BZ#1938049)\n\n* Previously, Ceph became inaccessible, as the mons lose quorum if a mon\npod was drained while another mon was failing over. With this update,\nvoluntary mon drains are prevented while a mon is failing over, and hence\nCeph does not become inaccessible. (BZ#1946573)\n\n* Previously, the mon quorum was at risk, as the operator could erroneously\nremove the new mon if the operator was restarted during a mon failover. \nWith this update, the operator completes the same mon failover after the\noperator is restarted, and hence the mon quorum is more reliable in the\nnode drains and mon failover scenarios. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod\n1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b\n1951348 - [GSS][CephFS] health warning \"MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files\" for the standby-replay\n1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore\n1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files\n1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version]\n1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover\n1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout\n1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod\n\n5. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don\u0027t create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.0 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html/release_notes/\n\nSecurity:\n\n* fastify-reply-from: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21321)\n\n* fastify-http-proxy: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21322)\n\n* nodejs-netmask: improper input validation of octal input data\n(CVE-2021-28918)\n\n* redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)\n\n* redis: Integer overflow via COPY command for large intsets\n(CVE-2021-29478)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n(CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing\n- -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing\nbcp47 tag (CVE-2020-28852)\n\n* nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)\n\n* oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)\n\n* redis: integer overflow when configurable limit for maximum supported\nbulk input size is too big on 32-bit platforms (CVE-2021-21309)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* nodejs-hosted-git-info: Regular Expression denial of service via\nshortcutMatch in fromUrl() (CVE-2021-23362)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with strict:true option (CVE-2021-23369)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with compat:true option (CVE-2021-23383)\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n(CVE-2021-23841)\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n(CVE-2021-27292)\n\n* grafana: snapshot feature allow an unauthenticated remote attacker to\ntrigger a DoS via a remote API call (CVE-2021-27358)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-netmask: incorrectly parses an IP address that has octal integer\nwith invalid character (CVE-2021-29418)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n(CVE-2021-29482)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\n* html-parse-stringify: Regular Expression DoS (CVE-2021-23346)\n\n* openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\nBugs:\n\n* RFE Make the source code for the endpoint-metrics-operator public (BZ#\n1913444)\n\n* cluster became offline after apiserver health check (BZ# 1942589)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension\n1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag\n1913444 - RFE Make the source code for the endpoint-metrics-operator public\n1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull\n1927520 - RHACM 2.3.0 images\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application\n1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call\n1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS\n1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service\n1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service\n1942589 - cluster became offline after apiserver health check\n1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()\n1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command\n1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets\n1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs\n1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method\n1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions\n1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id\n1983131 - Defragmenting an etcd member doesn\u0027t reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters\n\n5. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: OpenShift Container Platform 4.10.3 security update\nAdvisory ID:       RHSA-2022:0056-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:0056\nIssue date:        2022-03-10\nCVE Names:         CVE-2014-3577 CVE-2016-10228 CVE-2017-14502 \n                   CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625 \n                   CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 \n                   CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 \n                   CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 \n                   CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 \n                   CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 \n                   CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 \n                   CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 \n                   CVE-2019-8846 CVE-2019-9169 CVE-2019-13050 \n                   CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 \n                   CVE-2019-19906 CVE-2019-20454 CVE-2019-20807 \n                   CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 \n                   CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 \n                   CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 \n                   CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 \n                   CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 \n                   CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 \n                   CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 \n                   CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 \n                   CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 \n                   CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 \n                   CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 \n                   CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 \n                   CVE-2020-25660 CVE-2020-25677 CVE-2020-27618 \n                   CVE-2020-27781 CVE-2020-29361 CVE-2020-29362 \n                   CVE-2020-29363 CVE-2021-3121 CVE-2021-3326 \n                   CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 \n                   CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 \n                   CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 \n                   CVE-2021-3733 CVE-2021-3749 CVE-2021-20305 \n                   CVE-2021-21684 CVE-2021-22946 CVE-2021-22947 \n                   CVE-2021-25215 CVE-2021-27218 CVE-2021-30666 \n                   CVE-2021-30761 CVE-2021-30762 CVE-2021-33928 \n                   CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 \n                   CVE-2021-36222 CVE-2021-37750 CVE-2021-39226 \n                   CVE-2021-41190 CVE-2021-43813 CVE-2021-44716 \n                   CVE-2021-44717 CVE-2022-0532 CVE-2022-21673 \n                   CVE-2022-24407 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.10.3 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.10.3. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2022:0055\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n* nodejs-axios: Regular expression denial of service in trim function\n(CVE-2021-3749)\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n* grafana: Forward OAuth Identity Token can allow users to access some data\nsources (CVE-2022-21673)\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-x86_64\n\nThe image digest is\nsha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-s390x\n\nThe image digest is\nsha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le\n\nThe image digest is\nsha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1808240 - Always return metrics value for pods under the user\u0027s namespace\n1815189 - feature flagged UI does not always become available after operator installation\n1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters\n1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly\n1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal\n1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered\n1878925 - \u0027oc adm upgrade --to ...\u0027 rejects versions which occur only in history, while the cluster-version operator supports history fallback\n1880738 - origin e2e test deletes original worker\n1882983 - oVirt csi driver should refuse to provision RWX and ROX PV\n1886450 - Keepalived router id check not documented for RHV/VMware IPI\n1889488 - The metrics endpoint for the Scheduler is not protected by RBAC\n1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom\n1896474 - Path based routing is broken for some combinations\n1897431 - CIDR support for  additional network attachment with the bridge CNI plug-in\n1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes\n1907433 - Excessive logging in image operator\n1909906 - The router fails with PANIC error when stats port already in use\n1911173 - [MSTR-998] Many charts\u0027 legend names show {{}} instead of words\n1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting. \n1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true)\n1917893 - [ovirt] install fails: due to terraform error \"Cannot attach Virtual Disk: Disk is locked\" on vm resource\n1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1926522 - oc adm catalog does not clean temporary files\n1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes. \n1928141 - kube-storage-version-migrator constantly reporting type \"Upgradeable\" status Unknown\n1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it\u0027s storageclass is not yet finished, confusing users\n1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x\n1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade\n1937085 - RHV UPI inventory playbook missing guarantee_memory\n1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion\n1938236 - vsphere-problem-detector does not support overriding log levels via storage CR\n1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods\n1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer\n1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]\n1942913 - ThanosSidecarUnhealthy isn\u0027t resilient to WAL replays. \n1943363 - [ovn] CNO should gracefully terminate ovn-northd\n1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17\n1948080 - authentication should not set Available=False APIServices_Error with 503s\n1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set\n1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0\n1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer\n1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs\n1953264 - \"remote error: tls: bad certificate\" logs in prometheus-operator container\n1955300 - Machine config operator reports unavailable for 23m during upgrade\n1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set\n1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set\n1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters\n1956496 - Needs SR-IOV Docs Upstream\n1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret\n1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid\n1956964 - upload a boot-source to OpenShift virtualization using the console\n1957547 - [RFE]VM name is not auto filled in dev console\n1958349 - ovn-controller doesn\u0027t release the memory after cluster-density run\n1959352 - [scale] failed to get pod annotation: timed out waiting for annotations\n1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not\n1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]\n1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects\n1961391 - String updates\n1961509 - DHCP daemon pod should have CPU and memory requests set but not limits\n1962066 - Edit machine/machineset specs not working\n1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent\n1963053 - `oc whoami --show-console` should show the web console URL, not the server api URL\n1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters\n1964327 - Support containers with name:tag@digest\n1964789 - Send keys and disconnect does not work for VNC console\n1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7\n1966445 - Unmasking a service doesn\u0027t work if it masked using MCO\n1966477 - Use GA version in KAS/OAS/OauthAS to avoid: \"audit.k8s.io/v1beta1\" is deprecated and will be removed in a future release, use \"audit.k8s.io/v1\" instead\n1966521 - kube-proxy\u0027s userspace implementation consumes excessive CPU\n1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up\n1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount\n1970218 - MCO writes incorrect file contents if compression field is specified\n1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel]\n1970805 - Cannot create build when docker image url contains dir structure\n1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io\n1972827 - image registry does not remain available during upgrade\n1972962 - Should set the minimum value for the `--max-icsp-size` flag of `oc adm catalog mirror`\n1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run\n1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established\n1976301 - [ci] e2e-azure-upi is permafailing\n1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change. \n1976674 - CCO didn\u0027t set Upgradeable to False when cco mode is configured to Manual on azure platform\n1976894 - Unidling a StatefulSet does not work as expected\n1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases\n1977414 - Build Config timed out waiting for condition 400: Bad Request\n1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus\n1978528 - systemd-coredump started and failed intermittently for unknown reasons\n1978581 - machine-config-operator: remove runlevel from mco namespace\n1979562 - Cluster operators: don\u0027t show messages when neither progressing, degraded or unavailable\n1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9\n1979966 - OCP builds always fail when run on RHEL7 nodes\n1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading\n1981549 - Machine-config daemon does not recover from broken Proxy configuration\n1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel]\n1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues\n1982063 - \u0027Control Plane\u0027  is not translated in Simplified Chinese language in Home-\u003eOverview page\n1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands\n1982662 - Workloads - DaemonSets - Add storage: i18n misses\n1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE \"*/secrets/encryption-config\" on single node clusters\n1983758 - upgrades are failing on disruptive tests\n1983964 - Need Device plugin configuration for the NIC \"needVhostNet\" \u0026 \"isRdma\"\n1984592 - global pull secret not working in OCP4.7.4+ for additional private registries\n1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs\n1985486 - Cluster Proxy not used during installation on OSP with Kuryr\n1985724 - VM Details Page missing translations\n1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted\n1985933 - Downstream image registry recommendation\n1985965 - oVirt CSI driver does not report volume stats\n1986216 - [scale] SNO: Slow Pod recovery due to \"timed out waiting for OVS port binding\"\n1986237 - \"MachineNotYetDeleted\" in Pending state , alert not fired\n1986239 - crictl create fails with \"PID namespace requested, but sandbox infra container invalid\"\n1986302 - console continues to fetch prometheus alert and silences for normal user\n1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI\n1986338 - error creating list of resources in Import YAML\n1986502 - yaml multi file dnd duplicates previous dragged files\n1986819 - fix string typos for hot-plug disks\n1987044 - [OCPV48] Shutoff VM is being shown as \"Starting\" in WebUI when using spec.runStrategy Manual/RerunOnFailure\n1987136 - Declare operatorframework.io/arch.* labels for all operators\n1987257 - Go-http-client user-agent being used for oc adm mirror requests\n1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold\n1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP\n1988406 - SSH key dropped when selecting \"Customize virtual machine\" in UI\n1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade\n1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with \"Unable to connect to the server\"\n1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs\n1989438 - expected replicas is wrong\n1989502 - Developer Catalog is disappearing after short time\n1989843 - \u0027More\u0027 and \u0027Show Less\u0027 functions are not translated on several page\n1990014 - oc debug \u003cpod-name\u003e does not work for Windows pods\n1990190 - e2e testing failed with basic manifest: reason/ExternalProvisioning waiting for a volume to be created\n1990193 - \u0027more\u0027 and \u0027Show Less\u0027  is not being translated on Home -\u003e Search page\n1990255 - Partial or all of the Nodes/StorageClasses don\u0027t appear back on UI after text is removed from search bar\n1990489 - etcdHighNumberOfFailedGRPCRequests fires only on metal env in CI\n1990506 - Missing udev rules in initramfs for /dev/disk/by-id/scsi-* symlinks\n1990556 - get-resources.sh doesn\u0027t honor the no_proxy settings even with no_proxy var\n1990625 - Ironic agent registers with SLAAC address with privacy-stable\n1990635 - CVO does not recognize the channel change if desired version and channel changed at the same time\n1991067 - github.com can not be resolved inside pods where cluster is running on openstack. \n1991573 - Enable typescript strictNullCheck on network-policies files\n1991641 - Baremetal Cluster Operator still Available After Delete Provisioning\n1991770 - The logLevel and operatorLogLevel values do not work with Cloud Credential Operator\n1991819 - Misspelled word \"ocurred\"  in oc inspect cmd\n1991942 - Alignment and spacing fixes\n1992414 - Two rootdisks show on storage step if \u0027This is a CD-ROM boot source\u0027  is checked\n1992453 - The configMap failed to save on VM environment tab\n1992466 - The button \u0027Save\u0027 and \u0027Reload\u0027 are not translated on vm environment tab\n1992475 - The button \u0027Open console in New Window\u0027 and \u0027Disconnect\u0027 are not translated on vm console tab\n1992509 - Could not customize boot source due to source PVC not found\n1992541 - all the alert rules\u0027 annotations \"summary\" and \"description\" should comply with the OpenShift alerting guidelines\n1992580 - storageProfile should stay with the same value by check/uncheck the apply button\n1992592 - list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply\n1992777 - [IBMCLOUD] Default \"ibm_iam_authorization_policy\" is not working as expected in all scenarios\n1993364 - cluster destruction fails to remove router in BYON with Kuryr as primary network (even after BZ 1940159 got fixed)\n1993376 - periodic-ci-openshift-release-master-ci-4.6-upgrade-from-stable-4.5-e2e-azure-upgrade is permfailing\n1994094 - Some hardcodes are detected at the code level in OpenShift console components\n1994142 - Missing required cloud config fields for IBM Cloud\n1994733 - MetalLB: IP address is not assigned to service if there is duplicate IP address in two address pools\n1995021 - resolv.conf and corefile sync slows down/stops after keepalived container restart\n1995335 - [SCALE] ovnkube CNI: remove ovs flows check\n1995493 - Add Secret to workload button and Actions button are not aligned on secret details page\n1995531 - Create RDO-based Ironic image to be promoted to OKD\n1995545 - Project drop-down amalgamates inside main screen while creating storage system for odf-operator\n1995887 - [OVN]After reboot egress node,  lr-policy-list was not correct, some duplicate records or missed internal IPs\n1995924 - CMO should report `Upgradeable: false` when HA workload is incorrectly spread\n1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole\n1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN\n1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down\n1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page\n1996647 - Provide more useful degraded message in auth operator on DNS errors\n1996736 - Large number of 501 lr-policies in INCI2 env\n1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes\n1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP\n1996928 - Enable default operator indexes on ARM\n1997028 - prometheus-operator update removes env var support for thanos-sidecar\n1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used\n1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller. \n1997245 - \"Subscription already exists in openshift-storage namespace\" error message is seen while installing odf-operator via UI\n1997269 - Have to refresh console to install kube-descheduler\n1997478 - Storage operator is not available after reboot cluster instances\n1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n1997967 - storageClass is not reserved from default wizard to customize wizard\n1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order\n1998038 - [e2e][automation] add tests for UI for VM disk hot-plug\n1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus\n1998174 - Create storageclass gp3-csi  after install ocp cluster on aws\n1998183 - \"r: Bad Gateway\" info is improper\n1998235 - Firefox warning: Cookie \u201ccsrf-token\u201d will be soon rejected\n1998377 - Filesystem table head is not full displayed in disk tab\n1998378 - Virtual Machine is \u0027Not available\u0027 in Home -\u003e Overview -\u003e Cluster inventory\n1998519 - Add fstype when create localvolumeset instance on web console\n1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses\n1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page\n1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable\n1999091 - Console update toast notification can appear multiple times\n1999133 - removing and recreating static pod manifest leaves pod in error state\n1999246 - .indexignore is not ingore when oc command load dc configuration\n1999250 - ArgoCD in GitOps operator can\u0027t manage namespaces\n1999255 - ovnkube-node always crashes out the first time it starts\n1999261 - ovnkube-node log spam (and security token leak?)\n1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -\u003e Operator Installation page\n1999314 - console-operator is slow to mark Degraded as False once console starts working\n1999425 - kube-apiserver with \"[SHOULD NOT HAPPEN] failed to update managedFields\" err=\"failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck)\n1999556 - \"master\" pool should be updated before the CVO reports available at the new version occurred\n1999578 - AWS EFS CSI tests are constantly failing\n1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages\n1999619 - cloudinit is malformatted if a user sets a password during VM creation flow\n1999621 - Empty ssh_authorized_keys entry is added to VM\u0027s cloudinit if created from a customize flow\n1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined\n1999668 - openshift-install destroy cluster panic\u0027s when given invalid credentials to cloud provider (Azure Stack Hub)\n1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource\n1999771 - revert \"force cert rotation every couple days for development\" in 4.10\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n1999796 - Openshift Console `Helm` tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace. \n1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions\n1999903 - Click \"This is a CD-ROM boot source\" ticking \"Use template size PVC\" on pvc upload form\n1999983 - No way to clear upload error from template boot source\n2000081 - [IPI baremetal]  The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter\n2000096 - Git URL is not re-validated on edit build-config form reload\n2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig\n2000236 - Confusing usage message from dynkeepalived CLI\n2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported\n2000430 - bump cluster-api-provider-ovirt version in installer\n2000450 - 4.10: Enable static PV multi-az test\n2000490 - All critical alerts shipped by CMO should have links to a runbook\n2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded)\n2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster\n2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled\n2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console\n2000754 - IPerf2 tests should be lower\n2000846 - Structure logs in the entire codebase of Local Storage Operator\n2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24\n2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM\n2000938 - CVO does not respect changes to a Deployment strategy\n2000963 - \u0027Inline-volume (default fs)] volumes should store data\u0027 tests are failing on OKD with updated selinux-policy\n2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don\u0027t have snapshot and should be fullClone\n2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole\n2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api\n2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error\n2001337 - Details Card in ODF Dashboard mentions OCS\n2001339 - fix text content hotplug\n2001413 - [e2e][automation] add/delete nic and disk to template\n2001441 - Test: oc adm must-gather runs successfully for audit logs -  fail due to startup log\n2001442 - Empty termination.log file for the kube-apiserver has too permissive mode\n2001479 - IBM Cloud DNS unable to create/update records\n2001566 - Enable alerts for prometheus operator in UWM\n2001575 - Clicking on the perspective switcher shows a white page with loader\n2001577 - Quick search placeholder is not displayed properly when the search string is removed\n2001578 - [e2e][automation] add tests for vm dashboard tab\n2001605 - PVs remain in Released state for a long time after the claim is deleted\n2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options\n2001620 - Cluster becomes degraded if it can\u0027t talk to Manila\n2001760 - While creating \u0027Backing Store\u0027, \u0027Bucket Class\u0027, \u0027Namespace Store\u0027 user is navigated to \u0027Installed Operators\u0027 page after clicking on ODF\n2001761 - Unable to apply cluster operator storage for SNO on GCP platform. \n2001765 - Some error message in the log  of diskmaker-manager caused confusion\n2001784 - show loading page before final results instead of showing a transient message No log files exist\n2001804 - Reload feature on Environment section in Build Config form does not work properly\n2001810 - cluster admin unable to view BuildConfigs in all namespaces\n2001817 - Failed to load RoleBindings list that will lead to \u2018Role name\u2019 is not able to be selected on Create RoleBinding page as well\n2001823 - OCM controller must update operator status\n2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start\n2001835 - Could not select image tag version when create app from dev console\n2001855 - Add capacity is disabled for ocs-storagecluster\n2001856 - Repeating event: MissingVersion no image found for operand pod\n2001959 - Side nav list borders don\u0027t extend to edges of container\n2002007 - Layout issue on \"Something went wrong\" page\n2002010 - ovn-kube may never attempt to retry a pod creation\n2002012 - Cannot change volume mode when cloning a VM from a template\n2002027 - Two instances of Dotnet helm chart show as one in topology\n2002075 - opm render does not automatically pulling in the image(s) used in the deployments\n2002121 - [OVN] upgrades failed for IPI  OSP16 OVN  IPSec cluster\n2002125 - Network policy details page heading should be updated to Network Policy details\n2002133 - [e2e][automation] add support/virtualization and improve deleteResource\n2002134 - [e2e][automation] add test to verify vm details tab\n2002215 - Multipath day1 not working on s390x\n2002238 - Image stream tag is not persisted when switching from yaml to form editor\n2002262 - [vSphere] Incorrect user agent in vCenter sessions list\n2002266 - SinkBinding create form doesn\u0027t allow to use subject name, instead of label selector\n2002276 - OLM fails to upgrade operators immediately\n2002300 - Altering the Schedule Profile configurations doesn\u0027t affect the placement of the pods\n2002354 - Missing DU configuration \"Done\" status reporting during ZTP flow\n2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn\u0027t use commonjs\n2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation\n2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN\n2002397 - Resources search is inconsistent\n2002434 - CRI-O leaks some children PIDs\n2002443 - Getting undefined error on create local volume set page\n2002461 - DNS operator performs spurious updates in response to API\u0027s defaulting of service\u0027s internalTrafficPolicy\n2002504 - When the openshift-cluster-storage-operator is degraded because of \"VSphereProblemDetectorController_SyncError\", the insights operator is not sending the logs from all pods. \n2002559 - User preference for topology list view does not follow when a new namespace is created\n2002567 - Upstream SR-IOV worker doc has broken links\n2002588 - Change text to be sentence case to align with PF\n2002657 - ovn-kube egress IP monitoring is using a random port over the node network\n2002713 - CNO: OVN logs should have millisecond resolution\n2002748 - [ICNI2] \u0027ErrorAddingLogicalPort\u0027 failed to handle external GW check: timeout waiting for namespace event\n2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite\n2002763 - Two storage systems getting created with external mode RHCS\n2002808 - KCM does not use web identity credentials\n2002834 - Cluster-version operator does not remove unrecognized volume mounts\n2002896 - Incorrect result return when user filter data by name on search page\n2002950 - Why spec.containers.command is not created with \"oc create deploymentconfig \u003cdc-name\u003e --image=\u003cimage\u003e -- \u003ccommand\u003e\"\n2003096 - [e2e][automation] check bootsource URL is displaying on review step\n2003113 - OpenShift Baremetal IPI installer uses first three defined nodes under hosts in install-config for master nodes instead of filtering the hosts with the master role\n2003120 - CI: Uncaught error with ResizeObserver on operand details page\n2003145 - Duplicate operand tab titles causes \"two children with the same key\" warning\n2003164 - OLM, fatal error: concurrent map writes\n2003178 - [FLAKE][knative] The UI doesn\u0027t show updated traffic distribution after accepting the form\n2003193 - Kubelet/crio leaks netns and veth ports in the host\n2003195 - OVN CNI should ensure host veths are removed\n2003204 - Jenkins all new container images (openshift4/ose-jenkins) not supporting \u0027-e JENKINS_PASSWORD=password\u0027  ENV  which was working for old container images\n2003206 - Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace\n2003239 - \"[sig-builds][Feature:Builds][Slow] can use private repositories as build input\" tests fail outside of CI\n2003244 - Revert libovsdb client code\n2003251 - Patternfly components with list element has list item bullet when they should not. \n2003252 - \"[sig-builds][Feature:Builds][Slow] starting a build using CLI  start-build test context override environment BUILD_LOGLEVEL in buildconfig\" tests do not work as expected outside of CI\n2003269 - Rejected pods should be filtered from admission regression\n2003357 - QE- Removing the epic tags for gherkin tags related to 4.9 Release\n2003426 - [e2e][automation]  add test for vm details bootorder\n2003496 - [e2e][automation] add test for vm resources requirment settings\n2003641 - All metal ipi jobs are failing in 4.10\n2003651 - ODF4.9+LSO4.8 installation via UI, StorageCluster move to error state\n2003655 - [IPI ON-PREM] Keepalived chk_default_ingress track script failed even though default router pod runs on node\n2003683 - Samples operator is panicking in CI\n2003711 - [UI] Empty file ceph-external-cluster-details-exporter.py downloaded from external cluster \"Connection Details\" page\n2003715 - Error on creating local volume set after selection of the volume mode\n2003743 - Remove workaround keeping /boot RW for kdump support\n2003775 - etcd pod on CrashLoopBackOff after master replacement procedure\n2003788 - CSR reconciler report error constantly when BYOH CSR approved by other Approver\n2003792 - Monitoring metrics query graph flyover panel is useless\n2003808 - Add Sprint 207 translations\n2003845 - Project admin cannot access image vulnerabilities view\n2003859 - sdn emits events with garbage messages\n2003896 - (release-4.10) ApiRequestCounts conditional gatherer\n2004009 - 4.10: Fix multi-az zone scheduling e2e for 5 control plane replicas\n2004051 - CMO can report as being Degraded while node-exporter is deployed on all nodes\n2004059 - [e2e][automation] fix current tests for downstream\n2004060 - Trying to use basic spring boot sample causes crash on Firefox\n2004101 - [UI] When creating storageSystem deployment type dropdown under advanced setting doesn\u0027t close after selection\n2004127 - [flake] openshift-controller-manager event reason/SuccessfulDelete occurs too frequently\n2004203 - build config\u0027s created prior to 4.8 with image change triggers can result in trigger storm in OCM/openshift-apiserver\n2004313 - [RHOCP 4.9.0-rc.0] Failing to deploy Azure cluster from the macOS installer - ignition_bootstrap.ign: no such file or directory\n2004449 - Boot option recovery menu prevents image boot\n2004451 - The backup filename displayed in the RecentBackup message is incorrect\n2004459 - QE - Modified the AddFlow gherkin scripts and automation scripts\n2004508 - TuneD issues with the recent ConfigParser changes. \n2004510 - openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions\n2004542 - [osp][octavia lb] cannot create LoadBalancer type svcs\n2004578 - Monitoring and node labels missing for an external storage platform\n2004585 - prometheus-k8s-0 cpu usage keeps increasing for the first 3 days\n2004596 - [4.10] Bootimage bump tracker\n2004597 - Duplicate ramdisk log containers running\n2004600 - Duplicate ramdisk log containers running\n2004609 - output of \"crictl inspectp\" is not complete\n2004625 - BMC credentials could be logged if they change\n2004632 - When LE takes a large amount of time, multiple whereabouts are seen\n2004721 - ptp/worker custom threshold doesn\u0027t change ptp events threshold\n2004736 - [knative] Create button on new Broker form is inactive despite form being filled\n2004796 - [e2e][automation] add test for vm scheduling policy\n2004814 - (release-4.10) OCM controller - change type of the etc-pki-entitlement secret to opaque\n2004870 - [External Mode] Insufficient spacing along y-axis in RGW Latency Performance Card\n2004901 - [e2e][automation] improve kubevirt devconsole tests\n2004962 - Console frontend job consuming too much CPU in CI\n2005014 - state of ODF StorageSystem is misreported during installation or uninstallation\n2005052 - Adding a MachineSet selector matchLabel causes orphaned Machines\n2005179 - pods status filter is not taking effect\n2005182 - sync list of deprecated apis about to be removed\n2005282 - Storage cluster name is given as title in StorageSystem details page\n2005355 - setuptools 58 makes Kuryr CI fail\n2005407 - ClusterNotUpgradeable Alert should be set to Severity Info\n2005415 - PTP operator with sidecar api configured throws  bind: address already in use\n2005507 - SNO spoke cluster failing to reach coreos.live.rootfs_url is missing url in console\n2005554 - The switch status of the button \"Show default project\" is not revealed correctly in code\n2005581 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable\n2005761 - QE - Implementing crw-basic feature file\n2005783 - Fix accessibility issues in the \"Internal\" and \"Internal - Attached Mode\" Installation Flow\n2005811 - vSphere Problem Detector operator - ServerFaultCode: InvalidProperty\n2005854 - SSH NodePort service is created for each VM\n2005901 - KS, KCM and KA going Degraded during master nodes upgrade\n2005902 - Current UI flow for MCG only deployment is confusing and doesn\u0027t reciprocate any message to the end-user\n2005926 - PTP operator NodeOutOfPTPSync rule is using max offset from the master instead of openshift_ptp_clock_state metrics\n2005971 - Change telemeter to report the Application Services product usage metrics\n2005997 - SELinux domain container_logreader_t does not have a policy to follow sym links for log files\n2006025 - Description to use an existing StorageClass while creating StorageSystem needs to be re-phrased\n2006060 - ocs-storagecluster-storagesystem details are missing on UI for MCG Only and MCG only in LSO mode deployment types\n2006101 - Power off fails for drivers that don\u0027t support Soft power off\n2006243 - Metal IPI upgrade jobs are running out of disk space\n2006291 - bootstrapProvisioningIP set incorrectly when provisioningNetworkCIDR doesn\u0027t use the 0th address\n2006308 - Backing Store YAML tab on click displays a blank screen on UI\n2006325 - Multicast is broken across nodes\n2006329 - Console only allows Web Terminal Operator to be installed in OpenShift Operators\n2006364 - IBM Cloud: Set resourceGroupId for resourceGroups, not simply resource\n2006561 - [sig-instrumentation] Prometheus when installed on the cluster shouldn\u0027t have failing rules evaluation [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2006690 - OS boot failure \"x64 Exception Type 06 - Invalid Opcode Exception\"\n2006714 - add retry for etcd errors in kube-apiserver\n2006767 - KubePodCrashLooping may not fire\n2006803 - Set CoreDNS cache entries for forwarded zones\n2006861 - Add Sprint 207 part 2 translations\n2006945 - race condition can cause crashlooping bootstrap kube-apiserver in cluster-bootstrap\n2006947 - e2e-aws-proxy for 4.10 is permafailing with samples operator errors\n2006975 - clusteroperator/etcd status condition should not change reasons frequently due to EtcdEndpointsDegraded\n2007085 - Intermittent failure mounting /run/media/iso when booting live ISO from USB stick\n2007136 - Creation of BackingStore, BucketClass, NamespaceStore fails\n2007271 - CI Integration for Knative test cases\n2007289 - kubevirt tests are failing in CI\n2007322 - Devfile/Dockerfile import does not work for unsupported git host\n2007328 - Updated patternfly to v4.125.3 and pf.quickstarts to v1.2.3. \n2007379 - Events are not generated for master offset  for ordinary clock\n2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace\n2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address\n2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error\n2007522 - No new local-storage-operator-metadata-container is build for 4.10\n2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10\n2007580 - Azure cilium installs are failing e2e tests\n2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10\n2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes\n2007692 - 4.9 \"old-rhcos\" jobs are permafailing with storage test failures\n2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow\n2007757 - must-gather extracts imagestreams in the \"openshift\" namespace, but not Templates\n2007802 - AWS machine actuator get stuck if machine is completely missing\n2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator\n2008119 - The serviceAccountIssuer field on Authentication CR is reseted to \u201c\u201d when installation process\n2008151 - Topology breaks on clicking in empty state\n2008185 - Console operator go.mod should use go 1.16.version\n2008201 - openstack-az job is failing on haproxy idle test\n2008207 - vsphere CSI driver doesn\u0027t set resource limits\n2008223 - gather_audit_logs: fix oc command line to get the current audit profile\n2008235 - The Save button in the Edit DC form remains disabled\n2008256 - Update Internationalization README with scope info\n2008321 - Add correct documentation link for MON_DISK_LOW\n2008462 - Disable PodSecurity feature gate for 4.10\n2008490 - Backing store details page does not contain all the kebab actions. \n2008521 - gcp-hostname service should correct invalid search entries in resolv.conf\n2008532 - CreateContainerConfigError:: failed to prepare subPath for volumeMount\n2008539 - Registry doesn\u0027t fall back to secondary ImageContentSourcePolicy Mirror\n2008540 - HighlyAvailableWorkloadIncorrectlySpread always fires on upgrade on cluster with two workers\n2008599 - Azure Stack UPI does not have Internal Load Balancer\n2008612 - Plugin asset proxy does not pass through browser cache headers\n2008712 - VPA webhook timeout prevents all pods from starting\n2008733 - kube-scheduler: exposed /debug/pprof port\n2008911 - Prometheus repeatedly scaling prometheus-operator replica set\n2008926 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]\n2008987 - OpenShift SDN Hosted Egress IP\u0027s are not being scheduled to nodes after upgrade to 4.8.12\n2009055 - Instances of OCS to be replaced with ODF on UI\n2009078 - NetworkPodsCrashLooping alerts in upgrade CI jobs\n2009083 - opm blocks pruning of existing bundles during add\n2009111 - [IPI-on-GCP] \u0027Install a cluster with nested virtualization enabled\u0027 failed due to unable to launch compute instances\n2009131 - [e2e][automation] add more test about vmi\n2009148 - [e2e][automation] test vm nic presets and options\n2009233 - ACM policy object generated by PolicyGen conflicting with OLM Operator\n2009253 - [BM] [IPI] [DualStack] apiVIP and ingressVIP should be of the same primary IP family\n2009298 - Service created for VM SSH access is not owned by the VM and thus is not deleted if the VM is deleted\n2009384 - UI changes to support BindableKinds CRD changes\n2009404 - ovnkube-node pod enters CrashLoopBackOff after OVN_IMAGE is swapped\n2009424 - Deployment upgrade is failing availability check\n2009454 - Change web terminal subscription permissions from get to list\n2009465 - container-selinux should come from rhel8-appstream\n2009514 - Bump OVS to 2.16-15\n2009555 - Supermicro X11 system not booting from vMedia with AI\n2009623 - Console: Observe \u003e Metrics page: Table pagination menu shows bullet points\n2009664 - Git Import: Edit of knative service doesn\u0027t work as expected for git import flow\n2009699 - Failure to validate flavor RAM\n2009754 - Footer is not sticky anymore in import forms\n2009785 - CRI-O\u0027s version file should be pinned by MCO\n2009791 - Installer:  ibmcloud ignores install-config values\n2009823 - [sig-arch] events should not repeat pathologically - reason/VSphereOlderVersionDetected Marking cluster un-upgradeable because one or more VMs are on hardware version vmx-13\n2009840 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo\n2009859 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests\n2009873 - Stale Logical Router Policies and Annotations for a given node\n2009879 - There should be test-suite coverage to ensure admin-acks work as expected\n2009888 - SRO package name collision between official and community version\n2010073 - uninstalling and then reinstalling sriov-network-operator is not working\n2010174 - 2 PVs get created unexpectedly with different paths that actually refer to the same device on the node. \n2010181 - Environment variables not getting reset on reload on deployment edit form\n2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2010341 - OpenShift Alerting Rules Style-Guide Compliance\n2010342 - Local console builds can have out of memory errors\n2010345 - OpenShift Alerting Rules Style-Guide Compliance\n2010348 - Reverts PIE build mode for K8S components\n2010352 - OpenShift Alerting Rules Style-Guide Compliance\n2010354 - OpenShift Alerting Rules Style-Guide Compliance\n2010359 - OpenShift Alerting Rules Style-Guide Compliance\n2010368 - OpenShift Alerting Rules Style-Guide Compliance\n2010376 - OpenShift Alerting Rules Style-Guide Compliance\n2010662 - Cluster is unhealthy after image-registry-operator tests\n2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent)\n2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API\n2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address\n2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing\n2010864 - Failure building EFS operator\n2010910 - ptp worker events unable to identify interface for multiple interfaces\n2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24\n2010921 - Azure Stack Hub does not handle additionalTrustBundle\n2010931 - SRO CSV uses non default category \"Drivers and plugins\"\n2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well. \n2011038 - optional operator conditions are confusing\n2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass\n2011171 - diskmaker-manager constantly redeployed by LSO when creating LV\u0027s\n2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image\n2011368 - Tooltip in pipeline visualization shows misleading data\n2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels\n2011411 - Managed Service\u0027s Cluster overview page contains link to missing Storage dashboards\n2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster\n2011513 - Kubelet rejects pods that use resources that should be freed by completed pods\n2011668 - Machine stuck in deleting phase in VMware \"reconciler failed to Delete machine\"\n2011693 - (release-4.10) \"insightsclient_request_recvreport_total\" metric is always incremented\n2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn\u0027t export namespace labels anymore\n2011733 - Repository README points to broken documentarion link\n2011753 - Ironic resumes clean before raid configuration job is actually completed\n2011809 - The nodes page in the openshift console doesn\u0027t work. You just get a blank page\n2011822 - Obfuscation doesn\u0027t work at clusters with OVN\n2011882 - SRO helm charts not synced with templates\n2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot\n2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages\n2011903 - vsphere-problem-detector: session leak\n2011927 - OLM should allow users to specify a proxy for GRPC connections\n2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods\n2011960 - [tracker] Storage operator is not available after reboot cluster instances\n2011971 - ICNI2 pods are stuck in ContainerCreating state\n2011972 - Ingress operator not creating wildcard route for hypershift  clusters\n2011977 - SRO bundle references non-existent image\n2012069 - Refactoring Status controller\n2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI\n2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group\n2012233 - [IBMCLOUD] IPI: \"Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)\"\n2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig\n2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off\n2012407 - [e2e][automation] improve vm tab console tests\n2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don\u0027t have namespace label\n2012562 - migration condition is not detected in list view\n2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written\n2012780 - The port 50936 used by haproxy is occupied by kube-apiserver\n2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working\n2012902 - Neutron Ports assigned to Completed Pods are not reused Edit\n2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack\n2012971 - Disable operands deletes\n2013034 - Cannot install to openshift-nmstate namespace\n2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine)\n2013199 - post reboot of node SRIOV policy taking huge time\n2013203 - UI breaks when trying to create block pool before storage cluster/system creation\n2013222 - Full breakage for nightly payload promotion\n2013273 - Nil pointer exception when phc2sys options are missing\n2013321 - TuneD: high CPU utilization of the TuneD daemon. \n2013416 - Multiple assets emit different content to the same filename\n2013431 - Application selector dropdown has incorrect font-size and positioning\n2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8\n2013545 - Service binding created outside topology is not visible\n2013599 - Scorecard support storage is not included in ocp4.9\n2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide)\n2013646 - fsync controller will show false positive if gaps in metrics are observed. \n2013710 - ZTP Operator subscriptions for 4.9 release branch should point to 4.9 by default\n2013751 - Service details page is showing wrong in-cluster hostname\n2013787 - There are two tittle \u0027Network Attachment Definition Details\u0027 on NAD details page\n2013871 - Resource table headings are not aligned with their column data\n2013895 - Cannot enable accelerated network via MachineSets on Azure\n2013920 - \"--collector.filesystem.ignored-mount-points is DEPRECATED and will be removed in 2.0.0, use --collector.filesystem.mount-points-exclude\"\n2013930 - Create Buttons enabled for Bucket Class, Backingstore and Namespace Store in the absence of Storagesystem(or MCG)\n2013969 - oVIrt CSI driver fails on creating PVCs on hosted engine storage domain\n2013990 - Observe dashboard crashs on reload when perspective has changed (in another tab)\n2013996 - Project detail page: Action \"Delete Project\" does nothing for the default project\n2014071 - Payload imagestream new tags not properly updated during cluster upgrade\n2014153 - SRIOV exclusive pooling\n2014202 - [OCP-4.8.10] OVN-Kubernetes: service IP is not responding when egressIP set to the namespace\n2014238 - AWS console test is failing on importing duplicate YAML definitions\n2014245 - Several aria-labels, external links, and labels aren\u0027t internationalized\n2014248 - Several files aren\u0027t internationalized\n2014352 - Could not filter out machine by using node name on machines page\n2014464 - Unexpected spacing/padding below navigation groups in developer perspective\n2014471 - Helm Release notes tab is not automatically open after installing a chart for other languages\n2014486 - Integration Tests: OLM single namespace operator tests failing\n2014488 - Custom operator cannot change orders of condition tables\n2014497 - Regex slows down different forms and creates too much recursion errors in the log\n2014538 - Kuryr controller crash looping on  self._get_vip_port(loadbalancer).id   \u0027NoneType\u0027 object has no attribute \u0027id\u0027\n2014614 - Metrics scraping requests should be assigned to exempt priority level\n2014710 - TestIngressStatus test is broken on Azure\n2014954 - The prometheus-k8s-{0,1} pods are CrashLoopBackoff repeatedly\n2014995 - oc adm must-gather cannot gather audit logs with \u0027None\u0027 audit profile\n2015115 - [RFE] PCI passthrough\n2015133 - [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl \u0027--resource-group-name\u0027 parameter\n2015154 - Support ports defined networks and primarySubnet\n2015274 - Yarn dev fails after updates to dynamic plugin JSON schema logic\n2015337 - 4.9.0 GA MetalLB operator image references need to be adjusted to match production\n2015386 - Possibility to add labels to the built-in OCP alerts\n2015395 - Table head on Affinity Rules modal is not fully expanded\n2015416 - CI implementation for Topology plugin\n2015418 - Project Filesystem query returns No datapoints found\n2015420 - No vm resource in project view\u0027s inventory\n2015422 - No conflict checking on snapshot name\n2015472 - Form and YAML view switch button should have distinguishable status\n2015481 - [4.10]  sriov-network-operator daemon pods are failing to start\n2015493 - Cloud Controller Manager Operator does not respect \u0027additionalTrustBundle\u0027 setting\n2015496 - Storage - PersistentVolumes : Claim colum value \u0027No Claim\u0027 in English\n2015498 - [UI] Add capacity when not applicable (for MCG only deployment and External mode cluster) fails to pass any info. to user and tries to just load a blank screen on \u0027Add Capacity\u0027 button click\n2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu\n2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain. \n2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart \u0027x% used\u0027 is in English\n2015549 - Observe - Metrics: Column heading and pagination text is in English\n2015557 - Workloads - DeploymentConfigs :  Error message is in English\n2015568 - Compute - Nodes : CPU column\u0027s values are in English\n2015635 - Storage operator fails causing installation to fail on ASH\n2015660 - \"Finishing boot source customization\" screen should not use term \"patched\"\n2015793 - [hypershift] The collect-profiles job\u0027s pods should run on the control-plane node\n2015806 - Metrics view in Deployment reports \"Forbidden\" when not cluster-admin\n2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning\n2015837 - OS_CLOUD overwrites install-config\u0027s platform.openstack.cloud\n2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch\n2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail\n2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed)\n2016008 - [4.10] Bootimage bump tracker\n2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver\n2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator\n2016054 - No e2e CI presubmit configured for release component cluster-autoscaler\n2016055 - No e2e CI presubmit configured for release component console\n2016058 - openshift-sync does not synchronise in \"ose-jenkins:v4.8\"\n2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager\n2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers\n2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters. \n2016179 - Add Sprint 208 translations\n2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager\n2016235 - should update to 7.5.11 for grafana resources version label\n2016296 - Openshift virtualization  : Create Windows Server 2019 VM using template : Fails\n2016334 - shiftstack: SRIOV nic reported as not supported\n2016352 - Some pods start before CA resources are present\n2016367 - Empty task box is getting created for a pipeline without finally task\n2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts\n2016438 - Feature flag gating is missing in few extensions contributed via knative plugin\n2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc\n2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets\n2016453 - Complete i18n for GaugeChart defaults\n2016479 - iface-id-ver is not getting updated for existing lsp\n2016925 - Dashboards with All filter, change to a specific value and change back to All,  data will disappear\n2016951 - dynamic actions list is not disabling \"open console\" for stopped vms\n2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available\n2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances\n2017016 - [REF] Virtualization menu\n2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn\n2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly\n2017130 - t is not a function error navigating to details page\n2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue\n2017244 - ovirt csi operator static files creation is in the wrong order\n2017276 - [4.10] Volume mounts not created with the correct security context\n2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed. \n2017427 - NTO does not restart TuneD daemon when profile application is taking too long\n2017535 - Broken Argo CD link image on GitOps Details Page\n2017547 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references\n2017564 - On-prem prepender dispatcher script overwrites DNS search settings\n2017565 - CCMO does not handle additionalTrustBundle on Azure Stack\n2017566 - MetalLB: Web Console -Create Address pool form shows address pool name twice\n2017606 - [e2e][automation] add test to verify send key for VNC console\n2017650 - [OVN]EgressFirewall cannot be applied correctly if cluster has windows nodes\n2017656 - VM IP address is \"undefined\" under VM details -\u003e ssh field\n2017663 - SSH password authentication is disabled when public key is not supplied\n2017680 - [gcp] Couldn\u2019t enable support for instances with GPUs on GCP\n2017732 - [KMS] Prevent creation of encryption enabled storageclass without KMS connection set\n2017752 - (release-4.10) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource\n2017756 - overlaySize setting on containerruntimeconfig is ignored due to cri-o defaults\n2017761 - [e2e][automation] dummy bug for 4.9 test dependency\n2017872 - Add Sprint 209 translations\n2017874 - The installer is incorrectly checking the quota for X instances instead of G and VT instances\n2017879 - Add Chinese translation for \"alternate\"\n2017882 - multus: add handling of pod UIDs passed from runtime\n2017909 - [ICNI 2.0] ovnkube-masters stop processing add/del events for pods\n2018042 - HorizontalPodAutoscaler CPU averageValue did not show up in HPA metrics GUI\n2018093 - Managed cluster should ensure control plane pods do not run in best-effort QoS\n2018094 - the tooltip length is limited\n2018152 - CNI pod is not restarted when It cannot start servers due to ports being used\n2018208 - e2e-metal-ipi-ovn-ipv6 are failing 75% of the time\n2018234 - user settings are saved in local storage instead of on cluster\n2018264 - Delete Export button doesn\u0027t work in topology sidebar (general issue with unknown CSV?)\n2018272 - Deployment managed by link and topology sidebar links to invalid resource page (at least for Exports)\n2018275 - Topology graph doesn\u0027t show context menu for Export CSV\n2018279 - Edit and Delete confirmation modals for managed resource should close when the managed resource is clicked\n2018380 - Migrate docs links to access.redhat.com\n2018413 - Error: context deadline exceeded, OCP 4.8.9\n2018428 - PVC is deleted along with VM even with \"Delete Disks\" unchecked\n2018445 - [e2e][automation] enhance tests for downstream\n2018446 - [e2e][automation] move tests to different level\n2018449 - [e2e][automation] add test about create/delete network attachment definition\n2018490 - [4.10] Image provisioning fails with file name too long\n2018495 - Fix typo in internationalization README\n2018542 - Kernel upgrade does not reconcile DaemonSet\n2018880 - Get \u0027No datapoints found.\u0027 when query metrics about alert rule KubeCPUQuotaOvercommit and KubeMemoryQuotaOvercommit\n2018884 - QE - Adapt crw-basic feature file to OCP 4.9/4.10 changes\n2018935 - go.sum not updated, that ART extracts version string from, WAS: Missing backport from 4.9 for Kube bump PR#950\n2018965 - e2e-metal-ipi-upgrade is permafailing in 4.10\n2018985 - The rootdisk size is 15Gi of windows VM in customize wizard\n2019001 - AWS: Operator degraded (CredentialsFailing): 1 of 6 credentials requests are failing to sync. \n2019096 - Update SRO leader election timeout to support SNO\n2019129 - SRO in operator hub points to wrong repo for README\n2019181 - Performance profile does not apply\n2019198 - ptp offset metrics are not named according to the log output\n2019219 - [IBMCLOUD]: cloud-provider-ibm missing IAM permissions in CCCMO CredentialRequest\n2019284 - Stop action should not in the action list while VMI is not running\n2019346 - zombie processes accumulation and Argument list too long\n2019360 - [RFE] Virtualization Overview page\n2019452 - Logger object in LSO appends to existing logger recursively\n2019591 - Operator install modal body that scrolls has incorrect padding causing shadow position to be incorrect\n2019634 - Pause and migration is enabled in action list for a user who has view only permission\n2019636 - Actions in VM tabs should be disabled when user has view only permission\n2019639 - \"Take snapshot\" should be disabled while VM image is still been importing\n2019645 - Create button is not removed on \"Virtual Machines\" page for view only user\n2019646 - Permission error should pop-up immediately while clicking \"Create VM\" button on template page for view only user\n2019647 - \"Remove favorite\" and \"Create new Template\" should be disabled in template action list for view only user\n2019717 - cant delete VM with un-owned pvc attached\n2019722 - The shared-resource-csi-driver-node pod runs as \u201cBestEffort\u201d qosClass\n2019739 - The shared-resource-csi-driver-node uses imagePullPolicy as \"Always\"\n2019744 - [RFE] Suggest users to download newest RHEL 8 version\n2019809 - [OVN][Upgrade] After upgrade to 4.7.34 ovnkube-master pods are in CrashLoopBackOff/ContainerCreating and other multiple issues at OVS/OVN level\n2019827 - Display issue with top-level menu items running demo plugin\n2019832 - 4.10 Nightlies blocked: Failed to upgrade authentication, operator was degraded\n2019886 - Kuryr unable to finish ports recovery upon controller restart\n2019948 - [RFE] Restructring Virtualization links\n2019972 - The Nodes section doesn\u0027t display the csr of the nodes that are trying to join the cluster\n2019977 - Installer doesn\u0027t validate region causing binary to hang with a 60 minute timeout\n2019986 - Dynamic demo plugin fails to build\n2019992 - instance:node_memory_utilisation:ratio metric is incorrect\n2020001 - Update dockerfile for demo dynamic plugin to reflect dir change\n2020003 - MCD does not regard \"dangling\" symlinks as a files, attempts to write through them on next backup, resulting in \"not writing through dangling symlink\" error and degradation. \n2020107 - cluster-version-operator: remove runlevel from CVO namespace\n2020153 - Creation of Windows high performance VM fails\n2020216 - installer: Azure storage container blob where is stored bootstrap.ign file shouldn\u0027t be public\n2020250 - Replacing deprecated ioutil\n2020257 - Dynamic plugin with multiple webpack compilation passes may fail to build\n2020275 - ClusterOperators link in console returns blank page during upgrades\n2020377 - permissions error while using tcpdump option with must-gather\n2020489 - coredns_dns metrics don\u0027t include the custom zone metrics data due to CoreDNS prometheus plugin is not defined\n2020498 - \"Show PromQL\" button is disabled\n2020625 - [AUTH-52] User fails to login from web console with keycloak OpenID IDP after enable group membership sync feature\n2020638 - [4.7] CI conformance test failures related to CustomResourcePublishOpenAPI\n2020664 - DOWN subports are not cleaned up\n2020904 - When trying to create a connection from the Developer view between VMs, it fails\n2021016 - \u0027Prometheus Stats\u0027 of dashboard \u0027Prometheus Overview\u0027 miss data on console compared with Grafana\n2021017 - 404 page not found error on knative eventing page\n2021031 - QE - Fix the topology CI scripts\n2021048 - [RFE] Added MAC Spoof check\n2021053 - Metallb operator presented as community operator\n2021067 - Extensive number of requests from storage version operator in cluster\n2021081 - Missing PolicyGenTemplate for configuring Local Storage Operator LocalVolumes\n2021135 - [azure-file-csi-driver] \"make unit-test\" returns non-zero code, but tests pass\n2021141 - Cluster should allow a fast rollout of kube-apiserver is failing on single node\n2021151 - Sometimes the DU node does not get the performance profile configuration applied and MachineConfigPool stays stuck in Updating\n2021152 - imagePullPolicy is \"Always\" for ptp operator images\n2021191 - Project admins should be able to list available network attachment defintions\n2021205 - Invalid URL in git import form causes validation to not happen on URL change\n2021322 - cluster-api-provider-azure should populate purchase plan information\n2021337 - Dynamic Plugins: ResourceLink doesn\u0027t render when passed a groupVersionKind\n2021364 - Installer requires invalid AWS permission s3:GetBucketReplication\n2021400 - Bump documentationBaseURL to 4.10\n2021405 - [e2e][automation] VM creation wizard Cloud Init editor\n2021433 - \"[sig-builds][Feature:Builds][pullsearch] docker build where the registry is not specified\" test fail permanently on disconnected\n2021466 - [e2e][automation] Windows guest tool mount\n2021544 - OCP 4.6.44 - Ingress VIP assigned as secondary IP in ovs-if-br-ex and added to resolv.conf as nameserver\n2021551 - Build is not recognizing the USER group from an s2i image\n2021607 - Unable to run openshift-install with a vcenter hostname that begins with a numeric character\n2021629 - api request counts for current hour are incorrect\n2021632 - [UI] Clicking on odf-operator breadcrumb from StorageCluster details page displays empty page\n2021693 - Modals assigned modal-lg class are no longer the correct width\n2021724 - Observe \u003e Dashboards: Graph lines are not visible when obscured by other lines\n2021731 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled\n2021936 - Kubelet version in RPMs should be using Dockerfile label instead of git tags\n2022050 - [BM][IPI] Failed during bootstrap - unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem\n2022053 - dpdk application with vhost-net is not able to start\n2022114 - Console logging every proxy request\n2022144 - 1 of 3 ovnkube-master pods stuck in clbo after ipi bm deployment - dualstack  (Intermittent)\n2022251 - wait interval in case of a failed upload due to 403 is unnecessarily long\n2022399 - MON_DISK_LOW troubleshooting guide link when clicked, gives 404 error . \n2022447 - ServiceAccount in manifests conflicts with OLM\n2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules. \n2022509 - getOverrideForManifest does not check manifest.GVK.Group\n2022536 - WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache\n2022612 - no namespace field for \"Kubernetes / Compute Resources / Namespace (Pods)\" admin console dashboard\n2022627 - Machine object not picking up external FIP added to an openstack vm\n2022646 - configure-ovs.sh failure -  Error: unknown connection \u0027WARN:\u0027\n2022707 - Observe / monitoring dashboard shows forbidden errors on Dev Sandbox\n2022801 - Add Sprint 210 translations\n2022811 - Fix kubelet log rotation file handle leak\n2022812 - [SCALE] ovn-kube service controller executes unnecessary load balancer operations\n2022824 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests\n2022880 - Pipeline renders with minor visual artifact with certain task dependencies\n2022886 - Incorrect URL in operator description\n2023042 - CRI-O filters custom runtime allowed annotation when both custom workload and custom runtime sections specified under the config\n2023060 - [e2e][automation] Windows VM with CDROM migration\n2023077 - [e2e][automation] Home Overview Virtualization status\n2023090 - [e2e][automation] Examples of Import URL for VM templates\n2023102 - [e2e][automation] Cloudinit disk of VM from custom template\n2023216 - ACL for a deleted egressfirewall still present on node join switch\n2023228 - Remove Tech preview badge on Trigger components 1.6 OSP on OCP 4.9\n2023238 - [sig-devex][Feature:ImageEcosystem][python][Slow] hot deploy for openshift python image  Django example should work with hot deploy\n2023342 - SCC admission should take ephemeralContainers into account\n2023356 - Devfiles can\u0027t be loaded in Safari on macOS (403 - Forbidden)\n2023434 - Update Azure Machine Spec API to accept Marketplace Images\n2023500 - Latency experienced while waiting for volumes to attach to node\n2023522 - can\u0027t remove package from index: database is locked\n2023560 - \"Network Attachment Definitions\" has no project field on the top in the list view\n2023592 - [e2e][automation] add mac spoof check for nad\n2023604 - ACL violation when deleting a provisioning-configuration resource\n2023607 - console returns blank page when normal user without any projects visit Installed Operators page\n2023638 - Downgrade support level for extended control plane integration to Dev Preview\n2023657 - inconsistent behaviours of adding ssh key on rhel node between 4.9 and 4.10\n2023675 - Changing CNV Namespace\n2023779 - Fix Patch 104847 in 4.9\n2023781 - initial hardware devices is not loading in wizard\n2023832 - CCO updates lastTransitionTime for non-Status changes\n2023839 - Bump recommended FCOS to 34.20211031.3.0\n2023865 - Console css overrides prevent dynamic plug-in PatternFly tables from displaying correctly\n2023950 - make test-e2e-operator on kubernetes-nmstate results in failure to pull image from \"registry:5000\" repository\n2023985 - [4.10] OVN idle service cannot be accessed after upgrade from 4.8\n2024055 - External DNS added extra prefix for the TXT record\n2024108 - Occasionally node remains in SchedulingDisabled state even after update has been completed sucessfully\n2024190 - e2e-metal UPI is permafailing with inability to find rhcos.json\n2024199 - 400 Bad Request error for some queries for the non admin user\n2024220 - Cluster monitoring checkbox flickers when installing Operator in all-namespace mode\n2024262 - Sample catalog is not displayed when one API call to the backend fails\n2024309 - cluster-etcd-operator: defrag controller needs to provide proper observability\n2024316 - modal about support displays wrong annotation\n2024328 - [oVirt / RHV] PV disks are lost when machine deleted while node is disconnected\n2024399 - Extra space is in the translated text of \"Add/Remove alternate service\" on Create Route page\n2024448 - When ssh_authorized_keys is empty in form view it should not appear in yaml view\n2024493 - Observe \u003e Alerting \u003e Alerting rules page throws error trying to destructure undefined\n2024515 - test-blocker: Ceph-storage-plugin tests failing\n2024535 - hotplug disk missing OwnerReference\n2024537 - WINDOWS_IMAGE_LINK does not refer to windows cloud image\n2024547 - Detail page is breaking for namespace store , backing store and bucket class. \n2024551 - KMS resources not getting created for IBM FlashSystem storage\n2024586 - Special Resource Operator(SRO) - Empty image in BuildConfig when using RT kernel\n2024613 - pod-identity-webhook starts without tls\n2024617 - vSphere CSI tests constantly failing with Rollout of the monitoring stack failed and is degraded\n2024665 - Bindable services are not shown on topology\n2024731 - linuxptp container: unnecessary checking of interfaces\n2024750 - i18n some remaining OLM items\n2024804 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured\n2024826 - [RHOS/IPI] Masters are not joining a clusters when installing on OpenStack\n2024841 - test Keycloak with latest tag\n2024859 - Not able to deploy an existing image from private image registry using developer console\n2024880 - Egress IP breaks when network policies are applied\n2024900 - Operator upgrade kube-apiserver\n2024932 - console throws \"Unauthorized\" error after logging out\n2024933 - openshift-sync plugin does not sync existing secrets/configMaps on start up\n2025093 - Installer does not honour diskformat specified in storage policy and defaults to zeroedthick\n2025230 - ClusterAutoscalerUnschedulablePods should not be a warning\n2025266 - CreateResource route has exact prop which need to be removed\n2025301 - [e2e][automation] VM actions availability in different VM states\n2025304 - overwrite storage section of the DV spec instead of the pvc section\n2025431 - [RFE]Provide specific windows source link\n2025458 - [IPI-AWS] cluster-baremetal-operator pod in a crashloop state after patching from 4.7.21 to 4.7.36\n2025464 - [aws] openshift-install gather bootstrap collects logs for bootstrap and only one master node\n2025467 - [OVN-K][ETP=local] Host to service backed by ovn pods doesn\u0027t work for ExternalTrafficPolicy=local\n2025481 - Update VM Snapshots UI\n2025488 - [DOCS] Update the doc for nmstate operator installation\n2025592 - ODC 4.9 supports invalid devfiles only\n2025765 - It should not try to load from storageProfile after unchecking\"Apply optimized StorageProfile settings\"\n2025767 - VMs orphaned during machineset scaleup\n2025770 - [e2e] non-priv seems looking for v2v-vmware configMap in ns \"kubevirt-hyperconverged\" while using customize wizard\n2025788 - [IPI on azure]Pre-check on IPI Azure, should check VM Size\u2019s vCPUsAvailable instead of vCPUs for the sku. \n2025821 - Make \"Network Attachment Definitions\" available to regular user\n2025823 - The console nav bar ignores plugin separator in existing sections\n2025830 - CentOS capitalizaion is wrong\n2025837 - Warn users that the RHEL URL expire\n2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-*\n2025903 - [UI] RoleBindings tab doesn\u0027t show correct rolebindings\n2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2026178 - OpenShift Alerting Rules Style-Guide Compliance\n2026209 - Updation of task is getting failed (tekton hub integration)\n2026223 - Internal error occurred: failed calling webhook \"ptpconfigvalidationwebhook.openshift.io\"\n2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates\n2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct\n2026352 - Kube-Scheduler revision-pruner fail during install of new cluster\n2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment\n2026383 - Error when rendering custom Grafana dashboard through ConfigMap\n2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation\n2026396 - Cachito Issues: sriov-network-operator Image build failure\n2026488 - openshift-controller-manager - delete event is repeating pathologically\n2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined. \n2026560 - Cluster-version operator does not remove unrecognized volume mounts\n2026699 - fixed a bug with missing metadata\n2026813 - add Mellanox CX-6 Lx DeviceID 101f NIC support in SR-IOV Operator\n2026898 - Description/details are missing for Local Storage Operator\n2027132 - Use the specific icon for Fedora and CentOS template\n2027238 - \"Node Exporter / USE Method / Cluster\" CPU utilization graph shows incorrect legend\n2027272 - KubeMemoryOvercommit alert should be human readable\n2027281 - [Azure] External-DNS cannot find the private DNS zone in the resource group\n2027288 - Devfile samples can\u0027t be loaded after fixing it on Safari (redirect caching issue)\n2027299 - The status of checkbox component is not revealed correctly in code\n2027311 - K8s watch hooks do not work when fetching core resources\n2027342 - Alert ClusterVersionOperatorDown is firing on OpenShift Container Platform after ca certificate rotation\n2027363 - The azure-file-csi-driver and azure-file-csi-driver-operator don\u0027t use the downstream images\n2027387 - [IBMCLOUD] Terraform ibmcloud-provider buffers entirely the qcow2 image causing spikes of 5GB of RAM during installation\n2027498 - [IBMCloud] SG Name character length limitation\n2027501 - [4.10] Bootimage bump tracker\n2027524 - Delete Application doesn\u0027t delete Channels or Brokers\n2027563 - e2e/add-flow-ci.feature fix accessibility violations\n2027585 - CVO crashes when changing spec.upstream to a cincinnati graph which includes invalid conditional edges\n2027629 - Gather ValidatingWebhookConfiguration and MutatingWebhookConfiguration resource definitions\n2027685 - openshift-cluster-csi-drivers pods crashing on PSI\n2027745 - default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced\n2027824 - ovnkube-master CrashLoopBackoff: panic: Expected slice or struct but got string\n2027917 - No settings in hostfirmwaresettings and schema objects for masters\n2027927 - sandbox creation fails due to obsolete option in /etc/containers/storage.conf\n2027982 - nncp stucked at ConfigurationProgressing\n2028019 - Max pending serving CSRs allowed in cluster machine approver is not right for UPI clusters\n2028024 - After deleting a SpecialResource, the node is still tagged although the driver is removed\n2028030 - Panic detected in cluster-image-registry-operator pod\n2028042 - Desktop viewer for Windows VM shows \"no Service for the RDP (Remote Desktop Protocol) can be found\"\n2028054 - Cloud controller manager operator can\u0027t get leader lease when upgrading from 4.8 up to 4.9\n2028106 - [RFE] Use dynamic plugin actions for kubevirt plugin\n2028141 - Console tests doesn\u0027t pass on Node.js 15 and 16\n2028160 - Remove i18nKey in network-policy-peer-selectors.tsx\n2028162 - Add Sprint 210 translations\n2028170 - Remove leading and trailing whitespace\n2028174 - Add Sprint 210 part 2 translations\n2028187 - Console build doesn\u0027t pass on Node.js 16 because node-sass doesn\u0027t support it\n2028217 - Cluster-version operator does not default Deployment replicas to one\n2028240 - Multiple CatalogSources causing higher CPU use than necessary\n2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn\u0027t be set in HostFirmwareSettings\n2028325 - disableDrain should be set automatically on SNO\n2028484 - AWS EBS CSI driver\u0027s livenessprobe does not respect operator\u0027s loglevel\n2028531 - Missing netFilter to the list of parameters when platform is OpenStack\n2028610 - Installer doesn\u0027t retry on GCP rate limiting\n2028685 - LSO repeatedly reports errors while diskmaker-discovery pod is starting\n2028695 - destroy cluster does not prune bootstrap instance profile\n2028731 - The containerruntimeconfig controller has wrong assumption regarding the number of containerruntimeconfigs\n2028802 - CRI-O panic due to invalid memory address or nil pointer dereference\n2028816 - VLAN IDs not released on failures\n2028881 - Override not working for the PerformanceProfile template\n2028885 - Console should show an error context if it logs an error object\n2028949 - Masthead dropdown item hover text color is incorrect\n2028963 - Whereabouts should reconcile stranded IP addresses\n2029034 - enabling ExternalCloudProvider leads to inoperative cluster\n2029178 - Create VM with wizard - page is not displayed\n2029181 - Missing CR from PGT\n2029273 - wizard is not able to use if project field is \"All Projects\"\n2029369 - Cypress tests github rate limit errors\n2029371 - patch pipeline--worker nodes unexpectedly reboot during scale out\n2029394 - missing empty text for hardware devices at wizard review\n2029414 - Alibaba Disk snapshots with XFS filesystem cannot be used\n2029416 - Alibaba Disk CSI driver does not use credentials provided by CCO / ccoctl\n2029521 - EFS CSI driver cannot delete volumes under load\n2029570 - Azure Stack Hub: CSI Driver does not use user-ca-bundle\n2029579 - Clicking on an Application which has a Helm Release in it causes an error\n2029644 - New resource FirmwareSchema - reset_required exists for Dell machines and doesn\u0027t for HPE\n2029645 - Sync upstream 1.15.0 downstream\n2029671 - VM action \"pause\" and \"clone\" should be disabled while VM disk is still being importing\n2029742 - [ovn] Stale lr-policy-list  and snat rules left for egressip\n2029750 - cvo keep restart due to it fail to get feature gate value during the initial start stage\n2029785 - CVO panic when an edge is included in both edges and conditionaledges\n2029843 - Downstream ztp-site-generate-rhel8 4.10 container image missing content(/home/ztp)\n2030003 - HFS CRD: Attempt to set Integer parameter to not-numeric string value - no error\n2030029 - [4.10][goroutine]Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace\n2030228 - Fix StorageSpec resources field to use correct API\n2030229 - Mirroring status card reflect wrong data\n2030240 - Hide overview page for non-privileged user\n2030305 - Export App job do not completes\n2030347 - kube-state-metrics exposes metrics about resource annotations\n2030364 - Shared resource CSI driver monitoring is not setup correctly\n2030488 - Numerous Azure CI jobs are Failing with Partially Rendered machinesets\n2030534 - Node selector/tolerations rules are evaluated too early\n2030539 - Prometheus is not highly available\n2030556 - Don\u0027t display Description or Message fields for alerting rules if those annotations are missing\n2030568 - Operator installation fails to parse operatorframework.io/initialization-resource annotation\n2030574 - console service uses older \"service.alpha.openshift.io\" for the service serving certificates. \n2030677 - BOND CNI: There is no option to configure MTU on a Bond interface\n2030692 - NPE in PipelineJobListener.upsertWorkflowJob\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2030847 - PerformanceProfile API version should be v2\n2030961 - Customizing the OAuth server URL does not apply to upgraded cluster\n2031006 - Application name input field is not autofocused when user selects \"Create application\"\n2031012 - Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex\n2031040 - Error screen when open topology sidebar for a Serverless / knative service which couldn\u0027t be started\n2031049 - [vsphere upi] pod machine-config-operator cannot be started due to panic issue\n2031057 - Topology sidebar for Knative services shows a small pod ring with \"0 undefined\" as tooltip\n2031060 - Failing CSR Unit test due to expired test certificate\n2031085 - ovs-vswitchd running more threads than expected\n2031141 - Some pods not able to reach k8s api svc IP 198.223.0.1\n2031228 - CVE-2021-43813 grafana: directory traversal vulnerability\n2031502 - [RFE] New common templates crash the ui\n2031685 - Duplicated forward upstreams should be removed from the dns operator\n2031699 - The displayed ipv6 address of a dns upstream should be case sensitive\n2031797 - [RFE] Order and text of Boot source type input are wrong\n2031826 - CI tests needed to confirm driver-toolkit image contents\n2031831 - OCP Console - Global CSS overrides affecting dynamic plugins\n2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional\n2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled)\n2031875 - [RFE]: Provide online documentation for the SRO CRD (via oc explain)\n2031926 - [ipv6dualstack] After SVC conversion from single stack only to RequireDualStack, cannot curl NodePort from the node itself\n2032006 - openshift-gitops-application-controller-0 failed to schedule with sufficient node allocatable resource\n2032111 - arm64 cluster, create project and deploy the example deployment, pod is CrashLoopBackOff due to the image is built on linux+amd64\n2032141 - open the alertrule link in new tab, got empty page\n2032179 - [PROXY] external dns pod cannot reach to cloud API in the cluster behind a proxy\n2032296 - Cannot create machine with ephemeral disk on Azure\n2032407 - UI will show the default openshift template wizard for HANA template\n2032415 - Templates page - remove \"support level\" badge and add \"support level\" column which should not be hard coded\n2032421 - [RFE] UI integration with automatic updated images\n2032516 - Not able to import git repo with .devfile.yaml\n2032521 - openshift-installer intermittent failure on AWS with \"Error: Provider produced inconsistent result after apply\" when creating the aws_vpc_dhcp_options_association resource\n2032547 - hardware devices table have filter when table is empty\n2032565 - Deploying compressed files with a MachineConfig resource degrades the MachineConfigPool\n2032566 - Cluster-ingress-router does not support Azure Stack\n2032573 - Adopting enforces deploy_kernel/ramdisk which does not work with deploy_iso\n2032589 - DeploymentConfigs ignore resolve-names annotation\n2032732 - Fix styling conflicts due to recent console-wide CSS changes\n2032831 - Knative Services and Revisions are not shown when Service has no ownerReference\n2032851 - Networking is \"not available\" in Virtualization Overview\n2032926 - Machine API components should use K8s 1.23 dependencies\n2032994 - AddressPool IP is not allocated to service external IP wtih aggregationLength 24\n2032998 - Can not achieve 250 pods/node with OVNKubernetes in a multiple worker node cluster\n2033013 - Project dropdown in user preferences page is broken\n2033044 - Unable to change import strategy if devfile is invalid\n2033098 - Conjunction in ProgressiveListFooter.tsx is not translatable\n2033111 - IBM VPC operator library bump removed global CLI args\n2033138 - \"No model registered for Templates\" shows on customize wizard\n2033215 - Flaky CI: crud/other-routes.spec.ts fails sometimes with an cypress ace/a11y AssertionError: 1 accessibility violation was detected\n2033239 - [IPI on Alibabacloud] \u0027openshift-install\u0027 gets the wrong region (\u2018cn-hangzhou\u2019) selected\n2033257 - unable to use configmap for helm charts\n2033271 - [IPI on Alibabacloud] destroying cluster succeeded, but the resource group deletion wasn\u2019t triggered\n2033290 - Product builds for console are failing\n2033382 - MAPO is missing machine annotations\n2033391 - csi-driver-shared-resource-operator sets unused CVO-manifest annotations\n2033403 - Devfile catalog does not show provider information\n2033404 - Cloud event schema is missing source type and resource field is using wrong value\n2033407 - Secure route data is not pre-filled in edit flow form\n2033422 - CNO not allowing LGW conversion from SGW in runtime\n2033434 - Offer darwin/arm64 oc in clidownloads\n2033489 - CCM operator failing on baremetal platform\n2033518 - [aws-efs-csi-driver]Should not accept invalid FSType in sc for AWS EFS driver\n2033524 - [IPI on Alibabacloud] interactive installer cannot list existing base domains\n2033536 - [IPI on Alibabacloud] bootstrap complains invalid value for alibabaCloud.resourceGroupID when updating \"cluster-infrastructure-02-config.yml\" status, which leads to bootstrap failed and all master nodes NotReady\n2033538 - Gather Cost Management Metrics Custom Resource\n2033579 - SRO cannot update the special-resource-lifecycle ConfigMap if the data field is undefined\n2033587 - Flaky CI test project-dashboard.scenario.ts: Resource Quotas Card was not found on project detail page\n2033634 - list-style-type: disc is applied to the modal dropdowns\n2033720 - Update samples in 4.10\n2033728 - Bump OVS to 2.16.0-33\n2033729 - remove runtime request timeout restriction for azure\n2033745 - Cluster-version operator makes upstream update service / Cincinnati requests more frequently than intended\n2033749 - Azure Stack Terraform fails without Local Provider\n2033750 - Local volume should pull multi-arch image for kube-rbac-proxy\n2033751 - Bump kubernetes to 1.23\n2033752 - make verify fails due to missing yaml-patch\n2033784 - set kube-apiserver degraded=true if webhook matches a virtual resource\n2034004 - [e2e][automation] add tests for VM snapshot improvements\n2034068 - [e2e][automation] Enhance tests for 4.10 downstream\n2034087 - [OVN] EgressIP was assigned to the node which is not egress node anymore\n2034097 - [OVN] After edit EgressIP object, the status is not correct\n2034102 - [OVN] Recreate the  deleted EgressIP object got  InvalidEgressIP  warning\n2034129 - blank page returned when clicking \u0027Get started\u0027 button\n2034144 - [OVN AWS] ovn-kube egress IP monitoring cannot detect the failure on ovn-k8s-mp0\n2034153 - CNO does not verify MTU migration for OpenShiftSDN\n2034155 - [OVN-K] [Multiple External Gateways] Per pod SNAT is disabled\n2034170 - Use function.knative.dev for Knative Functions related labels\n2034190 - unable to add new VirtIO disks to VMs\n2034192 - Prometheus fails to insert reporting metrics when the sample limit is met\n2034243 - regular user cant load template list\n2034245 - installing a cluster on aws, gcp always fails with \"Error: Incompatible provider version\"\n2034248 - GPU/Host device modal is too small\n2034257 - regular user `Create VM` missing permissions alert\n2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]\n2034287 - do not block upgrades if we can\u0027t create storageclass in 4.10 in vsphere\n2034300 - Du validator policy is NonCompliant after DU configuration completed\n2034319 - Negation constraint is not validating packages\n2034322 - CNO doesn\u0027t pick up settings required when ExternalControlPlane topology\n2034350 - The CNO should implement the Whereabouts IP reconciliation cron job\n2034362 - update description of disk interface\n2034398 - The Whereabouts IPPools CRD should include the podref field\n2034409 - Default CatalogSources should be pointing to 4.10 index images\n2034410 - Metallb BGP, BFD:  prometheus is not scraping the frr metrics\n2034413 - cloud-network-config-controller fails to init with secret \"cloud-credentials\" not found in manual credential mode\n2034460 - Summary: cloud-network-config-controller does not account for different environment\n2034474 - Template\u0027s boot source is \"Unknown source\" before and after set enableCommonBootImageImport to true\n2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren\u0027t working properly\n2034493 - Change cluster version operator log level\n2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list\n2034527 - IPI deployment fails \u0027timeout reached while inspecting the node\u0027 when provisioning network ipv6\n2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer\n2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART\n2034537 - Update team\n2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds\n2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success\n2034577 - Current OVN gateway mode should be reflected on node annotation as well\n2034621 - context menu not popping up for application group\n2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10\n2034624 - Warn about unsupported CSI driver in vsphere operator\n2034647 - missing volumes list in snapshot modal\n2034648 - Rebase openshift-controller-manager to 1.23\n2034650 - Rebase openshift/builder to 1.23\n2034705 - vSphere: storage e2e tests logging configuration data\n2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail. \n2034766 - Special Resource Operator(SRO) -  no cert-manager pod created in dual stack environment\n2034785 - ptpconfig with summary_interval cannot be applied\n2034823 - RHEL9 should be starred in template list\n2034838 - An external router can inject routes if no service is added\n2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent\n2034879 - Lifecycle hook\u0027s name and owner shouldn\u0027t be allowed to be empty\n2034881 - Cloud providers components should use K8s 1.23 dependencies\n2034884 - ART cannot build the image because it tries to download controller-gen\n2034889 - `oc adm prune deployments` does not work\n2034898 - Regression in recently added Events feature\n2034957 - update openshift-apiserver to kube 1.23.1\n2035015 - ClusterLogForwarding CR remains stuck remediating forever\n2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster\n2035141 - [RFE] Show GPU/Host devices in template\u0027s details tab\n2035146 - \"kubevirt-plugin~PVC cannot be empty\" shows on add-disk modal while adding existing PVC\n2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting\n2035199 - IPv6 support in mtu-migration-dispatcher.yaml\n2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing\n2035250 - Peering with ebgp peer over multi-hops doesn\u0027t work\n2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices\n2035315 - invalid test cases for AWS passthrough mode\n2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env\n2035321 - Add Sprint 211 translations\n2035326 - [ExternalCloudProvider] installation with additional network on workers fails\n2035328 - Ccoctl does not ignore credentials request manifest marked for deletion\n2035333 - Kuryr orphans ports on 504 errors from Neutron\n2035348 - Fix two grammar issues in kubevirt-plugin.json strings\n2035393 - oc set data --dry-run=server  makes persistent changes to configmaps and secrets\n2035409 - OLM E2E test depends on operator package that\u0027s no longer published\n2035439 - SDN  Automatic assignment EgressIP on GCP returned node IP adress not egressIP address\n2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to \u0027ecs-cn-hangzhou.aliyuncs.com\u0027 timeout, although the specified region is \u0027us-east-1\u0027\n2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster\n2035467 - UI: Queried metrics can\u0027t be ordered on Oberve-\u003eMetrics page\n2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers\n2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class\n2035602 - [e2e][automation] add tests for Virtualization Overview page cards\n2035703 - Roles -\u003e RoleBindings tab doesn\u0027t show RoleBindings correctly\n2035704 - RoleBindings list page filter doesn\u0027t apply\n2035705 - Azure \u0027Destroy cluster\u0027 get stuck when the cluster resource group is already not existing. \n2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed\n2035772 - AccessMode and VolumeMode is not reserved for customize wizard\n2035847 - Two dashes in the Cronjob / Job pod name\n2035859 - the output of opm render doesn\u0027t contain  olm.constraint which is defined in dependencies.yaml\n2035882 - [BIOS setting values] Create events for all invalid settings in spec\n2035903 - One redundant capi-operator credential requests in \u201coc adm extract --credentials-requests\u201d\n2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen\n2035927 - Cannot enable HighNodeUtilization scheduler profile\n2035933 - volume mode and access mode are empty in customize wizard review tab\n2035969 - \"ip a \" shows \"Error: Peer netns reference is invalid\" after create test pods\n2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation\n2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error\n2036029 - New added cloud-network-config operator doesn\u2019t supported aws sts format credential\n2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend\n2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes\n2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23\n2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23\n2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments\n2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists\n2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected\n2036826 - `oc adm prune deployments` can prune the RC/RS\n2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform\n2036861 - kube-apiserver is degraded while enable multitenant\n2036937 - Command line tools page shows wrong download ODO link\n2036940 - oc registry login fails if the file is empty or stdout\n2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container\n2036989 - Route URL copy to clipboard button wraps to a separate line by itself\n2036990 - ZTP \"DU Done inform policy\" never becomes compliant on multi-node clusters\n2036993 - Machine API components should use Go lang version 1.17\n2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log. \n2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api\n2037073 - Alertmanager container fails to start because of startup probe never being successful\n2037075 - Builds do not support CSI volumes\n2037167 - Some log level in ibm-vpc-block-csi-controller are hard code\n2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles\n2037182 - PingSource badge color is not matched with knativeEventing color\n2037203 - \"Running VMs\" card is too small in Virtualization Overview\n2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly\n2037237 - Add \"This is a CD-ROM boot source\" to customize wizard\n2037241 - default TTL for noobaa cache buckets should be 0\n2037246 - Cannot customize auto-update boot source\n2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately\n2037288 - Remove stale image reference\n2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources\n2037483 - Rbacs for Pods within the CBO should be more restrictive\n2037484 - Bump dependencies to k8s 1.23\n2037554 - Mismatched wave number error message should include the wave numbers that are in conflict\n2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform]\n2037635 - impossible to configure custom certs for default console route in ingress config\n2037637 - configure custom certificate for default console route doesn\u0027t take effect for OCP \u003e= 4.8\n2037638 - Builds do not support CSI volumes as volume sources\n2037664 - text formatting issue in Installed Operators list table\n2037680 - [IPI on Alibabacloud] sometimes operator \u0027cloud-controller-manager\u0027 tells empty VERSION, due to conflicts on listening tcp :8080\n2037689 - [IPI on Alibabacloud] sometimes operator \u0027cloud-controller-manager\u0027 tells empty VERSION, due to conflicts on listening tcp :8080\n2037801 - Serverless installation is failing on CI jobs for e2e tests\n2037813 - Metal Day 1 Networking -  networkConfig Field Only Accepts String Format\n2037856 - use lease for leader election\n2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10\n2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests\n2037904 - upgrade operator deployment failed due to memory limit too low for manager container\n2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation]\n2038034 - non-privileged user cannot see auto-update boot source\n2038053 - Bump dependencies to k8s 1.23\n2038088 - Remove ipa-downloader references\n2038160 - The `default` project missed the annotation : openshift.io/node-selector: \"\"\n2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional\n2038196 - must-gather is missing collecting some metal3 resources\n2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777)\n2038253 - Validator Policies are long lived\n2038272 - Failures to build a PreprovisioningImage are not reported\n2038384 - Azure Default Instance Types are Incorrect\n2038389 - Failing test: [sig-arch] events should not repeat pathologically\n2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket\n2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips\n2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained\n2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect\n2038663 - update kubevirt-plugin OWNERS\n2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via \"oc adm groups new\"\n2038705 - Update ptp reviewers\n2038761 - Open Observe-\u003eTargets page, wait for a while, page become blank\n2038768 - All the filters on the Observe-\u003eTargets page can\u0027t work\n2038772 - Some monitors failed to display on Observe-\u003eTargets page\n2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node\n2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces\n2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard\n2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation\n2038864 - E2E tests fail because multi-hop-net was not created\n2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console\n2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured\n2038968 - Move feature gates from a carry patch to openshift/api\n2039056 - Layout issue with breadcrumbs on API explorer page\n2039057 - Kind column is not wide enough in API explorer page\n2039064 - Bulk Import e2e test flaking at a high rate\n2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled\n2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters\n2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost\n2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy\n2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator\n2039170 - [upgrade]Error shown on registry operator \"missing the cloud-provider-config configmap\" after upgrade\n2039227 - Improve image customization server parameter passing during installation\n2039241 - Improve image customization server parameter passing during installation\n2039244 - Helm Release revision history page crashes the UI\n2039294 - SDN controller metrics cannot be consumed correctly by prometheus\n2039311 - oc Does Not Describe Build CSI Volumes\n2039315 - Helm release list page should only fetch secrets for deployed charts\n2039321 - SDN controller metrics are not being consumed by prometheus\n2039330 - Create NMState button doesn\u0027t work in OperatorHub web console\n2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations\n2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters. \n2039359 - `oc adm prune deployments` can\u0027t prune the RS  where the associated Deployment no longer exists\n2039382 - gather_metallb_logs does not have execution permission\n2039406 - logout from rest session after vsphere operator sync is finished\n2039408 - Add GCP region northamerica-northeast2 to allowed regions\n2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration\n2039425 - No need to set KlusterletAddonConfig CR applicationManager-\u003eenabled: true in RAN ztp deployment\n2039491 - oc - git:// protocol used in unit tests\n2039516 - Bump OVN to ovn21.12-21.12.0-25\n2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate\n2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled\n2039541 - Resolv-prepender script duplicating entries\n2039586 - [e2e] update centos8 to centos stream8\n2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty\n2039619 - [AWS] In tree provisioner storageclass aws disk type should contain \u0027gp3\u0027 and csi provisioner storageclass default aws disk type should be \u0027gp3\u0027\n2039670 - Create PDBs for control plane components\n2039678 - Page goes blank when create image pull secret\n2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported\n2039743 - React missing key warning when open operator hub detail page (and maybe others as well)\n2039756 - React missing key warning when open KnativeServing details\n2039770 - Observe dashboard doesn\u0027t react on time-range changes after browser reload when perspective is changed in another tab\n2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard\n2039781 - [GSS] OBC is not visible by admin of a Project on Console\n2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector\n2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled\n2039880 - Log level too low for control plane metrics\n2039919 - Add E2E test for router compression feature\n2039981 - ZTP for standard clusters installs stalld on master nodes\n2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead\n2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced\n2040143 - [IPI on Alibabacloud] suggest to remove region \"cn-nanjing\" or provide better error message\n2040150 - Update ConfigMap keys for IBM HPCS\n2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth\n2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository\n2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp\n2040376 - \"unknown instance type\" error for supported m6i.xlarge instance\n2040394 - Controller: enqueue the failed configmap till services update\n2040467 - Cannot build ztp-site-generator container image\n2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn\u0027t take affect in OpenShift 4\n2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps\n2040535 - Auto-update boot source is not available in customize wizard\n2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name\n2040603 - rhel worker scaleup playbook failed because missing some dependency of podman\n2040616 - rolebindings page doesn\u0027t load for normal users\n2040620 - [MAPO] Error pulling MAPO image on installation\n2040653 - Topology sidebar warns that another component is updated while rendering\n2040655 - User settings update fails when selecting application in topology sidebar\n2040661 - Different react warnings about updating state on unmounted components when leaving topology\n2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation\n2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi\n2040694 - Three upstream HTTPClientConfig struct fields missing in the operator\n2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers\n2040710 - cluster-baremetal-operator cannot update BMC subscription CR\n2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms\n2040782 - Import YAML page blocks input with more then one generateName attribute\n2040783 - The Import from YAML summary page doesn\u0027t show the resource name if created via generateName attribute\n2040791 - Default PGT policies must be \u0027inform\u0027 to integrate with the Lifecycle Operator\n2040793 - Fix snapshot e2e failures\n2040880 - do not block upgrades if we can\u0027t connect to vcenter\n2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10\n2041093 - autounattend.xml missing\n2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates\n2041319 - [IPI on Alibabacloud] installation in region \"cn-shanghai\" failed, due to \"Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped\"\n2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23\n2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller\n2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener\n2041441 - Provision volume with size 3000Gi even if sizeRange: \u0027[10-2000]GiB\u0027 in storageclass on IBM cloud\n2041466 - Kubedescheduler version is missing from the operator logs\n2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses\n2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR  is missing (controller and speaker pods)\n2041492 - Spacing between resources in inventory card is too small\n2041509 - GCP Cloud provider components should use K8s 1.23 dependencies\n2041510 - cluster-baremetal-operator doesn\u0027t run baremetal-operator\u0027s subscription webhook\n2041541 - audit: ManagedFields are dropped using API not annotation\n2041546 - ovnkube: set election timer at RAFT cluster creation time\n2041554 - use lease for leader election\n2041581 - KubeDescheduler operator log shows \"Use of insecure cipher detected\"\n2041583 - etcd and api server cpu mask interferes with a guaranteed workload\n2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure\n2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation\n2041620 - bundle CSV alm-examples does not parse\n2041641 - Fix inotify leak and kubelet retaining memory\n2041671 - Delete templates leads to 404 page\n2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category\n2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled\n2041750 - [IPI on Alibabacloud] trying \"create install-config\" with region \"cn-wulanchabu (China (Ulanqab))\" (or \"ap-southeast-6 (Philippines (Manila))\", \"cn-guangzhou (China (Guangzhou))\") failed due to invalid endpoint\n2041763 - The Observe \u003e Alerting pages no longer have their default sort order applied\n2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken\n2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied\n2041882 - cloud-network-config operator can\u0027t work normal on GCP workload identity cluster\n2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases\n2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist\n2041971 - [vsphere] Reconciliation of mutating webhooks didn\u0027t happen\n2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile\n2041999 - [PROXY] external dns pod cannot recognize custom proxy CA\n2042001 - unexpectedly found multiple load balancers\n2042029 - kubedescheduler fails to install completely\n2042036 - [IBMCLOUD] \"openshift-install explain installconfig.platform.ibmcloud\" contains not yet supported custom vpc parameters\n2042049 - Seeing warning related to unrecognized feature gate in kubescheduler \u0026 KCM logs\n2042059 - update discovery burst to reflect lots of CRDs on openshift clusters\n2042069 - Revert toolbox to rhcos-toolbox\n2042169 - Can not delete egressnetworkpolicy in Foreground propagation\n2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool\n2042265 - [IBM]\"--scale-down-utilization-threshold\" doesn\u0027t work on IBMCloud\n2042274 - Storage API should be used when creating a PVC\n2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection\n2042366 - Lifecycle hooks should be independently managed\n2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway\n2042382 - [e2e][automation] CI takes more then 2 hours to run\n2042395 - Add prerequisites for active health checks test\n2042438 - Missing rpms in openstack-installer image\n2042466 - Selection does not happen when switching from Topology Graph to List View\n2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver\n2042567 - insufficient info on CodeReady Containers configuration\n2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk\n2042619 - Overview page of the console is broken for hypershift clusters\n2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running\n2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud\n2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud\n2042770 - [IPI on Alibabacloud] with vpcID \u0026 vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly\n2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring)\n2042851 - Create template from SAP HANA template flow - VM is created instead of a new template\n2042906 - Edit machineset with same machine deletion hook name succeed\n2042960 - azure-file CI fails with \"gid(0) in storageClass and pod fsgroup(1000) are not equal\"\n2043003 - [IPI on Alibabacloud] \u0027destroy cluster\u0027 of a failed installation (bug2041694) stuck after \u0027stage=Nat gateways\u0027\n2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]\n2043043 - Cluster Autoscaler should use K8s 1.23 dependencies\n2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props)\n2043078 - Favorite system projects not visible in the project selector after toggling \"Show default projects\". \n2043117 - Recommended operators links are erroneously treated as external\n2043130 - Update CSI sidecars to the latest release for 4.10\n2043234 - Missing validation when creating several BGPPeers with the same peerAddress\n2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler\n2043254 - crio does not bind the security profiles directory\n2043296 - Ignition fails when reusing existing statically-keyed LUKS volume\n2043297 - [4.10] Bootimage bump tracker\n2043316 - RHCOS VM fails to boot on Nutanix AOS\n2043446 - Rebase aws-efs-utils to the latest upstream version. \n2043556 - Add proper ci-operator configuration to ironic and ironic-agent images\n2043577 - DPU network operator\n2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator\n2043675 - Too many machines deleted by cluster autoscaler when scaling down\n2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation\n2043709 - Logging flags no longer being bound to command line\n2043721 - Installer bootstrap hosts using outdated kubelet containing bugs\n2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather\n2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23\n2043780 - Bump router to k8s.io/api 1.23\n2043787 - Bump cluster-dns-operator to k8s.io/api 1.23\n2043801 - Bump CoreDNS to k8s.io/api 1.23\n2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown\n2043961 - [OVN-K] If pod creation fails, retry doesn\u0027t work as expected. \n2044201 - Templates golden image parameters names should be supported\n2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8]\n2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter \u201ccsi.storage.k8s.io/fstype\u201d create pvc,pod successfully but write data to the pod\u0027s volume failed of \"Permission denied\"\n2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects\n2044347 - Bump to kubernetes 1.23.3\n2044481 - collect sharedresource cluster scoped instances with must-gather\n2044496 - Unable to create hardware events subscription - failed to add finalizers\n2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources\n2044680 - Additional libovsdb performance and resource consumption fixes\n2044704 - Observe \u003e Alerting pages should not show runbook links in 4.10\n2044717 - [e2e] improve tests for upstream test environment\n2044724 - Remove namespace column on VM list page when a project is selected\n2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff\n2044808 - machine-config-daemon-pull.service: use `cp` instead of `cat` when extracting MCD in OKD\n2045024 - CustomNoUpgrade alerts should be ignored\n2045112 - vsphere-problem-detector has missing rbac rules for leases\n2045199 - SnapShot with Disk Hot-plug hangs\n2045561 - Cluster Autoscaler should use the same default Group value as Cluster API\n2045591 - Reconciliation of aws pod identity mutating webhook did not happen\n2045849 - Add Sprint 212 translations\n2045866 - MCO Operator pod spam \"Error creating event\" warning messages in 4.10\n2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin\n2045916 - [IBMCloud] Default machine profile in installer is unreliable\n2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment\n2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify\n2046137 - oc output for unknown commands is not human readable\n2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance\n2046297 - Bump DB reconnect timeout\n2046517 - In Notification drawer, the \"Recommendations\" header shows when there isn\u0027t any recommendations\n2046597 - Observe \u003e Targets page may show the wrong service monitor is multiple monitors have the same namespace \u0026 label selectors\n2046626 - Allow setting custom metrics for Ansible-based Operators\n2046683 - [AliCloud]\"--scale-down-utilization-threshold\" doesn\u0027t work on AliCloud\n2047025 - Installation fails because of Alibaba CSI driver operator is degraded\n2047190 - Bump Alibaba CSI driver for 4.10\n2047238 - When using communities and localpreferences together, only localpreference gets applied\n2047255 - alibaba: resourceGroupID not found\n2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions\n2047317 - Update HELM OWNERS files under Dev Console\n2047455 - [IBM Cloud] Update custom image os type\n2047496 - Add image digest feature\n2047779 - do not degrade cluster if storagepolicy creation fails\n2047927 - \u0027oc get project\u0027 caused \u0027Observed a panic: cannot deep copy core.NamespacePhase\u0027 when AllRequestBodies is used\n2047929 - use lease for leader election\n2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2048046 - New route annotation to show another URL or hide topology URL decorator doesn\u0027t work for Knative Services\n2048048 - Application tab in User Preferences dropdown menus are too wide. \n2048050 - Topology list view items are not highlighted on keyboard navigation\n2048117 - [IBM]Shouldn\u0027t change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value\n2048413 - Bond CNI: Failed to  attach Bond NAD to pod\n2048443 - Image registry operator panics when finalizes config deletion\n2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-*\n2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt\n2048598 - Web terminal view is broken\n2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure\n2048891 - Topology page is crashed\n2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class\n2049043 - Cannot create VM from template\n2049156 - \u0027oc get project\u0027 caused \u0027Observed a panic: cannot deep copy core.NamespacePhase\u0027 when AllRequestBodies is used\n2049886 - Placeholder bug for OCP 4.10.0 metadata release\n2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning\n2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2\n2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0\n2050227 - Installation on PSI fails with: \u0027openstack platform does not have the required standard-attr-tag network extension\u0027\n2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s]\n2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members\n2050310 - ContainerCreateError when trying to launch large (\u003e500) numbers of pods across nodes\n2050370 - alert data for burn budget needs to be updated to prevent regression\n2050393 - ZTP missing support for local image registry and custom machine config\n2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud\n2050737 - Remove metrics and events for master port offsets\n2050801 - Vsphere upi tries to access vsphere during manifests generation phase\n2050883 - Logger object in LSO does not log source location accurately\n2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit\n2052062 - Whereabouts should implement client-go 1.22+\n2052125 - [4.10] Crio appears to be coredumping in some scenarios\n2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config\n2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. \n2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests\n2052598 - kube-scheduler should use configmap lease\n2052599 - kube-controller-manger should use configmap lease\n2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh\n2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid\n2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop\n2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. \n2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1\n2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch\n2052756 - [4.10] PVs are not being cleaned up after PVC deletion\n2053175 - oc adm catalog mirror throws \u0027missing signature key\u0027 error when using file://local/index\n2053218 - ImagePull fails with error  \"unable to pull manifest from example.com/busy.box:v5  invalid reference format\"\n2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs\n2053268 - inability to detect static lifecycle failure\n2053314 - requestheader IDP test doesn\u0027t wait for cleanup, causing high failure rates\n2053323 - OpenShift-Ansible BYOH Unit Tests are Broken\n2053339 - Remove dev preview badge from IBM FlashSystem deployment windows\n2053751 - ztp-site-generate container is missing convenience entrypoint\n2053945 - [4.10] Failed to apply sriov policy on intel nics\n2054109 - Missing \"app\" label\n2054154 - RoleBinding in project without subject is causing \"Project access\" page to fail\n2054244 - Latest pipeline run should be listed on the top of the pipeline run list\n2054288 - console-master-e2e-gcp-console is broken\n2054562 - DPU network operator 4.10 branch need to sync with master\n2054897 - Unable to deploy hw-event-proxy operator\n2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently\n2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line\n2055371 - Remove Check which enforces summary_interval must match logSyncInterval\n2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11\n2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API\n2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured\n2056479 - ovirt-csi-driver-node pods are crashing intermittently\n2056572 - reconcilePrecaching error: cannot list resource \"clusterserviceversions\" in API group \"operators.coreos.com\" at the cluster scope\"\n2056629 - [4.10] EFS CSI driver can\u0027t unmount volumes with \"wait: no child processes\"\n2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs\n2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation\n2056948 - post 1.23 rebase: regression in service-load balancer reliability\n2057438 - Service Level Agreement (SLA) always show \u0027Unknown\u0027\n2057721 - Fix Proxy support in RHACM 2.4.2\n2057724 - Image creation fails when NMstateConfig CR is empty\n2058641 - [4.10] Pod density test causing problems when using kube-burner\n2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install\n2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials\n2060956 - service domain can\u0027t be resolved when networkpolicy is used in OCP 4.10-rc\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3577\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2017-14502\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2018-1000858\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-9952\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-25660\nhttps://access.redhat.com/security/cve/CVE-2020-25677\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27781\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/cve/CVE-2021-3516\nhttps://access.redhat.com/security/cve/CVE-2021-3517\nhttps://access.redhat.com/security/cve/CVE-2021-3518\nhttps://access.redhat.com/security/cve/CVE-2021-3520\nhttps://access.redhat.com/security/cve/CVE-2021-3521\nhttps://access.redhat.com/security/cve/CVE-2021-3537\nhttps://access.redhat.com/security/cve/CVE-2021-3541\nhttps://access.redhat.com/security/cve/CVE-2021-3733\nhttps://access.redhat.com/security/cve/CVE-2021-3749\nhttps://access.redhat.com/security/cve/CVE-2021-20305\nhttps://access.redhat.com/security/cve/CVE-2021-21684\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/cve/CVE-2021-25215\nhttps://access.redhat.com/security/cve/CVE-2021-27218\nhttps://access.redhat.com/security/cve/CVE-2021-30666\nhttps://access.redhat.com/security/cve/CVE-2021-30761\nhttps://access.redhat.com/security/cve/CVE-2021-30762\nhttps://access.redhat.com/security/cve/CVE-2021-33928\nhttps://access.redhat.com/security/cve/CVE-2021-33929\nhttps://access.redhat.com/security/cve/CVE-2021-33930\nhttps://access.redhat.com/security/cve/CVE-2021-33938\nhttps://access.redhat.com/security/cve/CVE-2021-36222\nhttps://access.redhat.com/security/cve/CVE-2021-37750\nhttps://access.redhat.com/security/cve/CVE-2021-39226\nhttps://access.redhat.com/security/cve/CVE-2021-41190\nhttps://access.redhat.com/security/cve/CVE-2021-43813\nhttps://access.redhat.com/security/cve/CVE-2021-44716\nhttps://access.redhat.com/security/cve/CVE-2021-44717\nhttps://access.redhat.com/security/cve/CVE-2022-0532\nhttps://access.redhat.com/security/cve/CVE-2022-21673\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL\n0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne\neGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM\nCEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF\naDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC\nY/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp\nsQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO\nRDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN\nrs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry\nbSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z\n7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT\nb5PUYUBIZLc=\n=GUDA\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n\n5. ==========================================================================\nUbuntu Security Notice USN-5038-1\nAugust 12, 2021\n\npostgresql-10, postgresql-12, postgresql-13 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PostgreSQL. \n\nSoftware Description:\n- postgresql-13: Object-relational SQL database\n- postgresql-12: Object-relational SQL database\n- postgresql-10: Object-relational SQL database\n\nDetails:\n\nIt was discovered that the PostgresQL planner could create incorrect plans\nin certain circumstances. A remote attacker could use this issue to cause\nPostgreSQL to crash, resulting in a denial of service, or possibly obtain\nsensitive information from memory. (CVE-2021-3677)\n\nIt was discovered that PostgreSQL incorrectly handled certain SSL\nrenegotiation ClientHello messages from clients. A remote attacker could\npossibly use this issue to cause PostgreSQL to crash, resulting in a denial\nof service. (CVE-2021-3449)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n  postgresql-13                   13.4-0ubuntu0.21.04.1\n\nUbuntu 20.04 LTS:\n  postgresql-12                   12.8-0ubuntu0.20.04.1\n\nUbuntu 18.04 LTS:\n  postgresql-10                   10.18-0ubuntu0.18.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart PostgreSQL to\nmake all the necessary changes. \n\nSecurity Fix(es):\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to\npanic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names\n(CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if\nfirst one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error\nif passed inputs with very large exponents (CVE-2021-33198)\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a\ncustom TokenReader (CVE-2021-27918)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a\nvery large header (CVE-2021-31525)\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (CVE-2021-33196)\n\nIt was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196\nhave been incorrectly mentioned as fixed in RHSA for Serverless client kn\n1.16.0. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1983651 - Release of OpenShift Serverless Serving 1.17.0\n1983654 - Release of OpenShift Serverless Eventing 1.17.0\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196\n\n5. OpenSSL Security Advisory [25 March 2021]\n=========================================\n\nCA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n========================================================================\n\nSeverity: High\n\nThe X509_V_FLAG_X509_STRICT flag enables additional security checks of the\ncertificates present in a certificate chain. It is not set by default. \n\nStarting from OpenSSL version 1.1.1h a check to disallow certificates in\nthe chain that have explicitly encoded elliptic curve parameters was added\nas an additional strict check. \n\nAn error in the implementation of this check meant that the result of a\nprevious check to confirm that certificates in the chain are valid CA\ncertificates was overwritten. This effectively bypasses the check\nthat non-CA certificates must not be able to issue other certificates. \n\nIf a \"purpose\" has been configured then there is a subsequent opportunity\nfor checks that the certificate is a valid CA.  All of the named \"purpose\"\nvalues implemented in libcrypto perform this check.  Therefore, where\na purpose is set the certificate chain will still be rejected even when the\nstrict flag has been used. A purpose is set by default in libssl client and\nserver certificate verification routines, but it can be overridden or\nremoved by an application. \n\nIn order to be affected, an application must explicitly set the\nX509_V_FLAG_X509_STRICT verification flag and either not set a purpose\nfor the certificate verification or, in the case of TLS client or server\napplications, override the default purpose. \n\nThis issue was reported to OpenSSL on 18th March 2021 by Benjamin Kaduk\nfrom Akamai and was discovered by Xiang Ding and others at Akamai. The fix was\ndeveloped by Tom\u00e1\u0161 Mr\u00e1z. \n\nThis issue was reported to OpenSSL on 17th March 2021 by Nokia. The fix was\ndeveloped by Peter K\u00e4stle and Samuel Sapalski from Nokia. \n\nNote\n====\n\nOpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended\nsupport is available for premium support customers:\nhttps://www.openssl.org/support/contracts.html\n\nOpenSSL 1.1.0 is out of support and no longer receiving updates of any kind. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20210325.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-3449"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001383"
      },
      {
        "db": "VULHUB",
        "id": "VHN-388130"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-3449"
      },
      {
        "db": "PACKETSTORM",
        "id": "163209"
      },
      {
        "db": "PACKETSTORM",
        "id": "163257"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "162183"
      },
      {
        "db": "PACKETSTORM",
        "id": "166279"
      },
      {
        "db": "PACKETSTORM",
        "id": "162197"
      },
      {
        "db": "PACKETSTORM",
        "id": "163815"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      },
      {
        "db": "PACKETSTORM",
        "id": "169659"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-3449",
        "trust": 2.9
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-06",
        "trust": 1.2
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-09",
        "trust": 1.2
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-05",
        "trust": 1.2
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-10",
        "trust": 1.2
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/03/28/3",
        "trust": 1.2
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/03/27/2",
        "trust": 1.2
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/03/28/4",
        "trust": 1.2
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/03/27/1",
        "trust": 1.2
      },
      {
        "db": "SIEMENS",
        "id": "SSA-772220",
        "trust": 1.2
      },
      {
        "db": "SIEMENS",
        "id": "SSA-389290",
        "trust": 1.2
      },
      {
        "db": "PULSESECURE",
        "id": "SA44845",
        "trust": 1.2
      },
      {
        "db": "MCAFEE",
        "id": "SB10356",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU92126369",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001383",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "162197",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "163257",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162183",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162114",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162076",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162350",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162041",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162013",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162383",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162699",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162337",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162151",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162189",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162196",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162172",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161984",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162201",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162307",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162200",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-99170",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-388130",
        "trust": 0.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-104-05",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-3449",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163209",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163747",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166279",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163815",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164192",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169659",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-388130"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-3449"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001383"
      },
      {
        "db": "PACKETSTORM",
        "id": "163209"
      },
      {
        "db": "PACKETSTORM",
        "id": "163257"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "162183"
      },
      {
        "db": "PACKETSTORM",
        "id": "166279"
      },
      {
        "db": "PACKETSTORM",
        "id": "162197"
      },
      {
        "db": "PACKETSTORM",
        "id": "163815"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      },
      {
        "db": "PACKETSTORM",
        "id": "169659"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3449"
      }
    ]
  },
  "id": "VAR-202103-1464",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-388130"
      }
    ],
    "trust": 0.6431162642424243
  },
  "last_update_date": "2024-07-23T21:43:25.615000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "hitachi-sec-2021-119 Software product security information",
        "trust": 0.8,
        "url": "https://www.debian.org/security/2021/dsa-4875"
      },
      {
        "title": "Debian Security Advisories: DSA-4875-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b5207bd1e788bc6e8d94f410cf4801bc"
      },
      {
        "title": "Red Hat: CVE-2021-3449",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-3449"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2021-1622",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1622"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-3449 log"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-openssl-2021-ghy28djd"
      },
      {
        "title": "Hitachi Security Advisories: Vulnerability in JP1/Base and JP1/ File Transmission Server/FTP",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-130"
      },
      {
        "title": "Tenable Security Advisories: [R1] Tenable.sc 5.18.0 Fixes One Third-party Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-06"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus 8.13.2 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-05"
      },
      {
        "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-117"
      },
      {
        "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-119"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-09"
      },
      {
        "title": "Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-10"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220056 - security advisory"
      },
      {
        "title": "CVE-2021-3449 OpenSSL \u003c1.1.1k DoS exploit",
        "trust": 0.1,
        "url": "https://github.com/terorie/cve-2021-3449 "
      },
      {
        "title": "CVE-2021-3449 OpenSSL \u003c1.1.1k DoS exploit",
        "trust": 0.1,
        "url": "https://github.com/gitchangye/cve "
      },
      {
        "title": "NSAPool-PenTest",
        "trust": 0.1,
        "url": "https://github.com/alicemongodin/nsapool-pentest "
      },
      {
        "title": "Analysis of attack vectors for embedded Linux",
        "trust": 0.1,
        "url": "https://github.com/fefi7/attacking_embedded_linux "
      },
      {
        "title": "openssl-cve",
        "trust": 0.1,
        "url": "https://github.com/yonhan3/openssl-cve "
      },
      {
        "title": "CVE-Check",
        "trust": 0.1,
        "url": "https://github.com/falk-werner/cve-check "
      },
      {
        "title": "SEEKER_dataset",
        "trust": 0.1,
        "url": "https://github.com/sf4bin/seeker_dataset "
      },
      {
        "title": "Year of the Jellyfish (YotJF)",
        "trust": 0.1,
        "url": "https://github.com/rnbochsr/yr_of_the_jellyfish "
      },
      {
        "title": "https://github.com/tianocore-docs/ThirdPartySecurityAdvisories",
        "trust": 0.1,
        "url": "https://github.com/tianocore-docs/thirdpartysecurityadvisories "
      },
      {
        "title": "TASSL-1.1.1k",
        "trust": 0.1,
        "url": "https://github.com/jntass/tassl-1.1.1k "
      },
      {
        "title": "Trivy by Aqua security\nRefer this official repository for explore  Trivy Action",
        "trust": 0.1,
        "url": "https://github.com/scholarnishu/trivy-by-aquasecurity "
      },
      {
        "title": "Trivy by Aqua security\nRefer this official repository for explore  Trivy Action",
        "trust": 0.1,
        "url": "https://github.com/thecyberbaby/trivy-by-aquasecurity "
      },
      {
        "title": "\ud83d\udc31 Catlin Vulnerability Scanner \ud83d\udc31",
        "trust": 0.1,
        "url": "https://github.com/vinamra28/tekton-image-scan-trivy "
      },
      {
        "title": "DEVOPS + ACR + TRIVY",
        "trust": 0.1,
        "url": "https://github.com/arindam0310018/04-apr-2022-devops__scan-images-in-acr-using-trivy "
      },
      {
        "title": "Trivy Demo",
        "trust": 0.1,
        "url": "https://github.com/fredrkl/trivy-demo "
      },
      {
        "title": "GitHub Actions CI App Pipeline",
        "trust": 0.1,
        "url": "https://github.com/isgo-golgo13/gokit-gorillakit-enginesvc "
      },
      {
        "title": "Awesome Stars",
        "trust": 0.1,
        "url": "https://github.com/taielab/awesome-hacking-lists "
      },
      {
        "title": "podcast-dl-gael",
        "trust": 0.1,
        "url": "https://github.com/githubforsnap/podcast-dl-gael "
      },
      {
        "title": "sec-tools",
        "trust": 0.1,
        "url": "https://github.com/matengfei000/sec-tools "
      },
      {
        "title": "sec-tools",
        "trust": 0.1,
        "url": "https://github.com/anquanscan/sec-tools "
      },
      {
        "title": "\u66f4\u65b0\u4e8e 2023-11-27 08:36:01\n\u5b89\u5168\n\u5f00\u53d1\n\u672a\u5206\u7c7b\n\u6742\u4e03\u6742\u516b",
        "trust": 0.1,
        "url": "https://github.com/20142995/sectool "
      },
      {
        "title": "Vulnerability",
        "trust": 0.1,
        "url": "https://github.com/tzwlhack/vulnerability "
      },
      {
        "title": "OpenSSL-CVE-lib",
        "trust": 0.1,
        "url": "https://github.com/chnzzh/openssl-cve-lib "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/soosmile/poc "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/manas3c/cve-poc "
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2021/03/25/openssl_bug_fix/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-3449"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001383"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.1
      },
      {
        "problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-388130"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001383"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3449"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.3,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd"
      },
      {
        "trust": 1.3,
        "url": "https://www.openssl.org/news/secadv/20210325.txt"
      },
      {
        "trust": 1.3,
        "url": "https://www.debian.org/security/2021/dsa-4875"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
      },
      {
        "trust": 1.2,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
      },
      {
        "trust": 1.2,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
      },
      {
        "trust": 1.2,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845"
      },
      {
        "trust": 1.2,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013"
      },
      {
        "trust": 1.2,
        "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
      },
      {
        "trust": 1.2,
        "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
      },
      {
        "trust": 1.2,
        "url": "https://www.tenable.com/security/tns-2021-05"
      },
      {
        "trust": 1.2,
        "url": "https://www.tenable.com/security/tns-2021-06"
      },
      {
        "trust": 1.2,
        "url": "https://www.tenable.com/security/tns-2021-09"
      },
      {
        "trust": 1.2,
        "url": "https://www.tenable.com/security/tns-2021-10"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/202103-03"
      },
      {
        "trust": 1.2,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.2,
        "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
      },
      {
        "trust": 1.2,
        "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
      },
      {
        "trust": 1.2,
        "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
      },
      {
        "trust": 1.2,
        "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=fb9fa6b51defd48157eeb207f52181f735d96148"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
      },
      {
        "trust": 1.0,
        "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu92126369/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-3449"
      },
      {
        "trust": 0.7,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-3450"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-15358"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-20305"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-13434"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-29362"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2017-14502"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2019-9169"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-29361"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-3326"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2019-25013"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-8927"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-29363"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2016-10228"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-27618"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-8286"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-28196"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-8231"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-8285"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-2708"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-8284"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3520"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3537"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3518"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3516"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3517"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3541"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-3842"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-13776"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-24977"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-27219"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20454"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-13050"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-20843"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-1000858"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-14889"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1730"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-13627"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-20271"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-19906"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-15903"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-27218"
      },
      {
        "trust": 0.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/476.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/terorie/cve-2021-3449"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-05"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2479"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23240"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3139"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9951"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23239"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36242"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9948"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13012"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25659"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26116"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13584"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26137"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36242"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13584"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27783"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25659"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27783"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9983"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3528"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25678"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23336"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25678"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25736"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2130"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/windows_containers/window"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25736"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28469"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28500"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29418"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33034"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28092"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33909"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29482"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23337"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-32399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27358"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23369"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21321"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23368"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11668"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23364"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23343"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21309"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33502"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23841"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28918"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28851"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3560"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33033"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25217"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3016"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3377"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21272"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29477"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27292"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23346"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29478"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11668"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33623"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21322"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23382"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33910"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9925"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9802"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33938"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8783"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9895"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8625"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44716"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8812"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8812"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3899"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8819"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43813"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8720"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9893"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33930"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8782"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8808"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3902"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24407"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25215"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3900"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30761"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33928"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9805"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8820"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9807"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8769"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-37750"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8813"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9850"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27781"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8811"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0055"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22947"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9803"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9862"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3577"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3749"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3885"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15503"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-41190"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10018"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25660"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8764"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3733"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8844"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3864"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21684"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3862"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0056"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8811"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3901"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39226"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8823"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8808"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3895"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11793"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0532"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9894"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8816"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9843"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3897"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9806"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8814"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8743"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33929"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3121"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9915"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36222"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8815"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8813"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8783"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20807"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9952"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22946"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21673"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3868"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8846"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3894"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25677"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30666"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8782"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3521"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1200"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5038-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3677"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/postgresql-10/10.18-0ubuntu0.18.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/postgresql-12/12.8-0ubuntu0.20.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/postgresql-13/13.4-0ubuntu0.21.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33196"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33196"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33198"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-31525"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-34558"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3556"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33197"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3421"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3703"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/support/contracts.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-388130"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-3449"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001383"
      },
      {
        "db": "PACKETSTORM",
        "id": "163209"
      },
      {
        "db": "PACKETSTORM",
        "id": "163257"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "162183"
      },
      {
        "db": "PACKETSTORM",
        "id": "166279"
      },
      {
        "db": "PACKETSTORM",
        "id": "162197"
      },
      {
        "db": "PACKETSTORM",
        "id": "163815"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      },
      {
        "db": "PACKETSTORM",
        "id": "169659"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3449"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-388130"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-3449"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001383"
      },
      {
        "db": "PACKETSTORM",
        "id": "163209"
      },
      {
        "db": "PACKETSTORM",
        "id": "163257"
      },
      {
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "db": "PACKETSTORM",
        "id": "162183"
      },
      {
        "db": "PACKETSTORM",
        "id": "166279"
      },
      {
        "db": "PACKETSTORM",
        "id": "162197"
      },
      {
        "db": "PACKETSTORM",
        "id": "163815"
      },
      {
        "db": "PACKETSTORM",
        "id": "164192"
      },
      {
        "db": "PACKETSTORM",
        "id": "169659"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-3449"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-03-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-388130"
      },
      {
        "date": "2021-03-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-3449"
      },
      {
        "date": "2021-05-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001383"
      },
      {
        "date": "2021-06-17T18:34:10",
        "db": "PACKETSTORM",
        "id": "163209"
      },
      {
        "date": "2021-06-23T15:44:15",
        "db": "PACKETSTORM",
        "id": "163257"
      },
      {
        "date": "2021-08-06T14:02:37",
        "db": "PACKETSTORM",
        "id": "163747"
      },
      {
        "date": "2021-04-14T16:40:32",
        "db": "PACKETSTORM",
        "id": "162183"
      },
      {
        "date": "2022-03-11T16:38:38",
        "db": "PACKETSTORM",
        "id": "166279"
      },
      {
        "date": "2021-04-15T13:50:04",
        "db": "PACKETSTORM",
        "id": "162197"
      },
      {
        "date": "2021-08-13T14:20:11",
        "db": "PACKETSTORM",
        "id": "163815"
      },
      {
        "date": "2021-09-17T16:04:56",
        "db": "PACKETSTORM",
        "id": "164192"
      },
      {
        "date": "2021-03-25T12:12:12",
        "db": "PACKETSTORM",
        "id": "169659"
      },
      {
        "date": "2021-03-25T15:15:13.450000",
        "db": "NVD",
        "id": "CVE-2021-3449"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-388130"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-3449"
      },
      {
        "date": "2021-09-13T07:43:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001383"
      },
      {
        "date": "2024-06-21T19:15:19.710000",
        "db": "NVD",
        "id": "CVE-2021-3449"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163815"
      }
    ],
    "trust": 0.1
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001383"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163209"
      }
    ],
    "trust": 0.1
  }
}

var-201503-0052
Vulnerability from variot

Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. OpenSSL is prone to remote memory-corruption vulnerability. Note: This issue was previously discussed in BID 73196 (OpenSSL Multiple Unspecified Security Vulnerabilities) but has been given its own record to better document it. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will result in denial-of-service conditions. This update reverts the defective patch applied in that update causing these problems. Additionally a follow-up fix for CVE-2015-0209 is applied.

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues:

CVE-2015-0286

Stephen Henson discovered that the ASN1_TYPE_cmp() function
can be crashed, resulting in denial of service.

CVE-2015-0287

Emilia Kaesper discovered a memory corruption in ASN.1 parsing.

CVE-2015-0292

It was discovered that missing input sanitising in base64 decoding
might result in memory corruption.

CVE-2015-0209

It was discovered that a malformed EC private key might result in
memory corruption.

CVE-2015-0288

It was discovered that missing input sanitising in the
X509_to_X509_REQ() function might result in denial of service.

For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u16. Please review the CVE identifiers and the upstream advisory referenced below for details:

  • RSA silently downgrades to EXPORT_RSA [Client] (Reclassified) (CVE-2015-0204)
  • Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
  • ASN.1 structure reuse memory corruption (CVE-2015-0287)
  • X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
  • PKCS7 NULL pointer dereferences (CVE-2015-0289)
  • Base64 decode (CVE-2015-0292)
  • DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
  • Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)

The following issues affect OpenSSL 1.0.2 only which is not part of the supported Gentoo stable tree:

  • OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
  • Multiblock corrupted pointer (CVE-2015-0290)
  • Segmentation fault in DTLSv1_listen (CVE-2015-0207)
  • Segmentation fault for invalid PSS parameters (CVE-2015-0208)
  • Empty CKE with client auth and DHE (CVE-2015-1787)
  • Handshake with unseeded PRNG (CVE-2015-0285)

Impact

A remote attacker can utilize multiple vectors to cause Denial of Service or Information Disclosure. Tools such as revdep-rebuild may assist in identifying some of these packages.

References

[ 1 ] CVE-2015-0204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0204 [ 2 ] CVE-2015-0207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0207 [ 3 ] CVE-2015-0208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0208 [ 4 ] CVE-2015-0209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0209 [ 5 ] CVE-2015-0285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0285 [ 6 ] CVE-2015-0287 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0287 [ 7 ] CVE-2015-0288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0288 [ 8 ] CVE-2015-0289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0289 [ 9 ] CVE-2015-0290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0290 [ 10 ] CVE-2015-0291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0291 [ 11 ] CVE-2015-0292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0292 [ 12 ] CVE-2015-0293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0293 [ 13 ] CVE-2015-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1787 [ 14 ] OpenSSL Security Advisory [19 Mar 2015] http://openssl.org/news/secadv_20150319.txt

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201503-11

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. OpenSSL Security Advisory [19 Mar 2015] =======================================

OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)

Severity: High

If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server.

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a.

This issue was was reported to OpenSSL on 26th February 2015 by David Ramos of Stanford University. The fix was developed by Stephen Henson and Matt Caswell of the OpenSSL development team.

Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)

Severity: High

This security issue was previously announced by the OpenSSL project and classified as "low" severity. This severity rating has now been changed to "high".

This was classified low because it was originally thought that server RSA export ciphersuite support was rare: a client was only vulnerable to a MITM attack against a server which supports an RSA export ciphersuite. Recent studies have shown that RSA export ciphersuites support is far more common.

This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. It was previously announced in the OpenSSL security advisory on 8th January 2015.

Multiblock corrupted pointer (CVE-2015-0290)

Severity: Moderate

OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking IO. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used then it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack.

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a.

This issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and Rainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development team.

Segmentation fault in DTLSv1_listen (CVE-2015-0207)

Severity: Moderate

The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invocation to the next that can lead to a segmentation fault. Errors processing the initial ClientHello can trigger this scenario. An example of such an error could be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only server.

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2a.

This issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The fix was developed by Matt Caswell of the OpenSSL development team.

Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)

Severity: Moderate

The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered and fixed by Stephen Henson of the OpenSSL development team.

Segmentation fault for invalid PSS parameters (CVE-2015-0208)

Severity: Moderate

The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and invalid parameters. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a

This issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.

ASN.1 structure reuse memory corruption (CVE-2015-0287)

Severity: Moderate

Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare.

Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered by Emilia Käsper and a fix developed by Stephen Henson of the OpenSSL development team.

PKCS7 NULL pointer dereferences (CVE-2015-0289)

Severity: Moderate

The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.

Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was reported to OpenSSL on February 16th 2015 by Michal Zalewski (Google) and a fix developed by Emilia Käsper of the OpenSSL development team.

Base64 decode (CVE-2015-0292)

Severity: Moderate

A vulnerability existed in previous versions of OpenSSL related to the processing of base64 encoded data. Any code path that reads base64 data from an untrusted source could be affected (such as the PEM processing routines). Maliciously crafted base 64 data could trigger a segmenation fault or memory corruption. This was addressed in previous versions of OpenSSL but has not been included in any security advisory until now.

This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 users should upgrade to 1.0.1h. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 0.9.8 users should upgrade to 0.9.8za.

The fix for this issue can be identified by commits d0666f289a (1.0.1), 84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by Robert Dugal and subsequently by David Ramos.

DoS via reachable assert in SSLv2 servers (CVE-2015-0293)

Severity: Moderate

A malicious client can trigger an OPENSSL_assert (i.e., an abort) in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered by Sean Burford (Google) and Emilia Käsper (OpenSSL development team) in March 2015 and the fix was developed by Emilia Käsper.

Empty CKE with client auth and DHE (CVE-2015-1787)

Severity: Moderate

If client auth is used then a server can seg fault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack.

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a.

This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.

Handshake with unseeded PRNG (CVE-2015-0285)

Severity: Low

Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with an unseeded PRNG. The conditions are: - The client is on a platform where the PRNG has not been seeded automatically, and the user has not seeded manually - A protocol specific client method version has been used (i.e. not SSL_client_methodv23) - A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).

If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable.

For example using the following command with an unseeded openssl will succeed on an unpatched platform:

openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a.

This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.

Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)

Severity: Low

A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered by the BoringSSL project and fixed in their commit 517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL development team.

X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)

Severity: Low

The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150319.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

.

Release Date: 2015-08-24 Last Updated: 2015-08-24

Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.

References:

CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:

HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment

HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:

http://www.hp.com/go/insightupdates

Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.

HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.

HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location

HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744

HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=

HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169

HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115

HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021

HISTORY Version:1 (rev.1) - 24 August 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

References:

CVE-2014-0118 - Remote Denial of Service (DoS) CVE-2014-0226 - Remote Denial of Service (DoS) CVE-2014-0231 - Remote Denial of Service (DoS) CVE-2014-3523 - Remote Denial of Service (DoS) CVE-2014-3569 - Remote Denial of Service (DoS) CVE-2014-3570 - Remote Disclosure of Information CVE-2014-3571 - Remote Denial of Service (DoS) CVE-2014-3572 - Remote Disclosure of Information CVE-2014-8142 - Remote Code Execution CVE-2014-8275 - Unauthorized Modification CVE-2014-9427 - Remote Disclosure of Information CVE-2014-9652 - Remote Denial of Service (DoS) CVE-2014-9653 - Remote Denial of Service (DoS) CVE-2014-9705 - Remote Code Execution CVE-2015-0204 - Remote Disclosure of Information CVE-2015-0205 - Remote Unauthorized Access CVE-2015-0206 - Remote Denial of Service (DoS) CVE-2015-0207 - Remote Denial of Service (DoS) CVE-2015-0208 - Remote Denial of Service (DoS) CVE-2015-0209 - Remote Denial of Service (DoS) CVE-2015-0231 - Remote Denial of Service (DoS) CVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-0273 - Remote Execution of Arbitrary Code CVE-2015-0285 - Remote Disclosure of Information CVE-2015-0286 - Remote Denial of Service (DoS) CVE-2015-0287 - Remote Denial of Service (DoS) CVE-2015-0288 - Remote Denial of Service (DoS) CVE-2015-0289 - Remote Denial of Service (DoS) CVE-2015-0290 - Remote Denial of Service (DoS) CVE-2015-0291 - Remote Denial of Service (DoS) CVE-2015-0292 - Remote Denial of Service (DoS) CVE-2015-0293 - Remote Denial of Service (DoS) CVE-2015-1787 - Remote Denial of Service (DoS) CVE-2015-2301 - Remote Execution of Arbitrary Code CVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-2348 - Unauthorized Modification CVE-2015-2787 - Remote Execution of Arbitrary Code CVE-2015-2134 - Cross-site Request Forgery (CSRF) SSRT102109

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-15:06.openssl Security Advisory The FreeBSD Project

Topic: Multiple OpenSSL vulnerabilities

Category: contrib Module: openssl Announced: 2015-03-19 Affects: All supported versions of FreeBSD. Corrected: 2015-03-19 17:40:43 UTC (stable/10, 10.1-STABLE) 2015-03-19 17:42:38 UTC (releng/10.1, 10.1-RELEASE-p7) 2015-03-19 17:40:43 UTC (stable/9, 9.3-STABLE) 2015-03-19 17:42:38 UTC (releng/9.3, 9.3-RELEASE-p11) 2015-03-19 17:40:43 UTC (stable/8, 8.4-STABLE) 2015-03-19 17:42:38 UTC (releng/8.4, 8.4-RELEASE-p25) CVE Name: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

Abstract Syntax Notation One (ASN.1) is a standard and notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking, which enables representation of objects that are independent of machine-specific encoding technique.

II. [CVE-2015-0293]

III. [CVE-2015-0209]

A remote attacker who is able to send specifically crafted certificates may be able to crash an OpenSSL client or server. [CVE-2015-0287]

An attacker may be able to crash applications that create a new certificate request with subject name the same as in an existing, specifically crafted certificate.

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 8.4 and FreeBSD 9.3]

fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch

fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch.asc

gpg --verify openssl-0.9.8.patch.asc

[FreeBSD 10.1]

fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch

fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch.asc

gpg --verify openssl-1.0.1.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r280266 releng/8.4/ r280268 stable/9/ r280266 releng/9.3/ r280268 stable/10/ r280266 releng/10.1/ r280268

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.2 (FreeBSD)

iQIcBAEBCgAGBQJVCwr1AAoJEO1n7NZdz2rnayEP/0w3Pba5k/1G0mJ1T9APNAns hhXm0YuR/rNJ1XBooWEOctrijlsVChcIt8KvJCU9apOZWjDvm/nvaQ077GCi5RSp jhQBs8MLVfXzwMbJ0/uBpp6ChF8uafk5O+gr8ulb2jG6VIaLkGOWPYv61aRYSGxy R7+6FxD8M0lLbGOQGETy1HxKzeWztA2p0ILORNAsi+bF8GSJpxGhSxqDDi4+ic/C 3oEw0zT/E6DhxJovOPebKq0eGcRbv7ETqDmtNQdqbOddV+0FY1E+nHtrAo6B/Kln rL+meBJHmLeEREROFk4OvCynuROUJGmXJGKwjN3uOVM05qcEZS4NkVhFNrxt6S5H t3wQ02SesbA3pbmce5OuXmlJgdL57DVlMb5sQjkqPeoJ6pn6Rz7VLSgLNfXDUSxs x/Lgx0+qLQUubMud7zT97UIvZmDqFTWXfJu5S/0Qt8BPFunmoNJttJ5Cr+brzEtu 5RLjcvkC1giVCpSXS96QbeT67uqSkMZa8gtII8bA77HBGA0Ky8AOwTAXbCiUovuH sLwsI8KUC3lsKUh7eyLsSm2+wRHn0e6dZ1PE0JRazCnCRboTvMWK2d4R7ANdrwsq CgtCWLRz6vbB9J4XTNupcEoZGhIA4RuOBqx43eQmaRw1HoV3vn85QP94oL5jzXBd UQg3YfrXHDlxCsqEzN7o =wi0T -----END PGP SIGNATURE----- .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 9ba57b2971962ceb6205ec7b7e6b84e7 openssl-0.9.8zf-i486-1_slack13.0.txz 706ef57bb71992961584a3d957c5dbcb openssl-solibs-0.9.8zf-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: 5f581b663798eacc8e7df4c292f33dbf openssl-0.9.8zf-x86_64-1_slack13.0.txz fe5f33f4d2db08b4f8d724e62bf6e514 openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 1ef0ba15454da786993361c927084438 openssl-0.9.8zf-i486-1_slack13.1.txz 2b3e20bcaa77f39512b6edcbc41b5471 openssl-solibs-0.9.8zf-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: f8fae10a1936cf900d362b65d9b2c8df openssl-0.9.8zf-x86_64-1_slack13.1.txz 0093e35c46382eeef03a51421895ed65 openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 7d4dd0f76252c98622a5f5939f6f0674 openssl-0.9.8zf-i486-1_slack13.37.txz e5cde01c0773ac78d33964e4107878df openssl-solibs-0.9.8zf-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 379424e15bd378e00a5ba0c709432429 openssl-0.9.8zf-x86_64-1_slack13.37.txz 54832ad7e5440ce1c496be47fec9140d openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz

Slackware 14.0 packages: 8abafa33d2bf90b6cd8be849c0d9a643 openssl-1.0.1m-i486-1_slack14.0.txz bac56213a540586d801d7b57608396de openssl-solibs-1.0.1m-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: b4c6c971e74b678c68671feed18fa7dc openssl-1.0.1m-x86_64-1_slack14.0.txz acac871e22b5de998544c2f6431c0139 openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz

Slackware 14.1 packages: c1f47f1f1ba5a13d6ac2ef2ae48bfb4c openssl-1.0.1m-i486-1_slack14.1.txz b7b1761ae1585f406d303273812043d3 openssl-solibs-1.0.1m-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 1c6e11e2e3454836d5a3e9243f7c7738 openssl-1.0.1m-x86_64-1_slack14.1.txz 25b7a704816a2123463ddbfabbc1b86d openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz

Slackware -current packages: 0926b2429e1326c8ab9bcbbda056dc66 a/openssl-solibs-1.0.1m-i486-1.txz b6252d0f141eba7b0a8e8c5bbdc314f0 n/openssl-1.0.1m-i486-1.txz

Slackware x86_64 -current packages: 99b903f556c7a2d5ec283f04c2f5a650 a/openssl-solibs-1.0.1m-x86_64-1.txz 9ecb47e0b70bd7f8064c96fb2211c4b7 n/openssl-1.0.1m-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0052",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8ze"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8 thats all  0.9.8zf"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0 thats all  1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1 thats all  1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2 thats all  1.0.2a"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.3"
      },
      {
        "model": "enterprise manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.1.4"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.2.0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.2.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.3.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle business intelligence enterprise edition 11.1.1.7"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle business intelligence enterprise edition 11.1.1.9"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.3.0.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.4.0.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.5.1.1"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.6.1.0.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle exalogic infrastructure 2.0.6.2"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.1"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.1 sp1"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.1 sp2"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "3.0"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "agent 8.0"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "agent 8.0 2007 update release 2"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 10.0"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r1"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r2"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r3"
      },
      {
        "model": "csview",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/web questionnaire"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver8.0"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver2.0 to  8.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sigmablade em card (n8405-019/019a/043) firmware  rev.14.02 before"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "hs series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7400/nv5400/nv3400 series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7500/nv5500/nv3500 series"
      },
      {
        "model": "ix2000 series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver.8.7.22 all subsequent"
      },
      {
        "model": "ix3000 series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver.8.7.22 all subsequent"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "systemdirector enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "for java ( all models ) v5.1 to  v7.2"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c cmm"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c ucm v8.5.4 before"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v4.2 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v4.2 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard-j edition v4.1 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "uddi registry v1.1 to  v7.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v4.1 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v7.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v7.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard-j edition v7.1 to  v8.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v7.1 to  v8.1"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.4 to  v9.2"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v7.1 to  v8.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator agent ver3.3 to  ver4.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator manager ver3.2.2 to  ver4.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator probe option ver3.1.0.x to  ver4.1.0.x"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "jobcenter r14.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "big-ip apm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "hp-ux b.11.23 (11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v2)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.32"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "bladecenter advanced management module 25r5778",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "algo one ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1948"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "icewall mcrp sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "pureapplication system interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.1"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "i operating system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "algo one core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip gtm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip pem hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.41"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip webaccelerator hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "big-ip gtm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "big-ip link controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "insight orchestration",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.5"
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "cms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "17.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "vios fp-25 sp-02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.4"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.6.1.0.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "sterling integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip analytics hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.842"
      },
      {
        "model": "big-ip edge gateway 11.1.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip asm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2-77"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip aam hf9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip edge gateway hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "linerate",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.4.2"
      },
      {
        "model": "big-iq adc hf3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.0"
      },
      {
        "model": "big-ip pem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "5.0"
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system storage san48b-5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "big-ip aam",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11150-11"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "2.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10.1.31.00"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.96"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.0.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.23"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip webaccelerator hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6.156"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.3"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "infosphere guardium database activity monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "sametime unified telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12"
      },
      {
        "model": "flex system en4023 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch 7.2.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "cognos controller if4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.10"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.21"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "algo one pcre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "aspera ondemand",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5"
      },
      {
        "model": "big-ip analytics hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.0.3"
      },
      {
        "model": "big-ip afm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip edge gateway hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.5.3"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "big-ip link controller hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip edge gateway 10.2.3-hf1",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "model": "aspera connect server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.4"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.02007"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "infinity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "9.0"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "tssc/imc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "totalstorage san256b director model m48",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "big-ip afm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.102"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "model": "big-ip pem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8.0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15-210"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "security proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "big-ip pem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aspera connect server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "big-ip ltm hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli netcool system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "big-ip pem hf9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12.201"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.95"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "big-ip gtm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "1.0"
      },
      {
        "model": "cognos controller fp3 if2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.8.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "algo one aggregation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.9"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "hp-ux b.11.11 (11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v1)"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "big-ip edge gateway 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "system storage san384b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "system storage san80b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.07"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.96"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "big-ip edge gateway hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11150-11"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "algo one ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.9"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2.127"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.10"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "algo one core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.9"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-109"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.07"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "aspera orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "automation stratix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "590015.6.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "big-ip psm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip gtm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-iq device hf3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9"
      },
      {
        "model": "algo one mag",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.11"
      },
      {
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aspera proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.2"
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1-73"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "aspera connect server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "cognos insight",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2.4"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "big-ip psm hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.4"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "flex system fc5022 16gb san scalable switch 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.41"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.21"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0-14"
      },
      {
        "model": "big-ip gtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "automation stratix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "59000"
      },
      {
        "model": "big-ip link controller hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "sametime community server hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip edge gateway hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.04"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "big-ip gtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "algo one core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5"
      },
      {
        "model": "sametime community server limited use",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.02"
      },
      {
        "model": "system storage san04b-r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "hp-ux b.11.31 (11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v3)"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip ltm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip link controller hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.20"
      },
      {
        "model": "big-ip edge gateway hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip analytics hf9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.40"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "ctpos 7.0r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.32"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15210"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.9.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "alienvault",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "flex system en4023 10gb scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "big-ip gtm hf9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "big-ip analytics 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.740"
      },
      {
        "model": "icewall sso dfw r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip afm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "big-ip aam",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "4.0"
      },
      {
        "model": "system management homepage 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.411"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.3.0"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.0"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "system storage san42b-r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.9.2"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "big-ip edge gateway hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip apm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "algo one pcre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.9"
      },
      {
        "model": "ringmaster appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "big-iq security hf3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.21"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-108"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "cognos controller fp1 if1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.0.0"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vgw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "big-ip apm hf9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "6.0"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.41"
      },
      {
        "model": "infosphere guardium for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "big-ip link controller hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.33"
      },
      {
        "model": "src series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "openssh for gpfs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.0"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.3.0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "3.0"
      },
      {
        "model": "big-ip edge gateway 11.1.0-hf3",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.26"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2.106"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "big-ip pem hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "systems insight manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.1.0"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.1"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.03"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip link controller hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "big-ip link controller hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.5.1.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14.20"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.760"
      },
      {
        "model": "aspera drive",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.1"
      },
      {
        "model": "algo one core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "system storage san768b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip gtm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.50"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "system networking san24b-5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.0.0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.14"
      },
      {
        "model": "i operating systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.9.0"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "tivoli netcool system service monitor fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "algo one mag",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.8"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "tssc/imc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "big-ip aam",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "big-ip asm hf9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1.730"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "linerate",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.4"
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-iq adc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "bladecenter t advanced management module 32r0835",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.801"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.5"
      },
      {
        "model": "big-ip gtm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "system storage san768b-2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system storage san06b-r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.80"
      },
      {
        "model": "big-ip link controller hf9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "encryption switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "big-ip aam hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip link controller 11.1.0-hf3",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.0.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "big-ip link controller hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "aspera proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.3"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.03"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.143"
      },
      {
        "model": "cognos controller fp1 if1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.1.0"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip aam",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip afm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.4"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "big-ip edge gateway 11.0.0-hf1",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip afm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1.104"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip pem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "nsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "icewall mcrp sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10.1.35.00"
      },
      {
        "model": "infosphere guardium database activity monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3"
      },
      {
        "model": "big-ip psm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "pulse secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "system storage san24b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.7"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "systems insight manager sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1.73"
      },
      {
        "model": "big-ip gtm hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "big-ip link controller 11.1.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "icewall sso agent option update rele",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.02007"
      },
      {
        "model": "system storage san40b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "system networking san96b-5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "big-ip webaccelerator hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.34"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1841"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.4"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.1"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "icewall sso dfw r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.179"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.40"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip ltm hf9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.2"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "system storage san384b-2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "big-ip asm hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.212"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip gtm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.01"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "big-ip wom hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "ctpos 6.6r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "sametime unified telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.0"
      },
      {
        "model": "big-ip analytics hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.841"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.13"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.103"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "big-ip wom hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "big-ip link controller hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "big-ip gtm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.0.121"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.1"
      },
      {
        "model": "big-ip aam",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.9"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.1.1"
      },
      {
        "model": "project openssl 0.9.8zf",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch 7.2.0d5",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip pem hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.1"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip edge gateway hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "systems insight manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "big-ip apm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.750"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "big-ip edge gateway hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "i operating system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "7.0"
      },
      {
        "model": "algo one core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.8"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ctpos 6.6r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos controller fp1 if2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "icewall sso dfw r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "73239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8ze",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "BoringSSL project",
    "sources": [
      {
        "db": "BID",
        "id": "73239"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-0209",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-0209",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-0209",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-0209",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0209"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. OpenSSL is prone to remote memory-corruption vulnerability. \nNote: This issue was previously discussed in BID 73196 (OpenSSL Multiple Unspecified Security Vulnerabilities) but has been given its own record to better document it. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application  using the vulnerable library. Failed exploit attempts will result in denial-of-service conditions. This update\nreverts the defective patch applied in that update causing these\nproblems. Additionally a follow-up fix for CVE-2015-0209 is applied. \n\nMultiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following issues:\n\nCVE-2015-0286\n\n    Stephen Henson discovered that the ASN1_TYPE_cmp() function\n    can be crashed, resulting in denial of service. \n\nCVE-2015-0287\n\n    Emilia Kaesper discovered a memory corruption in ASN.1 parsing. \n\nCVE-2015-0292\n\n    It was discovered that missing input sanitising in base64 decoding\n    might result in memory corruption. \n\nCVE-2015-0209\n\n    It was discovered that a malformed EC private key might result in\n    memory corruption. \n\nCVE-2015-0288\n\n    It was discovered that missing input sanitising in the\n    X509_to_X509_REQ() function might result in denial of service. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u16. Please review the\nCVE identifiers and the upstream advisory referenced below for details:\n\n* RSA silently downgrades to EXPORT_RSA [Client] (Reclassified)\n  (CVE-2015-0204)\n* Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)\n* ASN.1 structure reuse memory corruption (CVE-2015-0287)\n* X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)\n* PKCS7 NULL pointer dereferences (CVE-2015-0289)\n* Base64 decode (CVE-2015-0292)\n* DoS via reachable assert in SSLv2 servers (CVE-2015-0293)\n* Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)\n\nThe following issues affect OpenSSL 1.0.2 only which is not part of the\nsupported Gentoo stable tree:\n\n* OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)\n* Multiblock corrupted pointer (CVE-2015-0290)\n* Segmentation fault in DTLSv1_listen (CVE-2015-0207)\n* Segmentation fault for invalid PSS parameters (CVE-2015-0208)\n* Empty CKE with client auth and DHE (CVE-2015-1787)\n* Handshake with unseeded PRNG (CVE-2015-0285)\n\nImpact\n======\n\nA remote attacker can utilize multiple vectors to cause Denial of\nService or Information Disclosure. \nTools such as revdep-rebuild may assist in identifying some of these\npackages. \n\nReferences\n==========\n\n[  1 ] CVE-2015-0204\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0204\n[  2 ] CVE-2015-0207\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0207\n[  3 ] CVE-2015-0208\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0208\n[  4 ] CVE-2015-0209\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0209\n[  5 ] CVE-2015-0285\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0285\n[  6 ] CVE-2015-0287\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0287\n[  7 ] CVE-2015-0288\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0288\n[  8 ] CVE-2015-0289\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0289\n[  9 ] CVE-2015-0290\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0290\n[ 10 ] CVE-2015-0291\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0291\n[ 11 ] CVE-2015-0292\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0292\n[ 12 ] CVE-2015-0293\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0293\n[ 13 ] CVE-2015-1787\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1787\n[ 14 ] OpenSSL Security Advisory [19 Mar 2015]\n       http://openssl.org/news/secadv_20150319.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201503-11\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. OpenSSL Security Advisory [19 Mar 2015]\n=======================================\n\nOpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)\n=====================================================\n\nSeverity: High\n\nIf a client connects to an OpenSSL 1.0.2 server and renegotiates with an\ninvalid signature algorithms extension a NULL pointer dereference will occur. \nThis can be exploited in a DoS attack against the server. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was was reported to OpenSSL on 26th February 2015 by David Ramos\nof Stanford University. The fix was developed by Stephen Henson and Matt\nCaswell of the OpenSSL development team. \n\nReclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n============================================================================\n\nSeverity: High\n\nThis security issue was previously announced by the OpenSSL project and\nclassified as \"low\" severity. This severity rating has now been changed to\n\"high\". \n\nThis was classified low because it was originally thought that server RSA\nexport ciphersuite support was rare: a client was only vulnerable to a MITM\nattack against a server which supports an RSA export ciphersuite. Recent\nstudies have shown that RSA export ciphersuites support is far more common. \n\nThis issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. It was previously announced in the OpenSSL\nsecurity advisory on 8th January 2015. \n\nMultiblock corrupted pointer (CVE-2015-0290)\n============================================\n\nSeverity: Moderate\n\nOpenSSL 1.0.2 introduced the \"multiblock\" performance improvement. This feature\nonly applies on 64 bit x86 architecture platforms that support AES NI\ninstructions. A defect in the implementation of \"multiblock\" can cause OpenSSL\u0027s\ninternal write buffer to become incorrectly set to NULL when using non-blocking\nIO. Typically, when the user application is using a socket BIO for writing, this\nwill only result in a failed connection. However if some other BIO is used then\nit is likely that a segmentation fault will be triggered, thus enabling a\npotential DoS attack. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and\nRainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development\nteam. \n\nSegmentation fault in DTLSv1_listen (CVE-2015-0207)\n===================================================\n\nSeverity: Moderate\n\nThe DTLSv1_listen function is intended to be stateless and processes the initial\nClientHello from many peers. It is common for user code to loop over the call to\nDTLSv1_listen until a valid ClientHello is received with an associated cookie. A\ndefect in the implementation of DTLSv1_listen means that state is preserved in\nthe SSL object from one invocation to the next that can lead to a segmentation\nfault. Errors processing the initial ClientHello can trigger this scenario. An\nexample of such an error could be that a DTLS1.0 only client is attempting to\nconnect to a DTLS1.2 only server. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2a. \n\nThis issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSegmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)\n===================================================\n\nSeverity: Moderate\n\nThe function ASN1_TYPE_cmp will crash with an invalid read if an attempt is\nmade to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check\ncertificate signature algorithm consistency this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered and fixed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nSegmentation fault for invalid PSS parameters (CVE-2015-0208)\n=============================================================\n\nSeverity: Moderate\n\nThe signature verification routines will crash with a NULL pointer\ndereference if presented with an ASN.1 signature using the RSA PSS\nalgorithm and invalid parameters. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\n\nThis issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter\nand a fix developed by Stephen Henson of the OpenSSL development team. \n\nASN.1 structure reuse memory corruption (CVE-2015-0287)\n=======================================================\n\nSeverity: Moderate\n\nReusing a structure in ASN.1 parsing may allow an attacker to cause\nmemory corruption via an invalid write. Such reuse is and has been\nstrongly discouraged and is believed to be rare. \n\nApplications that parse structures containing CHOICE or ANY DEFINED BY\ncomponents may be affected. Certificate parsing (d2i_X509 and related\nfunctions) are however not affected. OpenSSL clients and servers are\nnot affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Emilia K\u00e4sper and a fix developed by\nStephen Henson of the OpenSSL development team. \n\nPKCS7 NULL pointer dereferences (CVE-2015-0289)\n===============================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing outer ContentInfo correctly. \nAn attacker can craft malformed ASN.1-encoded PKCS#7 blobs with\nmissing content and trigger a NULL pointer dereference on parsing. \n\nApplications that verify PKCS#7 signatures, decrypt PKCS#7 data or\notherwise parse PKCS#7 structures from untrusted sources are\naffected. OpenSSL clients and servers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was reported to OpenSSL on February 16th 2015 by Michal\nZalewski (Google) and a fix developed by Emilia K\u00e4sper of the OpenSSL\ndevelopment team. \n\nBase64 decode (CVE-2015-0292)\n=============================\n\nSeverity: Moderate\n\nA vulnerability existed in previous versions of OpenSSL related to the\nprocessing of base64 encoded data. Any code path that reads base64 data from an\nuntrusted source could be affected (such as the PEM processing routines). \nMaliciously crafted base 64 data could trigger a segmenation fault or memory\ncorruption. This was addressed in previous versions of OpenSSL but has not been\nincluded in any security advisory until now. \n\nThis issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 0.9.8 users should upgrade to 0.9.8za. \n\nThe fix for this issue can be identified by commits d0666f289a (1.0.1),\n84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by\nRobert Dugal and subsequently by David Ramos. \n\nDoS via reachable assert in SSLv2 servers (CVE-2015-0293)\n=========================================================\n\nSeverity: Moderate\n\nA malicious client can trigger an OPENSSL_assert (i.e., an abort) in\nservers that both support SSLv2 and enable export cipher suites by sending\na specially crafted SSLv2 CLIENT-MASTER-KEY message. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Sean Burford (Google) and Emilia K\u00e4sper\n(OpenSSL development team) in March 2015 and the fix was developed by\nEmilia K\u00e4sper. \n\nEmpty CKE with client auth and DHE (CVE-2015-1787)\n==================================================\n\nSeverity: Moderate\n\nIf client auth is used then a server can seg fault in the event of a DHE\nciphersuite being selected and a zero length ClientKeyExchange message being\nsent by the client. This could be exploited in a DoS attack. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nHandshake with unseeded PRNG (CVE-2015-0285)\n============================================\n\nSeverity: Low\n\nUnder certain conditions an OpenSSL 1.0.2 client can complete a handshake with\nan unseeded PRNG. The conditions are:\n- The client is on a platform where the PRNG has not been seeded automatically,\nand the user has not seeded manually\n- A protocol specific client method version has been used (i.e. not\nSSL_client_methodv23)\n- A ciphersuite is used that does not require additional random data from the\nPRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA). \n\nIf the handshake succeeds then the client random that has been used will have\nbeen generated from a PRNG with insufficient entropy and therefore the output\nmay be predictable. \n\nFor example using the following command with an unseeded openssl will succeed on\nan unpatched platform:\n\nopenssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA\n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nUse After Free following d2i_ECPrivatekey error (CVE-2015-0209)\n===============================================================\n\nSeverity: Low\n\nA malformed EC private key file consumed via the d2i_ECPrivateKey function could\ncause a use after free condition. This, in turn, could cause a double\nfree in several private key parsing functions (such as d2i_PrivateKey\nor EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption\nfor applications that receive EC private keys from untrusted\nsources. This scenario is considered rare. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by the BoringSSL project and fixed in their commit\n517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nX509_to_X509_REQ NULL pointer deref (CVE-2015-0288)\n===================================================\n\nSeverity: Low\n\nThe function X509_to_X509_REQ will crash with a NULL pointer dereference if\nthe certificate key is invalid. This function is rarely used in practice. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Brian Carpenter and a fix developed by Stephen\nHenson of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150319.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5107    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2013-0248    (AV:L/AC:M/Au:N/C:N/I:P/A:P)        3.3\nCVE-2014-0118    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2014-0226    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2014-0231    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-1692    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-3523    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3569    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3570    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2014-3571    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3572    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-8142    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-8275    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-9427    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-9652    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-9653    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-9705    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0204    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2015-0205    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-0206    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0207    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0208    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-0209    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-0231    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0232    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-0273    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0285    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2015-0286    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0287    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0288    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0289    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0290    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0291    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0293    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-1787    (AV:N/AC:H/Au:N/C:N/I:N/A:P)        2.6\nCVE-2015-1788    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-2134    (AV:N/AC:M/Au:S/C:P/I:P/A:P)        6.0\nCVE-2015-2139    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\nCVE-2015-2140    (AV:N/AC:M/Au:S/C:P/I:P/A:N)        4.9\nCVE-2015-2301    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-2331    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-2348    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-2787    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-3113    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5122    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5123    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5402    (AV:L/AC:M/Au:N/C:C/I:C/A:C)        6.9\nCVE-2015-5403    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\nCVE-2015-5404    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5405    (AV:N/AC:M/Au:S/C:P/I:P/A:P)        6.0\nCVE-2015-5427    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5428    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5429    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5430    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2015-5431    (AV:N/AC:M/Au:S/C:P/I:P/A:N)        4.9\nCVE-2015-5432    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5433    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nReferences:\n\nCVE-2014-0118 - Remote Denial of Service (DoS)\nCVE-2014-0226 - Remote Denial of Service (DoS)\nCVE-2014-0231 - Remote Denial of Service (DoS)\nCVE-2014-3523 - Remote Denial of Service (DoS)\nCVE-2014-3569 - Remote Denial of Service (DoS)\nCVE-2014-3570 - Remote Disclosure of Information\nCVE-2014-3571 - Remote Denial of Service (DoS)\nCVE-2014-3572 - Remote Disclosure of Information\nCVE-2014-8142 - Remote Code Execution\nCVE-2014-8275 - Unauthorized Modification\nCVE-2014-9427 - Remote Disclosure of Information\nCVE-2014-9652 - Remote Denial of Service (DoS)\nCVE-2014-9653 - Remote Denial of Service (DoS)\nCVE-2014-9705 - Remote Code Execution\nCVE-2015-0204 - Remote Disclosure of Information\nCVE-2015-0205 - Remote Unauthorized Access\nCVE-2015-0206 - Remote Denial of Service (DoS)\nCVE-2015-0207 - Remote Denial of Service (DoS)\nCVE-2015-0208 - Remote Denial of Service (DoS)\nCVE-2015-0209 - Remote Denial of Service (DoS)\nCVE-2015-0231 - Remote Denial of Service (DoS)\nCVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-0273 - Remote Execution of Arbitrary Code\nCVE-2015-0285 - Remote Disclosure of Information\nCVE-2015-0286 - Remote Denial of Service (DoS)\nCVE-2015-0287 - Remote Denial of Service (DoS)\nCVE-2015-0288 - Remote Denial of Service (DoS)\nCVE-2015-0289 - Remote Denial of Service (DoS)\nCVE-2015-0290 - Remote Denial of Service (DoS)\nCVE-2015-0291 - Remote Denial of Service (DoS)\nCVE-2015-0292 - Remote Denial of Service (DoS)\nCVE-2015-0293 - Remote Denial of Service (DoS)\nCVE-2015-1787 - Remote Denial of Service (DoS)\nCVE-2015-2301 - Remote Execution of Arbitrary Code\nCVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-2348 - Unauthorized Modification\nCVE-2015-2787 - Remote Execution of Arbitrary Code\nCVE-2015-2134 - Cross-site Request Forgery (CSRF)\nSSRT102109\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:06.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          Multiple OpenSSL vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2015-03-19\nAffects:        All supported versions of FreeBSD. \nCorrected:      2015-03-19 17:40:43 UTC (stable/10, 10.1-STABLE)\n                2015-03-19 17:42:38 UTC (releng/10.1, 10.1-RELEASE-p7)\n                2015-03-19 17:40:43 UTC (stable/9, 9.3-STABLE)\n                2015-03-19 17:42:38 UTC (releng/9.3, 9.3-RELEASE-p11)\n                2015-03-19 17:40:43 UTC (stable/8, 8.4-STABLE)\n                2015-03-19 17:42:38 UTC (releng/8.4, 8.4-RELEASE-p25)\nCVE Name:       CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288,\n                CVE-2015-0289, CVE-2015-0293\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nAbstract Syntax Notation One (ASN.1) is a standard and notation that\ndescribes rules and structures for representing, encoding, transmitting,\nand decoding data in telecommunications and computer networking, which\nenables representation of objects that are independent of machine-specific\nencoding technique. \n\nII.  [CVE-2015-0293]\n\nIII.  [CVE-2015-0209]\n\nA remote attacker who is able to send specifically crafted certificates\nmay be able to crash an OpenSSL client or server. [CVE-2015-0287]\n\nAn attacker may be able to crash applications that create a new certificate\nrequest with subject name the same as in an existing, specifically crafted\ncertificate. \n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch.asc\n# gpg --verify openssl-0.9.8.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch.asc\n# gpg --verify openssl-1.0.1.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r280266\nreleng/8.4/                                                       r280268\nstable/9/                                                         r280266\nreleng/9.3/                                                       r280268\nstable/10/                                                        r280266\nreleng/10.1/                                                      r280268\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20150319.txt\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:06.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.2 (FreeBSD)\n\niQIcBAEBCgAGBQJVCwr1AAoJEO1n7NZdz2rnayEP/0w3Pba5k/1G0mJ1T9APNAns\nhhXm0YuR/rNJ1XBooWEOctrijlsVChcIt8KvJCU9apOZWjDvm/nvaQ077GCi5RSp\njhQBs8MLVfXzwMbJ0/uBpp6ChF8uafk5O+gr8ulb2jG6VIaLkGOWPYv61aRYSGxy\nR7+6FxD8M0lLbGOQGETy1HxKzeWztA2p0ILORNAsi+bF8GSJpxGhSxqDDi4+ic/C\n3oEw0zT/E6DhxJovOPebKq0eGcRbv7ETqDmtNQdqbOddV+0FY1E+nHtrAo6B/Kln\nrL+meBJHmLeEREROFk4OvCynuROUJGmXJGKwjN3uOVM05qcEZS4NkVhFNrxt6S5H\nt3wQ02SesbA3pbmce5OuXmlJgdL57DVlMb5sQjkqPeoJ6pn6Rz7VLSgLNfXDUSxs\nx/Lgx0+qLQUubMud7zT97UIvZmDqFTWXfJu5S/0Qt8BPFunmoNJttJ5Cr+brzEtu\n5RLjcvkC1giVCpSXS96QbeT67uqSkMZa8gtII8bA77HBGA0Ky8AOwTAXbCiUovuH\nsLwsI8KUC3lsKUh7eyLsSm2+wRHn0e6dZ1PE0JRazCnCRboTvMWK2d4R7ANdrwsq\nCgtCWLRz6vbB9J4XTNupcEoZGhIA4RuOBqx43eQmaRw1HoV3vn85QP94oL5jzXBd\nUQg3YfrXHDlxCsqEzN7o\n=wi0T\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1m-i486-1_slack14.1.txz:  Upgraded. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n9ba57b2971962ceb6205ec7b7e6b84e7  openssl-0.9.8zf-i486-1_slack13.0.txz\n706ef57bb71992961584a3d957c5dbcb  openssl-solibs-0.9.8zf-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n5f581b663798eacc8e7df4c292f33dbf  openssl-0.9.8zf-x86_64-1_slack13.0.txz\nfe5f33f4d2db08b4f8d724e62bf6e514  openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1ef0ba15454da786993361c927084438  openssl-0.9.8zf-i486-1_slack13.1.txz\n2b3e20bcaa77f39512b6edcbc41b5471  openssl-solibs-0.9.8zf-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\nf8fae10a1936cf900d362b65d9b2c8df  openssl-0.9.8zf-x86_64-1_slack13.1.txz\n0093e35c46382eeef03a51421895ed65  openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n7d4dd0f76252c98622a5f5939f6f0674  openssl-0.9.8zf-i486-1_slack13.37.txz\ne5cde01c0773ac78d33964e4107878df  openssl-solibs-0.9.8zf-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n379424e15bd378e00a5ba0c709432429  openssl-0.9.8zf-x86_64-1_slack13.37.txz\n54832ad7e5440ce1c496be47fec9140d  openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n8abafa33d2bf90b6cd8be849c0d9a643  openssl-1.0.1m-i486-1_slack14.0.txz\nbac56213a540586d801d7b57608396de  openssl-solibs-1.0.1m-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\nb4c6c971e74b678c68671feed18fa7dc  openssl-1.0.1m-x86_64-1_slack14.0.txz\nacac871e22b5de998544c2f6431c0139  openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\nc1f47f1f1ba5a13d6ac2ef2ae48bfb4c  openssl-1.0.1m-i486-1_slack14.1.txz\nb7b1761ae1585f406d303273812043d3  openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1c6e11e2e3454836d5a3e9243f7c7738  openssl-1.0.1m-x86_64-1_slack14.1.txz\n25b7a704816a2123463ddbfabbc1b86d  openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n0926b2429e1326c8ab9bcbbda056dc66  a/openssl-solibs-1.0.1m-i486-1.txz\nb6252d0f141eba7b0a8e8c5bbdc314f0  n/openssl-1.0.1m-i486-1.txz\n\nSlackware x86_64 -current packages:\n99b903f556c7a2d5ec283f04c2f5a650  a/openssl-solibs-1.0.1m-x86_64-1.txz\n9ecb47e0b70bd7f8064c96fb2211c4b7  n/openssl-1.0.1m-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0209"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "db": "BID",
        "id": "73239"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0209"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "131023"
      },
      {
        "db": "PACKETSTORM",
        "id": "130916"
      },
      {
        "db": "PACKETSTORM",
        "id": "130933"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130932"
      },
      {
        "db": "PACKETSTORM",
        "id": "131585"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0209",
        "trust": 3.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10680",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "73239",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1031929",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10110",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU95877131",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-094-04",
        "trust": 0.4
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0209",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133318",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131023",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130916",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130933",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133325",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132763",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130932",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131585",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0209"
      },
      {
        "db": "BID",
        "id": "73239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "131023"
      },
      {
        "db": "PACKETSTORM",
        "id": "130916"
      },
      {
        "db": "PACKETSTORM",
        "id": "130933"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130932"
      },
      {
        "db": "PACKETSTORM",
        "id": "131585"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "id": "VAR-201503-0052",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44373096375000004
  },
  "last_update_date": "2024-07-23T20:49:46.592000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
      },
      {
        "title": "HT204942",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht204942"
      },
      {
        "title": "HT204942",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht204942"
      },
      {
        "title": "cisco-sa-20150320-openssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150320-openssl"
      },
      {
        "title": "HPSBGN03306 SSRT102007",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04626468"
      },
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95877131/522154/index.html"
      },
      {
        "title": "NV15-015",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-015.html"
      },
      {
        "title": "Fix a failure to NULL a pointer freed on error.",
        "trust": 0.8,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a"
      },
      {
        "title": "Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150319.txt"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - January 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "title": "Bug 1196737",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196737"
      },
      {
        "title": "OpenSSL Updates of 19 March 2015",
        "trust": 0.8,
        "url": "https://access.redhat.com/articles/1384453"
      },
      {
        "title": "RHSA-2015:0715",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0715.html"
      },
      {
        "title": "RHSA-2015:0716",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0716.html"
      },
      {
        "title": "RHSA-2015:0752",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0752.html"
      },
      {
        "title": "SA92",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa92"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "July 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "TLSA-2015-12",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-12j.html"
      },
      {
        "title": "OpenSSL\u306b\u8907\u6570\u306e\u8106\u5f31\u6027 (19 Mar 2015)",
        "trust": 0.8,
        "url": "http://www.seil.jp/support/security/a01545.html"
      },
      {
        "title": "cisco-sa-20150320-openssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128874_cisco-sa-20150320-openssl-j.html"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2537-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-498",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-498"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "Tenable Security Advisories: [R6] OpenSSL \u002720150319\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-04"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=2a43c5799a7dd07d6c0a92a3b040d12f"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150320-openssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Symantec Security Advisories: SA92 : OpenSSL Security Advisory 19-Mar-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=07adc2b6f5910b64efc7296f227b9f10"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-0209 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0209"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "https://www.openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201503-11"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/73239"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196737"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152844.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152733.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152734.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3197"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15%3a06.openssl.asc"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2537-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031929"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0716.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:063"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0752.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0715.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/articles/1384453"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156823.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157177.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht204942"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa92"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1089.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10680"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10110"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu95877131"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0209"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/4885/security-advisory-alienvault-v5-0-"
      },
      {
        "trust": 0.3,
        "url": "https://support.asperasoft.com/entries/93038317-security-bulletin-vulnerabilities-in-openssl"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/apr/37"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/137"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/134"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/136"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679334"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005226"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005241"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005254"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958089"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962334"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098144"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020693"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory13.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958903"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963024"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-04-16.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903752"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701028"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "www-01.ibm.com/support/docview.wss?uid=swg21701256"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10680\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21882710"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022183"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964164"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903799"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022382"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099273"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902449"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882644"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957903"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902544"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21702160"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022367"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883028"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699778"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902519"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020716"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022103"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902673"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883593"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099272"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700167"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902433"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005257"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21722409"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960212"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960210"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21883249"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964410"
      },
      {
        "trust": 0.3,
        "url": "https://support.f5.com/kb/en-us/solutions/public/16000/300/sol16323.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964686"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?rs=630\u0026uid=swg21970748"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960588"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960668"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903261"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903729"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701326"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701334"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882955"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290"
      },
      {
        "trust": 0.3,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2537-1/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150320-openssl"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39581"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0208"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0291"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0207"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0285"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0292"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0290"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/insightupdates"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/smh"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:06/openssl-1.0.1.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:06/openssl-0.9.8.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-15:06.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:06/openssl-1.0.1.patch"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20150319.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:06/openssl-0.9.8.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0209"
      },
      {
        "db": "BID",
        "id": "73239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "131023"
      },
      {
        "db": "PACKETSTORM",
        "id": "130916"
      },
      {
        "db": "PACKETSTORM",
        "id": "130933"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130932"
      },
      {
        "db": "PACKETSTORM",
        "id": "131585"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0209"
      },
      {
        "db": "BID",
        "id": "73239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "131023"
      },
      {
        "db": "PACKETSTORM",
        "id": "130916"
      },
      {
        "db": "PACKETSTORM",
        "id": "130933"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130932"
      },
      {
        "db": "PACKETSTORM",
        "id": "131585"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-0209"
      },
      {
        "date": "2015-03-19T00:00:00",
        "db": "BID",
        "id": "73239"
      },
      {
        "date": "2015-03-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "date": "2015-08-26T01:33:25",
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "date": "2015-03-25T15:48:03",
        "db": "PACKETSTORM",
        "id": "131023"
      },
      {
        "date": "2015-03-20T04:45:06",
        "db": "PACKETSTORM",
        "id": "130916"
      },
      {
        "date": "2015-03-20T05:46:26",
        "db": "PACKETSTORM",
        "id": "130933"
      },
      {
        "date": "2015-08-26T01:35:08",
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "date": "2015-07-21T13:37:51",
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "date": "2015-03-20T05:41:10",
        "db": "PACKETSTORM",
        "id": "130932"
      },
      {
        "date": "2015-04-22T20:14:53",
        "db": "PACKETSTORM",
        "id": "131585"
      },
      {
        "date": "2015-03-19T22:59:02.617000",
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-0209"
      },
      {
        "date": "2017-05-23T16:24:00",
        "db": "BID",
        "id": "73239"
      },
      {
        "date": "2016-11-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "date": "2023-11-07T02:23:19.410000",
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "73239"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/ec/ec_asn1.c of  d2i_ECPrivateKey Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "73239"
      }
    ],
    "trust": 0.3
  }
}

var-201501-0339
Vulnerability from variot

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE) 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4) 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16) 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE) 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8) 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE) 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22) CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572 CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project.

II. [CVE-2014-3569] This does not affect FreeBSD's default build. [CVE-2015-0205]

OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. [CVE-2014-3570]

III. [CVE-2015-0206]

A server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]

A server could present a weak temporary key and downgrade the security of the session. This only affects servers which trust a client certificate authority which issues certificates containing DH keys, which is extremely rare. [CVE-2015-0205]

By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected. [CVE-2014-8275]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 8.4 and FreeBSD 9.3]

fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch

fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc

gpg --verify openssl-9.3.patch.asc

[FreeBSD 10.0]

fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch

fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc

gpg --verify openssl-10.0.patch.asc

[FreeBSD 10.1]

fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch

fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc

gpg --verify openssl-10.1.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r276865 releng/8.4/ r277195 stable/9/ r276865 releng/9.3/ r277195 stable/10/ r276864 releng/10.0/ r277195 releng/10.1/ r277195

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII.

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (CVE-2014-0195).

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (CVE-2014-0198).

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470).

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).

Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209).

The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287).

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).

The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt

Updated Packages:

Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- .

Release Date: 2015-07-20 Last Updated: 2015-07-20

Potential Security Impact: Remote Denial of Service (DoS), cross-site request forgery (CSRF), execution of arbitrary code, unauthorized modification, unauthorized access, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), Cross-site Request Forgery (CSRF), execution of arbitrary code, unauthorized modification, unauthorized access, or disclosure of information.

References:

CVE-2014-0118 - Remote Denial of Service (DoS) CVE-2014-0226 - Remote Denial of Service (DoS) CVE-2014-0231 - Remote Denial of Service (DoS) CVE-2014-3523 - Remote Denial of Service (DoS) CVE-2014-3569 - Remote Denial of Service (DoS) CVE-2014-3570 - Remote Disclosure of Information CVE-2014-3571 - Remote Denial of Service (DoS) CVE-2014-3572 - Remote Disclosure of Information CVE-2014-8142 - Remote Code Execution CVE-2014-8275 - Unauthorized Modification CVE-2014-9427 - Remote Disclosure of Information CVE-2014-9652 - Remote Denial of Service (DoS) CVE-2014-9653 - Remote Denial of Service (DoS) CVE-2014-9705 - Remote Code Execution CVE-2015-0204 - Remote Disclosure of Information CVE-2015-0205 - Remote Unauthorized Access CVE-2015-0206 - Remote Denial of Service (DoS) CVE-2015-0207 - Remote Denial of Service (DoS) CVE-2015-0208 - Remote Denial of Service (DoS) CVE-2015-0209 - Remote Denial of Service (DoS) CVE-2015-0231 - Remote Denial of Service (DoS) CVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-0273 - Remote Execution of Arbitrary Code CVE-2015-0285 - Remote Disclosure of Information CVE-2015-0286 - Remote Denial of Service (DoS) CVE-2015-0287 - Remote Denial of Service (DoS) CVE-2015-0288 - Remote Denial of Service (DoS) CVE-2015-0289 - Remote Denial of Service (DoS) CVE-2015-0290 - Remote Denial of Service (DoS) CVE-2015-0291 - Remote Denial of Service (DoS) CVE-2015-0292 - Remote Denial of Service (DoS) CVE-2015-0293 - Remote Denial of Service (DoS) CVE-2015-1787 - Remote Denial of Service (DoS) CVE-2015-2301 - Remote Execution of Arbitrary Code CVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-2348 - Unauthorized Modification CVE-2015-2787 - Remote Execution of Arbitrary Code CVE-2015-2134 - Cross-site Request Forgery (CSRF) SSRT102109

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) prior to version 7.5.0

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH).

Please download the latest version of HP System Management Homepage (7.5.0) from the following location:

http://www.hp.com/go/smh

HISTORY Version:1 (rev.1) - 20 July 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

References:

CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2014-3569 CVE-2015-0205 CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2016-0705 CVE-2016-0799 CVE-2016-2842 PSRT110092 PSRT110095 CVE-2016-2026 CVE-2016-2027 CVE-2016-2028 CVE-2016-2029 CVE-2016-2030 CVE-2016-4357 CVE-2009-3555 CVE-2016-4358 CVE-2015-3194 CVE-2015-3195 CVE-2015-6565 CVE-2016-2017 CVE-2016-2018 CVE-2016-2019 CVE-2016-2020 CVE-2016-2021 CVE-2016-2022 CVE-2015-7501

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.

A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571)

A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206)

It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)

It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user. (CVE-2014-3572)

It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)

Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)

It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205)

All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-30.el6_6.5.src.rpm

i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-30.el6_6.5.src.rpm

x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-30.el6_6.5.src.rpm

i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm

ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm

s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm

x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-30.el6_6.5.src.rpm

i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-34.el7_0.7.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-34.el7_0.7.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-34.el7_0.7.src.rpm

ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm

s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm

x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-34.el7_0.7.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0339",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "powerlinux 7r2",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "communications core session manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "7.3.5"
      },
      {
        "model": "communications core session manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "7.2.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7200"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7700"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7800"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7100"
      },
      {
        "model": "hpe systems insight manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86)"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.63"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle mobile security suite mss 3.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.71"
      },
      {
        "model": "hp virtual connect enterprise manager sdk",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hpe server migration pack",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "none"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.22 and earlier"
      },
      {
        "model": "hpe version control repository manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp version control agent",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hpe matrix operating environment",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm)"
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "server provisioning"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.1"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7400"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "5200"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "5700"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7300"
      },
      {
        "model": "powerlinux 7r1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.1"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.5"
      },
      {
        "model": "mate collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7600"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "bladecenter advanced management module 25r5778",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "power system s822",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1948"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "783.00"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5205635"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.80"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "flex system p270 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7954-24x)0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22025850"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "6"
      },
      {
        "model": "power systems e870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.4"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.50"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.3"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "85100"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "flex system p260 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-23x)0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "junos os 13.3r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.19"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.1"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "prime security manager 04.8 qa08",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.70"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.21"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0-68"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems 350.c0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.842"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5750"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "flex system manager node types",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79550"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2-77"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "telepresence te software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "linux enterprise software development kit sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.1.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350073830"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "7"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.2.2.2"
      },
      {
        "model": "network configuration and change management service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37001.1"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.8"
      },
      {
        "model": "power system s814",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310025820"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.21"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.3"
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2.00"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.40"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power systems 350.b1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24087380"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power systems 350.e0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.21"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.96"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50001.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems 350.e1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6.156"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.00"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.8"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "system management homepage c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4(7.26)"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8.0.10"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.19"
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "power systems 350.a0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "systems insight manager sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.3"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1(5.106)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.1.8"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1.8"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22079060"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.4"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x638370"
      },
      {
        "model": "mq client for hp integrity nonstop server supportpac mqc8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x88042590"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79180"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.00"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.02"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.102"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.22"
      },
      {
        "model": "application policy infrastructure controller 1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "820.03"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nextscale nx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54550"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5205577"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15-210"
      },
      {
        "model": "websphere mq for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v6"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "security proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0-103"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12.201"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.16"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.95"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.3.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.81"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0-95"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.00"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "ace30 application control engine module 3.0 a5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "junos os 12.3r10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified computing system b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.96"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079150"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.6"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.7"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2.127"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.50"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.2"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "cms r17 r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087220"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.60"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.00"
      },
      {
        "model": "powerlinux 7r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1-73"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "power systems 350.b0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.5.03.00"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "wag310g residential gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "power ese",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0-14"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "cognos controller if1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.3"
      },
      {
        "model": "as infinity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "820.02"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.00"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.11"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.7"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "linux enterprise server for vmware sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux enterprise server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(0.625)"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "agent desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x88079030"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "flex system p260 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-22x)0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24087370"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "jabber voice for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "52056340"
      },
      {
        "model": "ctpos 7.0r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "system management homepage a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11.197"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "power system s824l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15210"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "system m4 hd type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054600"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.80"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.30"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.0"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "560"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "power 795",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.740"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "systems insight manager update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.31"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "system management homepage 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.51"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.21"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "cms r17 r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22279160"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power system s822l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5504667"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.10"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5205587"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "ringmaster appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.60"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.19"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.5"
      },
      {
        "model": "ctpview 7.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.1"
      },
      {
        "model": "cognos controller interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.41"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bladecenter js22",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7998-61x)0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.5"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "vgw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.20"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.32"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "system m4 bd type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054660"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.19"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.15"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "src series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "iptv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "linux enterprise desktop sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325025830"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2.106"
      },
      {
        "model": "web security appliance 9.0.0 -fcs",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "systems insight manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "bladecenter js23",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x)0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "42000"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage 7.3.2.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "3"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14.20"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.760"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.7"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "84200"
      },
      {
        "model": "physical access gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "52056330"
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "bladecenter js43 with feature code",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x8446)0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.51"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x330073820"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "2"
      },
      {
        "model": "power system s824",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "ctp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7500"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1.730"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x363071580"
      },
      {
        "model": "power systems e880",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "ctpos 7.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.5"
      },
      {
        "model": "mq appliance m2000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "flex system p460 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-42x)0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.5"
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "bladecenter t advanced management module 32r0835",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.801"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.10"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8734-"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.5"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.20"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.3"
      },
      {
        "model": "mobile wireless transport manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "mate design",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24078630"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.61"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.143"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087330"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.20"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24089560"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.90"
      },
      {
        "model": "powervu d9190 conditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.02"
      },
      {
        "model": "bladecenter js12 express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7998-60x)0"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.1.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.3"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x353071600"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.7"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0(4.29)"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "mate live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0-12"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.50"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "websphere mq client for hp integrity nonstop server supportpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-0"
      },
      {
        "model": "mobile security suite mss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1.104"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.7"
      },
      {
        "model": "nsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.20"
      },
      {
        "model": "cognos controller if3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.10"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.11"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.6"
      },
      {
        "model": "flex system p24l compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "websphere mq for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "power system s812l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.10"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.2"
      },
      {
        "model": "mobile messaging and m2m client pack (eclipse paho mqtt c client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.1"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pulse secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.00"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087180"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8731-"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "systems insight manager sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1.73"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "45000"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310054570"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "783.01"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.10"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1841"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "cognos controller fp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.3"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.2(3.1)"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.4"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.179"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079140"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.20"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "810.01"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "power systems 350.d0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087520"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.40"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.2"
      },
      {
        "model": "vds service broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "74.90"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35001.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.5"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.40"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x638370"
      },
      {
        "model": "flex system p260 compute node /fc efd9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.2"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5950"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "junos os 12.3x48-d10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.5"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "004.000(1233)"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2.10"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.841"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.7"
      },
      {
        "model": "ctpos 6.6r5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "junos os 13.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.103"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.3"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "780.01"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "740.52"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "550"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5504965"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "53000"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.0.121"
      },
      {
        "model": "ios 15.5 s",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "prime performance manager for sps ppm sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "350.70"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.6"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.31"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x44079170"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.1.2"
      },
      {
        "model": "flex system p460 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-43x)0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "systems insight manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.8"
      },
      {
        "model": "dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79190"
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.750"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.5"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325054580"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "power systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "770.00"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.1"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "71941"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001010"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0205"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0205"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2015-0205",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-0205",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-0205",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-0205",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0205"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001010"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0205"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. \nCorrected:      2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)\n                2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)\n                2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)\n                2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)\n                2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)\n                2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)\n                2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)\nCVE Name:       CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572\n                CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII.  [CVE-2014-3569] This does not affect\nFreeBSD\u0027s default build. [CVE-2015-0205]\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings.  OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. [CVE-2014-3570]\n\nIII. [CVE-2015-0206]\n\nA server can remove forward secrecy from the ciphersuite.  [CVE-2014-3572]\n\nA server could present a weak temporary key and downgrade the security of\nthe session.  This only\naffects servers which trust a client certificate authority which issues\ncertificates containing DH keys, which is extremely rare.  [CVE-2015-0205]\n\nBy modifying the contents of the signature algorithm or the encoding of\nthe signature, it is possible to change the certificate\u0027s fingerprint. It also does not affect common revocation mechanisms.  Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected.  [CVE-2014-8275]\n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 10.0]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r276865\nreleng/8.4/                                                       r277195\nstable/9/                                                         r276865\nreleng/9.3/                                                       r277195\nstable/10/                                                        r276864\nreleng/10.0/                                                      r277195\nreleng/10.1/                                                      r277195\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n The dtls1_reassemble_fragment function in d1_both.c in OpenSSL\n before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does\n not properly validate fragment lengths in DTLS ClientHello messages,\n which allows remote attackers to execute arbitrary code or cause a\n denial of service (buffer overflow and application crash) via a long\n non-initial fragment (CVE-2014-0195). \n \n The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g,\n when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a\n buffer pointer during certain recursive calls, which allows remote\n attackers to cause a denial of service (NULL pointer dereference\n and application crash) via vectors that trigger an alert condition\n (CVE-2014-0198). \n \n The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL\n before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when\n an anonymous ECDH cipher suite is used, allows remote attackers to\n cause a denial of service (NULL pointer dereference and client crash)\n by triggering a NULL certificate value (CVE-2014-3470). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n The ssl23_get_client_hello function in s23_srvr.c in OpenSSL\n 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to\n use unsupported protocols, which allows remote attackers to cause a\n denial of service (NULL pointer dereference and daemon crash) via\n an unexpected handshake, as demonstrated by an SSLv3 handshake to\n a no-ssl3 application with certain error handling. NOTE: this issue\n became relevant after the CVE-2014-3568 fix (CVE-2014-3569). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n Use-after-free vulnerability in the d2i_ECPrivateKey function in\n crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r,\n 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote\n attackers to cause a denial of service (memory corruption and\n application crash) or possibly have unspecified other impact via a\n malformed Elliptic Curve (EC) private-key file that is improperly\n handled during import (CVE-2015-0209). \n \n The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a does not reinitialize CHOICE and ADB data structures,\n which might allow attackers to cause a denial of service (invalid\n write operation and memory corruption) by leveraging an application\n that relies on ASN.1 structure reuse (CVE-2015-0287). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599  mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f  mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b  mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a  mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784  mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1  mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2015-07-20\nLast Updated: 2015-07-20\n\nPotential Security Impact: Remote Denial of Service (DoS), cross-site request\nforgery (CSRF), execution of arbitrary code, unauthorized modification,\nunauthorized access, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential security vulnerabilities have been identified with HP\nSystem Management Homepage (SMH) on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in Denial of Service (DoS), Cross-site\nRequest Forgery (CSRF), execution of arbitrary code, unauthorized\nmodification, unauthorized access, or disclosure of information. \n\nReferences:\n\nCVE-2014-0118 - Remote Denial of Service (DoS)\nCVE-2014-0226 - Remote Denial of Service (DoS)\nCVE-2014-0231 - Remote Denial of Service (DoS)\nCVE-2014-3523 - Remote Denial of Service (DoS)\nCVE-2014-3569 - Remote Denial of Service (DoS)\nCVE-2014-3570 - Remote Disclosure of Information\nCVE-2014-3571 - Remote Denial of Service (DoS)\nCVE-2014-3572 - Remote Disclosure of Information\nCVE-2014-8142 - Remote Code Execution\nCVE-2014-8275 - Unauthorized Modification\nCVE-2014-9427 - Remote Disclosure of Information\nCVE-2014-9652 - Remote Denial of Service (DoS)\nCVE-2014-9653 - Remote Denial of Service (DoS)\nCVE-2014-9705 - Remote Code Execution\nCVE-2015-0204 - Remote Disclosure of Information\nCVE-2015-0205 - Remote Unauthorized Access\nCVE-2015-0206 - Remote Denial of Service (DoS)\nCVE-2015-0207 - Remote Denial of Service (DoS)\nCVE-2015-0208 - Remote Denial of Service (DoS)\nCVE-2015-0209 - Remote Denial of Service (DoS)\nCVE-2015-0231 - Remote Denial of Service (DoS)\nCVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-0273 - Remote Execution of Arbitrary Code\nCVE-2015-0285 - Remote Disclosure of Information\nCVE-2015-0286 - Remote Denial of Service (DoS)\nCVE-2015-0287 - Remote Denial of Service (DoS)\nCVE-2015-0288 - Remote Denial of Service (DoS)\nCVE-2015-0289 - Remote Denial of Service (DoS)\nCVE-2015-0290 - Remote Denial of Service (DoS)\nCVE-2015-0291 - Remote Denial of Service (DoS)\nCVE-2015-0292 - Remote Denial of Service (DoS)\nCVE-2015-0293 - Remote Denial of Service (DoS)\nCVE-2015-1787 - Remote Denial of Service (DoS)\nCVE-2015-2301 - Remote Execution of Arbitrary Code\nCVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-2348 - Unauthorized Modification\nCVE-2015-2787 - Remote Execution of Arbitrary Code\nCVE-2015-2134 - Cross-site Request Forgery (CSRF)\nSSRT102109\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-0118    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0226    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-0231    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3523    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3569    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3570    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\nCVE-2014-3571    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3572    (AV:N/AC:L/Au:N/C:N/I:P/A:N)       5.0\nCVE-2014-8142    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-8275    (AV:N/AC:L/Au:N/C:N/I:P/A:N)       5.0\nCVE-2014-9427    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-9652    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-9653    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-9705    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-0204    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2015-0205    (AV:N/AC:L/Au:N/C:N/I:P/A:N)       5.0\nCVE-2015-0206    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0207    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0208    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-0209    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-0231    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-0232    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-0273    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-0285    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2015-0286    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0287    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0288    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0289    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0290    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0291    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-0293    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1787    (AV:N/AC:H/Au:N/C:N/I:N/A:P)       2.6\nCVE-2015-2301    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-2331    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-2348    (AV:N/AC:L/Au:N/C:N/I:P/A:N)       5.0\nCVE-2015-2787    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-2134    (AV:N/AC:M/Au:S/C:P/I:P/A:P)       6.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities for the impacted versions of HP System Management Homepage\n(SMH). \n\n  Please download the latest version of HP System Management Homepage (7.5.0)\nfrom the following location:\n\n    http://www.hp.com/go/smh\n\nHISTORY\nVersion:1 (rev.1) - 20 July 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nReferences:\n\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2014-3569\nCVE-2015-0205\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3567\nCVE-2014-3568\nCVE-2016-0705\nCVE-2016-0799\nCVE-2016-2842\nPSRT110092\nPSRT110095\nCVE-2016-2026\nCVE-2016-2027\nCVE-2016-2028\nCVE-2016-2029\nCVE-2016-2030\nCVE-2016-4357\nCVE-2009-3555\nCVE-2016-4358\nCVE-2015-3194\nCVE-2015-3195\nCVE-2015-6565\nCVE-2016-2017\nCVE-2016-2018\nCVE-2016-2019\nCVE-2016-2020\nCVE-2016-2021\nCVE-2016-2022\nCVE-2015-7501\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2015:0066-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-0066.html\nIssue date:        2015-01-20\nUpdated on:        2015-01-21\nCVE Names:         CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n                   CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 \n                   CVE-2015-0206 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function\nof OpenSSL parsed certain DTLS messages. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL\u0027s BigNumber Squaring implementation could produce\nincorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected. \nA malicious server could make a TLS/SSL client using OpenSSL use a weaker\nkey exchange method than the one requested by the user. (CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept\nDiffie-Hellman client certificates without the use of a private key. \nAn attacker could use a user\u0027s client certificate to authenticate as that\nuser, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites\n1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record\n1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record\n1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3571\nhttps://access.redhat.com/security/cve/CVE-2014-3572\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0205\nhttps://access.redhat.com/security/cve/CVE-2015-0206\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X\nENFobdxQdJ+gVAiRe8Qf54A=\n=wyAg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0205"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001010"
      },
      {
        "db": "BID",
        "id": "71941"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0205"
      },
      {
        "db": "PACKETSTORM",
        "id": "129973"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0205",
        "trust": 3.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10679",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "71941",
        "trust": 1.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10102",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10108",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1033378",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU98974537",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001010",
        "trust": 0.8
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0205",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129973",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131044",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133316",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129870",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132763",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137201",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130051",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0205"
      },
      {
        "db": "BID",
        "id": "71941"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001010"
      },
      {
        "db": "PACKETSTORM",
        "id": "129973"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0205"
      }
    ]
  },
  "id": "VAR-201501-0339",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.396927715
  },
  "last_update_date": "2024-07-23T21:04:37.270000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20150310-ssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
      },
      {
        "title": "Unauthenticated DH client certificate fix.",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3"
      },
      {
        "title": "HPSBMU03396",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
      },
      {
        "title": "HPSBMU03397",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
      },
      {
        "title": "HPSBMU03409",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "title": "HPSBMU03413",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
      },
      {
        "title": "HPSBMU03380",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
      },
      {
        "title": "HPSBHF03289",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04602055"
      },
      {
        "title": "HPSBMU03611",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "title": "HPSBMU03612",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "title": "NV15-017",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html"
      },
      {
        "title": "DH client certificates accepted without verification [Server] (CVE-2015-0205)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150108.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
      },
      {
        "title": "Oracle Third Party Bulletin - January 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "title": "RHSA-2015:0066",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0066.html"
      },
      {
        "title": "April 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "July 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
      },
      {
        "title": "cisco-sa-20150310-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html"
      },
      {
        "title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "http://buffalo.jp/support_s/s20150327b.html"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150066 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2015-0205",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-0205"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2459-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150108\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-03"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-469",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-469"
      },
      {
        "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "JPN_RIC13351-2",
        "trust": 0.1,
        "url": "https://github.com/neominds/jpn_ric13351-2 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0205"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001010"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001010"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0205"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://www.openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html"
      },
      {
        "trust": 1.1,
        "url": "https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3125"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa88"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1033378"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/71941"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99708"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu98974537"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0205"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.3,
        "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857"
      },
      {
        "trust": 0.3,
        "url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101008182"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022575"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098358"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699052"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0205"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.2,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.2,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/310.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:0066"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2459-1/"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20150108.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-15:01.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5409"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result\u0026doc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5413"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5410"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5411"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightcontrol"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/smh"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightmanagement"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2019"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2018"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2021"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0205"
      },
      {
        "db": "BID",
        "id": "71941"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001010"
      },
      {
        "db": "PACKETSTORM",
        "id": "129973"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0205"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0205"
      },
      {
        "db": "BID",
        "id": "71941"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001010"
      },
      {
        "db": "PACKETSTORM",
        "id": "129973"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0205"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-01-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-0205"
      },
      {
        "date": "2015-01-08T00:00:00",
        "db": "BID",
        "id": "71941"
      },
      {
        "date": "2015-01-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001010"
      },
      {
        "date": "2015-01-15T16:53:07",
        "db": "PACKETSTORM",
        "id": "129973"
      },
      {
        "date": "2015-03-27T20:42:44",
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "date": "2015-08-26T01:33:07",
        "db": "PACKETSTORM",
        "id": "133316"
      },
      {
        "date": "2016-06-02T19:12:12",
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "date": "2015-01-09T17:43:35",
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "date": "2015-07-21T13:37:51",
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "date": "2016-05-26T09:22:00",
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "date": "2015-01-22T01:35:41",
        "db": "PACKETSTORM",
        "id": "130051"
      },
      {
        "date": "2015-01-09T02:59:11.273000",
        "db": "NVD",
        "id": "CVE-2015-0205"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-0205"
      },
      {
        "date": "2017-01-23T00:09:00",
        "db": "BID",
        "id": "71941"
      },
      {
        "date": "2016-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001010"
      },
      {
        "date": "2017-11-15T02:29:05.890000",
        "db": "NVD",
        "id": "CVE-2015-0205"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "71941"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  s3_srvr.c of  ssl3_get_cert_verify Vulnerability to gain access to functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001010"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "71941"
      }
    ],
    "trust": 0.3
  }
}

var-202207-0107
Vulnerability from variot

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). The issue in CVE-2022-1292 did not find other places in the c_rehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an malicious user to execute arbitrary commands with the privileges of the script. (CVE-2022-2097). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-02

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple Vulnerabilities Date: October 16, 2022 Bugs: #741570, #809980, #832339, #835343, #842489, #856592 ID: 202210-02

Synopsis

Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service.

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.1.1q >= 1.1.1q

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1q"

References

[ 1 ] CVE-2020-1968 https://nvd.nist.gov/vuln/detail/CVE-2020-1968 [ 2 ] CVE-2021-3711 https://nvd.nist.gov/vuln/detail/CVE-2021-3711 [ 3 ] CVE-2021-3712 https://nvd.nist.gov/vuln/detail/CVE-2021-3712 [ 4 ] CVE-2021-4160 https://nvd.nist.gov/vuln/detail/CVE-2021-4160 [ 5 ] CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 [ 6 ] CVE-2022-1292 https://nvd.nist.gov/vuln/detail/CVE-2022-1292 [ 7 ] CVE-2022-1473 https://nvd.nist.gov/vuln/detail/CVE-2022-1473 [ 8 ] CVE-2022-2097 https://nvd.nist.gov/vuln/detail/CVE-2022-2097

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202210-02

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update Advisory ID: RHSA-2022:6156-01 Product: RHODF Advisory URL: https://access.redhat.com/errata/RHSA-2022:6156 Issue date: 2022-08-24 CVE Names: CVE-2021-23440 CVE-2021-23566 CVE-2021-40528 CVE-2022-0235 CVE-2022-0536 CVE-2022-0670 CVE-2022-1292 CVE-2022-1586 CVE-2022-1650 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-21698 CVE-2022-22576 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24675 CVE-2022-24771 CVE-2022-24772 CVE-2022-24773 CVE-2022-24785 CVE-2022-24921 CVE-2022-25313 CVE-2022-25314 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-28327 CVE-2022-29526 CVE-2022-29810 CVE-2022-29824 CVE-2022-31129 ==================================================================== 1. Summary:

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.

Security Fix(es):

  • eventsource: Exposure of Sensitive Information (CVE-2022-1650)

  • moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)

  • nodejs-set-value: type confusion allows bypass of CVE-2019-10747 (CVE-2021-23440)

  • nanoid: Information disclosure via valueOf() function (CVE-2021-23566)

  • node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

  • follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)

  • prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)

  • golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)

  • golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)

  • golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)

  • golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)

  • node-forge: Signature verification leniency in checking digestAlgorithm structure can lead to signature forgery (CVE-2022-24771)

  • node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)

  • node-forge: Signature verification leniency in checking DigestInfo structure (CVE-2022-24773)

  • Moment.js: Path traversal in moment.locale (CVE-2022-24785)

  • golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)

  • golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)

  • golang: syscall: faccessat checks wrong group (CVE-2022-29526)

  • go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:

https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index

All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1937117 - Deletion of StorageCluster doesn't remove ceph toolbox pod 1947482 - The device replacement process when deleting the volume metadata need to be fixed or modified 1973317 - libceph: read_partial_message and bad crc/signature errors 1996829 - Permissions assigned to ceph auth principals when using external storage are too broad 2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 2027724 - Warning log for rook-ceph-toolbox in ocs-operator log 2029298 - [GSS] Noobaa is not compatible with aws bucket lifecycle rule creation policies 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2047173 - [RFE] Change controller-manager pod name in odf-lvm-operator to more relevant name to lvm 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2050897 - CVE-2022-0235 mcg-core-container: node-fetch: exposure of sensitive information to an unauthorized actor [openshift-data-foundation-4] 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control 2056697 - odf-csi-addons-operator subscription failed while using custom catalog source 2058211 - Add validation for CIDR field in DRPolicy 2060487 - [ODF to ODF MS] Consumer lost connection to provider API if the endpoint node is powered off/replaced 2060790 - ODF under Storage missing for OCP 4.11 + ODF 4.10 2061713 - [KMS] The error message during creation of encrypted PVC mentions the parameter in UPPER_CASE 2063691 - [GSS] [RFE] Add termination policy to s3 route 2064426 - [GSS][External Mode] exporter python script does not support FQDN for RGW endpoint 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression 2066514 - OCS operator to install Ceph prometheus alerts instead of Rook 2067079 - [GSS] [RFE] Add termination policy to ocs-storagecluster-cephobjectstore route 2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking digestAlgorithm structure can lead to signature forgery 2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery 2067461 - CVE-2022-24773 node-forge: Signature verification leniency in checking DigestInfo structure 2069314 - OCS external mode should allow specifying names for all Ceph auth principals 2069319 - [RFE] OCS CephFS External Mode Multi-tenancy. Add cephfs subvolumegroup and path= caps per cluster. 2069812 - must-gather: rbd_vol_and_snap_info collection is broken 2069815 - must-gather: essential rbd mirror command outputs aren't collected 2070542 - After creating a new storage system it redirects to 404 error page instead of the "StorageSystems" page for OCP 4.11 2071494 - [DR] Applications are not getting deployed 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2073920 - rook osd prepare failed with this error - failed to set kek as an environment variable: key encryption key is empty 2074810 - [Tracker for Bug 2074585] MCG standalone deployment page goes blank when the KMS option is enabled 2075426 - 4.10 must gather is not available after GA of 4.10 2075581 - [IBM Z] : ODF 4.11.0-38 deployment leaves the storagecluster in "Progressing" state although all the openshift-storage pods are up and Running 2076457 - After node replacement[provider], connection issue between consumer and provider if the provider node which was referenced MON-endpoint configmap (on consumer) is lost 2077242 - vg-manager missing permissions 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2079866 - [DR] odf-multicluster-console is in CLBO state 2079873 - csi-nfsplugin pods are not coming up after successful patch request to update "ROOK_CSI_ENABLE_NFS": "true"' 2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses 2081680 - Add the LVM Operator into the Storage category in OperatorHub 2082028 - UI does not have the option to configure capacity, security and networks,etc. during storagesystem creation 2082078 - OBC's not getting created on primary cluster when manageds3 set as "true" for mirrorPeer 2082497 - Do not filter out removable devices 2083074 - [Tracker for Ceph BZ #2086419] Two Ceph mons crashed in ceph-16.2.7/src/mon/PaxosService.cc: 193: FAILED ceph_assert(have_pending) 2083441 - LVM operator should deploy the volumesnapshotclass resource 2083953 - [Tracker for Ceph BZ #2084579] PVC created with ocs-storagecluster-ceph-nfs storageclass is moving to pending status 2083993 - Add missing pieces for storageclassclaim 2084041 - [Console Migration] Link-able storage system name directs to blank page 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2084201 - MCG operator pod is stuck in a CrashLoopBackOff; Panic Attack: [] an empty namespace may not be set when a resource name is provided" 2084503 - CLI falsely flags unique PVPool backingstore secrets as duplicates 2084546 - [Console Migration] Provider details absent under backing store in UI 2084565 - [Console Migration] The creation of new backing store , directs to a blank page 2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information 2085351 - [DR] Mirrorpeer failed to create with msg Internal error occurred 2085357 - [DR] When drpolicy is create drcluster resources are getting created under default namespace 2086557 - Thin pool in lvm operator doesn't use all disks 2086675 - [UI]No option to "add capacity" via the Installed Operators tab 2086982 - ODF 4.11 deployment is failing 2086983 - [odf-clone] Mons IP not updated correctly in the rook-ceph-mon-endpoints cm 2087078 - [RDR] [UI] Multiple instances of Object Bucket, Object Bucket Claims and 'Overview' tab is present under Storage section on the Hub cluster when navigated back from the Managed cluster using the Hybrid console dropdown 2087107 - Set default storage class if none is set 2087237 - [UI] After clicking on Create StorageSystem, it navigates to Storage Systems tab but shows an error message 2087675 - ocs-metrics-exporter pod crashes on odf v4.11 2087732 - [Console Migration] Events page missing under new namespace store 2087755 - [Console Migration] Bucket Class details page doesn't have the complete details in UI 2088359 - Send VG Metrics even if storage is being consumed from thinPool alone 2088380 - KMS using vault on standalone MCG cluster is not enabled 2088506 - ceph-external-cluster-details-exporter.py should not accept hostname for rgw-endpoint 2088587 - Removal of external storage system with misconfigured cephobjectstore fails on noobaa webhook 2089296 - [MS v2] Storage cluster in error phase and 'ocs-provider-qe' addon installation failed with ODF 4.10.2 2089342 - prometheus pod goes into OOMKilled state during ocs-osd-controller-manager pod restarts 2089397 - [GSS]OSD pods CLBO after upgrade to 4.10 from 4.9. 2089552 - [MS v2] Cannot create StorageClassClaim 2089567 - [Console Migration] Improve the styling of Various Components 2089786 - [Console Migration] "Attach to deployment" option is missing in kebab menu for Object Bucket Claims . 2089795 - [Console Migration] Yaml and Events page is missing for Object Bucket Claims and Object Bucket. 2089797 - [RDR] rbd image failed to mount with msg rbd error output: rbd: sysfs write failed 2090278 - [LVMO] Some containers are missing resource requirements and limits 2090314 - [LVMO] CSV is missing some useful annotations 2090953 - [MCO] DRCluster created under default namespace 2091487 - [Hybrid Console] Multicluster dashboard is not displaying any metrics 2091638 - [Console Migration] Yaml page is missing for existing and newly created Block pool. 2091641 - MCG operator pod is stuck in a CrashLoopBackOff; MapSecretToNamespaceStores invalid memory address or nil pointer dereference 2091681 - Auto replication policy type detection is not happneing on DRPolicy creation page when ceph cluster is external 2091894 - All backingstores in cluster spontaneously change their own secret 2091951 - [GSS] OCS pods are restarting due to liveness probe failure 2091998 - Volume Snapshots not work with external restricted mode 2092143 - Deleting a CephBlockPool CR does not delete the underlying Ceph pool 2092217 - [External] UI for uploding JSON data for external cluster connection has some strict checks 2092220 - [Tracker for Ceph BZ #2096882] CephNFS is not reaching to Ready state on ODF on IBM Power (ppc64le) 2092349 - Enable zeroing on the thin-pool during creation 2092372 - [MS v2] StorageClassClaim is not reaching Ready Phase 2092400 - [MS v2] StorageClassClaim creation is failing with error "no StorageCluster found" 2093266 - [RDR] When mirroring is enabled rbd mirror daemon restart config should be enabled automatically 2093848 - Note about token for encrypted PVCs should be removed when only cluster wide encryption checkbox is selected 2094179 - MCO fails to create DRClusters when replication mode is synchronous 2094853 - [Console Migration] Description under storage class drop down in add capacity is missing . 2094856 - [KMS] PVC creation using vaulttenantsa method is failing due to token secret missing in serviceaccount 2095155 - Use tool black to format the python external script 2096209 - ReclaimSpaceJob fails on OCP 4.11 + ODF 4.10 cluster 2096414 - Compression status for cephblockpool is reported as Enabled and Disabled at the same time 2096509 - [Console Migration] Unable to select Storage Class in Object Bucket Claim creation page 2096513 - Infinite BlockPool tabs get created when the StorageSystem details page is opened 2096823 - After upgrading the cluster from ODF4.10 to ODF4.11, the ROOK_CSI_ENABLE_CEPHFS move to False 2096937 - Storage - Data Foundation: i18n misses 2097216 - Collect StorageClassClaim details in must-gather 2097287 - [UI] Dropdown doesn't close on it's own after arbiter zone selection on 'Capacity and nodes' page 2097305 - Add translations for ODF 4.11 2098121 - Managed ODF not getting detected 2098261 - Remove BlockPools(no use case) and Object(redundat with Overview) tab on the storagesystem page for NooBaa only and remove BlockPools tab for External mode deployment 2098536 - [KMS] PVC creation using vaulttenantsa method is failing due to token secret missing in serviceaccount 2099265 - [KMS] The storagesystem creation page goes blank when KMS is enabled 2099581 - StorageClassClaim with encryption gets into Failed state 2099609 - The red-hat-storage/topolvm release-4.11 needs to be synced with the upstream project 2099646 - Block pool list page kebab action menu is showing empty options 2099660 - OCS dashbaords not appearing unless user clicks on "Overview" Tab 2099724 - S3 secret namespace on the managed cluster doesn't match with the namespace in the s3profile 2099965 - rbd: provide option to disable setting metadata on RBD images 2100326 - [ODF to ODF] Volume snapshot creation failed 2100352 - Make lvmo pod labels more uniform 2100946 - Avoid temporary ceph health alert for new clusters where the insecure global id is allowed longer than necessary 2101139 - [Tracker for OCP BZ #2102782] topolvm-controller get into CrashLoopBackOff few minutes after install 2101380 - Default backingstore is rejected with message INVALID_SCHEMA_PARAMS SERVER account_api#/methods/check_external_connection 2103818 - Restored snapshot don't have any content 2104833 - Need to update configmap for IBM storage odf operator GA 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS

  1. References:

https://access.redhat.com/security/cve/CVE-2021-23440 https://access.redhat.com/security/cve/CVE-2021-23566 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2022-0235 https://access.redhat.com/security/cve/CVE-2022-0536 https://access.redhat.com/security/cve/CVE-2022-0670 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1650 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-24771 https://access.redhat.com/security/cve/CVE-2022-24772 https://access.redhat.com/security/cve/CVE-2022-24773 https://access.redhat.com/security/cve/CVE-2022-24785 https://access.redhat.com/security/cve/CVE-2022-24921 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-29526 https://access.redhat.com/security/cve/CVE-2022-29810 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYwZpHdzjgjWX9erEAQgy1Q//QaStGj34eQ0ap5J5gCcC1lTv7U908fNy Xo7VvwAi67IslacAiQhWNyhg+jr1c46Op7kAAC04f8n25IsM+7xYYyieJ0YDAP7N b3iySRKnPI6I9aJlN0KMm7J1jfjFmcuPMrUdDHiSGNsmK9zLmsQs3dGMaCqYX+fY sJEDPnMMulbkrPLTwSG2IEcpqGH2BoEYwPhSblt2fH0Pv6H7BWYF/+QjxkGOkGDj gz0BBnc1Foir2BpYKv6/+3FUbcXFdBXmrA5BIcZ9157Yw3RP/khf+lQ6I1KYX1Am 2LI6/6qL8HyVWyl+DEUz0DxoAQaF5x61C35uENyh/U96sYeKXtP9rvDC41TvThhf mX4woWcUN1euDfgEF22aP9/gy+OsSyfP+SV0d9JKIaM9QzCCOwyKcIM2+CeL4LZl CSAYI7M+cKsl1wYrioNBDdG8H54GcGV8kS1Hihb+Za59J7pf/4IPuHy3Cd6FBymE hTFLE9YGYeVtCufwdTw+4CEjB2jr3WtzlYcSc26SET9aPCoTUmS07BaIAoRmzcKY 3KKSKi3LvW69768OLQt8UT60WfQ7zHa+OWuEp1tVoXe/XU3je42yuptCd34axn7E 2gtZJOocJxL2FtehhxNTx7VI3Bjy2V0VGlqqf1t6/z6r0IOhqxLbKeBvH9/XF/6V ERCapzwcRuQ=gV+z -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

Security fix:

  • CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS

Bug fixes:

  • Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)

  • RHACM 2.3.12 images (BZ# 2101411)

  • Bugs fixed (https://bugzilla.redhat.com/):

2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS

  1. ========================================================================== Ubuntu Security Notice USN-5502-1 July 05, 2022

openssl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.04 LTS
  • Ubuntu 21.10
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS

Summary:

OpenSSL could be made to expose sensitive information over the network. A remote attacker could possibly use this issue to obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04 LTS: libssl3 3.0.2-0ubuntu1.6

Ubuntu 21.10: libssl1.1 1.1.1l-1ubuntu1.6

Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.16

Ubuntu 18.04 LTS: libssl1.1 1.1.1-1ubuntu2.1~18.04.20

After a standard system update you need to reboot your computer to make all the necessary changes. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/

Security fixes:

  • CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS

  • CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add

  • CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header

  • CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions

  • CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip

  • CVE-2022-30630 golang: io/fs: stack exhaustion in Glob

  • CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

  • CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob

  • CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal

  • CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode

  • CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

Bug fixes:

  • assisted-service repo pin-latest.py script should allow custom tags to be pinned (BZ# 2065661)

  • assisted-service-build image is too big in size (BZ# 2066059)

  • assisted-service pin-latest.py script should exclude the postgres image (BZ# 2076901)

  • PXE artifacts need to be served via HTTP (BZ# 2078531)

  • Implementing new service-agent protocol on agent side (BZ# 2081281)

  • RHACM 2.6.0 images (BZ# 2090906)

  • Assisted service POD keeps crashing after a bare metal host is created (BZ# 2093503)

  • Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled (BZ# 2096106)

  • Fix assisted CI jobs that fail for cluster-info readiness (BZ# 2097696)

  • Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB (BZ# 2099277)

  • The pre-selected search keyword is not readable (BZ# 2107736)

  • The value of label expressions in the new placement for policy and policysets cannot be shown real-time from UI (BZ# 2111843)

  • Bugs fixed (https://bugzilla.redhat.com/):

2065661 - assisted-service repo pin-latest.py script should allow custom tags to be pinned 2066059 - assisted-service-build image is too big in size 2076901 - assisted-service pin-latest.py script should exclude the postgres image 2078531 - iPXE artifacts need to be served via HTTP 2081281 - Implementing new service-agent protocol on agent side 2090901 - Capital letters in install-config.yaml .platform.baremetal.hosts[].name cause bootkube errors 2090906 - RHACM 2.6.0 images 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2093503 - Assisted service POD keeps crashing after a bare metal host is created 2096106 - Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled 2096445 - Assisted service POD keeps crashing after a bare metal host is created 2096460 - Spoke BMH stuck "inspecting" when deployed via the converged workflow 2097696 - Fix assisted CI jobs that fail for cluster-info readiness 2099277 - Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB 2103703 - Automatic version upgrade triggered for oadp operator installed by cluster-backup-chart 2104117 - Spoke BMH stuck ?available? after changing a BIOS attribute via the converged workflow 2104984 - Infrastructure operator missing clusterrole permissions for interacting with mutatingwebhookconfigurations 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2105339 - Search Application button on the Application Table for Subscription applications does not Redirect 2105357 - [UI] hypershift cluster creation error - n[0] is undefined 2106347 - Submariner error looking up service account submariner-operator/submariner-addon-sa 2106882 - Security Context Restrictions are restricting creation of some pods which affects the deployment of some applications 2107049 - The clusterrole for global clusterset did not created by default 2107065 - governance-policy-framework in CrashLoopBackOff state on spoke cluster: Failed to start manager {"error": "error listening on :8081: listen tcp :8081: bind: address already in use"} 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107370 - Helm Release resource recreation feature does not work with the local cluster 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2108888 - Hypershift on AWS - control plane not running 2109370 - The button to create the cluster is not visible 2111203 - Add ocp 4.11 to filters for discovering clusters in ACM 2.6 2111218 - Create cluster - Infrastructure page crashes 2111651 - "View application" button on app table for Flux applications redirects to apiVersion=ocp instead of flux 2111663 - Hosted cluster in Pending import state 2111671 - Leaked namespaces after deleting hypershift deployment 2111770 - [ACM 2.6] there is no node info for remote cluster in multiple hubs 2111843 - The value of label expressions in the new placement for policy and policysets cannot be shown real-time from UI 2112180 - The policy page is crashed after input keywords in the search box 2112281 - config-policy-controller pod can't startup in the OCP3.11 managed cluster 2112318 - Can't delete the objects which are re-created by policy when deleting the policy 2112321 - BMAC reconcile loop never stops after changes 2112426 - No cluster discovered due to x509: certificate signed by unknown authority 2112478 - Value of delayAfterRunSeconds is not shown on the final submit panel and the word itself should not be wrapped. 2112793 - Can't view details of the policy template when set the spec.pruneObjectBehavior as unsupported value 2112803 - ClusterServiceVersion for release 2.6 branch references "latest" tag 2113787 - [ACM 2.6] can not delete namespaces after detaching the hosted cluster 2113838 - the cluster proxy-agent was deployed on the non-infra nodes 2113842 - [ACM 2.6] must restart hosting cluster registration pod if update work-manager-addon cr to change installNamespace 2114982 - Control plane type shows 'Standalone' for hypershift cluster 2115622 - Hub fromsecret function doesn't work for hosted mode in multiple hub 2115723 - Can't view details of the policy template for customer and hypershift cluster in hosted mode from UI 2115993 - Policy automation details panel was not updated after editing the mode back to disabled 2116211 - Count of violations with unknown status was not accurate when managed clusters have mixed status 2116329 - cluster-proxy-agent not startup due to the imagepullbackoff on spoke cluster 2117113 - The proxy-server-host was not correct in cluster-proxy-agent 2117187 - pruneObjectBehavior radio selection cannot work well and always switch the first one template in multiple configurationPolicy templates 2117480 - [ACM 2.6] infra-id of HypershiftDeployment doesn't work 2118338 - Report the "namespace not found" error after clicked view yaml link of a policy in the multiple hub env 2119326 - Can't view details of the SecurityContextConstraints policy for managed clusters from UI

  1. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Description:

Openshift Logging Bug Fix Release (5.3.11)

Security Fix(es):

  • golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Description:

Gatekeeper Operator v0.2

Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. For support options for any other use, see the Gatekeeper open source project website at: https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.

Security fix:

  • CVE-2022-30629: gatekeeper-container: golang: crypto/tls: session tickets lack random ticket_age_add

  • CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header

  • CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions

  • CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip

  • CVE-2022-30630: golang: io/fs: stack exhaustion in Glob

  • CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

  • CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob

  • CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode

  • CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal

  • CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

  • Solution:

The requirements to apply the upgraded images are different whether or not you used the operator. Complete the following steps, depending on your installation:

  • Upgrade gatekeeper operator: The gatekeeper operator that is installed by the gatekeeper operator policy has installPlanApproval set to Automatic. This setting means the operator will be upgraded automatically when there is a new version of the operator. No further action is required for upgrade. If you changed the setting for installPlanApproval to manual, then you must view each cluster to manually approve the upgrade to the operator.

  • Upgrade gatekeeper without the operator: The gatekeeper version is specified as part of the Gatekeeper CR in the gatekeeper operator policy. To upgrade the gatekeeper version: a) Determine the latest version of gatekeeper by visiting: https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. b) Click the tag dropdown, and find the latest static tag. An example tag is 'v3.3.0-1'. c) Edit the gatekeeper operator policy and update the image tag to use the latest static tag. For example, you might change this line to image: 'registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1'.

Refer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/ for additional information. Bugs fixed (https://bugzilla.redhat.com/):

2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal

Additional details can be found in the upstream advisories at https://www.openssl.org/news/secadv/20220705.txt and https://www.openssl.org/news/secadv/20230207.txt

For the stable distribution (bullseye), these problems have been fixed in version 1.1.1n-0+deb11u4.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmPivONfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RBCA/+IqJ9qtjytulO41yPphASSEu22XVN9EYAUsdcpsTmnDtp1zUQSZpQv5qk 464Z2+0SkNtiHm5O5z5fs4LX0wXYBvLYrFnh2X2Z6rT+YFhXg8ZdEo+IysYSV7gB utbb1zbSqUSSLmlF/r6SnXy+HlTyB56p+k0MnLNHejes6DoghebZJGU6Dl5D8Z2J wOB6xi2sS3zVl1O+8//PPk5Sha8ESShuP/sBby01Xvpl65+8Icn7dXXHFNUn27rZ WdQCdxJaUJiqjZYzI5XAB+zHl8KNDiWP9MqIeT3g+YQ+nzSTeHxRPXDTDvClMv9y CJ90PaCY1DBNh5NrE2/IZkpIOKvTjRX3+db7Nab2GyRzLCP7p+1Bm14zHiKRHPOR t/6yX11diIF2zvlP/7qeCGkutv9KrFjSW81o1GgJMdt8uduHa95IgKNNUsA6Wf3O SkUP4EYfhXs2+TIfEenvqLuAmLsQBCRCvNDdmEGhtR4r0hpvcJ4eOaDBE6FWih1J i0mpDIjBYOV2iEUe85XfYflrcFfaxSwbl4ultH3Q3eWtiMwLgXqJ9dKRQEXJX7hp 48zKPwnftJbGBri9Y293sMjcpv3F/PTjXMh8LcUSVDkVVdQ8cLSmdmP4v4wSzV/q Z7KATUs6YAod4ts5u3/zD97Mzk0Xiecw/ggevbCfCvQTByk02Fg=lXE/ -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0107",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinec ins",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1q"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "model": "active iq unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "3.0.5"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "3.0.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "36"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h410c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "sinec ins",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1"
      },
      {
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-2097"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.1q",
                "versionStartIncluding": "1.1.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0.5",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-2097"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168150"
      },
      {
        "db": "PACKETSTORM",
        "id": "168213"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "PACKETSTORM",
        "id": "168287"
      },
      {
        "db": "PACKETSTORM",
        "id": "168347"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168280"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2022-2097",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-2097",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-2097",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-2097",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-2097"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-2097"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn\u0027t written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an malicious user to execute arbitrary commands with the privileges of the script. (CVE-2022-2097). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202210-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple Vulnerabilities\n     Date: October 16, 2022\n     Bugs: #741570, #809980, #832339, #835343, #842489, #856592\n       ID: 202210-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in OpenSSL, the worst of\nwhich could result in denial of service. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl           \u003c 1.1.1q                    \u003e= 1.1.1q\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.1.1q\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-1968\n      https://nvd.nist.gov/vuln/detail/CVE-2020-1968\n[ 2 ] CVE-2021-3711\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3711\n[ 3 ] CVE-2021-3712\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3712\n[ 4 ] CVE-2021-4160\n      https://nvd.nist.gov/vuln/detail/CVE-2021-4160\n[ 5 ] CVE-2022-0778\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0778\n[ 6 ] CVE-2022-1292\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1292\n[ 7 ] CVE-2022-1473\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1473\n[ 8 ] CVE-2022-2097\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2097\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202210-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, \u0026 bugfix update\nAdvisory ID:       RHSA-2022:6156-01\nProduct:           RHODF\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:6156\nIssue date:        2022-08-24\nCVE Names:         CVE-2021-23440 CVE-2021-23566 CVE-2021-40528\n                   CVE-2022-0235 CVE-2022-0536 CVE-2022-0670\n                   CVE-2022-1292 CVE-2022-1586 CVE-2022-1650\n                   CVE-2022-1785 CVE-2022-1897 CVE-2022-1927\n                   CVE-2022-2068 CVE-2022-2097 CVE-2022-21698\n                   CVE-2022-22576 CVE-2022-23772 CVE-2022-23773\n                   CVE-2022-23806 CVE-2022-24675 CVE-2022-24771\n                   CVE-2022-24772 CVE-2022-24773 CVE-2022-24785\n                   CVE-2022-24921 CVE-2022-25313 CVE-2022-25314\n                   CVE-2022-27774 CVE-2022-27776 CVE-2022-27782\n                   CVE-2022-28327 CVE-2022-29526 CVE-2022-29810\n                   CVE-2022-29824 CVE-2022-31129\n====================================================================\n1. Summary:\n\nUpdated images that include numerous enhancements, security, and bug fixes\nare now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat\nEnterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Data Foundation is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform. Red Hat\nOpenShift Data Foundation is a highly scalable, production-grade persistent\nstorage for stateful applications running in the Red Hat OpenShift\nContainer Platform. In addition to persistent storage, Red Hat OpenShift\nData Foundation provisions a multicloud data management service with an S3\ncompatible API. \n\nSecurity Fix(es):\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* nodejs-set-value: type confusion allows bypass of CVE-2019-10747\n(CVE-2021-23440)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm`\nstructure can lead to signature forgery (CVE-2022-24771)\n\n* node-forge: Signature verification failing to check tailing garbage bytes\ncan lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `DigestInfo`\nstructure (CVE-2022-24773)\n\n* Moment.js: Path traversal  in moment.locale (CVE-2022-24785)\n\n* golang: regexp: stack exhaustion via a deeply nested expression\n(CVE-2022-24921)\n\n* golang: crypto/elliptic: panic caused by oversized scalar\n(CVE-2022-28327)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* go-getter: writes SSH credentials into logfile, exposing sensitive\ncredentials to local uses (CVE-2022-29810)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\nThese updated images include numerous enhancements and bug fixes. Space\nprecludes documenting all of these changes in this advisory. Users are\ndirected to the Red Hat OpenShift Data Foundation Release Notes for\ninformation on the most significant of these changes:\n\nhttps://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these\nupdated images, which provide numerous bug fixes and enhancements. \n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. For details on how to apply this\nupdate, refer to: https://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1937117 - Deletion of StorageCluster doesn\u0027t remove ceph toolbox pod\n1947482 - The device replacement process when deleting the volume metadata need to be fixed or modified\n1973317 - libceph: read_partial_message and bad crc/signature errors\n1996829 - Permissions assigned to ceph auth principals  when using external storage are too broad\n2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747\n2027724 - Warning log for rook-ceph-toolbox in ocs-operator log\n2029298 - [GSS] Noobaa is not compatible with aws bucket lifecycle rule creation policies\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047173 - [RFE] Change controller-manager pod name in odf-lvm-operator to more relevant name to lvm\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2050897 - CVE-2022-0235 mcg-core-container: node-fetch: exposure of sensitive information to an unauthorized actor [openshift-data-foundation-4]\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2056697 - odf-csi-addons-operator subscription failed while using custom catalog source\n2058211 - Add validation for CIDR field in DRPolicy\n2060487 - [ODF to ODF MS] Consumer lost connection to provider API if the endpoint node is powered off/replaced\n2060790 - ODF under Storage missing for OCP 4.11 + ODF 4.10\n2061713 - [KMS] The error message during creation of encrypted PVC mentions the parameter in UPPER_CASE\n2063691 - [GSS] [RFE] Add termination policy to s3 route\n2064426 - [GSS][External Mode] exporter python script does not support FQDN for RGW endpoint\n2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression\n2066514 - OCS operator to install Ceph prometheus alerts instead of Rook\n2067079 - [GSS] [RFE] Add termination policy to ocs-storagecluster-cephobjectstore route\n2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery\n2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery\n2067461 - CVE-2022-24773 node-forge: Signature verification leniency in checking `DigestInfo` structure\n2069314 - OCS external mode should allow specifying names for all Ceph auth principals\n2069319 - [RFE] OCS CephFS External Mode Multi-tenancy. Add cephfs subvolumegroup and path= caps per cluster. \n2069812 - must-gather: rbd_vol_and_snap_info collection is broken\n2069815 - must-gather: essential rbd mirror command outputs aren\u0027t collected\n2070542 - After creating a new storage system it redirects to 404 error page instead of the \"StorageSystems\" page for OCP 4.11\n2071494 - [DR] Applications are not getting deployed\n2072009 - CVE-2022-24785 Moment.js: Path traversal  in moment.locale\n2073920 - rook osd prepare failed with this error - failed to set kek as an environment variable: key encryption key is empty\n2074810 - [Tracker for Bug 2074585] MCG standalone deployment page goes blank when the KMS option is enabled\n2075426 - 4.10 must gather is not available after GA of 4.10\n2075581 - [IBM Z] : ODF 4.11.0-38 deployment leaves the storagecluster in \"Progressing\" state although all the openshift-storage pods are up and Running\n2076457 - After node replacement[provider], connection issue between consumer and provider if the provider node which was referenced MON-endpoint configmap (on consumer) is lost\n2077242 - vg-manager missing permissions\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2079866 - [DR] odf-multicluster-console is in CLBO state\n2079873 - csi-nfsplugin pods are not coming up after successful patch request to update \"ROOK_CSI_ENABLE_NFS\":  \"true\"\u0027\n2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses\n2081680 - Add the LVM Operator into the Storage category in OperatorHub\n2082028 - UI does not have the option to configure capacity, security and networks,etc. during storagesystem creation\n2082078 - OBC\u0027s not getting created on primary cluster when manageds3 set as \"true\" for mirrorPeer\n2082497 - Do not filter out removable devices\n2083074 - [Tracker for Ceph BZ #2086419] Two Ceph mons crashed in ceph-16.2.7/src/mon/PaxosService.cc: 193: FAILED ceph_assert(have_pending)\n2083441 - LVM operator should deploy the volumesnapshotclass resource\n2083953 - [Tracker for Ceph BZ #2084579] PVC created with ocs-storagecluster-ceph-nfs storageclass is moving to pending status\n2083993 - Add missing pieces for storageclassclaim\n2084041 - [Console Migration] Link-able storage system name directs to blank page\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2084201 - MCG operator pod is stuck in a CrashLoopBackOff; Panic Attack: [] an empty namespace may not be set when a resource name is provided\"\n2084503 - CLI falsely flags unique PVPool backingstore secrets as duplicates\n2084546 - [Console Migration] Provider details absent under backing store in UI\n2084565 - [Console Migration] The creation of new backing store , directs to a blank page\n2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information\n2085351 - [DR] Mirrorpeer failed to create with msg Internal error occurred\n2085357 - [DR] When drpolicy is create drcluster resources are getting created under default namespace\n2086557 - Thin pool in lvm operator doesn\u0027t use all disks\n2086675 - [UI]No option to \"add capacity\" via the Installed Operators tab\n2086982 - ODF 4.11 deployment is failing\n2086983 - [odf-clone] Mons IP not updated correctly in the rook-ceph-mon-endpoints cm\n2087078 - [RDR] [UI] Multiple instances of Object Bucket, Object Bucket Claims and \u0027Overview\u0027 tab is present under Storage section on the Hub cluster when navigated back from the Managed cluster using the Hybrid console dropdown\n2087107 - Set default storage class if none is set\n2087237 - [UI] After clicking on Create StorageSystem, it navigates to Storage Systems tab but shows an error message\n2087675 - ocs-metrics-exporter pod crashes on odf v4.11\n2087732 - [Console Migration] Events page missing under new namespace store\n2087755 - [Console Migration] Bucket Class details page doesn\u0027t have the complete details in UI\n2088359 - Send VG Metrics even if storage is being consumed from thinPool alone\n2088380 - KMS using vault on standalone MCG cluster is not enabled\n2088506 - ceph-external-cluster-details-exporter.py should not accept hostname for rgw-endpoint\n2088587 - Removal of external storage system with misconfigured cephobjectstore fails on noobaa webhook\n2089296 - [MS v2] Storage cluster in error phase and \u0027ocs-provider-qe\u0027 addon installation failed with ODF 4.10.2\n2089342 - prometheus pod goes into OOMKilled state during ocs-osd-controller-manager pod restarts\n2089397 - [GSS]OSD pods CLBO after upgrade to 4.10 from 4.9. \n2089552 - [MS v2] Cannot create StorageClassClaim\n2089567 - [Console Migration] Improve the styling of Various Components\n2089786 - [Console Migration] \"Attach to deployment\" option is missing in kebab menu for Object Bucket Claims . \n2089795 - [Console Migration] Yaml and Events page is missing for Object Bucket Claims and Object Bucket. \n2089797 - [RDR] rbd image failed to mount with msg rbd error output: rbd: sysfs write failed\n2090278 - [LVMO] Some containers are missing resource requirements and limits\n2090314 - [LVMO] CSV is missing some useful annotations\n2090953 - [MCO] DRCluster created under default namespace\n2091487 - [Hybrid Console] Multicluster dashboard is not displaying any metrics\n2091638 - [Console Migration] Yaml page is missing for existing and newly created Block pool. \n2091641 - MCG operator pod is stuck in a CrashLoopBackOff; MapSecretToNamespaceStores invalid memory address or nil pointer dereference\n2091681 - Auto replication policy type detection is not happneing on DRPolicy creation page when ceph cluster is external\n2091894 - All backingstores in cluster spontaneously change their own secret\n2091951 - [GSS] OCS pods are restarting due to liveness probe failure\n2091998 - Volume Snapshots not work with external restricted mode\n2092143 - Deleting a CephBlockPool CR does not delete the underlying Ceph pool\n2092217 - [External] UI for uploding JSON data for external cluster connection has some strict checks\n2092220 - [Tracker for Ceph BZ #2096882] CephNFS is not reaching to Ready state on ODF on IBM Power (ppc64le)\n2092349 - Enable zeroing on the thin-pool during creation\n2092372 - [MS v2] StorageClassClaim is not reaching Ready Phase\n2092400 - [MS v2] StorageClassClaim creation is failing with error \"no StorageCluster found\"\n2093266 - [RDR] When mirroring is enabled rbd mirror daemon restart config should be enabled automatically\n2093848 - Note about token for encrypted PVCs should be removed when only cluster wide encryption checkbox is selected\n2094179 - MCO fails to create DRClusters when replication mode is synchronous\n2094853 - [Console Migration] Description under storage class drop down in add capacity is missing . \n2094856 - [KMS] PVC creation using vaulttenantsa method is failing due to token secret missing in serviceaccount\n2095155 - Use tool `black` to format the python external script\n2096209 - ReclaimSpaceJob fails on OCP 4.11 + ODF 4.10 cluster\n2096414 - Compression status for cephblockpool is reported as Enabled and Disabled at the same time\n2096509 - [Console Migration] Unable to select Storage Class in Object Bucket Claim creation page\n2096513 - Infinite BlockPool tabs get created when the StorageSystem details page is opened\n2096823 - After upgrading the cluster from ODF4.10 to ODF4.11, the ROOK_CSI_ENABLE_CEPHFS move to False\n2096937 - Storage - Data Foundation: i18n misses\n2097216 - Collect StorageClassClaim details in must-gather\n2097287 - [UI] Dropdown doesn\u0027t close on it\u0027s own after arbiter zone selection on \u0027Capacity and nodes\u0027 page\n2097305 - Add translations for ODF 4.11\n2098121 - Managed ODF not getting detected\n2098261 - Remove BlockPools(no use case) and Object(redundat with Overview) tab on the storagesystem page for NooBaa only and remove BlockPools tab for External mode deployment\n2098536 - [KMS] PVC creation using vaulttenantsa method is failing due to token secret missing in serviceaccount\n2099265 - [KMS] The storagesystem creation page goes blank when KMS is enabled\n2099581 - StorageClassClaim with encryption gets into Failed state\n2099609 - The red-hat-storage/topolvm release-4.11 needs to be synced with the upstream project\n2099646 - Block pool list page kebab action menu is showing empty options\n2099660 - OCS dashbaords not appearing unless user clicks on \"Overview\" Tab\n2099724 - S3 secret namespace on the managed cluster doesn\u0027t match with the namespace in the s3profile\n2099965 - rbd: provide option to disable setting metadata on RBD images\n2100326 - [ODF to ODF] Volume snapshot creation failed\n2100352 - Make lvmo pod labels more uniform\n2100946 - Avoid temporary ceph health alert for new clusters where the insecure global id is allowed longer than necessary\n2101139 - [Tracker for OCP BZ #2102782] topolvm-controller get into CrashLoopBackOff few minutes after install\n2101380 - Default backingstore is rejected with message INVALID_SCHEMA_PARAMS SERVER account_api#/methods/check_external_connection\n2103818 - Restored snapshot don\u0027t have any content\n2104833 - Need to update configmap for IBM storage odf operator GA\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-23440\nhttps://access.redhat.com/security/cve/CVE-2021-23566\nhttps://access.redhat.com/security/cve/CVE-2021-40528\nhttps://access.redhat.com/security/cve/CVE-2022-0235\nhttps://access.redhat.com/security/cve/CVE-2022-0536\nhttps://access.redhat.com/security/cve/CVE-2022-0670\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-1650\nhttps://access.redhat.com/security/cve/CVE-2022-1785\nhttps://access.redhat.com/security/cve/CVE-2022-1897\nhttps://access.redhat.com/security/cve/CVE-2022-1927\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-2097\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-22576\nhttps://access.redhat.com/security/cve/CVE-2022-23772\nhttps://access.redhat.com/security/cve/CVE-2022-23773\nhttps://access.redhat.com/security/cve/CVE-2022-23806\nhttps://access.redhat.com/security/cve/CVE-2022-24675\nhttps://access.redhat.com/security/cve/CVE-2022-24771\nhttps://access.redhat.com/security/cve/CVE-2022-24772\nhttps://access.redhat.com/security/cve/CVE-2022-24773\nhttps://access.redhat.com/security/cve/CVE-2022-24785\nhttps://access.redhat.com/security/cve/CVE-2022-24921\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-27774\nhttps://access.redhat.com/security/cve/CVE-2022-27776\nhttps://access.redhat.com/security/cve/CVE-2022-27782\nhttps://access.redhat.com/security/cve/CVE-2022-28327\nhttps://access.redhat.com/security/cve/CVE-2022-29526\nhttps://access.redhat.com/security/cve/CVE-2022-29810\nhttps://access.redhat.com/security/cve/CVE-2022-29824\nhttps://access.redhat.com/security/cve/CVE-2022-31129\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYwZpHdzjgjWX9erEAQgy1Q//QaStGj34eQ0ap5J5gCcC1lTv7U908fNy\nXo7VvwAi67IslacAiQhWNyhg+jr1c46Op7kAAC04f8n25IsM+7xYYyieJ0YDAP7N\nb3iySRKnPI6I9aJlN0KMm7J1jfjFmcuPMrUdDHiSGNsmK9zLmsQs3dGMaCqYX+fY\nsJEDPnMMulbkrPLTwSG2IEcpqGH2BoEYwPhSblt2fH0Pv6H7BWYF/+QjxkGOkGDj\ngz0BBnc1Foir2BpYKv6/+3FUbcXFdBXmrA5BIcZ9157Yw3RP/khf+lQ6I1KYX1Am\n2LI6/6qL8HyVWyl+DEUz0DxoAQaF5x61C35uENyh/U96sYeKXtP9rvDC41TvThhf\nmX4woWcUN1euDfgEF22aP9/gy+OsSyfP+SV0d9JKIaM9QzCCOwyKcIM2+CeL4LZl\nCSAYI7M+cKsl1wYrioNBDdG8H54GcGV8kS1Hihb+Za59J7pf/4IPuHy3Cd6FBymE\nhTFLE9YGYeVtCufwdTw+4CEjB2jr3WtzlYcSc26SET9aPCoTUmS07BaIAoRmzcKY\n3KKSKi3LvW69768OLQt8UT60WfQ7zHa+OWuEp1tVoXe/XU3je42yuptCd34axn7E\n2gtZJOocJxL2FtehhxNTx7VI3Bjy2V0VGlqqf1t6/z6r0IOhqxLbKeBvH9/XF/6V\nERCapzwcRuQ=gV+z\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity fix:\n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\nBug fixes:\n\n* Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)\n\n* RHACM 2.3.12 images (BZ# 2101411)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation\n2101411 - RHACM 2.3.12 images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n5. ==========================================================================\nUbuntu Security Notice USN-5502-1\nJuly 05, 2022\n\nopenssl vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nOpenSSL could be made to expose sensitive information over the network. A remote attacker could possibly use this issue to obtain\nsensitive information. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n  libssl3                         3.0.2-0ubuntu1.6\n\nUbuntu 21.10:\n  libssl1.1                       1.1.1l-1ubuntu1.6\n\nUbuntu 20.04 LTS:\n  libssl1.1                       1.1.1f-1ubuntu2.16\n\nUbuntu 18.04 LTS:\n  libssl1.1                       1.1.1-1ubuntu2.1~18.04.20\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nSecurity fixes: \n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n* CVE-2022-30629 golang: crypto/tls: session tickets lack random\nticket_age_add\n\n* CVE-2022-1705 golang: net/http: improper sanitization of\nTransfer-Encoding header\n\n* CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n\n* CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n\n* CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n\n* CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n* CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n\n* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n* CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n\n* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy -\nomit X-Forwarded-For not working\n\nBug fixes:\n\n* assisted-service repo pin-latest.py script should allow custom tags to be\npinned (BZ# 2065661)\n\n* assisted-service-build image is too big in size (BZ# 2066059)\n\n* assisted-service pin-latest.py script should exclude the postgres image\n(BZ# 2076901)\n\n* PXE artifacts need to be served via HTTP (BZ# 2078531)\n\n* Implementing new service-agent protocol on agent side (BZ# 2081281)\n\n* RHACM 2.6.0 images (BZ# 2090906)\n\n* Assisted service POD keeps crashing after a bare metal host is created\n(BZ# 2093503)\n\n* Assisted service triggers the worker nodes re-provisioning on the hub\ncluster when the converged flow is enabled (BZ# 2096106)\n\n* Fix assisted CI jobs that fail for cluster-info readiness (BZ# 2097696)\n\n* Nodes are required to have installation disks of at least 120GB instead\nof at minimum of 100GB (BZ# 2099277)\n\n* The pre-selected search keyword is not readable (BZ# 2107736)\n\n* The value of label expressions in the new placement for policy and\npolicysets cannot be shown real-time from UI (BZ# 2111843)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2065661 - assisted-service repo pin-latest.py script should allow custom tags to be pinned\n2066059 - assisted-service-build image is too big in size\n2076901 - assisted-service pin-latest.py script should exclude the postgres image\n2078531 - iPXE artifacts need to be served via HTTP\n2081281 - Implementing new service-agent protocol on agent side\n2090901 - Capital letters in install-config.yaml .platform.baremetal.hosts[].name cause bootkube errors\n2090906 - RHACM 2.6.0 images\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2093503 - Assisted service POD keeps crashing after a bare metal host is created\n2096106 - Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled\n2096445 - Assisted service POD keeps crashing after a bare metal host is created\n2096460 - Spoke BMH stuck \"inspecting\" when deployed via  the converged workflow\n2097696 - Fix assisted CI jobs that fail for cluster-info readiness\n2099277 - Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB\n2103703 - Automatic version upgrade triggered for oadp operator installed by cluster-backup-chart\n2104117 - Spoke BMH stuck ?available? after changing a BIOS attribute via the converged workflow\n2104984 - Infrastructure operator missing clusterrole permissions for interacting with mutatingwebhookconfigurations\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2105339 - Search Application button on the Application Table for Subscription applications does not Redirect\n2105357 - [UI] hypershift cluster creation error - n[0] is undefined\n2106347 - Submariner error looking up service account submariner-operator/submariner-addon-sa\n2106882 - Security Context Restrictions are restricting creation of some pods which affects the deployment of some applications\n2107049 - The clusterrole for global clusterset did not created by default\n2107065 - governance-policy-framework in CrashLoopBackOff state on spoke cluster: Failed to start manager {\"error\": \"error listening on :8081: listen tcp :8081: bind: address already in use\"}\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107370 - Helm Release resource recreation feature does not work with the local cluster\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108888 - Hypershift on AWS - control plane not running\n2109370 - The button to create the cluster is not visible\n2111203 - Add ocp 4.11 to filters for discovering clusters in ACM 2.6\n2111218 - Create cluster - Infrastructure page crashes\n2111651 - \"View application\" button on app table for Flux applications redirects to apiVersion=ocp instead of flux\n2111663 - Hosted cluster in Pending import state\n2111671 - Leaked namespaces after deleting hypershift deployment\n2111770 - [ACM 2.6] there is no node info for remote cluster in multiple hubs\n2111843 - The value of label expressions in the new placement for policy and policysets cannot be shown real-time from UI\n2112180 - The policy page is crashed after input keywords in the search box\n2112281 - config-policy-controller pod can\u0027t startup in the OCP3.11 managed cluster\n2112318 - Can\u0027t delete the objects which are re-created by policy when deleting the policy\n2112321 - BMAC reconcile loop never stops after changes\n2112426 - No cluster discovered due to x509: certificate signed by unknown authority\n2112478 - Value of delayAfterRunSeconds is not shown on the final submit panel and the word itself should not be wrapped. \n2112793 - Can\u0027t view details of the policy template when set the spec.pruneObjectBehavior as unsupported value\n2112803 - ClusterServiceVersion for release 2.6 branch references \"latest\" tag\n2113787 - [ACM 2.6] can not delete namespaces after detaching the hosted cluster\n2113838 - the cluster proxy-agent was deployed on the non-infra nodes\n2113842 - [ACM 2.6] must restart hosting cluster registration pod if update work-manager-addon cr to change installNamespace\n2114982 - Control plane type shows \u0027Standalone\u0027 for hypershift cluster\n2115622 - Hub fromsecret function doesn\u0027t work for hosted mode in multiple hub\n2115723 - Can\u0027t view details of the policy template for customer and hypershift cluster in hosted mode from UI\n2115993 - Policy automation details panel was not updated after editing the mode back to disabled\n2116211 - Count of violations with unknown status was not accurate when managed clusters have mixed status\n2116329 - cluster-proxy-agent not startup due to the imagepullbackoff on spoke cluster\n2117113 - The proxy-server-host was not correct in cluster-proxy-agent\n2117187 - pruneObjectBehavior radio selection cannot work well and always switch the first one template in multiple configurationPolicy templates\n2117480 - [ACM 2.6] infra-id of HypershiftDeployment doesn\u0027t work\n2118338 - Report the \"namespace not found\" error after clicked view yaml link of a policy in the multiple hub env\n2119326 - Can\u0027t view details of the SecurityContextConstraints policy for managed clusters from UI\n\n5. After the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy. Description:\n\nOpenshift Logging Bug Fix Release (5.3.11)\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Description:\n\nGatekeeper Operator v0.2\n\nGatekeeper is an open source project that applies the OPA Constraint\nFramework to enforce policies on your Kubernetes clusters. For support options for any other use, see the Gatekeeper\nopen source project website at:\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/. \n\nSecurity fix:\n\n* CVE-2022-30629: gatekeeper-container: golang: crypto/tls: session tickets\nlack random ticket_age_add\n\n* CVE-2022-1705: golang: net/http: improper sanitization of\nTransfer-Encoding header\n\n* CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse*\nfunctions\n\n* CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip\n\n* CVE-2022-30630: golang: io/fs: stack exhaustion in Glob\n\n* CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read\n\n* CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob\n\n* CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode\n\n* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy -\nomit X-Forwarded-For not working\n\n3. Solution:\n\nThe requirements to apply the upgraded images are different whether or not\nyou\nused the operator. Complete the following steps, depending on your\ninstallation:\n\n* Upgrade gatekeeper operator:\nThe gatekeeper operator that is installed by the gatekeeper operator policy\nhas\n`installPlanApproval` set to `Automatic`. This setting means the operator\nwill\nbe upgraded automatically when there is a new version of the operator. No\nfurther action is required for upgrade. If you changed the setting for\n`installPlanApproval` to `manual`, then you must view each cluster to\nmanually\napprove the upgrade to the operator. \n\n* Upgrade gatekeeper without the operator:\nThe gatekeeper version is specified as part of the Gatekeeper CR in the\ngatekeeper operator policy. To upgrade the gatekeeper version:\na) Determine the latest version of gatekeeper by visiting:\nhttps://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. \nb) Click the tag dropdown, and find the latest static tag. An example tag\nis\n\u0027v3.3.0-1\u0027. \nc) Edit the gatekeeper operator policy and update the image tag to use the\nlatest static tag. For example, you might change this line to image:\n\u0027registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1\u0027. \n\nRefer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/\nfor additional information. Bugs fixed (https://bugzilla.redhat.com/):\n\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n5. \n\nAdditional details can be found in the upstream advisories at\nhttps://www.openssl.org/news/secadv/20220705.txt and\nhttps://www.openssl.org/news/secadv/20230207.txt\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.1.1n-0+deb11u4. \n\nWe recommend that you upgrade your openssl packages. \n\nFor the detailed security status of openssl please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmPivONfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0RBCA/+IqJ9qtjytulO41yPphASSEu22XVN9EYAUsdcpsTmnDtp1zUQSZpQv5qk\n464Z2+0SkNtiHm5O5z5fs4LX0wXYBvLYrFnh2X2Z6rT+YFhXg8ZdEo+IysYSV7gB\nutbb1zbSqUSSLmlF/r6SnXy+HlTyB56p+k0MnLNHejes6DoghebZJGU6Dl5D8Z2J\nwOB6xi2sS3zVl1O+8//PPk5Sha8ESShuP/sBby01Xvpl65+8Icn7dXXHFNUn27rZ\nWdQCdxJaUJiqjZYzI5XAB+zHl8KNDiWP9MqIeT3g+YQ+nzSTeHxRPXDTDvClMv9y\nCJ90PaCY1DBNh5NrE2/IZkpIOKvTjRX3+db7Nab2GyRzLCP7p+1Bm14zHiKRHPOR\nt/6yX11diIF2zvlP/7qeCGkutv9KrFjSW81o1GgJMdt8uduHa95IgKNNUsA6Wf3O\nSkUP4EYfhXs2+TIfEenvqLuAmLsQBCRCvNDdmEGhtR4r0hpvcJ4eOaDBE6FWih1J\ni0mpDIjBYOV2iEUe85XfYflrcFfaxSwbl4ultH3Q3eWtiMwLgXqJ9dKRQEXJX7hp\n48zKPwnftJbGBri9Y293sMjcpv3F/PTjXMh8LcUSVDkVVdQ8cLSmdmP4v4wSzV/q\nZ7KATUs6YAod4ts5u3/zD97Mzk0Xiecw/ggevbCfCvQTByk02Fg=lXE/\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-2097"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-2097"
      },
      {
        "db": "PACKETSTORM",
        "id": "168714"
      },
      {
        "db": "PACKETSTORM",
        "id": "168150"
      },
      {
        "db": "PACKETSTORM",
        "id": "168213"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "PACKETSTORM",
        "id": "167708"
      },
      {
        "db": "PACKETSTORM",
        "id": "168287"
      },
      {
        "db": "PACKETSTORM",
        "id": "168347"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168280"
      },
      {
        "db": "PACKETSTORM",
        "id": "170896"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-2097",
        "trust": 2.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-332410",
        "trust": 1.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-017-03",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-2097",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168714",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168150",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168213",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168378",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "167708",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168287",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168347",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168289",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168280",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170896",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-2097"
      },
      {
        "db": "PACKETSTORM",
        "id": "168714"
      },
      {
        "db": "PACKETSTORM",
        "id": "168150"
      },
      {
        "db": "PACKETSTORM",
        "id": "168213"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "PACKETSTORM",
        "id": "167708"
      },
      {
        "db": "PACKETSTORM",
        "id": "168287"
      },
      {
        "db": "PACKETSTORM",
        "id": "168347"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168280"
      },
      {
        "db": "PACKETSTORM",
        "id": "170896"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-2097"
      }
    ]
  },
  "id": "VAR-202207-0107",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.20766129
  },
  "last_update_date": "2024-07-23T19:53:59.023000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Amazon Linux 2: ALAS2-2023-1974",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2023-1974"
      },
      {
        "title": "Red Hat: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-2097"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openssl: CVE-2022-2097",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=740b837c53d462fc86f3cb0849b86ca0"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225818 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: openssl security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226224 - security advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-5343-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b6a11b827fe9cfaea9c113b2ad37856f"
      },
      {
        "title": "Red Hat: Important: Release of containers for OSP 16.2.z director operator tech preview",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226517 - security advisory"
      },
      {
        "title": "Red Hat: Important: Self Node Remediation Operator 0.4.1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226184 - security advisory"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-147",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-147"
      },
      {
        "title": "Red Hat: Critical: Multicluster Engine for Kubernetes 2.0.2 security and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226422 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.11.1 bug fix and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226103 - security advisory"
      },
      {
        "title": "Brocade Security Advisories: Access Denied",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=38e06d13217149784c0941a3098b8989"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-195",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-195"
      },
      {
        "title": "Red Hat: Important: Node Maintenance Operator 4.11.1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226188 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Openshift Logging Security and Bug Fix update (5.3.11)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226182 - security advisory"
      },
      {
        "title": "Red Hat: Important: Logging Subsystem 5.5.0 - Red Hat OpenShift security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226051 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat OpenShift Service Mesh 2.2.2 Containers security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226283 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Logging Subsystem 5.4.5 Security and Bug Fix Update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226183 - security advisory"
      },
      {
        "title": "Red Hat: Critical: Red Hat Advanced Cluster Management 2.5.2 security fixes and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226507 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: RHOSDT 2.6.0 operator/operand containers Security Update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20227055 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift sandboxed containers 1.3.1 security fix and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20227058 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: New container image for Red Hat Ceph Storage 5.2 Security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226024 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: RHACS 3.72 enhancement and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226714 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226290 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Gatekeeper Operator v0.2 security and container updates",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226348 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Multicluster Engine for Kubernetes 2.1 security updates and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226345 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: RHSA: Submariner 0.13 - security and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226346 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226430 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226370 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.12 security updates and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226271 - security advisory"
      },
      {
        "title": "Red Hat: Critical: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226696 - security advisory"
      },
      {
        "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2023-126"
      },
      {
        "title": "Red Hat: Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, \u0026 bugfix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226156 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Virtualization 4.11.1 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228750 - security advisory"
      },
      {
        "title": "Red Hat: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226526 - security advisory"
      },
      {
        "title": "Red Hat: Important: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226429 - security advisory"
      },
      {
        "title": "Red Hat: Important: OpenShift Virtualization 4.12.0 Images security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20230408 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Openshift Logging 5.3.14 bug fix release and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228889 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228781 - security advisory"
      },
      {
        "title": "Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225069 - security advisory"
      },
      {
        "title": "https://github.com/jntass/TASSL-1.1.1",
        "trust": 0.1,
        "url": "https://github.com/jntass/tassl-1.1.1 "
      },
      {
        "title": "BIF - The Fairwinds Base Image Finder Client",
        "trust": 0.1,
        "url": "https://github.com/fairwindsops/bif "
      },
      {
        "title": "https://github.com/tianocore-docs/ThirdPartySecurityAdvisories",
        "trust": 0.1,
        "url": "https://github.com/tianocore-docs/thirdpartysecurityadvisories "
      },
      {
        "title": "GitHub Actions CI App Pipeline",
        "trust": 0.1,
        "url": "https://github.com/isgo-golgo13/gokit-gorillakit-enginesvc "
      },
      {
        "title": "https://github.com/cdupuis/image-api",
        "trust": 0.1,
        "url": "https://github.com/cdupuis/image-api "
      },
      {
        "title": "OpenSSL-CVE-lib",
        "trust": 0.1,
        "url": "https://github.com/chnzzh/openssl-cve-lib "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/nomi-sec/poc-in-github "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/manas3c/cve-poc "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-2097"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-327",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-2097"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.2,
        "url": "https://www.openssl.org/news/secadv/20220705.txt"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/202210-02"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20220715-0011/"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2023/dsa-5343"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20230420-0008/"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=919925673d6c9cfed3c1085497f5dfbbed5fc431"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/v6567jerrhhjw2gngjgkdrnhr7snpzk7/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/r6ck57nbqftpumxapjurcgxuyt76nqak/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vcmnwkerpbkoebnl7clttx3zzczlh7xa/"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
      },
      {
        "trust": 1.0,
        "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-2097"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-1292"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-1586"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-2068"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-32206"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-32208"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-2526"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-1785"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-1897"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-1927"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-31129"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-29154"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-29824"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-40528"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-32250"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-1012"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-30631"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-25314"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27782"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27776"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-22576"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-25313"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-27774"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-36067"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-32148"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1962"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30630"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30635"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1705"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30629"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-28131"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28131"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30633"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30632"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30629"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1962"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/327.html"
      },
      {
        "trust": 0.1,
        "url": "https://alas.aws.amazon.com/al2/alas-2023-1974.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/fairwindsops/bif"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-03"
      },
      {
        "trust": 0.1,
        "url": "https://alas.aws.amazon.com/al2022/alas-2022-195.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1968"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3711"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1473"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4160"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29526"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24785"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23806"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24921"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0235"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21698"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0670"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24772"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29810"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23440"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0670"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23440"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1650"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24675"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1650"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6156"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0536"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23772"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26116"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1729"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21123"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21166"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21125"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1966"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1966"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26137"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6271"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6507"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32250"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.16"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.6"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1l-1ubuntu1.6"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5502-1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6370"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6422"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-36067"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6182"
      },
      {
        "trust": 0.1,
        "url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6348"
      },
      {
        "trust": 0.1,
        "url": "https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30632"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29824"
      },
      {
        "trust": 0.1,
        "url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30630"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4450"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20230207.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0215"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/openssl"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4304"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-2097"
      },
      {
        "db": "PACKETSTORM",
        "id": "168714"
      },
      {
        "db": "PACKETSTORM",
        "id": "168150"
      },
      {
        "db": "PACKETSTORM",
        "id": "168213"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "PACKETSTORM",
        "id": "167708"
      },
      {
        "db": "PACKETSTORM",
        "id": "168287"
      },
      {
        "db": "PACKETSTORM",
        "id": "168347"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168280"
      },
      {
        "db": "PACKETSTORM",
        "id": "170896"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-2097"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2022-2097"
      },
      {
        "db": "PACKETSTORM",
        "id": "168714"
      },
      {
        "db": "PACKETSTORM",
        "id": "168150"
      },
      {
        "db": "PACKETSTORM",
        "id": "168213"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "PACKETSTORM",
        "id": "167708"
      },
      {
        "db": "PACKETSTORM",
        "id": "168287"
      },
      {
        "db": "PACKETSTORM",
        "id": "168347"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168280"
      },
      {
        "db": "PACKETSTORM",
        "id": "170896"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-2097"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-2097"
      },
      {
        "date": "2022-10-17T13:44:06",
        "db": "PACKETSTORM",
        "id": "168714"
      },
      {
        "date": "2022-08-25T15:22:18",
        "db": "PACKETSTORM",
        "id": "168150"
      },
      {
        "date": "2022-09-01T16:30:25",
        "db": "PACKETSTORM",
        "id": "168213"
      },
      {
        "date": "2022-09-14T15:08:07",
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "date": "2022-07-06T15:29:36",
        "db": "PACKETSTORM",
        "id": "167708"
      },
      {
        "date": "2022-09-07T17:07:14",
        "db": "PACKETSTORM",
        "id": "168287"
      },
      {
        "date": "2022-09-13T15:29:12",
        "db": "PACKETSTORM",
        "id": "168347"
      },
      {
        "date": "2022-09-07T17:09:04",
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "date": "2022-09-07T16:53:57",
        "db": "PACKETSTORM",
        "id": "168280"
      },
      {
        "date": "2023-02-08T15:58:04",
        "db": "PACKETSTORM",
        "id": "170896"
      },
      {
        "date": "2022-07-05T11:15:08.340000",
        "db": "NVD",
        "id": "CVE-2022-2097"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-2097"
      },
      {
        "date": "2024-06-21T19:15:23.083000",
        "db": "NVD",
        "id": "CVE-2022-2097"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "167708"
      }
    ],
    "trust": 0.1
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Gentoo Linux Security Advisory 202210-02",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168714"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "info disclosure",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "170896"
      }
    ],
    "trust": 0.1
  }
}

var-201605-0076
Vulnerability from variot

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. OpenSSL is prone to an integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Following product versions are affected: OpenSSL versions 1.0.2 prior to 1.0.2h are vulnerable. OpenSSL versions 1.0.1 prior to 1.0.1t are vulnerable. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.

Security Fix(es):

  • It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03756en_us Version: 1

HPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-06-05 Last Updated: 2017-06-05

Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.

References:

  • CVE-2016-2105 - Remote Denial of Service (DoS)
  • CVE-2016-2106 - Remote Denial of Service (DoS)
  • CVE-2016-2107 - Remote disclosure of sensitive information
  • CVE-2016-2108 - Remote Denial of Service (DoS)
  • CVE-2016-2109 - Remote Denial of Service (DoS)
  • CVE-2016-2176 - Remote Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • HP Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2016-2105
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-2106
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-2107
  3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVE-2016-2108
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-2016-2109
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVE-2016-2176
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
  6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software updates available to resolve the vulnerabilities in the Comware 7, iMC and VCX products running OpenSSL.

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7377P02
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 10500 (Comware 7) - Version: R7184
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5900/5920 (Comware 7) - Version: R2422P02
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR1000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR2000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR3000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • MSR4000 (Comware 7) - Version: R0306P52
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • VSR (Comware 7) - Version: E0324
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 7900 (Comware 7) - Version: R2152
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5130 (Comware 7) - Version: R3115
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 6125XLG - Version: R2422P02
    • HP Network Products
    • 711307-B21 HP 6125XLG Blade Switch
    • 737230-B21 HP 6125XLG Blade Switch with TAA
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 6127XLG - Version: R2422P02
    • HP Network Products
    • 787635-B21 HP 6127XLG Blade Switch Opt Kit
    • 787635-B22 HP 6127XLG Blade Switch with TAA
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • Moonshot - Version: R2432
    • HP Network Products
    • 786617-B21 - HP Moonshot-45Gc Switch Module
    • 704654-B21 - HP Moonshot-45XGc Switch Module
    • 786619-B21 - HP Moonshot-180XGc Switch Module
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5700 (Comware 7) - Version: R2422P02
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5930 (Comware 7) - Version: R2422P02
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 1950 (Comware 7) - Version: R3115
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 7500 (Comware 7) - Version: R7184
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5510HI (Comware 7) - Version: R1120P10
    • HP Network Products
    • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
    • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
    • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
    • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
    • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5130HI (Comware 7) - Version: R1120P10
    • HP Network Products
    • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
    • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
    • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
    • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5940 - Version: R2509
    • HP Network Products
    • JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
    • JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
    • JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
    • JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
    • JH396A HPE FlexFabric 5940 32QSFP+ Switch
    • JH397A HPE FlexFabric 5940 2-slot Switch
    • JH398A HPE FlexFabric 5940 4-slot Switch
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176
  • 5950 - Version: R6123
    • HP Network Products
    • JH321A HPE FlexFabric 5950 32QSFP28 Switch
    • JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch
    • JH404A HPE FlexFabric 5950 4-slot Switch
  • 12900E (Comware 7) - Version: R2609
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2107
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176

iMC Products

  • iNode PC 7.2 (E0410) - Version: 7.2 E0410
    • HP Network Products
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
    • CVEs
    • CVE-2016-2106
    • CVE-2016-2109
    • CVE-2016-2176
  • iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409
    • HP Network Products
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
    • CVEs
    • CVE-2016-2106
    • CVE-2016-2109
    • CVE-2016-2176

VCX Products

  • VCX - Version: 9.8.19
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0
    • CVEs
    • CVE-2016-2105
    • CVE-2016-2106
    • CVE-2016-2108
    • CVE-2016-2109
    • CVE-2016-2176

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 2 June 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. (CVE-2016-5387)

  • It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2016-3110)

  • It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it.

The References section of this erratum contains a download link (you must log in to download the update).

Gentoo Linux Security Advisory GLSA 201612-16

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"

References

[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201612-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. Description:

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.

This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. The JBoss server process must be restarted for the update to take effect. (CVE-2016-2108)

  • Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3195)

  • A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2016-2106)

  • It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-2109)

  • It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0722-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0722.html Issue date: 2016-05-09 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. (CVE-2016-2105, CVE-2016-2106)

  • It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)

  • Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. (CVE-2016-0799, CVE-2016-2842)

  • A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-51.el7_2.5.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-51.el7_2.5.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-51.el7_2.5.src.rpm

ppc64: openssl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64.rpm

ppc64le: openssl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64le.rpm

s390x: openssl-1.0.1e-51.el7_2.5.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-devel-1.0.1e-51.el7_2.5.s390.rpm openssl-devel-1.0.1e-51.el7_2.5.s390x.rpm openssl-libs-1.0.1e-51.el7_2.5.s390.rpm openssl-libs-1.0.1e-51.el7_2.5.s390x.rpm

x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-static-1.0.1e-51.el7_2.5.ppc.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64le.rpm

s390x: openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-perl-1.0.1e-51.el7_2.5.s390x.rpm openssl-static-1.0.1e-51.el7_2.5.s390.rpm openssl-static-1.0.1e-51.el7_2.5.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-51.el7_2.5.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFXMFlTXlSAg2UNWIIRAhYAAJ0T9Ib2vXUa5te34i6fphHrbe0HlwCfePy5 WjaK8x9OaI0FgbWyfxvwq6o= =jHjh -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. ============================================================================ Ubuntu Security Notice USN-2959-1 May 03, 2016

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL. (CVE-2016-2106)

Brian Carpenter discovered that OpenSSL incorrectly handled memory when ASN.1 data is read from a BIO. (CVE-2016-2109)

As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.1

Ubuntu 15.10: libssl1.0.0 1.0.2d-0ubuntu1.5

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.19

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.36

After a standard system update you need to reboot your computer to make all the necessary changes

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0076",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2g"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "paging server",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport encryption appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa51x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mate collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "network health framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.2.1"
      },
      {
        "model": "unified series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "780011.5.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(3.10000.9)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6(3)"
      },
      {
        "model": "10.2-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.40"
      },
      {
        "model": "emergency responder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.2"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.2"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "nexus series blade switches 0.9.8zf",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "telepresence isdn link",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "telepresence sx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.6"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "85100"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.131"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.26"
      },
      {
        "model": "mediasense 9.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "cognos business intelligence interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.119"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "aspera shares",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.6"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "10.1-release-p26",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.8"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "prime collaboration assurance sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "tivoli netcool system service monitors fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "10.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5.4.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13-34"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "im and presence service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1879.2.5"
      },
      {
        "model": "tivoli netcool system service monitors fp15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5(2)"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.1"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs central 1.5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration deployment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-11.5.2"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 1.0.1t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p28",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "webex recording playback client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p38",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.10.1"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "9.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90008.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.16-37"
      },
      {
        "model": "10.2-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "opensuse evergreen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "prime infrastructure standalone plug and play gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa50x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.014-01"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.5.1"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.1"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4-23"
      },
      {
        "model": "10.2-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.25-57"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-109"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-43"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "workload deployer if12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus intercloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.5"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.0.0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4.2"
      },
      {
        "model": "unified workforce optimization quality management sr3 es5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "qradar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "meetingplace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0.1.7"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "webex messenger service ep1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "mediasense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8961"
      },
      {
        "model": "10.2-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified wireless ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.1-release-p27",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "spa122 ata with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "webex meeting center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "webex node for mcs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.12.9.8"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2.8"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "10.2-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack interix fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.11-28"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "qradar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.31"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.5"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1"
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.17"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.19"
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "aspera console",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.0.997"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.3"
      },
      {
        "model": "unified ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "connected analytics for collaboration 1.0.1q",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(2)"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "mmp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.0-13"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6.7"
      },
      {
        "model": "prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.3.4.2-4"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.14"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.6.1"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.4"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.31"
      },
      {
        "model": "agent for openflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0.7"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "cognos business intelligence interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.117"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(3)"
      },
      {
        "model": "globalprotect agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.0"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "webex meetings for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "mds series multilayer switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "ios software and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "webex meeting center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.0.5"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.15-36"
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.10"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client hosted t31r1sp6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "9.3-release-p35",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.8"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3x000"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "unified sip proxy",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.12"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.3"
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "10.2-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.1"
      },
      {
        "model": "spa50x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.8"
      },
      {
        "model": "9.3-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.6"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions if03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "identity services engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.1"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "10.1-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.10000.5)"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.0"
      },
      {
        "model": "telepresence mx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.4"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "qradar siem/qrif/qrm/qvm patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.71"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "telepresence profile series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.41"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.6"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "jabber for android mr",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "connected grid router-cgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2919"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "telepresence server on virtual machine mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "unified ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60008.3"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.2-9"
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70008.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.2"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-110"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "ironport email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.2"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-113"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "spa30x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30-12"
      },
      {
        "model": "webex meetings client on premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.3"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.3(1)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "bm security identity governance and intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.12"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.131)"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.3"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1(1)"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "algo audit and compliance if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.32"
      },
      {
        "model": "spa525g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "9.3-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9971"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.29-9"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.1.1"
      },
      {
        "model": "telepresence server mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.2"
      },
      {
        "model": "webex messenger service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "10.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.10"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "connected grid router 15.6.2.15t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "telepresence server on multiparty media mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5:20"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "telepresence server on multiparty media mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.2"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.17"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.1"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "packet tracer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3.1"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "unified wireless ip phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security access manager for web",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "virtual security gateway vsg2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "webex meetings client on premises",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-2.7"
      },
      {
        "model": "10.2-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "spa51x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.9.1"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.7"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(3.10000.9)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.16"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "telepresence sx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-108"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(2.1)"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1"
      },
      {
        "model": "physical access control gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wide area application services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.5.7"
      },
      {
        "model": "9.3-release-p24",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "10.1-release-p19",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.10"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.5.41"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "10.1-release-p30",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0.9.8"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "edge digital media player 1.6rb4 5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "mds series multilayer switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "9.3-release-p36",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.28"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "partner supporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.11"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.29"
      },
      {
        "model": "mobility services engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0"
      },
      {
        "model": "edge digital media player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3401.2.0.20"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "spa30x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "10.2-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "42000"
      },
      {
        "model": "security access manager for web",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.0"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "standalone rack server cimc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.12.2"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "jabber for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.2"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.4.7"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.7"
      },
      {
        "model": "9.3-release-p33",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.5"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "mq appliance m2001",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.24"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "84200"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.2"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.112"
      },
      {
        "model": "spa525g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.0.5"
      },
      {
        "model": "9.3-release-p41",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitors fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud object store",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.8"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "cognos business intelligence fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.12"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.1.5"
      },
      {
        "model": "registered envelope service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "tivoli netcool system service monitors fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "tivoli netcool system service monitor fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "telepresence content server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(4)"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.4"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "mq appliance m2000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "asa cx and prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.21"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1)"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50007.3.1"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(3)"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "10.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8945"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.18-49"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1.10000.12)"
      },
      {
        "model": "telepresence ex series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.3"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "mate design",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "10.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.13-41"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network admission control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "10.1-release-p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "telepresence conductor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified attendant console standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.115"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.1"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mate live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.13"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.6)"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization sr3 es5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "unified communications manager 10.5 su3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.4"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nac server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0(0.400)"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9-34"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "9.3-release-p31",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security proventia network active bypass 0343c3c",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.23"
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "unified ip phones 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0(0.98000.225)"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "websphere application server liberty profile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.30"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.4"
      },
      {
        "model": "unity connection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.8"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1.98991.13)"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "prime optical for sps",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "45000"
      },
      {
        "model": "telepresence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50008.3"
      },
      {
        "model": "10.1-release-p31",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.12-04"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.1"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.3"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.2"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-2.7"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.6"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1.10000.5)"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.6"
      },
      {
        "model": "tivoli composite application manager for transactions if37",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "tivoli network manager ip edition fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.94"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "prime license manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-42"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.8"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.8"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v vsg2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "connected grid router cgos 15.6.2.15t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.3"
      },
      {
        "model": "9.3-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.12-01"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.3-release-p39",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-114"
      },
      {
        "model": "telepresence mx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.5"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence profile series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.13"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.2"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.014-08"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.21"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "globalprotect agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.1"
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "19.0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "10.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1876"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "10.3-release-p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9951"
      },
      {
        "model": "local collector appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.12"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.32"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.0"
      },
      {
        "model": "content security appliance updater servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "connected analytics for collaboration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p23",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "telepresence ex series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "mac os security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016"
      },
      {
        "model": "10.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.17"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.4-12"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder 10.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.113"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "900012.0"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "9.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7(0)"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.3-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.3"
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "services analytic platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "unified ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79009.4(2)"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.17"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "unified series ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "video surveillance media server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9"
      },
      {
        "model": "unified communications manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "agent for openflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.5"
      },
      {
        "model": "10.2-release-p16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.27"
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "policy suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "53000"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.4.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "9.3-release-p34",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1)"
      },
      {
        "model": "tivoli provisioning manager for images system edition build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.20290.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.10"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "webex meetings server mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.99.2"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.1"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "asa cx and cisco prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5.4.3"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "9.3-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.2"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.13900.9)"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(0.98000.88)"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "89744"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-082"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2106"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.1s",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2106"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Guido Vranken",
    "sources": [
      {
        "db": "BID",
        "id": "89744"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-082"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-2106",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-2106",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2106",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201605-082",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-2106",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2106"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-082"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2106"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. OpenSSL is prone to an integer-overflow vulnerability. \nAn attacker can exploit this issue to execute arbitrary code in the  context of the user running the affected application. Failed exploit  attempts will likely result in denial-of-service conditions. \nFollowing product versions are affected:\nOpenSSL versions 1.0.2 prior to 1.0.2h are vulnerable. \nOpenSSL versions 1.0.1 prior to 1.0.1t are vulnerable. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nSecurity Fix(es):\n\n* It was discovered that httpd used the value of the Proxy header from HTTP\nrequests to initialize the HTTP_PROXY environment variable for CGI scripts,\nwhich in turn was incorrectly used by certain HTTP client implementations\nto configure the proxy for outgoing HTTP requests. After installing the updated\npackages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03756en_us\nVersion: 1\n\nHPESBHF03756 rev.1 -  HPE Network Products including Comware 7, iMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-06-05\nLast Updated: 2017-06-05\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nnetwork products including Comware 7, iMC, and VCX. The vulnerabilities could\nbe remotely exploited resulting in Denial of Service (DoS) or disclosure of\nsensitive information. \n\nReferences:\n\n  - CVE-2016-2105 - Remote Denial of Service (DoS)\n  - CVE-2016-2106 - Remote Denial of Service (DoS)\n  - CVE-2016-2107 - Remote disclosure of sensitive information\n  - CVE-2016-2108 - Remote Denial of Service (DoS)\n  - CVE-2016-2109 - Remote Denial of Service (DoS)\n  - CVE-2016-2176 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n  - Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - HP Intelligent Management Center (iMC) All versions - Please refer to the\nRESOLUTION below for a list of updated products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2016-2105\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-2106\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-2107\n      3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\n      2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n    CVE-2016-2108\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-2109\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n    CVE-2016-2176\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\n      6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerabilities in the Comware 7, iMC and VCX products running OpenSSL. \n\n**COMWARE 7 Products**\n\n  + 12500 (Comware 7) - Version: R7377P02\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 10500 (Comware 7) - Version: R7184\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5900/5920 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR1000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR2000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR3000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR4000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + VSR (Comware 7) - Version: E0324\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 7900 (Comware 7) - Version: R2152\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5130 (Comware 7) - Version: R3115\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 6125XLG - Version: R2422P02\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 6127XLG - Version: R2422P02\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + Moonshot - Version: R2432\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5700 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5930 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 1950 (Comware 7) - Version: R3115\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 7500 (Comware 7) - Version: R7184\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5510HI (Comware 7) - Version: R1120P10\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5130HI (Comware 7) - Version: R1120P10\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5940 - Version: R2509\n    * HP Network Products\n      - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch\n      - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch\n      - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch\n      - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch\n      - JH396A HPE FlexFabric 5940 32QSFP+ Switch\n      - JH397A HPE FlexFabric 5940 2-slot Switch\n      - JH398A HPE FlexFabric 5940 4-slot Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5950 - Version: R6123\n    * HP Network Products\n      - JH321A HPE FlexFabric 5950 32QSFP28 Switch\n      - JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch\n      - JH404A HPE FlexFabric 5950 4-slot Switch\n  + 12900E (Comware 7) - Version: R2609\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n\n**iMC Products**\n\n  + iNode PC 7.2 (E0410) - Version: 7.2 E0410\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n    * CVEs\n      - CVE-2016-2106\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n    * CVEs\n      - CVE-2016-2106\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n\n**VCX Products**\n\n  + VCX - Version: 9.8.19\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 2 June 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n(CVE-2016-5387)\n\n* It was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2016-3110)\n\n* It was found that OpenSSL\u0027s BigNumber Squaring implementation could\nproduce incorrect results under certain special conditions. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 07, 2016\n     Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n           #592082, #594500, #595186\n       ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. Additionally, a time based side-channel\nattack may allow a local attacker to recover a private DSA key. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[  1 ] CVE-2016-2105\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[  2 ] CVE-2016-2106\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[  3 ] CVE-2016-2107\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[  4 ] CVE-2016-2108\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[  5 ] CVE-2016-2109\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[  6 ] CVE-2016-2176\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[  7 ] CVE-2016-2177\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[  8 ] CVE-2016-2178\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[  9 ] CVE-2016-2180\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n       http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release includes bug fixes and enhancements, as well as a new release\nof OpenSSL that addresses a number of outstanding security flaws. For\nfurther information, see the knowledge base article linked to in the\nReferences section. The JBoss server process must be restarted for the update\nto take effect. \n(CVE-2016-2108)\n\n* Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3195)\n\n* A flaw was found in the way the TLS protocol composes the Diffie-Hellman\nexchange (for both export and non-export grade cipher suites). An attacker\ncould use this flaw to downgrade a DHE connection to use export-grade key\nsizes, which could then be broken by sufficient pre-computation. This can\nlead to a passive man-in-the-middle attack in which the attacker is able to\ndecrypt all traffic. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-2109)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2016:0722-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0722.html\nIssue date:        2016-05-09\nCVE Names:         CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 \n                   CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 \n                   CVE-2016-2842 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. \n(CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. \n(CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno B\u00f6ck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0799\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2107\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-2842\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXMFlTXlSAg2UNWIIRAhYAAJ0T9Ib2vXUa5te34i6fphHrbe0HlwCfePy5\nWjaK8x9OaI0FgbWyfxvwq6o=\n=jHjh\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. ============================================================================\nUbuntu Security Notice USN-2959-1\nMay 03, 2016\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2016-2106)\n\nBrian Carpenter discovered that OpenSSL incorrectly handled memory when\nASN.1 data is read from a BIO. \n(CVE-2016-2109)\n\nAs a security improvement, this update also modifies OpenSSL behaviour to\nreject DH key sizes below 1024 bits, preventing a possible downgrade\nattack. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.1\n\nUbuntu 15.10:\n  libssl1.0.0                     1.0.2d-0ubuntu1.5\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.19\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.36\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2106"
      },
      {
        "db": "BID",
        "id": "89744"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2106"
      },
      {
        "db": "PACKETSTORM",
        "id": "138471"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "138473"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "139115"
      },
      {
        "db": "PACKETSTORM",
        "id": "136937"
      },
      {
        "db": "PACKETSTORM",
        "id": "136895"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2106",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "89744",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "136912",
        "trust": 1.7
      },
      {
        "db": "PULSESECURE",
        "id": "SA40202",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-18",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1035721",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10160",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2148",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-082",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2106",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138471",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "142803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138473",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140056",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139115",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136937",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136895",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2106"
      },
      {
        "db": "BID",
        "id": "89744"
      },
      {
        "db": "PACKETSTORM",
        "id": "138471"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "138473"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "139115"
      },
      {
        "db": "PACKETSTORM",
        "id": "136937"
      },
      {
        "db": "PACKETSTORM",
        "id": "136895"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-082"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2106"
      }
    ]
  },
  "id": "VAR-201605-0076",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.43052093714285716
  },
  "last_update_date": "2024-07-23T20:02:36.076000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "OpenSSL Fixes for integer overflow vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=61407"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/05/03/openssl_patches/"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162073 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2016-2106",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2106"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2959-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3566-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=055972eb84483959232c972f757685e0"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-695",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-695"
      },
      {
        "title": "Tenable Security Advisories: [R5] OpenSSL \u002720160503\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-10"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-13"
      },
      {
        "title": "Symantec Security Advisories: SA123 : OpenSSL Vulnerabilities 3-May-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=5d65f6765e60e5fe9e6998a5bde1aadc"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2105, 2106, 2107, 2108, 2109, 2176 -- Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=01fd01e3d154696ffabfde89f4142310"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=83bbd91f8369c8f064e6d68dac68400f"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-18"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-2106 "
      },
      {
        "title": "alpine-cvecheck",
        "trust": 0.1,
        "url": "https://github.com/tomwillfixit/alpine-cvecheck "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      },
      {
        "title": "satellite-host-cve",
        "trust": 0.1,
        "url": "https://github.com/redhatsatellite/satellite-host-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2106"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-082"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-189",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2106"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html"
      },
      {
        "trust": 2.0,
        "url": "https://www.openssl.org/news/secadv/20160503.txt"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1650.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1648.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2959-1"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201612-16"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht206903"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1649.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/89744"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184605.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-16:17.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183457.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1035721"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2016/dsa-3566"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183607.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa123"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-18"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03756en_us"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03765en_us"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
      },
      {
        "trust": 1.7,
        "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2073.html"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=3f3582139fbb259a1c3cbb0a25236500a409bf26"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331536"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2016/may/25"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023779"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023814"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024319"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000158"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021361"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021376"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "https://securityadvisories.paloaltonetworks.com/home/detail/56?aspxautodetectcookiesupport=1"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987903"
      },
      {
        "trust": 0.3,
        "url": "https://support.asperasoft.com/hc/en-us/articles/229505687-security-bulletin-multiple-openssl-vulnerabilities-affect-ibm-aspera-shares-1-9-2-or-earlier-%20-ibm-aspera-console-3-0-6-or-earlier"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988007"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009147"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984323"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21984483"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984583"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984609"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984794"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984920"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984977"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985736"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986068"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986123"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986152"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986260"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986473"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986506"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986563"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986564"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986669"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987671"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987779"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987968"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988055"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988071"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988189"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988350"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988383"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988976"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989046"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992493"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-3110"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/site/documentation/en-us/jboss_enterprise_web_server/2/html-single/installation_guide/index.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-5387"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/2.1/html/2.1.1_release_notes/index.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/site/documentation/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/189.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2016:2073"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2959-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49332"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03756en_us"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=distributions\u0026version=2.1.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://eprint.iacr.org/2016/594.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-2055.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/2688611"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/solutions/222023"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3183"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.19"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.36"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2106"
      },
      {
        "db": "BID",
        "id": "89744"
      },
      {
        "db": "PACKETSTORM",
        "id": "138471"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "138473"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "139115"
      },
      {
        "db": "PACKETSTORM",
        "id": "136937"
      },
      {
        "db": "PACKETSTORM",
        "id": "136895"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-082"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2106"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2106"
      },
      {
        "db": "BID",
        "id": "89744"
      },
      {
        "db": "PACKETSTORM",
        "id": "138471"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "138473"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "139115"
      },
      {
        "db": "PACKETSTORM",
        "id": "136937"
      },
      {
        "db": "PACKETSTORM",
        "id": "136895"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-082"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2106"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2106"
      },
      {
        "date": "2016-05-03T00:00:00",
        "db": "BID",
        "id": "89744"
      },
      {
        "date": "2016-08-22T23:23:00",
        "db": "PACKETSTORM",
        "id": "138471"
      },
      {
        "date": "2017-06-05T18:18:00",
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "date": "2016-08-22T23:25:00",
        "db": "PACKETSTORM",
        "id": "138473"
      },
      {
        "date": "2016-12-07T16:37:31",
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "date": "2016-10-12T20:28:07",
        "db": "PACKETSTORM",
        "id": "139115"
      },
      {
        "date": "2016-05-09T14:05:44",
        "db": "PACKETSTORM",
        "id": "136937"
      },
      {
        "date": "2016-05-03T22:56:05",
        "db": "PACKETSTORM",
        "id": "136895"
      },
      {
        "date": "2016-05-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-082"
      },
      {
        "date": "2016-05-05T01:59:02.217000",
        "db": "NVD",
        "id": "CVE-2016-2106"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2106"
      },
      {
        "date": "2017-05-02T01:10:00",
        "db": "BID",
        "id": "89744"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-082"
      },
      {
        "date": "2023-11-07T02:30:55.767000",
        "db": "NVD",
        "id": "CVE-2016-2106"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "136895"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-082"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Integer overflow vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-082"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "digital error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-082"
      }
    ],
    "trust": 0.6
  }
}

var-200609-0988
Vulnerability from variot

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  2. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20060928.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0988",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "5.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "6.06"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "5.10"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "secure acs solution engine",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.10"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cwrsync",
        "version": "2.0.9"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "x8610.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "solaris data encryption kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.42"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.50.3.45"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40003.1.59.24"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "series airespace wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20003.1.59.24"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "ciscosecure acs appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1111"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "mds 9216i",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "css11500 content services switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.10.2.65"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.5.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "secure acs for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3.6.1"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "secure acs solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "ciscosecure acs for windows and unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.48"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.47"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.22"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i standard edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i personal edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.7.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i enterprise edition fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle8i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "oracle8i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4.0"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.5"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.4.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.0.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.2.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.1.0"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "identity management 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.0.1"
      },
      {
        "model": "9i application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0.2.2"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3"
      },
      {
        "model": "e-business suite 11i cu2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.9"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.8"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.7"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.0.2"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "developer suite 6i",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.2"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.1"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "210.1.2.0.0"
      },
      {
        "model": "application server release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.2.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.3"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.2"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "application server 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle for openview for linux ltu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1.1"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.7"
      },
      {
        "model": "oracle for openview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-4343",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4343",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#221788",
            "trust": 0.8,
            "value": "4.20"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-534",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20060928.txt\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      }
    ],
    "trust": 4.95
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 3.7
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 2.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22791",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25420",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1973",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4443",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29263",
        "trust": 1.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4773",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "id": "VAR-200609-0988",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.32525984999999996
  },
  "last_update_date": "2024-05-27T22:18:41.589000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 1.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/386964"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22791"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25420"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29263"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4443"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1973"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10207"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4356"
      },
      {
        "trust": 1.0,
        "url": "https://www.exploit-db.com/exploits/4773"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.3,
        "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/index.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/221788"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/457193"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/464470"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458657"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458036"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458006"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458037"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458005"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458041"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458038"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458475"
      },
      {
        "trust": 0.3,
        "url": "http://docs.info.apple.com/article.html?artnum=307177"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20246"
      },
      {
        "db": "BID",
        "id": "22083"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20246"
      },
      {
        "date": "2007-01-16T00:00:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2006-10-04T00:44:50",
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-01-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#221788"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T09:25:00",
        "db": "BID",
        "id": "20246"
      },
      {
        "date": "2008-05-20T23:05:00",
        "db": "BID",
        "id": "22083"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      },
      {
        "date": "2018-10-17T21:36:13.210000",
        "db": "NVD",
        "id": "CVE-2006-4343"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "50535"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "design error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-534"
      }
    ],
    "trust": 0.6
  }
}

var-201406-0142
Vulnerability from variot

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. OpenSSL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL prior to 0.9.8za,1.0.0m and 1.0.1h are vulnerable. These vulnerabilities include:

  • The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information.

  • HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5

  • HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
  • HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2010-5298
  4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
  4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)

CVE-2014-0076
  4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)

CVE-2014-0195
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2014-0198
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2014-0221
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2014-0224
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2014-3470
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2014-3566
  3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
  4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE-2016-0705
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE recommends applying the following software updates to resolve the vulnerabilities in the impacted versions of HPE StoreVirtual products running HPE LeftHand OS.

LeftHand OS v11.5 - Patches 45019-00 and 45020 LeftHand OS v12.0 - Patches 50016-00 and 50017-00 LeftHand OS v12.5 - Patch 55016-00 LeftHand OS v12.6 - Patch 56002-00

Notes:

These patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision to OpenSSL v1.0.1e 48. These patches migrate Certificate Authority Hashing Algorithm from a weak hashing algorithm SHA1 to the stronger hashing algorithm SHA256. ============================================================================ Ubuntu Security Notice USN-2232-1 June 05, 2014

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 13.10
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.2

Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.4

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.14

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.18

After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2014:0679-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0679.html Issue date: 2014-06-10 CVE Names: CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224)

Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433

A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195)

Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)

A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. (CVE-2014-0221)

A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)

Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470.

All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free 1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write() 1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability 1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake 1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment 1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-34.el7_0.3.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.3.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.3.i686.rpm openssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.3.i686.rpm openssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm openssl-static-1.0.1e-34.el7_0.3.i686.rpm openssl-static-1.0.1e-34.el7_0.3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-34.el7_0.3.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.3.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.3.i686.rpm openssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.3.i686.rpm openssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm openssl-static-1.0.1e-34.el7_0.3.i686.rpm openssl-static-1.0.1e-34.el7_0.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-34.el7_0.3.src.rpm

ppc64: openssl-1.0.1e-34.el7_0.3.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.3.ppc.rpm openssl-devel-1.0.1e-34.el7_0.3.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.3.ppc.rpm openssl-libs-1.0.1e-34.el7_0.3.ppc64.rpm

s390x: openssl-1.0.1e-34.el7_0.3.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.s390x.rpm openssl-devel-1.0.1e-34.el7_0.3.s390.rpm openssl-devel-1.0.1e-34.el7_0.3.s390x.rpm openssl-libs-1.0.1e-34.el7_0.3.s390.rpm openssl-libs-1.0.1e-34.el7_0.3.s390x.rpm

x86_64: openssl-1.0.1e-34.el7_0.3.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.3.i686.rpm openssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.3.i686.rpm openssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-34.el7_0.3.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.3.ppc64.rpm openssl-static-1.0.1e-34.el7_0.3.ppc.rpm openssl-static-1.0.1e-34.el7_0.3.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-34.el7_0.3.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.s390x.rpm openssl-perl-1.0.1e-34.el7_0.3.s390x.rpm openssl-static-1.0.1e-34.el7_0.3.s390.rpm openssl-static-1.0.1e-34.el7_0.3.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm openssl-static-1.0.1e-34.el7_0.3.i686.rpm openssl-static-1.0.1e-34.el7_0.3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-34.el7_0.3.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.3.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.3.i686.rpm openssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.3.i686.rpm openssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm openssl-static-1.0.1e-34.el7_0.3.i686.rpm openssl-static-1.0.1e-34.el7_0.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2010-5298.html https://www.redhat.com/security/data/cve/CVE-2014-0195.html https://www.redhat.com/security/data/cve/CVE-2014-0198.html https://www.redhat.com/security/data/cve/CVE-2014-0221.html https://www.redhat.com/security/data/cve/CVE-2014-0224.html https://www.redhat.com/security/data/cve/CVE-2014-3470.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/articles/904433 https://access.redhat.com/site/solutions/905793

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFTl161XlSAg2UNWIIRAiJlAKCiztPWPTBaVbDSJK/cEtvknFYpTACgur3t GHJznx5GNeKZ00848jTZ9hw= =48eV -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. Description:

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.

This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0 Release Notes, linked to in the References section, for information on the most significant of these changes.

The following security issues are also fixed with this release:

A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)

It was found that several application-provided XML files, such as web.xml, content.xml, .tld, .tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. (CVE-2013-4590)

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Tomcat instance. Solution:

The References section of this erratum contains a download link (you must log in to download the update). 5 client) - i386, x86_64

It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8za-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8za-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8za-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8za-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8za-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8za-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1h-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1h-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1h-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1h-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1h-i486-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1h-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1h-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 634b8ecc8abc6d3f249b73d0fefa5959 openssl-0.9.8za-i486-1_slack13.0.txz a2529f1243d42a3608f61b96236b5f60 openssl-solibs-0.9.8za-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: 2ddac651c5f2531f3a7f70d9f5823bd6 openssl-0.9.8za-x86_64-1_slack13.0.txz d7ffeb15713a587f642fbb3d5c310c75 openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 0b84a6a1edf76cba83d4c52c54196baa openssl-0.9.8za-i486-1_slack13.1.txz dfd5d241b0e1703ae9d70d6ccda06179 openssl-solibs-0.9.8za-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: bd749622577a5f76a59d90b95aa922fd openssl-0.9.8za-x86_64-1_slack13.1.txz 35cf911dd9f0cc13f7f0056d9e1f4520 openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 8f674defac9002c81265d284b1072f75 openssl-0.9.8za-i486-1_slack13.37.txz 48ce79e7714cb0c823d2b6ea4a88ba51 openssl-solibs-0.9.8za-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: efa09162c22782c15806bca99472c5be openssl-0.9.8za-x86_64-1_slack13.37.txz 8e3b8d1e3d3a740bd274fbe38dc10f96 openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz

Slackware 14.0 packages: 8e2698d19f54c7e0cac8f998df23b782 openssl-1.0.1h-i486-1_slack14.0.txz cf6233bc169cf6dd192bb7210f779fc1 openssl-solibs-1.0.1h-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 2b4f0610d5e46fa7bb27a0b39f0d6d33 openssl-1.0.1h-x86_64-1_slack14.0.txz 18fdd83dcf86204275508a689a017dea openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 49aea7da42eef41da894f29762971863 openssl-1.0.1h-i486-1_slack14.1.txz 6f19f4fdc3f018b4e821c519d7bb1e5c openssl-solibs-1.0.1h-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: ccf5ff2b107c665a4f3bf98176937749 openssl-1.0.1h-x86_64-1_slack14.1.txz ea1aaba38c98b096186ca94ca541a793 openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz

Slackware -current packages: db1ed7ded71ab503f567940fff39eb16 a/openssl-solibs-1.0.1h-i486-1.txz 0db4f91f9b568b2b2629950e5ab88b22 n/openssl-1.0.1h-i486-1.txz

Slackware x86_64 -current packages: d01aef33335bee27f36574241f54091f a/openssl-solibs-1.0.1h-x86_64-1.txz 95a743d21c58f39573845d6ec5270656 n/openssl-1.0.1h-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1h-i486-1_slack14.1.txz openssl-solibs-1.0.1h-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.

HP Systems Insight Manager v7.3 Hotfix kit HP Systems Insight Manager v7.2 Hotfix kit (The HP Systems Insight Manager v7.2 Hotfix kit is currently unavailable, but will be released at a later date.

http://h18013.www1.hp.com/products/servers/management/hpsim/download.html

NOTE: No reboot of the system is required after applying the HP SIM Hotfix kit. HP System Management Homepage versions 7.3.2 and earlier for Linux and Windows. HP System Management Homepage v7.2.4.1 is available for Windows 2003 only.

HP System Management Homepage v7.2.4.1 for Windows x86: http://www.hp.com/swpublishing/MTX-d775367b0a28449ca05660778b ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98702

HP System Management Homepage v7.2.4.1 for Windows x64: http://www.hp.com/swpublishing/MTX-3a7aa5e233904ebe847a5e1555 ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98704

HP System Management Homepage v7.3.3.1 for Windows x86: http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05 ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98696

HP System Management Homepage v7.3.3.1 for Windows x64: http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98698

HP System Management Homepage v7.3.3.1 for Linux x86: http://www.hp.com/swpublishing/MTX-511c3e0b2f6f4f6bbc796fc619 ftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1980463820/v98694

HP System Management Homepage v7.3.3.1 for Linux x64: http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93 ftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1507410135/v98693

NOTE: HP System Management Homepage v7.3.3.1 for Linux x86 still contains OpenSSL v1.0.0d. As long as all other products which SMH V7.3.3.1 for Linux x86 communicates with have been upgraded to the latest versions, it will not be vulnerable to the exploits described in CVE-2014-0224.

Release Date: 2014-07-09 Last Updated: 2014-07-09

Potential Security Impact: Remote denial of service (DoS), code execution, unauthorized access, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Software Operation Orchestration. The vulnerabilities could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities

References:

CVE-2014-0195 Remote Unauthorized Access CVE-2014-0221 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101635

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Software Operation Orchestration, v9.X

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0221 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following guideline for HP Operations Orchestration to resolve these vulnerabilities.

Guidelines and Patches can be downloaded from HP Software Support Online: http://support.openview.hp.com/selfsolve/document/LID/OO_00030

Bulletin Applicability: This security bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide.

HISTORY Version:1 (rev.1) - 9 July 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2015:062 http://www.mandriva.com/en/support/security/

Package : openssl Date : March 27, 2015 Affected: Business Server 2.0

Problem Description:

Multiple vulnerabilities has been discovered and corrected in openssl:

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298).

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).

The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt

Updated Packages:

Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201406-0142",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8za"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "*"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "20"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "19"
      },
      {
        "model": "storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "linux enterprise software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "mariadb",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mariadb",
        "version": "10.0.13"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "mariadb",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mariadb",
        "version": "10.0.0"
      },
      {
        "model": "linux enterprise workstation extension",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.2"
      },
      {
        "model": "bladecenter advanced management module 3.66e",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "chrome for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.141"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v210.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.3"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "big-ip analytics",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "9.1-release-p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "vpn client v100r001c02spc702",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "manageone v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip psm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed ga level",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "10.0-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "prime access registrar appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "big-ip edge clients for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "x7101"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "agile controller v100r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mds switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart update manager for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3.5"
      },
      {
        "model": "big-ip gtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "big-ip edge clients for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0.3"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "usg5000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "asg2000 v100r001c10sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "vsm v200r002c00spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.4"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "s5900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "documentum content server p05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "10.0-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "aura communication manager utility services sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.16.1.0.9.8"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.1"
      },
      {
        "model": "9.2-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "advanced settings utility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "9.1-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "automation stratix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "590015.6.3"
      },
      {
        "model": "nexus series fabric extenders",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "intelligencecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.2"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "documentum content server p02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "desktop collaboration experience dx650",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "automation stratix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "59000"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "telepresence ip gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open systems snapvault 3.0.1p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "9.3-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7700"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.6"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "ddos secure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.14.1-1"
      },
      {
        "model": "9.3-beta1-p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "vsm v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "powervu d9190 comditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "10.0-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "softco v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2700\u0026s3700 v100r006c05+v100r06h",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s6800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "big-ip psm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "telepresence mcu series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "model": "asg2000 v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "idp 5.1r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "nac manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "smc2.0 v100r002c01b017sp17",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.6"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "usg2000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "big-ip apm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.6"
      },
      {
        "model": "ecns600 v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u19** v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.20"
      },
      {
        "model": "oceanstor s5600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "toolscenter suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.53"
      },
      {
        "model": "unified communications series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "8.4-release-p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "netcool/system service monitor fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.014"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "big-ip edge clients for apple ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0"
      },
      {
        "model": "security information and event management hf11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3.2"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "big-ip edge clients for apple ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0.2"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.12"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "svn2200 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "usg9500 v300r001c01spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "8.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "ecns610 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "9.2-release-p8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "oceanstor s5600t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace iad v300r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-2"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "oceanstor s5800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "oceanstor s5800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "icewall sso dfw r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip edge clients for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9900"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.0-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.92743"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "tssc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.15"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.59"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "elog v100r003c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "ata series analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.0.9.8"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "big-ip edge clients for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7080"
      },
      {
        "model": "cms r17ac.h",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.1.1"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.10"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip edge clients for apple ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.0.5"
      },
      {
        "model": "dynamic system analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "s7700\u0026s9700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.6"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dsr-1000n 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project metasploit framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "metasploit",
        "version": "4.1.0"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      },
      {
        "model": "oceanstor s2200t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "icewall sso dfw r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "security enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "policy center v100r003c00spc305",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v19.7"
      },
      {
        "model": "solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.20.5.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "ios software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "10.0-release-p5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dsr-500n 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "video surveillance series ip camera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "spa510 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "idp 4.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.5"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "usg9500 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "enterprise linux server eus 6.5.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "prime performance manager for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "s7700\u0026s9700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "s3900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "model": "unified communications widgets click to call",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "softco v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence t series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.1"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v310.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "fastsetup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-3"
      },
      {
        "model": "jabber for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "operations analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.4"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "manageone v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "s7700\u0026s9700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "s6900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ucs b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9"
      },
      {
        "model": "documentum content server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77109.7"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "quantum policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "telepresence mxp series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.2"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "project metasploit framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "metasploit",
        "version": "4.9.1"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02spc800",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "infosphere balanced warehouse d5100",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cc v200r001c31",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s12700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "xenmobile app controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "2.10"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.10648"
      },
      {
        "model": "xenmobile app controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "2.9"
      },
      {
        "model": "oceanstor s5500t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "security information and event management hf3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1.4"
      },
      {
        "model": "documentum content server sp2 p13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "icewall sso dfw r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "documentum content server sp2 p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "ecns600 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3"
      },
      {
        "model": "jabber voice for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.8"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.5"
      },
      {
        "model": "8.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.2.0.9"
      },
      {
        "model": "puredata system for operational analytics a1791",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "dsm v100r002c05spc615",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "icewall sso certd r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.5"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "ace application control engine module ace20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c09",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "agent desktop for cisco unified contact center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "hyperdp v200r001c91spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "unified attendant console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dsr-500 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "s3900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "ace application control engine module ace10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v110.1"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "manageone v100r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463011.5"
      },
      {
        "model": "esight-ewl v300r001c10spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ave2000 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip edge clients for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7080"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "8.4-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "usg9300 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "anyoffice v200r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "13.10"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.0.0"
      },
      {
        "model": "9.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "usg9500 usg9500 v300r001c20",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u2990 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip pem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "oceanstor s6800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "manageone v100r001c02 spc901",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "oceanstor s2600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "isoc v200r001c02spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "9.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ons series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154000"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "9.1-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.1-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "policy center v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "colorqube ps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "88704.76.0"
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart update manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4.1"
      },
      {
        "model": "jabber video for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip edge clients for apple ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.0.6"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.2"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "webex connect client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "cognos planning fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "big-ip edge clients for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "x7080"
      },
      {
        "model": "softco v200r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.1"
      },
      {
        "model": "agile controller v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "nip2000\u00265000 v100r002c10hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.1"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smc2.0 v100r002c01b017sp16",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "blackberry link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "1.2"
      },
      {
        "model": "physical access gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "session border controller enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89410"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "isoc v200r001c01spc101",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "10.0-beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "documentum content server p06",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "isoc v200r001c00spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "one-x client enablement services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "small business isa500 series integrated security appliances",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.28"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "9.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "idp 4.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "usg9500 usg9500 v300r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "big-ip pem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "uma v200r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "isoc v200r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "eupp v100r001c10spc002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "stunnel",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.02"
      },
      {
        "model": "flex system fc5022",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "oceanstor s5500t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "documentum content server p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "wag310g wireless-g adsl2+ gateway with voip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified wireless ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "29200"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "ida pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hex ray",
        "version": "6.5"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.2"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.02007"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "smart call home",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "big-ip afm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "ecns610 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "documentum content server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025308"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.99"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.9"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "8.4-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "colorqube ps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "85704.76.0"
      },
      {
        "model": "oceanstor s6800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "manageone v100r002c10 spc320",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "svn2200 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "eupp v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "uma-db v2r1coospc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security information and event management hf6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2.2"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence exchange system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "usg9300 usg9300 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "oncommand unified manager core package 5.2.1p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7600-"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.3"
      },
      {
        "model": "espace u2990 v200r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "9.1-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "dsr-1000n rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "svn5500 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.2.0.1055"
      },
      {
        "model": "tivoli netcool/system service monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "jabber voice for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip ltm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "idp 4.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "8.4-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "isoc v200r001c02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "lotus foundations start",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1"
      },
      {
        "model": "10.0-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.7"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "big-ip afm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "logcenter v200r003c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "dynamic system analysis",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "big-ip edge clients for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.0.0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "s7700\u0026s9700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oceanstor s2600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.3"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.10"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0.2354"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.3"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "security information and event management ga",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4.0"
      },
      {
        "model": "8.4-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-1"
      },
      {
        "model": "usg9500 v300r001c20sph102",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip edge clients for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0.4"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "asa cx context-aware security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "unified im and presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "elog v100r003c01spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hardware management console release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v77.6"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "s5900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s6900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "fusionsphere v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tsm v100r002c07spc219",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "espace iad v300r002c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "documentum content server sp1 p28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "big-ip apm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "hyperdp v200r001c09spc501",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "toolscenter suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13100"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "project metasploit framework",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "metasploit",
        "version": "4.9.3"
      },
      {
        "model": "usg2000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "project metasploit framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "metasploit",
        "version": "4.9.2"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "10.0-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.7"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "8.4-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "operations analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.2.0"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "big-ip gtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "svn5500 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "8.4-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "agent desktop for cisco unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oceanstor s5500t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "espace iad v300r001c07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "dsr-1000 rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "documentum content server sp2 p16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip pem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "ip video phone e20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.2.6"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mate products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.9"
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "56000"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "8.4-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77009.7"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "espace u19** v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "uma v200r001c00spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oceanstor s6800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip edge clients for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7101"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "big-ip analytics",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "espace usm v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5"
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "nexus switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "31640"
      },
      {
        "model": "fusionsphere v100r003c10spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "smc2.0 v100r002c01b025sp07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2700\u0026s3700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "espace cc v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "isoc v200r001c01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "esight-ewl v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c91",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.1-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "oic v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "icewall sso dfw certd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip gtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.4"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.1"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber im for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "small cell factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "espace vtm v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "big-ip ltm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0"
      },
      {
        "model": "spa525 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4.0.15"
      },
      {
        "model": "advanced settings utility",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.0"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "espace u2980 v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.2-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "s12700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "8.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "oceanstor s2200t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "s2900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v39.7"
      },
      {
        "model": "open source security information management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.10"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "usg5000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.9"
      },
      {
        "model": "big-ip apm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.1"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.00"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.5.0.15"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.4"
      },
      {
        "model": "s5900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight v2r3c10spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.4"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip afm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "s3900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyoffice emm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "2.6.0601.0090"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.12"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "usg9500 usg9500 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "oic v100r001c00spc402",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.0"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "s7700\u0026s9700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "dsr-1000 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.4"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "vtm v100r001c30",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "oceanstor s5500t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "espace u2980 v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "8.4-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.2"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0.1880"
      },
      {
        "model": "8.4-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence ip vcr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "documentum content server sp1 p26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "eupp v100r001c01spc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ecns600 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "oceanstor s2600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v29.7"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "ave2000 v100r001c00sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "documentum content server sp2 p15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "9.2-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "10.0-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.13"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.5"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vpn client v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "metro ethernet series access devices",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12000"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "prime infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "ace application control engine appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.01"
      },
      {
        "model": "tivoli network manager ip edition fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.94"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "dsr-500n rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ios xr software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip apm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "nip2000\u00265000 v100r002c10spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.166"
      },
      {
        "model": "eupp v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "dsr-500 rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "oceanstor s5800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69000"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "oceanstor s5600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "big-ip edge clients for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7101"
      },
      {
        "model": "9.1-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security module for cisco network registar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "s6900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip edge clients for apple ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "dsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "css series content services switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "115000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "oceanstor s5800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.10"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "s7700\u0026s9700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "9.3-beta1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1"
      },
      {
        "model": "espace usm v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67901"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-079"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0221"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.0m",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.1h",
                "versionStartIncluding": "1.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.8za",
                "versionStartIncluding": "0.9.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.13",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0221"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127421"
      },
      {
        "db": "PACKETSTORM",
        "id": "127159"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "db": "PACKETSTORM",
        "id": "127608"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "128001"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2014-0221",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-0221",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-0221",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201406-079",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-0221",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0221"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-079"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0221"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. OpenSSL is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. \nOpenSSL prior to 0.9.8za,1.0.0m and 1.0.1h are vulnerable. These vulnerabilities include: \n\n* The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"POODLE\", which could be exploited remotely\nresulting in disclosure of information. \n\n  - HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n  - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2010-5298\n      4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\n      4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)\n\n    CVE-2014-0076\n      4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n      1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)\n\n    CVE-2014-0195\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-0198\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2014-0221\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2014-0224\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-3470\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2014-3566\n      3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\n      4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n    CVE-2016-0705\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE recommends applying the following software updates to resolve the\nvulnerabilities in the impacted versions of HPE StoreVirtual products running\nHPE LeftHand OS. \n\nLeftHand OS v11.5 - Patches 45019-00 and 45020 \nLeftHand OS v12.0 - Patches 50016-00 and 50017-00 \nLeftHand OS v12.5 - Patch 55016-00 \nLeftHand OS v12.6 - Patch 56002-00 \n\n**Notes:**\n\nThese patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision\nto OpenSSL v1.0.1e 48. \nThese patches migrate Certificate Authority Hashing Algorithm from a weak\nhashing algorithm SHA1 to the stronger hashing algorithm SHA256. ============================================================================\nUbuntu Security Notice USN-2232-1\nJune 05, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 13.10\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\nUbuntu 14.04 LTS. This issue only\naffected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. \n(CVE-2014-3470)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.2\n\nUbuntu 13.10:\n  libssl1.0.0                     1.0.1e-3ubuntu1.4\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.14\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.18\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2014:0679-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-0679.html\nIssue date:        2014-06-10\nCVE Names:         CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 \n                   CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 7. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. \nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470. \n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free\n1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()\n1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability\n1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake\n1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment\n1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.3.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.3.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.3.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.3.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.3.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.3.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.3.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2010-5298.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0195.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0198.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0221.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0224.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3470.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/site/articles/904433\nhttps://access.redhat.com/site/solutions/905793\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTl161XlSAg2UNWIIRAiJlAKCiztPWPTBaVbDSJK/cEtvknFYpTACgur3t\nGHJznx5GNeKZ00848jTZ9hw=\n=48eV\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.1,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0\nRelease Notes, linked to in the References section, for information on the\nmost significant of these changes. \n\nThe following security issues are also fixed with this release:\n\nA race condition flaw, leading to heap-based buffer overflows, was found in\nthe mod_status httpd module. A remote attacker able to access a status page\nserved by mod_status on a server using a threaded Multi-Processing Module\n(MPM) could send a specially crafted request that would cause the httpd\nchild process to crash or, possibly, allow the attacker to execute\narbitrary code with the privileges of the \"apache\" user. \nA remote attacker could submit a specially crafted request that would cause\nthe httpd child process to hang indefinitely. (CVE-2014-0231)\n\nIt was found that several application-provided XML files, such as web.xml,\ncontent.xml, *.tld, *.tagx, and *.jspx, resolved external entities,\npermitting XML External Entity (XXE) attacks. An attacker able to deploy\nmalicious applications to Tomcat could use this flaw to circumvent security\nrestrictions set by the JSM, and gain access to sensitive information on\nthe system. Note that this flaw only affected deployments in which Tomcat\nis running applications from untrusted sources, such as in a shared hosting\nenvironment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Tomcat to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same Tomcat instance. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). 5 client) - i386, x86_64\n\n3. \n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1h-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8za-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8za-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8za-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8za-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8za-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8za-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1h-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1h-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1h-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1h-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1h-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1h-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1h-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n634b8ecc8abc6d3f249b73d0fefa5959  openssl-0.9.8za-i486-1_slack13.0.txz\na2529f1243d42a3608f61b96236b5f60  openssl-solibs-0.9.8za-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n2ddac651c5f2531f3a7f70d9f5823bd6  openssl-0.9.8za-x86_64-1_slack13.0.txz\nd7ffeb15713a587f642fbb3d5c310c75  openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n0b84a6a1edf76cba83d4c52c54196baa  openssl-0.9.8za-i486-1_slack13.1.txz\ndfd5d241b0e1703ae9d70d6ccda06179  openssl-solibs-0.9.8za-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\nbd749622577a5f76a59d90b95aa922fd  openssl-0.9.8za-x86_64-1_slack13.1.txz\n35cf911dd9f0cc13f7f0056d9e1f4520  openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n8f674defac9002c81265d284b1072f75  openssl-0.9.8za-i486-1_slack13.37.txz\n48ce79e7714cb0c823d2b6ea4a88ba51  openssl-solibs-0.9.8za-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nefa09162c22782c15806bca99472c5be  openssl-0.9.8za-x86_64-1_slack13.37.txz\n8e3b8d1e3d3a740bd274fbe38dc10f96  openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n8e2698d19f54c7e0cac8f998df23b782  openssl-1.0.1h-i486-1_slack14.0.txz\ncf6233bc169cf6dd192bb7210f779fc1  openssl-solibs-1.0.1h-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2b4f0610d5e46fa7bb27a0b39f0d6d33  openssl-1.0.1h-x86_64-1_slack14.0.txz\n18fdd83dcf86204275508a689a017dea  openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n49aea7da42eef41da894f29762971863  openssl-1.0.1h-i486-1_slack14.1.txz\n6f19f4fdc3f018b4e821c519d7bb1e5c  openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nccf5ff2b107c665a4f3bf98176937749  openssl-1.0.1h-x86_64-1_slack14.1.txz\nea1aaba38c98b096186ca94ca541a793  openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\ndb1ed7ded71ab503f567940fff39eb16  a/openssl-solibs-1.0.1h-i486-1.txz\n0db4f91f9b568b2b2629950e5ab88b22  n/openssl-1.0.1h-i486-1.txz\n\nSlackware x86_64 -current packages:\nd01aef33335bee27f36574241f54091f  a/openssl-solibs-1.0.1h-x86_64-1.txz\n95a743d21c58f39573845d6ec5270656  n/openssl-1.0.1h-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1h-i486-1_slack14.1.txz openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \n\nHP Systems Insight Manager v7.3 Hotfix kit\nHP Systems Insight Manager v7.2 Hotfix kit (The HP Systems Insight Manager\nv7.2 Hotfix kit is currently unavailable, but will be released at a later\ndate. \n\nhttp://h18013.www1.hp.com/products/servers/management/hpsim/download.html\n\nNOTE: No reboot of the system is required after applying the HP SIM Hotfix\nkit. \nHP System Management Homepage versions 7.3.2 and earlier for Linux and\nWindows. HP System Management Homepage v7.2.4.1 is available for\nWindows 2003 only. \n\nHP System Management Homepage v7.2.4.1 for Windows x86:\nhttp://www.hp.com/swpublishing/MTX-d775367b0a28449ca05660778b\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98702\n\nHP System Management Homepage v7.2.4.1 for Windows x64:\nhttp://www.hp.com/swpublishing/MTX-3a7aa5e233904ebe847a5e1555\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98704\n\nHP System Management Homepage v7.3.3.1 for Windows x86:\nhttp://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98696\n\nHP System Management Homepage v7.3.3.1 for Windows x64:\nhttp://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98698\n\nHP System Management Homepage v7.3.3.1 for Linux x86:\nhttp://www.hp.com/swpublishing/MTX-511c3e0b2f6f4f6bbc796fc619\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1980463820/v98694\n\nHP System Management Homepage v7.3.3.1 for Linux x64:\nhttp://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1507410135/v98693\n\nNOTE: HP System Management Homepage v7.3.3.1 for Linux x86 still contains\nOpenSSL v1.0.0d. As long as all other products which SMH V7.3.3.1 for Linux\nx86 communicates with have been upgraded to the latest versions, it will not\nbe vulnerable to the exploits described in CVE-2014-0224. \n\nRelease Date: 2014-07-09\nLast Updated: 2014-07-09\n\nPotential Security Impact: Remote denial of service (DoS), code execution,\nunauthorized access, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Software\nOperation Orchestration. The vulnerabilities could be exploited to allow\nremote code execution, denial of service (DoS) and disclosure of information. \nOpenSSL is a 3rd party product that is embedded with some HP Software\nproducts. This bulletin notifies HP Software customers about products\naffected by the OpenSSL vulnerabilities\n\nReferences:\n\nCVE-2014-0195 Remote Unauthorized Access\nCVE-2014-0221 Remote Unauthorized Access or Disclosure of Information\nCVE-2014-3470 Remote Code Execution or Unauthorized Access\nSSRT101635\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Software Operation Orchestration, v9.X\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-0195    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-0221    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-3470    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following guideline for HP Operations Orchestration to\nresolve these vulnerabilities. \n\nGuidelines and Patches can be downloaded from HP Software Support Online:\nhttp://support.openview.hp.com/selfsolve/document/LID/OO_00030\n\nBulletin Applicability: This security bulletin applies to each OpenSSL\ncomponent that is embedded within the HP products listed in the security\nbulletin. The bulletin does not apply to any other 3rd party application\n(e.g. operating system, web server, or application server) that may be\nrequired to be installed by the customer according instructions in the\nproduct install guide. \n\nHISTORY\nVersion:1 (rev.1) - 9 July 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2015:062\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : openssl\n Date    : March 27, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in openssl:\n \n Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows\n remote attackers to inject data across sessions or cause a denial of\n service (use-after-free and parsing error) via an SSL connection in\n a multithreaded environment (CVE-2010-5298). \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue\n became relevant after the CVE-2014-3568 fix (CVE-2014-3569). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599  mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f  mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b  mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a  mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784  mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1  mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0221"
      },
      {
        "db": "BID",
        "id": "67901"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "126925"
      },
      {
        "db": "PACKETSTORM",
        "id": "127042"
      },
      {
        "db": "PACKETSTORM",
        "id": "128001"
      },
      {
        "db": "PACKETSTORM",
        "id": "127958"
      },
      {
        "db": "PACKETSTORM",
        "id": "127016"
      },
      {
        "db": "PACKETSTORM",
        "id": "127862"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0221"
      },
      {
        "db": "PACKETSTORM",
        "id": "126976"
      },
      {
        "db": "PACKETSTORM",
        "id": "127608"
      },
      {
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127159"
      },
      {
        "db": "PACKETSTORM",
        "id": "127421"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0221",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "67901",
        "trust": 2.0
      },
      {
        "db": "MCAFEE",
        "id": "SB10075",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "59659",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58977",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59310",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59189",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59721",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59221",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58337",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59491",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59300",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "60571",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59287",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58939",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59162",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59449",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59364",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59192",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59990",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59167",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58945",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59126",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "61254",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59175",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59655",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59451",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59429",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59306",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59518",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59490",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "60687",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59120",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59666",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59514",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59784",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58615",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59460",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59284",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59495",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59413",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59027",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58713",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "58714",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59365",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59441",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59454",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59450",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59301",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59895",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59342",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59669",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59437",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59528",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1030337",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10629",
        "trust": 1.7
      },
      {
        "db": "LENOVO",
        "id": "LEN-24443",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-079",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-094-04",
        "trust": 0.4
      },
      {
        "db": "DLINK",
        "id": "SAP10045",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0221",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127421",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127159",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127362",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127266",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127608",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126976",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131044",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140720",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127862",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127016",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127958",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128001",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127042",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126925",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0221"
      },
      {
        "db": "BID",
        "id": "67901"
      },
      {
        "db": "PACKETSTORM",
        "id": "127421"
      },
      {
        "db": "PACKETSTORM",
        "id": "127159"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "db": "PACKETSTORM",
        "id": "127608"
      },
      {
        "db": "PACKETSTORM",
        "id": "126976"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127862"
      },
      {
        "db": "PACKETSTORM",
        "id": "127016"
      },
      {
        "db": "PACKETSTORM",
        "id": "127958"
      },
      {
        "db": "PACKETSTORM",
        "id": "128001"
      },
      {
        "db": "PACKETSTORM",
        "id": "127042"
      },
      {
        "db": "PACKETSTORM",
        "id": "126925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-079"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0221"
      }
    ]
  },
  "id": "VAR-201406-0142",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.4065201389473685
  },
  "last_update_date": "2024-06-14T21:51:12.928000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl-1.0.1h",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51081"
      },
      {
        "title": "openssl-1.0.0m",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51080"
      },
      {
        "title": "openssl-0.9.8za",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51079"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/07/10/fireeye_patches_os_torpedo_exploitdb_disclosure/"
      },
      {
        "title": "Red Hat: CVE-2014-0221",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0221"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-4"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-3"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-2"
      },
      {
        "title": "Debian Security Advisories: DSA-2950-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=909292f2afe623fbec51f7ab6b32f790"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-349",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-349"
      },
      {
        "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60"
      },
      {
        "title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201"
      },
      {
        "title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2014-0221 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/potterxma/linux-deployment-standard "
      },
      {
        "title": "wormhole",
        "trust": 0.1,
        "url": "https://github.com/jumanjihouse/wormhole "
      },
      {
        "title": "oval",
        "trust": 0.1,
        "url": "https://github.com/jumanjihouse/oval "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/hrbrmstr/internetdb "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0221"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-079"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0221"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://support.citrix.com/article/ctx140876"
      },
      {
        "trust": 2.3,
        "url": "http://www.openssl.org/news/secadv_20140605.txt"
      },
      {
        "trust": 2.3,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
      },
      {
        "trust": 2.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "trust": 2.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/67901"
      },
      {
        "trust": 2.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
      },
      {
        "trust": 2.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
      },
      {
        "trust": 2.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
      },
      {
        "trust": 2.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676226"
      },
      {
        "trust": 2.0,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
      },
      {
        "trust": 2.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
      },
      {
        "trust": 2.0,
        "url": "http://www.fortiguard.com/advisory/fg-ir-14-018/"
      },
      {
        "trust": 2.0,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757"
      },
      {
        "trust": 2.0,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756"
      },
      {
        "trust": 2.0,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755"
      },
      {
        "trust": 2.0,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
      },
      {
        "trust": 2.0,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103593"
      },
      {
        "trust": 1.7,
        "url": "http://www.blackberry.com/btsc/kb36051"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59301"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59450"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59491"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59721"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59655"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59659"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59162"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59120"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59528"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58939"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59666"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59126"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59490"
      },
      {
        "trust": 1.7,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
      },
      {
        "trust": 1.7,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6060\u0026myns=phmc\u0026mync=e"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59514"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59495"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59669"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59413"
      },
      {
        "trust": 1.7,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
      },
      {
        "trust": 1.7,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6061\u0026myns=phmc\u0026mync=e"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59300"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59895"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59342"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59451"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1021.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59990"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59221"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/60571"
      },
      {
        "trust": 1.7,
        "url": "http://linux.oracle.com/errata/elsa-2014-1053.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/60687"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59784"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht6443"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2014/dec/23"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020163"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1030337"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:106"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:105"
      },
      {
        "trust": 1.7,
        "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/61254"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59518"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59460"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59454"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59449"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59441"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59437"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59429"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59365"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59364"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59310"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59306"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59287"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59284"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59192"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59189"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59175"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59167"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59027"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58977"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58945"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58714"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58713"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58615"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/58337"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=d3152655d5319ce883c8e3ac4b99f8de4c59d846"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
      },
      {
        "trust": 0.6,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.6,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.6,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d3152655d5319ce883c8e3ac4b99f8de4c59d846"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/solutions/len-24443"
      },
      {
        "trust": 0.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946"
      },
      {
        "trust": 0.3,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0221_resource_management"
      },
      {
        "trust": 0.3,
        "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045"
      },
      {
        "trust": 0.3,
        "url": "http://www.cerberusftp.com/products/releasenotes.html"
      },
      {
        "trust": 0.3,
        "url": "http://googlechromereleases.blogspot.com/2014/06/chrome-for-android-update.html"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678123"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678073"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181245"
      },
      {
        "trust": 0.3,
        "url": "http://www8.hp.com/us/en/software-solutions/operations-analytics-operations-analysis/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "https://community.rapid7.com/community/metasploit/blog/2014/06/05/security-advisory-openssl-vulnerabilities-cve-2014-0224-cve-2014-0221-in-metasploit"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685551"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15343.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.marshut.com/ixwnpv/stunnel-5-02-released.html"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181099"
      },
      {
        "trust": 0.3,
        "url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04343424"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04363613"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368523"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04337774"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04336637"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678413"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676673"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678660"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/33a01-5228bdf5d027e/cert_security_mini-_bulletin_xrx15ao_for_cq8570-cq8870_v1-0.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100182784"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html"
      },
      {
        "trust": 0.3,
        "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676793"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676840"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020163"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676226"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682023"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682026"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682024"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678289"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004695"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
      },
      {
        "trust": 0.3,
        "url": "http://www.ubuntu.com/usn/usn-2232-4/"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0221.html"
      },
      {
        "trust": 0.2,
        "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.2,
        "url": "http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34547"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2232-4/"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/oo_00030"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-511c3e0b2f6f4f6bbc796fc619"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-bd9a1cf60e344c549c4888db93"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-3395d737d98f42149125b9bb05"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-3a7aa5e233904ebe847a5e1555"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-d775367b0a28449ca05660778b"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-e8076c2a35804685ad65b2b1ba"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-2c54f23c6dbc4d598e86fdef95"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-4480df0f6d544779b0143f5c3b"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3505.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3506.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20140806.txt"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3508.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3510.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1053.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0226.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=webserver\u0026version=2.1.0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0119"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_web_server/2.1/html/2.1.0_release_notes/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2013-4590.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4590"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0119.html"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1086.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0118.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0231.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/site/solutions/905793"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0224.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/site/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0198.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/site/articles/904433"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0679.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2010-5298.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3470.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0195.html"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.2"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2232-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.18"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.14"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0221"
      },
      {
        "db": "BID",
        "id": "67901"
      },
      {
        "db": "PACKETSTORM",
        "id": "127421"
      },
      {
        "db": "PACKETSTORM",
        "id": "127159"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "db": "PACKETSTORM",
        "id": "127608"
      },
      {
        "db": "PACKETSTORM",
        "id": "126976"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127862"
      },
      {
        "db": "PACKETSTORM",
        "id": "127016"
      },
      {
        "db": "PACKETSTORM",
        "id": "127958"
      },
      {
        "db": "PACKETSTORM",
        "id": "128001"
      },
      {
        "db": "PACKETSTORM",
        "id": "127042"
      },
      {
        "db": "PACKETSTORM",
        "id": "126925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-079"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0221"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0221"
      },
      {
        "db": "BID",
        "id": "67901"
      },
      {
        "db": "PACKETSTORM",
        "id": "127421"
      },
      {
        "db": "PACKETSTORM",
        "id": "127159"
      },
      {
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "db": "PACKETSTORM",
        "id": "127608"
      },
      {
        "db": "PACKETSTORM",
        "id": "126976"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "db": "PACKETSTORM",
        "id": "127862"
      },
      {
        "db": "PACKETSTORM",
        "id": "127016"
      },
      {
        "db": "PACKETSTORM",
        "id": "127958"
      },
      {
        "db": "PACKETSTORM",
        "id": "128001"
      },
      {
        "db": "PACKETSTORM",
        "id": "127042"
      },
      {
        "db": "PACKETSTORM",
        "id": "126925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-079"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0221"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-06-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0221"
      },
      {
        "date": "2014-06-05T00:00:00",
        "db": "BID",
        "id": "67901"
      },
      {
        "date": "2014-07-11T21:04:18",
        "db": "PACKETSTORM",
        "id": "127421"
      },
      {
        "date": "2014-06-19T23:12:50",
        "db": "PACKETSTORM",
        "id": "127159"
      },
      {
        "date": "2014-07-06T18:53:39",
        "db": "PACKETSTORM",
        "id": "127362"
      },
      {
        "date": "2014-06-27T18:43:56",
        "db": "PACKETSTORM",
        "id": "127266"
      },
      {
        "date": "2014-07-24T23:48:05",
        "db": "PACKETSTORM",
        "id": "127608"
      },
      {
        "date": "2014-06-06T23:46:36",
        "db": "PACKETSTORM",
        "id": "126976"
      },
      {
        "date": "2015-03-27T20:42:44",
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "date": "2017-01-25T21:54:44",
        "db": "PACKETSTORM",
        "id": "140720"
      },
      {
        "date": "2014-08-14T02:25:06",
        "db": "PACKETSTORM",
        "id": "127862"
      },
      {
        "date": "2014-06-10T17:33:47",
        "db": "PACKETSTORM",
        "id": "127016"
      },
      {
        "date": "2014-08-21T19:34:55",
        "db": "PACKETSTORM",
        "id": "127958"
      },
      {
        "date": "2014-08-26T11:11:00",
        "db": "PACKETSTORM",
        "id": "128001"
      },
      {
        "date": "2014-06-11T00:10:53",
        "db": "PACKETSTORM",
        "id": "127042"
      },
      {
        "date": "2014-06-05T15:14:53",
        "db": "PACKETSTORM",
        "id": "126925"
      },
      {
        "date": "2014-06-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201406-079"
      },
      {
        "date": "2014-06-05T21:55:06.207000",
        "db": "NVD",
        "id": "CVE-2014-0221"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0221"
      },
      {
        "date": "2017-05-23T16:25:00",
        "db": "BID",
        "id": "67901"
      },
      {
        "date": "2022-08-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201406-079"
      },
      {
        "date": "2023-11-07T02:18:12.593000",
        "db": "NVD",
        "id": "CVE-2014-0221"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127421"
      },
      {
        "db": "PACKETSTORM",
        "id": "127862"
      },
      {
        "db": "PACKETSTORM",
        "id": "127016"
      },
      {
        "db": "PACKETSTORM",
        "id": "126925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-079"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Resource Management Error Vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-079"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-079"
      }
    ],
    "trust": 0.6
  }
}

var-201708-1311
Vulnerability from variot

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. OpenSSL is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Summary:

Security Advisory

  1. Description:

Red Hat Ansible Tower 3.3.1 is now available and contains the following bug fixes:

    • Fixed event callback error when in-line vaulted variables are used with include_vars
    • Fixed HSTS and X-Frame-Options to properly be set in nginx configuration
    • Fixed isolated node setup to no longer fail when ansible_host is used
    • Fixed selection of custom virtual environments in job template creation
    • Fixed websockets for job details to properly work
    • Fixed the /api/v2/authtoken compatibility shim
    • Fixed page size selection on the jobs screen
    • Fixed instances in an instance group to properly be disabled in the user interface
    • Fixed the job template selection in workflow creation to properly render
    • Fixed member_attr to properly set on some LDAP configurations during upgrade, preventing login
    • Fixed PosixUIDGroupType LDAP configurations
    • Improved the RAM requirement in the installer preflight check
    • Updated Tower to properly report an error when relaunch was used on a set of failed hosts that is too large
    • Updated sosreport configuration to gather more python environment, nginx, and supervisor configuration
    • Fixed display of extra_vars for scheduled jobs

  • Solution:

The Ansible Tower Upgrade and Migration Guide is available at: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html

  1. ========================================================================== Ubuntu Security Notice USN-3611-2 April 17, 2018

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. (CVE-2017-3735)

It was discovered that OpenSSL incorrectly handled certain ASN.1 types. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-0739)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM: libssl1.0.0 1.0.1-4ubuntu5.40 openssl 1.0.1-4ubuntu5.40

After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan

macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan are now available and address the following:

apache Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Processing a maliciously crafted Apache configuration directive may result in the disclosure of process memory Description: Multiple issues were addressed by updating to version 2.4.28. CVE-2017-9798

curl Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Malicious FTP servers may be able to cause the client to read out-of-bounds memory Description: An out-of-bounds read issue existed in the FTP PWD response parsing. This issue was addressed with improved bounds checking. CVE-2017-1000254: Max Dymond

Directory Utility Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1 Not impacted: macOS Sierra 10.12.6 and earlier Impact: An attacker may be able to bypass administrator authentication without supplying the administrator's password Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation. CVE-2017-13872

Intel Graphics Driver Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13883: an anonymous researcher

Intel Graphics Driver Available for: macOS High Sierra 10.13.1 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2017-13878: Ian Beer of Google Project Zero

Intel Graphics Driver Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with system privileges Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2017-13875: Ian Beer of Google Project Zero

IOAcceleratorFamily Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift) of SoftSec, KAIST (softsec.kaist.ac.kr)

IOKit Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with system privileges Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-2017-13848: Alex Plaskett of MWR InfoSecurity CVE-2017-13858: an anonymous researcher

IOKit Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues were addressed through improved state management. CVE-2017-13847: Ian Beer of Google Project Zero

Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13862: Apple

Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2017-13833: Brandon Azad

Kernel Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13876: Ian Beer of Google Project Zero

Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A type confusion issue was addressed with improved memory handling. CVE-2017-13855: Jann Horn of Google Project Zero

Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13867: Ian Beer of Google Project Zero

Kernel Available for: macOS High Sierra 10.13.1 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13865: Ian Beer of Google Project Zero

Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13868: Brandon Azad CVE-2017-13869: Jann Horn of Google Project Zero

Mail Available for: macOS High Sierra 10.13.1 Impact: A S/MIME encrypted email may be inadvertently sent unencrypted if the receiver's S/MIME certificate is not installed Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-13871: an anonymous researcher

Mail Drafts Available for: macOS High Sierra 10.13.1 Impact: An attacker with a privileged network position may be able to intercept mail Description: An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control. CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH

OpenSSL Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read issue existed in X.509 IPAddressFamily parsing. This issue was addressed with improved bounds checking. CVE-2017-3735: found by OSS-Fuzz

Screen Sharing Server Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6 Impact: A user with screen sharing access may be able to access any file readable by root Description: A permissions issue existed in the handling of screen sharing sessions. This issue was addressed with improved permissions handling. CVE-2017-13826: Trevor Jacques of Toronto

Installation note:

macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7 Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp 4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj 5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+ ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs= =2VBd -----END PGP SIGNATURE-----

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security, bug fix, and enhancement update Advisory ID: RHSA-2018:3221-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3221 Issue date: 2018-10-30 CVE Names: CVE-2017-3735 CVE-2018-0495 CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495)

  • openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732)

  • openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)

  • openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735)

  • openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1486144 - CVE-2017-3735 openssl: Malformed X.509 IPAdressFamily could cause OOB read 1548401 - modify X509_NAME comparison function to be case sensitive for CA name lists in SSL 1561266 - CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service 1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1585004 - ppc64le opensslconf.h is incompatible with swig 1591100 - CVE-2018-0732 openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang 1591163 - CVE-2018-0495 openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries 1603597 - Confusing error message when asking for invalid DSA parameter sizes in FIPS mode

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.2k-16.el7.src.rpm

x86_64: openssl-1.0.2k-16.el7.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-libs-1.0.2k-16.el7.i686.rpm openssl-libs-1.0.2k-16.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-devel-1.0.2k-16.el7.i686.rpm openssl-devel-1.0.2k-16.el7.x86_64.rpm openssl-perl-1.0.2k-16.el7.x86_64.rpm openssl-static-1.0.2k-16.el7.i686.rpm openssl-static-1.0.2k-16.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.2k-16.el7.src.rpm

x86_64: openssl-1.0.2k-16.el7.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-libs-1.0.2k-16.el7.i686.rpm openssl-libs-1.0.2k-16.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-devel-1.0.2k-16.el7.i686.rpm openssl-devel-1.0.2k-16.el7.x86_64.rpm openssl-perl-1.0.2k-16.el7.x86_64.rpm openssl-static-1.0.2k-16.el7.i686.rpm openssl-static-1.0.2k-16.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.2k-16.el7.src.rpm

ppc64: openssl-1.0.2k-16.el7.ppc64.rpm openssl-debuginfo-1.0.2k-16.el7.ppc.rpm openssl-debuginfo-1.0.2k-16.el7.ppc64.rpm openssl-devel-1.0.2k-16.el7.ppc.rpm openssl-devel-1.0.2k-16.el7.ppc64.rpm openssl-libs-1.0.2k-16.el7.ppc.rpm openssl-libs-1.0.2k-16.el7.ppc64.rpm

ppc64le: openssl-1.0.2k-16.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-16.el7.ppc64le.rpm openssl-devel-1.0.2k-16.el7.ppc64le.rpm openssl-libs-1.0.2k-16.el7.ppc64le.rpm

s390x: openssl-1.0.2k-16.el7.s390x.rpm openssl-debuginfo-1.0.2k-16.el7.s390.rpm openssl-debuginfo-1.0.2k-16.el7.s390x.rpm openssl-devel-1.0.2k-16.el7.s390.rpm openssl-devel-1.0.2k-16.el7.s390x.rpm openssl-libs-1.0.2k-16.el7.s390.rpm openssl-libs-1.0.2k-16.el7.s390x.rpm

x86_64: openssl-1.0.2k-16.el7.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-devel-1.0.2k-16.el7.i686.rpm openssl-devel-1.0.2k-16.el7.x86_64.rpm openssl-libs-1.0.2k-16.el7.i686.rpm openssl-libs-1.0.2k-16.el7.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source: openssl-1.0.2k-16.el7.src.rpm

aarch64: openssl-1.0.2k-16.el7.aarch64.rpm openssl-debuginfo-1.0.2k-16.el7.aarch64.rpm openssl-devel-1.0.2k-16.el7.aarch64.rpm openssl-libs-1.0.2k-16.el7.aarch64.rpm

ppc64le: openssl-1.0.2k-16.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-16.el7.ppc64le.rpm openssl-devel-1.0.2k-16.el7.ppc64le.rpm openssl-libs-1.0.2k-16.el7.ppc64le.rpm

s390x: openssl-1.0.2k-16.el7.s390x.rpm openssl-debuginfo-1.0.2k-16.el7.s390.rpm openssl-debuginfo-1.0.2k-16.el7.s390x.rpm openssl-devel-1.0.2k-16.el7.s390.rpm openssl-devel-1.0.2k-16.el7.s390x.rpm openssl-libs-1.0.2k-16.el7.s390.rpm openssl-libs-1.0.2k-16.el7.s390x.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64: openssl-debuginfo-1.0.2k-16.el7.aarch64.rpm openssl-perl-1.0.2k-16.el7.aarch64.rpm openssl-static-1.0.2k-16.el7.aarch64.rpm

ppc64le: openssl-debuginfo-1.0.2k-16.el7.ppc64le.rpm openssl-perl-1.0.2k-16.el7.ppc64le.rpm openssl-static-1.0.2k-16.el7.ppc64le.rpm

s390x: openssl-debuginfo-1.0.2k-16.el7.s390.rpm openssl-debuginfo-1.0.2k-16.el7.s390x.rpm openssl-perl-1.0.2k-16.el7.s390x.rpm openssl-static-1.0.2k-16.el7.s390.rpm openssl-static-1.0.2k-16.el7.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.2k-16.el7.ppc.rpm openssl-debuginfo-1.0.2k-16.el7.ppc64.rpm openssl-perl-1.0.2k-16.el7.ppc64.rpm openssl-static-1.0.2k-16.el7.ppc.rpm openssl-static-1.0.2k-16.el7.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.2k-16.el7.ppc64le.rpm openssl-perl-1.0.2k-16.el7.ppc64le.rpm openssl-static-1.0.2k-16.el7.ppc64le.rpm

s390x: openssl-debuginfo-1.0.2k-16.el7.s390.rpm openssl-debuginfo-1.0.2k-16.el7.s390x.rpm openssl-perl-1.0.2k-16.el7.s390x.rpm openssl-static-1.0.2k-16.el7.s390.rpm openssl-static-1.0.2k-16.el7.s390x.rpm

x86_64: openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-perl-1.0.2k-16.el7.x86_64.rpm openssl-static-1.0.2k-16.el7.i686.rpm openssl-static-1.0.2k-16.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.2k-16.el7.src.rpm

x86_64: openssl-1.0.2k-16.el7.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-devel-1.0.2k-16.el7.i686.rpm openssl-devel-1.0.2k-16.el7.x86_64.rpm openssl-libs-1.0.2k-16.el7.i686.rpm openssl-libs-1.0.2k-16.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-perl-1.0.2k-16.el7.x86_64.rpm openssl-static-1.0.2k-16.el7.i686.rpm openssl-static-1.0.2k-16.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2017-3735 https://access.redhat.com/security/cve/CVE-2018-0495 https://access.redhat.com/security/cve/CVE-2018-0732 https://access.redhat.com/security/cve/CVE-2018-0737 https://access.redhat.com/security/cve/CVE-2018-0739 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBW9gQkdzjgjWX9erEAQgQZQ/8CfvagNmJ9p3eWlbk5NOClhF4mxZjzHUc j8kOWrBXKt+VsCknJJTwKOkzrljUJ/XgHo4vu/G9F6O3Oj62roWmW5OJKtlmD3xl VOhUNNmWalVsQ1i1CgI7Khf2Xq9SaMnCaTDpoTamAAznrcj7T2AGABIzPeK0+WL7 GctOtuZoC04CSUbg4z3I6KWYZAh9Id6qbYLcMYSNbTGW7FKl15GOQsu2atwwoWhg 9BA6QhEULWiob/MWcGIrZZl3Bqm2cngC+FhxklsWJ9BC0zRsCJZROBg2eYVCwW78 ZwXiS5rQCSNkmGO4GK239aSyjMmtwrZBzfLsFXz1Enp7kKle6EqnA655p4cu78I8 HXxmBOceOq7NlG3Zz4PKafmkqZMHoriIxGDgGYWxMBb2Tdk7ZerhsaA1fW9dDPIZ zNxF0LngoaZbu49DKv/Doiqcs9nsyvoYpBMeALAM1hAZRhk7o31HJS9i7O/YzuWc uL7wgtQRgyxtFXaRlleWU8pWsTx9NtpvtPiMJQzkw19UX3El5DQv+8x+hNholuZa pfA9UWrhLfYVk0ZZRzI9pYgpsEJ9Ga3TgykpM048V4+84KVDRkkLHxGM1p3rvX01 eCRYyB0VzbFhKwxdyRniBITh3e2+uaYkG7zYSX+ewXu2rOTN8uLrK87rHDliQnvS nuWE/iwTIDU= =jMog -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04.

Gentoo Linux Security Advisory GLSA 201712-03

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 14, 2017 Bugs: #629290, #636264, #640172 ID: 201712-03

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2n >= 1.0.2n

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details.

Impact

A remote attacker could cause a Denial of Service condition, recover a private key in unlikely circumstances, circumvent security restrictions to perform unauthorized actions, or gain access to sensitive information.

Workaround

There are no known workarounds at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2n"

References

[ 1 ] CVE-2017-3735 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3735 [ 2 ] CVE-2017-3736 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3736 [ 3 ] CVE-2017-3737 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3737 [ 4 ] CVE-2017-3738 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3738

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201712-03

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

--IrEhWFjxIJsFtqH1v1HHQsLm3nLmhNeP4--

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1311",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8ze"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8u"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8y"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zc"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8z"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8w"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8za"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zb"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zg"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8t"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": "openssl",
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rhev-m for servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "0"
      },
      {
        "model": "jboss web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "jboss ews",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2"
      },
      {
        "model": "jboss ews",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "1"
      },
      {
        "model": "jboss eap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "jboss eap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "jboss core services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.1"
      },
      {
        "model": "project openssl 1.1.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.1.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.1.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.1.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.1.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.1.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.7"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.8.0.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.8"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.7.2.6"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.7.2.3"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.7.2.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.4"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.3"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.17"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.15"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.14"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.7"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.0"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "10.0"
      },
      {
        "model": "unified agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.9"
      },
      {
        "model": "unified agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.8"
      },
      {
        "model": "unified agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.7"
      },
      {
        "model": "unified agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.6"
      },
      {
        "model": "unified agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.0"
      },
      {
        "model": "ssl visibility 3.8.4fc",
        "scope": null,
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": null
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.12"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.11"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.10"
      },
      {
        "model": "security analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.3"
      },
      {
        "model": "security analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.2"
      },
      {
        "model": "security analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.7"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5"
      },
      {
        "model": "proxyclient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.4"
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "policycenter s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.9"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.6"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.11"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "mail threat defense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "intelligencecenter data collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.3"
      },
      {
        "model": "intelligencecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.3"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "content analysis system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.3"
      },
      {
        "model": "content analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.2"
      },
      {
        "model": "content analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.1"
      },
      {
        "model": "client connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.6"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.4.0"
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "android mobile agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.3"
      },
      {
        "model": "advanced secure gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.7"
      },
      {
        "model": "advanced secure gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6"
      },
      {
        "model": "project openssl 1.1.0f-git",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2l-git",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.8.0.2"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.7.2.7"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "100515"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1172"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3735"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8zg:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8zc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8ze:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3735"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Google\u0027s OSS-Fuzz project",
    "sources": [
      {
        "db": "BID",
        "id": "100515"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-3735",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-3735",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 1.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-3735",
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-3735",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-3735",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-3735",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201708-1172",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-3735",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3735"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1172"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3735"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. OpenSSL is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Summary:\n\nSecurity Advisory\n\n2. Description:\n\nRed Hat Ansible Tower 3.3.1 is now available and contains the following bug\nfixes:\n\n- - Fixed event callback error when in-line vaulted variables are used with\n``include_vars``\n- - Fixed HSTS and X-Frame-Options to properly be set in nginx configuration\n- - Fixed isolated node setup to no longer fail when ``ansible_host`` is used\n- - Fixed selection of custom virtual environments in job template creation\n- - Fixed websockets for job details to properly work\n- - Fixed the ``/api/v2/authtoken`` compatibility shim\n- - Fixed page size selection on the jobs screen\n- - Fixed instances in an instance group to properly be disabled in the user\ninterface\n- - Fixed the job template selection in workflow creation to properly render\n- - Fixed ``member_attr`` to properly set on some LDAP configurations during\nupgrade, preventing login\n- - Fixed ``PosixUIDGroupType`` LDAP configurations\n- - Improved the RAM requirement in the installer preflight check\n- - Updated Tower to properly report an error when relaunch was used on a set\nof failed hosts that is too large\n- - Updated sosreport configuration to gather more python environment, nginx,\nand supervisor configuration\n- - Fixed display of extra_vars for scheduled jobs\n\n3. Solution:\n\nThe Ansible Tower Upgrade and Migration Guide is available at:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. ==========================================================================\nUbuntu Security Notice USN-3611-2\nApril 17, 2018\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This update provides\nthe corresponding update for Ubuntu 12.04 ESM. (CVE-2017-3735)\n\n It was discovered that OpenSSL incorrectly handled certain ASN.1\n types. A remote attacker could possibly use this issue to cause a\n denial of service. (CVE-2018-0739)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n  libssl1.0.0                     1.0.1-4ubuntu5.40\n  openssl                         1.0.1-4ubuntu5.40\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update\n2017-002 Sierra, and Security Update 2017-005 El Capitan\n\nmacOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and\nSecurity Update 2017-005 El Capitan are now available and address\nthe following:\n\napache\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: Processing a maliciously crafted Apache configuration\ndirective may result in the disclosure of process memory\nDescription: Multiple issues were addressed by updating to\nversion 2.4.28. \nCVE-2017-9798\n\ncurl\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: Malicious FTP servers may be able to cause the client to read\nout-of-bounds memory\nDescription: An out-of-bounds read issue existed in the FTP PWD\nresponse parsing. This issue was addressed with improved bounds\nchecking. \nCVE-2017-1000254: Max Dymond\n\nDirectory Utility\nAvailable for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1\nNot impacted: macOS Sierra 10.12.6 and earlier\nImpact: An attacker may be able to bypass administrator\nauthentication without supplying the administrator\u0027s password\nDescription: A logic error existed in the validation of credentials. \nThis was addressed with improved credential validation. \nCVE-2017-13872\n\nIntel Graphics Driver\nAvailable for: macOS High Sierra 10.13.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13883: an anonymous researcher\n\nIntel Graphics Driver\nAvailable for: macOS High Sierra 10.13.1\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2017-13878: Ian Beer of Google Project Zero\n\nIntel Graphics Driver\nAvailable for: macOS High Sierra 10.13.1\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2017-13875: Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)\nof SoftSec, KAIST (softsec.kaist.ac.kr)\n\nIOKit\nAvailable for: macOS High Sierra 10.13.1\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: An input validation issue existed in the kernel. This\nissue was addressed through improved input validation. \nCVE-2017-13848: Alex Plaskett of MWR InfoSecurity\nCVE-2017-13858: an anonymous researcher\n\nIOKit\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: Multiple memory corruption issues were addressed through\nimproved state management. \nCVE-2017-13847: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13862: Apple\n\nKernel\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2017-13833: Brandon Azad\n\nKernel\nAvailable for: macOS High Sierra 10.13.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13876: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2017-13855: Jann Horn of Google Project Zero\n\nKernel\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13867: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS High Sierra 10.13.1\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13865: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13868: Brandon Azad\nCVE-2017-13869: Jann Horn of Google Project Zero\n\nMail\nAvailable for: macOS High Sierra 10.13.1\nImpact: A S/MIME encrypted email may be inadvertently sent\nunencrypted if the receiver\u0027s S/MIME certificate is not installed\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-13871: an anonymous researcher\n\nMail Drafts\nAvailable for: macOS High Sierra 10.13.1\nImpact: An attacker with a privileged network position may be able to\nintercept mail\nDescription: An encryption issue existed with S/MIME credetials. The\nissue was addressed with additional checks and user control. \nCVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH\n\nOpenSSL\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read issue existed in\nX.509 IPAddressFamily parsing. This issue was addressed with improved\nbounds checking. \nCVE-2017-3735: found by OSS-Fuzz\n\nScreen Sharing Server\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6\nImpact: A user with screen sharing access may be able to access any\nfile readable by root\nDescription: A permissions issue existed in the handling of screen\nsharing sessions. This issue was addressed with improved permissions\nhandling. \nCVE-2017-13826: Trevor Jacques of Toronto\n\nInstallation note:\n\nmacOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and\nSecurity Update 2017-005 El Capitan may be obtained from the\nMac App Store or Apple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7\nBub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb\nGkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK\nNYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX\nYwaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv\nz0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ\noSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq\nxBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp\n4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj\n5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf\nBuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+\nioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=\n=2VBd\n-----END PGP SIGNATURE-----\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2018:3221-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2018:3221\nIssue date:        2018-10-30\nCVE Names:         CVE-2017-3735 CVE-2018-0495 CVE-2018-0732 \n                   CVE-2018-0737 CVE-2018-0739 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries\n(CVE-2018-0495)\n\n* openssl: Malicious server can send large prime to client during DH(E) TLS\nhandshake causing the client to hang (CVE-2018-0732)\n\n* openssl: Handling of crafted recursive ASN.1 structures can cause a stack\noverflow and resulting denial of service (CVE-2018-0739)\n\n* openssl: Malformed X.509 IPAdressFamily could cause OOB read\n(CVE-2017-3735)\n\n* openssl: RSA key generation cache timing vulnerability in\ncrypto/rsa/rsa_gen.c allows attackers to recover private keys\n(CVE-2018-0737)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1486144 - CVE-2017-3735 openssl: Malformed X.509 IPAdressFamily could cause OOB read\n1548401 - modify X509_NAME comparison function to be case sensitive for CA name lists in SSL\n1561266 - CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service\n1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys\n1585004 - ppc64le opensslconf.h is incompatible with swig\n1591100 - CVE-2018-0732 openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang\n1591163 - CVE-2018-0495 openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries\n1603597 - Confusing error message when asking for invalid DSA parameter sizes in FIPS mode\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7.i686.rpm\nopenssl-libs-1.0.2k-16.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7.i686.rpm\nopenssl-devel-1.0.2k-16.el7.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7.x86_64.rpm\nopenssl-static-1.0.2k-16.el7.i686.rpm\nopenssl-static-1.0.2k-16.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7.i686.rpm\nopenssl-libs-1.0.2k-16.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7.i686.rpm\nopenssl-devel-1.0.2k-16.el7.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7.x86_64.rpm\nopenssl-static-1.0.2k-16.el7.i686.rpm\nopenssl-static-1.0.2k-16.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7.src.rpm\n\nppc64:\nopenssl-1.0.2k-16.el7.ppc64.rpm\nopenssl-debuginfo-1.0.2k-16.el7.ppc.rpm\nopenssl-debuginfo-1.0.2k-16.el7.ppc64.rpm\nopenssl-devel-1.0.2k-16.el7.ppc.rpm\nopenssl-devel-1.0.2k-16.el7.ppc64.rpm\nopenssl-libs-1.0.2k-16.el7.ppc.rpm\nopenssl-libs-1.0.2k-16.el7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.2k-16.el7.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-16.el7.ppc64le.rpm\nopenssl-devel-1.0.2k-16.el7.ppc64le.rpm\nopenssl-libs-1.0.2k-16.el7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-16.el7.s390x.rpm\nopenssl-debuginfo-1.0.2k-16.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7.s390x.rpm\nopenssl-devel-1.0.2k-16.el7.s390.rpm\nopenssl-devel-1.0.2k-16.el7.s390x.rpm\nopenssl-libs-1.0.2k-16.el7.s390.rpm\nopenssl-libs-1.0.2k-16.el7.s390x.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7.i686.rpm\nopenssl-devel-1.0.2k-16.el7.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7.i686.rpm\nopenssl-libs-1.0.2k-16.el7.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7.src.rpm\n\naarch64:\nopenssl-1.0.2k-16.el7.aarch64.rpm\nopenssl-debuginfo-1.0.2k-16.el7.aarch64.rpm\nopenssl-devel-1.0.2k-16.el7.aarch64.rpm\nopenssl-libs-1.0.2k-16.el7.aarch64.rpm\n\nppc64le:\nopenssl-1.0.2k-16.el7.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-16.el7.ppc64le.rpm\nopenssl-devel-1.0.2k-16.el7.ppc64le.rpm\nopenssl-libs-1.0.2k-16.el7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-16.el7.s390x.rpm\nopenssl-debuginfo-1.0.2k-16.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7.s390x.rpm\nopenssl-devel-1.0.2k-16.el7.s390.rpm\nopenssl-devel-1.0.2k-16.el7.s390x.rpm\nopenssl-libs-1.0.2k-16.el7.s390.rpm\nopenssl-libs-1.0.2k-16.el7.s390x.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.2k-16.el7.aarch64.rpm\nopenssl-perl-1.0.2k-16.el7.aarch64.rpm\nopenssl-static-1.0.2k-16.el7.aarch64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-16.el7.ppc64le.rpm\nopenssl-perl-1.0.2k-16.el7.ppc64le.rpm\nopenssl-static-1.0.2k-16.el7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-16.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7.s390x.rpm\nopenssl-perl-1.0.2k-16.el7.s390x.rpm\nopenssl-static-1.0.2k-16.el7.s390.rpm\nopenssl-static-1.0.2k-16.el7.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.2k-16.el7.ppc.rpm\nopenssl-debuginfo-1.0.2k-16.el7.ppc64.rpm\nopenssl-perl-1.0.2k-16.el7.ppc64.rpm\nopenssl-static-1.0.2k-16.el7.ppc.rpm\nopenssl-static-1.0.2k-16.el7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-16.el7.ppc64le.rpm\nopenssl-perl-1.0.2k-16.el7.ppc64le.rpm\nopenssl-static-1.0.2k-16.el7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-16.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7.s390x.rpm\nopenssl-perl-1.0.2k-16.el7.s390x.rpm\nopenssl-static-1.0.2k-16.el7.s390.rpm\nopenssl-static-1.0.2k-16.el7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7.x86_64.rpm\nopenssl-static-1.0.2k-16.el7.i686.rpm\nopenssl-static-1.0.2k-16.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7.i686.rpm\nopenssl-devel-1.0.2k-16.el7.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7.i686.rpm\nopenssl-libs-1.0.2k-16.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7.x86_64.rpm\nopenssl-static-1.0.2k-16.el7.i686.rpm\nopenssl-static-1.0.2k-16.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-3735\nhttps://access.redhat.com/security/cve/CVE-2018-0495\nhttps://access.redhat.com/security/cve/CVE-2018-0732\nhttps://access.redhat.com/security/cve/CVE-2018-0737\nhttps://access.redhat.com/security/cve/CVE-2018-0739\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW9gQkdzjgjWX9erEAQgQZQ/8CfvagNmJ9p3eWlbk5NOClhF4mxZjzHUc\nj8kOWrBXKt+VsCknJJTwKOkzrljUJ/XgHo4vu/G9F6O3Oj62roWmW5OJKtlmD3xl\nVOhUNNmWalVsQ1i1CgI7Khf2Xq9SaMnCaTDpoTamAAznrcj7T2AGABIzPeK0+WL7\nGctOtuZoC04CSUbg4z3I6KWYZAh9Id6qbYLcMYSNbTGW7FKl15GOQsu2atwwoWhg\n9BA6QhEULWiob/MWcGIrZZl3Bqm2cngC+FhxklsWJ9BC0zRsCJZROBg2eYVCwW78\nZwXiS5rQCSNkmGO4GK239aSyjMmtwrZBzfLsFXz1Enp7kKle6EqnA655p4cu78I8\nHXxmBOceOq7NlG3Zz4PKafmkqZMHoriIxGDgGYWxMBb2Tdk7ZerhsaA1fW9dDPIZ\nzNxF0LngoaZbu49DKv/Doiqcs9nsyvoYpBMeALAM1hAZRhk7o31HJS9i7O/YzuWc\nuL7wgtQRgyxtFXaRlleWU8pWsTx9NtpvtPiMJQzkw19UX3El5DQv+8x+hNholuZa\npfA9UWrhLfYVk0ZZRzI9pYgpsEJ9Ga3TgykpM048V4+84KVDRkkLHxGM1p3rvX01\neCRYyB0VzbFhKwxdyRniBITh3e2+uaYkG7zYSX+ewXu2rOTN8uLrK87rHDliQnvS\nnuWE/iwTIDU=\n=jMog\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. This issue only applied to Ubuntu 16.04\nLTS, Ubuntu 16.10 and Ubuntu 17.04. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201712-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 14, 2017\n     Bugs: #629290, #636264, #640172\n       ID: 201712-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nmay lead to a Denial of Service condition. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2n                  \u003e= 1.0.2n\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe referenced CVE identifiers for details. \n\nImpact\n======\n\nA remote attacker could cause a Denial of Service condition, recover a\nprivate key in unlikely circumstances, circumvent security restrictions\nto perform unauthorized actions, or gain access to sensitive\ninformation. \n\nWorkaround\n==========\n\nThere are no known workarounds at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2n\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-3735\n      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3735\n[ 2 ] CVE-2017-3736\n      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3736\n[ 3 ] CVE-2017-3737\n      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3737\n[ 4 ] CVE-2017-3738\n      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3738\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201712-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--IrEhWFjxIJsFtqH1v1HHQsLm3nLmhNeP4--\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3735"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007691"
      },
      {
        "db": "BID",
        "id": "100515"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3735"
      },
      {
        "db": "PACKETSTORM",
        "id": "150193"
      },
      {
        "db": "PACKETSTORM",
        "id": "147233"
      },
      {
        "db": "PACKETSTORM",
        "id": "145270"
      },
      {
        "db": "PACKETSTORM",
        "id": "150049"
      },
      {
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "db": "PACKETSTORM",
        "id": "145423"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3735",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "100515",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1039726",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2017-15",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2017-14",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-024-02",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007691",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1967",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4645",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0798",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2267",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0095",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2536",
        "trust": 0.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10990",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1172",
        "trust": 0.6
      },
      {
        "db": "MCAFEE",
        "id": "SB10211",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3735",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150193",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "147233",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145270",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150049",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "144899",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145423",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3735"
      },
      {
        "db": "BID",
        "id": "100515"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007691"
      },
      {
        "db": "PACKETSTORM",
        "id": "150193"
      },
      {
        "db": "PACKETSTORM",
        "id": "147233"
      },
      {
        "db": "PACKETSTORM",
        "id": "145270"
      },
      {
        "db": "PACKETSTORM",
        "id": "150049"
      },
      {
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "db": "PACKETSTORM",
        "id": "145423"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1172"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3735"
      }
    ]
  },
  "id": "VAR-201708-1311",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.11111111
  },
  "last_update_date": "2022-05-05T07:01:50.040000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20170828.txt"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74447"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2019/02/11/phoenix_switch_flaws/"
      },
      {
        "title": "Red Hat: Moderate: openssl security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183221 - security advisory"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3475-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3611-2"
      },
      {
        "title": "Debian Security Advisories: DSA-4017-1 openssl1.0 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c59b0b63bafaa6def9e5da50acf68ca8"
      },
      {
        "title": "Debian Security Advisories: DSA-4018-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ac7ab332aa094dcdde4da9f7cb2a19f1"
      },
      {
        "title": "Red Hat: CVE-2017-3735",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-3735"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2018-0732, CVE-2018-0739, CVE-2017-3735)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=51b3583e976e4985408312c607116f9d"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects Power Hardware Management Console",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c5bef9c9c0b7083c0a7333444658c6c0"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-3735"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2018-1102",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-1102"
      },
      {
        "title": "Symantec Security Advisories: SA157: OpenSSL Vulnerabilities 28-Aug-2017 and 2-Nov-2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=7d613a491eb4632d0bd09811cbeaee1e"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201712-9] openssl-1.0: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201712-9"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201711-14] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201711-14"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201711-15] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201711-15"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201712-11] lib32-openssl-1.0: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201712-11"
      },
      {
        "title": "Red Hat: Critical: Red Hat Ansible Tower 3.3.1-2 Release - Container Image",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183505 - security advisory"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2018-1102",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2018-1102"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus 6.11.3 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2017-15"
      },
      {
        "title": "Brocade Security Advisories: BSA-2017-426",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=54471d90bb958ec54738385d1e0df724"
      },
      {
        "title": "Tenable Security Advisories: [R1] SecurityCenter 5.6.0.1 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2017-14"
      },
      {
        "title": "Apple: macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=cc1324af84bd22e484cbe183e71a45d0"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Access Manager Appliance",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a0291f848728c4e1a69043ce8e1fd54d"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Access Manager Appliance",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1519a5f830589c3bab8a20f4163374ae"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=204a1aa9ebf7b5f47151e8b011269862"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=9cb9a8ed428c6faca615e91d2f1a216d"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=72fe5ebf222112c8481815fd7cefc7af"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8580d3cd770371e2ef0f68ca624b80b0"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "core-kit",
        "trust": 0.1,
        "url": "https://github.com/funtoo/core-kit "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3735"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1172"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007691"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3735"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/100515"
      },
      {
        "trust": 2.0,
        "url": "https://www.openssl.org/news/secadv/20170828.txt"
      },
      {
        "trust": 2.0,
        "url": "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/errata/rhsa-2018:3221"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201712-03"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:3505"
      },
      {
        "trust": 1.7,
        "url": "https://www.openssl.org/news/secadv/20171102.txt"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2017/dsa-4018"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2017/dsa-4017"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20171107-0002/"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20170927-0001/"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1039726"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2017-14"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-17:11.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2017-15"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht208331"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "https://usn.ubuntu.com/3611-2/"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3735"
      },
      {
        "trust": 1.0,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3735"
      },
      {
        "trust": 0.8,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-19-024-02"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887987"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887995"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887989"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887985"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887991"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10888379"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10886247"
      },
      {
        "trust": 0.6,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10990"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2536/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/77010"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10794451"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10886247"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2267/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10887987"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0095/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.1967/"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10888379"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2017-3735"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/openssl/openssl/pull/4276"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486144"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html#y2016"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10211"
      },
      {
        "trust": 0.3,
        "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa157"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory24.asc"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0739"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-0495"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-0739"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-0737"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-0732"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0495"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0732"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3736"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3475-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-024-02"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=56174"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13988"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14682"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14681"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1060"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14680"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14679"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-13988"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1061"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12384"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-1000050"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-9396"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000050"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-10846"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10768"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1061"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14680"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17456"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1000805"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10767"
      },
      {
        "trust": 0.1,
        "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-12910"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-10768"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10845"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1060"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9262"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-10767"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000805"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10844"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-10845"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16837"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-17456"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10846"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-12384"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-9262"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14679"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-18267"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-10733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18267"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12910"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14681"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14682"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-10844"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9396"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3611-1"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3611-2"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13860"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13869"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13875"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13878"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13867"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13855"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13858"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13868"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13872"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13826"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9798"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13844"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13848"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000254"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13847"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13862"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13883"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13871"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.9"
      },
      {
        "trust": 0.1,
        "url": "https://www.ubuntu.com/usn/usn-3475-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.23"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu11.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu13.2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3737"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3737"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3738"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3735"
      },
      {
        "db": "BID",
        "id": "100515"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007691"
      },
      {
        "db": "PACKETSTORM",
        "id": "150193"
      },
      {
        "db": "PACKETSTORM",
        "id": "147233"
      },
      {
        "db": "PACKETSTORM",
        "id": "145270"
      },
      {
        "db": "PACKETSTORM",
        "id": "150049"
      },
      {
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "db": "PACKETSTORM",
        "id": "145423"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1172"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3735"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3735"
      },
      {
        "db": "BID",
        "id": "100515"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007691"
      },
      {
        "db": "PACKETSTORM",
        "id": "150193"
      },
      {
        "db": "PACKETSTORM",
        "id": "147233"
      },
      {
        "db": "PACKETSTORM",
        "id": "145270"
      },
      {
        "db": "PACKETSTORM",
        "id": "150049"
      },
      {
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "db": "PACKETSTORM",
        "id": "145423"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1172"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3735"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3735"
      },
      {
        "date": "2017-08-28T00:00:00",
        "db": "BID",
        "id": "100515"
      },
      {
        "date": "2017-09-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007691"
      },
      {
        "date": "2018-11-06T21:04:36",
        "db": "PACKETSTORM",
        "id": "150193"
      },
      {
        "date": "2018-04-18T20:05:17",
        "db": "PACKETSTORM",
        "id": "147233"
      },
      {
        "date": "2017-12-08T10:11:11",
        "db": "PACKETSTORM",
        "id": "145270"
      },
      {
        "date": "2018-10-31T00:56:45",
        "db": "PACKETSTORM",
        "id": "150049"
      },
      {
        "date": "2017-11-06T22:24:00",
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "date": "2017-12-15T14:15:17",
        "db": "PACKETSTORM",
        "id": "145423"
      },
      {
        "date": "2017-08-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-1172"
      },
      {
        "date": "2017-08-28T19:29:00",
        "db": "NVD",
        "id": "CVE-2017-3735"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3735"
      },
      {
        "date": "2018-01-18T06:00:00",
        "db": "BID",
        "id": "100515"
      },
      {
        "date": "2019-07-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007691"
      },
      {
        "date": "2022-03-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-1172"
      },
      {
        "date": "2021-07-20T23:15:00",
        "db": "NVD",
        "id": "CVE-2017-3735"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1172"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Vulnerabilities in incorrect certificate text",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007691"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1172"
      }
    ],
    "trust": 0.6
  }
}

var-201609-0348
Vulnerability from variot

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. OpenSSL of crypto/mdc2/mdc2dgst.c of MDC2_Update The function contains an integer overflow vulnerability. Supplementary information : CWE Vulnerability type by CWE-787: Out-of-bounds Write ( Out-of-bounds writing ) Has been identified. http://cwe.mitre.org/data/definitions/787.htmlService disruption by a third party ( Out-of-bounds writes and application crashes ) There is a possibility of being affected unspecified, such as being in a state. OpenSSL is prone to an integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. OpenSSL versions prior to 1.1.0 are affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-12-13-1 macOS 10.12.2

macOS 10.12.2 is now available and addresses the following:

apache_mod_php Available for: macOS Sierra 10.12.1 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: Multiple issues existed in PHP before 5.6.26. These were addressed by updating PHP to version 5.6.26. CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418

AppleGraphicsPowerManagement Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7609: daybreaker@Minionz working with Trend Micro's Zero Day Initiative

Assets Available for: macOS Sierra 10.12.1 Impact: A local attacker may modify downloaded mobile assets Description: A permissions issue existed in mobile assets. This issue was addressed through improved access restrictions. CVE-2016-7628: an anonymous researcher

Audio Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent CVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent

Bluetooth Available for: macOS Sierra 10.12.1, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7596: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group

Bluetooth Available for: macOS Sierra 10.12.1 Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7605: daybreaker of Minionz

Bluetooth Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with system privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-7617: Radu Motspan working with Trend Micro's Zero Day Initiative, Ian Beer of Google Project Zero

CoreCapture Available for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved state management. CVE-2016-7604: daybreaker of Minionz

CoreFoundation Available for: macOS Sierra 10.12.1 Impact: Processing malicious strings may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of strings. This issue was addressed through improved bounds checking. CVE-2016-7663: an anonymous researcher

CoreGraphics Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to unexpected application termination Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7627: TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM

CoreMedia External Displays Available for: macOS Sierra 10.12.1 Impact: A local application may be able to execute arbitrary code in the context of the mediaserver daemon Description: A type confusion issue was addressed through improved memory handling. CVE-2016-7655: Keen Lab working with Trend Micro's Zero Day Initiative

CoreMedia Playback Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted .mp4 file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7588: dragonltx of Huawei 2012 Laboratories

CoreStorage Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7603: daybreaker@Minionz working with Trend Micro's Zero Day Initiative

CoreText Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-2016-7595: riusksk(ae3aY=) of Tencent Security Platform Department

curl Available for: macOS Sierra 10.12.1 Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0. CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625

Directory Services Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7633: Ian Beer of Google Project Zero

Disk Images Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day Initiative

FontParser Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-2016-4691: riusksk(ae3aY=) of Tencent Security Platform Department

FontParser Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2016-4688: Simon Huang of Alipay company, thelongestusernameofall@gmail.com

Foundation Available for: macOS Sierra 10.12.1 Impact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7618: riusksk(ae3aY=) of Tencent Security Platform Department

Grapher Available for: macOS Sierra 10.12.1 Impact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7622: riusksk(ae3aY=) of Tencent Security Platform Department

ICU Available for: macOS Sierra 10.12.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7594: AndrA(c) Bargull

ImageIO Available for: macOS Sierra 10.12.1 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team

Intel Graphics Driver Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7602: daybreaker@Minionz working with Trend Micro's Zero Day Initiative

IOAcceleratorFamily Available for: macOS Sierra 10.12.1 Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling. CVE-2016-7624 : Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative

IOFireWireFamily Available for: macOS Sierra 10.12.1 Impact: A local attacker may be able to read kernel memory Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7608: Brandon Azad

IOHIDFamily Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-1823: Ian Beer of Google Project Zero

IOHIDFamily Available for: macOS Sierra 10.12.1 Impact: A local application with system privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7591: daybreaker of Minionz

IOKit Available for: macOS Sierra 10.12.1 Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling. CVE-2016-7625: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative

IOKit Available for: macOS Sierra 10.12.1 Impact: An application may be able to read kernel memory Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7657: Keen Lab working with Trend Micro's Zero Day Initiative

IOSurface Available for: macOS Sierra 10.12.1 Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling. CVE-2016-7620: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative

Kernel Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com) CVE-2016-7612: Ian Beer of Google Project Zero

Kernel Available for: macOS Sierra 10.12.1 Impact: An application may be able to read kernel memory Description: An insufficient initialization issue was addressed by properly initializing memory returned to user space. CVE-2016-7607: Brandon Azad

Kernel Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause a system denial of service Description: A denial of service issue was addressed through improved memory handling. CVE-2016-7615: The UK's National Cyber Security Centre (NCSC)

Kernel Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A use after free issue was addressed through improved memory management. CVE-2016-7621: Ian Beer of Google Project Zero

Kernel Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7637: Ian Beer of Google Project Zero

Kernel Available for: macOS Sierra 10.12.1 Impact: A local application with system privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7644: Ian Beer of Google Project Zero

kext tools Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7629: @cocoahuke

libarchive Available for: macOS Sierra 10.12.1 Impact: A local attacker may be able to overwrite existing files Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks. CVE-2016-7619: an anonymous researcher

LibreSSL Available for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling. CVE-2016-6304

OpenLDAP Available for: macOS Sierra 10.12.1 Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: RC4 was removed as a default cipher. CVE-2016-1777: Pepi Zawodsky

OpenPAM Available for: macOS Sierra 10.12.1 Impact: A local unprivileged user may gain access to privileged applications Description: PAM authentication within sandboxed applications failed insecurely. This was addressed with improved error handling. This issue was addressed through improved input validation. CVE-2016-6303

OpenSSL Available for: macOS Sierra 10.12.1 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling. CVE-2016-6304

Power Management Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: An issue in mach port name references was addressed through improved validation. CVE-2016-7661: Ian Beer of Google Project Zero

Security Available for: macOS Sierra 10.12.1 Impact: An attacker may be able to exploit weaknesses in the 3DES cryptographic algorithm Description: 3DES was removed as a default cipher. CVE-2016-4693: GaA<<tan Leurent and Karthikeyan Bhargavan from INRIA Paris

Security Available for: macOS Sierra 10.12.1 Impact: An attacker in a privileged network position may be able to cause a denial of service Description: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate. CVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)

Security Available for: macOS Sierra 10.12.1 Impact: Certificates may be unexpectedly evaluated as trusted Description: A certificate evaluation issue existed in certificate validation. This issue was addressed through additional validation of certificates. CVE-2016-7662: Apple

syslog Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: An issue in mach port name references was addressed through improved validation. CVE-2016-7660: Ian Beer of Google Project Zero

macOS 10.12.2 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJYT7LKAAoJEIOj74w0bLRGfKwQAN3nnwHgJNE+obIjTzpTHLlh mMQYstsO8Mcj4hjIgTCHuQr1tDldva0IZEivoYAbyXAgM9xKlIbpqBQ5TE94l3nl xTTeVqtozCCdRT36mphvwhPEp38lvclUU1IGxyvP6ieK0dHUKS8LhL9MpnaOinrX UhSiXkMs9tTZI5SgkumzBmg10oOwDnMvZDrwTcxe9vjU26V9S7+VpfsguefwDSLE fHYX4KksoEUZuDdUBrfX2+03QbqYxBjQR9IRdpcX56laq1TGUMTKwkTi9DxJlByP SJl3uvVhqWf1UkYH6x5N/gC9lXq5QO6L7W3W2rRqTtgr2UMPZsBuf0srK/lFmPvC c63thvcZyPk0cDcE7k0ZmlJx+7ihFIiPKdGwLoX5Rl6Zr29Wh9aGKhzUUYO12PUh +x18HRwXxvSv9TXAUYQu5hD48SuhUiMEBO8Qq7Z8XPFEUSJXY2AjGjai9mJYNfC4 OELKPPvYnNSd3m8YGvWY8gWgwyRP0es6U3d5rGatEpA1qcIFmUrHFhpvveL6SRSY xPQgjB/aohg/fDf3jDO1kjR7+v83B+ObbCr8MOgqGNtG3GqOimMOa8XuSMbV7+3u 0kivBY8fxYdBy0pXDdBgv+AHaTue+wgP5tQXFiAxm61Fv+uz/yvR22uaJ39P5cJf msyz+/zQNISkly6K0VBO =0QW0 -----END PGP SIGNATURE-----

. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/

CVE-2016-2178

Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.

CVE-2016-2179 / CVE-2016-2181

Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4.

For the unstable distribution (sid), these problems will be fixed soon. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016

openssl regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

USN-3087-1 introduced a regression in OpenSSL.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.

We apologize for the inconvenience. (CVE-2016-6304) Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2179) Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio() function. (CVE-2016-2180) It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves DES from the HIGH cipher list to MEDIUM. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6302) Shi Lei discovered that OpenSSL incorrectly handled memory in the MDC2_Update() function. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38

After a standard system update you need to reboot your computer to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-3087-2 http://www.ubuntu.com/usn/usn-3087-1 https://launchpad.net/bugs/1626883

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38

. OpenSSL Security Advisory [22 Sep 2016] ========================================

OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

Severity: High

A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.

Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.

OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

SSL_peek() hang on empty record (CVE-2016-6305)

Severity: Moderate

OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.

SWEET32 Mitigation (CVE-2016-2183)

Severity: Low

SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.

OOB write in MDC2_Update() (CVE-2016-6303)

Severity: Low

An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.

The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Malformed SHA512 ticket DoS (CVE-2016-6302)

Severity: Low

If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.

The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB write in BN_bn2dec() (CVE-2016-2182)

Severity: Low

The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB read in TS_OBJ_print_bio() (CVE-2016-2180)

Severity: Low

The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Pointer arithmetic undefined behaviour (CVE-2016-2177)

Severity: Low

Avoid some undefined pointer arithmetic

A common idiom in the codebase is to check limits in the following manner: "p + len > limit"

Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS message).

The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.

For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

Constant time flag not preserved in DSA signing (CVE-2016-2178)

Severity: Low

Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.

DTLS buffered message DoS (CVE-2016-2179)

Severity: Low

In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.

DTLS replay protection DoS (CVE-2016-2181)

Severity: Low

A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.

Certificate message OOB reads (CVE-2016-6306)

Severity: Low

In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.

The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)

Severity: Low

A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect DTLS users.

OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)

Severity: Low

This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.

A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect TLS users.

OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0348",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.16"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1t"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "node.js",
        "scope": null,
        "trust": 0.8,
        "vendor": "node js",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "(linux edition )"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "sg3600 all series"
      },
      {
        "model": "ix1000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard v8.2 to  v9.4"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v8.5"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "node.js",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nodejs",
        "version": "6.6.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "webex centers t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13150-13"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "project openssl 0.9.8zg",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series blade switches 4.1 e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "project openssl 1.0.2i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "stealthwatch management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment 5.1.fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.2"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.5"
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "industrial router 1.2.1rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.14"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches standalone nx-os mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches standalone nx-os mode 7.0 i5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.26"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0.0"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.11"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.1.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.9"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.8"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "policycenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2"
      },
      {
        "model": "telepresence sx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0.1"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8200"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.9"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "unified communications manager im \u0026 presence service (formerly c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.20"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.1.3"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0.7"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.11"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "partner support service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.9"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "email gateway 7.6.2h968406",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.8"
      },
      {
        "model": "webex meetings client on-premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6(1)"
      },
      {
        "model": "services provisioning platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "nac appliance clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.405"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "services provisioning platform sfp1.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.8"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.5"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "jabber for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.4"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.9"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.1.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3.8"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.10"
      },
      {
        "model": "stealthwatch identity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2(1)"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.1"
      },
      {
        "model": "unified workforce optimization quality management solution 11.5 su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "universal small cell iuh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.2"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "jabber client framework components",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "webex meetings client on-premises t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dcm series d9900 digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.19"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.4"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "prime network services controller 1.01u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.12"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.10"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103204.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.1.0"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.5(3)"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.19"
      },
      {
        "model": "nexus series blade switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.0.0"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-376.1"
      },
      {
        "model": "jabber for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "telepresence profile series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1.0.0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.10"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.28"
      },
      {
        "model": "edge digital media player 1.6rb5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.12"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "telepresence isdn gateway mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.6.1.0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wireless lan controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.3"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.5.0"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.33"
      },
      {
        "model": "telepresence mx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.11"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.23"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.401"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.7"
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.1"
      },
      {
        "model": "tandberg codian isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway 7.6.405h1165239",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.9"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9.0"
      },
      {
        "model": "digital media manager 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.4.0"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.2"
      },
      {
        "model": "project openssl 1.0.1t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.7"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.19"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "webex meetings server multimedia platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified ip conference phone 10.3.1sr4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.5"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "series stackable managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.3.0"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.0.2"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.11"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.0.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "aironet series access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27000"
      },
      {
        "model": "onepk all-in-one virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.6.0.1"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13006.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.7.0.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11006.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "telepresence sx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl 1.0.1u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nac appliance clean access server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.0.1"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.1"
      },
      {
        "model": "prime optical for service providers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart care",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.6.0"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "edge digital media player 1.2rb1.0.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "340"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "network performance analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.19"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.5"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82.8"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.7"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.7"
      },
      {
        "model": "telepresence integrator c series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.9"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "content security management appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.140"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.8"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.14"
      },
      {
        "model": "jabber client framework components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4"
      },
      {
        "model": "unified sip proxy software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8."
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.403"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "unified sip proxy software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.3"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "telepresence server and mse",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087104.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.6"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "ucs series and series fabric interconnects",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "620063000"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.6.0.0"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.1"
      },
      {
        "model": "netflow generation appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(1)"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.6"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.11"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.28"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.2.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.9"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.29"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.18"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.2.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "prime infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zh",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "tuxedo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1.0"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103200"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.24"
      },
      {
        "model": "content security appliance update servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "videoscape anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.7.2"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.3"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.9"
      },
      {
        "model": "macos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "universal small cell iuh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1.1"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.2"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.4"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-326.1"
      },
      {
        "model": "unity express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.8"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.15"
      },
      {
        "model": "small business series managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10006.1"
      },
      {
        "model": "telepresence isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "series smart plus switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2200"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.21"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.3.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zf",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.15.17.3.14"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0x"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "telepresence system series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30006.1"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.13"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.12"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.9"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.6.0.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.32"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.9"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "mds series multilayer switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-3.0"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "project openssl 1.0.0t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.1"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.2.0"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart net total care local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.12"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.8.9"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "prime performance manager sp1611",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "packetshaper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2"
      },
      {
        "model": "unified ip phone 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.23"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.10"
      },
      {
        "model": "telepresence server and mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087100"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.19"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270015.5(3)"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.30"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.4"
      },
      {
        "model": "spectrum control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.11"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "digital media manager 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified workforce optimization quality management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence integrator c series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.13"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "cloud object storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.5"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.4"
      },
      {
        "model": "project openssl",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.4"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7.0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47100"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x0"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime infrastructure plug and play standalone gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.6"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.19"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.3"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.0"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4.1"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.8"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5(1.89)"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.003(002)"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.31"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8204.4"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.3"
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.13"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.400"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "prime network",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "431"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.14"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.26"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "network analysis module 6.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system ex series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mxe series media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "ip series phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.27"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.17"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.18"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2.0.0"
      },
      {
        "model": "unified meetingplace 8.6mr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.406-3402.103"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.9"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "spa525g 5-line ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.0"
      },
      {
        "model": "secure access control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "unified ip conference phone for third-party call control 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.6"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway 7.6.405h1157986",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.23"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client hosted t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.15"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.2"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1.30"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.4.1.5.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.13"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.402"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "92984"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004782"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6303"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-320"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.12.16",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.6.0",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.6.0",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6303"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-320"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-6303",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-6303",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-6303",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6303",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201609-320",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-6303",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004782"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6303"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-320"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. OpenSSL of crypto/mdc2/mdc2dgst.c of MDC2_Update The function contains an integer overflow vulnerability. Supplementary information : CWE Vulnerability type by CWE-787: Out-of-bounds Write ( Out-of-bounds writing ) Has been identified. http://cwe.mitre.org/data/definitions/787.htmlService disruption by a third party ( Out-of-bounds writes and application crashes ) There is a possibility of being affected unspecified, such as being in a state. OpenSSL is prone to an integer-overflow vulnerability. \nAn attacker can exploit this issue to execute arbitrary code in the  context of the user running the affected application. Failed exploit  attempts will likely result in denial-of-service conditions. \nOpenSSL versions prior to 1.1.0 are affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-12-13-1 macOS 10.12.2\n\nmacOS 10.12.2 is now available and addresses the following:\n\napache_mod_php\nAvailable for:  macOS Sierra 10.12.1\nImpact: A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription: Multiple issues existed in PHP before 5.6.26. These were\naddressed by updating PHP to version 5.6.26. \nCVE-2016-7411\nCVE-2016-7412\nCVE-2016-7413\nCVE-2016-7414\nCVE-2016-7416\nCVE-2016-7417\nCVE-2016-7418\n\nAppleGraphicsPowerManagement\nAvailable for:  macOS Sierra 10.12.1\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-7609: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nAssets\nAvailable for:  macOS Sierra 10.12.1\nImpact: A local attacker may modify downloaded mobile assets\nDescription: A permissions issue existed in mobile assets. This issue\nwas addressed through improved access restrictions. \nCVE-2016-7628: an anonymous researcher\n\nAudio\nAvailable for:  macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent\nCVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent\n\nBluetooth\nAvailable for:  macOS Sierra 10.12.1, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-7596: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of\nSynopsys Software Integrity Group\n\nBluetooth\nAvailable for:  macOS Sierra 10.12.1\nImpact: An application may be able to cause a denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-7605: daybreaker of Minionz\n\nBluetooth\nAvailable for:  macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-7617: Radu Motspan working with Trend Micro\u0027s Zero Day\nInitiative, Ian Beer of Google Project Zero\n\nCoreCapture\nAvailable for:  macOS Sierra 10.12.1 and OS X El Capitan v10.11.6\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved state management. \nCVE-2016-7604: daybreaker of Minionz\n\nCoreFoundation\nAvailable for:  macOS Sierra 10.12.1\nImpact: Processing malicious strings may lead to an unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nstrings. This issue was addressed through improved bounds checking. \nCVE-2016-7663: an anonymous researcher\n\nCoreGraphics\nAvailable for:  macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted font file may lead to\nunexpected application termination\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-7627: TRAPMINE Inc. \u0026 Meysam Firouzi @R00tkitSMM\n\nCoreMedia External Displays\nAvailable for:  macOS Sierra 10.12.1\nImpact: A local application may be able to execute arbitrary code in\nthe context of the mediaserver daemon\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-7655: Keen Lab working with Trend Micro\u0027s Zero Day\nInitiative\n\nCoreMedia Playback\nAvailable for:  macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted .mp4 file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-7588: dragonltx of Huawei 2012 Laboratories\n\nCoreStorage\nAvailable for:  macOS Sierra 10.12.1\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-7603: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nCoreText\nAvailable for:  macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-2016-7595: riusksk(ae3aY=) of Tencent Security Platform\nDepartment\n\ncurl\nAvailable for:  macOS Sierra 10.12.1\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: Multiple issues existed in curl. These issues were\naddressed by updating to curl version 7.51.0. \nCVE-2016-5419\nCVE-2016-5420\nCVE-2016-5421\nCVE-2016-7141\nCVE-2016-7167\nCVE-2016-8615\nCVE-2016-8616\nCVE-2016-8617\nCVE-2016-8618\nCVE-2016-8619\nCVE-2016-8620\nCVE-2016-8621\nCVE-2016-8622\nCVE-2016-8623\nCVE-2016-8624\nCVE-2016-8625\n\nDirectory Services\nAvailable for:  macOS Sierra 10.12.1\nImpact: A local user may be able to gain root privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2016-7633: Ian Beer of Google Project Zero\n\nDisk Images\nAvailable for:  macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7616: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nFontParser\nAvailable for:  macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-2016-4691: riusksk(ae3aY=) of Tencent Security Platform\nDepartment\n\nFontParser\nAvailable for:  macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A buffer overflow existed in the handling of font files. \nThis issue was addressed through improved bounds checking. \nCVE-2016-4688: Simon Huang of Alipay company,\nthelongestusernameofall@gmail.com\n\nFoundation\nAvailable for:  macOS Sierra 10.12.1\nImpact: Opening a maliciously crafted .gcx file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7618: riusksk(ae3aY=) of Tencent Security Platform\nDepartment\n\nGrapher\nAvailable for:  macOS Sierra 10.12.1\nImpact: Opening a maliciously crafted .gcx file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7622: riusksk(ae3aY=) of Tencent Security Platform\nDepartment\n\nICU\nAvailable for:  macOS Sierra 10.12.1\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-7594: AndrA(c) Bargull\n\nImageIO\nAvailable for:  macOS Sierra 10.12.1\nImpact: A remote attacker may be able to leak memory\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team\n\nIntel Graphics Driver\nAvailable for:  macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7602: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nIOAcceleratorFamily\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to determine kernel memory layout\nDescription: A shared memory issue was addressed through improved\nmemory handling. \nCVE-2016-7624 : Qidan He (@flanker_hqd) from KeenLab working with\nTrend Micro\u0027s Zero Day Initiative\n\nIOFireWireFamily\nAvailable for:  macOS Sierra 10.12.1\nImpact: A local attacker may be able to read kernel memory\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-7608: Brandon Azad\n\nIOHIDFamily\nAvailable for:  macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-1823: Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for:  macOS Sierra 10.12.1\nImpact: A local application with system privileges may be able to\nexecute arbitrary code with kernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2016-7591: daybreaker of Minionz\n\nIOKit\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to determine kernel memory layout\nDescription: A shared memory issue was addressed through improved\nmemory handling. \nCVE-2016-7625: Qidan He (@flanker_hqd) from KeenLab working with\nTrend Micro\u0027s Zero Day Initiative\n\nIOKit\nAvailable for:  macOS Sierra 10.12.1\nImpact: An application may be able to read kernel memory\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7657: Keen Lab working with Trend Micro\u0027s Zero Day\nInitiative\n\nIOSurface\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to determine kernel memory layout\nDescription: A shared memory issue was addressed through improved\nmemory handling. \nCVE-2016-7620: Qidan He (@flanker_hqd) from KeenLab working with\nTrend Micro\u0027s Zero Day Initiative\n\nKernel\nAvailable for:  macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed through\nimproved input validation. \nCVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com)\nCVE-2016-7612: Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  macOS Sierra 10.12.1\nImpact: An application may be able to read kernel memory\nDescription: An insufficient initialization issue was addressed by\nproperly initializing memory returned to user space. \nCVE-2016-7607: Brandon Azad\n\nKernel\nAvailable for:  macOS Sierra 10.12.1\nImpact: A local user may be able to cause a system denial of service\nDescription: A denial of service issue was addressed through improved\nmemory handling. \nCVE-2016-7615: The UK\u0027s National Cyber Security Centre (NCSC)\n\nKernel\nAvailable for:  macOS Sierra 10.12.1\nImpact: A local user may be able to cause an unexpected system\ntermination or arbitrary code execution in the kernel\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2016-7621: Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  macOS Sierra 10.12.1\nImpact: A local user may be able to gain root privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7637: Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  macOS Sierra 10.12.1\nImpact: A local application with system privileges may be able to\nexecute arbitrary code with kernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2016-7644: Ian Beer of Google Project Zero\n\nkext tools\nAvailable for:  macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7629: @cocoahuke\n\nlibarchive\nAvailable for:  macOS Sierra 10.12.1\nImpact: A local attacker may be able to overwrite existing files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed through improved validation of symlinks. \nCVE-2016-7619: an anonymous researcher\n\nLibreSSL\nAvailable for:  macOS Sierra 10.12.1 and OS X El Capitan v10.11.6\nImpact: An attacker with a privileged network position may be able to\ncause a denial of service\nDescription: A denial of service issue in unbounded OCSP growth was\naddressed through improved memory handling. \nCVE-2016-6304\n\nOpenLDAP\nAvailable for:  macOS Sierra 10.12.1\nImpact: An attacker may be able to exploit weaknesses in the RC4\ncryptographic algorithm\nDescription: RC4 was removed as a default cipher. \nCVE-2016-1777: Pepi Zawodsky\n\nOpenPAM\nAvailable for:  macOS Sierra 10.12.1\nImpact: A local unprivileged user may gain access to privileged\napplications\nDescription: PAM authentication within sandboxed applications failed\ninsecurely. This was addressed with improved error handling. This issue\nwas addressed through improved input validation. \nCVE-2016-6303\n\nOpenSSL\nAvailable for:  macOS Sierra 10.12.1\nImpact: An attacker with a privileged network position may be able to\ncause a denial of service\nDescription: A denial of service issue in unbounded OCSP growth was\naddressed through improved memory handling. \nCVE-2016-6304\n\nPower Management\nAvailable for:  macOS Sierra 10.12.1\nImpact: A local user may be able to gain root privileges\nDescription: An issue in mach port name references was addressed\nthrough improved validation. \nCVE-2016-7661: Ian Beer of Google Project Zero\n\nSecurity\nAvailable for:  macOS Sierra 10.12.1\nImpact: An attacker may be able to exploit weaknesses in the 3DES\ncryptographic algorithm\nDescription: 3DES was removed as a default cipher. \nCVE-2016-4693: GaA\u003c\u003ctan Leurent and Karthikeyan Bhargavan from INRIA\nParis\n\nSecurity\nAvailable for:  macOS Sierra 10.12.1\nImpact: An attacker in a privileged network position may be able to\ncause a denial of service\nDescription: A validation issue existed in the handling of OCSP\nresponder URLs. This issue was addressed by verifying OCSP revocation\nstatus after CA validation and limiting the number of OCSP requests\nper certificate. \nCVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)\n\nSecurity\nAvailable for:  macOS Sierra 10.12.1\nImpact: Certificates may be unexpectedly evaluated as trusted\nDescription: A certificate evaluation issue existed in certificate\nvalidation. This issue was addressed through additional validation of\ncertificates. \nCVE-2016-7662: Apple\n\nsyslog\nAvailable for:  macOS Sierra 10.12.1\nImpact: A local user may be able to gain root privileges\nDescription: An issue in mach port name references was addressed\nthrough improved validation. \nCVE-2016-7660: Ian Beer of Google Project Zero\n\nmacOS 10.12.2 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJYT7LKAAoJEIOj74w0bLRGfKwQAN3nnwHgJNE+obIjTzpTHLlh\nmMQYstsO8Mcj4hjIgTCHuQr1tDldva0IZEivoYAbyXAgM9xKlIbpqBQ5TE94l3nl\nxTTeVqtozCCdRT36mphvwhPEp38lvclUU1IGxyvP6ieK0dHUKS8LhL9MpnaOinrX\nUhSiXkMs9tTZI5SgkumzBmg10oOwDnMvZDrwTcxe9vjU26V9S7+VpfsguefwDSLE\nfHYX4KksoEUZuDdUBrfX2+03QbqYxBjQR9IRdpcX56laq1TGUMTKwkTi9DxJlByP\nSJl3uvVhqWf1UkYH6x5N/gC9lXq5QO6L7W3W2rRqTtgr2UMPZsBuf0srK/lFmPvC\nc63thvcZyPk0cDcE7k0ZmlJx+7ihFIiPKdGwLoX5Rl6Zr29Wh9aGKhzUUYO12PUh\n+x18HRwXxvSv9TXAUYQu5hD48SuhUiMEBO8Qq7Z8XPFEUSJXY2AjGjai9mJYNfC4\nOELKPPvYnNSd3m8YGvWY8gWgwyRP0es6U3d5rGatEpA1qcIFmUrHFhpvveL6SRSY\nxPQgjB/aohg/fDf3jDO1kjR7+v83B+ObbCr8MOgqGNtG3GqOimMOa8XuSMbV7+3u\n0kivBY8fxYdBy0pXDdBgv+AHaTue+wgP5tQXFiAxm61Fv+uz/yvR22uaJ39P5cJf\nmsyz+/zQNISkly6K0VBO\n=0QW0\n-----END PGP SIGNATURE-----\n\n\n\n. Additional information can be found at\n    https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/    \n\nCVE-2016-2178\n\n    Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n    leak in the DSA code. \n\nCVE-2016-2179 / CVE-2016-2181\n\n    Quan Luo and the OCAP audit team discovered denial of service\n    vulnerabilities in DTLS. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4. \n\nFor the unstable distribution (sid), these problems will be fixed soon. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nUSN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. (CVE-2016-6304)\n  Guido Vranken discovered that OpenSSL used undefined behaviour when\n performing pointer arithmetic. (CVE-2016-2178)\n  Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2179)\n  Shi Lei discovered that OpenSSL incorrectly handled memory in the\n TS_OBJ_print_bio() function. (CVE-2016-2180)\n  It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay\n feature. (CVE-2016-2181)\n  Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n  Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. A remote attacker could\n possibly use this flaw to obtain clear text data from long encrypted\n sessions. This update moves DES from the HIGH cipher list to MEDIUM. \n (CVE-2016-2183)\n  Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. \n (CVE-2016-6302)\n  Shi Lei discovered that OpenSSL incorrectly handled memory in the\n MDC2_Update() function. (CVE-2016-6303)\n  Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-3087-2\n  http://www.ubuntu.com/usn/usn-3087-1\n  https://launchpad.net/bugs/1626883\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38\n\n\n. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2.  OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004782"
      },
      {
        "db": "BID",
        "id": "92984"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6303"
      },
      {
        "db": "PACKETSTORM",
        "id": "140151"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6303",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "92984",
        "trust": 2.0
      },
      {
        "db": "PULSESECURE",
        "id": "SA40312",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-21",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-20",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-16",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1036885",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU98667810",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004782",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2148",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-320",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6303",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140151",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138817",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138820",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138826",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169633",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6303"
      },
      {
        "db": "BID",
        "id": "92984"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004782"
      },
      {
        "db": "PACKETSTORM",
        "id": "140151"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6303"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-320"
      }
    ]
  },
  "id": "VAR-201609-0348",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.3797576935714285
  },
  "last_update_date": "2023-12-18T11:08:34.796000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160927-openssl",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "title": "1995039",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "title": "NV17-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "Security updates for all active release lines, September 2016",
        "trust": 0.8,
        "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
      },
      {
        "title": "Avoid overflow in MDC2_Update()",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Bug 1370146",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146"
      },
      {
        "title": "SA40312",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "title": "SA132",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "title": "TNS-2016-16",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "title": "TLSA-2016-28",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-28j.html"
      },
      {
        "title": "OpenSSL\u0027MDC2_Update\u0027 Fixes for function integer overflow vulnerability",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=64116"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-6303"
      },
      {
        "title": "Red Hat: CVE-2016-6303",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-6303"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2"
      },
      {
        "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl"
      },
      {
        "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-6303 "
      },
      {
        "title": "alpine-cvecheck",
        "trust": 0.1,
        "url": "https://github.com/tomwillfixit/alpine-cvecheck "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004782"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-320"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004782"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6303"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/92984"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146"
      },
      {
        "trust": 1.7,
        "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1036885"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-21"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-20"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07"
      },
      {
        "trust": 0.9,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07"
      },
      {
        "trust": 0.9,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6303"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98667810/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6303"
      },
      {
        "trust": 0.8,
        "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1"
      },
      {
        "trust": 0.7,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009586"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1009648"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992427"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992681"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996181"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000242"
      },
      {
        "trust": 0.2,
        "url": "http://www.ubuntu.com/usn/usn-3087-1"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/787.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-6303"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3087-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7413"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1823"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7602"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7414"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7417"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7588"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7416"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5419"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4691"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4693"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5420"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7591"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4688"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7596"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7603"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5421"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7411"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1777"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7594"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7595"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7418"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7167"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7604"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7600"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1626883"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-3087-2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://sweet32.info)"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6303"
      },
      {
        "db": "BID",
        "id": "92984"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004782"
      },
      {
        "db": "PACKETSTORM",
        "id": "140151"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6303"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-320"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6303"
      },
      {
        "db": "BID",
        "id": "92984"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004782"
      },
      {
        "db": "PACKETSTORM",
        "id": "140151"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6303"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-320"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6303"
      },
      {
        "date": "2016-08-20T00:00:00",
        "db": "BID",
        "id": "92984"
      },
      {
        "date": "2016-09-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004782"
      },
      {
        "date": "2016-12-14T12:12:12",
        "db": "PACKETSTORM",
        "id": "140151"
      },
      {
        "date": "2016-09-22T22:22:00",
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "date": "2016-09-22T22:25:00",
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "date": "2016-09-23T19:19:00",
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "date": "2016-09-22T12:12:12",
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "date": "2016-09-16T05:59:13.363000",
        "db": "NVD",
        "id": "CVE-2016-6303"
      },
      {
        "date": "2016-09-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-320"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6303"
      },
      {
        "date": "2018-02-05T15:00:00",
        "db": "BID",
        "id": "92984"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004782"
      },
      {
        "date": "2023-02-12T23:24:31.920000",
        "db": "NVD",
        "id": "CVE-2016-6303"
      },
      {
        "date": "2023-02-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-320"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-320"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/mdc2/mdc2dgst.c of  MDC2_Update Integer overflow vulnerability in functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004782"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-320"
      }
    ],
    "trust": 0.6
  }
}

var-201408-0212
Vulnerability from variot

The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client. OpenSSL is prone to a local denial-of-service vulnerability. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. OpenSSL 1.0.1 prior to 1.0.1i are vulnerable.

References:

CVE-2014-3566 CVE-2014-5139 SSRT101916

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

Contact vcemsdksupportteam@hp.com to request the HP Virtual Connect Enterprise Manager SDK v7.4.1 or later. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04624296

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04624296 Version: 1

HPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and Windows, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-04-01 Last Updated: 2015-04-01

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) which are components of HP Insight Control server deployment. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE". The components of HP Insight Control server deployment could be exploited remotely to allow disclosure of information.

HP Insight Control server deployment includes HP System Management Homepage (SMH), HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following jobs. This bulletin provides the information needed to update the vulnerable components in HP Insight Control server deployment.

Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware

References:

CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-5139 SSRT102004

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-5139 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following instructions to resolve this vulnerability.

Note: For HP Insight deployment Control server v7.1.2, v7.2.0, v7.2.1 and v7.2.2, you must upgrade to v7.3.1 and follow the steps from 1 to 11 mentioned below to resolve the vulnerability.

Delete the files smh.exe from Component Copy Location listed in the following table, rows 1 and 2. Delete the files vca.exe/vcaamd64-.exe from Component Copy Location listed in the following table, rows 3 and 4. Delete the files hpsmh-7..rpm" from Component Copy Location listed in row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location specified in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location

1 http://www.hp.com/swpublishing/MTX-bd2042a1c7574aad90c4839efe smhamd64-cp023964.exe \express\hpfeatures\hpagents-ws\components\Win2008

2 http://www.hp.com/swpublishing/MTX-062078f1ae354b7e99c86c151c smhx86-cp023963.exe \express\hpfeatures\hpagents-ws\components\Win2008

3 http://www.hp.com/swpublishing/MTX-7b23e47d5d9b420b94bd1323eb vcax86 cp025295.exe \express\hpfeatures\hpagents-ws\components\Win2008

4 http://www.hp.com/swpublishing/MTX-2557aa7dc1654cf6b547c1a9e4 vcaamd64-cp025296.exe \express\hpfeatures\hpagents-ws\components\Win2008

5 http://www.hp.com/swpublishing/MTX-5827037475e44abab586463723 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components

\express\hpfeatures\hpagents-sles10-x64\components

\express\hpfeatures\hpagents-rhel5-x64\components

\express\hpfeatures\hpagents-rhel6-x64\components

6 http://www.hp.com/swpublishing/MTX-57ab6bb78b6e47a18718f44133 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components

\express\hpfeatures\hpagents-sles10-x64\components

\express\hpfeatures\hpagents-rhel5-x64\components

\express\hpfeatures\hpagents-rhel6-x64\components

7 http://www.hp.com/swpublishing/MTX-34bcab41ac7e4db299e3f5f2f1 smhx86-cp025274.exe \express\hpfeatures\hpagents-ws\components\Win2003

8 http://www.hp.com/swpublishing/MTX-00eb9ac82e86449e8c3ba101bd smhamd64-cp025275.exe \express\hpfeatures\hpagents-ws\components\Win2003

Download and extract the HP SUM component from ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p991570621/v99346

Copy all content from extracted folder and paste at \eXpress\hpfeatures\fw-proLiant\components Initiate Install HP Management Agents for SLES 11 x64 on the target running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on the target running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on the target running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on the target running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 job on the target running Windows.

HISTORY Version:1 (rev.1) - 1 April 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlUb+3EACgkQ4B86/C0qfVnD1wCg+LtrJpQcATsjJ308tHP49nog 0sgAoJ5L9/aT7iAxhlnZdRatqjBoIFxb =pzE4 -----END PGP SIGNATURE----- .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. This update fixes several security issues: Double Free when processing DTLS packets (CVE-2014-3505) DTLS memory exhaustion (CVE-2014-3506) DTLS memory leak from zero-length fragments (CVE-2014-3507) Information leak in pretty printing functions (CVE-2014-3508) Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510) OpenSSL TLS protocol downgrade attack (CVE-2014-3511) SRP buffer overrun (CVE-2014-3512) Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139) For more information, see: https://www.openssl.org/news/secadv_20140806.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139 ( Security fix ) patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz: Upgraded. ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz 3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: 3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz 075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz 92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: df5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz 582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz b80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz 0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz

Slackware 14.0 packages: d1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz ec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz 25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz 4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: f2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz 4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz

Slackware -current packages: 49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz 27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz

Slackware x86_64 -current packages: 8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz fd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014] ========================================

Information leak in pretty printing functions (CVE-2014-3508)

A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.

Thanks to Ivan Fratric (Google) for discovering this issue. This issue was reported to OpenSSL on 19th June 2014.

The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL development team. This can be exploited through a Denial of Service attack.

OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. This issue was reported to OpenSSL on 2nd July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)

If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory.

OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. This issue was reported to OpenSSL on 8th July 2014.

The fix was developed by Gabor Tyukasz.

Double Free when processing DTLS packets (CVE-2014-3505)

An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack.

Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley.

DTLS memory exhaustion (CVE-2014-3506)

An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack.

Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley.

DTLS memory leak from zero-length fragments (CVE-2014-3507)

By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack.

Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley.

OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack.

OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.

Thanks to Felix Gröbert (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 18th July 2014.

The fix was developed by Emilia Käsper of the OpenSSL development team.

OpenSSL TLS protocol downgrade attack (CVE-2014-3511)

A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records.

OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.

Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 21st July 2014.

The fix was developed by David Benjamin.

SRP buffer overrun (CVE-2014-3512)

A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.

Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC Group) for discovering this issue. This issue was reported to OpenSSL on 31st July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20140806.txt

Note: the online version of the advisory may be updated with additional details over time

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0212",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "8.4-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "10.0-beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "-release-p2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "8.4-release-p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.8"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "8.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "9.2-release-p11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "vios fp-25 sp-02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.4"
      },
      {
        "model": "9.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.3-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.2"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "7.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.4-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.842"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "7.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.34"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "release-p4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "10.0-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "9.1-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "-release/alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "8.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.1"
      },
      {
        "model": "9.2-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "junos os 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.4"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5"
      },
      {
        "model": "2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "9.1--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "6.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "9.3-beta3-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "9.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "-stablepre2001-07-20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "8.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.10"
      },
      {
        "model": "6.3-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.0"
      },
      {
        "model": "9.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "7.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.2"
      },
      {
        "model": "7.0-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.0-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "junos os 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "9.1-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "7.1-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.4"
      },
      {
        "model": "7.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "9.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "7.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.2x"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "7.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.0-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "8.4-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "8.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "servicecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0.x"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "9.3-rc",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "9.3-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "8.4-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.31"
      },
      {
        "model": "10.0-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.7"
      },
      {
        "model": "-pre-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "8.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.2-rc2-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.2-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.3-release-p15",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.1-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "9.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.3"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "7.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.5"
      },
      {
        "model": "7.2-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.3x"
      },
      {
        "model": "9.3-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.3-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-stablepre2002-03-07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.11"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.2"
      },
      {
        "model": "8.3-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.6.1"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.3"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "7.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.3"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "8.3-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.2-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.3-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "6.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand workflow automation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "oncommand unified manager core package 5.2.1p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "8.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "7.4-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "8.3-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "10.0-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.1-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "9.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "open systems snapvault 3.0.1p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "-release-p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "9.3-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "8-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.4"
      },
      {
        "model": "-release-p6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "8.4-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "8.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "7.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "8.4-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2-"
      },
      {
        "model": "9.1-release-p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "junos os 14.1r2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.740"
      },
      {
        "model": "7.3-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "10.0-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.4x"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0.x"
      },
      {
        "model": "junos os 13.3r3-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.33"
      },
      {
        "model": "7.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0"
      },
      {
        "model": "10.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.3"
      },
      {
        "model": "6.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.0-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.1-release-p15",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "7.0-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1.5.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "8.2-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "9.3-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.20"
      },
      {
        "model": "8.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "6.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "9.2-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5x"
      },
      {
        "model": "8.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "-release-p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release-p32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "7.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3.2"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "10.0-release-p8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "puredata system for operational analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "8.1-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "8.4-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.760"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.1x"
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "9.3-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.0--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "9.2-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "7.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0.x"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.21"
      },
      {
        "model": "9.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "8.4-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "release -p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2-"
      },
      {
        "model": "8.1-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "9.3-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitor fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2x"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "7.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "9.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1.730"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.1"
      },
      {
        "model": "8-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.801"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "7.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "8.2-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "9.2-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p38",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.4"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.2"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "8.4-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "6.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1.5"
      },
      {
        "model": "9.2-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "10.0-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.6"
      },
      {
        "model": "8.4-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1x"
      },
      {
        "model": "9.3-release-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "8.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "8.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "8.1-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.5"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.7.1"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "9.1-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "9.2-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6.1"
      },
      {
        "model": "7.2-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1841"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "9.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "7.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "release p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.3--"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "9.1-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.1-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release-p10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "9.3-beta1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "10.0-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "10.0-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3.1"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.32"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "9.2-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "8.4-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "-release-p17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "7.0-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.841"
      },
      {
        "model": "9.1-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "10.0-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "9.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "9.2-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2"
      },
      {
        "model": "8.2-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.750"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "-release-p42",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "6.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.30"
      },
      {
        "model": "6.4-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "69077"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-5139"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-5139"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "131011"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "130817"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "131254"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2014-5139",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-5139",
            "trust": 1.0,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-5139"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client. OpenSSL is prone to a local denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application, resulting  in denial-of-service conditions. \nOpenSSL 1.0.1 prior to 1.0.1i are vulnerable. \n\nReferences:\n\nCVE-2014-3566\nCVE-2014-5139\nSSRT101916\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nContact vcemsdksupportteam@hp.com to request the HP Virtual Connect\nEnterprise Manager SDK v7.4.1 or later. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04624296\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04624296\nVersion: 1\n\nHPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and\nWindows, Remote Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-04-01\nLast Updated: 2015-04-01\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH), HP Smart Update Manager (SUM), and HP Version\nControl Agent (VCA) which are components of HP Insight Control server\ndeployment. These vulnerabilities are related to the SSLv3 vulnerability\nknown as \"Padding Oracle on Downgraded Legacy Encryption\" or \"POODLE\". The\ncomponents of HP Insight Control server deployment could be exploited\nremotely to allow disclosure of information. \n\nHP Insight Control server deployment includes HP System Management Homepage\n(SMH), HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and\ndeploys them through the following jobs. This bulletin provides the\ninformation needed to update the vulnerable components in HP Insight Control\nserver deployment. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\nUpgrade Proliant Firmware\n\nReferences:\n\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\nCVE-2014-5139\nSSRT102004\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3508    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-3509    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-3511    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2014-3513    (AV:N/AC:M/Au:N/C:N/I:N/A:C)       7.1\nCVE-2014-3566    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-3567    (AV:N/AC:M/Au:N/C:N/I:N/A:C)       7.1\nCVE-2014-3568    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2014-5139    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following instructions to resolve this vulnerability. \n\nNote: For HP Insight deployment Control server v7.1.2, v7.2.0, v7.2.1 and\nv7.2.2, you must upgrade to v7.3.1 and follow the steps from 1 to 11\nmentioned below to resolve the vulnerability. \n\nDelete the files smh*.exe from Component Copy Location listed in the\nfollowing table, rows 1 and 2. \nDelete the files vca*.exe/vcaamd64-*.exe from Component Copy Location listed\nin the following table, rows 3 and 4. \nDelete the files hpsmh-7.*.rpm\" from Component Copy Location listed in row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nspecified in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-bd2042a1c7574aad90c4839efe\n smhamd64-cp023964.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n2\n http://www.hp.com/swpublishing/MTX-062078f1ae354b7e99c86c151c\n smhx86-cp023963.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n3\n http://www.hp.com/swpublishing/MTX-7b23e47d5d9b420b94bd1323eb\n vcax86 cp025295.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-2557aa7dc1654cf6b547c1a9e4\n vcaamd64-cp025296.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-5827037475e44abab586463723\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\n6\n http://www.hp.com/swpublishing/MTX-57ab6bb78b6e47a18718f44133\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\n7\n http://www.hp.com/swpublishing/MTX-34bcab41ac7e4db299e3f5f2f1\n smhx86-cp025274.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\n8\n http://www.hp.com/swpublishing/MTX-00eb9ac82e86449e8c3ba101bd\n smhamd64-cp025275.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\nDownload and extract the HP SUM component from\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p991570621/v99346\n\nCopy all content from extracted folder and paste at\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components\nInitiate Install HP Management Agents for SLES 11 x64 on the target running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on the target running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on the target running\nRHEL 6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on the target running\nRHEL 5 x64. \nInitiate Install HP Management Agents for Windows x86/x64 job on the target\nrunning Windows. \n\nHISTORY\nVersion:1 (rev.1) - 1 April 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlUb+3EACgkQ4B86/C0qfVnD1wCg+LtrJpQcATsjJ308tHP49nog\n0sgAoJ5L9/aT7iAxhlnZdRatqjBoIFxb\n=pzE4\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz:  Upgraded. \n  This update fixes several security issues:\n  Double Free when processing DTLS packets (CVE-2014-3505)\n  DTLS memory exhaustion (CVE-2014-3506)\n  DTLS memory leak from zero-length fragments (CVE-2014-3507)\n  Information leak in pretty printing functions (CVE-2014-3508)\n  Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)\n  OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n  OpenSSL TLS protocol downgrade attack (CVE-2014-3511)\n  SRP buffer overrun (CVE-2014-3512)\n  Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)\n  For more information, see:\n    https://www.openssl.org/news/secadv_20140806.txt\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz:  Upgraded. \n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd  openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200  openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413  openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544  openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb  openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d  openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c  openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da  openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620  openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691  openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023  openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843  openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180  openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231  openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58  openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c  openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7  openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7  openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d  openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250  openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269  a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f  n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc  a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8  n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014]\n========================================\n\nInformation leak in pretty printing functions (CVE-2014-3508)\n=============================================================\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information from the\nstack. Applications may be affected if they echo pretty printing output to the\nattacker. OpenSSL SSL/TLS clients and servers themselves are not affected. \n\nThanks to Ivan Fratric (Google) for discovering this issue. This issue\nwas reported to OpenSSL on 19th June 2014. \n\nThe fix was developed by Emilia K\u00e4sper and Stephen Henson of the OpenSSL\ndevelopment team. This can\nbe exploited through a Denial of Service attack. \n\nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Joonas Kuorilehto and Riku Hietam\u00e4ki (Codenomicon) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 2nd July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nRace condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)\n==============================================================\n\nIf a multithreaded client connects to a malicious server using a resumed session\nand the server sends an ec point format extension it could write up to 255 bytes\nto freed memory. \n\nOpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this\nissue. This issue was reported to OpenSSL on 8th July 2014. \n\nThe fix was developed by Gabor Tyukasz. \n\n\nDouble Free when processing DTLS packets (CVE-2014-3505)\n========================================================\n\nAn attacker can force an error condition which causes openssl to crash whilst\nprocessing DTLS packets due to memory being freed twice. This can be exploited\nthrough a Denial of Service attack. \n\nThanks to Adam Langley and Wan-Teh Chang (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 6th June\n2014. \n\nThe fix was developed by Adam Langley. \n\n\nDTLS memory exhaustion (CVE-2014-3506)\n======================================\n\nAn attacker can force openssl to consume large amounts of memory whilst\nprocessing DTLS handshake messages. This can be exploited through a Denial of\nService attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\n\nDTLS memory leak from zero-length fragments (CVE-2014-3507)\n===========================================================\n\nBy sending carefully crafted DTLS packets an attacker could cause openssl to\nleak memory. This can be exploited through a Denial of Service attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\nOpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n===============================================================\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a\ndenial of service attack. \n\nOpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i. \n\nThanks to Felix Gr\u00f6bert (Google) for discovering and researching this issue. \nThis issue was reported to OpenSSL on 18th July 2014. \n\nThe fix was developed by Emilia K\u00e4sper of the OpenSSL development team. \n\n\nOpenSSL TLS protocol downgrade attack (CVE-2014-3511)\n=====================================================\n\nA flaw in the OpenSSL SSL/TLS server code causes the server to negotiate\nTLS 1.0 instead of higher protocol versions when the ClientHello message is\nbadly fragmented. This allows a man-in-the-middle attacker to force a\ndowngrade to TLS 1.0 even if both the server and the client support a higher\nprotocol version, by modifying the client\u0027s TLS records. \n\nOpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i. \n\nThanks to David Benjamin and Adam Langley (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 21st July 2014. \n\nThe fix was developed by David Benjamin. \n\n\nSRP buffer overrun (CVE-2014-3512)\n==================================\n\nA malicious client or server can send invalid SRP parameters and overrun\nan internal buffer. Only applications which are explicitly set up for SRP\nuse are affected. \n\nThanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC\nGroup) for discovering this issue. This issue was reported to OpenSSL\non 31st July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-5139"
      },
      {
        "db": "BID",
        "id": "69077"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "131011"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "130817"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "131254"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-5139",
        "trust": 2.2
      },
      {
        "db": "BID",
        "id": "69077",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "60022",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "60810",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "59700",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "61100",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "61392",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "61959",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "59710",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "61017",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "61171",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "60917",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "60493",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "60921",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "60803",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "60221",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "61775",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "59756",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "61184",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1030693",
        "trust": 1.0
      },
      {
        "db": "TENABLE",
        "id": "TNS-2014-06",
        "trust": 1.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10649",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "130868",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131011",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131014",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130817",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132081",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132080",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131254",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127811",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169648",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "69077"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "131011"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "130817"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "131254"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-5139"
      }
    ]
  },
  "id": "VAR-201408-0212",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.42424244
  },
  "last_update_date": "2024-07-04T21:41:39.624000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-5139"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "https://www.openssl.org/news/secadv_20140806.txt"
      },
      {
        "trust": 1.3,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:18.openssl.asc"
      },
      {
        "trust": 1.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/59700"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/59710"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/59756"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/60022"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/60221"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/60493"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/60803"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/60810"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/60917"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/60921"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/61017"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/61100"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/61171"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/61184"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/61392"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/61775"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/61959"
      },
      {
        "trust": 1.0,
        "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
      },
      {
        "trust": 1.0,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2014/dsa-2998"
      },
      {
        "trust": 1.0,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/69077"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1030693"
      },
      {
        "trust": 1.0,
        "url": "http://www.tenable.com/security/tns-2014-06"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=80bd7b41b30af6ee96f519e629463583318de3b0"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=83764a989dcc87fbea337da5f8f86806fe767b7e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.7,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.7,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.7,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.3,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=80bd7b41b30af6ee96f519e629463583318de3b0"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2014-5139"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04571956"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04587108"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/mar/84"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/feb/151"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10649\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
      },
      {
        "trust": 0.3,
        "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04512909"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04570627"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684570"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685467"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097658"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127491"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683389"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682034"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686182"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682016"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966557"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683744"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-57ab6bb78b6e47a18718f44133"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-2557aa7dc1654cf6b547c1a9e4"
      },
      {
        "trust": 0.2,
        "url": "http://www.hp.com/swpublishing/mtx-7b23e47d5d9b420b94bd1323eb"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.2,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-bd2042a1c7574aad90c4839efe"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-00eb9ac82e86449e8c3ba101bd"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-34bcab41ac7e4db299e3f5f2f1"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-062078f1ae354b7e99c86c151c"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-5827037475e44abab586463723"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "69077"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "131011"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "130817"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "131254"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-5139"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "69077"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "131011"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "130817"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "131254"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-5139"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-08-06T00:00:00",
        "db": "BID",
        "id": "69077"
      },
      {
        "date": "2015-03-18T00:44:34",
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "date": "2015-03-25T00:41:42",
        "db": "PACKETSTORM",
        "id": "131011"
      },
      {
        "date": "2015-03-25T00:42:25",
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "date": "2015-03-13T17:11:14",
        "db": "PACKETSTORM",
        "id": "130817"
      },
      {
        "date": "2015-05-29T23:37:11",
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "date": "2015-05-29T23:37:04",
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "date": "2015-04-02T00:37:56",
        "db": "PACKETSTORM",
        "id": "131254"
      },
      {
        "date": "2014-08-11T11:11:00",
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "date": "2014-08-06T12:12:12",
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "date": "2014-08-13T23:55:07.717000",
        "db": "NVD",
        "id": "CVE-2014-5139"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-07-26T23:01:00",
        "db": "BID",
        "id": "69077"
      },
      {
        "date": "2023-11-07T02:20:43.020000",
        "db": "NVD",
        "id": "CVE-2014-5139"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "69077"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL NULL Pointer Dereference CVE-2014-5139 Local Denial of Service Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "69077"
      }
    ],
    "trust": 0.3
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "69077"
      }
    ],
    "trust": 0.3
  }
}

var-202302-0195
Vulnerability from variot

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack.

The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected.

These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0.

The OpenSSL asn1parse command line application is also impacted by this issue. OpenSSL has payload data 0 become a part-time worker PEM When creating a file, PEM_read_bio_ex() A double free vulnerability exists because when returns a failure code, it introduces a pointer to an already freed buffer into the header argument.Malicious by attacker PEM Denial of service by providing files ( crash ) It may be in a state. Bugs fixed (https://bugzilla.redhat.com/):

2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Important: OpenShift Container Platform 4.13.0 security update Advisory ID: RHSA-2023:1326-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:1326 Issue date: 2023-05-17 CVE Names: CVE-2021-4235 CVE-2021-4238 CVE-2021-20329 CVE-2021-38561 CVE-2021-43519 CVE-2021-44964 CVE-2022-1271 CVE-2022-1586 CVE-2022-1587 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-2509 CVE-2022-2990 CVE-2022-3080 CVE-2022-3259 CVE-2022-4203 CVE-2022-4304 CVE-2022-4450 CVE-2022-21698 CVE-2022-23525 CVE-2022-23526 CVE-2022-26280 CVE-2022-27191 CVE-2022-29154 CVE-2022-29824 CVE-2022-34903 CVE-2022-38023 CVE-2022-38177 CVE-2022-38178 CVE-2022-40674 CVE-2022-41316 CVE-2022-41717 CVE-2022-41721 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-42919 CVE-2022-46146 CVE-2022-47629 CVE-2023-0056 CVE-2023-0215 CVE-2023-0216 CVE-2023-0217 CVE-2023-0229 CVE-2023-0286 CVE-2023-0361 CVE-2023-0401 CVE-2023-0620 CVE-2023-0665 CVE-2023-0778 CVE-2023-25000 CVE-2023-25165 CVE-2023-25173 CVE-2023-25577 CVE-2023-25725 CVE-2023-25809 CVE-2023-27561 CVE-2023-28642 CVE-2023-30570 CVE-2023-30841 =====================================================================

  1. Summary:

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.13.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2023:1325

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Security Fix(es):

  • goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)

  • go-yaml: Denial of Service in go-yaml (CVE-2021-4235)

  • mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)

  • golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)

  • prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)

  • helm: Denial of service through through repository index file (CVE-2022-23525)

  • helm: Denial of service through schema file (CVE-2022-23526)

  • golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

  • vault: insufficient certificate revocation list checking (CVE-2022-41316)

  • golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

  • x/net/http2/h2c: request smuggling (CVE-2022-41721)

  • net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

  • golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)

  • golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)

  • exporter-toolkit: authentication bypass via cache poisoning (CVE-2022-46146)

  • vault: Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File (CVE-2023-0620)

  • hashicorp/vault: Vault’s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata (CVE-2023-0665)

  • hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations (CVE-2023-25000)

  • helm: getHostByName Function Information Disclosure (CVE-2023-25165)

  • containerd: Supplementary groups are not set up properly (CVE-2023-25173)

  • runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)

  • runc: AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration (CVE-2023-28642)

  • baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access (CVE-2023-30841)

  • runc: Rootless runc makes /sys/fs/cgroup writable (CVE-2023-25809)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

  1. Solution:

For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags

The sha values for the release are:

(For x86_64 architecture) The image digest is sha256:74b23ed4bbb593195a721373ed6693687a9b444c97065ce8ac653ba464375711

(For s390x architecture) The image digest is sha256:a32d509d960eb3e889a22c4673729f95170489789c85308794287e6e9248fb79

(For ppc64le architecture) The image digest is sha256:bca0e4a4ed28b799e860e302c4f6bb7e11598f7c136c56938db0bf9593fb76f8

(For aarch64 architecture) The image digest is sha256:e07e4075c07fca21a1aed9d7f9c165696b1d0fa4940a219a000894e5683d846c

All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

  1. Bugs fixed (https://bugzilla.redhat.com/):

1770297 - console odo download link needs to go to an official location or have caveats [openshift-4.4] 1853264 - Metrics produce high unbound cardinality 1877261 - [RFE] Mounted volume size issue when restore a larger size pvc than snapshot 1904573 - OpenShift: containers modify /etc/passwd group writable 1943194 - when using gpus, more nodes than needed are created by the node autoscaler 1948666 - After entering valid git repo url on Import from git page, throwing warning message instead Validated 1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated 2005232 - Pods list page should only show Create Pod button to user has sufficient permission 2016006 - Repositories list does not show the running pipelinerun as last pipelinerun 2027000 - The user is ignored when we create a new file using a MachineConfig 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2047299 - nodeport not reachable port connection timeout 2050230 - Implement LIST call chunking in openshift-sdn 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2065166 - GCP - Less privileged service accounts are created with Service Account User role 2066388 - Wrong Error generates when https is missing in the value of regionEndpoint in configs.imageregistry.operator.openshift.io/cluster 2066664 - [cluster-storage-operator] - Minimize wildcard/privilege Usage in Cluster and Local Roles 2070744 - openshift-install destroy in us-gov-west-1 results in infinite loop - AWS govcloud 2075548 - Support AllocateLoadBalancerNodePorts=False with ETP=local, LGW mode 2076619 - Could not create deployment with an unknown git repo and builder image build strategy 2078222 - egressIPs behave inconsistently towards in-cluster traffic (hosts and services backed by host-networked pods) 2079981 - PVs not deleting on azure (or very slow to delete) since CSI migration to azuredisk 2081858 - OVN-Kubernetes: SyncServices for nodePortWatcherIptables should propagate failures back to caller 2083087 - "Delete dependent objects of this resource" might cause confusions 2084452 - PodDisruptionBudgets help message should be semantic 2087043 - Cluster API components should use K8s 1.24 dependencies 2087553 - No rhcos-4.11/x86_64 images in the 2 new regions on alibabacloud, "ap-northeast-2 (South Korea (Seoul))" and "ap-southeast-7 (Thailand (Bangkok))" 2089093 - CVO hotloops on OperatorGroup due to the diff of "upgradeStrategy": string("Default") 2089138 - CVO hotloops on ValidatingWebhookConfiguration /performance-addon-operator 2090680 - upgrade for a disconnected cluster get hang on retrieving and verifying payload 2092567 - Network policy is not being applied as expected 2092811 - Datastore name is too long 2093339 - [rebase v1.24] Only known images used by tests 2095719 - serviceaccounts are not updated after upgrade from 4.10 to 4.11 2100181 - WebScale: configure-ovs.sh fails because it picks the wrong default interface 2100429 - [apiserver-auth] default SCC restricted allow volumes don't have "ephemeral" caused deployment with Generic Ephemeral Volumes stuck at Pending 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2104978 - MCD degrades are not overwrite-able by subsequent errors 2110565 - PDB: Remove add/edit/remove actions in Pod resource action menu 2110570 - Topology sidebar: Edit pod count shows not the latest replicas value when edit the count again 2110982 - On GCP, need to check load balancer health check IPs required for restricted installation 2113973 - operator scc is nor fixed when we define a custom scc with readOnlyRootFilesystem: true 2114515 - Getting critical NodeFilesystemAlmostOutOfSpace alert for 4K tmpfs 2115265 - Search page: LazyActionMenus are shown below Add/Remove from navigation button 2116686 - [capi] Cluster kind should be valid 2117374 - Improve Pod Admission failure for restricted-v2 denials that pass with restricted 2135339 - CVE-2022-41316 vault: insufficient certificate revocation list checking 2149436 - CVE-2022-46146 exporter-toolkit: authentication bypass via cache poisoning 2154196 - CVE-2022-23526 helm: Denial of service through schema file 2154202 - CVE-2022-23525 helm: Denial of service through through repository index file 2156727 - CVE-2021-4235 go-yaml: Denial of Service in go-yaml 2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 2162182 - CVE-2022-41721 x/net/http2/h2c: request smuggling 2168458 - CVE-2023-25165 helm: getHostByName Function Information Disclosure 2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly 2175721 - CVE-2023-27561 runc: volume mount race condition (regression of CVE-2019-19921) 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics 2182883 - CVE-2023-28642 runc: AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration 2182884 - CVE-2023-25809 runc: Rootless runc makes /sys/fs/cgroup writable 2182972 - CVE-2023-25000 hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations 2182981 - CVE-2023-0665 hashicorp/vault: Vault?s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata 2184663 - CVE-2023-0620 vault: Vault?s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File 2190116 - CVE-2023-30841 baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access

  1. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-10036 - Enable aesgcm encryption provider by default in openshift/api OCPBUGS-10038 - Enable aesgcm encryption provider by default in openshift/cluster-config-operator OCPBUGS-10042 - Enable aesgcm encryption provider by default in openshift/cluster-kube-apiserver-operator OCPBUGS-10043 - Enable aesgcm encryption provider by default in openshift/cluster-openshift-apiserver-operator OCPBUGS-10044 - Enable aesgcm encryption provider by default in openshift/cluster-authentication-operator OCPBUGS-10047 - oc-mirror print log: unable to parse reference oci://mno/redhat-operator-index:v4.12 OCPBUGS-10057 - With WPC card configured as GM or BC, phc2sys clock lock state is shown as FREERUN in ptp metrics while it should be LOCKED OCPBUGS-10213 - aws: mismatch between RHCOS and AWS SDK regions OCPBUGS-10220 - Newly provisioned machines unable to join cluster OCPBUGS-10221 - Risk cache warming takes too long on channel changes OCPBUGS-10237 - Limit the nested repository path while mirroring the images using oc-mirror for those who cant have nested paths in their container registry OCPBUGS-10239 - [release-4.13] Fix of ServiceAccounts gathering OCPBUGS-10249 - PollConsoleUpdates won't fire toast if one or more manifests errors when plugins change OCPBUGS-10267 - NetworkManager TUI quits regardless of a detected unsupported configuration OCPBUGS-10271 - [4.13] Netflink overflow alert OCPBUGS-10278 - Graph-data is not mounted on graph-builder correctly while install using graph-data image built by oc-mirror OCPBUGS-10281 - Openshift Ansible OVS version out of sync with RHCOS OCPBUGS-10291 - Broken link for Ansible tagging OCPBUGS-10298 - TenantID is ignored in some cases OCPBUGS-10320 - Catalogs should not be included in the ImageContentSourcePolicy.yaml OCPBUGS-10321 - command cannot be worked after chroot /host for oc debug pod OCPBUGS-1033 - Multiple extra manifests in the same file are not applied correctly OCPBUGS-10334 - Nutanix cloud-controller-manager pod not have permission to get/list ConfigMap OCPBUGS-10353 - kube-apiserver not receiving or processing shutdown signal after coreos 9.2 bump OCPBUGS-10367 - Pausing pools in OCP 4.13 will cause critical alerts to fire OCPBUGS-10377 - [gcp] IPI installation with Shielded VMs enabled failed on restarting the master machines OCPBUGS-10404 - Workload annotation missing from deployments OCPBUGS-10421 - RHCOS 4.13 live iso x84_64 contains restrictive policy.json OCPBUGS-10426 - node-topology is not exported due to kubelet.sock: connect: permission denied OCPBUGS-10427 - 4.1 born cluster fails to scale-up due to podman run missing --authfile flag OCPBUGS-10432 - CSI Inline Volume admission plugin does not log object name correctly OCPBUGS-10440 - OVN IPSec - does not create IPSec tunnels OCPBUGS-10474 - OpenShift pipeline TaskRun(s) column Duration is not present as column in UI OCPBUGS-10476 - Disable netlink mode of netclass collector in Node Exporter. OCPBUGS-1048 - if tag categories don't exist, the installation will fail to bootstrap OCPBUGS-10483 - [4.13 arm64 image][AWS EFS] Driver fails to get installed/exec format error OCPBUGS-10558 - MAPO failing to retrieve flavour information after rotating credentials OCPBUGS-10585 - [4.13] Request to update RHCOS installer bootimage metadata OCPBUGS-10586 - Console shows x509 error when requesting token from oauth endpoint OCPBUGS-10597 - The agent-tui shows again during the installation OCPBUGS-1061 - administrator console, monitoring-alertmanager-edit user list or create silence, "Observe - Alerting - Silences" page is pending OCPBUGS-10645 - 4.13: Operands running management side missing affinity, tolerations, node selector and priority rules than the operator OCPBUGS-10656 - create image command erroneously logs that Base ISO was obtained from release OCPBUGS-10657 - When releaseImage is a digest the create image command generates spurious warning OCPBUGS-10658 - Wrong PrimarySubnet in OpenstackProviderSpec when using Failure Domains OCPBUGS-10661 - machine API operator failing with No Major.Minor.Patch elements found OCPBUGS-10678 - Developer catalog shows ImageStreams as samples which has no sampleRepo OCPBUGS-10679 - Show type of sample on the samples view OCPBUGS-10689 - [IPI on BareMetal]: Workers failing inspection when installing with proxy OCPBUGS-10697 - [release-4.13] User is allowed to create IP Address pool with duplicate entries for namespace and matchExpression for serviceSelector and namespaceSelector OCPBUGS-10698 - [release-4.13] Already assigned IP address is removed from a service on editing the ip address pool. OCPBUGS-10710 - Metal virtual media job permafails during early bootstrap OCPBUGS-10716 - Image Registry default to Removed on IBM cloud after 4.13.0-ec.3 OCPBUGS-10739 - [4.13] Bootimage bump tracker OCPBUGS-10744 - [4.13] EgressFirewall status disappeared OCPBUGS-10746 - Downstream Operator-SDK v1.22.2 to OCP 4.13 OCPBUGS-10771 - upgrade test failure with "Cluster operator control-plane-machine-set is not available" OCPBUGS-10773 - TestNewAppRun unit test failing OCPBUGS-10792 - Hypershift namespace servicemonitor has wrong API group OCPBUGS-10793 - Ignore device list missing in Node Exporter OCPBUGS-10796 - [4.13] Egress firewall is not retried on error OCPBUGS-10799 - Network policy perf improvements OCPBUGS-10801 - [4.13] Upgrade to 4.10 stalled on timeout completing syncEgressFirewall OCPBUGS-10811 - Missing vCenter build number in telemetry OCPBUGS-10813 - SCOS bootstrap should skip pivot when root is not writable OCPBUGS-10826 - RHEL 9.2 doesn't contain the kernel-abi-whitelists package. OCPBUGS-10832 - Edit Deployment (and DC) form doesn't enable Save button when changing strategy type OCPBUGS-10833 - update the default pipelineRun template name OCPBUGS-10834 - [OVNK] [IC] Having only one leader election in the master process OCPBUGS-10873 - OVN to OVN-H migration seems broken OCPBUGS-10888 - oauth-server fails to invalidate cache, causing non existing groups being referenced OCPBUGS-10890 - Hypershift replace upgrade: node in NotReady after upgrading from a 4.14 image to another 4.14 image OCPBUGS-10891 - Cluster Autoscaler balancing similar nodes test fails randomly OCPBUGS-10892 - Passwords printed in log messages OCPBUGS-10893 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag OCPBUGS-10902 - [IBMCloud] destroyed the private cluster, fail to cleanup the dns records OCPBUGS-10903 - [IBMCloud] fail to ssh to master/bootstrap/worker nodes from the bastion inside a customer vpc. OCPBUGS-10907 - move to rhel9 in DTK for 4.13 OCPBUGS-10914 - Node healthz server: return unhealthy when pod is to be deleted OCPBUGS-10919 - Update Samples Operator to use latest jenkins 4.12 release OCPBUGS-10923 - Cluster bootstrap waits for only one master to join before finishing OCPBUGS-10929 - Kube 1.26 for ovn-k OCPBUGS-10946 - For IPv6-primary dual-stack cluster, kubelet.service renders only single node-ip OCPBUGS-10951 - When imagesetconfigure without OCI FBC format config, but command with use-oci-feature flag, the oc-mirror command should check the imagesetconfigure firstly and print error immediately OCPBUGS-10953 - ovnkube-node does not close up correctly OCPBUGS-10955 - [release-4.13] NMstate complains about ping not working when adding multiple routing tables with different gateways OCPBUGS-10960 - [4.13] Vertical Scaling: do not trigger inadvertent machine deletion during bootstrap OCPBUGS-10965 - The network-tools image stream is missing in the cluster samples OCPBUGS-10982 - [4.13] nodeSelector in EgressFirewall doesn't work in dualstack cluster OCPBUGS-10989 - Agent create sub-command is returning fatal error OCPBUGS-10990 - EgressIP doesn't work in GCP XPN cluster OCPBUGS-11004 - Bootstrap kubelet client cert should include system:serviceaccounts group OCPBUGS-11010 - [vsphere] zone cluster installation fails if vSphere Cluster is embedded in Folder OCPBUGS-11022 - [4.13][scale] all egressfirewalls will be updated on every node update OCPBUGS-11023 - [4.13][scale] Ingress network policy creates more flows than before OCPBUGS-11031 - SNO OCP upgrade from 4.12 to 4.13 failed due to node-tuning operator is not available - tuned pod stuck at Terminating OCPBUGS-11032 - Update the validation interval for the cluster transfer to 12 hours OCPBUGS-11040 - --container-runtime is being removed in k8s 1.27 OCPBUGS-11054 - GCP: add europe-west12 region to the survey as supported region OCPBUGS-11055 - APIServer service isn't selected correctly for PublicAndPrivate cluster when external-dns is not configured OCPBUGS-11058 - [4.13] Conmon leaks symbolic links in /var/run/crio when pods are deleted OCPBUGS-11068 - nodeip-configuration not enabled for VSphere UPI OCPBUGS-11107 - Alerts display incorrect source when adding external alert sources OCPBUGS-11117 - The provided gcc RPM inside DTK does not match the gcc used to build the kernel OCPBUGS-11120 - DTK docs should mention the ubi9 base image instead of ubi8 OCPBUGS-11213 - BMH moves to deleting before all finalizers are processed OCPBUGS-11218 - "pipelines-as-code-pipelinerun-go" configMap is not been used for the Go repository OCPBUGS-11222 - kube-controller-manager cluster operator is degraded due connection refused while querying rules OCPBUGS-11227 - Relax CSR check due to k8s 1.27 changes OCPBUGS-11232 - All projects options shows as undefined after selection in Dev perspective Pipelines page OCPBUGS-11248 - Secret name variable get renders in Create Image pull secret alert OCPBUGS-1125 - Fix disaster recovery test [sig-etcd][Feature:DisasterRecovery][Disruptive] [Feature:EtcdRecovery] Cluster should restore itself after quorum loss [Serial] OCPBUGS-11257 - egressip cannot be assigned on hypershift hosted cluster node OCPBUGS-11261 - [AWS][4.13] installer get stuck if BYO private hosted zone is configured OCPBUGS-11263 - PTP KPI version 4.13 RC2 WPC - offset jumps to huge numbers OCPBUGS-11307 - Egress firewall node selector test missing OCPBUGS-11333 - startupProbe for UWM prometheus is still 15m OCPBUGS-11339 - ose-ansible-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13 OCPBUGS-11340 - ose-helm-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13 OCPBUGS-11341 - openshift-manila-csi-driver is missing the workload.openshift.io/allowed label OCPBUGS-11354 - CPMS: node readiness transitions not always trigger reconcile OCPBUGS-11384 - Switching from enabling realTime to disabling Realtime Workloadhint causes stalld to be enabled OCPBUGS-11390 - Service Binding Operator installation fails: "A subscription for this operator already exists in namespace ..." OCPBUGS-11424 - [release-4.13] new whereabouts reconciler relies on HOSTNAME which != spec.nodeName OCPBUGS-11427 - [release-4.13] whereabouts reads wrong annotation "k8s.v1.cni.cncf.io/networks-status", should be "k8s.v1.cni.cncf.io/network-status" OCPBUGS-11456 - PTP - When GM and downstream slaves are configured on same server, ptp metrics show slaves as FREERUN OCPBUGS-11458 - Ingress Takes 40s on Average Downtime During GCP OVN Upgrades OCPBUGS-11460 - CPMS doesn't always generate configurations for AWS OCPBUGS-11468 - Community operator cannot be mirrored due to malformed image address OCPBUGS-11469 - [release4.13] "exclude bundles with olm.deprecated property when rendering" not backport OCPBUGS-11473 - NS autolabeler requires RoleBinding subject namespace to be set when using ServiceAccount OCPBUGS-11485 - [4.13] NVMe disk by-id rename breaks LSO/ODF OCPBUGS-11503 - Update 4.13 cluster-network-operator image in Dockerfile to be consistent with ART OCPBUGS-11506 - CPMS e2e periodics tests timeout failures OCPBUGS-11507 - Potential 4.12 to 4.13 upgrade failure due to NIC rename OCPBUGS-11510 - Setting cpu-quota.crio.io to disable with crun causes container creation to fail OCPBUGS-11511 - [4.13] static container pod cannot be running due to CNI request failed with status 400 OCPBUGS-11529 - [Azure] fail to collect the vm serial log with ?gather bootstrap? OCPBUGS-11536 - Cluster monitoring operator runs node-exporter with btrfs collector OCPBUGS-11545 - multus-admission-controller should not run as root under Hypershift-managed CNO OCPBUGS-11558 - multus-admission-controller should not run as root under Hypershift-managed CNO OCPBUGS-11589 - Ensure systemd is compatible with rhel8 journalctl OCPBUGS-11598 - openshift-azure-routes triggered continously on rhel9 OCPBUGS-11606 - User configured In-cluster proxy configuration squashed in hypershift OCPBUGS-11643 - Updating kube-rbac-proxy images to be consistent with ART OCPBUGS-11657 - [4.13] Static IPv6 LACP bonding is randomly failing in RHCOS 413.92 OCPBUGS-11659 - Error extracting libnmstate.so.1.3.3 when create image OCPBUGS-11661 - AWS s3 policy changes block all OCP installs on AWS OCPBUGS-11669 - Bump to kubernetes 1.26.3 OCPBUGS-11683 - [4.13] Add Controller health to CEO liveness probe OCPBUGS-11694 - [4.13] Update legacy toolbox to use registry.redhat.io/rhel9/support-tools OCPBUGS-11706 - ccoctl cannot create STS documents in 4.10-4.13 due to s3 policy changes OCPBUGS-11750 - TuningCNI cnf-test failure: sysctl allowlist update OCPBUGS-11765 - [4.13] Keep current OpenSSH default config in RHCOS 9 OCPBUGS-11776 - [4.13] VSphereStorageDriver does not document the platform default OCPBUGS-11778 - Upgrade SNO: no resolv.conf caused by failure in forcedns dispatcher script OCPBUGS-11787 - Update 4.14 ose-vmware-vsphere-csi-driver image to be consistent with ART OCPBUGS-11789 - [4.13] Bootimage bump tracker OCPBUGS-11799 - [4.13] Bootimage bump tracker OCPBUGS-11823 - [Reliability]kube-apiserver's memory usage keep increasing to max 3GB in 7 days OCPBUGS-11848 - PtpOperatorsConfig not applying correctly OCPBUGS-11866 - Pipeline is not removed when Deployment/DC/Knative Service or Application is deleted OCPBUGS-11870 - [4.13] Nodes in Ironic are created without namespaces initially OCPBUGS-11876 - oc-mirror generated file-based catalogs crashloop OCPBUGS-11908 - Got the file exists error when different digest direct to the same tag OCPBUGS-11917 - the warn message won't disappear in co/node-tuning when scale down machineset OCPBUGS-11919 - Console metrics could have a high cardinality (4.13) OCPBUGS-11950 - fail to create vSphere IPI cluster as apiVIP and ingressVIP are not in machine networks OCPBUGS-11955 - NTP config not applied OCPBUGS-11968 - Instance shouldn't be moved back from f to a OCPBUGS-11985 - [4.13] Ironic inspector service should be proxied OCPBUGS-12172 - Users don't know what type of resource is being created by Import from Git or Deploy Image flows OCPBUGS-12179 - agent-tui is failing to start when using libnmstate.2 OCPBUGS-12186 - Pipeline doesn't render correctly when displayed but looks fine in edit mode OCPBUGS-12198 - create hosted cluster failed with aws s3 access issue OCPBUGS-12212 - cluster failed to convert from dualstack to ipv4 single stack OCPBUGS-12225 - Add new OCP 4.13 storage admission plugin OCPBUGS-12257 - Catalogs rebuilt by oc-mirror are in crashloop : cache is invalid OCPBUGS-12259 - oc-mirror fails to complete with heads only complaining about devworkspace-operator OCPBUGS-12271 - Hypershift conformance test fails new cpu partitioning tests OCPBUGS-12272 - Importing a kn Service shows a non-working Open URL decorator also when the Add Route checkbox was unselected OCPBUGS-12273 - When Creating Sample Devfile from the Samples Page, Topology Icon is not set OCPBUGS-12450 - [4.13] Fix Flake TestAttemptToScaleDown/scale_down_only_by_one_machine_at_a_time OCPBUGS-12465 - --use-oci-feature leads to confusion and needs to be better named OCPBUGS-12478 - CSI driver + operator containers are not pinned to mgmt cores OCPBUGS-1264 - e2e-vsphere-zones failing due to unable to parse cloud-config OCPBUGS-12698 - redfish-virtualmedia mount not working OCPBUGS-12703 - redfish-virtualmedia mount not working OCPBUGS-12708 - [4.13] Changing a PreprovisioningImage ImageURL and/or ExtraKernelParams should reboot the host OCPBUGS-1272 - "opm alpha render-veneer basic" doesn't support pipe stdin OCPBUGS-12737 - Multus admission controller must have "hypershift.openshift.io/release-image" annotation when CNO is managed by Hypershift OCPBUGS-12786 - OLM CatalogSources in guest cluster cannot pull images if pre-GA OCPBUGS-12804 - Dual stack VIPs incompatible with EnableUnicast setting OCPBUGS-12854 - cluster-reader role cannot access "k8s.ovn.org" API Group resources OCPBUGS-12862 - IPv6 ingress VIP not configured in keepalived on vSphere Dual-stack OCPBUGS-12865 - Kubernetes-NMState CI is perma-failing OCPBUGS-12933 - Node Tuning Operator crashloops when in Hypershift mode OCPBUGS-12994 - TCP DNS Local Preference is not working for Openshift SDN OCPBUGS-12999 - Backport owners through 4.13, 4.12 OCPBUGS-13029 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13 OCPBUGS-13057 - ppc64le releases don't install because ovs fails to start (invalid permissions) OCPBUGS-13069 - [whereabouts-cni] CNO must use reconciliation controller in order to support dual stack in 4.12 [4.13 dependency] OCPBUGS-13071 - CI fails on TestClientTLS OCPBUGS-13072 - Capture tests don't work in OVNK OCPBUGS-13076 - Load balancers/ Ingress controller removal race condition OCPBUGS-13157 - CI fails on TestRouterCompressionOperation OCPBUGS-13254 - Nutanix cloud provider should use Kubernetes 1.26 dependencies OCPBUGS-1327 - [IBMCloud] Worker machines unreachable during initial bring up OCPBUGS-1352 - OVN silently failing in case of a stuck pod OCPBUGS-1427 - Ignore non-ready endpoints when processing endpointslices OCPBUGS-1428 - service account token secret reference OCPBUGS-1435 - [Ingress Node Firewall Operator] [Web Console] Allow user to override namespace where the operator is installed, currently user can install it only in openshift-operators ns OCPBUGS-1443 - Unable to get ClusterVersion error while upgrading 4.11 to 4.12 OCPBUGS-1453 - TargetDown alert expression is NOT correctly joining kube-state-metrics metric OCPBUGS-1458 - cvo pod crashloop during bootstrap: featuregates: connection refused OCPBUGS-1486 - Avoid re-metric'ing the pods that are already setup when ovnkube-master disrupts/reinitializes/restarts/goes through leader election OCPBUGS-1557 - Default to floating automaticRestart for new GCP instances OCPBUGS-1560 - [vsphere] installation fails when only configure single zone in install-config OCPBUGS-1565 - Possible split brain with keepalived unicast OCPBUGS-1566 - Automation Offline CPUs Test cases OCPBUGS-1577 - Incorrect network configuration in worker node with two interfaces OCPBUGS-1604 - Common resources out-of-date when using multicluster switcher OCPBUGS-1606 - Multi-cluster: We should not filter OLM catalog by console pod architecture and OS on managed clusters OCPBUGS-1612 - [vsphere] installation errors out when missing topology in a failure domain OCPBUGS-1617 - Remove unused node.kubernetes.io/not-reachable toleration OCPBUGS-1627 - [vsphere] installation fails when setting user-defined folder in failure domain OCPBUGS-1646 - [osp][octavia lb] LBs type svcs not updated until all the LBs are created OCPBUGS-166 - 4.11 SNOs fail to complete install because of "failed to get pod annotation: timed out waiting for annotations: context deadline exceeded" OCPBUGS-1665 - Scorecard failed because of the request of PodSecurity OCPBUGS-1671 - Creating a statefulset with the example image from the UI on ARM64 leads to a Pod in crashloopbackoff due to the only-amd64 image provided OCPBUGS-1704 - [gcp] when the optional Service Usage API is disabled, IPI installation cannot succeed OCPBUGS-1725 - Affinity rule created in router deployment for single-replica infrastructure and "NodePortService" endpoint publishing strategy OCPBUGS-1741 - Can't load additional Alertmanager templates with latest 4.12 OpenShift OCPBUGS-1748 - PipelineRun templates must be fetched from OpenShift namespace OCPBUGS-1761 - osImages that cannot be pulled do not set the node as Degraded properly OCPBUGS-1769 - gracefully fail when iam:GetRole is denied OCPBUGS-1778 - Can't install clusters with schedulable masters OCPBUGS-1791 - Wait-for install-complete did not exit upon completion. OCPBUGS-1805 - [vsphere-csi-driver-operator] CSI cloud.conf doesn't list multiple datacenters when specified OCPBUGS-1807 - Ingress Operator startup bad log message formatting OCPBUGS-1844 - Ironic dnsmasq doesn't include existing DNS settings during iPXE boot OCPBUGS-1852 - [RHOCP 4.10] Subscription tab for operator doesn't land on correct URL OCPBUGS-186 - PipelineRun task status overlaps status text OCPBUGS-1998 - Cluster monitoring fails to achieve new level during upgrade w/ unavailable node OCPBUGS-2015 - TestCertRotationTimeUpgradeable failing consistently in kube-apiserver-operator OCPBUGS-2083 - OCP 4.10.33 uses a weak 3DES cipher in the VMWare CSI Operator for communication and provides no method to disable it OCPBUGS-2088 - User can set rendezvous host to be a worker OCPBUGS-2141 - doc link in PrometheusDataPersistenceNotConfigured message is 4.8 OCPBUGS-2145 - 'maxUnavailable' and 'minAvailable' on PDB creation page - i18n misses OCPBUGS-2209 - Hard eviction thresholds is different with k8s default when PAO is enabled OCPBUGS-2248 - [alibabacloud] IPI installation failed with master nodes being NotReady and CCM error "alicloud: unable to split instanceid and region from providerID" OCPBUGS-2260 - KubePodNotReady - Increase Tolerance During Master Node Restarts OCPBUGS-2306 - On Make Serverless page, to change values of the inputs minpod, maxpod and concurrency fields, we need to click the ? + ? or ? - ', it can't be changed by typing in it. OCPBUGS-2319 - metal-ipi upgrade success rate dropped 30+% in last week OCPBUGS-2384 - [2035720] [IPI on Alibabacloud] deploying a private cluster by 'publish: Internal' failed due to 'dns_public_record' OCPBUGS-2440 - unknown field logs in prometheus-operator OCPBUGS-2471 - BareMetalHost is available without cleaning if the cleaning attempt fails OCPBUGS-2479 - Right border radius is 0 for the pipeline visualization wrapper in dark mode OCPBUGS-2500 - Developer Topology always blanks with large contents when first rendering OCPBUGS-2513 - Disconnected cluster installation fails with pull secret must contain auth for "registry.ci.openshift.org" OCPBUGS-2525 - [CI Watcher] Ongoing timeout failures associated with multiple CRD-extensions tests OCPBUGS-2532 - Upgrades from 4.11.9 to latest 4.12.x Nightly builds do not succeed OCPBUGS-2551 - "Error loading" when normal user check operands on All namespaces OCPBUGS-2569 - ovn-k network policy races OCPBUGS-2579 - Helm Charts and Samples are not disabled in topology actions if actions are disabled in customization OCPBUGS-266 - Project Access tab cannot differentiate between users and groups OCPBUGS-2666 - create a project link not backed by RBAC check OCPBUGS-272 - Getting duplicate word "find" when kube-apiserver degraded=true if webhook matches a virtual resource OCPBUGS-2727 - ClusterVersionRecommendedUpdate condition blocks explicitly allowed upgrade which is not in the available updates OCPBUGS-2729 - should ignore enP.* NICs from node-exporter on Azure cluster OCPBUGS-2735 - Operand List Page Layout Incorrect on small screen size. OCPBUGS-2738 - CVE-2022-26945 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 ose-baremetal-installer-container: various flaws [openshift-4.13.z] OCPBUGS-2824 - The dropdown list component will be covered by deployment details page on Topology page OCPBUGS-2827 - OVNK: NAT issue for packets exceeding check_pkt_larger() for NodePort services that route to hostNetworked pods OCPBUGS-2841 - Need validation rule for supported arch OCPBUGS-2845 - Unable to use application credentials for Cinder CSI after OpenStack credentials update OCPBUGS-2847 - GCP XPN should only be available with Tech Preview OCPBUGS-2851 - [OCI feature] registries.conf support in oc mirror OCPBUGS-2852 - etcd failure: failed to make etcd client for endpoints [https://[2620:52:0:1eb:367x:5axx:xxx:xxx]:2379]: context deadline exceeded OCPBUGS-2868 - Container networking pods cannot be access hosted network pods on another node in ipv6 single stack cluster OCPBUGS-2873 - Prometheus doesn't reload TLS certificate and key files on disk OCPBUGS-2886 - The LoadBalaner section shouldn't be set when using Kuryr on cloud-provider OCPBUGS-2891 - AWS Deprovision Fails with unrecognized elastic load balancing resource type listener OCPBUGS-2895 - [RFE] 4.11 Azure DiskEncryptionSet static validation does not support upper-case letters OCPBUGS-2904 - If all the actions are disabled in add page, Details on/off toggle switch to be disabled OCPBUGS-2907 - provisioning of baremetal nodes fails when using multipath device as rootDeviceHints OCPBUGS-2921 - br-ex interface not configured makes ovnkube-node Pod to crashloop OCPBUGS-2922 - 'Status' column sorting doesn't work as expected OCPBUGS-2926 - Unable to gather OpenStack console logs since kernel cmd line has no console args OCPBUGS-2934 - Ingress node firewall pod 's events container on the node causing pod in CrashLoopBackOff state when sctp module is loaded on node OCPBUGS-2941 - CIRO unable to detect swift when content-type is omitted in 204-responses OCPBUGS-2946 - [AWS] curl network Loadbalancer always get "Connection time out" OCPBUGS-2948 - Whereabouts CNI timesout while iterating exclude range OCPBUGS-2988 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10" OCPBUGS-2991 - CI jobs are failing with: admission webhook "validation.csi.vsphere.vmware.com" denied the request OCPBUGS-2992 - metal3 pod crashloops on OKD in BareMetal IPI or assisted-installer bare metal installations OCPBUGS-2994 - Keepalived monitor stuck for long period of time on kube-api call while installing OCPBUGS-2996 - [4.13] Bootimage bump tracker OCPBUGS-3018 - panic in WaitForBootstrapComplete OCPBUGS-3021 - GCP: missing me-west1 region OCPBUGS-3024 - Service list shows undefined:80 when type is ExternalName or LoadBalancer OCPBUGS-3027 - Metrics are not available when running console in development mode OCPBUGS-3029 - BareMetalHost CR fails to delete on cluster cleanup OCPBUGS-3033 - Clicking the logo in the masthead goes to /dashboards, even if metrics are disabled OCPBUGS-3041 - Guard Pod Hostnames Too Long and Truncated Down Into Collisions With Other Masters OCPBUGS-3069 - Should show information on page if the upgrade to a target version doesn't take effect. OCPBUGS-3072 - Operator-sdk run bundle with old sqllite index image failed OCPBUGS-3079 - RPS hook only sets the first queue, but there are now many OCPBUGS-3085 - [IPI-BareMetal]: Dual stack deployment failed on BootStrap stage
OCPBUGS-3093 - The control plane should tag AWS security groups at creation OCPBUGS-3096 - The terraform binaries shipped by the installer are not statically linked OCPBUGS-3109 - Change text colour for ConsoleNotification that notifies user that the cluster is being OCPBUGS-3114 - CNO reporting incorrect status OCPBUGS-3123 - Operator attempts to render both GA and Tech Preview API Extensions OCPBUGS-3127 - nodeip-configuration retries forever on network failure, blocking ovs-configuration, spamming syslog OCPBUGS-3168 - Add Capacity button does not exist after upgrade OCP version [OCP4.11->OCP4.12] OCPBUGS-3172 - Console shouldn't try to install dynamic plugins if permissions aren't available OCPBUGS-3180 - Regression in ptp-operator conformance tests OCPBUGS-3186 - [ibmcloud] unclear error msg when zones is not match with the Subnets in BYON install OCPBUGS-3192 - [4.8][OVN] RHEL 7.9 DHCP worker ovs-configuration fails OCPBUGS-3195 - Service-ca controller exits immediately with an error on sigterm OCPBUGS-3206 - [sdn2ovn] Migration failed in vsphere cluster OCPBUGS-3207 - SCOS build fails due to pinned kernel OCPBUGS-3214 - Installer does not always add router CA to kubeconfig OCPBUGS-3228 - Broken secret created while starting a Pipeline OCPBUGS-3235 - Topology gets stuck loading OCPBUGS-3245 - ovn-kubernetes ovnkube-master containers crashlooping after 4.11.0-0.okd-2022-10-15-073651 update OCPBUGS-3248 - CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4] OCPBUGS-3253 - No warning when using wait-for vs. agent wait-for commands OCPBUGS-3272 - Unhealthy Readiness probe failed message failing CI when ovnkube DBs are still coming up OCPBUGS-3275 - No-op: Unable to retrieve machine from node "xxx": expecting one machine for node xxx got: [] OCPBUGS-3277 - Install failure in create-cluster-and-infraenv.service OCPBUGS-3278 - Shouldn't need to put host data in platform baremetal section in installconfig OCPBUGS-3280 - Install ends in preparing-failed due to container-images-available validation OCPBUGS-3283 - remove unnecessary RBAC in KCM OCPBUGS-3292 - DaemonSet "/openshift-network-diagnostics/network-check-target" is not available OCPBUGS-3314 - 'gitlab.secretReference' disappears when the buildconfig is edited on ?From View? OCPBUGS-3316 - Branch name should sanitised to match actual github branch name in repository plr list OCPBUGS-3320 - New master will be created if add duplicated failuredomains in controlplanemachineset OCPBUGS-3331 - Update dependencies in CMO release 4.13 OCPBUGS-3334 - Console should be using v1 apiVersion for ConsolePlugin model OCPBUGS-3337 - revert "force cert rotation every couple days for development" in 4.12 OCPBUGS-3338 - Environment cannot find Python OCPBUGS-3358 - Revert BUILD-407 OCPBUGS-3372 - error message is too generic when creating a silence with end time before start OCPBUGS-3373 - cluster-monitoring-view user can not list servicemonitors on "Observe -> Targets" page OCPBUGS-3377 - CephCluster and StorageCluster resources use the same paths OCPBUGS-3381 - Make ovnkube-trace work on hypershift deployments OCPBUGS-3382 - Unable to configure cluster-wide proxy OCPBUGS-3391 - seccomp profile unshare.json missing from nodes OCPBUGS-3395 - Event Source is visible without even creating knative-eventing and knative-serving. OCPBUGS-3404 - IngressController.spec.nodePlacement.nodeSelector.matchExpressions does not work OCPBUGS-3414 - Missing 'ImageContentSourcePolicy' and 'CatalogSource' in the oci fbc feature implementation OCPBUGS-3424 - Azure Disk CSI Driver Operator gets degraded without "CSISnapshot" capability OCPBUGS-3426 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13 OCPBUGS-3427 - Skip broken [sig-devex][Feature:ImageEcosystem] tests OCPBUGS-3438 - cloud-network-config-controller not using proxy settings of the management cluster OCPBUGS-3440 - Authentication operator doesn't respond to console being enabled OCPBUGS-3441 - Update cluster-authentication-operator not to go degraded without console OCPBUGS-3444 - [4.13] Descheduler pod is OOM killed when using descheduler-operator profiles on big clusters OCPBUGS-3456 - track rhcos-4.12 branch for fedora-coreos-config submodule OCPBUGS-3458 - Surface ClusterVersion RetrievedUpdates condition messages OCPBUGS-3465 - IBM operator needs deployment manifest fixes OCPBUGS-3473 - Allow listing crio and kernel versions in machine-os components OCPBUGS-3476 - Show Tag label and tag name if tag is detected in repository PipelineRun list and details page OCPBUGS-3480 - Baremetal Provisioning fails on HP Gen9 systems due to eTag handling OCPBUGS-3499 - Route CRD validation behavior must be the same as openshift-apiserver behavior OCPBUGS-3501 - Route CRD host-assignment behavior must be the same as openshift-apiserver behavior OCPBUGS-3502 - CRD-based and openshift-apiserver-based Route validation/defaulting must use the shared implementation OCPBUGS-3508 - masters repeatedly losing connection to API and going NotReady OCPBUGS-3524 - The storage account for the CoreOS image is publicly accessible when deploying fully private cluster on Azure OCPBUGS-3526 - oc fails to extract layers that set xattr on Darwin OCPBUGS-3539 - [OVN-provider]loadBalancer svc with monitors not working OCPBUGS-3612 - [IPI] Baremetal ovs-configure.sh script fails to start secondary bridge br-ex1 OCPBUGS-3621 - EUS upgrade stuck on worker pool update: error running skopeo inspect --no-tags OCPBUGS-3648 - Container security operator Image Manifest Vulnerabilities encounters runtime errors under some circumstances OCPBUGS-3659 - Expose AzureDisk metrics port over HTTPS OCPBUGS-3662 - don't enforce PSa in 4.12 OCPBUGS-3667 - PTP 4.12 Regression - CLOCK REALTIME status is locked when physical interface is down OCPBUGS-3668 - 4.12.0-rc.0 fails to deploy on VMware IPI OCPBUGS-3676 - After node's reboot some pods fail to start - deleteLogicalPort failed for pod cannot delete GR SNAT for pod OCPBUGS-3693 - Router e2e: drop template.openshift.io apigroup dependency OCPBUGS-3709 - Special characters in subject name breaks prefilling role binding form OCPBUGS-3713 - [vsphere-problem-detector] fully qualified username must be used when checking permissions OCPBUGS-3714 - 'oc adm upgrade ...' should expose ClusterVersion Failing=True OCPBUGS-3739 - Pod stuck in containerCreating state when the node on which it is running is Terminated OCPBUGS-3744 - Egress router POD creation is failing while using openshift-sdn network plugin OCPBUGS-3755 - Create Alertmanager silence form does not explain the new "Negative matcher" option OCPBUGS-3761 - Consistent e2e test failure:Events.Events: event view displays created pod OCPBUGS-3765 - [RFE] Add kernel-rpm-macros to DTK image OCPBUGS-3771 - contrib/multicluster-environment.sh needs to be updated to work with ACM cluster proxy OCPBUGS-3776 - Manage columns tooltip remains displayed after dialog is closed OCPBUGS-3777 - [Dual Stack] ovn-ipsec crashlooping due to cert signing issues OCPBUGS-3797 - [4.13] Bump OVS control plane to get "ovsdb/transaction.c: Refactor assess_weak_refs." OCPBUGS-3822 - Cluster-admin cannot know whether operator is fully deleted or not after normal user trigger "Delete CSV" OCPBUGS-3827 - CCM not able to remove a LB in ERROR state OCPBUGS-3877 - RouteTargetReference missing default for "weight" in Route CRD v1 schema OCPBUGS-3880 - [Ingress Node Firewall] Change the logo used for ingress node firewall operator OCPBUGS-3883 - Hosted ovnkubernetes pods are not being spread among workers evenly OCPBUGS-3896 - Console nav toggle button reports expanded in both expanded and not expanded states OCPBUGS-3904 - Delete/Add a failureDomain in CPMS to trigger update cannot work right on GCP OCPBUGS-3909 - Node is degraded when a machine config deploys a unit with content and mask=true OCPBUGS-3916 - expr for SDNPodNotReady is wrong due to there is not node label for kube_pod_status_ready OCPBUGS-3919 - Azure: unable to configure EgressIP if an ASG is set OCPBUGS-3921 - Openshift-install bootstrap operation cannot find a cloud defined in clouds.yaml in the current directory OCPBUGS-3923 - [CI] cluster-monitoring-operator produces more watch requests than expected OCPBUGS-3924 - Remove autoscaling/v2beta2 in 4.12 and later OCPBUGS-3929 - Use flowcontrol/v1beta2 for apf manifests in 4.13 OCPBUGS-3931 - When all extensions are installed, "libkadm5" rpm package is duplicated in the rpm -q command OCPBUGS-3933 - Fails to deprovision cluster when swift omits 'content-type' OCPBUGS-3945 - Handle 0600 kubeconfig OCPBUGS-3951 - Dynamic plugin extensions disappear from the UI when a codeRef fails to load OCPBUGS-3960 - Use kernel-rt from ose repo OCPBUGS-3965 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce OCPBUGS-3973 - [SNO] csi-snapshot-controller CO is degraded when upgrade from 4.12 to 4.13 and reports permissions issue. OCPBUGS-3974 - CIRO panics when suspended flag is nil OCPBUGS-3975 - "Failed to open directory, disabling udev device properties" in node-exporter logs OCPBUGS-3978 - AWS EBS CSI driver operator is degraded without "CSISnapshot" capability OCPBUGS-3985 - Allow PSa enforcement in 4.13 by using featuresets OCPBUGS-3987 - Some nmstate validations are skipped when NM config is in agent-config.yaml OCPBUGS-3990 - HyperShift control plane operators have wrong priorityClass OCPBUGS-3993 - egressIP annotation including two interfaces when multiple networks OCPBUGS-4000 - fix operator naming convention OCPBUGS-4008 - Console deployment does not roll out when managed cluster configmap is updated OCPBUGS-4012 - Disabled Serverless add actions should not be displayed in topology menu OCPBUGS-4026 - Endless rerender loop and a stuck browser on the add and topology page when SBO is installed OCPBUGS-4047 - [CI-Watcher] e2e test flake: Create key/value secrets Validate a key/value secret OCPBUGS-4049 - MCO reconcile fails if user replace the pull secret to empty one OCPBUGS-4052 - [ALBO] OpenShift Load Balancer Operator does not properly support cluster wide proxy OCPBUGS-4054 - cluster-ingress-operator's configurable-route controller's startup is noisy OCPBUGS-4089 - Kube-State-metrics pod fails to start due to panic OCPBUGS-4090 - OCP on OSP - Image registry is deployed with cinder instead of swift storage backend OCPBUGS-4101 - Empty/missing node-sizing SYSTEM_RESERVED_ES parameter can result in kubelet not starting OCPBUGS-4110 - Form footer buttons are misaligned in web terminal form OCPBUGS-4119 - Random SYN drops in OVS bridges of OVN-Kubernetes OCPBUGS-4166 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13 OCPBUGS-4168 - Prometheus continuously restarts due to slow WAL replay OCPBUGS-4173 - vsphere-problem-detector should re-check passwords after change OCPBUGS-4181 - Prometheus and Alertmanager incorrect ExternalURL configured OCPBUGS-4184 - Use mTLS authentication for all monitoring components instead of bearer token OCPBUGS-4203 - Unnecessary padding around alert atop debug pod terminal OCPBUGS-4206 - getContainerStateValue contains incorrectly internationalized text OCPBUGS-4207 - Remove debug level logging on openshift-config-operator OCPBUGS-4219 - Add runbook link to PrometheusRuleFailures OCPBUGS-4225 - [4.13] boot sequence override request fails with Base.1.8.PropertyNotWritable on Lenovo SE450 OCPBUGS-4232 - CNCC: Wrong log format for Azure locking OCPBUGS-4245 - L2 does not work if a metallb is not able to listen to arp requests on a single interface OCPBUGS-4252 - Node Terminal tab results in error OCPBUGS-4253 - Add PodNetworkConnectivityCheck for must-gather OCPBUGS-4266 - crio.service should use a more safe restart policy to provide recoverability against concurrency issues OCPBUGS-4279 - Custom Victory-Core components in monitoring ui code causing build issues OCPBUGS-4280 - Return 0 when oc import-image failed OCPBUGS-4282 - [IR-269]Can't pull sub-manifest image using imagestream of manifest list OCPBUGS-4291 - [OVN]Sometimes after reboot egress node, egress IP cannot be applied anymore. OCPBUGS-4293 - Specify resources.requests for operator pod OCPBUGS-4298 - Specify resources.requests for operator pod OCPBUGS-4302 - Specify resources.requests for operator pod OCPBUGS-4305 - [4.13] Improve ironic logging configuration in metal3 OCPBUGS-4317 - [IBM][4.13][Snapshot] restore size in snapshot is not the same size of pvc request size OCPBUGS-4328 - Update installer images to be consistent with ART OCPBUGS-434 - After FIPS enabled in S390X, ingress controller in degraded state OCPBUGS-4343 - Use flowcontrol/v1beta3 for apf manifests in 4.13 OCPBUGS-4347 - set TLS cipher suites in Kube RBAC sidecars OCPBUGS-4350 - CNO in HyperShift reports upgrade complete in clusteroperator prematurely OCPBUGS-4352 - [RHOCP] HPA shows different API versions in web console OCPBUGS-4357 - Bump samples operator k8s dep to 1.25.2 OCPBUGS-4359 - cluster-dns-operator corrupts /etc/hosts when fs full OCPBUGS-4367 - Debug log messages missing from output and Info messages malformed OCPBUGS-4377 - Service name search ability while creating the Route from console OCPBUGS-4401 - limit cluster-policy-controller RBAC permissions OCPBUGS-4411 - ovnkube node pod crashed after converting to a dual-stack cluster network OCPBUGS-4417 - ip-reconciler removes the overlappingrangeipreservations whether the pod is alive or not OCPBUGS-4425 - Egress FW ACL rules are invalid in dualstack mode OCPBUGS-4447 - [MetalLB Operator] The CSV needs an update to reflect the correct version of operator OCPBUGS-446 - Cannot Add a project from DevConsole in airgap mode using git importing OCPBUGS-4483 - apply retry logic to ovnk-node controllers OCPBUGS-4490 - hypershift: csi-snapshot-controller uses wrong kubeconfig OCPBUGS-4491 - hypershift: aws-ebs-csi-driver-operator uses wrong kubeconfig OCPBUGS-4492 - [4.13] The property TransferProtocolType is required for VirtualMedia.InsertMedia OCPBUGS-4502 - [4.13] [OVNK] Add support for service session affinity timeout OCPBUGS-4516 - oc-mirror does not work as expected relative path for OCI format copy OCPBUGS-4517 - Better to detail the --command-os of mac for oc adm release extract command OCPBUGS-4521 - all kubelet targets are down after a few hours OCPBUGS-4524 - Hold lock when deleting completed pod during update event OCPBUGS-4525 - Don't log in iterateRetryResources when there are no retry entries OCPBUGS-4535 - There is no 4.13 gcp-filestore-csi-driver-operator version for test OCPBUGS-4536 - Image registry panics while deploying OCP in eu-south-2 AWS region OCPBUGS-4537 - Image registry panics while deploying OCP in eu-central-2 AWS region OCPBUGS-4538 - Image registry panics while deploying OCP in ap-south-2 AWS region OCPBUGS-4541 - Azure: remove deprecated ADAL OCPBUGS-4546 - CVE-2021-38561 ose-installer-container: golang: out-of-bounds read in golang.org/x/text/language leads to DoS [openshift-4] OCPBUGS-4549 - Azure: replace deprecated AD Graph API OCPBUGS-4550 - [CI] console-operator produces more watch requests than expected OCPBUGS-4571 - The operator recommended namespace is incorrect after change installation mode to "A specific namespace on the cluster" OCPBUGS-4574 - Machine stuck in no phase when creating in a nonexistent zone and stuck in Deleting when deleting on GCP OCPBUGS-463 - OVN-Kubernetes should not send IPs with leading zeros to OVN OCPBUGS-4630 - Bump documentationBaseURL to 4.13 OCPBUGS-4635 - [OCP 4.13] ironic container images have old packages OCPBUGS-4638 - Support RHOBS monitoring for HyperShift in CNO OCPBUGS-4652 - Fixes for RHCOS 9 based on RHEL 9.0 OCPBUGS-4654 - Azure: UPI: Fix storage arm template to work with Galleries and MAO OCPBUGS-4659 - Network Policy executes duplicate transactions for every pod update OCPBUGS-4684 - In DeploymentConfig both the Form view and Yaml view are not in sync OCPBUGS-4689 - SNO not able to bring up Provisioning resource in 4.11.17 OCPBUGS-4691 - Topology sidebar actions doesn't show the latest resource data OCPBUGS-4692 - PTP operator: Use priority class node critical OCPBUGS-4700 - read-only update UX: confusing "Update blocked" pop-up OCPBUGS-4701 - read-only update UX: confusing "Control plane is hosted" banner OCPBUGS-4703 - Router can migrate to use LivenessProbe.TerminationGracePeriodSeconds OCPBUGS-4712 - ironic-proxy daemonset not deleted when provisioningNetwork is changed from Disabled to Managed/Unmanaged OCPBUGS-4724 - [4.13] egressIP annotations not present on OpenShift on Openstack multiAZ installation OCPBUGS-4725 - mapi_machinehealthcheck_short_circuit not properly reconciling causing MachineHealthCheckUnterminatedShortCircuit alert to fire OCPBUGS-4746 - Removal of detection of host kubelet kubeconfig breaks IBM Cloud ROKS OCPBUGS-4756 - OLM generates invalid component selector labels OCPBUGS-4757 - Revert Catalog PSA decisions for 4.13 (OLM) OCPBUGS-4758 - Revert Catalog PSA decisions for 4.13 (Marketplace) OCPBUGS-4769 - Old AWS boot images vs. 4.12: unknown provider 'ec2' OCPBUGS-4780 - Update openshift/builder release-4.13 to go1.19 OCPBUGS-4781 - Get Helm Release seems to be using List Releases api OCPBUGS-4793 - CMO may generate Kubernetes events with a wrong object reference OCPBUGS-4802 - Update formatting with gofmt for go1.19 OCPBUGS-4825 - Pods completed + deleted may leak OCPBUGS-4827 - Ingress Controller is missing a required AWS resource permission for SC2S region us-isob-east-1 OCPBUGS-4873 - openshift-marketplace namespace missing "audit-version" and "warn-version" PSA label OCPBUGS-4874 - Baremetal host data is still sometimes required OCPBUGS-4883 - Default Git type to other info alert should get remove after changing the git type OCPBUGS-4894 - Disabled Serverless add actions should not be displayed for Knative Service OCPBUGS-4899 - coreos-installer output not available in the logs OCPBUGS-4900 - Volume limits test broken on AWS and GCP TechPreview clusters OCPBUGS-4906 - Cross-namespace template processing is not being tested OCPBUGS-4909 - Can't reach own service when egress netpol are enabled OCPBUGS-4913 - Need to wait longer for VM to obtain IP from DHCP OCPBUGS-4941 - Fails to deprovision cluster when swift omits 'content-type' and there are empty containers OCPBUGS-4950 - OLM K8s Dependencies should be at 1.25 OCPBUGS-4954 - [IBMCloud] COS Reclamation prevents ResourceGroup cleanup OCPBUGS-4955 - Bundle Unpacker Using "Always" ImagePullPolicy for digests OCPBUGS-4969 - ROSA Machinepool EgressIP Labels Not Discovered OCPBUGS-4975 - Missing translation in ceph storage plugin OCPBUGS-4986 - precondition: Do not claim warnings would have blocked OCPBUGS-4997 - Agent ISO does not respect proxy settings OCPBUGS-5001 - MachineConfigControllerPausedPoolKubeletCA should have a working runbook URI OCPBUGS-501 - oc get dc fails when AllRequestBodies audit-profile is set in apiserver OCPBUGS-5010 - Should always delete the must-gather pod when run the must-gather OCPBUGS-5016 - Editing Pipeline in the ocp console to get information error OCPBUGS-5018 - Upgrade from 4.11 to 4.12 with Windows machine workers (Spot Instances) failing due to: hcnCreateEndpoint failed in Win32: The object already exists. OCPBUGS-5036 - Cloud Controller Managers do not react to changes in configuration leading to assorted errors OCPBUGS-5045 - unit test data race with egress ip tests OCPBUGS-5068 - [4.13] virtual media provisioning fails when iLO Ironic driver is used OCPBUGS-5073 - Connection reset by peer issue with SSL OAuth Proxy when route objects are created more than 80. OCPBUGS-5079 - [CI Watcher] pull-ci-openshift-console-master-e2e-gcp-console jobs: Process did not finish before 4h0m0s timeout OCPBUGS-5085 - Should only show the selected catalog when after apply the ICSP and catalogsource OCPBUGS-5101 - [GCP] [capi] Deletion of cluster is happening , it shouldn't be allowed OCPBUGS-5116 - machine.openshift.io API is not supported in Machine API webhooks OCPBUGS-512 - Permission denied when write data to mounted gcp filestore volume instance OCPBUGS-5124 - kubernetes-nmstate does not pass CVP tests in 4.12 OCPBUGS-5136 - provisioning on ilo4-virtualmedia BMC driver fails with error: "Creating vfat image failed: Unexpected error while running command" OCPBUGS-5140 - [alibabacloud] IPI install got bootstrap failure and without any node ready, due to enforced EIP bandwidth 5 Mbit/s OCPBUGS-5151 - Installer - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install OCPBUGS-5164 - Add support for API version v1beta1 for knativeServing and knativeEventing OCPBUGS-5165 - Dev Sandbox clusters uses clusterType OSD and there is no way to enforce DEVSANDBOX OCPBUGS-5182 - [azure] Fail to create master node with vm size in family ECIADSv5 and ECIASv5 OCPBUGS-5184 - [azure] Fail to create master node with vm size in standardNVSv4Family OCPBUGS-5188 - Wrong message in MCCDrainError alert OCPBUGS-5234 - [azure] Azure Stack Hub (wwt) UPI installation failed to scale up worker nodes using machinesets OCPBUGS-5235 - mapi_instance_create_failed metric cannot work when set acceleratedNetworking: true on Azure OCPBUGS-5269 - remove unnecessary RBAC in KCM: file removal OCPBUGS-5275 - remove unnecessary RBAC in OCM OCPBUGS-5287 - Bug with Red Hat Integration - 3scale - Managed Application Services causes operator-install-single-namespace.spec.ts to fail OCPBUGS-5292 - Multus: Interface name contains an invalid character / [ocp 4.13] OCPBUGS-5300 - WriteRequestBodies audit profile records routes/status events at RequestResponse level OCPBUGS-5306 - One old machine stuck in Deleting and many co get degraded when doing master replacement on the cluster with OVN network OCPBUGS-5346 - Reported vSphere Connection status is misleading OCPBUGS-5347 - Clusteroperator Available condition is updated every 2 mins when operator is disabled OCPBUGS-5353 - Dashboard graph should not be stacked - Kubernetes / Compute Resources / Pod Dashboard OCPBUGS-5410 - [AWS-EBS-CSI-Driver] provision volume using customer kms key couldn't restore its snapshot successfully OCPBUGS-5423 - openshift-marketplace pods cause PodSecurityViolation alert to fire OCPBUGS-5428 - Many plugin SDK extension docs are missing descriptions OCPBUGS-5432 - Downstream Operator-SDK v1.25.1 to OCP 4.13 OCPBUGS-5458 - wal: max entry size limit exceeded OCPBUGS-5465 - Context Deadline exceeded when PTP service is disabled from the switch OCPBUGS-5466 - Default CatalogSource aren't always reverted to default settings OCPBUGS-5492 - CI "[Feature:bond] should create a pod with bond interface" fail for MTU migration jobs OCPBUGS-5497 - MCDRebootError alarm disappears after 15 minutes OCPBUGS-5498 - Host inventory quick start for OCP OCPBUGS-5505 - Upgradeability check is throttled too much and with unnecessary non-determinism OCPBUGS-5508 - Report topology usage in vSphere environment via telemetry OCPBUGS-5517 - [Azure/ARO] Update Azure SDK to v63.1.0+incompatible OCPBUGS-5520 - MCDPivotError alert fires due temporary transient failures OCPBUGS-5523 - Catalog, fatal error: concurrent map read and map write OCPBUGS-5524 - Disable vsphere intree tests that exercise multiple tests OCPBUGS-5534 - [UI] When OCP and ODF are upgraded, refresh web console pop-up doesn't appear after ODF upgrade resulting in dashboard crash OCPBUGS-5540 - Typo in WTO for Milliseconds OCPBUGS-5542 - Project dropdown order is not as smart as project list page order OCPBUGS-5546 - Machine API Provider Azure should not modify the Machine spec OCPBUGS-5547 - Webhook Secret (1 of 2) is not removed when Knative Service is deleted OCPBUGS-5559 - add default noProxy config for Azure OCPBUGS-5733 - [Openshift Pipelines] Description of parameters are not shown in pipelinerun description page OCPBUGS-5734 - Azure: VIP 168.63.129.16 should be noProxy to all clouds except Public OCPBUGS-5736 - The main section of the page will keep loading after normal user login OCPBUGS-5759 - Deletion of BYOH Windows node hangs in Ready,SchedulingDisabled OCPBUGS-5802 - update sprig to v3 in cno OCPBUGS-5836 - Incorrect redirection when user try to download windows oc binary OCPBUGS-5842 - executes /host/usr/bin/oc OCPBUGS-5851 - [CI-Watcher]: Using OLM descriptor components deletes operand OCPBUGS-5873 - etcd_object_counts is deprecated and replaced with apiserver_storage_objects, causing "etcd Object Count" dashboard to only show OpenShift resources OCPBUGS-5888 - Failed to install 4.13 ocp on SNO with "error during syncRequiredMachineConfigPools" OCPBUGS-5891 - oc-mirror heads-only does not work with target name OCPBUGS-5903 - gather default ingress controller definition OCPBUGS-5922 - [2047299 Jira placeholder] nodeport not reachable port connection timeout OCPBUGS-5939 - revert "force cert rotation every couple days for development" in 4.13 OCPBUGS-5948 - Runtime error using API Explorer with AdmissionReview resource OCPBUGS-5949 - oc --icsp mapping scope does not match openshift icsp mapping scope OCPBUGS-5959 - [4.13] Bootimage bump tracker OCPBUGS-5988 - Degraded etcd on assisted-installer installation- bootstrap etcd is not removed properly OCPBUGS-5991 - Kube APIServer panics in admission controller OCPBUGS-5997 - Add Git Repository form shows empty permission content and non-working help link until a git url is entered OCPBUGS-6004 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10" OCPBUGS-6011 - openshift-client package has wrong version of kubectl bundled OCPBUGS-6018 - The MCO can generate a rendered config with old KubeletConfig contents, blocking upgrades OCPBUGS-6026 - cannot change /etc folder ownership inside pod OCPBUGS-6033 - metallb 4.12.0-202301042354 (OCP 4.12) refers to external image OCPBUGS-6049 - Do not show UpdateInProgress when status is Failing OCPBUGS-6053 - availableUpdates: null results in run-time error on Cluster Settings page OCPBUGS-6055 - thanos-ruler-user-workload-1 pod is getting repeatedly re-created after upgrade do 4.10.41 OCPBUGS-6063 - PVs(vmdk) get deleted when scaling down machineSet with vSphere IPI OCPBUGS-6089 - Unnecessary event reprocessing OCPBUGS-6092 - ovs-configuration.service fails - Error: Connection activation failed: No suitable device found for this connection OCPBUGS-6097 - CVO hotloops on ImageStream and logs the information incorrectly OCPBUGS-6098 - Show Git icon and URL in repository link in PLR details page should be based on the git provider OCPBUGS-6101 - Daemonset is not upgraded after operator upgrade OCPBUGS-6175 - Image registry Operator does not use Proxy when connecting to openstack OCPBUGS-6185 - Update 4.13 ose-cluster-config-operator image to be consistent with ART OCPBUGS-6187 - Update 4.13 openshift-state-metrics image to be consistent with ART OCPBUGS-6189 - Update 4.13 ose-cluster-authentication-operator image to be consistent with ART OCPBUGS-6191 - Update 4.13 ose-network-metrics-daemon image to be consistent with ART OCPBUGS-6197 - Update 4.13 ose-openshift-apiserver image to be consistent with ART OCPBUGS-6201 - Update 4.13 openshift-enterprise-pod image to be consistent with ART OCPBUGS-6202 - Update 4.13 ose-cluster-kube-apiserver-operator image to be consistent with ART OCPBUGS-6213 - Update 4.13 ose-machine-config-operator image to be consistent with ART OCPBUGS-6222 - Update 4.13 ose-alibaba-cloud-csi-driver image to be consistent with ART OCPBUGS-6228 - Update 4.13 coredns image to be consistent with ART OCPBUGS-6231 - Update 4.13 ose-kube-storage-version-migrator image to be consistent with ART OCPBUGS-6232 - Update 4.13 marketplace-operator image to be consistent with ART OCPBUGS-6233 - Update 4.13 ose-cluster-openshift-apiserver-operator image to be consistent with ART OCPBUGS-6234 - Update 4.13 ose-cluster-bootstrap image to be consistent with ART OCPBUGS-6235 - Update 4.13 cluster-network-operator image to be consistent with ART OCPBUGS-6238 - Update 4.13 oauth-server image to be consistent with ART OCPBUGS-6240 - Update 4.13 ose-cluster-kube-storage-version-migrator-operator image to be consistent with ART OCPBUGS-6241 - Update 4.13 operator-lifecycle-manager image to be consistent with ART OCPBUGS-6247 - Update 4.13 ose-cluster-ingress-operator image to be consistent with ART OCPBUGS-6262 - Add more logs to "oc extract" in mco-first boot service OCPBUGS-6265 - When installing SNO with bootstrap in place it takes CVO 6 minutes to acquire the leader lease OCPBUGS-6270 - Irrelevant vsphere platform data is required OCPBUGS-6272 - E2E tests: Entire pipeline flow from Builder page Start the pipeline with workspace OCPBUGS-631 - machineconfig service is failed to start because Podman storage gets corrupted OCPBUGS-6486 - Image upload fails when installing cluster OCPBUGS-6503 - admin ack test nondeterministically does a check post-upgrade OCPBUGS-6504 - IPI Baremetal Master Node in DualStack getting fd69:: address randomly, OVN CrashLoopBackOff OCPBUGS-6507 - Don't retry network policy peer pods if ips couldn't be fetched OCPBUGS-6577 - Node-exporter NodeFilesystemAlmostOutOfSpace alert exception needed OCPBUGS-6610 - Developer - Topology : 'Filter by resource' drop-down i18n misses OCPBUGS-6621 - Image registry panics while deploying OCP in ap-southeast-4 AWS region OCPBUGS-6624 - Issue deploying the master node with IPI OCPBUGS-6634 - Let the console able to build on other architectures and compatible with prow builds OCPBUGS-6646 - Ingress node firewall CI is broken with latest OCPBUGS-6647 - User Preferences - Applications : Resource type drop-down i18n misses OCPBUGS-6651 - Nodes unready in PublicAndPrivate / Private Hypershift setups behind a proxy OCPBUGS-6660 - Uninstall Operator? modal instructions always reference optional checkbox OCPBUGS-6663 - Platform baremetal warnings during create image when fields not defined OCPBUGS-6682 - [OVN] ovs-configuration vSphere vmxnet3 allmulti workaround is now permanent OCPBUGS-6698 - Fix conflict error message in cluster-ingress-operator's ensureNodePortService OCPBUGS-6700 - Cluster-ingress-operator's updateIngressClass function logs success message when error OCPBUGS-6701 - The ingress-operator spuriously updates ingressClass on startup OCPBUGS-6714 - Traffic from egress IPs was interrupted after Cluster patch to Openshift 4.10.46 OCPBUGS-672 - Redhat-operators are failing regularly due to startup probe timing out which in turn increases CPU/Mem usage on Master nodes OCPBUGS-6722 - s390x: failed to generate asset "Image": multiple "disk" artifacts found OCPBUGS-6730 - Pod latency spikes are observed when there is a compaction/leadership transfer OCPBUGS-6731 - Gathered Environment variables (HTTP_PROXY/HTTPS_PROXY) may contain sensible information and should be obfuscated OCPBUGS-6741 - opm fails to serve FBC if cachedir not provided OCPBUGS-6757 - Pipeline Repository (Pipeline-as-Code) list page shows an empty Event type column OCPBUGS-6760 - Couldn't update/delete cpms on gcp private cluster OCPBUGS-6762 - Enhance the user experience for the name-filter-input on Metrics target page OCPBUGS-6765 - "Delete dependent objects of this resource" might cause confusions OCPBUGS-6777 - [gcp][CORS-1988] "create manifests" without an existing "install-config.yaml" missing 4 YAML files in "/openshift" which leads to "create cluster" failure OCPBUGS-6781 - gather Machine objects OCPBUGS-6797 - Empty IBMCOS storage config causes operator to crashloop OCPBUGS-6799 - Repositories list does not show the running pipelinerun as last pipelinerun OCPBUGS-6809 - Uploading large layers fails with "blob upload invalid" OCPBUGS-6811 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13 OCPBUGS-6821 - Update NTO images to be consistent with ART OCPBUGS-6832 - Include openshift_apps_deploymentconfigs_strategy_total to recent_metrics OCPBUGS-6893 - Dev console doesn't finish loading for users with limited access OCPBUGS-6902 - 4.13-e2e-metal-ipi-upgrade-ovn-ipv6 on permafail OCPBUGS-6917 - MultinetworkPolicy: unknown service runtime.v1alpha2.RuntimeService OCPBUGS-6925 - Update OWNERS_ALIASES in release-4.13 branch OCPBUGS-6945 - OS Release reports incorrect version ID OCPBUGS-6953 - ovnkube-master panic nil deref OCPBUGS-6955 - panic in an ovnkube-master pod OCPBUGS-6962 - 'agent_installer' invoker not showing up in telemetry OCPBUGS-6977 - pod-identity-webhook replicas=2 is failing single node jobs OCPBUGS-6978 - Index violation on IGMP_Group during upgrade from 4.12.0 to 4.12.1 OCPBUGS-6994 - All Clusters perspective is not activated automatically when ACM is installed OCPBUGS-702 - The caBundle field of alertmanagerconfigs.monitoring.coreos.com crd is getting removed OCPBUGS-7031 - Pipelines repository list and creation form doesn't show Tech Preview status OCPBUGS-7090 - Add to navigation button in search result does nothing OCPBUGS-7102 - OLM downstream utest fails due to new release-XX+1 branch creation OCPBUGS-7106 - network-tools needs to be updated to give ovn-k master leader info OCPBUGS-7118 - OCP 4.12 does not support launching SGX enclaves OCPBUGS-7144 - On mobile screens, At pipeline details page the info alert on metrics tab is not showing correctly OCPBUGS-7149 - IPv6 multinode spoke no moving from rebooting/configuring stage OCPBUGS-7173 - [OVN] DHCP timeouts on Azure arm64, install fails OCPBUGS-7180 - [4.13] Bootimage bump tracker OCPBUGS-7186 - [gcp][CORS-2424] with "secureBoot" enabled, after deleting control-plane machine, the new machine is created with "enableSecureBoot" being False unexpectedly OCPBUGS-7195 - [CI-Watcher] e2e issue with tests: Create Samples Page Timeout Error OCPBUGS-7199 - [CI-Watcher] e2e issue with tests: Interacting with CatalogSource page OCPBUGS-7204 - Manifests generated to multiple "results-xxx" folders when using the oci feature with OCI and nonOCI catalogs OCPBUGS-7207 - MTU migration configuration is cleaned up prematurely while in progress OCPBUGS-723 - ClusterResourceQuota values are not reflecting. OCPBUGS-7268 - [4.13] Modify the PSa pod extractor to mutate pod controller pod specs OCPBUGS-7284 - Hypershift failing new SCC conformance tests OCPBUGS-7291 - ptp keeps trying to start phc2sys even if it's configured as empty string in phc2sysOpts OCPBUGS-7293 - RHCOS 9.2 Failing to Bootstrap on Metal, OpenStack, vSphere (all baremetal runtime platforms) OCPBUGS-7300 - aws-ebs-csi-driver-operator crash loops with HC proxy configured OCPBUGS-7301 - Not possible to use certain start addresses in whereabouts IPv6 range [Backport 4.13] OCPBUGS-7308 - Download kubeconfig for ServiceAccount returns error OCPBUGS-7354 - Installation failed on Azure SDN as network is degraded OCPBUGS-7356 - Default channel on OCP 4.13 should be stable-4.13 OCPBUGS-7359 - [Azure] Replace master failed as new master did not add into lb backend OCPBUGS-736 - Kuryr uses default MTU for service network OCPBUGS-7366 - [gcp] New machine stuck in Provisioning when delete one zone from cpms on gcp with customer vpc OCPBUGS-7372 - fail early on missing node status envs OCPBUGS-7374 - set default timeouts in etcdcli OCPBUGS-7391 - Monitoring operator long delay reconciling extension-apiserver-authentication OCPBUGS-7399 - In the Edit application mode, the name of the added pipeline is not displayed anymore OCPBUGS-7408 - AzureDisk CSI driver does not compile with cachito OCPBUGS-7412 - gomod dependencies failures in 4.13-4.14 container builds OCPBUGS-7417 - gomod dependencies failures in 4.13-4.14 container builds OCPBUGS-7418 - Default values for Scaling fields is not set in Create Serverless function form OCPBUGS-7419 - CVO delay when setting clusterversion available status to true
OCPBUGS-7421 - Missing i18n key for PAC section in Git import form OCPBUGS-7424 - Bump cluster-ingress-operator to k8s APIs v0.26.1 OCPBUGS-7427 - dynamic-demo-plugin.spec.ts requires 10 minutes of unnecessary wait time OCPBUGS-7438 - Egress service does not handle invalid nodeSelectors correctly OCPBUGS-7482 - Fix handling of single failure-domain (non-tagged) deployments in vsphere OCPBUGS-7483 - Hypershift installs on "platform: none" are broken OCPBUGS-7488 - test flake: should not reconcile SC when state is Unmanaged OCPBUGS-7495 - Platform type is ignored OCPBUGS-7517 - Helm page crashes on old releases with a new Secret OCPBUGS-7519 - NFS Storage Tests trigger Kernel Panic on Azure and Metal OCPBUGS-7523 - Add new AWS regions for ROSA OCPBUGS-7542 - Bump router to k8s APIs v0.26.1 OCPBUGS-7555 - Enable default sysctls for kubelet OCPBUGS-7558 - Rebase coredns to 1.10.1 OCPBUGS-7563 - vSphere install can't complete with out-of-tree CCM OCPBUGS-7579 - [azure] failed to parse client certificate when using certificate-based Service Principal with passpharse OCPBUGS-7611 - PTPOperator config transportHost with AMQ is not detected OCPBUGS-7616 - vSphere multiple in-tree test failures (non-zonal) OCPBUGS-7617 - Azure Disk volume is taking time to attach/detach OCPBUGS-7622 - vSphere UPI jobs failing with 'Managed cluster should have machine resources' OCPBUGS-7648 - Bump cluster-dns-operator to k8s APIs v0.26.1 OCPBUGS-7689 - Project Admin is able to Label project with empty string in RHOCP 4 OCPBUGS-7696 - [ Azure ]not able to deploy machine with publicIp:true OCPBUGS-7707 - /etc/NetworkManager/dispatcher.d needs to be relabeled during pivot from 8.6 to 9.2 OCPBUGS-7719 - Update to 4.13.0-ec.3 stuck on leaked MachineConfig OCPBUGS-7729 - Remove ETCD liviness probe. OCPBUGS-7731 - Need to cancel threads when agent-tui timeout is stopped OCPBUGS-7733 - Afterburn fails on AWS/GCP clusters born in OCP 4.1/4.2 OCPBUGS-7743 - SNO upgrade from 4.12 to 4.13 rhel9.2 is broken cause of dnsmasq default config OCPBUGS-7750 - fix gofmt check issue in network-metrics-daemon OCPBUGS-7754 - ART having trouble building olm images OCPBUGS-7774 - RawCNIConfig is printed in byte representation on failure, not human readable OCPBUGS-7785 - migrate to using Lease for leader election OCPBUGS-7806 - add "nfs-export" under PV details page OCPBUGS-7809 - sg3_utils package is missing in the assisted-installer-agent Docker file OCPBUGS-781 - ironic-proxy is using a deprecated field to fetch cluster VIP OCPBUGS-7833 - Storage tests failing in no-capabilities job OCPBUGS-7837 - hypershift: aws-ebs-csi-driver-operator uses guest cluster proxy causing PV provisioning failure OCPBUGS-7860 - [azure] message is unclear when missing clientCertificatePassword in osServicePrincipal.json OCPBUGS-7876 - [Descheduler] Enabling LifeCycleUtilization to test namespace filtering does not work OCPBUGS-7879 - Devfile isn't be processed correctly on 'Add from git repo' OCPBUGS-7896 - MCO should not add keepalived pod manifests in case of VSPHERE UPI OCPBUGS-7899 - ODF Monitor pods failing to be bounded because timeout issue with thin-csi SC OCPBUGS-7903 - Pool degraded with error: rpm-ostree kargs: signal: terminated OCPBUGS-7909 - Baremetal runtime prepender creates /etc/resolv.conf mode 0600 and bad selinux context OCPBUGS-794 - OLM version rule is not clear OCPBUGS-7940 - apiserver panics in admission controller OCPBUGS-7943 - AzureFile CSI driver does not compile with cachito OCPBUGS-7970 - [E2E] Always close the filter dropdown in listPage.filter.by OCPBUGS-799 - Reply packet for DNS conversation to service IP uses pod IP as source OCPBUGS-8066 - Create Serverless Function form breaks if Pipeline Operator is not installed OCPBUGS-8086 - Visual issues with listing items OCPBUGS-8243 - [release 4.13] Gather Monitoring pods' Persistent Volumes OCPBUGS-8308 - Bump openshift/kubernetes to 1.26.2 OCPBUGS-8312 - IPI on Power VS clusters cannot deploy MCO OCPBUGS-8326 - Azure cloud provider should use Kubernetes 1.26 dependencies OCPBUGS-8341 - Unable to set capabilities with agent installer based installation OCPBUGS-8342 - create cluster-manifests fails when imageContentSources is missing OCPBUGS-8353 - PXE support is incomplete OCPBUGS-8381 - Console shows x509 error when requesting token from oauth endpoint OCPBUGS-8401 - Bump openshift/origin to kube 1.26.2 OCPBUGS-8424 - ControlPlaneMachineSet: Machine's Node should be Ready to consider the Machine Ready OCPBUGS-8445 - cgroups default setting in OCP 4.13 generates extra MachineConfig OCPBUGS-8463 - OpenStack Failure domains as 4.13 TechPreview OCPBUGS-8471 - [4.13] egress firewall only createas 1 acl for long namespace names OCPBUGS-8475 - TestBoundTokenSignerController causes unrecoverable disruption in e2e-gcp-operator CI job OCPBUGS-8481 - CAPI rebases 4.13 backports OCPBUGS-8490 - agent-tui: display additional checks only when primary check fails OCPBUGS-8498 - aws-ebs-csi-driver-operator ServiceAccount does not include the HCP pull-secret in its imagePullSecrets OCPBUGS-8505 - [4.13] egress firewall acls are deleted on restart OCPBUGS-8511 - [4.13+ ONLY] Don't use port 80 in bootstrap IPI bare metal OCPBUGS-855 - When setting allowedRegistries urls the openshift-samples operator is degraded OCPBUGS-859 - monitor not working with UDP lb when externalTrafficPolicy: Local OCPBUGS-860 - CSR are generated with incorrect Subject Alternate Names OCPBUGS-8699 - Metal IPI Install Rate Below 90% OCPBUGS-8701 - oc patch project not working with OCP 4.12 OCPBUGS-8702 - OKD SCOS: remove workaround for rpm-ostree auth OCPBUGS-8703 - fails to switch to kernel-rt with rhel 9.2 OCPBUGS-8710 - [4.13] don't enforce PSa in 4.13 OCPBUGS-8712 - AES-GCM encryption at rest is not supported by kube-apiserver-operator OCPBUGS-8719 - Allow the user to scroll the content of the agent-tui details view OCPBUGS-8741 - [4.13] Pods in same deployment will have different ability to query services in same namespace from one another; ocp 4.10 OCPBUGS-8742 - Origin tests should not specify readyz as the health check path OCPBUGS-881 - fail to create install-config.yaml as apiVIP and ingressVIP are not in machine networks OCPBUGS-8941 - Introduce tooltips for contextual information OCPBUGS-904 - Alerts from MCO are missing namespace OCPBUGS-9079 - ICMP fragmentation needed sent to pods behind a service don't seem to reach the pods OCPBUGS-91 - [ExtDNS] New TXT record breaks downward compatibility by retroactively limiting record length OCPBUGS-9132 - WebSCale: ovn logical router polices incorrect/l3 gw config not updated after IP change OCPBUGS-9185 - Pod latency spikes are observed when there is a compaction/leadership transfer OCPBUGS-9233 - ConsoleQuickStart {{copy}} and {{execute}} features do not work in some cases OCPBUGS-931 - [osp][octavia lb] NodePort allocation cannot be disabled for LB type svcs OCPBUGS-9338 - editor toggle radio input doesn't have distinguishable attributes OCPBUGS-9389 - Detach code in vsphere csi driver is failing OCPBUGS-948 - OLM sets invalid SCC label on its namespaces OCPBUGS-95 - NMstate removes egressip in OpenShift cluster with SDN plugin OCPBUGS-9913 - bacport tests for PDBUnhealthyPodEvictionPolicy as Tech Preview OCPBUGS-9924 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag OCPBUGS-9926 - Enable node healthz server for ovnk in CNO OCPBUGS-9951 - fails to reconcile to RT kernel on interrupted updates OCPBUGS-9957 - Garbage collect grafana-dashboard-etcd OCPBUGS-996 - Control Plane Machine Set Operator OnDelete update should cause an error when more than one machine is ready in an index OCPBUGS-9963 - Better to change the error information more clearly to help understand OCPBUGS-9968 - Operands running management side missing affinity, tolerations, node selector and priority rules than the operator

  1. References:

https://access.redhat.com/security/cve/CVE-2021-4235 https://access.redhat.com/security/cve/CVE-2021-4238 https://access.redhat.com/security/cve/CVE-2021-20329 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-43519 https://access.redhat.com/security/cve/CVE-2021-44964 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1587 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-2990 https://access.redhat.com/security/cve/CVE-2022-3080 https://access.redhat.com/security/cve/CVE-2022-3259 https://access.redhat.com/security/cve/CVE-2022-4203 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-23525 https://access.redhat.com/security/cve/CVE-2022-23526 https://access.redhat.com/security/cve/CVE-2022-26280 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-38023 https://access.redhat.com/security/cve/CVE-2022-38177 https://access.redhat.com/security/cve/CVE-2022-38178 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-41316 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-41721 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2022-41724 https://access.redhat.com/security/cve/CVE-2022-41725 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-42919 https://access.redhat.com/security/cve/CVE-2022-46146 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-0056 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0216 https://access.redhat.com/security/cve/CVE-2023-0217 https://access.redhat.com/security/cve/CVE-2023-0229 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-0401 https://access.redhat.com/security/cve/CVE-2023-0620 https://access.redhat.com/security/cve/CVE-2023-0665 https://access.redhat.com/security/cve/CVE-2023-0778 https://access.redhat.com/security/cve/CVE-2023-25000 https://access.redhat.com/security/cve/CVE-2023-25165 https://access.redhat.com/security/cve/CVE-2023-25173 https://access.redhat.com/security/cve/CVE-2023-25577 https://access.redhat.com/security/cve/CVE-2023-25725 https://access.redhat.com/security/cve/CVE-2023-25809 https://access.redhat.com/security/cve/CVE-2023-27561 https://access.redhat.com/security/cve/CVE-2023-28642 https://access.redhat.com/security/cve/CVE-2023-30570 https://access.redhat.com/security/cve/CVE-2023-30841 https://access.redhat.com/security/updates/classification/#important https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBZGVrhNzjgjWX9erEAQjD7BAAihZ8nlrasEU8QISGjHMUkUXKPHgV6LlZ IT2h0MLam8ICSCDdZ8PUVXhWP+CTTIYYdpEPTaIdKdB16iecRXm2ML8GtQ38zSjC LpCB4NUmAdoH91FbT2oazgrCgg+2hizfufLYk/8nNm9yVR0zT5kZbuXMFZH/PbCb dYYyRsXsNt4+MpaWGf1q3jS7OX8l5UXbfO+nnKHWoow5/PeclygxFbRclr7o62Dy tnfgs+OwbroI6L0nohsUTk4Es1koyD8FaGdo28ViLcgVH1VDhBqzHXSAe1P+XmAc PSG6slSRIrgJpARfN8OEI89wfI+ttyqEi4yAdoKjCo/pbshhLw3JZQcavmQc8XEK o1afTtx0XFHJsAdZRjvq+7zExqnDANRLbtkkYG2gYuc8LgGmh6P0ZlhxQFMS3f/T cTLSLaP6XSnHQaJyc0kqULHcWBZRzepcIDPYkmTCbCVCwLjXuIoF6eMQvo7eRXCy 4qN3nT0+M90jWxf/uQzo9NpeWFB7y2cccHMvaPzZ8cAAxpwM3Rphutu9lzRfJCl8 TMincIMIFq3vLmrfxHX5YOKfgH/Kjc06TbtnzxtucFQVNFxyKIWKgJB/hl1mGDTJ 8cibppoX+mLmUirPuu+5JwaAmq7skX5HKX3r3t8sajmij17nS2Ff8q52ZLgdZQ6H XbiJN3SZj5U= =WGO2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

Red Hat Advanced Cluster Management for Kubernetes 2.7.3 images

Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/release_notes/

Security fix(es) * CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability * CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint * CVE-2023-29017 vm2: Sandbox Escape * CVE-2023-29199 vm2: Sandbox Escape * CVE-2023-30547 vm2: Sandbox Escape when exception sanitization

  1. Bugs fixed (https://bugzilla.redhat.com/):

2139426 - CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint 2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability 2185374 - CVE-2023-29017 vm2: sandbox escape 2187409 - CVE-2023-29199 vm2: Sandbox Escape 2187608 - CVE-2023-30547 vm2: Sandbox Escape when exception sanitization

  1. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - noarch Red Hat Enterprise Linux CRB (v. 9) - aarch64, noarch, x86_64

  1. Description:

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

Security Fix(es):

  • openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)

  • edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation (CVE-2021-38578)

  • openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)

  • openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)

  • openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1960321 - CVE-2021-38578 edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation 1983086 - Assertion failure when creating 1024 VCPU VM: [...]UefiCpuPkg/CpuMpPei/CpuBist.c(186): !EFI_ERROR (Status) 2125336 - Please add edk2-aarch64 and edk2-tools to CRB in RHEL 9 2132951 - edk2: Sort traditional virtualization builds before Confidential Computing builds 2157656 - [edk2] [aarch64] Unable to initialize EFI firmware when using edk2-aarch64-20221207gitfff6d81270b5-1.el9 in some hardwares 2162307 - Broken GRUB output on a serial console 2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName 2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation 2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF 2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex 2168046 - [edk2] BIOS Release Date string is unexpected length 2174605 - [EDK2] disable dynamic mmio window

  1. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source: edk2-20221207gitfff6d81270b5-9.el9_2.src.rpm

noarch: edk2-aarch64-20221207gitfff6d81270b5-9.el9_2.noarch.rpm edk2-ovmf-20221207gitfff6d81270b5-9.el9_2.noarch.rpm

Red Hat Enterprise Linux CRB (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. Summary:

The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Description:

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):

2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics

  1. Description:

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.redhat.com/):

JWS-2933 - Update openssl from JBCS to versions from 2.4.51-SP2

  1. Bugs fixed (https://bugzilla.redhat.com/):

2139896 - Requested TSC frequency outside tolerance range & TSC scaling not supported 2145146 - CDI operator is not creating PrometheusRule resource with alerts if CDI resource is incorrect 2148383 - Migration metrics values are not sum up values from all VMIs 2149409 - HPP mounter deployment can't mount as unprivileged 2168489 - Overview -> Migrations - The ?Bandwidth consumption? Graph display with wrong values 2184435 - [cnv-4.12] virt-handler should not delete any pre-configured mediated devices i these are provided by an external provider 2222191 - [cnv-4.12] manually increasing the number of virt-api pods does not work

5

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202302-0195",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ucosminexus application server",
        "scope": null,
        "trust": 1.6,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "ucosminexus service platform",
        "scope": null,
        "trust": 1.6,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "ucosminexus primary server base",
        "scope": null,
        "trust": 1.6,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "3.0.0"
      },
      {
        "model": "network security",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "stormshield",
        "version": "4.3.16"
      },
      {
        "model": "network security",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "stormshield",
        "version": "4.0.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1t"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "3.0.8"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.1"
      },
      {
        "model": "network security",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "stormshield",
        "version": "4.4.0"
      },
      {
        "model": "network security",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "stormshield",
        "version": "4.6.3"
      },
      {
        "model": "jp1/navigation platform for developers",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/it desktop management 2 - operations director",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "\u5f97\u9078\u8857\u30fbgcb",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "ucosminexus application server-r",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "iot \u5171\u901a\u57fa\u76e4",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "jp1/data highway - server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/automatic job management system 3 - manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/it desktop management 2 - smart device manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/performance management",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/it desktop management 2 - manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/service support starter edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/automatic job management system 3 - definitions assistant",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "connexive application platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "jp1/service support",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "vran",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "jp1/automatic operation",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "connexive pf",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "jp1/snmp system observer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "esmpro/serveragent",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "openssl",
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nec multimedia olap for \u6620\u50cf\u5206\u6790\u30b5\u30fc\u30d3\u30b9",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "ix \u30eb\u30fc\u30bf",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "jp1/base",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "neoface monitor",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "spoolserver/reportfiling",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u74b0\u5883 for java",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/navigation platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "cosminexus http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "nec enhanced speech analysis",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "jp1/file transmission server/ftp",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/operations analytics",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "\u990a\u6b96\u9b5a\u30b5\u30a4\u30ba\u6e2c\u5b9a\u81ea\u52d5\u5316\u30b5\u30fc\u30d3\u30b9",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "jp1/data highway - server starter edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003616"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-4450"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0.8",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.1t",
                "versionStartIncluding": "1.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.6.3",
                "versionStartIncluding": "4.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.16",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-4450"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "173547"
      },
      {
        "db": "PACKETSTORM",
        "id": "172441"
      },
      {
        "db": "PACKETSTORM",
        "id": "171957"
      },
      {
        "db": "PACKETSTORM",
        "id": "172460"
      },
      {
        "db": "PACKETSTORM",
        "id": "172238"
      },
      {
        "db": "PACKETSTORM",
        "id": "172147"
      },
      {
        "db": "PACKETSTORM",
        "id": "172733"
      },
      {
        "db": "PACKETSTORM",
        "id": "174517"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2022-4450",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2022-4450",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-4450",
            "trust": 1.8,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003616"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-4450"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. \nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack. \n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected. \n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0. \n\nThe OpenSSL asn1parse command line application is also impacted by this issue. OpenSSL has payload data 0 become a part-time worker PEM When creating a file, PEM_read_bio_ex() A double free vulnerability exists because when returns a failure code, it introduces a pointer to an already freed buffer into the header argument.Malicious by attacker PEM Denial of service by providing files ( crash ) It may be in a state. Bugs fixed (https://bugzilla.redhat.com/):\n\n2212085 - CVE-2023-3089 openshift: OCP \u0026 FIPS mode\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: OpenShift Container Platform 4.13.0 security update\nAdvisory ID:       RHSA-2023:1326-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:1326\nIssue date:        2023-05-17\nCVE Names:         CVE-2021-4235 CVE-2021-4238 CVE-2021-20329 \n                   CVE-2021-38561 CVE-2021-43519 CVE-2021-44964 \n                   CVE-2022-1271 CVE-2022-1586 CVE-2022-1587 \n                   CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 \n                   CVE-2022-2509 CVE-2022-2990 CVE-2022-3080 \n                   CVE-2022-3259 CVE-2022-4203 CVE-2022-4304 \n                   CVE-2022-4450 CVE-2022-21698 CVE-2022-23525 \n                   CVE-2022-23526 CVE-2022-26280 CVE-2022-27191 \n                   CVE-2022-29154 CVE-2022-29824 CVE-2022-34903 \n                   CVE-2022-38023 CVE-2022-38177 CVE-2022-38178 \n                   CVE-2022-40674 CVE-2022-41316 CVE-2022-41717 \n                   CVE-2022-41721 CVE-2022-41723 CVE-2022-41724 \n                   CVE-2022-41725 CVE-2022-42010 CVE-2022-42011 \n                   CVE-2022-42012 CVE-2022-42898 CVE-2022-42919 \n                   CVE-2022-46146 CVE-2022-47629 CVE-2023-0056 \n                   CVE-2023-0215 CVE-2023-0216 CVE-2023-0217 \n                   CVE-2023-0229 CVE-2023-0286 CVE-2023-0361 \n                   CVE-2023-0401 CVE-2023-0620 CVE-2023-0665 \n                   CVE-2023-0778 CVE-2023-25000 CVE-2023-25165 \n                   CVE-2023-25173 CVE-2023-25577 CVE-2023-25725 \n                   CVE-2023-25809 CVE-2023-27561 CVE-2023-28642 \n                   CVE-2023-30570 CVE-2023-30841 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.13.0 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.13. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.13.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2023:1325\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html\n\nSecurity Fix(es):\n\n* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as\nrandom as they should be (CVE-2021-4238)\n\n* go-yaml: Denial of Service in go-yaml (CVE-2021-4235)\n\n* mongo-go-driver: specific cstrings input may not be properly validated\n(CVE-2021-20329)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\n* helm: Denial of service through through repository index file\n(CVE-2022-23525)\n\n* helm: Denial of service through schema file (CVE-2022-23526)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* vault: insufficient certificate revocation list checking (CVE-2022-41316)\n\n* golang: net/http: excessive memory growth in a Go server accepting HTTP/2\nrequests (CVE-2022-41717)\n\n* x/net/http2/h2c: request smuggling (CVE-2022-41721)\n\n* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK\ndecoding (CVE-2022-41723)\n\n* golang: crypto/tls: large handshake records may cause panics\n(CVE-2022-41724)\n\n* golang: net/http, mime/multipart: denial of service from excessive\nresource consumption (CVE-2022-41725)\n\n* exporter-toolkit: authentication bypass via cache poisoning\n(CVE-2022-46146)\n\n* vault: Vault\u2019s Microsoft SQL Database Storage Backend Vulnerable to SQL\nInjection Via Configuration File (CVE-2023-0620)\n\n* hashicorp/vault: Vault\u2019s PKI Issuer Endpoint Did Not Correctly Authorize\nAccess to Issuer Metadata (CVE-2023-0665)\n\n* hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations\n(CVE-2023-25000)\n\n* helm: getHostByName Function Information Disclosure (CVE-2023-25165)\n\n* containerd: Supplementary groups are not set up properly (CVE-2023-25173)\n\n* runc: volume mount race condition (regression of CVE-2019-19921)\n(CVE-2023-27561)\n\n* runc: AppArmor can be bypassed when `/proc` inside the container is\nsymlinked with a specific mount configuration (CVE-2023-28642)\n\n* baremetal-operator: plain-text username and hashed password readable by\nanyone having a cluster-wide read-access (CVE-2023-30841)\n\n* runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags\n\nThe sha values for the release are:\n\n(For x86_64 architecture)\nThe image digest is\nsha256:74b23ed4bbb593195a721373ed6693687a9b444c97065ce8ac653ba464375711\n\n(For s390x architecture)\nThe image digest is\nsha256:a32d509d960eb3e889a22c4673729f95170489789c85308794287e6e9248fb79\n\n(For ppc64le architecture)\nThe image digest is\nsha256:bca0e4a4ed28b799e860e302c4f6bb7e11598f7c136c56938db0bf9593fb76f8\n\n(For aarch64 architecture)\nThe image digest is\nsha256:e07e4075c07fca21a1aed9d7f9c165696b1d0fa4940a219a000894e5683d846c\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1770297 - console odo download link needs to go to an official location or have caveats [openshift-4.4]\n1853264 - Metrics produce high unbound cardinality\n1877261 - [RFE] Mounted volume size issue when restore a larger size pvc than snapshot\n1904573 - OpenShift: containers modify /etc/passwd group writable\n1943194 - when using gpus, more nodes than needed are created by the node autoscaler\n1948666 - After entering valid git repo url on Import from git page, throwing warning message instead Validated\n1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated\n2005232 - Pods list page should only show Create Pod button to user has sufficient permission\n2016006 - Repositories list does not show the running pipelinerun as last pipelinerun\n2027000 - The user is ignored when we create a new file using a MachineConfig\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047299 - nodeport not reachable port connection timeout\n2050230 - Implement LIST call chunking in openshift-sdn\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2065166 - GCP - Less privileged service accounts are created with Service Account User role\n2066388 - Wrong Error generates when https is missing in the value of `regionEndpoint`   in `configs.imageregistry.operator.openshift.io/cluster`\n2066664 - [cluster-storage-operator] - Minimize wildcard/privilege Usage in Cluster and Local Roles\n2070744 - openshift-install destroy in us-gov-west-1 results in infinite loop - AWS govcloud\n2075548 - Support AllocateLoadBalancerNodePorts=False with ETP=local, LGW mode\n2076619 - Could not create deployment with an unknown git repo and builder image build strategy\n2078222 - egressIPs behave inconsistently towards in-cluster traffic (hosts and services backed by host-networked pods)\n2079981 - PVs not deleting on azure (or very slow to delete) since CSI migration to azuredisk\n2081858 - OVN-Kubernetes: SyncServices for nodePortWatcherIptables should propagate failures back to caller\n2083087 - \"Delete dependent objects of this resource\" might cause confusions\n2084452 - PodDisruptionBudgets help message should be semantic\n2087043 - Cluster API components should use K8s 1.24 dependencies\n2087553 - No rhcos-4.11/x86_64 images in the 2 new regions on alibabacloud, \"ap-northeast-2 (South Korea (Seoul))\" and \"ap-southeast-7 (Thailand (Bangkok))\"\n2089093 - CVO hotloops on OperatorGroup due to the diff of \"upgradeStrategy\":  string(\"Default\")\n2089138 - CVO hotloops on ValidatingWebhookConfiguration /performance-addon-operator\n2090680 - upgrade for a disconnected cluster get hang on retrieving and verifying payload\n2092567 - Network policy is not being applied as expected\n2092811 - Datastore name is too long\n2093339 - [rebase v1.24]  Only known images used by tests\n2095719 - serviceaccounts are not updated after upgrade from 4.10 to 4.11\n2100181 - WebScale: configure-ovs.sh fails because it picks the wrong default interface\n2100429 - [apiserver-auth] default SCC restricted allow volumes don\u0027t have \"ephemeral\" caused deployment with Generic Ephemeral Volumes stuck at Pending\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2104978 - MCD degrades are not overwrite-able by subsequent errors\n2110565 - PDB: Remove add/edit/remove actions in Pod resource action menu\n2110570 - Topology sidebar: Edit pod count shows not the latest replicas value when edit the count again\n2110982 - On GCP, need to check load balancer health check IPs  required for restricted installation\n2113973 - operator scc is nor fixed when we define a custom scc with readOnlyRootFilesystem: true\n2114515 - Getting critical NodeFilesystemAlmostOutOfSpace alert for 4K tmpfs\n2115265 - Search page: LazyActionMenus are shown below Add/Remove from navigation button\n2116686 - [capi] Cluster kind should be valid\n2117374 - Improve Pod Admission failure for restricted-v2 denials that pass with restricted\n2135339 - CVE-2022-41316 vault: insufficient certificate revocation list checking\n2149436 - CVE-2022-46146 exporter-toolkit: authentication bypass via cache poisoning\n2154196 - CVE-2022-23526 helm: Denial of service through schema file\n2154202 - CVE-2022-23525 helm: Denial of service through through repository index file\n2156727 - CVE-2021-4235 go-yaml: Denial of Service in go-yaml\n2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be\n2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests\n2162182 - CVE-2022-41721 x/net/http2/h2c: request smuggling\n2168458 - CVE-2023-25165 helm: getHostByName Function Information Disclosure\n2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly\n2175721 - CVE-2023-27561 runc: volume mount race condition (regression of CVE-2019-19921)\n2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding\n2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption\n2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics\n2182883 - CVE-2023-28642 runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration\n2182884 - CVE-2023-25809 runc: Rootless runc makes `/sys/fs/cgroup` writable\n2182972 - CVE-2023-25000 hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations\n2182981 - CVE-2023-0665 hashicorp/vault: Vault?s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata\n2184663 - CVE-2023-0620 vault: Vault?s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File\n2190116 - CVE-2023-30841 baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOCPBUGS-10036 - Enable aesgcm encryption provider by default in openshift/api\nOCPBUGS-10038 - Enable aesgcm encryption provider by default in openshift/cluster-config-operator\nOCPBUGS-10042 - Enable aesgcm encryption provider by default in openshift/cluster-kube-apiserver-operator\nOCPBUGS-10043 - Enable aesgcm encryption provider by default in openshift/cluster-openshift-apiserver-operator\nOCPBUGS-10044 - Enable aesgcm encryption provider by default in openshift/cluster-authentication-operator\nOCPBUGS-10047 - oc-mirror  print log: unable to parse reference oci://mno/redhat-operator-index:v4.12\nOCPBUGS-10057 - With WPC card configured as GM or BC, phc2sys clock lock state is shown as FREERUN in ptp metrics while it should be LOCKED\nOCPBUGS-10213 - aws: mismatch between RHCOS and AWS SDK regions\nOCPBUGS-10220 - Newly provisioned machines unable to join cluster\nOCPBUGS-10221 - Risk cache warming takes too long on channel changes\nOCPBUGS-10237 - Limit the nested repository path while mirroring the images using oc-mirror for those who cant have nested paths in their container registry\nOCPBUGS-10239 - [release-4.13] Fix of ServiceAccounts gathering\nOCPBUGS-10249 - PollConsoleUpdates won\u0027t fire toast if one or more manifests errors when plugins change\nOCPBUGS-10267 - NetworkManager TUI quits regardless of a detected unsupported configuration\nOCPBUGS-10271 - [4.13] Netflink overflow alert\nOCPBUGS-10278 - Graph-data is not mounted on graph-builder correctly while install using graph-data image built by oc-mirror\nOCPBUGS-10281 - Openshift Ansible OVS version out of sync with RHCOS\nOCPBUGS-10291 - Broken link for Ansible tagging\nOCPBUGS-10298 - TenantID is ignored in some cases\nOCPBUGS-10320 - Catalogs should not be included in the ImageContentSourcePolicy.yaml\nOCPBUGS-10321 - command cannot be worked after chroot /host for oc debug pod\nOCPBUGS-1033 - Multiple extra manifests in the same file are not applied correctly\nOCPBUGS-10334 - Nutanix cloud-controller-manager pod not have permission to get/list ConfigMap\nOCPBUGS-10353 - kube-apiserver not receiving or processing shutdown signal after coreos 9.2 bump\nOCPBUGS-10367 - Pausing pools in OCP 4.13 will cause critical alerts to fire\nOCPBUGS-10377 - [gcp] IPI installation with Shielded VMs enabled failed on restarting the master machines\nOCPBUGS-10404 - Workload annotation missing from deployments\nOCPBUGS-10421 - RHCOS 4.13 live iso x84_64 contains restrictive policy.json\nOCPBUGS-10426 - node-topology is not exported due to kubelet.sock: connect: permission denied \nOCPBUGS-10427 - 4.1 born cluster fails to scale-up due to podman run missing `--authfile` flag\nOCPBUGS-10432 - CSI Inline Volume admission plugin does not log object name correctly\nOCPBUGS-10440 - OVN IPSec - does not create IPSec tunnels\nOCPBUGS-10474 - OpenShift pipeline TaskRun(s) column Duration is not present as column in UI\nOCPBUGS-10476 - Disable netlink mode of netclass collector in Node Exporter. \nOCPBUGS-1048 - if tag categories don\u0027t exist, the installation will fail to bootstrap\nOCPBUGS-10483 - [4.13 arm64 image][AWS EFS] Driver fails to get installed/exec format error\nOCPBUGS-10558 - MAPO failing to retrieve flavour information after rotating credentials\nOCPBUGS-10585 - [4.13] Request to update RHCOS installer bootimage metadata \nOCPBUGS-10586 - Console shows x509 error when requesting token from oauth endpoint\nOCPBUGS-10597 - The agent-tui shows again during the installation\nOCPBUGS-1061 - administrator console, monitoring-alertmanager-edit user list or create silence, \"Observe - Alerting - Silences\" page is pending\nOCPBUGS-10645 - 4.13: Operands running management side missing affinity, tolerations, node selector and priority rules than the operator\nOCPBUGS-10656 - create image command erroneously logs that Base ISO was obtained from release\nOCPBUGS-10657 - When releaseImage is a digest the create image command generates spurious warning\nOCPBUGS-10658 - Wrong PrimarySubnet in OpenstackProviderSpec when using Failure Domains\nOCPBUGS-10661 - machine API operator failing with No Major.Minor.Patch elements found\nOCPBUGS-10678 - Developer catalog shows ImageStreams as samples which has no sampleRepo\nOCPBUGS-10679 - Show type of sample on the samples view\nOCPBUGS-10689 - [IPI on BareMetal]: Workers failing inspection when installing with proxy\nOCPBUGS-10697 - [release-4.13] User is allowed to create IP Address pool with duplicate entries for namespace and matchExpression for serviceSelector and namespaceSelector\nOCPBUGS-10698 - [release-4.13] Already assigned IP address is removed from a service on editing the ip address pool. \nOCPBUGS-10710 - Metal virtual media job permafails during early bootstrap\nOCPBUGS-10716 - Image Registry default to Removed on IBM cloud after 4.13.0-ec.3\nOCPBUGS-10739 - [4.13] Bootimage bump tracker\nOCPBUGS-10744 - [4.13] EgressFirewall status disappeared \nOCPBUGS-10746 - Downstream Operator-SDK v1.22.2 to OCP 4.13\nOCPBUGS-10771 - upgrade test failure with \"Cluster operator control-plane-machine-set is not available\"\nOCPBUGS-10773 - TestNewAppRun unit test failing\nOCPBUGS-10792 - Hypershift namespace servicemonitor has wrong API group\nOCPBUGS-10793 - Ignore device list missing in Node Exporter \nOCPBUGS-10796 - [4.13] Egress firewall is not retried on error\nOCPBUGS-10799 - Network policy perf improvements\nOCPBUGS-10801 - [4.13] Upgrade to 4.10 stalled on timeout completing syncEgressFirewall\nOCPBUGS-10811 - Missing vCenter build number in telemetry\nOCPBUGS-10813 - SCOS bootstrap should skip pivot when root is not writable\nOCPBUGS-10826 - RHEL 9.2 doesn\u0027t contain the `kernel-abi-whitelists` package. \nOCPBUGS-10832 - Edit Deployment (and DC) form doesn\u0027t enable Save button when changing strategy type\nOCPBUGS-10833 - update the default pipelineRun template name\nOCPBUGS-10834 - [OVNK] [IC] Having only one leader election in the master process\nOCPBUGS-10873 - OVN to OVN-H migration seems broken\nOCPBUGS-10888 - oauth-server fails to invalidate cache, causing non existing groups being referenced\nOCPBUGS-10890 - Hypershift replace upgrade: node in NotReady after upgrading from a 4.14 image to another 4.14 image\nOCPBUGS-10891 - Cluster Autoscaler balancing similar nodes test fails randomly\nOCPBUGS-10892 - Passwords printed in log messages\nOCPBUGS-10893 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag\nOCPBUGS-10902 - [IBMCloud] destroyed the private cluster, fail to cleanup the dns records\nOCPBUGS-10903 - [IBMCloud] fail to ssh to master/bootstrap/worker nodes from the bastion inside a customer vpc. \nOCPBUGS-10907 - move to rhel9 in DTK for 4.13\nOCPBUGS-10914 - Node healthz server: return unhealthy when pod is to be deleted\nOCPBUGS-10919 - Update Samples Operator to use latest jenkins 4.12 release\nOCPBUGS-10923 - Cluster bootstrap waits for only one master to join before finishing \nOCPBUGS-10929 - Kube 1.26 for ovn-k\nOCPBUGS-10946 - For IPv6-primary dual-stack cluster, kubelet.service renders only single node-ip\nOCPBUGS-10951 - When imagesetconfigure without OCI FBC format config, but command with use-oci-feature  flag, the oc-mirror command should check the imagesetconfigure firstly and print error immediately\nOCPBUGS-10953 - ovnkube-node does not close up correctly\nOCPBUGS-10955 - [release-4.13] NMstate complains about ping not working when adding multiple routing tables with different gateways\nOCPBUGS-10960 - [4.13] Vertical Scaling: do not trigger inadvertent machine deletion during bootstrap\nOCPBUGS-10965 - The network-tools image stream is missing in the cluster samples\nOCPBUGS-10982 - [4.13] nodeSelector in EgressFirewall doesn\u0027t work in dualstack cluster\nOCPBUGS-10989 - Agent create sub-command is returning fatal error\nOCPBUGS-10990 - EgressIP doesn\u0027t work in GCP XPN cluster\nOCPBUGS-11004 - Bootstrap kubelet client cert should include system:serviceaccounts group\nOCPBUGS-11010 - [vsphere] zone cluster installation fails if vSphere Cluster is embedded in Folder\nOCPBUGS-11022 - [4.13][scale] all egressfirewalls will be updated on every node update\nOCPBUGS-11023 - [4.13][scale] Ingress network policy creates more flows than before\nOCPBUGS-11031 - SNO OCP upgrade from 4.12 to 4.13 failed due to node-tuning operator is not available - tuned pod stuck at Terminating\nOCPBUGS-11032 - Update the validation interval for the cluster transfer to 12 hours\nOCPBUGS-11040 - --container-runtime is being removed in k8s 1.27\nOCPBUGS-11054 - GCP: add europe-west12 region to the survey as supported region\nOCPBUGS-11055 - APIServer service isn\u0027t selected correctly for PublicAndPrivate cluster when external-dns is not configured\nOCPBUGS-11058 - [4.13] Conmon leaks symbolic links in /var/run/crio when pods are deleted\nOCPBUGS-11068 - nodeip-configuration not enabled for VSphere UPI\nOCPBUGS-11107 - Alerts display incorrect source when adding external alert sources\nOCPBUGS-11117 - The provided gcc RPM inside DTK does not match the gcc used to build the kernel\nOCPBUGS-11120 - DTK docs should mention the ubi9 base image instead of ubi8\nOCPBUGS-11213 - BMH moves to deleting before all finalizers are processed\nOCPBUGS-11218 - \"pipelines-as-code-pipelinerun-go\" configMap is not been used for the Go repository \nOCPBUGS-11222 - kube-controller-manager cluster operator is degraded due connection refused while querying rules\nOCPBUGS-11227 - Relax CSR check due to k8s 1.27 changes\nOCPBUGS-11232 - All projects options shows as undefined after selection in Dev perspective Pipelines page \nOCPBUGS-11248 - Secret name variable get renders in Create Image pull secret alert\nOCPBUGS-1125 - Fix disaster recovery test [sig-etcd][Feature:DisasterRecovery][Disruptive] [Feature:EtcdRecovery] Cluster should restore itself after quorum loss [Serial]\nOCPBUGS-11257 - egressip cannot be assigned on hypershift hosted cluster node\nOCPBUGS-11261 - [AWS][4.13] installer get stuck if BYO private hosted zone is configured\nOCPBUGS-11263 - PTP KPI version 4.13 RC2 WPC - offset jumps to huge numbers \nOCPBUGS-11307 - Egress firewall node selector test missing\nOCPBUGS-11333 - startupProbe for UWM prometheus is still 15m\nOCPBUGS-11339 - ose-ansible-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13\nOCPBUGS-11340 - ose-helm-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13\nOCPBUGS-11341 - openshift-manila-csi-driver is missing the workload.openshift.io/allowed label\nOCPBUGS-11354 - CPMS: node readiness transitions not always trigger reconcile \nOCPBUGS-11384 - Switching from enabling realTime to disabling Realtime Workloadhint causes stalld to be enabled\nOCPBUGS-11390 - Service Binding Operator installation fails: \"A subscription for this operator already exists in namespace ...\"\nOCPBUGS-11424 - [release-4.13] new whereabouts reconciler relies on HOSTNAME which != spec.nodeName\nOCPBUGS-11427 - [release-4.13] whereabouts reads wrong annotation \"k8s.v1.cni.cncf.io/networks-status\", should be \"k8s.v1.cni.cncf.io/network-status\"\nOCPBUGS-11456 - PTP - When GM and downstream slaves are configured on same server, ptp metrics show slaves as FREERUN\nOCPBUGS-11458 - Ingress Takes 40s on Average Downtime During GCP OVN Upgrades\nOCPBUGS-11460 - CPMS doesn\u0027t always generate configurations for AWS\nOCPBUGS-11468 - Community operator cannot be mirrored due to malformed image address\nOCPBUGS-11469 - [release4.13] \"exclude bundles with `olm.deprecated` property when rendering\" not backport\nOCPBUGS-11473 - NS autolabeler requires RoleBinding subject namespace to be set when using ServiceAccount\nOCPBUGS-11485 - [4.13] NVMe disk by-id rename breaks LSO/ODF\nOCPBUGS-11503 - Update 4.13 cluster-network-operator image in Dockerfile to be consistent with ART\nOCPBUGS-11506 - CPMS e2e periodics tests timeout failures\nOCPBUGS-11507 - Potential 4.12 to 4.13 upgrade failure due to NIC rename\nOCPBUGS-11510 - Setting cpu-quota.crio.io to `disable` with crun causes container creation to fail\nOCPBUGS-11511 - [4.13] static container pod cannot be running due to CNI request failed with status 400\nOCPBUGS-11529 - [Azure] fail to collect the vm serial log with ?gather bootstrap?\nOCPBUGS-11536 - Cluster monitoring operator runs node-exporter with btrfs collector\nOCPBUGS-11545 - multus-admission-controller should not run as root under Hypershift-managed CNO\nOCPBUGS-11558 - multus-admission-controller should not run as root under Hypershift-managed CNO\nOCPBUGS-11589 - Ensure systemd is compatible with rhel8 journalctl\nOCPBUGS-11598 - openshift-azure-routes triggered continously on rhel9\nOCPBUGS-11606 - User configured In-cluster proxy configuration squashed in hypershift\nOCPBUGS-11643 - Updating kube-rbac-proxy images to be consistent with ART\nOCPBUGS-11657 - [4.13] Static IPv6 LACP bonding is randomly failing in RHCOS 413.92\nOCPBUGS-11659 - Error extracting libnmstate.so.1.3.3 when create image\nOCPBUGS-11661 - AWS s3 policy changes block all OCP installs on AWS\nOCPBUGS-11669 - Bump to kubernetes 1.26.3\nOCPBUGS-11683 - [4.13] Add Controller health to CEO liveness probe\nOCPBUGS-11694 - [4.13] Update legacy toolbox to use registry.redhat.io/rhel9/support-tools\nOCPBUGS-11706 - ccoctl cannot create STS documents in 4.10-4.13 due to s3 policy changes\nOCPBUGS-11750 - TuningCNI cnf-test failure: sysctl allowlist update\nOCPBUGS-11765 - [4.13] Keep current OpenSSH default config in RHCOS 9\nOCPBUGS-11776 - [4.13] VSphereStorageDriver does not document the platform default\nOCPBUGS-11778 - Upgrade SNO: no resolv.conf caused by failure in forcedns dispatcher script\nOCPBUGS-11787 - Update 4.14 ose-vmware-vsphere-csi-driver image to be consistent with ART\nOCPBUGS-11789 - [4.13] Bootimage bump tracker\nOCPBUGS-11799 - [4.13] Bootimage bump tracker\nOCPBUGS-11823 - [Reliability]kube-apiserver\u0027s memory usage keep increasing to max 3GB in 7 days\nOCPBUGS-11848 - PtpOperatorsConfig not applying correctly\nOCPBUGS-11866 - Pipeline is not removed when Deployment/DC/Knative Service or Application is deleted\nOCPBUGS-11870 - [4.13] Nodes in Ironic are created without namespaces initially\nOCPBUGS-11876 - oc-mirror generated file-based catalogs crashloop\nOCPBUGS-11908 - Got the `file exists` error when different digest direct to the same tag\nOCPBUGS-11917 - the warn message won\u0027t disappear in co/node-tuning when scale down machineset\nOCPBUGS-11919 - Console metrics could have a high cardinality (4.13)\nOCPBUGS-11950 - fail to create vSphere IPI cluster as apiVIP and ingressVIP are not in machine networks\nOCPBUGS-11955 - NTP config not applied\nOCPBUGS-11968 - Instance shouldn\u0027t be moved back from f to a\nOCPBUGS-11985 - [4.13] Ironic inspector service should be proxied\nOCPBUGS-12172 - Users don\u0027t know what type of resource is being created by Import from Git or Deploy Image flows\nOCPBUGS-12179 - agent-tui is failing to start when using libnmstate.2\nOCPBUGS-12186 - Pipeline doesn\u0027t render correctly when displayed but looks fine in edit mode\nOCPBUGS-12198 - create hosted cluster failed with aws s3 access issue\nOCPBUGS-12212 - cluster failed to convert from dualstack to ipv4 single stack\nOCPBUGS-12225 - Add new OCP 4.13 storage admission plugin\nOCPBUGS-12257 - Catalogs rebuilt by oc-mirror are in crashloop : cache is invalid\nOCPBUGS-12259 - oc-mirror fails to complete with heads only complaining about devworkspace-operator\nOCPBUGS-12271 - Hypershift conformance test fails new cpu partitioning tests\nOCPBUGS-12272 - Importing a kn Service shows a non-working Open URL decorator also when the Add Route checkbox was unselected\nOCPBUGS-12273 - When Creating Sample Devfile from the Samples Page, Topology Icon is not set\nOCPBUGS-12450 - [4.13] Fix Flake TestAttemptToScaleDown/scale_down_only_by_one_machine_at_a_time\nOCPBUGS-12465 - --use-oci-feature leads to confusion and needs to be better named\nOCPBUGS-12478 - CSI driver + operator containers are not pinned to mgmt cores\nOCPBUGS-1264 - e2e-vsphere-zones failing due to unable to parse cloud-config\nOCPBUGS-12698 - redfish-virtualmedia mount not working \nOCPBUGS-12703 - redfish-virtualmedia mount not working \nOCPBUGS-12708 - [4.13] Changing a PreprovisioningImage ImageURL and/or ExtraKernelParams should reboot the host\nOCPBUGS-1272 - \"opm alpha render-veneer basic\" doesn\u0027t support pipe stdin\nOCPBUGS-12737 - Multus admission controller must have \"hypershift.openshift.io/release-image\" annotation when CNO is managed by Hypershift\nOCPBUGS-12786 - OLM CatalogSources in guest cluster cannot pull images if pre-GA\nOCPBUGS-12804 - Dual stack VIPs incompatible with EnableUnicast setting\nOCPBUGS-12854 - `cluster-reader` role cannot access \"k8s.ovn.org\" API Group resources\nOCPBUGS-12862 - IPv6 ingress VIP not configured in keepalived on vSphere Dual-stack\nOCPBUGS-12865 - Kubernetes-NMState CI is perma-failing\nOCPBUGS-12933 - Node Tuning Operator crashloops when in Hypershift mode\nOCPBUGS-12994 - TCP DNS Local Preference is not working for Openshift SDN\nOCPBUGS-12999 - Backport owners through 4.13, 4.12\nOCPBUGS-13029 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13\nOCPBUGS-13057 - ppc64le releases don\u0027t install because ovs fails to start (invalid permissions)\nOCPBUGS-13069 - [whereabouts-cni] CNO must use reconciliation controller in order to support dual stack in 4.12 [4.13 dependency]\nOCPBUGS-13071 - CI fails on TestClientTLS\nOCPBUGS-13072 - Capture tests don\u0027t work in OVNK\nOCPBUGS-13076 - Load balancers/ Ingress controller removal race condition\nOCPBUGS-13157 - CI fails on TestRouterCompressionOperation\nOCPBUGS-13254 - Nutanix cloud provider should use Kubernetes 1.26 dependencies\nOCPBUGS-1327 - [IBMCloud] Worker machines unreachable during initial bring up\nOCPBUGS-1352 - OVN silently failing in case of a stuck pod\nOCPBUGS-1427 - Ignore non-ready endpoints when processing endpointslices\nOCPBUGS-1428 - service account token secret reference\nOCPBUGS-1435 - [Ingress Node Firewall Operator] [Web Console] Allow user to override namespace where the operator is installed, currently user can install it only in openshift-operators ns\nOCPBUGS-1443 - Unable to get ClusterVersion error while upgrading 4.11 to 4.12\nOCPBUGS-1453 - TargetDown alert expression is NOT correctly joining kube-state-metrics metric\nOCPBUGS-1458 - cvo pod crashloop during bootstrap: featuregates: connection refused\nOCPBUGS-1486 - Avoid re-metric\u0027ing the pods that are already setup when ovnkube-master disrupts/reinitializes/restarts/goes through leader election\nOCPBUGS-1557 - Default to floating automaticRestart for new GCP instances\nOCPBUGS-1560 - [vsphere] installation fails when only configure single zone in install-config\nOCPBUGS-1565 - Possible split brain with keepalived unicast\nOCPBUGS-1566 - Automation Offline CPUs Test cases\nOCPBUGS-1577 - Incorrect network configuration in worker node with two interfaces\nOCPBUGS-1604 - Common resources out-of-date when using multicluster switcher\nOCPBUGS-1606 - Multi-cluster: We should not filter OLM catalog by console pod architecture and OS on managed clusters \nOCPBUGS-1612 - [vsphere] installation errors out when missing topology in a failure domain\nOCPBUGS-1617 - Remove unused node.kubernetes.io/not-reachable toleration\nOCPBUGS-1627 - [vsphere] installation fails when setting user-defined folder in failure domain\nOCPBUGS-1646 - [osp][octavia lb] LBs type svcs not updated until all the LBs are created\nOCPBUGS-166 - 4.11 SNOs fail to complete install because of \"failed to get pod annotation: timed out waiting for annotations: context deadline exceeded\"\nOCPBUGS-1665 - Scorecard failed because of the request of PodSecurity\nOCPBUGS-1671 - Creating a statefulset with the example image from the UI on ARM64 leads to a Pod in crashloopbackoff due to the only-amd64 image provided\nOCPBUGS-1704 - [gcp] when the optional Service Usage API is disabled, IPI installation cannot succeed\nOCPBUGS-1725 - Affinity rule created in router deployment for single-replica infrastructure and \"NodePortService\" endpoint publishing strategy\nOCPBUGS-1741 - Can\u0027t load additional Alertmanager templates with latest 4.12 OpenShift\nOCPBUGS-1748 - PipelineRun templates must be fetched from OpenShift namespace\nOCPBUGS-1761 - osImages that cannot be pulled do not set the node as Degraded properly\nOCPBUGS-1769 - gracefully fail when iam:GetRole is denied\nOCPBUGS-1778 - Can\u0027t install clusters with schedulable masters\nOCPBUGS-1791 - Wait-for install-complete  did not exit upon completion. \nOCPBUGS-1805 - [vsphere-csi-driver-operator] CSI cloud.conf doesn\u0027t list multiple datacenters when specified \nOCPBUGS-1807 - Ingress Operator startup bad log message formatting\nOCPBUGS-1844 - Ironic dnsmasq doesn\u0027t include existing DNS settings during iPXE boot\nOCPBUGS-1852 - [RHOCP 4.10] Subscription tab for operator doesn\u0027t land on correct URL\nOCPBUGS-186 - PipelineRun task status overlaps status text\nOCPBUGS-1998 - Cluster monitoring fails to achieve new level during upgrade w/ unavailable node\nOCPBUGS-2015 - TestCertRotationTimeUpgradeable failing consistently in kube-apiserver-operator\nOCPBUGS-2083 - OCP 4.10.33 uses a weak 3DES cipher in the VMWare CSI Operator for communication and provides no method to disable it\nOCPBUGS-2088 - User can set rendezvous host to be a worker\nOCPBUGS-2141 - doc link in PrometheusDataPersistenceNotConfigured message is 4.8\nOCPBUGS-2145 - \u0027maxUnavailable\u0027 and \u0027minAvailable\u0027 on PDB creation page - i18n misses\nOCPBUGS-2209 - Hard eviction thresholds is different with k8s default when PAO is enabled\nOCPBUGS-2248 - [alibabacloud] IPI installation failed with master nodes being NotReady and CCM error \"alicloud: unable to split instanceid and region from providerID\"\nOCPBUGS-2260 - KubePodNotReady - Increase Tolerance During Master Node Restarts\nOCPBUGS-2306 - On Make Serverless page, to change values of the inputs minpod, maxpod and concurrency fields, we need to click the ? + ? or ? - \u0027, it can\u0027t be changed by typing in it. \nOCPBUGS-2319 - metal-ipi upgrade success rate dropped 30+% in last week\nOCPBUGS-2384 - [2035720] [IPI on Alibabacloud] deploying a private cluster by \u0027publish: Internal\u0027 failed due to \u0027dns_public_record\u0027\nOCPBUGS-2440 - unknown field logs in prometheus-operator\nOCPBUGS-2471 - BareMetalHost is available without cleaning if the cleaning attempt fails\nOCPBUGS-2479 - Right border radius is 0 for the pipeline visualization wrapper in dark mode\nOCPBUGS-2500 - Developer Topology always blanks with large contents when first rendering\nOCPBUGS-2513 - Disconnected cluster installation fails with pull secret must contain auth for \"registry.ci.openshift.org\" \nOCPBUGS-2525 - [CI Watcher] Ongoing timeout failures associated with multiple CRD-extensions tests\nOCPBUGS-2532 - Upgrades from 4.11.9 to latest 4.12.x Nightly builds do not succeed\nOCPBUGS-2551 - \"Error loading\" when normal user check operands on All namespaces\nOCPBUGS-2569 - ovn-k network policy races\nOCPBUGS-2579 - Helm Charts and Samples are not disabled in topology actions if actions are disabled in customization\nOCPBUGS-266 - Project Access tab cannot differentiate between users and groups\nOCPBUGS-2666 - `create a project` link not backed by RBAC check\nOCPBUGS-272 - Getting duplicate word \"find\" when kube-apiserver degraded=true if webhook matches a virtual resource\nOCPBUGS-2727 - ClusterVersionRecommendedUpdate condition blocks explicitly allowed upgrade which is not in the available updates\nOCPBUGS-2729 - should ignore enP.* NICs from node-exporter on Azure cluster\nOCPBUGS-2735 - Operand List Page Layout Incorrect on small screen size. \nOCPBUGS-2738 - CVE-2022-26945 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 ose-baremetal-installer-container: various flaws [openshift-4.13.z]\nOCPBUGS-2824 - The dropdown list component will be covered by deployment details page on Topology page\nOCPBUGS-2827 - OVNK: NAT issue for packets exceeding check_pkt_larger() for NodePort services that route to hostNetworked pods\nOCPBUGS-2841 - Need validation rule for supported arch\nOCPBUGS-2845 - Unable to use application credentials for Cinder CSI after OpenStack credentials update\nOCPBUGS-2847 - GCP XPN should only be available with Tech Preview\nOCPBUGS-2851 - [OCI feature] registries.conf support in oc mirror\nOCPBUGS-2852 - etcd failure: failed to make etcd client for endpoints [https://[2620:52:0:1eb:367x:5axx:xxx:xxx]:2379]: context deadline exceeded \nOCPBUGS-2868 - Container networking pods cannot be access hosted network pods on another node in ipv6 single stack cluster\nOCPBUGS-2873 - Prometheus doesn\u0027t reload TLS certificate and key files on disk\nOCPBUGS-2886 - The LoadBalaner section shouldn\u0027t be set when using Kuryr on cloud-provider\nOCPBUGS-2891 - AWS Deprovision Fails with unrecognized elastic load balancing resource type listener \nOCPBUGS-2895 - [RFE] 4.11 Azure DiskEncryptionSet static validation does not support upper-case letters\nOCPBUGS-2904 - If all the actions are disabled in add page, Details on/off toggle switch to be disabled\nOCPBUGS-2907 - provisioning of baremetal nodes fails when using multipath device as rootDeviceHints\nOCPBUGS-2921 - br-ex interface not configured makes ovnkube-node Pod to crashloop \nOCPBUGS-2922 - \u0027Status\u0027 column sorting doesn\u0027t work as expected\nOCPBUGS-2926 - Unable to gather OpenStack console logs since kernel cmd line has no console args\nOCPBUGS-2934 - Ingress node firewall pod \u0027s events container on the node causing pod in CrashLoopBackOff state when sctp module is loaded on node\nOCPBUGS-2941 - CIRO unable to detect swift when content-type is omitted in 204-responses\nOCPBUGS-2946 - [AWS] curl network Loadbalancer always get \"Connection time out\"\nOCPBUGS-2948 - Whereabouts CNI timesout while iterating exclude range\nOCPBUGS-2988 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10\"\nOCPBUGS-2991 - CI jobs are failing with: admission webhook \"validation.csi.vsphere.vmware.com\" denied the request\nOCPBUGS-2992 - metal3 pod crashloops on OKD in BareMetal IPI or assisted-installer bare metal installations\nOCPBUGS-2994 - Keepalived monitor stuck for long period of time on kube-api call while installing\nOCPBUGS-2996 - [4.13] Bootimage bump tracker\nOCPBUGS-3018 - panic in WaitForBootstrapComplete\nOCPBUGS-3021 - GCP: missing me-west1 region\nOCPBUGS-3024 - Service list shows undefined:80 when type is ExternalName or LoadBalancer\nOCPBUGS-3027 - Metrics are not available when running console in development mode\nOCPBUGS-3029 - BareMetalHost CR fails to delete on cluster cleanup\nOCPBUGS-3033 - Clicking the logo in the masthead goes to `/dashboards`, even if metrics are disabled\nOCPBUGS-3041 - Guard Pod Hostnames Too Long and Truncated Down Into Collisions With Other Masters\nOCPBUGS-3069 - Should show information on page if the upgrade to a target version doesn\u0027t take effect. \nOCPBUGS-3072 - Operator-sdk run bundle with old  sqllite index image failed \nOCPBUGS-3079 - RPS hook only sets the first queue, but there are now many\nOCPBUGS-3085 - [IPI-BareMetal]: Dual stack deployment failed on BootStrap stage  \nOCPBUGS-3093 - The control plane should tag AWS security groups at creation\nOCPBUGS-3096 - The terraform binaries shipped by the installer are not statically linked\nOCPBUGS-3109 - Change text colour for ConsoleNotification that notifies user that the cluster is being \nOCPBUGS-3114 - CNO reporting incorrect status\nOCPBUGS-3123 - Operator attempts to render both GA and Tech Preview API Extensions\nOCPBUGS-3127 - nodeip-configuration retries forever on network failure, blocking ovs-configuration, spamming syslog\nOCPBUGS-3168 - Add Capacity button does not exist after upgrade OCP version [OCP4.11-\u003eOCP4.12]\nOCPBUGS-3172 - Console shouldn\u0027t try to install dynamic plugins if permissions aren\u0027t available\nOCPBUGS-3180 - Regression in ptp-operator conformance tests\nOCPBUGS-3186 - [ibmcloud] unclear error msg when zones is not match with the Subnets in BYON install\nOCPBUGS-3192 - [4.8][OVN] RHEL 7.9 DHCP worker ovs-configuration fails \nOCPBUGS-3195 - Service-ca controller exits immediately with an error on sigterm\nOCPBUGS-3206 - [sdn2ovn] Migration failed in vsphere cluster\nOCPBUGS-3207 - SCOS build fails due to pinned kernel\nOCPBUGS-3214 - Installer does not always add router CA to kubeconfig\nOCPBUGS-3228 - Broken secret created while starting a Pipeline\nOCPBUGS-3235 - Topology gets stuck loading\nOCPBUGS-3245 - ovn-kubernetes ovnkube-master containers crashlooping after 4.11.0-0.okd-2022-10-15-073651 update\nOCPBUGS-3248 - CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]\nOCPBUGS-3253 - No warning when using wait-for vs. agent wait-for commands\nOCPBUGS-3272 - Unhealthy Readiness probe failed message failing CI when ovnkube DBs are still coming up\nOCPBUGS-3275 - No-op: Unable to retrieve machine from node \"xxx\": expecting one machine for node xxx got: []\nOCPBUGS-3277 - Install failure in create-cluster-and-infraenv.service\nOCPBUGS-3278 - Shouldn\u0027t need to put host data in platform baremetal section in installconfig\nOCPBUGS-3280 - Install ends in preparing-failed due to container-images-available validation\nOCPBUGS-3283 - remove unnecessary RBAC in KCM\nOCPBUGS-3292 - DaemonSet \"/openshift-network-diagnostics/network-check-target\" is not available\nOCPBUGS-3314 - \u0027gitlab.secretReference\u0027 disappears when the buildconfig is edited on ?From View?\nOCPBUGS-3316 - Branch name should sanitised to match actual github branch name in repository plr list\nOCPBUGS-3320 - New master will be created if add duplicated failuredomains in controlplanemachineset\nOCPBUGS-3331 - Update dependencies in CMO release 4.13\nOCPBUGS-3334 - Console should be using v1 apiVersion for ConsolePlugin model\nOCPBUGS-3337 - revert \"force cert rotation every couple days for development\" in 4.12\nOCPBUGS-3338 - Environment cannot find Python\nOCPBUGS-3358 - Revert BUILD-407\nOCPBUGS-3372 - error message is too generic when creating a silence with end time before start\nOCPBUGS-3373 - cluster-monitoring-view user can not list servicemonitors on \"Observe -\u003e Targets\" page\nOCPBUGS-3377 - CephCluster and StorageCluster resources use the same paths\nOCPBUGS-3381 - Make ovnkube-trace work on hypershift deployments\nOCPBUGS-3382 - Unable to configure cluster-wide proxy\nOCPBUGS-3391 - seccomp profile unshare.json missing from nodes\nOCPBUGS-3395 - Event Source is visible without even creating knative-eventing and knative-serving. \nOCPBUGS-3404 - IngressController.spec.nodePlacement.nodeSelector.matchExpressions does not work\nOCPBUGS-3414 - Missing \u0027ImageContentSourcePolicy\u0027 and \u0027CatalogSource\u0027 in the oci fbc feature implementation\nOCPBUGS-3424 - Azure Disk CSI Driver Operator gets degraded without \"CSISnapshot\" capability\nOCPBUGS-3426 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13\nOCPBUGS-3427 - Skip broken [sig-devex][Feature:ImageEcosystem] tests\nOCPBUGS-3438 - cloud-network-config-controller not using proxy settings of the management cluster\nOCPBUGS-3440 - Authentication operator doesn\u0027t respond to console being enabled\nOCPBUGS-3441 - Update cluster-authentication-operator not to go degraded without console\nOCPBUGS-3444 - [4.13] Descheduler pod is OOM killed when using descheduler-operator profiles on big clusters\nOCPBUGS-3456 - track `rhcos-4.12` branch for fedora-coreos-config submodule\nOCPBUGS-3458 - Surface ClusterVersion RetrievedUpdates condition messages\nOCPBUGS-3465 - IBM operator needs deployment manifest fixes\nOCPBUGS-3473 - Allow listing crio and kernel versions in machine-os components\nOCPBUGS-3476 - Show Tag label and tag name if tag is detected in repository PipelineRun list and details page\nOCPBUGS-3480 - Baremetal Provisioning fails on HP Gen9 systems due to eTag handling\nOCPBUGS-3499 - Route CRD validation behavior must be the same as openshift-apiserver behavior\nOCPBUGS-3501 - Route CRD host-assignment behavior must be the same as openshift-apiserver behavior\nOCPBUGS-3502 - CRD-based and openshift-apiserver-based Route validation/defaulting must use the shared implementation\nOCPBUGS-3508 - masters repeatedly losing connection to API and going NotReady\nOCPBUGS-3524 - The storage account for the CoreOS image is publicly accessible when deploying fully private cluster on Azure\nOCPBUGS-3526 - oc fails to extract layers that set xattr on Darwin\nOCPBUGS-3539 - [OVN-provider]loadBalancer svc with monitors not working\nOCPBUGS-3612 - [IPI] Baremetal ovs-configure.sh script fails to start secondary bridge br-ex1\nOCPBUGS-3621 - EUS upgrade stuck on worker pool update: error running skopeo inspect --no-tags\nOCPBUGS-3648 - Container security operator Image Manifest Vulnerabilities encounters runtime errors under some circumstances\nOCPBUGS-3659 - Expose AzureDisk metrics port over HTTPS\nOCPBUGS-3662 - don\u0027t enforce PSa in 4.12\nOCPBUGS-3667 - PTP 4.12 Regression - CLOCK REALTIME status is locked when physical interface is down\nOCPBUGS-3668 - 4.12.0-rc.0 fails to deploy on VMware IPI\nOCPBUGS-3676 - After node\u0027s reboot some pods fail to start - deleteLogicalPort failed for pod cannot delete GR SNAT for pod\nOCPBUGS-3693 - Router e2e: drop template.openshift.io apigroup dependency\nOCPBUGS-3709 - Special characters in subject name breaks prefilling role binding form\nOCPBUGS-3713 - [vsphere-problem-detector] fully qualified username must be used when checking permissions\nOCPBUGS-3714 - \u0027oc adm upgrade ...\u0027 should expose ClusterVersion Failing=True\nOCPBUGS-3739 - Pod stuck in containerCreating state when the node on which it is running is Terminated\nOCPBUGS-3744 - Egress router POD creation is failing while using openshift-sdn network plugin\nOCPBUGS-3755 - Create Alertmanager silence form does not explain the new \"Negative matcher\" option\nOCPBUGS-3761 - Consistent e2e test failure:Events.Events: event view displays created pod\nOCPBUGS-3765 - [RFE] Add kernel-rpm-macros to DTK image\nOCPBUGS-3771 - contrib/multicluster-environment.sh needs to be updated to work with ACM cluster proxy\nOCPBUGS-3776 - Manage columns tooltip remains displayed after dialog is closed\nOCPBUGS-3777 - [Dual Stack] ovn-ipsec crashlooping due to cert signing issues\nOCPBUGS-3797 - [4.13] Bump OVS control plane to get \"ovsdb/transaction.c: Refactor assess_weak_refs.\"\nOCPBUGS-3822 - Cluster-admin cannot know whether operator is fully deleted or not after normal user trigger \"Delete CSV\"\nOCPBUGS-3827 - CCM not able to remove a LB in ERROR state\nOCPBUGS-3877 - RouteTargetReference missing default for \"weight\" in Route CRD v1 schema\nOCPBUGS-3880 - [Ingress Node Firewall] Change the logo used for ingress node firewall operator\nOCPBUGS-3883 - Hosted ovnkubernetes pods are not being spread among workers evenly\nOCPBUGS-3896 - Console nav toggle button reports expanded in both expanded and not expanded states\nOCPBUGS-3904 - Delete/Add a failureDomain in CPMS to trigger update cannot work right on GCP\nOCPBUGS-3909 - Node is degraded when a machine config deploys a unit with content and mask=true\nOCPBUGS-3916 - expr for SDNPodNotReady is wrong due to there is not node label for kube_pod_status_ready\nOCPBUGS-3919 - Azure: unable to configure EgressIP if an ASG is set\nOCPBUGS-3921 - Openshift-install bootstrap operation cannot find a cloud defined in clouds.yaml in the current directory\nOCPBUGS-3923 - [CI] cluster-monitoring-operator produces more watch requests than expected\nOCPBUGS-3924 - Remove autoscaling/v2beta2 in 4.12 and later\nOCPBUGS-3929 - Use flowcontrol/v1beta2 for apf manifests in 4.13\nOCPBUGS-3931 - When all extensions are installed,  \"libkadm5\" rpm package is duplicated in the `rpm -q` command\nOCPBUGS-3933 - Fails to deprovision cluster when swift omits \u0027content-type\u0027\nOCPBUGS-3945 - Handle 0600 kubeconfig\nOCPBUGS-3951 - Dynamic plugin extensions disappear from the UI when a codeRef fails to load\nOCPBUGS-3960 - Use kernel-rt from ose repo\nOCPBUGS-3965 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce\nOCPBUGS-3973 - [SNO] csi-snapshot-controller CO is degraded when upgrade from 4.12 to 4.13 and reports permissions issue. \nOCPBUGS-3974 - CIRO panics when suspended flag is nil\nOCPBUGS-3975 - \"Failed to open directory, disabling udev device properties\" in node-exporter logs\nOCPBUGS-3978 - AWS EBS CSI driver operator is degraded without \"CSISnapshot\" capability\nOCPBUGS-3985 - Allow PSa enforcement in 4.13 by using featuresets\nOCPBUGS-3987 - Some nmstate validations are skipped when NM config is in agent-config.yaml\nOCPBUGS-3990 - HyperShift control plane operators have wrong priorityClass\nOCPBUGS-3993 - egressIP annotation including two interfaces when multiple networks\nOCPBUGS-4000 - fix operator naming convention \nOCPBUGS-4008 - Console deployment does not roll out when managed cluster configmap is updated\nOCPBUGS-4012 - Disabled Serverless add actions should not be displayed in topology menu\nOCPBUGS-4026 - Endless rerender loop and a stuck browser on the add and topology page when SBO is installed\nOCPBUGS-4047 - [CI-Watcher] e2e test flake: Create key/value secrets Validate a key/value secret\nOCPBUGS-4049 - MCO reconcile fails if user replace the pull secret to empty one\nOCPBUGS-4052 - [ALBO] OpenShift Load Balancer Operator does not properly support cluster wide proxy\nOCPBUGS-4054 - cluster-ingress-operator\u0027s configurable-route controller\u0027s startup is noisy\nOCPBUGS-4089 - Kube-State-metrics pod fails to start due to panic\nOCPBUGS-4090 - OCP on OSP - Image registry is deployed with cinder instead of swift storage backend \nOCPBUGS-4101 - Empty/missing node-sizing SYSTEM_RESERVED_ES parameter can result in kubelet not starting\nOCPBUGS-4110 - Form footer buttons are misaligned in web terminal form\nOCPBUGS-4119 - Random SYN drops in OVS bridges of OVN-Kubernetes\nOCPBUGS-4166 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13\nOCPBUGS-4168 - Prometheus continuously restarts due to slow WAL replay\nOCPBUGS-4173 - vsphere-problem-detector should re-check passwords after change\nOCPBUGS-4181 - Prometheus and Alertmanager incorrect ExternalURL configured\nOCPBUGS-4184 - Use mTLS authentication for all monitoring components instead of bearer token\nOCPBUGS-4203 - Unnecessary padding around alert atop debug pod terminal\nOCPBUGS-4206 - getContainerStateValue contains incorrectly internationalized text\nOCPBUGS-4207 - Remove debug level logging on openshift-config-operator\nOCPBUGS-4219 - Add runbook link to PrometheusRuleFailures\nOCPBUGS-4225 - [4.13] boot sequence override request fails with Base.1.8.PropertyNotWritable on Lenovo SE450\nOCPBUGS-4232 - CNCC: Wrong log format for Azure locking\nOCPBUGS-4245 - L2 does not work if a metallb is not able to listen to arp requests on a single interface\nOCPBUGS-4252 - Node Terminal tab results in error\nOCPBUGS-4253 - Add PodNetworkConnectivityCheck for must-gather\nOCPBUGS-4266 - crio.service should use a more safe restart policy to provide recoverability against concurrency issues\nOCPBUGS-4279 - Custom Victory-Core components in monitoring ui code causing build issues \nOCPBUGS-4280 - Return 0 when `oc import-image` failed\nOCPBUGS-4282 - [IR-269]Can\u0027t pull sub-manifest image using imagestream of manifest list\nOCPBUGS-4291 - [OVN]Sometimes after reboot egress node, egress IP cannot be applied anymore. \nOCPBUGS-4293 - Specify resources.requests for operator pod\nOCPBUGS-4298 - Specify resources.requests for operator pod\nOCPBUGS-4302 - Specify resources.requests for operator pod\nOCPBUGS-4305 - [4.13] Improve ironic logging configuration in metal3\nOCPBUGS-4317 - [IBM][4.13][Snapshot] restore size in snapshot is not the same size of pvc request size \nOCPBUGS-4328 - Update installer images to be consistent with ART\nOCPBUGS-434 - After FIPS enabled in S390X, ingress controller in degraded state\nOCPBUGS-4343 - Use flowcontrol/v1beta3 for apf manifests in 4.13\nOCPBUGS-4347 - set TLS cipher suites in Kube RBAC sidecars\nOCPBUGS-4350 - CNO in HyperShift reports upgrade complete in clusteroperator prematurely\nOCPBUGS-4352 - [RHOCP] HPA shows different API versions in web console\nOCPBUGS-4357 - Bump samples operator k8s dep to 1.25.2\nOCPBUGS-4359 - cluster-dns-operator corrupts /etc/hosts when fs full\nOCPBUGS-4367 - Debug log messages missing from output and Info messages malformed\nOCPBUGS-4377 - Service name search ability while creating the Route from console\nOCPBUGS-4401 - limit cluster-policy-controller RBAC permissions\nOCPBUGS-4411 - ovnkube node pod crashed after converting to a dual-stack cluster network\nOCPBUGS-4417 - ip-reconciler removes the overlappingrangeipreservations whether the pod is alive or not\nOCPBUGS-4425 - Egress FW ACL rules are invalid in dualstack mode\nOCPBUGS-4447 - [MetalLB Operator] The CSV needs an update to reflect the correct version of operator\nOCPBUGS-446 - Cannot Add a project from DevConsole in airgap mode using git importing\nOCPBUGS-4483 - apply retry logic to ovnk-node controllers\nOCPBUGS-4490 - hypershift: csi-snapshot-controller uses wrong kubeconfig\nOCPBUGS-4491 - hypershift: aws-ebs-csi-driver-operator uses wrong kubeconfig\nOCPBUGS-4492 - [4.13] The property TransferProtocolType is required for VirtualMedia.InsertMedia\nOCPBUGS-4502 - [4.13] [OVNK] Add support for service session affinity timeout\nOCPBUGS-4516 - `oc-mirror` does not work as expected relative path for OCI format copy \nOCPBUGS-4517 - Better to detail the --command-os of mac for `oc adm release extract` command\nOCPBUGS-4521 - all kubelet targets are down after a few hours\nOCPBUGS-4524 - Hold lock when deleting completed pod during update event\nOCPBUGS-4525 - Don\u0027t log in iterateRetryResources when there are no retry entries\nOCPBUGS-4535 - There is no 4.13 gcp-filestore-csi-driver-operator version for test\nOCPBUGS-4536 - Image registry panics while deploying OCP in eu-south-2 AWS region\nOCPBUGS-4537 - Image registry panics while deploying OCP in eu-central-2 AWS region\nOCPBUGS-4538 - Image registry panics while deploying OCP in ap-south-2 AWS region\nOCPBUGS-4541 - Azure: remove deprecated ADAL\nOCPBUGS-4546 - CVE-2021-38561 ose-installer-container: golang: out-of-bounds read in golang.org/x/text/language leads to DoS [openshift-4]\nOCPBUGS-4549 - Azure: replace deprecated AD Graph API\nOCPBUGS-4550 - [CI] console-operator produces more watch requests than expected\nOCPBUGS-4571 - The operator recommended namespace is incorrect after change installation mode to \"A specific namespace on the cluster\"\nOCPBUGS-4574 - Machine stuck in no phase when creating in a nonexistent zone and stuck in Deleting when deleting on GCP\nOCPBUGS-463 - OVN-Kubernetes should not send IPs with leading zeros to OVN\nOCPBUGS-4630 - Bump documentationBaseURL to 4.13\nOCPBUGS-4635 - [OCP 4.13] ironic container images have old packages\nOCPBUGS-4638 - Support RHOBS monitoring for HyperShift in CNO\nOCPBUGS-4652 - Fixes for RHCOS 9 based on RHEL 9.0\nOCPBUGS-4654 - Azure: UPI: Fix storage arm template to work with Galleries and MAO\nOCPBUGS-4659 - Network Policy executes duplicate transactions for every pod update\nOCPBUGS-4684 - In DeploymentConfig both the Form view and Yaml view are not in sync\nOCPBUGS-4689 - SNO not able to bring up Provisioning resource in 4.11.17\nOCPBUGS-4691 - Topology sidebar actions doesn\u0027t show the latest resource data\nOCPBUGS-4692 - PTP operator: Use priority class node critical\nOCPBUGS-4700 - read-only update UX: confusing \"Update blocked\" pop-up\nOCPBUGS-4701 - read-only update UX: confusing \"Control plane is hosted\" banner\nOCPBUGS-4703 - Router can migrate to use LivenessProbe.TerminationGracePeriodSeconds\nOCPBUGS-4712 - ironic-proxy daemonset not deleted when provisioningNetwork is changed from Disabled to Managed/Unmanaged\nOCPBUGS-4724 - [4.13] egressIP annotations not present on OpenShift on Openstack multiAZ installation\nOCPBUGS-4725 - mapi_machinehealthcheck_short_circuit not properly reconciling causing MachineHealthCheckUnterminatedShortCircuit alert to fire\nOCPBUGS-4746 - Removal of detection of host kubelet kubeconfig breaks IBM Cloud ROKS\nOCPBUGS-4756 - OLM generates invalid component selector labels\nOCPBUGS-4757 - Revert Catalog PSA decisions for 4.13 (OLM)\nOCPBUGS-4758 - Revert Catalog PSA decisions for 4.13 (Marketplace)\nOCPBUGS-4769 - Old AWS boot images vs. 4.12: unknown provider \u0027ec2\u0027\nOCPBUGS-4780 - Update openshift/builder release-4.13 to go1.19\nOCPBUGS-4781 - Get Helm Release seems to be using List Releases api\nOCPBUGS-4793 - CMO may generate Kubernetes events with a wrong object reference\nOCPBUGS-4802 - Update formatting with gofmt for go1.19\nOCPBUGS-4825 - Pods completed + deleted may leak\nOCPBUGS-4827 - Ingress Controller is missing a required AWS resource permission for SC2S region us-isob-east-1\nOCPBUGS-4873 - openshift-marketplace namespace missing \"audit-version\" and \"warn-version\" PSA label\nOCPBUGS-4874 - Baremetal host data is still sometimes required\nOCPBUGS-4883 - Default Git type to other info alert should get remove after changing the git type\nOCPBUGS-4894 - Disabled Serverless add actions should not be displayed for Knative Service\nOCPBUGS-4899 - coreos-installer output not available in the logs\nOCPBUGS-4900 - Volume limits test broken on AWS and GCP TechPreview clusters\nOCPBUGS-4906 - Cross-namespace template processing is not being tested\nOCPBUGS-4909 - Can\u0027t reach own service when egress netpol are enabled\nOCPBUGS-4913 - Need to wait longer for VM to obtain IP from DHCP\nOCPBUGS-4941 - Fails to deprovision cluster when swift omits \u0027content-type\u0027 and there are empty containers\nOCPBUGS-4950 - OLM K8s Dependencies should be at 1.25\nOCPBUGS-4954 - [IBMCloud] COS Reclamation prevents ResourceGroup cleanup\nOCPBUGS-4955 - Bundle Unpacker Using \"Always\" ImagePullPolicy for digests\nOCPBUGS-4969 - ROSA Machinepool EgressIP Labels Not Discovered\nOCPBUGS-4975 - Missing translation in ceph storage plugin\nOCPBUGS-4986 - precondition: Do not claim warnings would have blocked\nOCPBUGS-4997 - Agent ISO does not respect proxy settings\nOCPBUGS-5001 - MachineConfigControllerPausedPoolKubeletCA should have a working runbook URI\nOCPBUGS-501 - oc get dc fails when AllRequestBodies audit-profile is set in apiserver\nOCPBUGS-5010 - Should always delete the must-gather pod when run the must-gather\nOCPBUGS-5016 - Editing Pipeline in the ocp console to get information error\nOCPBUGS-5018 - Upgrade from 4.11 to  4.12 with Windows machine workers (Spot Instances) failing due to: hcnCreateEndpoint failed in Win32: The object already exists. \nOCPBUGS-5036 - Cloud Controller Managers do not react to changes in configuration leading to assorted errors\nOCPBUGS-5045 - unit test data race with egress ip tests\nOCPBUGS-5068 - [4.13] virtual media provisioning fails when iLO Ironic driver is used\nOCPBUGS-5073 - Connection reset by peer issue with SSL OAuth Proxy when route objects are created more than 80. \nOCPBUGS-5079 - [CI Watcher] pull-ci-openshift-console-master-e2e-gcp-console jobs: Process did not finish before 4h0m0s timeout\nOCPBUGS-5085 - Should only show the selected catalog when after apply  the ICSP and catalogsource\nOCPBUGS-5101 - [GCP] [capi] Deletion of cluster  is happening  , it shouldn\u0027t be allowed\nOCPBUGS-5116 - machine.openshift.io API is not supported in Machine API webhooks\nOCPBUGS-512 - Permission denied when write data to mounted gcp filestore volume instance\nOCPBUGS-5124 - kubernetes-nmstate does not pass CVP tests in 4.12\nOCPBUGS-5136 - provisioning on ilo4-virtualmedia BMC driver fails with error: \"Creating vfat image failed: Unexpected error while running command\"\nOCPBUGS-5140 - [alibabacloud] IPI install got bootstrap failure and without any node ready, due to enforced EIP bandwidth 5 Mbit/s\nOCPBUGS-5151 - Installer - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install\nOCPBUGS-5164 - Add support for API version v1beta1 for knativeServing and knativeEventing\nOCPBUGS-5165 - Dev Sandbox clusters uses clusterType OSD and there is no way to enforce DEVSANDBOX\nOCPBUGS-5182 - [azure] Fail to create master node with vm size in family ECIADSv5 and ECIASv5\nOCPBUGS-5184 - [azure] Fail to create master node with vm size in standardNVSv4Family\nOCPBUGS-5188 - Wrong message in MCCDrainError alert\nOCPBUGS-5234 - [azure] Azure Stack Hub (wwt) UPI installation failed to scale up worker nodes using machinesets \nOCPBUGS-5235 - mapi_instance_create_failed metric cannot work when set acceleratedNetworking: true on Azure\nOCPBUGS-5269 - remove unnecessary RBAC in KCM: file removal\nOCPBUGS-5275 - remove unnecessary RBAC in OCM\nOCPBUGS-5287 - Bug with Red Hat Integration - 3scale - Managed Application Services causes operator-install-single-namespace.spec.ts to fail\nOCPBUGS-5292 - Multus: Interface name contains an invalid character / [ocp 4.13]\nOCPBUGS-5300 - WriteRequestBodies audit profile records routes/status events at RequestResponse level\nOCPBUGS-5306 - One old machine stuck in Deleting and many co get degraded when doing master replacement on the cluster with OVN network\nOCPBUGS-5346 - Reported vSphere Connection status is misleading\nOCPBUGS-5347 - Clusteroperator Available condition is updated every 2 mins when operator is disabled\nOCPBUGS-5353 - Dashboard graph should not be stacked - Kubernetes / Compute Resources / Pod Dashboard\nOCPBUGS-5410 - [AWS-EBS-CSI-Driver] provision volume using customer kms key couldn\u0027t restore its snapshot successfully\nOCPBUGS-5423 - openshift-marketplace pods cause PodSecurityViolation alert to fire\nOCPBUGS-5428 - Many plugin SDK extension docs are missing descriptions\nOCPBUGS-5432 - Downstream Operator-SDK v1.25.1 to OCP 4.13\nOCPBUGS-5458 - wal: max entry size limit exceeded\nOCPBUGS-5465 - Context Deadline exceeded when PTP service is disabled from the switch\nOCPBUGS-5466 - Default CatalogSource aren\u0027t always reverted to default settings\nOCPBUGS-5492 - CI \"[Feature:bond] should create a pod with bond interface\" fail for MTU migration jobs\nOCPBUGS-5497 - MCDRebootError alarm disappears after 15 minutes\nOCPBUGS-5498 - Host inventory quick start for OCP\nOCPBUGS-5505 - Upgradeability check is throttled too much and with unnecessary non-determinism\nOCPBUGS-5508 - Report topology usage in vSphere environment via telemetry\nOCPBUGS-5517 - [Azure/ARO] Update Azure SDK to v63.1.0+incompatible \nOCPBUGS-5520 - MCDPivotError alert fires due temporary transient failures \nOCPBUGS-5523 - Catalog, fatal error: concurrent map read and map write\nOCPBUGS-5524 - Disable vsphere intree tests that exercise multiple tests\nOCPBUGS-5534 -  [UI] When OCP and ODF are upgraded, refresh web console pop-up doesn\u0027t appear after ODF upgrade resulting in dashboard crash\nOCPBUGS-5540 - Typo in WTO for Milliseconds\nOCPBUGS-5542 - Project dropdown order is not as smart as project list page order\nOCPBUGS-5546 - Machine API Provider Azure should not modify the Machine spec\nOCPBUGS-5547 - Webhook Secret (1 of 2) is not removed when Knative Service is deleted\nOCPBUGS-5559 - add default noProxy config for Azure\nOCPBUGS-5733 - [Openshift Pipelines] Description of parameters are not shown in pipelinerun description page\nOCPBUGS-5734 - Azure: VIP 168.63.129.16 should be noProxy to all clouds except Public\nOCPBUGS-5736 - The main section of the page will keep loading after normal user login\nOCPBUGS-5759 - Deletion of BYOH Windows node hangs in Ready,SchedulingDisabled\nOCPBUGS-5802 - update sprig to v3 in cno\nOCPBUGS-5836 - Incorrect redirection when user try to download windows oc binary\nOCPBUGS-5842 - executes /host/usr/bin/oc\nOCPBUGS-5851 - [CI-Watcher]: Using OLM descriptor components deletes operand \nOCPBUGS-5873 - etcd_object_counts is deprecated and replaced with apiserver_storage_objects, causing \"etcd Object Count\" dashboard to only show OpenShift resources\nOCPBUGS-5888 - Failed to install 4.13 ocp on SNO with \"error during syncRequiredMachineConfigPools\"\nOCPBUGS-5891 - oc-mirror heads-only does not work with target name\nOCPBUGS-5903 - gather default ingress controller definition\nOCPBUGS-5922 - [2047299 Jira placeholder] nodeport not reachable port connection timeout\nOCPBUGS-5939 - revert \"force cert rotation every couple days for development\" in 4.13\nOCPBUGS-5948 - Runtime error using API Explorer with AdmissionReview resource\nOCPBUGS-5949 - oc --icsp mapping scope does not match openshift icsp mapping scope\nOCPBUGS-5959 - [4.13] Bootimage bump tracker\nOCPBUGS-5988 - Degraded etcd on assisted-installer installation- bootstrap etcd is not removed properly\nOCPBUGS-5991 - Kube APIServer panics in admission controller\nOCPBUGS-5997 - Add Git Repository form shows empty permission content and non-working help link until a git url is entered\nOCPBUGS-6004 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10\"\nOCPBUGS-6011 - openshift-client package has wrong version of kubectl bundled\nOCPBUGS-6018 - The MCO can generate a rendered config with old KubeletConfig contents, blocking upgrades\nOCPBUGS-6026 - cannot change /etc folder ownership inside pod\nOCPBUGS-6033 - metallb 4.12.0-202301042354 (OCP 4.12)  refers to external image\nOCPBUGS-6049 - Do not show UpdateInProgress when status is Failing\nOCPBUGS-6053 - `availableUpdates: null` results in run-time error on Cluster Settings page\nOCPBUGS-6055 - thanos-ruler-user-workload-1 pod is getting repeatedly re-created after upgrade do 4.10.41\nOCPBUGS-6063 - PVs(vmdk) get deleted when scaling down machineSet with vSphere IPI\nOCPBUGS-6089 - Unnecessary event reprocessing\nOCPBUGS-6092 - ovs-configuration.service fails - Error: Connection activation failed: No suitable device found for this connection\nOCPBUGS-6097 - CVO hotloops on ImageStream and logs the information incorrectly\nOCPBUGS-6098 - Show Git icon and URL in repository link in PLR details page should be based on the git provider\nOCPBUGS-6101 - Daemonset is not upgraded after operator upgrade\nOCPBUGS-6175 - Image registry Operator does not use Proxy when connecting to openstack\nOCPBUGS-6185 - Update 4.13 ose-cluster-config-operator image to be consistent with ART\nOCPBUGS-6187 - Update 4.13 openshift-state-metrics image to be consistent with ART\nOCPBUGS-6189 - Update 4.13 ose-cluster-authentication-operator image to be consistent with ART\nOCPBUGS-6191 - Update 4.13 ose-network-metrics-daemon image to be consistent with ART\nOCPBUGS-6197 - Update 4.13 ose-openshift-apiserver image to be consistent with ART\nOCPBUGS-6201 - Update 4.13 openshift-enterprise-pod image to be consistent with ART\nOCPBUGS-6202 - Update 4.13 ose-cluster-kube-apiserver-operator image to be consistent with ART\nOCPBUGS-6213 - Update 4.13 ose-machine-config-operator image to be consistent with ART\nOCPBUGS-6222 - Update 4.13 ose-alibaba-cloud-csi-driver image to be consistent with ART\nOCPBUGS-6228 - Update 4.13 coredns image to be consistent with ART\nOCPBUGS-6231 - Update 4.13 ose-kube-storage-version-migrator image to be consistent with ART\nOCPBUGS-6232 - Update 4.13 marketplace-operator image to be consistent with ART\nOCPBUGS-6233 - Update 4.13 ose-cluster-openshift-apiserver-operator image to be consistent with ART\nOCPBUGS-6234 - Update 4.13 ose-cluster-bootstrap image to be consistent with ART\nOCPBUGS-6235 - Update 4.13 cluster-network-operator image to be consistent with ART\nOCPBUGS-6238 - Update 4.13 oauth-server image to be consistent with ART\nOCPBUGS-6240 - Update 4.13 ose-cluster-kube-storage-version-migrator-operator image to be consistent with ART\nOCPBUGS-6241 - Update 4.13 operator-lifecycle-manager image to be consistent with ART\nOCPBUGS-6247 - Update 4.13 ose-cluster-ingress-operator image to be consistent with ART\nOCPBUGS-6262 - Add more logs to \"oc extract\" in mco-first boot service \nOCPBUGS-6265 - When installing SNO with bootstrap in place it takes CVO 6 minutes to acquire the leader lease \nOCPBUGS-6270 - Irrelevant vsphere platform data is required\nOCPBUGS-6272 - E2E tests: Entire pipeline flow from Builder page Start the pipeline with workspace\nOCPBUGS-631 - machineconfig service is failed to start because Podman storage gets corrupted\nOCPBUGS-6486 - Image upload fails when installing cluster\nOCPBUGS-6503 - admin ack test nondeterministically does a check post-upgrade\nOCPBUGS-6504 - IPI Baremetal Master Node in DualStack getting fd69:: address randomly,  OVN CrashLoopBackOff\nOCPBUGS-6507 - Don\u0027t retry network policy peer pods if ips couldn\u0027t be fetched\nOCPBUGS-6577 - Node-exporter NodeFilesystemAlmostOutOfSpace alert exception needed\nOCPBUGS-6610 - Developer - Topology : \u0027Filter by resource\u0027 drop-down i18n misses\nOCPBUGS-6621 - Image registry panics while deploying OCP in ap-southeast-4 AWS region\nOCPBUGS-6624 - Issue deploying the master node with IPI\nOCPBUGS-6634 - Let the console able to build on other architectures and compatible with prow builds\nOCPBUGS-6646 - Ingress node firewall CI is broken with latest\nOCPBUGS-6647 - User Preferences - Applications : Resource type drop-down i18n misses\nOCPBUGS-6651 - Nodes unready in PublicAndPrivate / Private Hypershift setups behind a proxy\nOCPBUGS-6660 - Uninstall Operator? modal instructions always reference optional checkbox\nOCPBUGS-6663 - Platform baremetal warnings during create image when fields not defined\nOCPBUGS-6682 - [OVN] ovs-configuration vSphere vmxnet3 allmulti workaround is now permanent\nOCPBUGS-6698 - Fix conflict error message in cluster-ingress-operator\u0027s ensureNodePortService\nOCPBUGS-6700 - Cluster-ingress-operator\u0027s updateIngressClass function logs success message when error\nOCPBUGS-6701 - The ingress-operator spuriously updates ingressClass on startup\nOCPBUGS-6714 - Traffic from egress IPs was interrupted after Cluster patch to Openshift 4.10.46\nOCPBUGS-672 - Redhat-operators are failing regularly due to startup probe timing out which in turn increases CPU/Mem usage on Master nodes\nOCPBUGS-6722 - s390x: failed to generate asset \"Image\": multiple \"disk\" artifacts found\nOCPBUGS-6730 - Pod latency spikes are observed when there is a compaction/leadership transfer\nOCPBUGS-6731 - Gathered Environment variables (HTTP_PROXY/HTTPS_PROXY) may contain sensible information and should be obfuscated\nOCPBUGS-6741 - opm fails to serve FBC if cachedir not provided\nOCPBUGS-6757 - Pipeline Repository (Pipeline-as-Code) list page shows an empty Event type column\nOCPBUGS-6760 - Couldn\u0027t update/delete cpms on gcp private cluster\nOCPBUGS-6762 - Enhance the user experience for the name-filter-input on Metrics target page\nOCPBUGS-6765 - \"Delete dependent objects of this resource\" might cause confusions\nOCPBUGS-6777 - [gcp][CORS-1988] \"create manifests\" without an existing \"install-config.yaml\" missing 4 YAML files in \"\u003cinstall dir\u003e/openshift\" which leads to \"create cluster\" failure\nOCPBUGS-6781 - gather Machine objects\nOCPBUGS-6797 - Empty IBMCOS storage config causes operator to crashloop\nOCPBUGS-6799 - Repositories list does not show the running pipelinerun as last pipelinerun\nOCPBUGS-6809 - Uploading large layers fails with \"blob upload invalid\"\nOCPBUGS-6811 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13\nOCPBUGS-6821 - Update NTO images to be consistent with ART\nOCPBUGS-6832 - Include openshift_apps_deploymentconfigs_strategy_total to recent_metrics\nOCPBUGS-6893 - Dev console doesn\u0027t finish loading for users with limited access\nOCPBUGS-6902 - 4.13-e2e-metal-ipi-upgrade-ovn-ipv6 on permafail\nOCPBUGS-6917 - MultinetworkPolicy: unknown service runtime.v1alpha2.RuntimeService\nOCPBUGS-6925 - Update OWNERS_ALIASES in release-4.13 branch\nOCPBUGS-6945 - OS Release reports incorrect version ID\nOCPBUGS-6953 - ovnkube-master panic nil deref\nOCPBUGS-6955 -  panic in an ovnkube-master  pod\nOCPBUGS-6962 - \u0027agent_installer\u0027 invoker not showing up in telemetry\nOCPBUGS-6977 - pod-identity-webhook replicas=2 is failing single node jobs\nOCPBUGS-6978 - Index violation on IGMP_Group during upgrade from 4.12.0 to 4.12.1\nOCPBUGS-6994 - All Clusters perspective is not activated automatically when ACM is installed\nOCPBUGS-702 - The caBundle field of alertmanagerconfigs.monitoring.coreos.com crd is getting removed\nOCPBUGS-7031 - Pipelines repository list and creation form doesn\u0027t show Tech Preview status\nOCPBUGS-7090 - Add to navigation button in search result does nothing\nOCPBUGS-7102 - OLM downstream utest fails due to new release-XX+1 branch creation\nOCPBUGS-7106 - network-tools needs to be updated to give ovn-k master leader info\nOCPBUGS-7118 - OCP 4.12 does not support launching SGX enclaves\nOCPBUGS-7144 - On mobile screens, At pipeline details page the info alert on metrics tab is not showing correctly\nOCPBUGS-7149 - IPv6 multinode spoke no moving from rebooting/configuring stage\nOCPBUGS-7173 - [OVN] DHCP timeouts on Azure arm64, install fails\nOCPBUGS-7180 - [4.13] Bootimage bump tracker\nOCPBUGS-7186 - [gcp][CORS-2424] with \"secureBoot\" enabled, after deleting control-plane machine, the new machine is created with \"enableSecureBoot\" being False unexpectedly\nOCPBUGS-7195 - [CI-Watcher] e2e issue with tests: Create Samples Page Timeout Error\nOCPBUGS-7199 - [CI-Watcher] e2e issue with tests: Interacting with CatalogSource page\nOCPBUGS-7204 - Manifests generated to multiple \"results-xxx\" folders when using the oci feature with OCI and nonOCI catalogs \nOCPBUGS-7207 - MTU migration configuration is cleaned up prematurely while in progress\nOCPBUGS-723 - ClusterResourceQuota values are not reflecting. \nOCPBUGS-7268 - [4.13] Modify the PSa pod extractor to mutate pod controller pod specs\nOCPBUGS-7284 - Hypershift failing new SCC conformance tests\nOCPBUGS-7291 - ptp keeps trying to start phc2sys even if it\u0027s configured as empty string in phc2sysOpts\nOCPBUGS-7293 - RHCOS 9.2 Failing to Bootstrap on Metal, OpenStack, vSphere (all baremetal runtime platforms)\nOCPBUGS-7300 - aws-ebs-csi-driver-operator crash loops with HC proxy configured\nOCPBUGS-7301 - Not possible to use certain start addresses in whereabouts IPv6 range [Backport 4.13]\nOCPBUGS-7308 - Download kubeconfig for ServiceAccount returns error\nOCPBUGS-7354 - Installation failed on Azure SDN as network is degraded \nOCPBUGS-7356 - Default channel on OCP 4.13 should be stable-4.13\nOCPBUGS-7359 - [Azure] Replace master failed as new master did not add into lb backend \nOCPBUGS-736 - Kuryr uses default MTU for service network\nOCPBUGS-7366 - [gcp] New machine stuck in Provisioning when delete one zone from cpms on gcp with customer vpc\nOCPBUGS-7372 - fail early on missing node status envs\nOCPBUGS-7374 - set default timeouts in etcdcli\nOCPBUGS-7391 - Monitoring operator long delay reconciling extension-apiserver-authentication\nOCPBUGS-7399 - In the Edit application mode, the name of the added pipeline is not displayed anymore\nOCPBUGS-7408 - AzureDisk CSI driver does not compile with cachito\nOCPBUGS-7412 - gomod dependencies failures in 4.13-4.14 container builds\nOCPBUGS-7417 - gomod dependencies failures in 4.13-4.14 container builds\nOCPBUGS-7418 - Default values for Scaling fields is not set in Create Serverless function form\nOCPBUGS-7419 - CVO delay when setting clusterversion available status to true  \nOCPBUGS-7421 - Missing i18n key for PAC section in Git import form\nOCPBUGS-7424 - Bump cluster-ingress-operator to k8s APIs v0.26.1\nOCPBUGS-7427 - dynamic-demo-plugin.spec.ts requires 10 minutes of unnecessary wait time\nOCPBUGS-7438 - Egress service does not handle invalid nodeSelectors correctly\nOCPBUGS-7482 - Fix handling of single failure-domain (non-tagged) deployments in vsphere\nOCPBUGS-7483 - Hypershift installs on \"platform: none\" are broken\nOCPBUGS-7488 - test flake: should not reconcile SC when state is Unmanaged\nOCPBUGS-7495 - Platform type is ignored\nOCPBUGS-7517 - Helm page crashes on old releases with a new Secret\nOCPBUGS-7519 - NFS Storage Tests trigger Kernel Panic on Azure and Metal\nOCPBUGS-7523 - Add new AWS regions for ROSA\nOCPBUGS-7542 - Bump router to k8s APIs v0.26.1\nOCPBUGS-7555 - Enable default sysctls for kubelet\nOCPBUGS-7558 - Rebase coredns to 1.10.1\nOCPBUGS-7563 - vSphere install can\u0027t complete with out-of-tree CCM\nOCPBUGS-7579 - [azure] failed to parse client certificate when using certificate-based Service Principal with passpharse\nOCPBUGS-7611 - PTPOperator config transportHost with AMQ is not detected \nOCPBUGS-7616 - vSphere multiple in-tree test failures (non-zonal)\nOCPBUGS-7617 - Azure Disk volume is taking time to attach/detach\nOCPBUGS-7622 - vSphere UPI jobs failing with \u0027Managed cluster should have machine resources\u0027\nOCPBUGS-7648 - Bump cluster-dns-operator to k8s APIs v0.26.1\nOCPBUGS-7689 - Project Admin is able to Label project with empty string in RHOCP 4\nOCPBUGS-7696 - [ Azure ]not able to deploy machine with publicIp:true\nOCPBUGS-7707 - /etc/NetworkManager/dispatcher.d needs to be relabeled during pivot from 8.6 to 9.2\nOCPBUGS-7719 - Update to 4.13.0-ec.3 stuck on leaked MachineConfig\nOCPBUGS-7729 - Remove ETCD liviness probe. \nOCPBUGS-7731 - Need to cancel threads when agent-tui timeout is stopped\nOCPBUGS-7733 - Afterburn fails on AWS/GCP clusters born in OCP 4.1/4.2\nOCPBUGS-7743 - SNO upgrade from 4.12 to 4.13 rhel9.2 is broken cause of dnsmasq default config\nOCPBUGS-7750 - fix gofmt check issue in network-metrics-daemon\nOCPBUGS-7754 - ART having trouble building olm images\nOCPBUGS-7774 - RawCNIConfig is printed in byte representation on failure, not human readable\nOCPBUGS-7785 - migrate to using Lease for leader election\nOCPBUGS-7806 - add \"nfs-export\" under PV details page\nOCPBUGS-7809 - sg3_utils package is missing in the assisted-installer-agent Docker file\nOCPBUGS-781 - ironic-proxy is using a deprecated field to fetch cluster VIP\nOCPBUGS-7833 - Storage tests failing in no-capabilities job\nOCPBUGS-7837 - hypershift: aws-ebs-csi-driver-operator uses guest cluster proxy causing PV provisioning failure\nOCPBUGS-7860 - [azure] message is unclear when missing clientCertificatePassword in osServicePrincipal.json\nOCPBUGS-7876 - [Descheduler] Enabling LifeCycleUtilization to test namespace filtering does not work\nOCPBUGS-7879 - Devfile isn\u0027t be processed correctly on \u0027Add from git repo\u0027\nOCPBUGS-7896 - MCO should not add keepalived pod manifests in case of VSPHERE UPI\nOCPBUGS-7899 - ODF Monitor pods failing to be bounded because timeout issue with thin-csi SC\nOCPBUGS-7903 -  Pool degraded with error: rpm-ostree kargs: signal: terminated\nOCPBUGS-7909 - Baremetal runtime prepender creates /etc/resolv.conf mode 0600 and bad selinux context\nOCPBUGS-794 - OLM version rule is not clear\nOCPBUGS-7940 - apiserver panics in admission controller\nOCPBUGS-7943 - AzureFile CSI driver does not compile with cachito\nOCPBUGS-7970 - [E2E] Always close the filter dropdown in listPage.filter.by\nOCPBUGS-799 - Reply packet for DNS conversation to service IP uses pod IP as source\nOCPBUGS-8066 - Create Serverless Function form breaks if Pipeline Operator is not installed\nOCPBUGS-8086 - Visual issues with listing items\nOCPBUGS-8243 - [release 4.13] Gather Monitoring pods\u0027 Persistent Volumes\nOCPBUGS-8308 - Bump openshift/kubernetes to 1.26.2\nOCPBUGS-8312 - IPI on Power VS clusters cannot deploy MCO\nOCPBUGS-8326 - Azure cloud provider should use Kubernetes 1.26 dependencies\nOCPBUGS-8341 - Unable to set capabilities with agent installer based installation \nOCPBUGS-8342 - create cluster-manifests fails when imageContentSources is missing\nOCPBUGS-8353 - PXE support is incomplete\nOCPBUGS-8381 - Console shows x509 error when requesting token from oauth endpoint\nOCPBUGS-8401 - Bump openshift/origin to kube 1.26.2\nOCPBUGS-8424 - ControlPlaneMachineSet: Machine\u0027s Node should be Ready to consider the Machine Ready\nOCPBUGS-8445 - cgroups default setting in OCP 4.13 generates extra MachineConfig\nOCPBUGS-8463 - OpenStack Failure domains as 4.13 TechPreview\nOCPBUGS-8471 - [4.13] egress firewall only createas 1 acl for long namespace names\nOCPBUGS-8475 - TestBoundTokenSignerController causes unrecoverable disruption in e2e-gcp-operator CI job\nOCPBUGS-8481 - CAPI rebases 4.13 backports\nOCPBUGS-8490 - agent-tui: display additional checks only when primary check fails\nOCPBUGS-8498 - aws-ebs-csi-driver-operator ServiceAccount does not include the HCP pull-secret in its imagePullSecrets\nOCPBUGS-8505 - [4.13] egress firewall acls are deleted on restart\nOCPBUGS-8511 - [4.13+ ONLY] Don\u0027t use port 80 in bootstrap IPI bare metal\nOCPBUGS-855 - When setting allowedRegistries urls the openshift-samples operator is degraded\nOCPBUGS-859 - monitor not working with UDP lb when externalTrafficPolicy: Local\nOCPBUGS-860 - CSR are generated with incorrect Subject Alternate Names\nOCPBUGS-8699 - Metal IPI Install Rate Below 90%\nOCPBUGS-8701 - `oc patch project`  not working with OCP 4.12\nOCPBUGS-8702 - OKD SCOS: remove workaround for rpm-ostree auth\nOCPBUGS-8703 - fails to switch to kernel-rt with rhel 9.2\nOCPBUGS-8710 - [4.13] don\u0027t enforce PSa in 4.13\nOCPBUGS-8712 - AES-GCM encryption at rest is not supported by kube-apiserver-operator\nOCPBUGS-8719 - Allow the user to scroll the content of the agent-tui details view\nOCPBUGS-8741 - [4.13] Pods in same deployment will have different ability to query services in same namespace from one another; ocp 4.10\nOCPBUGS-8742 - Origin tests should not specify `readyz` as the health check path\nOCPBUGS-881 - fail to create install-config.yaml as apiVIP and ingressVIP are not in machine networks\nOCPBUGS-8941 - Introduce tooltips for contextual information\nOCPBUGS-904 - Alerts from MCO are missing namespace\nOCPBUGS-9079 - ICMP fragmentation needed sent to pods behind a service don\u0027t seem to reach the pods\nOCPBUGS-91 - [ExtDNS] New TXT record breaks downward compatibility by retroactively limiting record length\nOCPBUGS-9132 - WebSCale: ovn logical router polices incorrect/l3 gw config not updated after IP change\nOCPBUGS-9185 - Pod latency spikes are observed when there is a compaction/leadership transfer\nOCPBUGS-9233 - ConsoleQuickStart {{copy}} and {{execute}} features do not work in some cases\nOCPBUGS-931 - [osp][octavia lb] NodePort allocation cannot be disabled for LB type svcs\nOCPBUGS-9338 - editor toggle radio input doesn\u0027t have distinguishable attributes\nOCPBUGS-9389 - Detach code in vsphere csi driver is failing\nOCPBUGS-948 - OLM sets invalid SCC label on its namespaces\nOCPBUGS-95 - NMstate removes egressip in OpenShift cluster with SDN plugin\nOCPBUGS-9913 - bacport tests for PDBUnhealthyPodEvictionPolicy as Tech Preview\nOCPBUGS-9924 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag\nOCPBUGS-9926 - Enable node healthz server for ovnk in CNO \nOCPBUGS-9951 - fails to reconcile to RT kernel on interrupted updates\nOCPBUGS-9957 - Garbage collect grafana-dashboard-etcd\nOCPBUGS-996 - Control Plane Machine Set Operator OnDelete update should cause an error when more than one machine is ready in an index\nOCPBUGS-9963 - Better to change the error information more clearly to help understand \nOCPBUGS-9968 - Operands running management side missing affinity, tolerations, node selector and priority rules than the operator\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-4235\nhttps://access.redhat.com/security/cve/CVE-2021-4238\nhttps://access.redhat.com/security/cve/CVE-2021-20329\nhttps://access.redhat.com/security/cve/CVE-2021-38561\nhttps://access.redhat.com/security/cve/CVE-2021-43519\nhttps://access.redhat.com/security/cve/CVE-2021-44964\nhttps://access.redhat.com/security/cve/CVE-2022-1271\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-1587\nhttps://access.redhat.com/security/cve/CVE-2022-1785\nhttps://access.redhat.com/security/cve/CVE-2022-1897\nhttps://access.redhat.com/security/cve/CVE-2022-1927\nhttps://access.redhat.com/security/cve/CVE-2022-2509\nhttps://access.redhat.com/security/cve/CVE-2022-2990\nhttps://access.redhat.com/security/cve/CVE-2022-3080\nhttps://access.redhat.com/security/cve/CVE-2022-3259\nhttps://access.redhat.com/security/cve/CVE-2022-4203\nhttps://access.redhat.com/security/cve/CVE-2022-4304\nhttps://access.redhat.com/security/cve/CVE-2022-4450\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-23525\nhttps://access.redhat.com/security/cve/CVE-2022-23526\nhttps://access.redhat.com/security/cve/CVE-2022-26280\nhttps://access.redhat.com/security/cve/CVE-2022-27191\nhttps://access.redhat.com/security/cve/CVE-2022-29154\nhttps://access.redhat.com/security/cve/CVE-2022-29824\nhttps://access.redhat.com/security/cve/CVE-2022-34903\nhttps://access.redhat.com/security/cve/CVE-2022-38023\nhttps://access.redhat.com/security/cve/CVE-2022-38177\nhttps://access.redhat.com/security/cve/CVE-2022-38178\nhttps://access.redhat.com/security/cve/CVE-2022-40674\nhttps://access.redhat.com/security/cve/CVE-2022-41316\nhttps://access.redhat.com/security/cve/CVE-2022-41717\nhttps://access.redhat.com/security/cve/CVE-2022-41721\nhttps://access.redhat.com/security/cve/CVE-2022-41723\nhttps://access.redhat.com/security/cve/CVE-2022-41724\nhttps://access.redhat.com/security/cve/CVE-2022-41725\nhttps://access.redhat.com/security/cve/CVE-2022-42010\nhttps://access.redhat.com/security/cve/CVE-2022-42011\nhttps://access.redhat.com/security/cve/CVE-2022-42012\nhttps://access.redhat.com/security/cve/CVE-2022-42898\nhttps://access.redhat.com/security/cve/CVE-2022-42919\nhttps://access.redhat.com/security/cve/CVE-2022-46146\nhttps://access.redhat.com/security/cve/CVE-2022-47629\nhttps://access.redhat.com/security/cve/CVE-2023-0056\nhttps://access.redhat.com/security/cve/CVE-2023-0215\nhttps://access.redhat.com/security/cve/CVE-2023-0216\nhttps://access.redhat.com/security/cve/CVE-2023-0217\nhttps://access.redhat.com/security/cve/CVE-2023-0229\nhttps://access.redhat.com/security/cve/CVE-2023-0286\nhttps://access.redhat.com/security/cve/CVE-2023-0361\nhttps://access.redhat.com/security/cve/CVE-2023-0401\nhttps://access.redhat.com/security/cve/CVE-2023-0620\nhttps://access.redhat.com/security/cve/CVE-2023-0665\nhttps://access.redhat.com/security/cve/CVE-2023-0778\nhttps://access.redhat.com/security/cve/CVE-2023-25000\nhttps://access.redhat.com/security/cve/CVE-2023-25165\nhttps://access.redhat.com/security/cve/CVE-2023-25173\nhttps://access.redhat.com/security/cve/CVE-2023-25577\nhttps://access.redhat.com/security/cve/CVE-2023-25725\nhttps://access.redhat.com/security/cve/CVE-2023-25809\nhttps://access.redhat.com/security/cve/CVE-2023-27561\nhttps://access.redhat.com/security/cve/CVE-2023-28642\nhttps://access.redhat.com/security/cve/CVE-2023-30570\nhttps://access.redhat.com/security/cve/CVE-2023-30841\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZGVrhNzjgjWX9erEAQjD7BAAihZ8nlrasEU8QISGjHMUkUXKPHgV6LlZ\nIT2h0MLam8ICSCDdZ8PUVXhWP+CTTIYYdpEPTaIdKdB16iecRXm2ML8GtQ38zSjC\nLpCB4NUmAdoH91FbT2oazgrCgg+2hizfufLYk/8nNm9yVR0zT5kZbuXMFZH/PbCb\ndYYyRsXsNt4+MpaWGf1q3jS7OX8l5UXbfO+nnKHWoow5/PeclygxFbRclr7o62Dy\ntnfgs+OwbroI6L0nohsUTk4Es1koyD8FaGdo28ViLcgVH1VDhBqzHXSAe1P+XmAc\nPSG6slSRIrgJpARfN8OEI89wfI+ttyqEi4yAdoKjCo/pbshhLw3JZQcavmQc8XEK\no1afTtx0XFHJsAdZRjvq+7zExqnDANRLbtkkYG2gYuc8LgGmh6P0ZlhxQFMS3f/T\ncTLSLaP6XSnHQaJyc0kqULHcWBZRzepcIDPYkmTCbCVCwLjXuIoF6eMQvo7eRXCy\n4qN3nT0+M90jWxf/uQzo9NpeWFB7y2cccHMvaPzZ8cAAxpwM3Rphutu9lzRfJCl8\nTMincIMIFq3vLmrfxHX5YOKfgH/Kjc06TbtnzxtucFQVNFxyKIWKgJB/hl1mGDTJ\n8cibppoX+mLmUirPuu+5JwaAmq7skX5HKX3r3t8sajmij17nS2Ff8q52ZLgdZQ6H\nXbiJN3SZj5U=\n=WGO2\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.7.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/release_notes/\n\nSecurity fix(es)\n* CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service\n(ReDoS) vulnerability\n* CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint\n* CVE-2023-29017 vm2: Sandbox Escape\n* CVE-2023-29199 vm2: Sandbox Escape\n* CVE-2023-30547 vm2: Sandbox Escape when exception sanitization\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2139426 - CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint\n2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability\n2185374 - CVE-2023-29017 vm2: sandbox escape\n2187409 - CVE-2023-29199 vm2: Sandbox Escape\n2187608 - CVE-2023-30547 vm2: Sandbox Escape when exception sanitization\n\n5. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - noarch\nRed Hat Enterprise Linux CRB (v. 9) - aarch64, noarch, x86_64\n\n3. Description:\n\nEDK (Embedded Development Kit) is a project to enable UEFI support for\nVirtual Machines. This package contains a sample 64-bit UEFI firmware for\nQEMU and KVM. \n\nSecurity Fix(es):\n\n* openssl: X.400 address type confusion in X.509 GeneralName\n(CVE-2023-0286)\n\n* edk2: integer underflow in SmmEntryPoint function leads to potential SMM\nprivilege escalation (CVE-2021-38578)\n\n* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)\n\n* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)\n\n* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.2 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1960321 - CVE-2021-38578 edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation\n1983086 - Assertion failure when creating 1024 VCPU VM: [...]UefiCpuPkg/CpuMpPei/CpuBist.c(186): !EFI_ERROR (Status)\n2125336 - Please add edk2-aarch64 and edk2-tools to CRB in RHEL 9\n2132951 - edk2: Sort traditional virtualization builds before Confidential Computing builds\n2157656 - [edk2] [aarch64] Unable to initialize EFI firmware when using edk2-aarch64-20221207gitfff6d81270b5-1.el9 in some hardwares\n2162307 - Broken GRUB output on a serial console\n2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName\n2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation\n2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF\n2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex\n2168046 - [edk2] BIOS Release Date string is unexpected length\n2174605 - [EDK2] disable dynamic mmio window\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\nSource:\nedk2-20221207gitfff6d81270b5-9.el9_2.src.rpm\n\nnoarch:\nedk2-aarch64-20221207gitfff6d81270b5-9.el9_2.noarch.rpm\nedk2-ovmf-20221207gitfff6d81270b5-9.el9_2.noarch.rpm\n\nRed Hat Enterprise Linux CRB (v.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.9 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly\n2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption\n2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics\n\n5. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.redhat.com/):\n\nJWS-2933 - Update openssl from JBCS to versions from 2.4.51-SP2\n\n7. Bugs fixed (https://bugzilla.redhat.com/):\n\n2139896 - Requested TSC frequency outside tolerance range \u0026 TSC scaling not supported\n2145146 - CDI operator is not creating PrometheusRule resource with alerts if CDI resource is incorrect\n2148383 - Migration metrics values are not sum up values from all VMIs\n2149409 - HPP mounter deployment can\u0027t mount as unprivileged\n2168489 - Overview -\u003e Migrations - The ?Bandwidth consumption? Graph display with wrong values\n2184435 - [cnv-4.12] virt-handler should not delete any pre-configured mediated devices i these are provided by an external provider\n2222191 - [cnv-4.12] manually increasing the number of virt-api pods does not work\n\n5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-4450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003616"
      },
      {
        "db": "PACKETSTORM",
        "id": "173547"
      },
      {
        "db": "PACKETSTORM",
        "id": "172441"
      },
      {
        "db": "PACKETSTORM",
        "id": "171957"
      },
      {
        "db": "PACKETSTORM",
        "id": "172460"
      },
      {
        "db": "PACKETSTORM",
        "id": "172238"
      },
      {
        "db": "PACKETSTORM",
        "id": "172147"
      },
      {
        "db": "PACKETSTORM",
        "id": "172733"
      },
      {
        "db": "PACKETSTORM",
        "id": "174517"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-4450",
        "trust": 3.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-075-04",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-165-10",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-165-11",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-046-15",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-194-04",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-102-08",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-165-06",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-320-08",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-255-01",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-166-11",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91213144",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99464755",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95292697",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99752892",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97200253",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU92598492",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU93250330",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99836374",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91198149",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003616",
        "trust": 0.8
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-4450",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "173547",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172441",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "171957",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172460",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172238",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172147",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172733",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "174517",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-4450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003616"
      },
      {
        "db": "PACKETSTORM",
        "id": "173547"
      },
      {
        "db": "PACKETSTORM",
        "id": "172441"
      },
      {
        "db": "PACKETSTORM",
        "id": "171957"
      },
      {
        "db": "PACKETSTORM",
        "id": "172460"
      },
      {
        "db": "PACKETSTORM",
        "id": "172238"
      },
      {
        "db": "PACKETSTORM",
        "id": "172147"
      },
      {
        "db": "PACKETSTORM",
        "id": "172733"
      },
      {
        "db": "PACKETSTORM",
        "id": "174517"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-4450"
      }
    ]
  },
  "id": "VAR-202302-0195",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2376099833333333
  },
  "last_update_date": "2024-07-23T19:21:02.492000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "hitachi-sec-2024-111",
        "trust": 0.8,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/waugustus/carpetfuzz "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-4450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003616"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-415",
        "trust": 1.0
      },
      {
        "problemtype": "Double release (CWE-415) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003616"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-4450"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4450"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b"
      },
      {
        "trust": 1.0,
        "url": "https://security.gentoo.org/glsa/202402-08"
      },
      {
        "trust": 1.0,
        "url": "https://www.openssl.org/news/secadv/20230207.txt"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91213144/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99752892/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99464755/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95292697/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu97200253/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu92598492/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91198149/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99836374/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu93250330/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-04"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-11"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-04"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-01"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-08"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-102-08"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-06"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-10"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-11"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2023-0215"
      },
      {
        "trust": 0.8,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-4450"
      },
      {
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-4304"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4304"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2023-0361"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0215"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2023-0286"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0361"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0286"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-41725"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-41724"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2023-23916"
      },
      {
        "trust": 0.2,
        "url": "https://issues.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2023-25173"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-41717"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-34903"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-42898"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-47629"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-1586"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23916"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/waugustus/carpetfuzz"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-26604"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-001"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:4114"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-1667"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-2283"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24736"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-24329"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-3089"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-2283"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-1667"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-3089"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-26604"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-24329"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20329"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-38023"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26280"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0620"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1587"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4235"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21698"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0665"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0778"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-46146"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41721"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-25725"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-38177"
      },
      {
        "trust": 0.1,
        "url": "https://[2620:52:0:1eb:367x:5axx:xxx:xxx]:2379]:"
      },
      {
        "trust": 0.1,
        "url": "https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27191"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-38178"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4238"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1587"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-28642"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3259"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23526"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41316"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-25577"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-30570"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:1325"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43519"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2990"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43519"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23525"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2509"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0056"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-30841"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20329"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41723"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40674"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42919"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-38561"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1927"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0229"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-27561"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23525"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44964"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-25000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4238"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42011"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:1326"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-25165"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1271"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0401"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44964"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42010"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-0216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4235"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29154"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1897"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1785"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-4203"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-25809"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29824"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3080"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3841"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html-single/install/index#installing"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3841"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-29199"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-29017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25881"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-29017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30547"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25881"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-30547"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-29199"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:1888"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22662"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41715"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-35737"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27664"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0584"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26719"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22629"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-46848"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32190"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-4415"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22628"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40304"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40303"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32189"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2880"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26700"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26716"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27664"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46848"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38578"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-38578"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:2165"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28617"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25173"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41725"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-28617"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41724"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:2107"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:3420"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-34969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38408"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-3899"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-2602"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-32681"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-29469"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28321"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-34969"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-29469"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27536"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32681"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-28321"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28484"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-27536"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-28484"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:4982"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-2603"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-2602"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-2603"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-38408"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-4450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003616"
      },
      {
        "db": "PACKETSTORM",
        "id": "173547"
      },
      {
        "db": "PACKETSTORM",
        "id": "172441"
      },
      {
        "db": "PACKETSTORM",
        "id": "171957"
      },
      {
        "db": "PACKETSTORM",
        "id": "172460"
      },
      {
        "db": "PACKETSTORM",
        "id": "172238"
      },
      {
        "db": "PACKETSTORM",
        "id": "172147"
      },
      {
        "db": "PACKETSTORM",
        "id": "172733"
      },
      {
        "db": "PACKETSTORM",
        "id": "174517"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-4450"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2022-4450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003616"
      },
      {
        "db": "PACKETSTORM",
        "id": "173547"
      },
      {
        "db": "PACKETSTORM",
        "id": "172441"
      },
      {
        "db": "PACKETSTORM",
        "id": "171957"
      },
      {
        "db": "PACKETSTORM",
        "id": "172460"
      },
      {
        "db": "PACKETSTORM",
        "id": "172238"
      },
      {
        "db": "PACKETSTORM",
        "id": "172147"
      },
      {
        "db": "PACKETSTORM",
        "id": "172733"
      },
      {
        "db": "PACKETSTORM",
        "id": "174517"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-4450"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-003616"
      },
      {
        "date": "2023-07-18T13:35:08",
        "db": "PACKETSTORM",
        "id": "173547"
      },
      {
        "date": "2023-05-18T13:46:17",
        "db": "PACKETSTORM",
        "id": "172441"
      },
      {
        "date": "2023-04-20T16:14:17",
        "db": "PACKETSTORM",
        "id": "171957"
      },
      {
        "date": "2023-05-19T14:41:19",
        "db": "PACKETSTORM",
        "id": "172460"
      },
      {
        "date": "2023-05-09T15:23:44",
        "db": "PACKETSTORM",
        "id": "172238"
      },
      {
        "date": "2023-05-04T14:45:01",
        "db": "PACKETSTORM",
        "id": "172147"
      },
      {
        "date": "2023-06-06T16:30:13",
        "db": "PACKETSTORM",
        "id": "172733"
      },
      {
        "date": "2023-09-06T16:39:54",
        "db": "PACKETSTORM",
        "id": "174517"
      },
      {
        "date": "2023-02-08T20:15:23.973000",
        "db": "NVD",
        "id": "CVE-2022-4450"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-06-17T07:09:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-003616"
      },
      {
        "date": "2024-02-04T09:15:08.733000",
        "db": "NVD",
        "id": "CVE-2022-4450"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "172441"
      }
    ],
    "trust": 0.1
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL\u00a0 Double release vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-003616"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "sql injection",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "172441"
      }
    ],
    "trust": 0.1
  }
}

var-200110-0259
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. OpenSSL library vulnerabilities:

ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

(CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
allows remote attackers to cause a denial of service (infinite
loop and memory consumption) via malformed ASN.1 structures that
trigger an improperly handled error condition.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1.

(CVE-2006-4343) The get_server_hello function in the SSLv2 client
code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and
earlier versions allows remote servers to cause a denial of service
(client crash) via unknown vectors that trigger a null pointer
dereference. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

(CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
SSH protocol, allows remote attackers to cause a denial of service
(CPU consumption) via an SSH packet that contains duplicate blocks,
which is not properly handled by the CRC compensation attack
detector.

NOTE: ESX by default disables version 1 SSH protocol.

(CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
allows remote attackers to cause a denial of service (crash), and
possibly execute arbitrary code if GSSAPI authentication is enabled,
via unspecified vectors that lead to a double-free.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)

files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings. Python applications
using this function can open a security vulnerability that could
allow the execution of arbitrary code.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library.

Affected packages

-------------------------------------------------------------------
 Package           /  Vulnerable  /                     Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 0.9.8d >= 0.9.8d *>= 0.9.7l

Description

Tavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSL_get_shared_ciphers() function contains a buffer overflow vulnerability, and that the SSLv2 client code contains a flaw leading to a crash. Additionally Dr. Stephen N. Henson found that the ASN.1 handler contains two Denial of Service vulnerabilities: while parsing an invalid ASN.1 structure and while handling certain types of public key.

Impact

An attacker could trigger the buffer overflow vulnerability by sending a malicious suite of ciphers to an application using the vulnerable function, and thus execute arbitrary code with the rights of the user running the application. Finally a malicious server could crash a SSLv2 client through the SSLv2 vulnerability.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0259",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2006.0"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "igateway vpn/ssl-vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intoto",
        "version": "0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154548.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "intrusion detection system 4.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2007.0"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor credits Dr S. N. Henson of Open Network Security with the discovery of this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "20247"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-2940",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2940",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. \n\n    (CVE-2006-4343) The get_server_hello function in the SSLv2 client\n    code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and\n    earlier versions allows remote servers to cause a denial of service\n    (client crash) via unknown vectors that trigger a null pointer\n    dereference. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4\n    allows remote attackers to cause a denial of service (crash), and\n    possibly execute arbitrary code if GSSAPI authentication is enabled,\n    via unspecified vectors that lead to a double-free. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. Python applications\n    using this function can open a security vulnerability that could\n    allow the execution of arbitrary code. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package           /  Vulnerable  /                     Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl      \u003c 0.9.8d                          \u003e= 0.9.8d\n                                                            *\u003e= 0.9.7l\n\nDescription\n===========\n\nTavis Ormandy and Will Drewry, both of the Google Security Team,\ndiscovered that the SSL_get_shared_ciphers() function contains a buffer\noverflow vulnerability, and that the SSLv2 client code contains a flaw\nleading to a crash. Additionally Dr. Stephen N. Henson found that the\nASN.1 handler contains two Denial of Service vulnerabilities: while\nparsing an invalid ASN.1 structure and while handling certain types of\npublic key. \n\nImpact\n======\n\nAn attacker could trigger the buffer overflow vulnerability by sending\na malicious suite of ciphers to an application using the vulnerable\nfunction, and thus execute arbitrary code with the rights of the user\nrunning the application. Finally a\nmalicious server could crash a SSLv2 client through the SSLv2\nvulnerability. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 1.8
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940",
        "trust": 1.6
      },
      {
        "db": "BID",
        "id": "20247",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23794",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22500",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26893",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29261",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1017522",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "id": "VAR-200110-0259",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-03-26T20:35:19.600000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 1.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22500"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23794"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26893"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1017522"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1195"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29261"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20247"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-2"
      },
      {
        "trust": 1.0,
        "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230"
      },
      {
        "trust": 1.0,
        "url": "https://issues.rpath.com/browse/rpl-1633"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10311"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.2,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20247"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20247"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-05-09T19:53:00",
        "db": "BID",
        "id": "20247"
      },
      {
        "date": "2018-10-18T16:44:22.137000",
        "db": "NVD",
        "id": "CVE-2006-2940"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20247"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "20247"
      }
    ],
    "trust": 0.3
  }
}

var-200609-1196
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 

29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.

Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files.

(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.

(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems

(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).

(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.

(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.

NOTE: ESX by default disables version 1 SSH protocol.

NOTE: ESX doesn't use GSSAPI by default.

(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)

files:

ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files.  Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.

VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():

ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem

A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.

ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

  1. References:

ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

  1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

BACKGROUND

RESOLUTION

HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

PRODUCT SPECIFIC INFORMATION

The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE-----

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1196",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.2.6-p1"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.3.2-p1"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "trendmicro interscan web security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "1.1 solaris edition"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2006-2937",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      }
    ],
    "trust": 5.67
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 3.7
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-333A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "50595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "101257",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200609-1196",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-06-16T17:20:03.897000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "title": "HPSBUX02174",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02174.html"
      },
      {
        "title": "BIND 9: OpenSSL Vulnerabilities",
        "trust": 0.8,
        "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
      },
      {
        "title": "openssl (V4.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
      },
      {
        "title": "secadv_20060928",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2006-0695.html"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "title": "102759",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
      },
      {
        "title": "102747",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
      },
      {
        "title": "readme_iwss11_sol_patch7_b1182",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2006/tlsa-2006-33.txt"
      },
      {
        "title": "RHSA-2006:0695",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0695j.html"
      },
      {
        "title": "TLSA-2006-33",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2006/tlsa-2006-33j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.6,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 1.1,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/3820"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-333a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.5,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.3,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/9986131"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/3069097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
      },
      {
        "trust": 0.1,
        "url": "http://h30097.www3.hp.com/cma/patches.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2006-10-04T20:17:01",
        "db": "PACKETSTORM",
        "id": "50595"
      },
      {
        "date": "2007-01-13T22:56:30",
        "db": "PACKETSTORM",
        "id": "53566"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2007-04-19T00:58:08",
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2011-05-10T00:45:11",
        "db": "PACKETSTORM",
        "id": "101257"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2001-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2008-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000592"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "56053"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-523"
      }
    ],
    "trust": 0.6
  }
}

var-201501-0435
Vulnerability from variot

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-3125-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 11, 2015 http://www.debian.org/security/faq

Package : openssl CVE ID : CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues:

CVE-2014-3569

Frank Schmirler reported that the ssl23_get_client_hello function in
OpenSSL does not properly handle attempts to use unsupported
protocols. When OpenSSL is built with the no-ssl3 option and a SSL
v3 ClientHello is received, the ssl method would be set to NULL which
could later result in a NULL pointer dereference and daemon crash.

CVE-2014-3570

Pieter Wuille of Blockstream reported that the bignum squaring
(BN_sqr) may produce incorrect results on some platforms, which
might make it easier for remote attackers to defeat cryptographic
protection mechanisms.

CVE-2014-3571

Markus Stenberg of Cisco Systems, Inc. A remote attacker could use this flaw
to mount a denial of service attack.

CVE-2014-3572

Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an
OpenSSL client would accept a handshake using an ephemeral ECDH
ciphersuite if the server key exchange message is omitted. This
allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks
and trigger a loss of forward secrecy.

CVE-2014-8275

Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project
and Konrad Kraszewski of Google reported various certificate
fingerprint issues, which allow remote attackers to defeat a
fingerprint-based certificate-blacklist protection mechanism.

CVE-2015-0204

Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that
an OpenSSL client will accept the use of an ephemeral RSA key in a
non-export RSA key exchange ciphersuite, violating the TLS
standard. This allows remote SSL servers to downgrade the security
of the session.

CVE-2015-0205

Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an
OpenSSL server will accept a DH certificate for client
authentication without the certificate verify message. This flaw
effectively allows a client to authenticate without the use of a
private key via crafted TLS handshake protocol traffic to a server
that recognizes a certification authority with DH support.

CVE-2015-0206

Chris Mueller discovered a memory leak in the dtls1_buffer_record
function. A remote attacker could exploit this flaw to mount a
denial of service through memory exhaustion by repeatedly sending
specially crafted DTLS records.

For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u14.

For the upcoming stable distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in version 1.0.1k-1.

We recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004

OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address the following:

Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain admin privileges without properly authenticating Description: An issue existed when checking XPC entitlements. This issue was addressed with improved entitlement checking. CVE-ID CVE-2015-1130 : Emil Kvarnhammar at TrueSec

apache Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.10 and 2.2.29, including one that may allow a remote attacker to execute arbitrary code. These issues were addressed by updating Apache to versions 2.4.10 and 2.2.29 CVE-ID CVE-2013-0118 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523

ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in fontd. These issues were addressed through improved input validation. CVE-ID CVE-2015-1131 : Ian Beer of Google Project Zero CVE-2015-1132 : Ian Beer of Google Project Zero CVE-2015-1133 : Ian Beer of Google Project Zero CVE-2015-1134 : Ian Beer of Google Project Zero CVE-2015-1135 : Ian Beer of Google Project Zero

Certificate Trust Policy Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.

CFNetwork HTTPProtocol Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Cookies belonging to one origin may be sent to another origin Description: A cross-domain cookie issue existed in redirect handling. Cookies set in a redirect response could be passed on to a redirect target belonging to another origin. The issue was address through improved handling of redirects. CVE-ID CVE-2015-1089 : Niklas Keller

CFNetwork Session Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Authentication credentials may be sent to a server on another origin Description: A cross-domain HTTP request headers issue existed in redirect handling. HTTP request headers sent in a redirect response could be passed on to another origin. The issue was addressed through improved handling of redirects. CVE-ID CVE-2015-1091 : Diego Torres (http://dtorres.me)

CFURL Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-1088 : Luigi Galli

CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A use-after-free issue existed in CoreAnimation. This issue was addressed through improved mutex management. CVE-ID CVE-2015-1136 : Apple

FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1093 : Marc Schoenefeld

Graphics Driver Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A NULL pointer dereference existed in NVIDIA graphics driver's handling of certain IOService userclient types. This issue was addressed through additional context validation. CVE-ID CVE-2015-1137 : Frank Graziano and John Villamil of the Yahoo Pentest Team

Hypervisor Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the hypervisor framework. This issue was addressed through improved input validation. CVE-ID CVE-2015-1138 : Izik Eidus and Alex Fishman

ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted .sgi file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of .sgi files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1139 : Apple

IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1095 : Andrew Church

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative, Luca Todesco

IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4404 : Ian Beer of Google Project Zero

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties. CVE-ID CVE-2014-4405 : Ian Beer of Google Project Zero

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A user may be able to execute arbitrary code with system privileges Description: An out-of-bounds write issue exited in the IOHIDFamily driver. The issue was addressed through improved input validation. CVE-ID CVE-2014-4380 : cunzhang from Adlab of Venustech

Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system shutdown Description: An issue existed in the handling of virtual memory operations within the kernel. The issue is fixed through improved handling of the mach_vm_read operation. CVE-ID CVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc.

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc.

Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on OS X. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs

Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative

Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io

LaunchServices Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause the Finder to crash Description: An input validation issue existed in LaunchServices's handling of application localization data. This issue was addressed through improved validation of localization data. CVE-ID CVE-2015-1142

LaunchServices Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in LaunchServices's handling of localized strings. This issue was addressed through additional bounds checking. CVE-ID CVE-2015-1143 : Apple

libnetcore Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc.

ntp Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may brute force ntpd authentication keys Description: The config_auth function in ntpd generated a weak key when an authentication key was not configured. This issue was addressed by improved key generation. CVE-ID CVE-2014-9298

OpenLDAP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote unauthenticated client may be able to cause a denial of service Description: Multiple input validation issues existed in OpenLDAP. These issues were addressed by improved input validation. CVE-ID CVE-2015-1545 : Ryan Tandy CVE-2015-1546 : Ryan Tandy

OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL 0.9.8zc, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers. These issues were addressed by updating OpenSSL to version 0.9.8zd. CVE-ID CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204

Open Directory Client Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A password might be sent unencrypted over the network when using Open Directory from OS X Server Description: If an Open Directory client was bound to an OS X Server but did not install the certificates of the OS X Server, and then a user on that client changed their password, the password change request was sent over the network without encryption. This issue was addressed by having the client require encryption for this case. CVE-ID CVE-2015-1147 : Apple

PHP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.3.29, 5.4.38, and 5.5.20, including one which may have led to arbitrary code execution. This update addresses the issues by updating PHP to versions 5.3.29, 5.4.38, and 5.5.20. CVE-ID CVE-2013-6712 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-3981 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120

QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1098 : Christopher Hickstein

SceneKit Available for: OS X Mountain Lion v10.8.5 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. Viewing a maliciously crafted Collada file may have led to arbitrary code execution. This issue was addressed through improved validation of accessor elements. CVE-ID CVE-2014-8830 : Jose Duart of Google Security Team

Screen Sharing Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A user's password may be logged to a local file Description: In some circumstances, Screen Sharing may log a user's password that is not readable by other users on the system. This issue was addressed by removing logging of credential. CVE-ID CVE-2015-1148 : Apple

Security - Code Signing Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Tampered applications may not be prevented from launching Description: Applications containing specially crafted bundles may have been able to launch without a completely valid signature. This issue was addressed by adding additional checks. CVE-ID CVE-2015-1145 CVE-2015-1146

UniformTypeIdentifiers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in the way Uniform Type Identifiers were handled. This issue was addressed with improved bounds checking. CVE-ID CVE-2015-1144 : Apple

WebKit Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in WebKit. This issues was addressed through improved memory handling. CVE-ID CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative

Security Update 2015-004 (available for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5) also addresses an issue caused by the fix for CVE-2015-1067 in Security Update 2015-002. This issue prevented Remote Apple Events clients on any version from connecting to the Remote Apple Events server. In default configurations, Remote Apple Events is not enabled.

OS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. https://support.apple.com/en-us/HT204658

OS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg lhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l +I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6 DudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj cjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW kHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo pqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv D/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX kEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R 5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b 6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G vVE37tYUU4PnLfwlcazq =MOsT -----END PGP SIGNATURE----- .

Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe

Easy Update Via ThinPro / EasyUpdate (x86):

http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar

Via ThinPro / EasyUpdate (ARM):

http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar

Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem. ============================================================================ Ubuntu Security Notice USN-2459-1 January 12, 2015

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. (CVE-2014-3570)

Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. (CVE-2014-3571)

Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. (CVE-2014-3572)

Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that OpenSSL incorrectly handled certain certificate fingerprints. A remote attacker could possibly use this issue to trick certain applications that rely on the uniqueness of fingerprints. (CVE-2014-8275)

Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain key exchanges. (CVE-2015-0204)

Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled client authentication. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0206)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.1

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.8

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.21

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.23

After a standard system update you need to reboot your computer to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2459-1 CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.1 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.8 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.21 https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.23 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04774019

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04774019 Version: 1

HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-08-24 Last Updated: 2015-08-24

Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.

References:

CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:

HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment

HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:

http://www.hp.com/go/insightupdates

Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.

HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.

HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location

HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744

HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=

HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169

HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115

HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021

HISTORY Version:1 (rev.1) - 24 August 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlXbREoACgkQ4B86/C0qfVl2EQCcC7+X+ufWAfXznICabd38dIqX /uwAmwTKaw3ON48Dwm7wtl1Cw1+vwZGJ =kie8 -----END PGP SIGNATURE----- .

References:

CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101885

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The updates are available from either of the following sites:

ftp://sl098ze:Secure12@h2.usa.hp.com

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I

HP-UX Release HP-UX OpenSSL depot name

B.11.11 (11i v1) OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot

B.11.23 (11i v2) OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot

B.11.31 (11i v3) OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot

MANUAL ACTIONS: Yes - Update

Install OpenSSL A.00.09.08ze or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0435",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "9.9.1"
      },
      {
        "model": "communications core session manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "7.3.5"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "9.7.3"
      },
      {
        "model": "communications core session manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "7.2.5"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "10.4.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zc"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.1"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.2"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.2"
      },
      {
        "model": "xcp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "2260"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 5.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.63"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle mobile security suite mss 3.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.71"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle exalogic infrastructure 1.x"
      },
      {
        "model": "communications policy management",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "12.1.1 and earlier"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.1"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.1"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.22 and earlier"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.4"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(arm) 4.2"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 4.3"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle tuxedo 12.1.1.0"
      },
      {
        "model": "hp thinpro linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "(x86) 5.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "xcp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "(fujitsu m10-1/m10-4/m10-4s server )"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle exalogic infrastructure 2.x"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.1"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "mate collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "bladecenter advanced management module 25r5778",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1948"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22025850"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "6"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.4"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "85100"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.2"
      },
      {
        "model": "communications session border controller scz7.4.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.1"
      },
      {
        "model": "prime security manager 04.8 qa08",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "cognos planning interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0-68"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.842"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "flex system manager node types",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79550"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "app for netapp data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2-77"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "telepresence te software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "linux enterprise software development kit sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.1.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350073830"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "7"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.2.2.2"
      },
      {
        "model": "network configuration and change management service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.8"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310025820"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "1"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "cognos planning interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.12"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24087380"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "communications security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "alienvault",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.1"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.96"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6.156"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12"
      },
      {
        "model": "system management homepage c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1"
      },
      {
        "model": "enterprise content delivery service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4(7.26)"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8.0.10"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "communications session border controller scz7.3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.4"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.2"
      },
      {
        "model": "app for stream",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "systems insight manager sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1(5.106)"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise communications broker pcz2.0.0m4p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22079060"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "5"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x638370"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x88042590"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "physical access gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79180"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.102"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "application policy infrastructure controller 1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nextscale nx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54550"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15-210"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0-103"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12.201"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.95"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.3.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0-95"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "ace30 application control engine module 3.0 a5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified computing system b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.96"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079150"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.7"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2.127"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.2"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "cms r17 r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087220"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1-73"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "wag310g residential gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0-14"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "14.1.3"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "cognos controller if1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.3"
      },
      {
        "model": "as infinity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.2"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "linux enterprise server for vmware sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux enterprise server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "fujitsu m10-4 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2230"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(0.625)"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x88079030"
      },
      {
        "model": "agent desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24087370"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12.1"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "system management homepage a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11.197"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15210"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "system m4 hd type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054600"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.0"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.740"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "systems insight manager update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.31"
      },
      {
        "model": "system management homepage 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "cms r17 r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22279160"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "cognos controller interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "business process manager advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6"
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "system m4 bd type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054660"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "openssh for gpfs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "iptv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "linux enterprise desktop sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325025830"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2.106"
      },
      {
        "model": "web security appliance 9.0.0 -fcs",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "systems insight manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "42000"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "mint",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage 7.3.2.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "3"
      },
      {
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.3"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14.20"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.760"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.7"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "84200"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "tuxedo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1.0"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x330073820"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1.730"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x363071580"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "bladecenter t advanced management module 32r0835",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.801"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8734-"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "mobile wireless transport manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mate design",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24078630"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.143"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "fujitsu m10-4s server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2230"
      },
      {
        "model": "business process manager advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087330"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24089560"
      },
      {
        "model": "powervu d9190 conditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "15.0.2"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x353071600"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0(4.29)"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "14.0.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "mate live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0-12"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "mobile security suite mss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1.104"
      },
      {
        "model": "cognos controller if3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087180"
      },
      {
        "model": "flex system manager node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8731-"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "systems insight manager sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1.73"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "45000"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310054570"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1841"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "cognos controller fp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.2(3.1)"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.4"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.179"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079140"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087520"
      },
      {
        "model": "vds service broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x638370"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "app for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "004.000(1233)"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2.10"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.841"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.103"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.3"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "fujitsu m10-1 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2230"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "53000"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.0.121"
      },
      {
        "model": "ios 15.5 s",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "prime performance manager for sps ppm sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.3.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.1.2"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x44079170"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "systems insight manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79190"
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.750"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325054580"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.1"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "71937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007552"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3571"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zc",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3571"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130548"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2014-3571",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-3571",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3571",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3571",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3571"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007552"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3571"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3125-1                   security@debian.org\nhttp://www.debian.org/security/                      Salvatore Bonaccorso\nJanuary 11, 2015                       http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : openssl\nCVE ID         : CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n                 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206\n\nMultiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following issues:\n\nCVE-2014-3569\n\n    Frank Schmirler reported that the ssl23_get_client_hello function in\n    OpenSSL does not properly handle attempts to use unsupported\n    protocols. When OpenSSL is built with the no-ssl3 option and a SSL\n    v3 ClientHello is received, the ssl method would be set to NULL which\n    could later result in a NULL pointer dereference and daemon crash. \n\nCVE-2014-3570\n\n    Pieter Wuille of Blockstream reported that the bignum squaring\n    (BN_sqr) may produce incorrect results on some platforms, which\n    might make it easier for remote attackers to defeat cryptographic\n    protection mechanisms. \n\nCVE-2014-3571\n\n    Markus Stenberg of Cisco Systems, Inc. A remote attacker could use this flaw\n    to mount a denial of service attack. \n\nCVE-2014-3572\n\n    Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\n    OpenSSL client would accept a handshake using an ephemeral ECDH\n    ciphersuite if the server key exchange message is omitted. This\n    allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks\n    and trigger a loss of forward secrecy. \n\nCVE-2014-8275\n\n    Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project\n    and Konrad Kraszewski of Google reported various certificate\n    fingerprint issues, which allow remote attackers to defeat a\n    fingerprint-based certificate-blacklist protection mechanism. \n\nCVE-2015-0204\n\n    Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that\n    an OpenSSL client will accept the use of an ephemeral RSA key in a\n    non-export RSA key exchange ciphersuite, violating the TLS\n    standard. This allows remote SSL servers to downgrade the security\n    of the session. \n\nCVE-2015-0205\n\n    Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\n    OpenSSL server will accept a DH certificate for client\n    authentication without the certificate verify message. This flaw\n    effectively allows a client to authenticate without the use of a\n    private key via crafted TLS handshake protocol traffic to a server\n    that recognizes a certification authority with DH support. \n\nCVE-2015-0206\n\n    Chris Mueller discovered a memory leak in the dtls1_buffer_record\n    function. A remote attacker could exploit this flaw to mount a\n    denial of service through memory exhaustion by repeatedly sending\n    specially crafted DTLS records. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u14. \n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1k-1. \n\nWe recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 are now available\nand address the following:\n\nAdmin Framework\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A process may gain admin privileges without properly\nauthenticating\nDescription:  An issue existed when checking XPC entitlements. This\nissue was addressed with improved entitlement checking. \nCVE-ID\nCVE-2015-1130 : Emil Kvarnhammar at TrueSec\n\napache\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Multiple vulnerabilities in Apache\nDescription:  Multiple vulnerabilities existed in Apache versions\nprior to 2.4.10 and 2.2.29, including one that may allow a remote\nattacker to execute arbitrary code. These issues were addressed by\nupdating Apache to versions 2.4.10 and 2.2.29\nCVE-ID\nCVE-2013-0118\nCVE-2013-5704\nCVE-2013-6438\nCVE-2014-0098\nCVE-2014-0117\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-3523\n\nATS\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  Multiple input validation issues existed in fontd. \nThese issues were addressed through improved input validation. \nCVE-ID\nCVE-2015-1131 : Ian Beer of Google Project Zero\nCVE-2015-1132 : Ian Beer of Google Project Zero\nCVE-2015-1133 : Ian Beer of Google Project Zero\nCVE-2015-1134 : Ian Beer of Google Project Zero\nCVE-2015-1135 : Ian Beer of Google Project Zero\n\nCertificate Trust Policy\nImpact:  Update to the certificate trust policy\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork HTTPProtocol\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Cookies belonging to one origin may be sent to another\norigin\nDescription:  A cross-domain cookie issue existed in redirect\nhandling. Cookies set in a redirect response could be passed on to a\nredirect target belonging to another origin. The issue was address\nthrough improved handling of redirects. \nCVE-ID\nCVE-2015-1089 : Niklas Keller\n\nCFNetwork Session\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Authentication credentials may be sent to a server on\nanother origin\nDescription:  A cross-domain HTTP request headers issue existed in\nredirect handling. HTTP request headers sent in a redirect response\ncould be passed on to another origin. The issue was addressed through\nimproved handling of redirects. \nCVE-ID\nCVE-2015-1091 : Diego Torres (http://dtorres.me)\n\nCFURL\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  An input validation issue existed within URL\nprocessing. This issue was addressed through improved URL validation. \nCVE-ID\nCVE-2015-1088 : Luigi Galli\n\nCoreAnimation\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A use-after-free issue existed in CoreAnimation. This\nissue was addressed through improved mutex management. \nCVE-ID\nCVE-2015-1136 : Apple\n\nFontParser\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nprocessing of font files. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1093 : Marc Schoenefeld\n\nGraphics Driver\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A NULL pointer dereference existed in NVIDIA graphics\ndriver\u0027s handling of certain IOService userclient types. This issue\nwas addressed through additional context validation. \nCVE-ID\nCVE-2015-1137 :\nFrank Graziano and John Villamil of the Yahoo Pentest Team\n\nHypervisor\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A local application may be able to cause a denial of service\nDescription:  An input validation issue existed in the hypervisor\nframework. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-1138 : Izik Eidus and Alex Fishman\n\nImageIO\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Processing a maliciously crafted .sgi file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\n.sgi files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-1139 : Apple\n\nIOHIDFamily\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A malicious HID device may be able to cause arbitrary code\nexecution\nDescription:  A memory corruption issue existed in an IOHIDFamily\nAPI. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1095 : Andrew Church\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A buffer overflow issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1140 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative,\nLuca Todesco\n\nIOHIDFamily\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in IOHIDFamily that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1096 : Ilja van Sprundel of IOActive\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A heap buffer overflow existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4404 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A null pointer dereference existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved validation of IOHIDFamily key-mapping properties. \nCVE-ID\nCVE-2014-4405 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact:  A user may be able to execute arbitrary code with system\nprivileges\nDescription:  An out-of-bounds write issue exited in the IOHIDFamily\ndriver. The issue was addressed through improved input validation. \nCVE-ID\nCVE-2014-4380 : cunzhang from Adlab of Venustech\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to cause unexpected system shutdown\nDescription:  An issue existed in the handling of virtual memory\noperations within the kernel. The issue is fixed through improved\nhandling of the mach_vm_read operation. \nCVE-ID\nCVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A race condition existed in the kernel\u0027s setreuid\nsystem call. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1099 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local application may escalate privileges using a\ncompromised service intended to run with reduced privileges\nDescription:  setreuid and setregid system calls failed to drop\nprivileges permanently. This issue was addressed by correctly\ndropping privileges. \nCVE-ID\nCVE-2015-1117 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  An attacker with a privileged network position may be able\nto redirect user traffic to arbitrary hosts\nDescription:  ICMP redirects were enabled by default on OS X. This\nissue was addressed by disabling ICMP redirects. \nCVE-ID\nCVE-2015-1103 : Zimperium Mobile Security Labs\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  An attacker with a privileged network position may be able\nto cause a denial of service\nDescription:  A state inconsistency existed in the processing of TCP\nheaders. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription:  A out of bounds memory access issue existed in the\nkernel. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1100 : Maxime Villard of m00nbsd\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A remote attacker may be able to bypass network filters\nDescription:  The system would treat some IPv6 packets from remote\nnetwork interfaces as local packets. The issue was addressed by\nrejecting these packets. \nCVE-ID\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1101 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A state inconsistency issue existed in the handling of\nTCP out of band data. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\n\nLaunchServices\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to cause the Finder to crash\nDescription:  An input validation issue existed in LaunchServices\u0027s\nhandling of application localization data. This issue was addressed\nthrough improved validation of localization data. \nCVE-ID\nCVE-2015-1142\n\nLaunchServices\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A type confusion issue existed in LaunchServices\u0027s\nhandling of localized strings. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2015-1143 : Apple\n\nlibnetcore\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Processing a maliciously crafted configuration profile may\nlead to unexpected application termination\nDescription:  A memory corruption issue existed in the handling of\nconfiguration profiles. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of\nFireEye, Inc. \n\nntp\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A remote attacker may brute force ntpd authentication keys\nDescription:  The config_auth function in ntpd generated a weak key\nwhen an authentication key was not configured. This issue was\naddressed by improved key generation. \nCVE-ID\nCVE-2014-9298\n\nOpenLDAP\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A remote unauthenticated client may be able to cause a\ndenial of service\nDescription:  Multiple input validation issues existed in OpenLDAP. \nThese issues were addressed by improved input validation. \nCVE-ID\nCVE-2015-1545 : Ryan Tandy\nCVE-2015-1546 : Ryan Tandy\n\nOpenSSL\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Multiple vulnerabilities in OpenSSL\nDescription:  Multiple vulnerabilities existed in OpenSSL 0.9.8zc,\nincluding one that may allow an attacker to intercept connections to\na server that supports export-grade ciphers. These issues were\naddressed by updating OpenSSL to version 0.9.8zd. \nCVE-ID\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\n\nOpen Directory Client\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A password might be sent unencrypted over the network when\nusing Open Directory from OS X Server\nDescription:  If an Open Directory client was bound to an OS X Server\nbut did not install the certificates of the OS X Server, and then a\nuser on that client changed their password, the password change\nrequest was sent over the network without encryption. This issue was\naddressed by having the client require encryption for this case. \nCVE-ID\nCVE-2015-1147 : Apple\n\nPHP\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Multiple vulnerabilities in PHP\nDescription:  Multiple vulnerabilities existed in PHP versions prior\nto 5.3.29, 5.4.38, and 5.5.20, including one which may have led to\narbitrary code execution. This update addresses the issues by\nupdating PHP to versions 5.3.29, 5.4.38, and 5.5.20. \nCVE-ID\nCVE-2013-6712\nCVE-2014-0207\nCVE-2014-0237\nCVE-2014-0238\nCVE-2014-2497\nCVE-2014-3478\nCVE-2014-3479\nCVE-2014-3480\nCVE-2014-3487\nCVE-2014-3538\nCVE-2014-3587\nCVE-2014-3597\nCVE-2014-3668\nCVE-2014-3669\nCVE-2014-3670\nCVE-2014-3710\nCVE-2014-3981\nCVE-2014-4049\nCVE-2014-4670\nCVE-2014-4698\nCVE-2014-5120\n\nQuickLook\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Opening a maliciously crafted iWork file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\niWork files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-1098 : Christopher Hickstein\n\nSceneKit\nAvailable for:  OS X Mountain Lion v10.8.5\nImpact:  Viewing a maliciously crafted Collada file may lead to\narbitrary code execution\nDescription:  A heap buffer overflow existed in SceneKit\u0027s handling\nof Collada files. Viewing a maliciously crafted Collada file may have\nled to arbitrary code execution. This issue was addressed through\nimproved validation of accessor elements. \nCVE-ID\nCVE-2014-8830 : Jose Duart of Google Security Team\n\nScreen Sharing\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A user\u0027s password may be logged to a local file\nDescription:  In some circumstances, Screen Sharing may log a user\u0027s\npassword that is not readable by other users on the system. This\nissue was addressed by removing logging of credential. \nCVE-ID\nCVE-2015-1148 : Apple\n\nSecurity - Code Signing\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Tampered applications may not be prevented from launching\nDescription:  Applications containing specially crafted bundles may\nhave been able to launch without a completely valid signature. This\nissue was addressed by adding additional checks. \nCVE-ID\nCVE-2015-1145\nCVE-2015-1146\n\nUniformTypeIdentifiers\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A buffer overflow existed in the way Uniform Type\nIdentifiers were handled. This issue was addressed with improved\nbounds checking. \nCVE-ID\nCVE-2015-1144 : Apple\n\nWebKit\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue existed in WebKit. This\nissues was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1069 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nSecurity Update 2015-004 (available for OS X Mountain Lion v10.8.5\nand OS X Mavericks v10.9.5) also addresses an issue caused by the fix\nfor CVE-2015-1067 in Security Update 2015-002. This issue prevented\nRemote Apple Events clients on any version from connecting to the\nRemote Apple Events server. In default configurations, Remote Apple\nEvents is not enabled. \n\nOS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. \nhttps://support.apple.com/en-us/HT204658\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg\nlhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l\n+I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6\nDudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj\ncjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW\nkHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo\npqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv\nD/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX\nkEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R\n5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b\n6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G\nvVE37tYUU4PnLfwlcazq\n=MOsT\n-----END PGP SIGNATURE-----\n. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. ============================================================================\nUbuntu Security Notice USN-2459-1\nJanuary 12, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nPieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. \n(CVE-2014-3570)\n\nMarkus Stenberg discovered that OpenSSL incorrectly handled certain crafted\nDTLS messages. (CVE-2014-3571)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain\nhandshakes. (CVE-2014-3572)\n\nAntti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that\nOpenSSL incorrectly handled certain certificate fingerprints. A remote\nattacker could possibly use this issue to trick certain applications that\nrely on the uniqueness of fingerprints. (CVE-2014-8275)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain\nkey exchanges. (CVE-2015-0204)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled client\nauthentication. \nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue\nonly affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. \n(CVE-2015-0206)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n  libssl1.0.0                     1.0.1f-1ubuntu9.1\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.8\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.21\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.23\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2459-1\n  CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275,\n  CVE-2015-0204, CVE-2015-0205, CVE-2015-0206\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.1\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.8\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.21\n  https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.23\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04774019\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04774019\nVersion: 1\n\nHPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5107    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2013-0248    (AV:L/AC:M/Au:N/C:N/I:P/A:P)        3.3\nCVE-2014-0118    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2014-0226    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2014-0231    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-1692    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-3523    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3569    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3570    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2014-3571    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3572    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-8142    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-8275    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-9427    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-9652    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-9653    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-9705    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0204    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2015-0205    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-0206    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0207    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0208    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-0209    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-0231    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0232    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-0273    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0285    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2015-0286    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0287    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0288    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0289    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0290    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0291    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0293    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-1787    (AV:N/AC:H/Au:N/C:N/I:N/A:P)        2.6\nCVE-2015-1788    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-2134    (AV:N/AC:M/Au:S/C:P/I:P/A:P)        6.0\nCVE-2015-2139    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\nCVE-2015-2140    (AV:N/AC:M/Au:S/C:P/I:P/A:N)        4.9\nCVE-2015-2301    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-2331    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-2348    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-2787    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-3113    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5122    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5123    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5402    (AV:L/AC:M/Au:N/C:C/I:C/A:C)        6.9\nCVE-2015-5403    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\nCVE-2015-5404    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5405    (AV:N/AC:M/Au:S/C:P/I:P/A:P)        6.0\nCVE-2015-5427    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5428    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5429    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5430    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2015-5431    (AV:N/AC:M/Au:S/C:P/I:P/A:N)        4.9\nCVE-2015-5432    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5433    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlXbREoACgkQ4B86/C0qfVl2EQCcC7+X+ufWAfXznICabd38dIqX\n/uwAmwTKaw3ON48Dwm7wtl1Cw1+vwZGJ\n=kie8\n-----END PGP SIGNATURE-----\n. \n\nReferences:\n\nCVE-2014-8275 Cryptographic Issues (CWE-310)\nCVE-2014-3569 Remote Denial of Service (DoS)\nCVE-2014-3570 Cryptographic Issues (CWE-310)\nCVE-2014-3571 Remote Denial of Service (DoS)\nCVE-2014-3572 Cryptographic Issues (CWE-310)\nCVE-2015-0204 Cryptographic Issues (CWE-310)\nSSRT101885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The\nupdates are available from either of the following sites:\n\nftp://sl098ze:Secure12@h2.usa.hp.com\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08ze or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3571"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007552"
      },
      {
        "db": "BID",
        "id": "71937"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3571"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "129880"
      },
      {
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "129893"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130548"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3571",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "71937",
        "trust": 1.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10102",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10108",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1033378",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU91828320",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU98974537",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007552",
        "trust": 0.8
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3571",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133317",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129880",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131359",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130987",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129893",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133325",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132763",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130548",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130545",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3571"
      },
      {
        "db": "BID",
        "id": "71937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007552"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "129880"
      },
      {
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "129893"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130548"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3571"
      }
    ]
  },
  "id": "VAR-201501-0435",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.39692771499999996
  },
  "last_update_date": "2024-06-17T10:09:08.262000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
      },
      {
        "title": "HT204659",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht204659"
      },
      {
        "title": "HT204659",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht204659"
      },
      {
        "title": "cisco-sa-20150310-ssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
      },
      {
        "title": "Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d"
      },
      {
        "title": "Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL.",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b"
      },
      {
        "title": "HPSBUX03244 SSRT101885",
        "trust": 0.8,
        "url": "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04556853\u0026lang=en\u0026cc=us"
      },
      {
        "title": "HPSBHF03289",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
      },
      {
        "title": "NV15-017",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html"
      },
      {
        "title": "DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150108.txt"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Oracle Third Party Bulletin - January 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "title": "RHSA-2015:0066",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0066.html"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "July 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
      },
      {
        "title": "October 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "April 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
      },
      {
        "title": "cisco-sa-20150310-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html"
      },
      {
        "title": "TLSA-2015-2",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html"
      },
      {
        "title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "http://buffalo.jp/support_s/s20150327b.html"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150066 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2014-3571",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3571"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2459-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150108\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-03"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-469",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-469"
      },
      {
        "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
      },
      {
        "title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3571"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007552"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007552"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3571"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.4,
        "url": "https://www.openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/71937"
      },
      {
        "trust": 1.1,
        "url": "https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b"
      },
      {
        "trust": 1.1,
        "url": "https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3125"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht204659"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa88"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1033378"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91828320/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98974537/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3571"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.6,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.6,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.3,
        "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/feb/160"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857"
      },
      {
        "trust": 0.3,
        "url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101008182"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883287"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903726"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.2,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.2,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:0066"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2459-1/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39946"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0118"
      },
      {
        "trust": 0.1,
        "url": "https://www.frida.re"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht204658"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6438"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3597"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3670"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2497"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3587"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3669"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0098"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3538"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0117"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3668"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704"
      },
      {
        "trust": 0.1,
        "url": "http://dtorres.me)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6712"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2459-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.23"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.8"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/insightupdates"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/smh"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3571"
      },
      {
        "db": "BID",
        "id": "71937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007552"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "129880"
      },
      {
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "129893"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130548"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3571"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3571"
      },
      {
        "db": "BID",
        "id": "71937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007552"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "129880"
      },
      {
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "129893"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130548"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3571"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-01-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3571"
      },
      {
        "date": "2014-10-22T00:00:00",
        "db": "BID",
        "id": "71937"
      },
      {
        "date": "2015-01-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007552"
      },
      {
        "date": "2015-08-26T01:33:18",
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "date": "2015-01-12T17:17:37",
        "db": "PACKETSTORM",
        "id": "129880"
      },
      {
        "date": "2015-04-09T16:30:50",
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "date": "2015-03-24T17:05:09",
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "date": "2015-01-12T21:48:37",
        "db": "PACKETSTORM",
        "id": "129893"
      },
      {
        "date": "2015-08-26T01:35:08",
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "date": "2015-07-21T13:37:51",
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "date": "2015-02-26T17:13:45",
        "db": "PACKETSTORM",
        "id": "130548"
      },
      {
        "date": "2015-02-26T17:13:09",
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "date": "2015-01-09T02:59:01.287000",
        "db": "NVD",
        "id": "CVE-2014-3571"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-10-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3571"
      },
      {
        "date": "2017-05-02T04:07:00",
        "db": "BID",
        "id": "71937"
      },
      {
        "date": "2016-11-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007552"
      },
      {
        "date": "2017-10-20T01:29:03.410000",
        "db": "NVD",
        "id": "CVE-2014-3571"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "71937"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007552"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "71937"
      }
    ],
    "trust": 0.3
  }
}

var-201408-0082
Vulnerability from variot

Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. OpenSSL is prone to a denial-of-service vulnerability. Attackers may exploit this issue to overrun an internal buffer, resulting in a denial-of-service condition. OpenSSL 1.0.1 versions prior to 1.0.1i are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04595951

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04595951 Version: 1

HPSBHF03293 rev.1 - HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash, Remote Denial of Service (DoS), Code Execution, Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-03-13 Last Updated: 2015-03-13

Potential Security Impact: Remote Denial of Service (DoS), code execution, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash including:

  • The OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information.
  • The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information.
  • The Bash Shell vulnerability known as "Shellshock" which could be exploited remotely resulting in Denial of Service (DoS) or execution of code.

References: CVE-2009-3555 Unauthorized Modification

CVE-2014-0160 Heartbleed - Disclosure of Information

CVE-2014-0195 Remote Code Execution, Denial of Service (DoS)

CVE-2014-3505 Heartbleed - Remote Denial of Service (DoS)

CVE-2014-3506 Heartbleed - Remote Denial of Service (DoS)

CVE-2014-3507 Heartbleed - Remote Denial of Service (DoS)

CVE-2014-3508 Heartbleed - Remote Denial of Service (DoS)

CVE-2014-3509 Heartbleed - Remote Denial of Service (DoS)

CVE-2014-3510 Heartbleed - Remote Denial of Service (DoS)

CVE-2014-3511 Heartbleed - Remote Denial of Service (DoS)

CVE-2014-3512 Heartbleed - Remote Denial of Service (DoS)

CVE-2014-3566 POODLE - Remote Disclosure of Information

CVE-2014-5139 Shellshock - Remote Denial of Service (DoS)

SSRT101846

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Virtual Connect 8Gb 24-Port FC Module prior to version 3.00 (VC 4.40)

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3505 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3506 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3507 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3510 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3512 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-5139 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has released the following software update to resolve the vulnerabilities in HP Virtual Connect 8Gb 24-Port FC Module

HP Virtual Connect 8Gb 24-Port FC Module version 3.00 (VC 4.40)

HISTORY Version:1 (rev.1) - 13 March 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-14:18.openssl Security Advisory The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib Module: openssl Announced: 2014-09-09 Affects: All supported versions of FreeBSD. Corrected: 2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE) 2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8) 2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE) 2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1) 2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11) 2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18) 2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE) 2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15) CVE Name: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510, CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. [CVE-2014-5139]

III. Impact

A remote attacker may be able to cause a denial of service (application crash, large memory consumption), obtain additional information, cause protocol downgrade. Additionally, a remote attacker may be able to run arbitrary code on a vulnerable system if the application has been set up for SRP.

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.0]

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc

gpg --verify openssl-10.0.patch.asc

[FreeBSD 9.3]

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc

gpg --verify openssl-9.3.patch.asc

[FreeBSD 9.2, 9.1, 8.4]

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch

fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc

gpg --verify openssl-9.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

3) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r269687 releng/8.4/ r271305 stable/9/ r269687 releng/9.1/ r271305 releng/9.2/ r271305 releng/9.3/ r271305 stable/10/ r269686 releng/10.0/ r271304

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUDtUBAAoJEO1n7NZdz2rnOUoP/jNoEEPVt1RoVPQoOQc6vno5 2HXcCDsu0ql3kCNIIZ7E6TddfduzV04EMzBrIgulg7eXft+Lnx6HlEgJOo7QLImc aWLWxjcbyby6wrbYOc+FLK11yx9/uZJF0VCdSeyzhy0EFD3tOZPsDMXKZmG7FRkg 6A7ENJU25Mx8V1myzHw/VfDwAHCtXHliFVVE0CUku55pYnlhMeetu/wuB6KYbmgV 1WUamiHEGl4Dh4Up7nGHYYm32kqZLaE+cf1Ovc2VGT98ZyXmCgDB4+8kkA/HZxxp DRgQlojeQhahee5MmzD+wMJXlq6dekoo+JVf22+Nb+oNmlKT6/UxtUhCwW11MLUV rnOMr3u1JCNvBc+3KroSmtFeEtqh7jx3Ag4w8lS5mJO+wX1/lilbsFxSS/9G65fy LqHUQSxkuDJ1bNzPfKreBPyUmQlG5t/3DonIDCF9r3sefDN+kxqe1+RwjdNRM0ov V7OH/AW1NBQtV/F/h0tKCcskvcJo9Q+inAohheLPnWkFj7F2tLNt5TAxsGy7WvFZ MuQSAXpZkdh7OkhAhBM3Xk+EOv7Qk7zZL5HJ1Lpm6kfJ8wSb4etoUV7oELaDMBz8 +9r+Vr9GtjSsec2a4tjNIixZKV9bzEhgKP5gsWD/JewhAzF+0bYNa9snOWxzpAYb j+eW9IT7pEAJK9DtIsDd =f4To -----END PGP SIGNATURE----- .

All applications linked to openssl need to be restarted. Alternatively, you may reboot your system.

For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u12.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in version 1.0.1i-1. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-39

                                        http://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 26, 2014 Bugs: #494816, #519264, #525468 ID: 201412-39

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1j *>= 0.9.8z_p2 >= 1.0.1j

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Resolution

All OpenSSL 1.0.1 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j"

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.

References

[ 1 ] CVE-2013-6449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449 [ 2 ] CVE-2013-6450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450 [ 3 ] CVE-2014-3505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505 [ 4 ] CVE-2014-3506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506 [ 5 ] CVE-2014-3507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507 [ 6 ] CVE-2014-3509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509 [ 7 ] CVE-2014-3510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510 [ 8 ] CVE-2014-3511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511 [ 9 ] CVE-2014-3512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512 [ 10 ] CVE-2014-3513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513 [ 11 ] CVE-2014-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567 [ 12 ] CVE-2014-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568 [ 13 ] CVE-2014-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201412-39.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz 3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: 3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz 075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz 92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: df5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz 582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz b80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz 0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz

Slackware 14.0 packages: d1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz ec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz 25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz 4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: f2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz 4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz

Slackware -current packages: 49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz 27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz

Slackware x86_64 -current packages: 8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz fd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014] ========================================

Information leak in pretty printing functions (CVE-2014-3508)

A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.

OpenSSL 0.9.8 users should upgrade to 0.9.8zb OpenSSL 1.0.0 users should upgrade to 1.0.0n. OpenSSL 1.0.1 users should upgrade to 1.0.1i.

Thanks to Ivan Fratric (Google) for discovering this issue. This issue was reported to OpenSSL on 19th June 2014.

The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL development team.

Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)

The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This can be exploited through a Denial of Service attack.

OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. This issue was reported to OpenSSL on 2nd July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)

If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory.

OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. This issue was reported to OpenSSL on 8th July 2014.

The fix was developed by Gabor Tyukasz.

Double Free when processing DTLS packets (CVE-2014-3505)

An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.

Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley.

DTLS memory exhaustion (CVE-2014-3506)

An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.

Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley.

DTLS memory leak from zero-length fragments (CVE-2014-3507)

By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.

Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley.

OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages.

OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.

Thanks to Felix Gröbert (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 18th July 2014.

The fix was developed by Emilia Käsper of the OpenSSL development team.

OpenSSL TLS protocol downgrade attack (CVE-2014-3511)

A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records.

OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.

Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 21st July 2014.

The fix was developed by David Benjamin.

SRP buffer overrun (CVE-2014-3512)

A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.

OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1i.

Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC Group) for discovering this issue. This issue was reported to OpenSSL on 31st July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20140806.txt

Note: the online version of the advisory may be updated with additional details over time

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0082",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1 thats all  1.0.1i"
      },
      {
        "model": "hp virtual connect",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "8gb 24 port fiber channel module  3.00   (vc ( virtual connect ) 4.40  )"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "8.4-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "10.0-beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "-release-p2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.4-release-p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.8"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "8.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "9.2-release-p11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "vios fp-25 sp-02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.4"
      },
      {
        "model": "9.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.3-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.2"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "7.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.4-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "7.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "release-p4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "10.0-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "9.1-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "-release/alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "8.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.1"
      },
      {
        "model": "9.2-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "junos os 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.4"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5"
      },
      {
        "model": "2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "9.1--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "6.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "9.3-beta3-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "9.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "-stablepre2001-07-20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "8.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "6.3-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "9.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.0"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "7.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "virtual connect 8gb 24-port fc module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "7.0-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.0-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "junos os 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "9.1-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.1-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "7.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "9.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "7.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.2x"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "7.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.0-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "8.4-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "8.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0.x"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.3-rc",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "9.3-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "8.4-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "7.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "10.0-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.7"
      },
      {
        "model": "-pre-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "8.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "9.2-rc2-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "9.2-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.3-release-p15",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.1-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "9.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.3"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "7.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.5"
      },
      {
        "model": "7.2-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.3x"
      },
      {
        "model": "9.3-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.3-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "-stablepre2002-03-07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.11"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.2"
      },
      {
        "model": "8.3-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.6.1"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "7.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.3"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "8.3-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.2-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.3-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "6.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "oncommand workflow automation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "oncommand unified manager core package 5.2.1p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "8.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "7.4-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "8.3-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "10.0-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.1-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "9.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "open systems snapvault 3.0.1p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-release-p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "9.3-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "8-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "8.4-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "8.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "8.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "8.4-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2-"
      },
      {
        "model": "9.1-release-p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "junos os 14.1r2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "10.0-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.3-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.4x"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0.x"
      },
      {
        "model": "junos os 13.3r3-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "7.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0"
      },
      {
        "model": "10.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.3"
      },
      {
        "model": "6.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.0-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.1-release-p15",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "7.0-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1.5.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "8.2-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.3-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "8.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "6.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "9.2-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5x"
      },
      {
        "model": "8.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "-release-p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release-p32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "7.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "10.0-release-p8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "puredata system for operational analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "8.1-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "8.4-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.1x"
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "9.3-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.0--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "9.2-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "7.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0.x"
      },
      {
        "model": "9.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "8.4-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "release -p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2-"
      },
      {
        "model": "8.1-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "9.3-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tivoli netcool system service monitor fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2x"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "7.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.0"
      },
      {
        "model": "9.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "8-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "7.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.2-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.2-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "-release-p38",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.4"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.2"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "8.4-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "6.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1.5"
      },
      {
        "model": "9.2-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.4"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "10.0-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.6"
      },
      {
        "model": "8.4-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1x"
      },
      {
        "model": "9.3-release-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "8.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "8.1-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.5"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.7.1"
      },
      {
        "model": "tealeaf cx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "9.1-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "9.2-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6.1"
      },
      {
        "model": "7.2-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.5"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "9.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "7.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "release p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.3--"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "9.1-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.1-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release-p10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "9.3-beta1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "10.0-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "10.0-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "9.2-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "8.4-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "-release-p17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "7.0-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "9.1-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "10.0-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "9.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "9.2-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2"
      },
      {
        "model": "8.2-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "-release-p42",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "6.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "6.4-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "69083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003817"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-129"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3512"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3512"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sean Devlin and Watson Ladd from Cryptography Services, NCC Group.",
    "sources": [
      {
        "db": "BID",
        "id": "69083"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-129"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2014-3512",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-3512",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3512",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201408-129",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3512",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3512"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003817"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-129"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3512"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. OpenSSL is prone to a denial-of-service vulnerability. \nAttackers may exploit this issue to overrun an internal buffer, resulting in a denial-of-service condition. \nOpenSSL 1.0.1 versions prior to 1.0.1i are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04595951\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04595951\nVersion: 1\n\nHPSBHF03293 rev.1 - HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL\nand Bash, Remote Denial of Service (DoS), Code Execution, Disclosure of\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-03-13\nLast Updated: 2015-03-13\n\nPotential Security Impact: Remote Denial of Service (DoS), code execution,\ndisclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Virtual\nConnect 8Gb 24-Port FC Module running OpenSSL and Bash including:\n\n  - The OpenSSL vulnerability known as \"Heartbleed\" which could be exploited\nremotely resulting in Denial of Service (DoS) or disclosure of information. \n  - The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely\nresulting in disclosure of information. \n  - The Bash Shell vulnerability known as \"Shellshock\" which could be\nexploited remotely resulting in Denial of Service (DoS) or execution of code. \n\nReferences:\nCVE-2009-3555\n Unauthorized Modification\n\nCVE-2014-0160\n Heartbleed - Disclosure of Information\n\nCVE-2014-0195\n Remote Code Execution, Denial of Service (DoS)\n\nCVE-2014-3505\n Heartbleed - Remote Denial of Service (DoS)\n\nCVE-2014-3506\n Heartbleed - Remote Denial of Service (DoS)\n\nCVE-2014-3507\n Heartbleed - Remote Denial of Service (DoS)\n\nCVE-2014-3508\n Heartbleed - Remote Denial of Service (DoS)\n\nCVE-2014-3509\n Heartbleed - Remote Denial of Service (DoS)\n\nCVE-2014-3510\n Heartbleed - Remote Denial of Service (DoS)\n\nCVE-2014-3511\n Heartbleed - Remote Denial of Service (DoS)\n\nCVE-2014-3512\n Heartbleed - Remote Denial of Service (DoS)\n\nCVE-2014-3566\n POODLE - Remote Disclosure of Information\n\nCVE-2014-5139\n Shellshock - Remote Denial of Service (DoS)\n\nSSRT101846\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Virtual Connect 8Gb 24-Port FC Module prior to version 3.00 (VC 4.40)\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)       5.8\nCVE-2014-0160    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\nCVE-2014-0195    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-3505    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3506    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3507    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3508    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-3509    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-3510    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-3511    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2014-3512    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-3566    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-5139    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has released the following software update to resolve the vulnerabilities\nin HP Virtual Connect 8Gb 24-Port FC Module\n\n  HP Virtual Connect 8Gb 24-Port FC Module version 3.00 (VC 4.40)\n\nHISTORY\nVersion:1 (rev.1) - 13 March 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-14:18.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          OpenSSL multiple vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2014-09-09\nAffects:        All supported versions of FreeBSD. \nCorrected:      2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE)\n                2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8)\n                2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE)\n                2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1)\n                2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11)\n                2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18)\n                2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE)\n                2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15)\nCVE Name:       CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510,\n                CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. [CVE-2014-5139]\n\nIII. Impact\n\nA remote attacker may be able to cause a denial of service (application\ncrash, large memory consumption), obtain additional information,\ncause protocol downgrade.  Additionally, a remote attacker may be able\nto run arbitrary code on a vulnerable system if the application has been\nset up for SRP. \n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 9.3]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 9.2, 9.1, 8.4]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc\n# gpg --verify openssl-9.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r269687\nreleng/8.4/                                                       r271305\nstable/9/                                                         r269687\nreleng/9.1/                                                       r271305\nreleng/9.2/                                                       r271305\nreleng/9.3/                                                       r271305\nstable/10/                                                        r269686\nreleng/10.0/                                                      r271304\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20140806.txt\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:18.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\n\niQIcBAEBCgAGBQJUDtUBAAoJEO1n7NZdz2rnOUoP/jNoEEPVt1RoVPQoOQc6vno5\n2HXcCDsu0ql3kCNIIZ7E6TddfduzV04EMzBrIgulg7eXft+Lnx6HlEgJOo7QLImc\naWLWxjcbyby6wrbYOc+FLK11yx9/uZJF0VCdSeyzhy0EFD3tOZPsDMXKZmG7FRkg\n6A7ENJU25Mx8V1myzHw/VfDwAHCtXHliFVVE0CUku55pYnlhMeetu/wuB6KYbmgV\n1WUamiHEGl4Dh4Up7nGHYYm32kqZLaE+cf1Ovc2VGT98ZyXmCgDB4+8kkA/HZxxp\nDRgQlojeQhahee5MmzD+wMJXlq6dekoo+JVf22+Nb+oNmlKT6/UxtUhCwW11MLUV\nrnOMr3u1JCNvBc+3KroSmtFeEtqh7jx3Ag4w8lS5mJO+wX1/lilbsFxSS/9G65fy\nLqHUQSxkuDJ1bNzPfKreBPyUmQlG5t/3DonIDCF9r3sefDN+kxqe1+RwjdNRM0ov\nV7OH/AW1NBQtV/F/h0tKCcskvcJo9Q+inAohheLPnWkFj7F2tLNt5TAxsGy7WvFZ\nMuQSAXpZkdh7OkhAhBM3Xk+EOv7Qk7zZL5HJ1Lpm6kfJ8wSb4etoUV7oELaDMBz8\n+9r+Vr9GtjSsec2a4tjNIixZKV9bzEhgKP5gsWD/JewhAzF+0bYNa9snOWxzpAYb\nj+eW9IT7pEAJK9DtIsDd\n=f4To\n-----END PGP SIGNATURE-----\n. \n\nAll applications linked to openssl need to be restarted. Alternatively, you may reboot your system. \n\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u12. \n\nFor the testing distribution (jessie), these problems will be fixed\nsoon. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1i-1. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201412-39\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 26, 2014\n     Bugs: #494816, #519264, #525468\n       ID: 201412-39\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\ncould result in Denial of Service or Man-in-the-Middle attacks. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.1j              *\u003e= 0.9.8z_p2\n                                                            \u003e= 1.0.1j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1j\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p2\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying these packages. \n\nReferences\n==========\n\n[  1 ] CVE-2013-6449\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449\n[  2 ] CVE-2013-6450\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450\n[  3 ] CVE-2014-3505\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505\n[  4 ] CVE-2014-3506\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506\n[  5 ] CVE-2014-3507\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507\n[  6 ] CVE-2014-3509\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509\n[  7 ] CVE-2014-3510\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510\n[  8 ] CVE-2014-3511\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511\n[  9 ] CVE-2014-3512\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512\n[ 10 ] CVE-2014-3513\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513\n[ 11 ] CVE-2014-3567\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567\n[ 12 ] CVE-2014-3568\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568\n[ 13 ] CVE-2014-5139\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-39.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz:  Upgraded. \n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd  openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200  openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413  openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544  openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb  openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d  openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c  openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da  openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620  openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691  openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023  openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843  openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180  openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231  openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58  openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c  openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7  openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7  openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d  openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250  openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269  a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f  n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc  a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8  n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014]\n========================================\n\nInformation leak in pretty printing functions (CVE-2014-3508)\n=============================================================\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information from the\nstack. Applications may be affected if they echo pretty printing output to the\nattacker. OpenSSL SSL/TLS clients and servers themselves are not affected. \n\nOpenSSL 0.9.8 users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 users should upgrade to 1.0.1i. \n\nThanks to Ivan Fratric (Google) for discovering this issue. This issue\nwas reported to OpenSSL on 19th June 2014. \n\nThe fix was developed by Emilia K\u00e4sper and Stephen Henson of the OpenSSL\ndevelopment team. \n\n\nCrash with SRP ciphersuite in Server Hello message (CVE-2014-5139)\n==================================================================\n\nThe issue affects OpenSSL clients and allows a malicious server to crash\nthe client with a null pointer dereference (read) by specifying an SRP\nciphersuite even though it was not properly negotiated with the client. This can\nbe exploited through a Denial of Service attack. \n\nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Joonas Kuorilehto and Riku Hietam\u00e4ki (Codenomicon) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 2nd July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nRace condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)\n==============================================================\n\nIf a multithreaded client connects to a malicious server using a resumed session\nand the server sends an ec point format extension it could write up to 255 bytes\nto freed memory. \n\nOpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this\nissue. This issue was reported to OpenSSL on 8th July 2014. \n\nThe fix was developed by Gabor Tyukasz. \n\n\nDouble Free when processing DTLS packets (CVE-2014-3505)\n========================================================\n\nAn attacker can force an error condition which causes openssl to crash whilst\nprocessing DTLS packets due to memory being freed twice. This can be exploited\nthrough a Denial of Service attack. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i. \n\nThanks to Adam Langley and Wan-Teh Chang (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 6th June\n2014. \n\nThe fix was developed by Adam Langley. \n\n\nDTLS memory exhaustion (CVE-2014-3506)\n======================================\n\nAn attacker can force openssl to consume large amounts of memory whilst\nprocessing DTLS handshake messages. This can be exploited through a Denial of\nService attack. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\n\nDTLS memory leak from zero-length fragments (CVE-2014-3507)\n===========================================================\n\nBy sending carefully crafted DTLS packets an attacker could cause openssl to\nleak memory. This can be exploited through a Denial of Service attack. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\nOpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n===============================================================\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a\ndenial of service attack. A malicious server can crash the client with a null\npointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and\nsending carefully crafted handshake messages. \n\nOpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i. \n\nThanks to Felix Gr\u00f6bert (Google) for discovering and researching this issue. \nThis issue was reported to OpenSSL on 18th July 2014. \n\nThe fix was developed by Emilia K\u00e4sper of the OpenSSL development team. \n\n\nOpenSSL TLS protocol downgrade attack (CVE-2014-3511)\n=====================================================\n\nA flaw in the OpenSSL SSL/TLS server code causes the server to negotiate\nTLS 1.0 instead of higher protocol versions when the ClientHello message is\nbadly fragmented. This allows a man-in-the-middle attacker to force a\ndowngrade to TLS 1.0 even if both the server and the client support a higher\nprotocol version, by modifying the client\u0027s TLS records. \n\nOpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i. \n\nThanks to David Benjamin and Adam Langley (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 21st July 2014. \n\nThe fix was developed by David Benjamin. \n\n\nSRP buffer overrun (CVE-2014-3512)\n==================================\n\nA malicious client or server can send invalid SRP parameters and overrun\nan internal buffer. Only applications which are explicitly set up for SRP\nuse are affected. \n\nOpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1i. \n\nThanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC\nGroup) for discovering this issue. This issue was reported to OpenSSL\non 31st July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3512"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003817"
      },
      {
        "db": "BID",
        "id": "69083"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3512"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3512",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "69083",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "59700",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61100",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60803",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59710",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60810",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60917",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61017",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60921",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60221",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60022",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59756",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61959",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61171",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61775",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61184",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "60493",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030693",
        "trust": 1.1
      },
      {
        "db": "TENABLE",
        "id": "TNS-2014-06",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003817",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-129",
        "trust": 0.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10649",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3512",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130868",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128214",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129721",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127811",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169648",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3512"
      },
      {
        "db": "BID",
        "id": "69083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003817"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-129"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3512"
      }
    ]
  },
  "id": "VAR-201408-0082",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.42424244
  },
  "last_update_date": "2024-07-23T19:27:34.786000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBHF03293",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2"
      },
      {
        "title": "1686997",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "title": "1682293",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "title": "Fix SRP buffer overrun vulnerability.",
        "trust": 0.8,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4a23b12a031860253b58d503f296377ca076427b"
      },
      {
        "title": "SRP buffer overrun (CVE-2014-3512)",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20140806.txt"
      },
      {
        "title": "Huawei-SA-20141008-OpenSSL",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
      },
      {
        "title": "[R1] OpenSSL Protocol Downgrade Vulnerability Affects Tenable Products",
        "trust": 0.8,
        "url": "http://www.tenable.com/security/tns-2014-06"
      },
      {
        "title": "openssl-1.0.1i",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51696"
      },
      {
        "title": "openssl-1.0.0n",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51695"
      },
      {
        "title": "openssl-0.9.8zb",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51694"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2308-1"
      },
      {
        "title": "Debian Security Advisories: DSA-2998-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=bfd576c692d8814b2a331baf29ad367c"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-391",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-391"
      },
      {
        "title": "Symantec Security Advisories: SA85 : OpenSSL Security Advisory 06-Aug-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=02a206cf2efb06aecdaf29aeca851b55"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3512"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003817"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-129"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003817"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3512"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.openssl.org/news/secadv_20140806.txt"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "trust": 1.4,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:18.openssl.asc"
      },
      {
        "trust": 1.2,
        "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59700"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59710"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59756"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60022"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60221"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60493"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60803"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60810"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60917"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/60921"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61017"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61100"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61171"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61184"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61775"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61959"
      },
      {
        "trust": 1.1,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2014/dsa-2998"
      },
      {
        "trust": 1.1,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/69083"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030693"
      },
      {
        "trust": 1.1,
        "url": "http://www.tenable.com/security/tns-2014-06"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95158"
      },
      {
        "trust": 1.1,
        "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=4a23b12a031860253b58d503f296377ca076427b"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3512"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686126"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/mar/84"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10649\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684570"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685467"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682293"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097658"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21715901"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683389"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686182"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685967"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966557"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683744"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4a23b12a031860253b58d503f296377ca076427b"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/http-openssl-cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2308-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20140806.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.patch"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-14:18.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6450"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6449"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6450"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5139"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3507"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6449"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3512"
      },
      {
        "db": "BID",
        "id": "69083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003817"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-129"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3512"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3512"
      },
      {
        "db": "BID",
        "id": "69083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003817"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-129"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3512"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-08-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3512"
      },
      {
        "date": "2014-08-06T00:00:00",
        "db": "BID",
        "id": "69083"
      },
      {
        "date": "2014-08-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003817"
      },
      {
        "date": "2015-03-18T00:44:34",
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "date": "2014-09-09T17:32:22",
        "db": "PACKETSTORM",
        "id": "128214"
      },
      {
        "date": "2014-08-08T21:50:05",
        "db": "PACKETSTORM",
        "id": "127803"
      },
      {
        "date": "2014-12-26T15:46:37",
        "db": "PACKETSTORM",
        "id": "129721"
      },
      {
        "date": "2014-08-11T11:11:00",
        "db": "PACKETSTORM",
        "id": "127811"
      },
      {
        "date": "2014-08-06T12:12:12",
        "db": "PACKETSTORM",
        "id": "169648"
      },
      {
        "date": "2014-08-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201408-129"
      },
      {
        "date": "2014-08-13T23:55:07.670000",
        "db": "NVD",
        "id": "CVE-2014-3512"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3512"
      },
      {
        "date": "2016-07-26T23:01:00",
        "db": "BID",
        "id": "69083"
      },
      {
        "date": "2015-06-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003817"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201408-129"
      },
      {
        "date": "2023-11-07T02:20:10.980000",
        "db": "NVD",
        "id": "CVE-2014-3512"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-129"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  SRP Implementation of  crypto/srp/srp_lib.c Vulnerable to buffer overflow",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003817"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-129"
      }
    ],
    "trust": 0.6
  }
}

var-201201-0049
Vulnerability from variot

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03360041

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03360041 Version: 1

HPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-06-26 Last Updated: 2012-06-26

Potential Security Impact: Remote unauthorized access, disclosure of information, data modification, Denial of Service (DoS), execution of arbitrary code

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code.

References: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS), CVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege Elevation), CVE-2012-2016 (Information disclosure), SSRT100336, SSRT100753, SSRT100669, SSRT100676, SSRT100695, SSRT100714, SSRT100760, SSRT100786, SSRT100787, SSRT100815, SSRT100840, SSRT100843, SSRT100869

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v7.1.1 running on Linux and Windows.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2012-2012 (AV:N/AC:L/Au:N/C:C/I:C/A:P) 9.7 CVE-2012-2013 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2012-2014 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 6.8 CVE-2012-2015 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 6.5 CVE-2012-2016 (AV:L/AC:M/Au:S/C:C/I:N/A:N) 4.4 CVE-2011-1944 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-2821 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-2834 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3379 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-4078 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-4415 (AV:L/AC:H/Au:N/C:N/I:N/A:P) 1.2 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4885 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2012-0027 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0036 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0057 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-1165 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided HP System Management Homepage v7.1.1 or subsequent to resolve the vulnerabilities. HP System Management Homepage v7.1.1 is available here:

HP System Management Homepage for Windows x64

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab 0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Windows x86

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7 c0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Linux (AMD64/EM64T)

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18 d373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Linux (x86)

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4006%257CswLang%253D8%257CswItem%253DMTX-9e 8a0188f97d48139dcb466509%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HISTORY Version:1 (rev.1) 26 June 2012 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk/p5ksACgkQ4B86/C0qfVkQpwCfbOEZmoo7myCkxQAdqQHevKG5 6IwAoPw4DI3YBCclyWuRekae7EFscAy0 =zd3u -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-12

                                        http://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 06, 2012 Bugs: #397695, #399365 ID: 201203-12

Synopsis

Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to cause a Denial of Service or obtain sensitive information.

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.0g *>= 0.9.8t >= 1.0.0g

Description

Multiple vulnerabilities have been found in OpenSSL:

  • Timing differences for decryption are exposed by CBC mode encryption in OpenSSL's implementation of DTLS (CVE-2011-4108).
  • An incorrect fix for CVE-2011-4108 creates an unspecified vulnerability for DTLS applications using OpenSSL (CVE-2012-0050).

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0g"

References

[ 1 ] CVE-2011-4108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108 [ 2 ] CVE-2011-4109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109 [ 3 ] CVE-2011-4576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576 [ 4 ] CVE-2011-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577 [ 5 ] CVE-2011-4619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619 [ 6 ] CVE-2012-0027 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027 [ 7 ] CVE-2012-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201203-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . Content-Disposition: inline

==========================================================================Ubuntu Security Notice USN-1357-1 February 09, 2012

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.10
  • Ubuntu 10.04 LTS
  • Ubuntu 8.04 LTS

Summary:

Multiple vulnerabilities exist in OpenSSL that could expose sensitive information or cause applications to crash.

Software Description: - openssl: Secure Socket Layer (SSL) binary and related cryptographic tools

Details:

It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)

Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-3210)

Nadhem Alfardan and Kenny Paterson discovered that the Datagram Transport Layer Security (DTLS) implementation in OpenSSL performed a MAC check only if certain padding is valid. This could allow a remote attacker to recover plaintext. This could allow a remote attacker to cause a denial of service. This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109)

It was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This could allow a remote attacker to obtain the private key of a TLS server via multiple handshake attempts. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4576)

Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. This could allow a remote attacker to cause a denial of service. This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 11.10. (CVE-2012-0027)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.10: libssl1.0.0 1.0.0e-2ubuntu4.2 openssl 1.0.0e-2ubuntu4.2

Ubuntu 11.04: libssl0.9.8 0.9.8o-5ubuntu1.2 openssl 0.9.8o-5ubuntu1.2

Ubuntu 10.10: libssl0.9.8 0.9.8o-1ubuntu4.6 openssl 0.9.8o-1ubuntu4.6

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.8 openssl 0.9.8k-7ubuntu8.8

Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.15 openssl 0.9.8g-4ubuntu3.15

After a standard system update you need to reboot your computer to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-1357-1 CVE-2011-1945, CVE-2011-3210, CVE-2011-4108, CVE-2011-4109, CVE-2011-4354, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-0050

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.0e-2ubuntu4.2 https://launchpad.net/ubuntu/+source/openssl/0.9.8o-5ubuntu1.2 https://launchpad.net/ubuntu/+source/openssl/0.9.8o-1ubuntu4.6 https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.8 https://launchpad.net/ubuntu/+source/openssl/0.9.8g-4ubuntu3.15 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2012:007 http://www.mandriva.com/security/

Package : openssl Date : January 16, 2012 Affected: 2011.

The updated packages have been patched to correct these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0027 http://www.openssl.org/news/secadv_20120104.txt

Updated Packages:

Mandriva Linux 2011: 2291c13c44539a5e25f58750a5d6bf8f 2011/i586/libopenssl1.0.0-1.0.0d-2.2-mdv2011.0.i586.rpm c610330d2c4c7397feb126247b1fa94f 2011/i586/libopenssl-devel-1.0.0d-2.2-mdv2011.0.i586.rpm 36c86a84320e1c8a17a74e4e68bc7d5a 2011/i586/libopenssl-engines1.0.0-1.0.0d-2.2-mdv2011.0.i586.rpm 4b8054f2c169d2b3223195053bd15802 2011/i586/libopenssl-static-devel-1.0.0d-2.2-mdv2011.0.i586.rpm 3c48b209b941a83a6acfef439c3f78b7 2011/i586/openssl-1.0.0d-2.2-mdv2011.0.i586.rpm 7af9d175d066db069aeb82248df9772b 2011/SRPMS/openssl-1.0.0d-2.2.src.rpm

Mandriva Linux 2011/X86_64: 21a50bd2be83839266f033c9a0f0fabc 2011/x86_64/lib64openssl1.0.0-1.0.0d-2.2-mdv2011.0.x86_64.rpm 7e80ee8e2d445c5f1985cd52d2316658 2011/x86_64/lib64openssl-devel-1.0.0d-2.2-mdv2011.0.x86_64.rpm e1f4faa3162a6bbc14b37e4cb8d1e8e2 2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.2-mdv2011.0.x86_64.rpm 6e3ac6d57cf0f4e13ed8e275a9bd2ff8 2011/x86_64/lib64openssl-static-devel-1.0.0d-2.2-mdv2011.0.x86_64.rpm e9e0306f8dc9f398915a646547e262e2 2011/x86_64/openssl-1.0.0d-2.2-mdv2011.0.x86_64.rpm 7af9d175d066db069aeb82248df9772b 2011/SRPMS/openssl-1.0.0d-2.2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPFFiBmqjQ0CJFipgRAkIUAJ9foScZELNgGkHUEaaSx9sgdWNMFwCgnsst eph27yO3eEECVX28+SNUKyw= =wTFq -----END PGP SIGNATURE----- .

DTLS Plaintext Recovery Attack (CVE-2011-4108)

Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can be found at http://www.isg.rhul.ac.uk/~kp/dtls.pdf

Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann seggelmann@fh-muenster.de and Michael Tuexen tuexen@fh-muenster.de for preparing the fix.

Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.

Double-free in Policy Checks (CVE-2011-4109)

If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected.

This flaw was discovered by Ben Laurie and a fix provided by Emilia Kasper ekasper@google.com of Google.

Affected users should upgrade to OpenSSL 0.9.8s.

Uninitialized SSL 3.0 Padding (CVE-2011-4576)

OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. This affects both clients and servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with SSLv3_{server|client}method or SSLv23{server|client}_method. It does not affect TLS.

As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory.

However, in practice, most deployments do not use SSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer any any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue.

Thanks to Adam Langley agl@chromium.org for identifying and fixing this issue.

Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.

Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)

RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack.

Note, however, that in the standard release of OpenSSL, RFC 3779 support is disabled by default, and in this case OpenSSL is not vulnerable. Builds of OpenSSL are vulnerable if configured with "enable-rfc3779".

Thanks to Andrew Chi, BBN Technologies, for discovering the flaw, and Rob Austein sra@hactrn.net for fixing it.

Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.

SGC Restart DoS Attack (CVE-2011-4619)

Support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack.

Thanks to George Kadianakis desnacked@gmail.com for identifying this issue and to Adam Langley agl@chromium.org for fixing it.

Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s. This could be used in a denial-of-service attack.

Only users of the OpenSSL GOST ENGINE are affected by this bug.

Thanks to Andrey Kulikov amdeich@gmail.com for identifying and fixing this issue.

Affected users should upgrade to OpenSSL 1.0.0f.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20120104.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0049",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.5a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.3a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "efi",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.32"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16.2"
      },
      {
        "model": "aura system platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "hardware management console 7r7.7.0",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux enterprise sdk sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.41"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.1"
      },
      {
        "model": "big-ip webaccelerator hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "aura system manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "hardware management console 7r7.2.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "hardware management console 7r7.1.0 sp4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "8.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "junos space ja1500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip asm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "proactive contact",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "voice portal",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.3"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "junos space ja2500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411.2"
      },
      {
        "model": "linux enterprise server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "reflection sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "aura communication manager sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.0.52"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip webaccelerator hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "8.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "xiv storage system gen3 mtm 11.1.0.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-114"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.44"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "hardware management console 7r7.1.0 sp3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "junos space 14.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "8.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "tivoli network manager fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "pfsense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.1"
      },
      {
        "model": "big-ip ltm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "junos space 13.1p1.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.2"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "reflection for ibm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20070"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "hardware management console 7r7.3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.3"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "big-ip ltm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "messaging storage server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.14"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "linux enterprise server sp3 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.01"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "voice portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "enterprise linux desktop version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.50"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.55"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56001"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "big-ip psm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.00"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.1.2"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411.1.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4"
      },
      {
        "model": "meeting exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "jboss enterprise web server for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "1.0.2"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411.2"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "tivoli remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "big-ip edge gateway hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "message networking sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux enterprise server for vmware sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "infosphere balanced warehouse d5100",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "hardware management console 7r7.2.0 sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.7"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip wom hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "messaging storage server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip analytics 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip afm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.2"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "onboard administrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.56"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.12"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.1"
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "xiv storage system gen3 mtm 11.0.1.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-114"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "fiery print controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "efi",
        "version": "2.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "docucolor dc260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "docucolor dc242",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "linux enterprise server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.13"
      },
      {
        "model": "aura sip enablement services sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "reflection for ibm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20080"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.5.0.15"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.1"
      },
      {
        "model": "7.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.9"
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "pfsense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.3"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.4"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411.1.1"
      },
      {
        "model": "reflection sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.1"
      },
      {
        "model": "big-ip psm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aura application server sip core pb26",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "xiv storage system gen3 mtm 11.1.0.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-114"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810-11411"
      },
      {
        "model": "sterling connect:direct",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.61"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "enterprise virtualization hypervisor for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "60"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "linux enterprise sdk sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56002"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "76000"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "junos space r1.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.40"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.00"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux enterprise desktop sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "aura sip enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "reflection for unix and openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "20080"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0"
      },
      {
        "model": "enterprise virtualization hypervisor for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "50"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "tivoli network manager fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9"
      },
      {
        "model": "jboss enterprise web server for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "1.0.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77100"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "hardware management console 7r7.1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm 11.0.1.a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-114"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip analytics hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77000"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16.3"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "14.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "docucolor dc252",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "tivoli netcool/omnibus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "ds8870",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "linux enterprise desktop sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "big-ip pem hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "aura conferencing standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "hardware management console 7r7.2.0 sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "pfsense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bsdperimeter",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "message networking",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.5"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "xiv storage system gen3 mtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2812-11411"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001022"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-062"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.0e",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-0027"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nadhem Alfardan and Kenny Paterson, Information Security Group at Royal Holloway, University of London, Ben Laurie, Adam Langley, Andrew Chi, BBN Technologies and Andrey Kulikov",
    "sources": [
      {
        "db": "BID",
        "id": "51281"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-0027",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2012-0027",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-0027",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201201-062",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2012-0027",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2012-0027"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001022"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-062"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03360041\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03360041\nVersion: 1\n\nHPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on\nLinux and Windows, Remote Unauthorized Access, Disclosure of Information,\nData Modification, Denial of Service (DoS), Execution of Arbitrary Code\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2012-06-26\nLast Updated: 2012-06-26\n\nPotential Security Impact: Remote unauthorized access, disclosure of\ninformation, data modification, Denial of Service (DoS), execution of\narbitrary code\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) running on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in unauthorized access, disclosure of\ninformation, data modification, Denial of Service (DoS), and execution of\narbitrary code. \n\nReferences: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379,\nCVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317,\nCVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885,\nCVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053,\nCVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823,\nCVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS),\nCVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege\nElevation),\nCVE-2012-2016 (Information disclosure),\nSSRT100336, SSRT100753, SSRT100669, SSRT100676,\nSSRT100695, SSRT100714, SSRT100760, SSRT100786,\nSSRT100787, SSRT100815, SSRT100840, SSRT100843, SSRT100869\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) before v7.1.1 running on Linux and\nWindows. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2012-2012    (AV:N/AC:L/Au:N/C:C/I:C/A:P)       9.7\nCVE-2012-2013    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2012-2014    (AV:N/AC:M/Au:S/C:N/I:N/A:N)       6.8\nCVE-2012-2015    (AV:N/AC:M/Au:S/C:P/I:N/A:N)       6.5\nCVE-2012-2016    (AV:L/AC:M/Au:S/C:C/I:N/A:N)       4.4\nCVE-2011-1944    (AV:N/AC:M/Au:N/C:C/I:C/A:C)       9.3\nCVE-2011-2821    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2011-2834    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2011-3379    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2011-3607    (AV:L/AC:M/Au:N/C:P/I:P/A:P)       4.4\nCVE-2011-4078    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2011-4108    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2011-4153    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2011-4317    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2011-4415    (AV:L/AC:H/Au:N/C:N/I:N/A:P)       1.2\nCVE-2011-4576    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\nCVE-2011-4577    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2011-4619    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2011-4885    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2012-0021    (AV:N/AC:H/Au:N/C:N/I:N/A:P)       2.6\nCVE-2012-0027    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2012-0031    (AV:L/AC:L/Au:N/C:P/I:P/A:P)       4.6\nCVE-2012-0036    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2012-0053    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2012-0057    (AV:N/AC:L/Au:N/C:P/I:P/A:N)       6.4\nCVE-2012-0830    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2012-1165    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2012-1823    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided HP System Management Homepage v7.1.1 or subsequent to resolve\nthe vulnerabilities. HP System Management Homepage v7.1.1 is available here:\n\nHP System Management Homepage for Windows x64\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab\n0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Windows x86\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7\nc0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (AMD64/EM64T)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18\nd373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (x86)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4006%257CswLang%253D8%257CswItem%253DMTX-9e\n8a0188f97d48139dcb466509%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHISTORY\nVersion:1 (rev.1) 26 June 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk/p5ksACgkQ4B86/C0qfVkQpwCfbOEZmoo7myCkxQAdqQHevKG5\n6IwAoPw4DI3YBCclyWuRekae7EFscAy0\n=zd3u\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201203-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: March 06, 2012\n     Bugs: #397695, #399365\n       ID: 201203-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, allowing remote\nattackers to cause a Denial of Service or obtain sensitive information. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.0g                 *\u003e= 0.9.8t\n                                                            \u003e= 1.0.0g\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL:\n\n* Timing differences for decryption are exposed by CBC mode encryption\n  in OpenSSL\u0027s implementation of DTLS (CVE-2011-4108). \n* An incorrect fix for CVE-2011-4108 creates an unspecified\n  vulnerability for DTLS applications using OpenSSL (CVE-2012-0050). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0g\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-4108\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108\n[ 2 ] CVE-2011-4109\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109\n[ 3 ] CVE-2011-4576\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576\n[ 4 ] CVE-2011-4577\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577\n[ 5 ] CVE-2011-4619\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619\n[ 6 ] CVE-2012-0027\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027\n[ 7 ] CVE-2012-0050\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-12.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Content-Disposition: inline\n\n==========================================================================Ubuntu Security Notice USN-1357-1\nFebruary 09, 2012\n\nopenssl vulnerabilities\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nMultiple vulnerabilities exist in OpenSSL that could expose\nsensitive information or cause applications to crash. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) binary and related cryptographic tools\n\nDetails:\n\nIt was discovered that the elliptic curve cryptography (ECC) subsystem\nin OpenSSL, when using the Elliptic Curve Digital Signature Algorithm\n(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement\ncurves over binary fields. This could allow an attacker to determine\nprivate keys via a timing attack. This issue only affected Ubuntu 8.04\nLTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\nAdam Langley discovered that the ephemeral Elliptic Curve\nDiffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread\nsafety while processing handshake messages from clients. This\ncould allow a remote attacker to cause a denial of service via\nout-of-order messages that violate the TLS protocol. This issue only\naffected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu\n11.04. (CVE-2011-3210)\n\nNadhem Alfardan and Kenny Paterson discovered that the Datagram\nTransport Layer Security (DTLS) implementation in OpenSSL performed a\nMAC check only if certain padding is valid. This could allow a remote\nattacker to recover plaintext. This could allow a remote\nattacker to cause a denial of service. This\ncould allow a remote attacker to cause a denial of service. This\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. (CVE-2011-4109)\n\nIt was discovered that OpenSSL, in certain circumstances involving\nECDH or ECDHE cipher suites, used an incorrect modular reduction\nalgorithm in its implementation of the P-256 and P-384 NIST elliptic\ncurves. This could allow a remote attacker to obtain the private\nkey of a TLS server via multiple handshake attempts. This issue only\naffected Ubuntu 8.04 LTS. (CVE-2011-4576)\n\nAndrew Chi discovered that OpenSSL, when RFC 3779 support is enabled,\ncould trigger an assert when handling an X.509 certificate containing\ncertificate-extension data associated with IP address blocks or\nAutonomous System (AS) identifiers. This could allow a remote attacker\nto cause a denial of service. This could allow a remote attacker to cause a denial of\nservice. This issue only affected Ubuntu 11.10. (CVE-2012-0027)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n  libssl1.0.0                     1.0.0e-2ubuntu4.2\n  openssl                         1.0.0e-2ubuntu4.2\n\nUbuntu 11.04:\n  libssl0.9.8                     0.9.8o-5ubuntu1.2\n  openssl                         0.9.8o-5ubuntu1.2\n\nUbuntu 10.10:\n  libssl0.9.8                     0.9.8o-1ubuntu4.6\n  openssl                         0.9.8o-1ubuntu4.6\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.8\n  openssl                         0.9.8k-7ubuntu8.8\n\nUbuntu 8.04 LTS:\n  libssl0.9.8                     0.9.8g-4ubuntu3.15\n  openssl                         0.9.8g-4ubuntu3.15\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-1357-1\n  CVE-2011-1945, CVE-2011-3210, CVE-2011-4108, CVE-2011-4109,\n  CVE-2011-4354, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619,\n  CVE-2012-0027, CVE-2012-0050\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openssl/1.0.0e-2ubuntu4.2\n  https://launchpad.net/ubuntu/+source/openssl/0.9.8o-5ubuntu1.2\n  https://launchpad.net/ubuntu/+source/openssl/0.9.8o-1ubuntu4.6\n  https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.8\n  https://launchpad.net/ubuntu/+source/openssl/0.9.8g-4ubuntu3.15\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2012:007\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : openssl\n Date    : January 16, 2012\n Affected: 2011. \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0027\n http://www.openssl.org/news/secadv_20120104.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2011:\n 2291c13c44539a5e25f58750a5d6bf8f  2011/i586/libopenssl1.0.0-1.0.0d-2.2-mdv2011.0.i586.rpm\n c610330d2c4c7397feb126247b1fa94f  2011/i586/libopenssl-devel-1.0.0d-2.2-mdv2011.0.i586.rpm\n 36c86a84320e1c8a17a74e4e68bc7d5a  2011/i586/libopenssl-engines1.0.0-1.0.0d-2.2-mdv2011.0.i586.rpm\n 4b8054f2c169d2b3223195053bd15802  2011/i586/libopenssl-static-devel-1.0.0d-2.2-mdv2011.0.i586.rpm\n 3c48b209b941a83a6acfef439c3f78b7  2011/i586/openssl-1.0.0d-2.2-mdv2011.0.i586.rpm \n 7af9d175d066db069aeb82248df9772b  2011/SRPMS/openssl-1.0.0d-2.2.src.rpm\n\n Mandriva Linux 2011/X86_64:\n 21a50bd2be83839266f033c9a0f0fabc  2011/x86_64/lib64openssl1.0.0-1.0.0d-2.2-mdv2011.0.x86_64.rpm\n 7e80ee8e2d445c5f1985cd52d2316658  2011/x86_64/lib64openssl-devel-1.0.0d-2.2-mdv2011.0.x86_64.rpm\n e1f4faa3162a6bbc14b37e4cb8d1e8e2  2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.2-mdv2011.0.x86_64.rpm\n 6e3ac6d57cf0f4e13ed8e275a9bd2ff8  2011/x86_64/lib64openssl-static-devel-1.0.0d-2.2-mdv2011.0.x86_64.rpm\n e9e0306f8dc9f398915a646547e262e2  2011/x86_64/openssl-1.0.0d-2.2-mdv2011.0.x86_64.rpm \n 7af9d175d066db069aeb82248df9772b  2011/SRPMS/openssl-1.0.0d-2.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFPFFiBmqjQ0CJFipgRAkIUAJ9foScZELNgGkHUEaaSx9sgdWNMFwCgnsst\neph27yO3eEECVX28+SNUKyw=\n=wTFq\n-----END PGP SIGNATURE-----\n. \n\nDTLS Plaintext Recovery Attack (CVE-2011-4108)\n==============================================\n\nNadhem Alfardan and Kenny Paterson have discovered an extension of the \nVaudenay padding oracle attack on CBC mode encryption which enables an \nefficient plaintext recovery attack against the OpenSSL implementation\nof DTLS. Their attack exploits timing differences arising during\ndecryption processing. A research paper describing this attack can be\nfound at http://www.isg.rhul.ac.uk/~kp/dtls.pdf\n\nThanks go to Nadhem Alfardan and Kenny Paterson of the Information\nSecurity Group at Royal Holloway, University of London\n(www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann\n\u003cseggelmann@fh-muenster.de\u003e and Michael Tuexen \u003ctuexen@fh-muenster.de\u003e\nfor preparing the fix. \n\nAffected users should upgrade to OpenSSL 1.0.0f or 0.9.8s. \n\nDouble-free in Policy Checks (CVE-2011-4109)\n============================================\n\nIf X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy\ncheck failure can lead to a double-free. The bug does not occur \nunless this flag is set. Users of OpenSSL 1.0.0 are not affected. \n\nThis flaw was discovered by Ben Laurie and a fix provided by Emilia\nKasper \u003cekasper@google.com\u003e of Google. \n\nAffected users should upgrade to OpenSSL 0.9.8s. \n\nUninitialized SSL 3.0 Padding (CVE-2011-4576)\n=============================================\n\nOpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as\nblock cipher padding in SSL 3.0 records. This affects both clients and\nservers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with\nSSLv3_{server|client}_method or SSLv23_{server|client}_method. It does\nnot affect TLS. \n\nAs a result, in each record, up to 15 bytes of uninitialized memory\nmay be sent, encrypted, to the SSL peer. This could include sensitive\ncontents of previously freed memory. \n\nHowever, in practice, most deployments do not use\nSSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per\nconnection. That write buffer is partially filled with non-sensitive,\nhandshake data at the beginning of the connection and, thereafter,\nonly records which are longer any any previously sent record leak any\nnon-encrypted data. This, combined with the small number of bytes\nleaked per record, serves to limit to severity of this issue. \n\nThanks to Adam Langley \u003cagl@chromium.org\u003e for identifying and fixing\nthis issue. \n\nAffected users should upgrade to OpenSSL 1.0.0f or 0.9.8s. \n\nMalformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)\n====================================================================\n\nRFC 3779 data can be included in certificates, and if it is malformed,\nmay trigger an assertion failure. This could be used in a\ndenial-of-service attack. \n\nNote, however, that in the standard release of OpenSSL, RFC 3779\nsupport is disabled by default, and in this case OpenSSL is not\nvulnerable. Builds of OpenSSL are vulnerable if configured with \n\"enable-rfc3779\". \n\nThanks to Andrew Chi, BBN Technologies, for discovering the flaw, and\nRob Austein \u003csra@hactrn.net\u003e for fixing it. \n\nAffected users should upgrade to OpenSSL 1.0.0f or 0.9.8s. \n\nSGC Restart DoS Attack (CVE-2011-4619)\n======================================\n\nSupport for handshake restarts for server gated cryptograpy (SGC) can\nbe used in a denial-of-service attack. \n\nThanks to George Kadianakis \u003cdesnacked@gmail.com\u003e for identifying\nthis issue and to Adam Langley \u003cagl@chromium.org\u003e for fixing it. \n\nAffected users should upgrade to OpenSSL 1.0.0f or 0.9.8s. \nThis could be used in a denial-of-service attack. \n\nOnly users of the OpenSSL GOST ENGINE are affected by this bug. \n\nThanks to Andrey Kulikov \u003camdeich@gmail.com\u003e for identifying and fixing\nthis issue. \n\nAffected users should upgrade to OpenSSL 1.0.0f. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20120104.txt\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-0027"
      },
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001022"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-0027"
      },
      {
        "db": "PACKETSTORM",
        "id": "121573"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "PACKETSTORM",
        "id": "169679"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-0027",
        "trust": 3.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#737740",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "78191",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57353",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001022",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-24443",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-062",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "51281",
        "trust": 0.4
      },
      {
        "db": "JUNIPER",
        "id": "JSA10659",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-0027",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "121573",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "114272",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "110482",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109614",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "108735",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169679",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-0027"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001022"
      },
      {
        "db": "PACKETSTORM",
        "id": "121573"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "PACKETSTORM",
        "id": "169679"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-062"
      }
    ]
  },
  "id": "VAR-201201-0049",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44401007833333334
  },
  "last_update_date": "2023-12-18T10:57:02.054000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DTLS Plaintext Recovery Attack",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20120104.txt"
      },
      {
        "title": "Multiple vulnerabilities in OpenSSL",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl"
      },
      {
        "title": "openssl-1.0.0f",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42348"
      },
      {
        "title": "openssl-0.9.8s",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42347"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1357-1"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/hrbrmstr/internetdb "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2012-0027"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001022"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-062"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001022"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0027"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://www.openssl.org/news/secadv_20120104.txt"
      },
      {
        "trust": 1.4,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564"
      },
      {
        "trust": 1.1,
        "url": "http://w3.efi.com/fiery"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:007"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/78191"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57353"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0027"
      },
      {
        "trust": 0.8,
        "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64"
      },
      {
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0027"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/solutions/len-24443"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4109"
      },
      {
        "trust": 0.3,
        "url": "http://www.attachmate.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg400001530"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg400001529"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us"
      },
      {
        "trust": 0.3,
        "url": "https://www14.software.ibm.com/webapp/iwm/web/prelogin.do?source=aixbp"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100157565"
      },
      {
        "trust": 0.3,
        "url": "http://blog.pfsense.org/?p=676"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21637929"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/1708.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2502.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631429"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626257"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651196"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659"
      },
      {
        "trust": 0.3,
        "url": "http://support.apple.com/kb/ht5784"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100156631"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100156392"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100157969"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100161892"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100161590"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643698"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912"
      },
      {
        "trust": 0.3,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03383940"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638022"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/support/docview.wss?uid=swg21619837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631322"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001560"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24030251"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033501"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004323"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-1306.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-1307.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-1308.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643442"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651176"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21627934"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21633107"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635888"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638669"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638670"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643439"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643437"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15314.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15388.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15389.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15395.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15460.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15461.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643316"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/737740"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100158312"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100150578"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100156392"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2016"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4078"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317"
      },
      {
        "trust": 0.2,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.2,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2014"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2013"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4415"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021"
      },
      {
        "trust": 0.2,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2012"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2015"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0050"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/1357-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/51281"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-ac3d1f80b8dd48b792bfc01a08"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4577"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4576"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0027"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4619"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0050"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201203-12.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4109"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4108"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8g-4ubuntu3.15"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3210"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-1357-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1945"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8o-1ubuntu4.6"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4354"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8o-5ubuntu1.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.8"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.0e-2ubuntu4.2"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4108"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4576"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4619"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4109"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://www.isg.rhul.ac.uk)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-0027"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001022"
      },
      {
        "db": "PACKETSTORM",
        "id": "121573"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "PACKETSTORM",
        "id": "169679"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-062"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-0027"
      },
      {
        "db": "BID",
        "id": "51281"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001022"
      },
      {
        "db": "PACKETSTORM",
        "id": "121573"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "PACKETSTORM",
        "id": "169679"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-062"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-03-18T00:00:00",
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "date": "2012-01-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2012-0027"
      },
      {
        "date": "2012-01-05T00:00:00",
        "db": "BID",
        "id": "51281"
      },
      {
        "date": "2012-01-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001022"
      },
      {
        "date": "2013-05-09T14:44:00",
        "db": "PACKETSTORM",
        "id": "121573"
      },
      {
        "date": "2012-06-28T03:39:12",
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "date": "2012-03-06T23:57:33",
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "date": "2012-02-10T07:44:13",
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "date": "2012-01-17T01:20:23",
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "date": "2012-01-04T12:12:12",
        "db": "PACKETSTORM",
        "id": "169679"
      },
      {
        "date": "2012-01-06T01:55:01.050000",
        "db": "NVD",
        "id": "CVE-2012-0027"
      },
      {
        "date": "2012-01-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201201-062"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-05-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#737740"
      },
      {
        "date": "2014-03-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2012-0027"
      },
      {
        "date": "2015-04-13T21:31:00",
        "db": "BID",
        "id": "51281"
      },
      {
        "date": "2012-04-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001022"
      },
      {
        "date": "2014-03-26T04:27:05.177000",
        "db": "NVD",
        "id": "CVE-2012-0027"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201201-062"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "110482"
      },
      {
        "db": "PACKETSTORM",
        "id": "109614"
      },
      {
        "db": "PACKETSTORM",
        "id": "108735"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-062"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#737740"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-062"
      }
    ],
    "trust": 0.6
  }
}

var-200411-0171
Vulnerability from variot

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. OpenSSL for, Kerberos using a cipher suite SSL/TLS When communicating, there is a flaw in not properly checking the communication data during the key exchange during handshake, and it is intentionally created. Please note that this vulnerability OpenSSL Applications and systems using the library may also be affected. For more detailed information about other systems, NISCC-224012 (JVN) , NISCC Advisory 224012 (CPNI Advisory 00389) Please also check.OpenSSL Applications that use this crash and cause a denial of service. (DoS) may become a state. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications. It is now widely used in various network applications.

When using Kerberos ciphersuites, there is a flaw in the SSL / TLS handshake code. A remote attacker can construct a special SSL / TLS handshake and send it to a server configured with Kerberos ciphersuites. Most applications do not use Kerberos ciphersuites. It is therefore not affected by this vulnerability. For the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. This entry will be retired when individual BID records are created for each issue. *Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc.

TITLE: Fedora update for openssl096b

SECUNIA ADVISORY ID: SA17381

VERIFY ADVISORY: http://secunia.com/advisories/17381/

CRITICAL: Moderately critical

IMPACT: DoS

WHERE:

From remote

OPERATING SYSTEM: Fedora Core 3 http://secunia.com/product/4222/

DESCRIPTION: Fedora has issued an update for openssl096b.

For more information: SA10133 SA11139

SOLUTION: Apply updated packages.

Fedora Core 3: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

8d68e4b430aa7c5ca067c12866ae694e SRPMS/openssl096b-0.9.6b-21.42.src.rpm 54a9e78a2fdd625b9dc9121e09eb4398 x86_64/openssl096b-0.9.6b-21.42.x86_64.rpm c5c6174e23eba8d038889d08f49231b8 x86_64/debug/openssl096b-debuginfo-0.9.6b-21.42.x86_64.rpm 56b63fc150d0c099b2e4f0950e21005b x86_64/openssl096b-0.9.6b-21.42.i386.rpm 56b63fc150d0c099b2e4f0950e21005b i386/openssl096b-0.9.6b-21.42.i386.rpm 93195495585c7e9789041c75b1ed5380 i386/debug/openssl096b-debuginfo-0.9.6b-21.42.i386.rpm

OTHER REFERENCES: SA10133: http://secunia.com/advisories/10133/

SA11139: http://secunia.com/advisories/11139/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

  Cisco Security Advisory: Cisco OpenSSL Implementation Vulnerability

Revision 1.0

For Public Release 2004 March 17 at 1300 UTC (GMT)

 ----------------------------------------------------------------------

Contents

 Summary
 Affected Products
 Details
 Impact
 Software Versions and Fixes
 Obtaining Fixed Software
 Workarounds
 Exploitation and Public Announcements
 Status of This Notice: INTERIM
 Distribution
 Revision History
 Cisco Security Procedures

 ----------------------------------------------------------------------

Summary

A new vulnerability in the OpenSSL implementation for SSL has been announced on March 17, 2004.

An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack. There are workarounds available to mitigate the effects of this vulnerability on Cisco products in the workaround section of this advisory. Cisco is providing fixed software, and recommends that customers upgrade to it when it is available.

This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml. 

 * Cisco IOS 12.1(11)E and later in the 12.1E release train. Only crypto
   images (56i and k2) are vulnerable for the Cisco 7100 and 7200 Series
   Routers. 
 * Cisco IOS 12.2SY release train. Only crypto images (k8, k9 and k91)
   are vulnerable for the Cisco Catalyst 6500 Series and Cisco 7600
   Series Routers. 
 * Cisco PIX Firewall
 * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
   Series and Cisco 7600 Series routers
 * Cisco MDS 9000 Series Multilayer Switch
 * Cisco Content Service Switch (CSS) 11000 series
 * Cisco Global Site Selector (GSS) 4480
 * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common
   Management Foundation (CMF) version 2.1
 * Cisco Access Registrar (CAR)

The following products have their SSL implementation based on the OpenSSL code and are not affected by this vulnerability. 

 * Cisco Secure Intrusion Detection System (NetRanger) appliance. This
   includes the IDS-42xx appliances, NM-CIDS and WS-SVS-IDSM2. 
 * Cisco SN 5428 and SN 5428-2 Storage Router
 * Cisco CNS Configuration Engine
 * Cisco Network Analysis Modules (NAM) for the Cisco Catalyst 6000 and
   6500 Series switches and Cisco 7600 Series routers
 * Cisco SIP Proxy Server (SPS)
 * CiscoWorks 1105 Hosting Solution Engine (HSE)
 * CiscoWorks 1105 Wireless LAN Solution Engine (WLSE)
 * Cisco Ethernet Subscriber Solution Engine (ESSE)

The following products, which implement SSL, are not affected by this vulnerability. 

 * Cisco VPN 3000 Series Concentrators

CatOS does not implement SSL and is not vulnerable. This vulnerability is still being actively investigated across Cisco products and status of some products has still not been determined.

Details

Secure Sockets Layer (SSL), is a protocol used to encrypt the data transferred over an TCP session. SSL in Cisco products is mainly used by the HyperText Transfer Protocol Secure (HTTPS) web service for which the default TCP port is 443. The affected products, listed above, are only vulnerable if they have the HTTPS service enabled and the access to the service is not limited to trusted hosts or network management workstations.

To check if the HTTPS service is enabled one can do the following:

1. Check the configuration on the device to verify the status of the
   HTTPS service. 
2. Try to connect to the device using a standard web browser that
   supports SSL using a URL similar to https://ip_address_of_device/. 
3. Try and connect to the default HTTPS port, TCP 443, using Telnet. 
   telnet ip_address_of_device 443. If the session connects the service
   is enabled and accessible.

Testing by the OpenSSL development team has uncovered a null-pointer assignment in the do_change_cipher_spec() function. This crash on many Cisco products would cause the device to reload.

A third vulnerability described in the NISCC advisory is a bug in older versions of OpenSSL, versions before 0.9.6d, that can also lead to a Denial of Service attack. None of the Cisco OpenSSL implementations are known to be affected by this older OpenSSL issue. 

 * Cisco IOS - All 12.1(11)E and later IOS software crypto (56i and k2)
   image releases in the 12.1E release train for the Cisco 7100 and 7200
   Series Routers are affected by this vulnerability. All IOS software
   crypto (k8, k9, and k91) image releases in the 12.2SY release train
   for the Cisco Catalyst 6500 Series and Cisco 7600 Series Routers are
   affected by this vulnerability. The SSH implementation in IOS is not
   dependent on any OpenSSL code. SSH implementations in IOS do not
   handle certificates, yet, and therefore do not use any SSL code for
   SSH. OpenSSL in 12.1E and 12.2SY release trains is only used for
   providing the HTTPS and VPN Device Manager (VDM) services. This
   vulnerability is documented in the Cisco Bug Toolkit (registered
   customers only) as Bug ID CSCee00041. The HTTPS web service, that uses
   the OpenSSL code, on the device is disabled by default. The no ip http
   secure-server command may be used to disable the HTTPS web service on
   the device, if required. The SSH and IPSec services in IOS are not
   vulnerable to this vulnerability. 
 * Cisco PIX Firewall - PIX 6.x releases are affected by this
   vulnerability. PIX 5.x releases do not contain any SSL code and are
   not vulnerable. This vulnerability is documented in the Cisco Bug
   Toolkit (registered customers only) as Bug ID CSCed90672. 
 * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
   Series and Cisco 7600 Series routers - This vulnerability is
   documented in the Cisco Bug Toolkit (registered customers only) as Bug
   ID CSCee02055. 
 * Cisco MDS 9000 Series Multilayer Switches - This vulnerability is
   documented in the Cisco Bug Toolkit (registered customers only) as Bug
   ID CSCed96246. 
 * Cisco Content Service Switch (CSS) 11000 series - WebNS version 6.x
   and 7.x are affected by this vulnerability. This vulnerability is
   documented in the Cisco Bug Toolkit (registered customers only) as Bug
   ID CSCee01234 for SCM and is documented in the Cisco Bug Toolkit
   (registered customers only) as Bug ID CSCee01240 for the SSL module. 
 * Cisco Global Site Selector (GSS) 4480 - This vulnerability is
   documented in the Cisco Bug Toolkit (registered customers only) as Bug
   ID CSCee01057. 
 * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common
   Management Foundation (CMF) version 2.1 - This vulnerability is
   documented in the Cisco Bug Toolkit (registered customers only) as Bug
   ID CSCsa13748. 
 * Cisco Access Registrar (CAR) - This vulnerability is documented in the
   Cisco Bug Toolkit (registered customers only) as Bug ID CSCee01956.

The Internetworking Terms and Cisco Systems Acronyms online guides can be found at http://www.cisco.com/univercd/cc/td/doc/cisintwk/.

Impact

An affected network device running an SSL server based on the OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack.

Software Versions and Fixes

 * Cisco IOS -

   +----------------------------------------+
   |Release|  Fixed Releases  |Availability |
   | Train |                  |             |
   |-------+------------------+-------------|
   |12.2SY |12.2(14)SY4       |March 25     |
   |-------+------------------+-------------|
   |       |12.1(13)E14       |April 8      |
   |12.1E  |12.1.(19)E7       |April 8      |
   |       |12.1(20)E3        |April 26     |
   +----------------------------------------+

 * Cisco PIX Firewall - The vulnerability is fixed in software releases
   6.0(4)102, 6.1(5)102, 6.2(3)107, and 6.3(3)124. These engineering
   builds may be obtained by contacting the Cisco Technical Assistance
   Center (TAC). TAC Contact information is given in the Obtaining Fixed
   Software section below. 
 * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
   Series and Cisco 7600 Series routers - The vulnerability is fixed in
   software release 1.1.3(14) which will be available by Monday, 22 of
   March, 2004. This engineering builds may be obtained by contacting the
   Cisco Technical Assistance Center (TAC). TAC Contact information is
   given in the Obtaining Fixed Software section below. 
 * Cisco MDS 9000 Series Multilayer Switches - No fixed software release
   or software availability date has been determined yet. 
 * Cisco Content Service Switch (CSS) 11000 series -No fixed software
   release or software availability date has been determined yet. 
 * Cisco Global Site Selector (GSS) 4480 - No fixed software release or
   software availability date has been determined yet. 
 * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common
   Management Foundation (CMF) version 2.1 - No fixed software release or
   software availability date has been determined yet. 
 * Cisco Access Registrar (CAR) - The vulnerability is fixed in software
   release 3.5.0.12 which will be available by Friday, 26 of March, 2004.

Obtaining Fixed Software

Cisco is offering free software upgrades to address this vulnerability for all affected customers.

Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, Customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/public/sw-license-agreement.html, or as otherwise set forth at the Cisco Connection Online Software Center at http://www.cisco.com/public/sw-center/sw-usingswc.shtml.

Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/tacpage/sw-center. To access the software download URL, you must be a registered user and you must be logged in.

Customers whose Cisco products are provided or maintained through a prior or existing agreement with third-party support organizations such as Cisco Partners, authorized resellers, or service providers, should contact that support organization for assistance with obtaining the software upgrade(s).

Customers who purchase direct from Cisco but who do not hold a Cisco service contract and customers who purchase through third-party vendors but are unsuccessful at obtaining fixed software through their point of sale should get their upgrades by contacting the Cisco Technical Assistance Center (TAC) using the contact information listed below. In these cases, customers are entitled to obtain a free upgrade to a later version of the same release or as indicated by the applicable corrected software version in the Software Versions and Fixes section (noted above).

Cisco TAC contacts are as follows:

 * +1 800 553 2447 (toll free from within North America)
 * +1 408 526 7209 (toll call from anywhere in the world)
 * e-mail: tac@cisco.com

See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including special localized telephone numbers and instructions and e-mail addresses for use in various languages.

Please have your product serial number available and give the URL of this notice as evidence of your entitlement to a upgrade. Upgrades for non-contract customers must be requested through the TAC.

Please do not contact either "psirt@cisco.com" or "security-alert@cisco.com" for software upgrades.

Workarounds

The Cisco PSIRT recommends that affected users upgrade to a fixed software version of code as soon as it is available. 

 * Restrict access to the HTTPS server on the network device. Allow
   access to the network device only from trusted workstations by using
   access lists / MAC filters that are available on the affected
   platforms. 
 * Disable the SSL server / service on the network device. This
   workaround must be weighed against the need for secure communications
   with the vulnerable device.

Exploitation and Public Announcements

The Cisco PSIRT is not aware of any malicious use of the vulnerability described in this advisory.

Status of This Notice: INTERIM

This is an interim advisory. Although Cisco cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Cisco does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Cisco may update this advisory.

A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.

Distribution

This advisory will be posted on Cisco's worldwide website at http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml .

In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key having the fingerprint 8C82 5207 0CA9 ED40 1DD2 EE2A 7B31 A8CF 32B6 B590 and is posted to the following e-mail and Usenet news recipients. 

 * cust-security-announce@cisco.com
 * first-teams@first.org (includes CERT/CC)
 * bugtraq@securityfocus.com
 * vulnwatch@vulnwatch.org
 * cisco@spot.colorado.edu
 * cisco-nsp@puck.nether.net
 * full-disclosure@lists.netsys.com
 * comp.dcom.sys.cisco@newsgate.cisco.com

Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.

Revision History

+------------------------------------------+ |Revision 1.0|2004-March-17|Initial | | | |release. | +------------------------------------------+

Cisco Security Procedures

Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.

This advisory is copyright 2004 by Cisco Systems, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. 

 ----------------------------------------------------------------------

-----BEGIN PGP SIGNATURE----- Comment: PGP Signed by Sharad Ahlawat, Cisco Systems PSIRT

iD8DBQFAWFvZezGozzK2tZARAqIwAKDXDMLAY6eDYyU8y1MhKZUto2SRxwCg+oid 7AhsNlLsNVSLwTRKTHSigu0= =gtba -----END PGP SIGNATURE----- .

OpenSSL 0.9.7d and OpenSSL 0.9.6m are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html):

ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.7d.tar.gz
  MD5 checksum: 1b49e90fc8a75c3a507c0a624529aca5

o openssl-0.9.6m.tar.gz [normal]
  MD5 checksum: 1b63bfdca1c37837dddde9f1623498f9
o openssl-engine-0.9.6m.tar.gz [engine]
  MD5 checksum: 4c39d2524bd466180f9077f8efddac8c

The checksums were calculated using the following command:

openssl md5 openssl-0.9*.tar.gz

Credits

Patches for these issues were created by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team. The OpenSSL team would like to thank Codenomicon for supplying the TLS Test Tool which was used to discover these vulnerabilities, and Joe Orton of Red Hat for performing the majority of the testing.

References

http://www.codenomicon.com/testtools/tls/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112

URL for this Security Advisory: http://www.openssl.org/news/secadv_20040317.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200411-0171",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "gsx server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "2.5.1"
      },
      {
        "model": "gsx server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.5.2"
      },
      {
        "model": "servercluster",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "sgi",
        "version": "2.4"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "sgi",
        "version": "2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "openbsd",
        "version": "3.4"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "openbsd",
        "version": "3.3"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "2.0"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "1.5"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.7"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.6.2"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.5.27"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.5"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "novell",
        "version": "8.0"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "hp",
        "version": "11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "apache-based web server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "hp",
        "version": "2.0.43.04"
      },
      {
        "model": "apache-based web server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "hp",
        "version": "2.0.43.00"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "6.10"
      },
      {
        "model": "secure content accelerator",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "okena stormwatch",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "1.1.3"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "1.1.2"
      },
      {
        "model": "css secure content accelerator",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "css secure content accelerator",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "sg5",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.4"
      },
      {
        "model": "sg5",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.3"
      },
      {
        "model": "sg5",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "sg208",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.4"
      },
      {
        "model": "sg203",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.31.29"
      },
      {
        "model": "sg203",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.4"
      },
      {
        "model": "sg200",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.31.29"
      },
      {
        "model": "sg200",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "4.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.3.1"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.3"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.2.4"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.2.3"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.2.2"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.2.1"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "5.2"
      },
      {
        "model": "webstar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "4d",
        "version": "4.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "cacheos ca sa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "bluecoat",
        "version": "4.1.10"
      },
      {
        "model": "wbem",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "a.02.00.00"
      },
      {
        "model": "s8300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.0"
      },
      {
        "model": "firewall-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp0"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tarantella",
        "version": "3.40"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "intuity audix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "5.1.46"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.0"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "2000_r2.0.1"
      },
      {
        "model": "firewall-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp2"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "neoteris",
        "version": "3.1"
      },
      {
        "model": "openserver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sco",
        "version": "5.0.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2.2_.111"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.2\\(14\\)sy1"
      },
      {
        "model": "aaa server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "*"
      },
      {
        "model": "application and content networking software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3\\(3.109\\)"
      },
      {
        "model": "clientless vpn gateway 4400",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "5.0"
      },
      {
        "model": "s8300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "0.9.7a-2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "2.2.1"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3\\(1\\)"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tarantella",
        "version": "3.20"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(2\\)"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "10000_r2.0.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "1.5.18"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(3.100\\)"
      },
      {
        "model": "threat response",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "firewall-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp1"
      },
      {
        "model": "intuity audix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "s3400"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(3\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11b\\)e12"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "2.2"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "neoteris",
        "version": "3.3.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "2.2.4"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "11.00"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tarantella",
        "version": "3.30"
      },
      {
        "model": "sg208",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "*"
      },
      {
        "model": "openserver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sco",
        "version": "5.0.7"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(1\\)"
      },
      {
        "model": "vpn-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp0"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "5000_r2.0.1"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "8.5.12a"
      },
      {
        "model": "firewall-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "*"
      },
      {
        "model": "vpn-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp2"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "litespeedtech",
        "version": "1.0.1"
      },
      {
        "model": "vpn-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "vsx_ng_with_application_intelligence"
      },
      {
        "model": "wbem",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "a.02.00.01"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(19\\)e1"
      },
      {
        "model": "s8700",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.0"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "neoteris",
        "version": "3.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "firewall-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "2.0"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3\\(2\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.1"
      },
      {
        "model": "bsafe ssl-j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "3.0"
      },
      {
        "model": "gss 4490 global site selector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(13\\)e9"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "1.7"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2"
      },
      {
        "model": "wbem",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "a.01.05.08"
      },
      {
        "model": "gsx server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "2.5.1_build_5336"
      },
      {
        "model": "s8700",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "r2.0.1"
      },
      {
        "model": "provider-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "4.1"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.1.02"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.10_b4"
      },
      {
        "model": "stonebeat fullcluster",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "stonesoft",
        "version": "1_3.0"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "1.7.1"
      },
      {
        "model": "mds 9000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "2.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11b\\)e"
      },
      {
        "model": "stonebeat fullcluster",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "bsafe ssl-j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "3.0.1"
      },
      {
        "model": "crypto accelerator 4000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "2.0.8"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.1_\\(3.005\\)"
      },
      {
        "model": "css11000 content services switch",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.2_0.0.03"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "2.0.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.2sy"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "8.05"
      },
      {
        "model": "intuity audix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "s3210"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "0.9.6-15"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(1\\)"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.0.04"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "neoteris",
        "version": "3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.2za"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "0.9.6b-3"
      },
      {
        "model": "access registrar",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "1.6.3"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "2.0.6"
      },
      {
        "model": "content services switch 11500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(4\\)"
      },
      {
        "model": "stonebeat fullcluster",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(4\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3\\(3.102\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(4.101\\)"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.0.02"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "2.0.9"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.1_0.1.02"
      },
      {
        "model": "cacheos ca sa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "bluecoat",
        "version": "4.1.12"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "vpn-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "next_generation_fp1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11b\\)e14"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.1_0.2.06"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "7500_r2.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.2\\(14\\)sy"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "2.0.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "2.0.7"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(3\\)"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.0.01"
      },
      {
        "model": "intuity audix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "*"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "neoteris",
        "version": "3.2"
      },
      {
        "model": "gsx server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "3.0_build_7592"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(3\\)"
      },
      {
        "model": "gsx server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "2.0.1_build_2129"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.1_\\(0.208\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(5\\)"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "5x"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "1.6.2"
      },
      {
        "model": "gss 4480 global site selector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "bsafe ssl-j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "3.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1\\(11\\)e"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.10_.0.06s"
      },
      {
        "model": "stonebeat fullcluster",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "bluecoat",
        "version": "*"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(1\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(2\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(2\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "2.1"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "500"
      },
      {
        "model": "sidewinder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "securecomputing",
        "version": "5.2.0.03"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "1.5.17"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "100_r2.0.1"
      },
      {
        "model": "stonebeat fullcluster",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "stonesoft",
        "version": "1_2.0"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "forcepoint",
        "version": "1.7.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "netwatcher",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u5bcc\u58eb\u901a",
        "version": null
      },
      {
        "model": "turbolinux appliance server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30bf\u30fc\u30dc\u30ea\u30ca\u30c3\u30af\u30b9",
        "version": null
      },
      {
        "model": "red hat enterprise linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
        "version": null
      },
      {
        "model": "hp-ux apache-based web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
        "version": null
      },
      {
        "model": "hp-ux",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
        "version": null
      },
      {
        "model": "trendmicro interscan viruswall",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
        "version": null
      },
      {
        "model": "provider-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba",
        "version": null
      },
      {
        "model": "primergy sslaccelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u5bcc\u58eb\u901a",
        "version": "7115"
      },
      {
        "model": "hp wbem services",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30bf\u30fc\u30dc\u30ea\u30ca\u30c3\u30af\u30b9",
        "version": null
      },
      {
        "model": "red hat enterprise linux desktop",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
        "version": null
      },
      {
        "model": "netshelter\u30b7\u30ea\u30fc\u30ba",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u5bcc\u58eb\u901a",
        "version": null
      },
      {
        "model": "sun cobalt raq4",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      },
      {
        "model": "primergy sslaccelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u5bcc\u58eb\u901a",
        "version": "7117"
      },
      {
        "model": "netbsd",
        "scope": null,
        "trust": 0.8,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "vine linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "vine linux",
        "version": null
      },
      {
        "model": "asianux server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b5\u30a4\u30d0\u30fc\u30c8\u30e9\u30b9\u30c8\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "red hat linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
        "version": null
      },
      {
        "model": "sun crypto accelerator",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      },
      {
        "model": "turbolinux desktop",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30bf\u30fc\u30dc\u30ea\u30ca\u30c3\u30af\u30b9",
        "version": null
      },
      {
        "model": "ipcom\u30b7\u30ea\u30fc\u30ba",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u5bcc\u58eb\u901a",
        "version": null
      },
      {
        "model": "firewall-1 gx",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba",
        "version": null
      },
      {
        "model": "openssl",
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "hp-ux aaa server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
        "version": null
      },
      {
        "model": "vpn-1/firewall-1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba",
        "version": null
      },
      {
        "model": "turbolinux workstation",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30bf\u30fc\u30dc\u30ea\u30ca\u30c3\u30af\u30b9",
        "version": null
      },
      {
        "model": "primergy sslaccelerator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u5bcc\u58eb\u901a",
        "version": "7110"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.6,
        "vendor": "none",
        "version": null
      },
      {
        "model": "ios 12.1 e",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "gsx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.07592"
      },
      {
        "model": "gsx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.15336"
      },
      {
        "model": "gsx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.12129"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.40"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.30"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.200"
      },
      {
        "model": "clientless vpn gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "44005.0"
      },
      {
        "model": "crypto accelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "40001.0"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.9"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.7"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7.2"
      },
      {
        "model": "stonegate vpn client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2.4"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.9"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.6"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.5"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.4"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.6.3"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.6.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.5.18"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.5.17"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat fullcluster for isa server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "stonebeat fullcluster for gauntlet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.24"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.23"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.22"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.1.02"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.1"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.0.04"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.0.03"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.0.02"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.0.01"
      },
      {
        "model": "computing sidewinder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2"
      },
      {
        "model": "unixware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "7.1.3"
      },
      {
        "model": "unixware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "7.1.1"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.7"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.6"
      },
      {
        "model": "security bsafe ssl-j sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "3.1"
      },
      {
        "model": "security bsafe ssl-j sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "3.0.1"
      },
      {
        "model": "security bsafe ssl-j sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "3.0"
      },
      {
        "model": "openssl096b-0.9.6b-3.i386.rpm",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openssl096-0.9.6-15.i386.rpm",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openssl-perl-0.9.7a-2.i386.rpm",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openssl-devel-0.9.7a-2.i386.rpm",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openssl-0.9.7a-2.i386.rpm",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "hat fedora core3",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "hat fedora core2",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "hat fedora core1",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "edirectory su1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "edirectory a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.5.12"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "3.3.1"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "3.3"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "3.2"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "3.1"
      },
      {
        "model": "instant virtual extranet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "3.0"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3.1"
      },
      {
        "model": "litespeed web server rc3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3"
      },
      {
        "model": "litespeed web server rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3"
      },
      {
        "model": "litespeed web server rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.2.2"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.2.1"
      },
      {
        "model": "litespeed web server rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.2"
      },
      {
        "model": "litespeed web server rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.2"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.1.1"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.1"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.0.3"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.0.2"
      },
      {
        "model": "litespeed web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.0.1"
      },
      {
        "model": "wbem a.02.00.01",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "wbem a.02.00.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "wbem a.01.05.08",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.5"
      },
      {
        "model": "aaa server",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "associates etrust security command center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "secure gateway for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "1.13"
      },
      {
        "model": "secure gateway for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "1.12"
      },
      {
        "model": "secure gateway for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "1.1"
      },
      {
        "model": "webns .0.06s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.20.0.03"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10.2.06"
      },
      {
        "model": "webns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10.1.02"
      },
      {
        "model": "webns b4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.10"
      },
      {
        "model": "threat response",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3(3.109)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3(3.102)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.3"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.2.111"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(3.100)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(3)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.5"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.4"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.3"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(5)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(4)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(3)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(2)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.4"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.3"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(4.101)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(4)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(2)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "ios 12.2za",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sy",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sy1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sy",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e9",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e14",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e12",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ec",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1(0.208)"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(3.005)"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11000 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "call manager",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "point software vpn-1 vsx ng with application intelligence",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 next generation fp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 next generation fp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software vpn-1 next generation fp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software providor-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 vsx ng with application intelligence",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 next generation fp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 next generation fp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 next generation fp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 gx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "2.0"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "0"
      },
      {
        "model": "coat systems cacheos ca/sa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.1.12"
      },
      {
        "model": "coat systems cacheos ca/sa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.1.10"
      },
      {
        "model": "vsu r2.0.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7500"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5x0"
      },
      {
        "model": "vsu r2.0.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5000"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5000"
      },
      {
        "model": "vsu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "50"
      },
      {
        "model": "vsu r2.0.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2000"
      },
      {
        "model": "vsu r2.0.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "10000"
      },
      {
        "model": "vsu r2.0.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "100"
      },
      {
        "model": "sg5x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.4"
      },
      {
        "model": "sg5x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.3"
      },
      {
        "model": "sg5x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "sg208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity r5 r5.1.46",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity audix r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "intuity s3400",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity s3210",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "gsx server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.2"
      },
      {
        "model": "stonegate sparc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2.12"
      },
      {
        "model": "stonegate",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2.5x86"
      },
      {
        "model": "stonegate ibm zseries",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2.5"
      },
      {
        "model": "computing sidewinder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "5.2.1.10"
      },
      {
        "model": "security bsafe ssl-j sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rsa",
        "version": "4.1"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "litespeed web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.3.2"
      },
      {
        "model": "litespeed web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lite speed",
        "version": "1.0.2"
      },
      {
        "model": "secure gateway for solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "1.14"
      },
      {
        "model": "threat response",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0.3"
      },
      {
        "model": "mds",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90002.0(0.86)"
      },
      {
        "model": "mds",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90001.3(3.33)"
      },
      {
        "model": "point software vpn-1 sp6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp5a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp5a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "webstar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "4d",
        "version": "5.3.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "9.0"
      },
      {
        "model": "fedora core2",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "fedora core1",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#484726"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2004-0790"
      },
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "14567"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000088"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-112"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0112"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:1.5.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:1.5.18:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:1.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:1.6.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:1.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:1.7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:1.7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.0.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.0.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.0.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2:rc1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2:rc2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0112"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Security Advisory",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-112"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2004-0112",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2004-0112",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-8542",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2004-0112",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#484726",
            "trust": 0.8,
            "value": "10.32"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200411-112",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-8542",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#484726"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8542"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000088"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-112"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0112"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. OpenSSL for, Kerberos using a cipher suite SSL/TLS When communicating, there is a flaw in not properly checking the communication data during the key exchange during handshake, and it is intentionally created. Please note that this vulnerability OpenSSL Applications and systems using the library may also be affected. For more detailed information about other systems, NISCC-224012 (JVN) , NISCC Advisory 224012 (CPNI Advisory 00389) Please also check.OpenSSL Applications that use this crash and cause a denial of service. (DoS) may become a state. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications. It is now widely used in various network applications. \n\n\u00a0When using Kerberos ciphersuites, there is a flaw in the SSL / TLS handshake code. A remote attacker can construct a special SSL / TLS handshake and send it to a server configured with Kerberos ciphersuites. Most applications do not use Kerberos ciphersuites. It is therefore not affected by this vulnerability. \nFor the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. \nThis entry will be retired when individual BID records are created for each issue. \n*Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. \nApache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. \nAppkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. \nBluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. \nCoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. \nCUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. \nDirectory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. \nHItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. \nKerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. \nloginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. \nMail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. \nMySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. \nOpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. \nping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. \nQuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. \nSafari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. \nSecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. \nservermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. \nservermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. \nSquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. \ntraceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. \nWebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. \nWeblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. \nX11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. \nzlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. \nThese vulnerabilities will be separated into individual BIDs upon further analysis of the issues. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. \n\nTITLE:\nFedora update for openssl096b\n\nSECUNIA ADVISORY ID:\nSA17381\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17381/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nFedora Core 3\nhttp://secunia.com/product/4222/\n\nDESCRIPTION:\nFedora has issued an update for openssl096b. \n\nFor more information:\nSA10133\nSA11139\n\nSOLUTION:\nApply updated packages. \n\nFedora Core 3:\nhttp://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/\n\n8d68e4b430aa7c5ca067c12866ae694e\nSRPMS/openssl096b-0.9.6b-21.42.src.rpm\n54a9e78a2fdd625b9dc9121e09eb4398\nx86_64/openssl096b-0.9.6b-21.42.x86_64.rpm\nc5c6174e23eba8d038889d08f49231b8\nx86_64/debug/openssl096b-debuginfo-0.9.6b-21.42.x86_64.rpm\n56b63fc150d0c099b2e4f0950e21005b\nx86_64/openssl096b-0.9.6b-21.42.i386.rpm\n56b63fc150d0c099b2e4f0950e21005b\ni386/openssl096b-0.9.6b-21.42.i386.rpm\n93195495585c7e9789041c75b1ed5380\ni386/debug/openssl096b-debuginfo-0.9.6b-21.42.i386.rpm\n\nOTHER REFERENCES:\nSA10133:\nhttp://secunia.com/advisories/10133/\n\nSA11139:\nhttp://secunia.com/advisories/11139/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n      Cisco Security Advisory: Cisco OpenSSL Implementation Vulnerability\n\nRevision 1.0\n\n  For Public Release 2004 March 17 at 1300 UTC (GMT)\n\n     ----------------------------------------------------------------------\n\nContents\n\n     Summary\n     Affected Products\n     Details\n     Impact\n     Software Versions and Fixes\n     Obtaining Fixed Software\n     Workarounds\n     Exploitation and Public Announcements\n     Status of This Notice: INTERIM\n     Distribution\n     Revision History\n     Cisco Security Procedures\n\n     ----------------------------------------------------------------------\n\nSummary\n\n   A new vulnerability in the OpenSSL implementation for SSL\n   has been announced on March 17, 2004. \n\n   An affected network device running an SSL server based on an affected\n   OpenSSL implementation may be vulnerable to a Denial of Service (DoS)\n   attack. There are workarounds available to mitigate the effects of this\n   vulnerability on Cisco products in the workaround section of this\n   advisory. Cisco is providing fixed software, and recommends that customers\n   upgrade to it when it is available. \n\n   This advisory will be posted at\n   http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml. \n\n     * Cisco IOS 12.1(11)E and later in the 12.1E release train. Only crypto\n       images (56i and k2) are vulnerable for the Cisco 7100 and 7200 Series\n       Routers. \n     * Cisco IOS 12.2SY release train. Only crypto images (k8, k9 and k91)\n       are vulnerable for the Cisco Catalyst 6500 Series and Cisco 7600\n       Series Routers. \n     * Cisco PIX Firewall\n     * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500\n       Series and Cisco 7600 Series routers\n     * Cisco MDS 9000 Series Multilayer Switch\n     * Cisco Content Service Switch (CSS) 11000 series\n     * Cisco Global Site Selector (GSS) 4480\n     * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common\n       Management Foundation (CMF) version 2.1\n     * Cisco Access Registrar (CAR)\n\n   The following products have their SSL implementation based on the OpenSSL\n   code and are not affected by this vulnerability. \n\n     * Cisco Secure Intrusion Detection System (NetRanger) appliance. This\n       includes the IDS-42xx appliances, NM-CIDS and WS-SVS-IDSM2. \n     * Cisco SN 5428 and SN 5428-2 Storage Router\n     * Cisco CNS Configuration Engine\n     * Cisco Network Analysis Modules (NAM) for the Cisco Catalyst 6000 and\n       6500 Series switches and Cisco 7600 Series routers\n     * Cisco SIP Proxy Server (SPS)\n     * CiscoWorks 1105 Hosting Solution Engine (HSE)\n     * CiscoWorks 1105 Wireless LAN Solution Engine (WLSE)\n     * Cisco Ethernet Subscriber Solution Engine (ESSE)\n\n   The following products, which implement SSL, are not affected by this\n   vulnerability. \n\n     * Cisco VPN 3000 Series Concentrators\n\n   CatOS does not implement SSL and is not vulnerable. This vulnerability is still being actively investigated\n   across Cisco products and status of some products has still not been\n   determined. \n\nDetails\n\n   Secure Sockets Layer (SSL), is a protocol used to encrypt the data\n   transferred over an TCP session. SSL in Cisco products is mainly used by\n   the HyperText Transfer Protocol Secure (HTTPS) web service for which the\n   default TCP port is 443. The affected products, listed above, are only\n   vulnerable if they have the HTTPS service enabled and the access to the\n   service is not limited to trusted hosts or network management\n   workstations. \n\n   To check if the HTTPS service is enabled one can do the following:\n\n    1. Check the configuration on the device to verify the status of the\n       HTTPS service. \n    2. Try to connect to the device using a standard web browser that\n       supports SSL using a URL similar to https://ip_address_of_device/. \n    3. Try and connect to the default HTTPS port, TCP 443, using Telnet. \n       telnet ip_address_of_device 443. If the session connects the service\n       is enabled and accessible. \n\n   Testing by the OpenSSL development team has uncovered a null-pointer\n   assignment in the do_change_cipher_spec() function. This\n   crash on many Cisco products would cause the device to reload. \n\n   A third vulnerability described in the NISCC advisory is a bug in older\n   versions of OpenSSL, versions before 0.9.6d, that can also lead to a\n   Denial of Service attack. None of the Cisco OpenSSL implementations are\n   known to be affected by this older OpenSSL issue. \n\n     * Cisco IOS - All 12.1(11)E and later IOS software crypto (56i and k2)\n       image releases in the 12.1E release train for the Cisco 7100 and 7200\n       Series Routers are affected by this vulnerability. All IOS software\n       crypto (k8, k9, and k91) image releases in the 12.2SY release train\n       for the Cisco Catalyst 6500 Series and Cisco 7600 Series Routers are\n       affected by this vulnerability. The SSH implementation in IOS is not\n       dependent on any OpenSSL code. SSH implementations in IOS do not\n       handle certificates, yet, and therefore do not use any SSL code for\n       SSH. OpenSSL in 12.1E and 12.2SY release trains is only used for\n       providing the HTTPS and VPN Device Manager (VDM) services. This\n       vulnerability is documented in the Cisco Bug Toolkit (registered\n       customers only) as Bug ID CSCee00041. The HTTPS web service, that uses\n       the OpenSSL code, on the device is disabled by default. The no ip http\n       secure-server command may be used to disable the HTTPS web service on\n       the device, if required. The SSH and IPSec services in IOS are not\n       vulnerable to this vulnerability. \n     * Cisco PIX Firewall - PIX 6.x releases are affected by this\n       vulnerability. PIX 5.x releases do not contain any SSL code and are\n       not vulnerable. This vulnerability is documented in the Cisco Bug\n       Toolkit (registered customers only) as Bug ID CSCed90672. \n     * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500\n       Series and Cisco 7600 Series routers - This vulnerability is\n       documented in the Cisco Bug Toolkit (registered customers only) as Bug\n       ID CSCee02055. \n     * Cisco MDS 9000 Series Multilayer Switches - This vulnerability is\n       documented in the Cisco Bug Toolkit (registered customers only) as Bug\n       ID CSCed96246. \n     * Cisco Content Service Switch (CSS) 11000 series - WebNS version 6.x\n       and 7.x are affected by this vulnerability. This vulnerability is\n       documented in the Cisco Bug Toolkit (registered customers only) as Bug\n       ID CSCee01234 for SCM and is documented in the Cisco Bug Toolkit\n       (registered customers only) as Bug ID CSCee01240 for the SSL module. \n     * Cisco Global Site Selector (GSS) 4480 - This vulnerability is\n       documented in the Cisco Bug Toolkit (registered customers only) as Bug\n       ID CSCee01057. \n     * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common\n       Management Foundation (CMF) version 2.1 - This vulnerability is\n       documented in the Cisco Bug Toolkit (registered customers only) as Bug\n       ID CSCsa13748. \n     * Cisco Access Registrar (CAR) - This vulnerability is documented in the\n       Cisco Bug Toolkit (registered customers only) as Bug ID CSCee01956. \n\n   The Internetworking Terms and Cisco Systems Acronyms online guides can be\n   found at http://www.cisco.com/univercd/cc/td/doc/cisintwk/. \n\nImpact\n\n   An affected network device running an SSL server based on the OpenSSL\n   implementation may be vulnerable to a Denial of Service (DoS) attack. \n\nSoftware Versions and Fixes\n\n     * Cisco IOS -\n\n       +----------------------------------------+\n       |Release|  Fixed Releases  |Availability |\n       | Train |                  |             |\n       |-------+------------------+-------------|\n       |12.2SY |12.2(14)SY4       |March 25     |\n       |-------+------------------+-------------|\n       |       |12.1(13)E14       |April 8      |\n       |12.1E  |12.1.(19)E7       |April 8      |\n       |       |12.1(20)E3        |April 26     |\n       +----------------------------------------+\n\n     * Cisco PIX Firewall - The vulnerability is fixed in software releases\n       6.0(4)102, 6.1(5)102, 6.2(3)107, and 6.3(3)124. These engineering\n       builds may be obtained by contacting the Cisco Technical Assistance\n       Center (TAC). TAC Contact information is given in the Obtaining Fixed\n       Software section below. \n     * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500\n       Series and Cisco 7600 Series routers - The vulnerability is fixed in\n       software release 1.1.3(14) which will be available by Monday, 22 of\n       March, 2004. This engineering builds may be obtained by contacting the\n       Cisco Technical Assistance Center (TAC). TAC Contact information is\n       given in the Obtaining Fixed Software section below. \n     * Cisco MDS 9000 Series Multilayer Switches - No fixed software release\n       or software availability date has been determined yet. \n     * Cisco Content Service Switch (CSS) 11000 series -No fixed software\n       release or software availability date has been determined yet. \n     * Cisco Global Site Selector (GSS) 4480 - No fixed software release or\n       software availability date has been determined yet. \n     * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common\n       Management Foundation (CMF) version 2.1 - No fixed software release or\n       software availability date has been determined yet. \n     * Cisco Access Registrar (CAR) - The vulnerability is fixed in software\n       release 3.5.0.12 which will be available by Friday, 26 of March, 2004. \n\nObtaining Fixed Software\n\n   Cisco is offering free software upgrades to address this vulnerability for\n   all affected customers. \n\n   Customers may only install and expect support for the feature sets they\n   have purchased. By installing, downloading, accessing or otherwise using\n   such software upgrades, Customers agree to be bound by the terms of\n   Cisco\u0027s software license terms found at\n   http://www.cisco.com/public/sw-license-agreement.html, or as otherwise set\n   forth at the Cisco Connection Online Software Center at\n   http://www.cisco.com/public/sw-center/sw-usingswc.shtml. \n\n   Customers with contracts should obtain upgraded software through their\n   regular update channels. For most customers, this means that upgrades\n   should be obtained through the Software Center on Cisco\u0027s worldwide\n   website at http://www.cisco.com/tacpage/sw-center. To access the software\n   download URL, you must be a registered user and you must be logged in. \n\n   Customers whose Cisco products are provided or maintained through a prior\n   or existing agreement with third-party support organizations such as Cisco\n   Partners, authorized resellers, or service providers, should contact that\n   support organization for assistance with obtaining the software\n   upgrade(s). \n\n   Customers who purchase direct from Cisco but who do not hold a Cisco\n   service contract and customers who purchase through third-party vendors\n   but are unsuccessful at obtaining fixed software through their point of\n   sale should get their upgrades by contacting the Cisco Technical\n   Assistance Center (TAC) using the contact information listed below. In\n   these cases, customers are entitled to obtain a free upgrade to a later\n   version of the same release or as indicated by the applicable corrected\n   software version in the Software Versions and Fixes section (noted above). \n\n   Cisco TAC contacts are as follows:\n\n     * +1 800 553 2447 (toll free from within North America)\n     * +1 408 526 7209 (toll call from anywhere in the world)\n     * e-mail: tac@cisco.com\n\n   See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for\n   additional TAC contact information, including special localized telephone\n   numbers and instructions and e-mail addresses for use in various\n   languages. \n\n   Please have your product serial number available and give the URL of this\n   notice as evidence of your entitlement to a upgrade. Upgrades for\n   non-contract customers must be requested through the TAC. \n\n   Please do not contact either \"psirt@cisco.com\" or\n   \"security-alert@cisco.com\" for software upgrades. \n\nWorkarounds\n\n   The Cisco PSIRT recommends that affected users upgrade to a fixed software\n   version of code as soon as it is available. \n\n     * Restrict access to the HTTPS server on the network device. Allow\n       access to the network device only from trusted workstations by using\n       access lists / MAC filters that are available on the affected\n       platforms. \n     * Disable the SSL server / service on the network device. This\n       workaround must be weighed against the need for secure communications\n       with the vulnerable device. \n\nExploitation and Public Announcements\n\n   The Cisco PSIRT is not aware of any malicious use of the vulnerability\n   described in this advisory. \n\nStatus of This Notice: INTERIM\n\n   This is an interim advisory. Although Cisco cannot guarantee the accuracy\n   of all statements in this advisory, all of the facts have been checked to\n   the best of our ability. Cisco does not anticipate issuing updated\n   versions of this advisory unless there is some material change in the\n   facts. Should there be a significant change in the facts, Cisco may update\n   this advisory. \n\n   A stand-alone copy or paraphrase of the text of this security advisory\n   that omits the distribution URL in the following section is an\n   uncontrolled copy, and may lack important information or contain factual\n   errors. \n\nDistribution\n\n   This advisory will be posted on Cisco\u0027s worldwide website at\n   http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml . \n\n   In addition to worldwide web posting, a text version of this notice is\n   clear-signed with the Cisco PSIRT PGP key having the fingerprint 8C82 5207\n   0CA9 ED40 1DD2 EE2A 7B31 A8CF 32B6 B590 and is posted to the following\n   e-mail and Usenet news recipients. \n\n     * cust-security-announce@cisco.com\n     * first-teams@first.org (includes CERT/CC)\n     * bugtraq@securityfocus.com\n     * vulnwatch@vulnwatch.org\n     * cisco@spot.colorado.edu\n     * cisco-nsp@puck.nether.net\n     * full-disclosure@lists.netsys.com\n     * comp.dcom.sys.cisco@newsgate.cisco.com\n\n   Future updates of this advisory, if any, will be placed on Cisco\u0027s\n   worldwide website, but may or may not be actively announced on mailing\n   lists or newsgroups. Users concerned about this problem are encouraged to\n   check the above URL for any updates. \n\nRevision History\n\n   +------------------------------------------+\n   |Revision 1.0|2004-March-17|Initial        |\n   |            |             |release.       |\n   +------------------------------------------+\n\nCisco Security Procedures\n\n   Complete information on reporting security vulnerabilities in Cisco\n   products, obtaining assistance with security incidents, and registering to\n   receive security information from Cisco, is available on Cisco\u0027s worldwide\n   website at\n   http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This\n   includes instructions for press inquiries regarding Cisco security\n   notices. All Cisco security advisories are available at\n   http://www.cisco.com/go/psirt. \n\n   This advisory is copyright 2004 by Cisco Systems, Inc. This advisory may\n   be redistributed freely after the release date given at the top of the\n   text, provided that redistributed copies are complete and unmodified,\n   including all date and version information. \n\n     ----------------------------------------------------------------------\n-----BEGIN PGP SIGNATURE-----\nComment: PGP Signed by Sharad Ahlawat, Cisco Systems PSIRT\n\niD8DBQFAWFvZezGozzK2tZARAqIwAKDXDMLAY6eDYyU8y1MhKZUto2SRxwCg+oid\n7AhsNlLsNVSLwTRKTHSigu0=\n=gtba\n-----END PGP SIGNATURE-----\n. \n\nOpenSSL 0.9.7d and OpenSSL 0.9.6m are available for download via HTTP and\nFTP from the following master locations (you can find the various FTP\nmirrors under http://www.openssl.org/source/mirror.html):\n\n    ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.7d.tar.gz\n      MD5 checksum: 1b49e90fc8a75c3a507c0a624529aca5\n    \n    o openssl-0.9.6m.tar.gz [normal]\n      MD5 checksum: 1b63bfdca1c37837dddde9f1623498f9\n    o openssl-engine-0.9.6m.tar.gz [engine]\n      MD5 checksum: 4c39d2524bd466180f9077f8efddac8c\n\nThe checksums were calculated using the following command:\n\n    openssl md5 openssl-0.9*.tar.gz\n\nCredits\n-------\n\nPatches for these issues were created by Dr Stephen Henson\n(steve@openssl.org) of the OpenSSL core team.  The OpenSSL team would\nlike to thank Codenomicon for supplying the TLS Test Tool which was\nused to discover these vulnerabilities, and Joe Orton of Red Hat for\nperforming the majority of the testing. \n\nReferences\n----------\n\nhttp://www.codenomicon.com/testtools/tls/\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20040317.txt\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0112"
      },
      {
        "db": "CERT/CC",
        "id": "VU#484726"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000088"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2004-0790"
      },
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "14567"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8542"
      },
      {
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "db": "PACKETSTORM",
        "id": "41105"
      },
      {
        "db": "PACKETSTORM",
        "id": "32887"
      },
      {
        "db": "PACKETSTORM",
        "id": "32886"
      }
    ],
    "trust": 3.87
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2004-0112",
        "trust": 4.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#484726",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "9899",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA04-078A",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "11139",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "15508",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1009458",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000088",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-112",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2004-0790",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "14567",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-8542",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "17398",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41200",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "17381",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41105",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "32887",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "32886",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#484726"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2004-0790"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8542"
      },
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "14567"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000088"
      },
      {
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "db": "PACKETSTORM",
        "id": "41105"
      },
      {
        "db": "PACKETSTORM",
        "id": "32887"
      },
      {
        "db": "PACKETSTORM",
        "id": "32886"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-112"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0112"
      }
    ]
  },
  "id": "VAR-200411-0171",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-8542"
      }
    ],
    "trust": 0.52271296
  },
  "last_update_date": "2024-03-18T21:58:08.254000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "[ important ]\u00a0OpenSSL Regarding vulnerability response Fujitsu \u00a0 Public vulnerability information",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20040317.txt"
      },
      {
        "title": "OpenSSL Repair measures for denial of service attack vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=169016"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000088"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-112"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.0
      },
      {
        "problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000088"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0112"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://www.openssl.org/news/secadv_20040317.txt"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/9899"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta04-078a.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/484726"
      },
      {
        "trust": 2.5,
        "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
      },
      {
        "trust": 2.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
      },
      {
        "trust": 1.8,
        "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2005/aug/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2005//aug/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://docs.info.apple.com/article.html?artnum=61798"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
      },
      {
        "trust": 1.7,
        "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2004:023"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1049"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a928"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9580"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2004-120.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2004-121.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/11139"
      },
      {
        "trust": 1.7,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
      },
      {
        "trust": 1.7,
        "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.trustix.org/errata/2004/0012"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
      },
      {
        "trust": 1.6,
        "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2004-005.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.sco.com/pub/updates/openserver/scosa-2004.10/scosa-2004.10.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc2712.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta04-078a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/niscc/niscc-224012"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta04-078a"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0112"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr041201.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr041301.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr041701.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr041801.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20040317-00389.pdf?lang=en"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20040317-00389.xml"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/15508"
      },
      {
        "trust": 0.8,
        "url": "http://www.securitytracker.com/alerts/2004/mar/1009458.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securiteam.com/securitynews/5op0g20caa.html"
      },
      {
        "trust": 0.6,
        "url": "https://rhn.redhat.com/errata/rhsa-2004-119.html"
      },
      {
        "trust": 0.6,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57524"
      },
      {
        "trust": 0.3,
        "url": "http://www.4d.com/products/4dwsv.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/japple/css/japple?page=avaya.css.openpage\u0026temp.template.name=securityadvisory"
      },
      {
        "trust": 0.3,
        "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000827"
      },
      {
        "trust": 0.3,
        "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000834"
      },
      {
        "trust": 0.3,
        "url": "ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf1-readme.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1256"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1257"
      },
      {
        "trust": 0.3,
        "url": "http://www.netscreen.com/services/security/alerts/adv58466-signed.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/document/art/3123.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2005-239.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.checkpoint.com/techsupport/alerts/openssl.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-120.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-139.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2005-830.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com/support/knowledge/advisory_openssl_can-2004-0079.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/support/downloads/securityupdate_2004-04-05_(10_3_3).html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.securecomputing.com/pdf/52110relnotes.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57571"
      },
      {
        "trust": 0.3,
        "url": "http://www.tarantella.com/security/bulletin-10.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.adiscon.com/common/en/advisory/2004-03-18.asp"
      },
      {
        "trust": 0.3,
        "url": "http://www.litespeedtech.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/357672"
      },
      {
        "trust": 0.3,
        "url": "http://www.info.apple.com/usen/security/security_updates.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.suresec.org/advisories/adv5.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/11139/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0079"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0112"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=107953412903636\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000834"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=108403806509920\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026amp;y=2004\u0026amp;m=slackware-security.455961"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/48/"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2005-829.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1326/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1306/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/17398/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1044/"
      },
      {
        "trust": 0.1,
        "url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4222/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/17381/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/10133/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/public/sw-license-agreement.html,"
      },
      {
        "trust": 0.1,
        "url": "https://ip_address_of_device/."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/univercd/cc/td/doc/cisintwk/."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/tacpage/sw-center."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/sec_incident_response.shtml."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/go/psirt."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/687/directory/dirtac.shtml"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml."
      },
      {
        "trust": 0.1,
        "url": "http://www.codenomicon.com/testtools/tls/"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/source/mirror.html):"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0112"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0079"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#484726"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8542"
      },
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "14567"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000088"
      },
      {
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "db": "PACKETSTORM",
        "id": "41105"
      },
      {
        "db": "PACKETSTORM",
        "id": "32887"
      },
      {
        "db": "PACKETSTORM",
        "id": "32886"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-112"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0112"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#484726"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2004-0790"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8542"
      },
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "14567"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000088"
      },
      {
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "db": "PACKETSTORM",
        "id": "41105"
      },
      {
        "db": "PACKETSTORM",
        "id": "32887"
      },
      {
        "db": "PACKETSTORM",
        "id": "32886"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-112"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0112"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-03-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#484726"
      },
      {
        "date": "2004-03-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2004-0790"
      },
      {
        "date": "2004-11-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-8542"
      },
      {
        "date": "2004-03-17T00:00:00",
        "db": "BID",
        "id": "9899"
      },
      {
        "date": "2005-08-15T00:00:00",
        "db": "BID",
        "id": "14567"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000088"
      },
      {
        "date": "2005-11-03T01:02:14",
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "date": "2005-11-02T01:11:22",
        "db": "PACKETSTORM",
        "id": "41105"
      },
      {
        "date": "2004-03-17T15:44:08",
        "db": "PACKETSTORM",
        "id": "32887"
      },
      {
        "date": "2004-03-17T14:36:13",
        "db": "PACKETSTORM",
        "id": "32886"
      },
      {
        "date": "2003-07-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200411-112"
      },
      {
        "date": "2004-11-23T05:00:00",
        "db": "NVD",
        "id": "CVE-2004-0112"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-03-26T00:00:00",
        "db": "CERT/CC",
        "id": "VU#484726"
      },
      {
        "date": "2004-03-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2004-0790"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-8542"
      },
      {
        "date": "2015-03-19T08:20:00",
        "db": "BID",
        "id": "9899"
      },
      {
        "date": "2006-05-05T23:10:00",
        "db": "BID",
        "id": "14567"
      },
      {
        "date": "2024-03-04T06:12:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000088"
      },
      {
        "date": "2021-11-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200411-112"
      },
      {
        "date": "2024-02-15T20:54:12.877000",
        "db": "NVD",
        "id": "CVE-2004-0112"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "14567"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL does not adequately validate length of Kerberos ticket during SSL/TLS handshake",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#484726"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "9899"
      },
      {
        "db": "BID",
        "id": "14567"
      }
    ],
    "trust": 0.6
  }
}

var-201503-0055
Vulnerability from variot

The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04626468

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04626468 Version: 1

HPSBGN03306 rev.1 - HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-04-06 Last Updated: 2015-04-06

Potential Security Impact: Remote Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS).

References:

CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 SSRT102007

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP IceWall MCRP version 2.1, 2.1 SP1, 2.1 SP2, and 3.0 HP IceWall SSO Dfw version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and 10.0 HP IceWall SSO Agent version 8.0 and 8.0 2007 Update Release 2

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP recommends the following software updates or workarounds to resolve the vulnerabilities for HP IceWall SSO MCRP, SSO Dfw, and SSO Agent.

Workaround for HP IceWall SSO MCRP:

- If possible, do not use the CLIENT_CERT and CLIENT_CERTKEY settings in

the host configuration file. Not setting these will prevent MCRP from using those client certificates for communicating with the back-end web servers. 

- If the CLIENT_CERT and CLIENT_CERTKEY settings must be used, then there

is no workaround other than applying a vendor patch for OpenSSL for these vulnerabilities.

Workaround for HP IceWall SSO Dfw and SSO Agent:

- If possible, do not use client certificates for SSL communication

between the client and server which are running HP IceWall SSO Dfw or SSO Agent. 

- If client certificates for SSL communication between the client and

server must be used, then there is no workaround other than applying a vendor patch for OpenSSL for these vulnerabilities.

Software updates to resolve the vulnerabilities for OpenSSL:

  1. IceWall SSO Dfw 10.0 running on RHEL could be using either the OS bundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still using the OpenSSL bundled with HP IceWall, please switch to the OpenSSL library bundled with the OS, and then follow the instructions in step 3.

    Documents are available at the following location with instructions to switch to the OS bundled OpenSSL library:

    http://www.hp.com/jp/icewall_patchaccess

    1. For IceWall SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3 which bundle OpenSSL, please download the updated OpenSSL at the following location:

    http://www.hp.com/jp/icewall_patchaccess

    1. For IceWall products running on HP-UX which are using the OS bundled OpenSSL, please apply the HP-UX OpenSSL update for openssl-0.9.8zf when it is available from the following location:

    https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?product Number=OPENSSL11I

Note: The HP IceWall product is only available in Japan.

HISTORY Version:1 (rev.1) - 6 April 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. OpenSSL Security Advisory [19 Mar 2015] =======================================

OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)

Severity: High

If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server.

This issue was was reported to OpenSSL on 26th February 2015 by David Ramos of Stanford University. The fix was developed by Stephen Henson and Matt Caswell of the OpenSSL development team.

Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)

Severity: High

This security issue was previously announced by the OpenSSL project and classified as "low" severity. This severity rating has now been changed to "high".

This was classified low because it was originally thought that server RSA export ciphersuite support was rare: a client was only vulnerable to a MITM attack against a server which supports an RSA export ciphersuite. Recent studies have shown that RSA export ciphersuites support is far more common.

OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. It was previously announced in the OpenSSL security advisory on 8th January 2015.

Multiblock corrupted pointer (CVE-2015-0290)

Severity: Moderate

OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking IO. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used then it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack.

This issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and Rainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development team.

Segmentation fault in DTLSv1_listen (CVE-2015-0207)

Severity: Moderate

The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invocation to the next that can lead to a segmentation fault. Errors processing the initial ClientHello can trigger this scenario. An example of such an error could be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only server.

This issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The fix was developed by Matt Caswell of the OpenSSL development team.

Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)

Severity: Moderate

The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered and fixed by Stephen Henson of the OpenSSL development team.

Segmentation fault for invalid PSS parameters (CVE-2015-0208)

Severity: Moderate

The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and invalid parameters. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a

This issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.

ASN.1 structure reuse memory corruption (CVE-2015-0287)

Severity: Moderate

Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare.

Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered by Emilia Käsper and a fix developed by Stephen Henson of the OpenSSL development team.

PKCS7 NULL pointer dereferences (CVE-2015-0289)

Severity: Moderate

The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.

Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was reported to OpenSSL on February 16th 2015 by Michal Zalewski (Google) and a fix developed by Emilia Käsper of the OpenSSL development team.

Base64 decode (CVE-2015-0292)

Severity: Moderate

A vulnerability existed in previous versions of OpenSSL related to the processing of base64 encoded data. Any code path that reads base64 data from an untrusted source could be affected (such as the PEM processing routines). Maliciously crafted base 64 data could trigger a segmenation fault or memory corruption.

OpenSSL 1.0.1 users should upgrade to 1.0.1h. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 0.9.8 users should upgrade to 0.9.8za. This issue was originally reported by Robert Dugal and subsequently by David Ramos.

DoS via reachable assert in SSLv2 servers (CVE-2015-0293)

Severity: Moderate

A malicious client can trigger an OPENSSL_assert (i.e., an abort) in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered by Sean Burford (Google) and Emilia Käsper (OpenSSL development team) in March 2015 and the fix was developed by Emilia Käsper.

Empty CKE with client auth and DHE (CVE-2015-1787)

Severity: Moderate

If client auth is used then a server can seg fault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack.

This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.

Handshake with unseeded PRNG (CVE-2015-0285)

Severity: Low

Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with an unseeded PRNG. The conditions are: - The client is on a platform where the PRNG has not been seeded automatically, and the user has not seeded manually - A protocol specific client method version has been used (i.e. not SSL_client_methodv23) - A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).

If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable.

For example using the following command with an unseeded openssl will succeed on an unpatched platform:

openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a.

This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.

Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)

Severity: Low

A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered by the BoringSSL project and fixed in their commit 517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL development team.

X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)

Severity: Low

The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150319.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2015:062 http://www.mandriva.com/en/support/security/

Package : openssl Date : March 27, 2015 Affected: Business Server 2.0

Problem Description:

Multiple vulnerabilities has been discovered and corrected in openssl:

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298).

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).

The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt

Updated Packages:

Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-09-16-1 iOS 9

iOS 9 is now available and addresses the following:

Apple Pay Available for: iPhone 6, iPad mini 3, and iPad Air 2 Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log functionality was enabled in certain configurations. This issue was addressed by removing the transaction log functionality. CVE-ID CVE-2015-5916

AppleKeyStore Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to reset failed passcode attempts with an iOS backup Description: An issue existed in resetting failed passcode attempts with a backup of the iOS device. This was addressed through improved passcode failure logic. CVE-ID CVE-2015-5850 : an anonymous researcher

Application Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Clicking a malicious ITMS link may lead to a denial of service in an enterprise-signed application Description: An issue existed with installation through ITMS links. This was addressed through additional installation verification. CVE-ID CVE-2015-5856 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of FireEye, Inc.

Audio Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling. CVE-ID CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea

Certificate Trust Policy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT204132.

CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may read cache data from Apple apps Description: Cache data was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the cache data with a key protected by the hardware UID and the user's passcode. CVE-ID CVE-2015-5898 : Andreas Kurtz of NESO Security Labs

CFNetwork Cookies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can track a user's activity Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was address through improved restrictions of cookie creation. CVE-ID CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork Cookies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to create unintended cookies for a website Description: WebKit would accept multiple cookies to be set in the document.cookie API. This issue was addressed through improved parsing. CVE-ID CVE-2015-3801 : Erling Ellingsen of Facebook

CFNetwork FTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hosts Description: An issue existed in FTP packet handling if clients were using an FTP proxy. CVE-ID CVE-2015-5912 : Amit Klein

CFNetwork HTTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted URL may be able to bypass HTTP Strict Transport Security (HSTS) and leak sensitive data Description: A URL parsing vulnerability existed in HSTS handling. This issue was addressed through improved URL parsing. CVE-ID CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork HTTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: An issue existed in the handling of HSTS state in Safari private browsing mode. This issue was addressed through improved state handling. CVE-ID CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd

CFNetwork Proxies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Connecting to a malicious web proxy may set malicious cookies for a website Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response. CVE-ID CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork SSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation. CVE-ID CVE-2015-5824 : Timothy J. Wood of The Omni Group

CFNetwork SSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of RC4. An attacker could force the use of RC4, even if the server preferred better ciphers, by blocking TLS 1.0 and higher connections until CFNetwork tried SSL 3.0, which only allows RC4. This issue was addressed by removing the fallback to SSL 3.0.

CoreAnimation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: Applications could access the screen framebuffer while they were in the background. This issue was addressed with improved access control on IOSurfaces. CVE-ID CVE-2015-5880 : Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li of School of Information Systems Singapore Management University, Feng Bao and Jianying Zhou of Cryptography and Security Department Institute for Infocomm Research

CoreCrypto Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to determine a private key Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms.

CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team

Data Detectors Engine Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: Memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5829 : M1x7e1 of Safeye Team (www.safeye.org)

Dev Tools Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling. CVE-ID CVE-2015-5876 : beist of grayhash

dyld Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : @PanguTeam, TaiG Jailbreak Team

Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5847 : Filippo Bigarella, Luca Todesco

Game Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious Game Center application may be able to access a player's email address Description: An issue existed in Game Center in the handling of a player's email. This issue was addressed through improved access restrictions. CVE-ID CVE-2015-5855 : Nasser Alnasser

ICU Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in ICU Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1. CVE-ID CVE-2014-8146 CVE-2015-1205

IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5834 : Cererdlong of Alibaba Mobile Security Team

IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5848 : Filippo Bigarella

IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5867 : moony li of Trend Micro

IOKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5844 : Filippo Bigarella CVE-2015-5845 : Filippo Bigarella CVE-2015-5846 : Filippo Bigarella

IOMobileFrameBuffer Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOMobileFrameBuffer. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5843 : Filippo Bigarella

IOStorageFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to read kernel memory Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5863 : Ilja van Sprundel of IOActive

iTunes Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: AppleID credentials may persist in the keychain after sign out Description: An issue existed in keychain deletion. This issue was addressed through improved account cleanup. CVE-ID CVE-2015-5832 : Kasif Dekel from Check Point Software Technologies

JavaScriptCore Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5791 : Apple CVE-2015-5793 : Apple CVE-2015-5814 : Apple CVE-2015-5816 : Apple CVE-2015-5822 : Mark S. Miller of Google CVE-2015-5823 : Apple

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team CVE-2015-5896 : Maxime Villard of m00nbsd CVE-2015-5903 : CESG

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may control the value of stack cookies Description: Multiple weaknesses existed in the generation of user space stack cookies. This was addressed through improved generation of stack cookies. CVE-ID CVE-2013-3951 : Stefan Esser

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local process can modify other processes without entitlement checks Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through added entitlement checks. CVE-ID CVE-2015-5882 : Pedro Vilaca, working from original research by Ming- chieh Pan and Sung-ting Tsai; Jonathan Levin

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to launch denial of service attacks on targeted TCP connections without knowing the correct sequence number Description: An issue existed in xnu's validation of TCP packet headers. This issues was addressed through improved TCP packet header validation. CVE-ID CVE-2015-5879 : Jonathan Looney

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a local LAN segment may disable IPv6 routing Description: An insufficient validation issue existed in handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit. CVE-ID CVE-2015-5869 : Dennis Spindel Ljungmark

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in XNU that led to the disclosure of kernel memory. This was addressed through improved initialization of kernel memory structures. CVE-ID CVE-2015-5842 : beist of grayhash

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to cause a system denial of service Description: An issue existed in HFS drive mounting. This was addressed by additional validation checks. CVE-ID CVE-2015-5748 : Maxime Villard of m00nbsd

libc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse Corporation

libpthread Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team

Mail Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker can send an email that appears to come from a contact in the recipient's address book Description: An issue existed in the handling of the sender's address. This issue was addressed through improved validation. CVE-ID CVE-2015-5857 : Emre Saglam of salesforce.com

Multipeer Connectivity Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to observe unprotected multipeer data Description: An issue existed in convenience initializer handling in which encryption could be actively downgraded to a non-encrypted session. This issue was addressed by changing the convenience initializer to require encryption. CVE-ID CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem

NetworkExtension Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An uninitialized memory issue in the kernel led to the disclosure of kernel memory content. This issue was addressed through memory initialization. CVE-ID CVE-2015-5831 : Maxime Villard of m00nbsd

OpenSSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-0286 CVE-2015-0287

PluginKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious enterprise application can install extensions before the application has been trusted Description: An issue existed in the validation of extensions during installation. This was addressed through improved app verification. CVE-ID CVE-2015-5837 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of FireEye, Inc.

removefile Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing malicious data may lead to unexpected application termination Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines. CVE-ID CVE-2015-5840 : an anonymous researcher

Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to read Safari bookmarks on a locked iOS device without a passcode Description: Safari bookmark data was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the Safari bookmark data with a key protected by the hardware UID and the user's passcode. CVE-ID CVE-2015-5903 : Jonathan Zdziarski

Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An issue may have allowed a website to display content with a URL from a different website. This issue was addressed through improved URL handling. CVE-ID CVE-2015-5904 : Erling Ellingsen of Facebook, Lukasz Pilorz

Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Navigating to a malicious website with a malformed window opener may have allowed the display of arbitrary URLs. This issue was addressed through improved handling of window openers. CVE-ID CVE-2015-5905 : Keita Haga of keitahaga.com

Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in Safari's client certificate matching for SSL authentication. This issue was addressed through improved matching of valid client certificates. CVE-ID CVE-2015-1129 : Stefan Kraus of fluid Operations AG, Sylvain Munaut of Whatever s.a.

Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Multiple user interface inconsistencies may have allowed a malicious website to display an arbitrary URL. These issues were addressed through improved URL display logic. CVE-ID CVE-2015-5764 : Antonio Sanso (@asanso) of Adobe CVE-2015-5765 : Ron Masas CVE-2015-5767 : Krystian Kloskowski via Secunia, Masato Kinugawa

Safari Safe Browsing Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Navigating to the IP address of a known malicious website may not trigger a security warning Description: Safari's Safe Browsing feature did not warn users when visiting known malicious websites by their IP addresses. The issue was addressed through improved malicious site detection. Rahul M of TagsDoc

Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious app may be able to intercept communication between apps Description: An issue existed that allowed a malicious app to intercept URL scheme communication between apps. This was mitigated by displaying a dialog when a URL scheme is used for the first time. CVE-ID CVE-2015-5835 : Teun van Run of FiftyTwoDegreesNorth B.V.; XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University

Siri Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: When a request was made to Siri, client side restrictions were not being checked by the server. This issue was addressed through improved restriction checking. CVE-ID CVE-2015-5892 : Robert S Mozayeni, Joshua Donvito

SpringBoard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device can reply to an audio message from the lock screen when message previews from the lock screen are disabled Description: A lock screen issue allowed users to reply to audio messages when message previews were disabled. This issue was addressed through improved state management. CVE-ID CVE-2015-5861 : Daniel Miedema of Meridian Apps

SpringBoard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to spoof another application's dialog windows Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-ID CVE-2015-5838 : Min (Spark) Zheng, Hui Xue, Tao (Lenx) Wei, John C.S. Lui

SQLite Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in SQLite v3.8.5 Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2. CVE-ID CVE-2015-5895

tidy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in Tidy. This issues was addressed through improved memory handling. CVE-ID CVE-2015-5522 : Fernando Munoz of NULLGroup.com CVE-2015-5523 : Fernando Munoz of NULLGroup.com

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Object references may be leaked between isolated origins on custom events, message events and pop state events Description: An object leak issue broke the isolation boundary between origins. This issue was addressed through improved isolation between origins. CVE-ID CVE-2015-5827 : Gildas

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5789 : Apple CVE-2015-5790 : Apple CVE-2015-5792 : Apple CVE-2015-5794 : Apple CVE-2015-5795 : Apple CVE-2015-5796 : Apple CVE-2015-5797 : Apple CVE-2015-5799 : Apple CVE-2015-5800 : Apple CVE-2015-5801 : Apple CVE-2015-5802 : Apple CVE-2015-5803 : Apple CVE-2015-5804 : Apple CVE-2015-5805 CVE-2015-5806 : Apple CVE-2015-5807 : Apple CVE-2015-5809 : Apple CVE-2015-5810 : Apple CVE-2015-5811 : Apple CVE-2015-5812 : Apple CVE-2015-5813 : Apple CVE-2015-5817 : Apple CVE-2015-5818 : Apple CVE-2015-5819 : Apple CVE-2015-5821 : Apple

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to unintended dialing Description: An issue existed in handling of tel://, facetime://, and facetime-audio:// URLs. This issue was addressed through improved URL handling. CVE-ID CVE-2015-5820 : Andrei Neculaesei, Guillaume Ross

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: QuickType may learn the last character of a password in a filled-in web form Description: An issue existed in WebKit's handling of password input context. This issue was addressed through improved input context handling. CVE-ID CVE-2015-5906 : Louis Romero of Google Inc.

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to redirect to a malicious domain Description: An issue existed in the handling of resource caches on sites with invalid certificates. The issue was addressed by rejecting the application cache of domains with invalid certificates. CVE-ID CVE-2015-5907 : Yaoqi Jia of National University of Singapore (NUS)

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: Safari allowed cross-origin stylesheets to be loaded with non-CSS MIME types which could be used for cross-origin data exfiltration. This issue was addressed by limiting MIME types for cross-origin stylesheets. CVE-ID CVE-2015-5826 : filedescriptor, Chris Evans

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: The Performance API may allow a malicious website to leak browsing history, network activity, and mouse movements Description: WebKit's Performance API could have allowed a malicious website to leak browsing history, network activity, and mouse movements by measuring time. This issue was addressed by limiting time resolution. CVE-ID CVE-2015-5825 : Yossi Oren et al. of Columbia University's Network Security Lab

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An issue existed with Content-Disposition headers containing type attachment. This issue was addressed by disallowing some functionality for type attachment pages. CVE-ID CVE-2015-5921 : Mickey Shkatov of the Intel(r) Advanced Threat Research Team, Daoyuan Wu of Singapore Management University, Rocky K. C. Chang of Hong Kong Polytechnic University, Lukasz Pilorz, superhei of www.knownsec.com

WebKit Canvas Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose image data from another website Description: A cross-origin issue existed with "canvas" element images in WebKit. This was addressed through improved tracking of security origins. CVE-ID CVE-2015-5788 : Apple

WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: WebSockets may bypass mixed content policy enforcement Description: An insufficient policy enforcement issue allowed WebSockets to load mixed content. This issue was addressed by extending mixed content policy enforcement to WebSockets. Kevin G Jones of Higher Logic

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

  • Navigate to Settings
  • Select General
  • Select About. The version after applying this update will be "9".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV+avFAAoJEBcWfLTuOo7tAOsQAKVBs+YG3HuMy0mc0rnpbRtU +bjdnzwBeQE6C6Fp/SlZroyYtutnPw9QoFbUpY9Kkcer08uPap6kUAcF72fD51tG UYmIe5WvDSMWD98pKsgDGUVfGdU1h135KpSfDgoiQrZK2GAPe2xCDupD42jIPLk2 3qSyrYnVzfrCZ8uBk9j4gqoF5Ki6JSP/3Qm7hiPfhQXcMyQyIQ+2tJyQcSyGf5OM RgkmHwjIjkEb8jwwQ6h4LPMNuvqq8Kv6P4wQQeUl7RdtLJfafmFg+mV7bSmV/b28 Hk5EHQrQJ5fVl9jBFxti6aZrhrNr5yRL9yAdrpNB0rWfDN0z9emyGRrW2vli+Zv+ 0xXBZfAiNVAP53ou4gyVkLDZ+zx5lsWSADU1QWbIR2DY+WXUIN5QJ/ayFkNN9gqD WrFGHOc/l+Rq82uQi4ND0jTcYqhBG0MyooJf29orPA2tZeKvrcA4/6w12w6eJ7qA aW5J+BByErqWft42I/JT3CbnK+GBEDHnj4GAeSMHuNolPNsoH5cv0G4yKigW0zLS 81AzADTcBtKtaSD9aBAPAL6TTGUySmupF8flhHTMcpZh1MbAqo+bObMXUMvCrmST yq+5/R0gVuMN0BQ7adwI0akYApuqrNi/Mp9zT+JlU2wiSfaHm58Ugf8YAmc+sfjT rHWi1bvzskkrxRfuQ4mX =MnPh -----END PGP SIGNATURE----- .

Release Date: 2015-08-24 Last Updated: 2015-08-24

Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:

http://www.hp.com/go/insightupdates

Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.

HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0715-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0715.html Issue date: 2015-03-23 CVE Names: CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. (CVE-2015-0286)

An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292)

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)

A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209)

An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. (CVE-2015-0289)

Red Hat would like to thank the OpenSSL project for reporting CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-30.el6_6.7.src.rpm

i386: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm openssl-perl-1.0.1e-30.el6_6.7.i686.rpm openssl-static-1.0.1e-30.el6_6.7.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-30.el6_6.7.src.rpm

x86_64: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-30.el6_6.7.src.rpm

i386: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm

ppc64: openssl-1.0.1e-30.el6_6.7.ppc.rpm openssl-1.0.1e-30.el6_6.7.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.7.ppc.rpm openssl-devel-1.0.1e-30.el6_6.7.ppc64.rpm

s390x: openssl-1.0.1e-30.el6_6.7.s390.rpm openssl-1.0.1e-30.el6_6.7.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.s390x.rpm openssl-devel-1.0.1e-30.el6_6.7.s390.rpm openssl-devel-1.0.1e-30.el6_6.7.s390x.rpm

x86_64: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-perl-1.0.1e-30.el6_6.7.i686.rpm openssl-static-1.0.1e-30.el6_6.7.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-30.el6_6.7.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.7.ppc64.rpm openssl-static-1.0.1e-30.el6_6.7.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-30.el6_6.7.s390x.rpm openssl-perl-1.0.1e-30.el6_6.7.s390x.rpm openssl-static-1.0.1e-30.el6_6.7.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-30.el6_6.7.src.rpm

i386: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-perl-1.0.1e-30.el6_6.7.i686.rpm openssl-static-1.0.1e-30.el6_6.7.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2015-0209 https://access.redhat.com/security/cve/CVE-2015-0286 https://access.redhat.com/security/cve/CVE-2015-0287 https://access.redhat.com/security/cve/CVE-2015-0288 https://access.redhat.com/security/cve/CVE-2015-0289 https://access.redhat.com/security/cve/CVE-2015-0292 https://access.redhat.com/security/cve/CVE-2015-0293 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150319.txt https://access.redhat.com/articles/1384453

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFVEJ3JXlSAg2UNWIIRAsnPAJsFc2cGj1Hg8zbtE3wCCEj2hRaLaQCfaVRX z2xamw9PEJVbuKTXaQeLRmQ= =ZkF+ -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded. Fixes several bugs and security issues: o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) o ASN.1 structure reuse memory corruption fix (CVE-2015-0287) o PKCS7 NULL pointer dereferences fix (CVE-2015-0289) o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293) o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209) o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288) o Removed the export ciphers from the DEFAULT ciphers For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 9ba57b2971962ceb6205ec7b7e6b84e7 openssl-0.9.8zf-i486-1_slack13.0.txz 706ef57bb71992961584a3d957c5dbcb openssl-solibs-0.9.8zf-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: 5f581b663798eacc8e7df4c292f33dbf openssl-0.9.8zf-x86_64-1_slack13.0.txz fe5f33f4d2db08b4f8d724e62bf6e514 openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 1ef0ba15454da786993361c927084438 openssl-0.9.8zf-i486-1_slack13.1.txz 2b3e20bcaa77f39512b6edcbc41b5471 openssl-solibs-0.9.8zf-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: f8fae10a1936cf900d362b65d9b2c8df openssl-0.9.8zf-x86_64-1_slack13.1.txz 0093e35c46382eeef03a51421895ed65 openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 7d4dd0f76252c98622a5f5939f6f0674 openssl-0.9.8zf-i486-1_slack13.37.txz e5cde01c0773ac78d33964e4107878df openssl-solibs-0.9.8zf-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 379424e15bd378e00a5ba0c709432429 openssl-0.9.8zf-x86_64-1_slack13.37.txz 54832ad7e5440ce1c496be47fec9140d openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz

Slackware 14.0 packages: 8abafa33d2bf90b6cd8be849c0d9a643 openssl-1.0.1m-i486-1_slack14.0.txz bac56213a540586d801d7b57608396de openssl-solibs-1.0.1m-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: b4c6c971e74b678c68671feed18fa7dc openssl-1.0.1m-x86_64-1_slack14.0.txz acac871e22b5de998544c2f6431c0139 openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz

Slackware 14.1 packages: c1f47f1f1ba5a13d6ac2ef2ae48bfb4c openssl-1.0.1m-i486-1_slack14.1.txz b7b1761ae1585f406d303273812043d3 openssl-solibs-1.0.1m-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 1c6e11e2e3454836d5a3e9243f7c7738 openssl-1.0.1m-x86_64-1_slack14.1.txz 25b7a704816a2123463ddbfabbc1b86d openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz

Slackware -current packages: 0926b2429e1326c8ab9bcbbda056dc66 a/openssl-solibs-1.0.1m-i486-1.txz b6252d0f141eba7b0a8e8c5bbdc314f0 n/openssl-1.0.1m-i486-1.txz

Slackware x86_64 -current packages: 99b903f556c7a2d5ec283f04c2f5a650 a/openssl-solibs-1.0.1m-x86_64-1.txz 9ecb47e0b70bd7f8064c96fb2211c4b7 n/openssl-1.0.1m-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005

OS X Yosemite v10.10.4 and Security Update 2015-005 are now available and address the following:

Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A process may gain admin privileges without proper authentication Description: An issue existed when checking XPC entitlements. CVE-ID CVE-2015-3671 : Emil Kvarnhammar at TrueSec

Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A non-admin user may obtain admin rights Description: An issue existed in the handling of user authentication. CVE-ID CVE-2015-3672 : Emil Kvarnhammar at TrueSec

Admin Framework Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may abuse Directory Utility to gain root privileges Description: Directory Utility was able to be moved and modified to achieve code execution within an entitled process. CVE-ID CVE-2015-3674 : Dean Jerkovich of NCC Group

apache Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentials Description: The default Apache configuration did not include mod_hfs_apple. If Apache was manually enabled and the configuration was not changed, some files that should not be accessible might have been accessible using a specially crafted URL. CVE-ID CVE-2015-1157 CVE-2015-3685 : Apple CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3689 : Apple

coreTLS Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits. CVE-ID CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaca

EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may induce memory corruption to escalate privileges Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. CVE-ID CVE-2015-3712 : Ian Beer of Google Project Zero

Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple buffer overflow issues exist in the Intel graphics driver, the most serious of which may lead to arbitrary code execution with system privileges Description: Multiple buffer overflow issues existed in the Intel graphics driver. CVE-ID CVE-2015-3695 : Ian Beer of Google Project Zero CVE-2015-3696 : Ian Beer of Google Project Zero CVE-2015-3697 : Ian Beer of Google Project Zero CVE-2015-3698 : Ian Beer of Google Project Zero CVE-2015-3699 : Ian Beer of Google Project Zero CVE-2015-3700 : Ian Beer of Google Project Zero CVE-2015-3701 : Ian Beer of Google Project Zero CVE-2015-3702 : KEEN Team

ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple vulnerabilities existed in libtiff, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. CVE-ID CVE-2015-3709 : Ian Beer of Google Project Zero

Mail Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A maliciously crafted email can replace the message content with an arbitrary webpage when the message is viewed Description: An issue existed in the support for HTML email which allowed message content to be refreshed with an arbitrary webpage. CVE-ID CVE-2015-3711 : Peter Rutenbar working with HP's Zero Day Initiative

ntp Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: An attacker in a privileged position may be able to perform a denial of service attack against two ntp clients Description: Multiple issues existed in the authentication of ntp packets being received by configured end-points. Geshev working with HP's Zero Day Initiative CVE-2015-3662 : kdot working with HP's Zero Day Initiative CVE-2015-3663 : kdot working with HP's Zero Day Initiative CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero Day Initiative CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs, Ryan Pentney, and Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3713 : Apple

Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. CVE-ID CVE-2013-1741

Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Tampered applications may not be prevented from launching Description: Apps using custom resource rules may have been susceptible to tampering that would not have invalidated the signature. CVE-ID CVE-2015-3715 : Patrick Wardle of Synack

Spotlight Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Searching for a malicious file with Spotlight may lead to command injection Description: A command injection vulnerability existed in the handling of filenames of photos added to the local photo library. By sending a maliciously formatted message to systemstatsd, it may have been possible to execute arbitrary code as the systemstatsd process. CVE-ID

CVE-2014-8139 CVE-2014-8140 CVE-2014-8141

OS X Yosemite 10.10.4 includes the security content of Safari 8.0.7

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0055",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "9.9.1"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "9.7.3"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "10.4.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8ze"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8 thats all  0.9.8zf"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0 thats all  1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1 thats all  1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2 thats all  1.0.2a"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.3 (ht204942)"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.6.8 or later  10.11   (ht205267)"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9   (ipod touch first  5 after generation )"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "enterprise monitor 2.3.20"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "enterprise monitor 3.0.22"
      },
      {
        "model": "communications applications",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle enterprise session border controller ecz7.3m1p4"
      },
      {
        "model": "communications policy management",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "12.1.1"
      },
      {
        "model": "enterprise manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.1.4"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.2.0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.2.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.3.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle business intelligence enterprise edition 11.1.1.7"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle business intelligence enterprise edition 11.1.1.9"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.3.0.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.4.0.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.5.1.1"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.6.1.0.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle exalogic infrastructure 2.0.6.2"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle tuxedo tuxedo 12.1.1.0"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.53"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.54"
      },
      {
        "model": "secure backup",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10.4.0.4.0"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.63"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.71"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.1"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.2"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.1"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.1 sp1"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.1 sp2"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "3.0"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "agent 8.0"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "agent 8.0 2007 update release 2"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 10.0"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r1"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r2"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r3"
      },
      {
        "model": "csview",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/web questionnaire"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver6.0 to  ver8.0"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver2.0 to  8.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sigmablade em card (n8405-019/019a/043) firmware  rev.14.02 before"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "hs series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7400/nv5400/nv3400 series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7500/nv5500/nv3500 series"
      },
      {
        "model": "ix2000 series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver.8.7.22 all subsequent"
      },
      {
        "model": "ix3000 series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver.8.7.22 all subsequent"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "systemdirector enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "for java ( all models ) v5.1 to  v7.2"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c cmm"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c ucm v8.5.4 before"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v4.2 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v4.2 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard-j edition v4.1 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "uddi registry v1.1 to  v7.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v4.1 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v7.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v7.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard-j edition v7.1 to  v8.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v7.1 to  v8.1"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.4 to  v9.2"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v7.1 to  v8.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator agent ver3.3 to  ver4.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator manager ver3.2.2 to  ver4.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator probe option ver3.1.0.x to  ver4.1.0.x"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "jobcenter r14.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "hp-ux b.11.23 (11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v2)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "netezza platform software 7.0.4.8-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.60"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.32"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "bladecenter advanced management module 25r5778",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "algo one ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "system networking rackswitch g8124e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1948"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "gb esm ethernet switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1/107.4.11.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "virtual fabric 10gb switch module for bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.8.20.0"
      },
      {
        "model": "icewall mcrp sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pureapplication system interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.1"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "i operating system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "virtual fabric 10gb switch module for bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.6.0"
      },
      {
        "model": "algo one core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "netezza platform software 7.0.4.7-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.41"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.20"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "insight orchestration",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "cms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "17.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.35"
      },
      {
        "model": "communications session border controller scz7.4.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4"
      },
      {
        "model": "qradar security information and event manager mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.16"
      },
      {
        "model": "netezza platform software 7.2.0.4-p3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "vios fp-25 sp-02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.6.1.0.0"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "sterling integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "netezza platform software 7.0.2.16-p3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0-68"
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.842"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2-77"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.20.0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "5.0"
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.6.0"
      },
      {
        "model": "flashsystem 9843-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11150-11"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "g8264cs si fabric image",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "flex system cn4093 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "2.0"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "87.41.32.0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.3"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10.1.31.00"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "gb esm ethernet switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1/107.4.10.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.96"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.0"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.0.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.23"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "flex system cn4093 10gb scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.11.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "qradar security information and event manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "qradar security information and event manager mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.17"
      },
      {
        "model": "netezza platform software 7.0.2.15-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6.156"
      },
      {
        "model": "ds8700",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "87.31.16.0"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.1"
      },
      {
        "model": "infosphere guardium database activity monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "sametime unified telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12"
      },
      {
        "model": "qradar security information and event manager patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "model": "flex system en4023 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch 7.2.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "virtual fabric 10gb switch module for bladecenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.8.21.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "system networking rackswitch g8124e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.3.0"
      },
      {
        "model": "cognos controller if4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.10"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "communications session border controller scz7.3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.03"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.21"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.0.3"
      },
      {
        "model": "algo one pcre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "aspera ondemand",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "qradar security information and event manager patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.42"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bundle of g8264cs image",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.2"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.36"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.5.3"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "aspera connect server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.4"
      },
      {
        "model": "netezza platform software 7.2.0.4-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.02007"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "infinity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "9.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "tssc/imc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.20"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.34"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.13.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.102"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.3.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8.0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "si4093 si fabric",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.11.0"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15-210"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.4"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "security proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5.0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "sterling connect:enterprise for unix ifix03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.3"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3.1"
      },
      {
        "model": "aspera connect server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0-103"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12.201"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.95"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "1.0"
      },
      {
        "model": "qradar security information and event manager mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.15"
      },
      {
        "model": "cognos controller fp3 if2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.8.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.11.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0-95"
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "qradar security information and event manager mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.19"
      },
      {
        "model": "openscape voice r1.43.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v7"
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "algo one aggregation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.9"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "hp-ux b.11.11 (11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v1)"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.45"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.38"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.07"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.96"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11150-11"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1.1"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "algo one ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.9"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "qradar security information and event manager patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.44"
      },
      {
        "model": "netezza platform software 7.0.4.8-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2.127"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.10"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "algo one core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.9"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-109"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "ds8800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "86.31.123.0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.07"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "netezza platform software 7.1.0.4-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "openscape voice r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9"
      },
      {
        "model": "algo one mag",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.11"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aspera proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.2"
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1-73"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aspera connect server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.1"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "cognos insight",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2.4"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.9"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.4"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "virtual fabric 10gb switch module for bladecenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.7.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.41"
      },
      {
        "model": "storediq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.21"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0-14"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "sametime community server hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.3.19"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.04"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "algo one core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5"
      },
      {
        "model": "sametime community server limited use",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.02"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "hp-ux b.11.31 (11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v3)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "netezza platform software 7.0.4.8-p3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.19.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.20"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.40"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "ctpos 7.0r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.32"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15210"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.9.2"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "g8264cs si fabric image",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.11.0"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "flex system en4023 10gb scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "alienvault",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.1"
      },
      {
        "model": "rational tau interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.11.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.740"
      },
      {
        "model": "icewall sso dfw r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "4.0"
      },
      {
        "model": "system management homepage 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.411"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.3.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.2"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.0.4.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.0"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.0"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "87.31.38.0"
      },
      {
        "model": "openscape voice r1.42.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v7"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.9.2"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "algo one pcre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ringmaster appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.2"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "netezza platform software 7.0.2.16-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "bundle of g8264cs image",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.11.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.21"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-108"
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.1"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "cognos controller fp1 if1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "openscape voice r1.37.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v8"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.0.0"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vgw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "6.0"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.41"
      },
      {
        "model": "infosphere guardium for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "netezza platform software 7.0.2.16-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "openscape voice r1.38.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v8"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.33"
      },
      {
        "model": "src series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "openssh for gpfs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.0"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.3.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.4"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "3.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.213"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.26"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2.106"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.1.0"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.03"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.5.1.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.13.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "strm/jsa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "qradar security information and event manager mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14.20"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.760"
      },
      {
        "model": "aspera drive",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.1"
      },
      {
        "model": "algo one core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "rational insight",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.3.0"
      },
      {
        "model": "qradar security information and event manager mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "netezza platform software 7.1.0.5-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.50"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.3"
      },
      {
        "model": "openscape voice r1.3.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v8"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "model": "tuxedo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.0.0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.14"
      },
      {
        "model": "i operating systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.9.0"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "gb esm ethernet switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1/106.8.21.0"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "algo one mag",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.8"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "tssc/imc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1.730"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1"
      },
      {
        "model": "rational tau interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "bladecenter t advanced management module 32r0835",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.801"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.11.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.5"
      },
      {
        "model": "system storage san768b-2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.80"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.3.16"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.0.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.6.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "qradar security information and event manager patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.3"
      },
      {
        "model": "aspera proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.03"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.143"
      },
      {
        "model": "cognos controller fp1 if1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.1.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "openscape voice r1.43.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v8"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.8"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.3.13"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.31"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "gb esm ethernet switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1/106.8.20.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "87.31.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.13.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0-12"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.8.0"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1.104"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "model": "nsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "icewall mcrp sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10.1.35.00"
      },
      {
        "model": "infosphere guardium database activity monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "qradar security information and event manager mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.13"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "openscape voice r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v8"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.3"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "pulse secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.7"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.1"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.3"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.3.14"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1.73"
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.13.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "icewall sso agent option update rele",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.02007"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.3"
      },
      {
        "model": "qradar security information and event manager mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.18"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "system networking rackswitch g8124e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.34"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.3.15"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1841"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.4"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.1"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.41"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.2"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "qradar security information and event manager mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.14"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "netezza platform software 7.1.0.5-p3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "icewall sso dfw r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.179"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "mq light",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.40"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "87.31.16.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.13.0"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.2"
      },
      {
        "model": "system networking rackswitch g8124e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.13.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.3.0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.37"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.3.20"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.1.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.212"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.01"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4.1"
      },
      {
        "model": "aspera orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.2.1"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "ctpos 6.6r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "sametime unified telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.0"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.841"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.13"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.32"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.103"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "si4093 si fabric",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.60"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.0.121"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.9"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "project openssl 0.9.8zf",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.5.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.11.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch 7.2.0d5",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.1"
      },
      {
        "model": "qradar security information and event manager mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.110"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.10.0"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.33"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "systems insight manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.750"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "i operating system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "7.0"
      },
      {
        "model": "algo one core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.8"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "ctpos 6.6r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.18"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.4"
      },
      {
        "model": "cognos controller fp1 if2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "icewall sso dfw r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "73225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001881"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0286"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8ze",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0286"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stephen Henson",
    "sources": [
      {
        "db": "BID",
        "id": "73225"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-0286",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-0286",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-0286",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-0286",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0286"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001881"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0286"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04626468\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04626468\nVersion: 1\n\nHPSBGN03306 rev.1 - HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running\nOpenSSL, Remote Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-04-06\nLast Updated: 2015-04-06\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\n  Potential security vulnerabilities have been identified with HP IceWall SSO\nMCRP, SSO Dfw, and SSO Agent running OpenSSL. The vulnerabilities could be\nexploited remotely resulting in Denial of Service (DoS). \n\nReferences:\n\n  CVE-2015-0209\n  CVE-2015-0286\n  CVE-2015-0287\n  CVE-2015-0288\n  CVE-2015-0289\n  SSRT102007\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  HP IceWall MCRP version 2.1, 2.1 SP1, 2.1 SP2, and 3.0\n  HP IceWall SSO Dfw version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and 10.0\n  HP IceWall SSO Agent version 8.0 and 8.0 2007 Update Release 2\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2015-0209    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-0286    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0287    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0288    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0289    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP recommends the following software updates or workarounds to resolve the\nvulnerabilities for HP IceWall SSO MCRP, SSO Dfw, and SSO Agent. \n\n  Workaround for HP IceWall SSO MCRP:\n\n    - If possible, do not use the CLIENT_CERT and CLIENT_CERTKEY settings in\nthe host configuration file. Not setting these will prevent MCRP from using\nthose client certificates for communicating with the back-end web servers. \n\n    - If the CLIENT_CERT and CLIENT_CERTKEY settings must be used, then there\nis no workaround other than applying a vendor patch for OpenSSL for these\nvulnerabilities. \n\n  Workaround for HP IceWall SSO Dfw and SSO Agent:\n\n    - If possible, do not use client certificates for SSL communication\nbetween the client and server which are running HP IceWall SSO Dfw or SSO\nAgent. \n\n    - If client certificates for SSL communication between the client and\nserver must be used, then there is no workaround other than applying a vendor\npatch for OpenSSL for these vulnerabilities. \n\n  Software updates to resolve the vulnerabilities for OpenSSL:\n\n   1. IceWall SSO Dfw 10.0 running on RHEL could be using either the OS\nbundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still\nusing the OpenSSL bundled with HP IceWall, please switch to the OpenSSL\nlibrary bundled with the OS, and then follow the instructions in step 3. \n\n      Documents are available at the following location with instructions to\nswitch to the OS bundled OpenSSL library:\n\n      http://www.hp.com/jp/icewall_patchaccess\n\n    2. For IceWall SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3 which bundle OpenSSL,\nplease download the updated OpenSSL at the following location:\n\n      http://www.hp.com/jp/icewall_patchaccess\n\n    3. For IceWall products running on HP-UX which are using the OS bundled\nOpenSSL, please apply the HP-UX OpenSSL update for openssl-0.9.8zf when it is\navailable from the following location:\n\n      https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?product\nNumber=OPENSSL11I\n\nNote: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 6 April 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. OpenSSL Security Advisory [19 Mar 2015]\n=======================================\n\nOpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)\n=====================================================\n\nSeverity: High\n\nIf a client connects to an OpenSSL 1.0.2 server and renegotiates with an\ninvalid signature algorithms extension a NULL pointer dereference will occur. \nThis can be exploited in a DoS attack against the server. \n\nThis issue was was reported to OpenSSL on 26th February 2015 by David Ramos\nof Stanford University. The fix was developed by Stephen Henson and Matt\nCaswell of the OpenSSL development team. \n\nReclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n============================================================================\n\nSeverity: High\n\nThis security issue was previously announced by the OpenSSL project and\nclassified as \"low\" severity. This severity rating has now been changed to\n\"high\". \n\nThis was classified low because it was originally thought that server RSA\nexport ciphersuite support was rare: a client was only vulnerable to a MITM\nattack against a server which supports an RSA export ciphersuite. Recent\nstudies have shown that RSA export ciphersuites support is far more common. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. It was previously announced in the OpenSSL\nsecurity advisory on 8th January 2015. \n\nMultiblock corrupted pointer (CVE-2015-0290)\n============================================\n\nSeverity: Moderate\n\nOpenSSL 1.0.2 introduced the \"multiblock\" performance improvement. This feature\nonly applies on 64 bit x86 architecture platforms that support AES NI\ninstructions. A defect in the implementation of \"multiblock\" can cause OpenSSL\u0027s\ninternal write buffer to become incorrectly set to NULL when using non-blocking\nIO. Typically, when the user application is using a socket BIO for writing, this\nwill only result in a failed connection. However if some other BIO is used then\nit is likely that a segmentation fault will be triggered, thus enabling a\npotential DoS attack. \n\nThis issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and\nRainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development\nteam. \n\nSegmentation fault in DTLSv1_listen (CVE-2015-0207)\n===================================================\n\nSeverity: Moderate\n\nThe DTLSv1_listen function is intended to be stateless and processes the initial\nClientHello from many peers. It is common for user code to loop over the call to\nDTLSv1_listen until a valid ClientHello is received with an associated cookie. A\ndefect in the implementation of DTLSv1_listen means that state is preserved in\nthe SSL object from one invocation to the next that can lead to a segmentation\nfault. Errors processing the initial ClientHello can trigger this scenario. An\nexample of such an error could be that a DTLS1.0 only client is attempting to\nconnect to a DTLS1.2 only server. \n\nThis issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSegmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)\n===================================================\n\nSeverity: Moderate\n\nThe function ASN1_TYPE_cmp will crash with an invalid read if an attempt is\nmade to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check\ncertificate signature algorithm consistency this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered and fixed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nSegmentation fault for invalid PSS parameters (CVE-2015-0208)\n=============================================================\n\nSeverity: Moderate\n\nThe signature verification routines will crash with a NULL pointer\ndereference if presented with an ASN.1 signature using the RSA PSS\nalgorithm and invalid parameters. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\n\nThis issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter\nand a fix developed by Stephen Henson of the OpenSSL development team. \n\nASN.1 structure reuse memory corruption (CVE-2015-0287)\n=======================================================\n\nSeverity: Moderate\n\nReusing a structure in ASN.1 parsing may allow an attacker to cause\nmemory corruption via an invalid write. Such reuse is and has been\nstrongly discouraged and is believed to be rare. \n\nApplications that parse structures containing CHOICE or ANY DEFINED BY\ncomponents may be affected. Certificate parsing (d2i_X509 and related\nfunctions) are however not affected. OpenSSL clients and servers are\nnot affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Emilia K\u00e4sper and a fix developed by\nStephen Henson of the OpenSSL development team. \n\nPKCS7 NULL pointer dereferences (CVE-2015-0289)\n===============================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing outer ContentInfo correctly. \nAn attacker can craft malformed ASN.1-encoded PKCS#7 blobs with\nmissing content and trigger a NULL pointer dereference on parsing. \n\nApplications that verify PKCS#7 signatures, decrypt PKCS#7 data or\notherwise parse PKCS#7 structures from untrusted sources are\naffected. OpenSSL clients and servers are not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was reported to OpenSSL on February 16th 2015 by Michal\nZalewski (Google) and a fix developed by Emilia K\u00e4sper of the OpenSSL\ndevelopment team. \n\nBase64 decode (CVE-2015-0292)\n=============================\n\nSeverity: Moderate\n\nA vulnerability existed in previous versions of OpenSSL related to the\nprocessing of base64 encoded data. Any code path that reads base64 data from an\nuntrusted source could be affected (such as the PEM processing routines). \nMaliciously crafted base 64 data could trigger a segmenation fault or memory\ncorruption. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 0.9.8 users should upgrade to 0.9.8za. This issue was originally reported by\nRobert Dugal and subsequently by David Ramos. \n\nDoS via reachable assert in SSLv2 servers (CVE-2015-0293)\n=========================================================\n\nSeverity: Moderate\n\nA malicious client can trigger an OPENSSL_assert (i.e., an abort) in\nservers that both support SSLv2 and enable export cipher suites by sending\na specially crafted SSLv2 CLIENT-MASTER-KEY message. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Sean Burford (Google) and Emilia K\u00e4sper\n(OpenSSL development team) in March 2015 and the fix was developed by\nEmilia K\u00e4sper. \n\nEmpty CKE with client auth and DHE (CVE-2015-1787)\n==================================================\n\nSeverity: Moderate\n\nIf client auth is used then a server can seg fault in the event of a DHE\nciphersuite being selected and a zero length ClientKeyExchange message being\nsent by the client. This could be exploited in a DoS attack. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nHandshake with unseeded PRNG (CVE-2015-0285)\n============================================\n\nSeverity: Low\n\nUnder certain conditions an OpenSSL 1.0.2 client can complete a handshake with\nan unseeded PRNG. The conditions are:\n- The client is on a platform where the PRNG has not been seeded automatically,\nand the user has not seeded manually\n- A protocol specific client method version has been used (i.e. not\nSSL_client_methodv23)\n- A ciphersuite is used that does not require additional random data from the\nPRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA). \n\nIf the handshake succeeds then the client random that has been used will have\nbeen generated from a PRNG with insufficient entropy and therefore the output\nmay be predictable. \n\nFor example using the following command with an unseeded openssl will succeed on\nan unpatched platform:\n\nopenssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA\n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nUse After Free following d2i_ECPrivatekey error (CVE-2015-0209)\n===============================================================\n\nSeverity: Low\n\nA malformed EC private key file consumed via the d2i_ECPrivateKey function could\ncause a use after free condition. This, in turn, could cause a double\nfree in several private key parsing functions (such as d2i_PrivateKey\nor EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption\nfor applications that receive EC private keys from untrusted\nsources. This scenario is considered rare. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by the BoringSSL project and fixed in their commit\n517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nX509_to_X509_REQ NULL pointer deref (CVE-2015-0288)\n===================================================\n\nSeverity: Low\n\nThe function X509_to_X509_REQ will crash with a NULL pointer dereference if\nthe certificate key is invalid. This function is rarely used in practice. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Brian Carpenter and a fix developed by Stephen\nHenson of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150319.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2015:062\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : openssl\n Date    : March 27, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in openssl:\n \n Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows\n remote attackers to inject data across sessions or cause a denial of\n service (use-after-free and parsing error) via an SSL connection in\n a multithreaded environment (CVE-2010-5298). \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599  mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f  mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b  mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a  mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784  mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1  mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-1 iOS 9\n\niOS 9 is now available and addresses the following:\n\nApple Pay\nAvailable for:  iPhone 6, iPad mini 3, and iPad Air 2\nImpact:  Some cards may allow a terminal to retrieve limited recent\ntransaction information when making a payment\nDescription:  The transaction log functionality was enabled in\ncertain configurations. This issue was addressed by removing the\ntransaction log functionality. \nCVE-ID\nCVE-2015-5916\n\nAppleKeyStore\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local attacker may be able to reset failed passcode\nattempts with an iOS backup\nDescription:  An issue existed in resetting failed passcode attempts\nwith a backup of the iOS device. This was addressed through improved\npasscode failure logic. \nCVE-ID\nCVE-2015-5850 : an anonymous researcher\n\nApplication Store\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Clicking a malicious ITMS link may lead to a denial of\nservice in an enterprise-signed application\nDescription:  An issue existed with installation through ITMS links. \nThis was addressed through additional installation verification. \nCVE-ID\nCVE-2015-5856 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of\nFireEye, Inc. \n\nAudio\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Playing a malicious audio file may lead to an unexpected\napplication termination\nDescription:  A memory corruption issue existed in the handling of\naudio files. This issue issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:\nProf. Taekyoung Kwon), Yonsei University, Seoul, Korea\n\nCertificate Trust Policy\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Update to the certificate trust policy\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT204132. \n\nCFNetwork\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A person with physical access to an iOS device may read\ncache data from Apple apps\nDescription:  Cache data was encrypted with a key protected only by\nthe hardware UID. This issue was addressed by encrypting the cache\ndata with a key protected by the hardware UID and the user\u0027s\npasscode. \nCVE-ID\nCVE-2015-5898 : Andreas Kurtz of NESO Security Labs\n\nCFNetwork Cookies\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker in a privileged network position can track a\nuser\u0027s activity\nDescription:  A cross-domain cookie issue existed in the handling of\ntop level domains. The issue was address through improved\nrestrictions of cookie creation. \nCVE-ID\nCVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork Cookies\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker may be able to create unintended cookies for a\nwebsite\nDescription:  WebKit would accept multiple cookies to be set in the\ndocument.cookie API. This issue was addressed through improved\nparsing. \nCVE-ID\nCVE-2015-3801 : Erling Ellingsen of Facebook\n\nCFNetwork FTPProtocol\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Malicious FTP servers may be able to cause the client to\nperform reconnaissance on other hosts\nDescription:  An issue existed in FTP packet handling if clients were\nusing an FTP proxy. \nCVE-ID\nCVE-2015-5912 : Amit Klein\n\nCFNetwork HTTPProtocol\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A maliciously crafted URL may be able to bypass HTTP Strict\nTransport Security (HSTS) and leak sensitive data\nDescription:  A URL parsing vulnerability existed in HSTS handling. \nThis issue was addressed through improved URL parsing. \nCVE-ID\nCVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork HTTPProtocol\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription:  An issue existed in the handling of HSTS state in\nSafari private browsing mode. This issue was addressed through\nimproved state handling. \nCVE-ID\nCVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd\n\nCFNetwork Proxies\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Connecting to a malicious web proxy may set malicious\ncookies for a website\nDescription:  An issue existed in the handling of proxy connect\nresponses. This issue was addressed by removing the set-cookie header\nwhile parsing the connect response. \nCVE-ID\nCVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork SSL\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription:  A certificate validation issue existed in NSURL when a\ncertificate changed. This issue was addressed through improved\ncertificate validation. \nCVE-ID\nCVE-2015-5824 : Timothy J. Wood of The Omni Group\n\nCFNetwork SSL\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker may be able to decrypt data protected by SSL\nDescription:  There are known attacks on the confidentiality of RC4. \nAn attacker could force the use of RC4, even if the server preferred\nbetter ciphers, by blocking TLS 1.0 and higher connections until\nCFNetwork tried SSL 3.0, which only allows RC4. This issue was\naddressed by removing the fallback to SSL 3.0. \n\nCoreAnimation\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to leak sensitive user\ninformation\nDescription:  Applications could access the screen framebuffer while\nthey were in the background. This issue was addressed with improved\naccess control on IOSurfaces. \nCVE-ID\nCVE-2015-5880 : Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin\nGao, Yingjiu Li of School of Information Systems Singapore Management\nUniversity,  Feng Bao and Jianying Zhou of Cryptography and Security\nDepartment Institute for Infocomm Research\n\nCoreCrypto\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker may be able to determine a private key\nDescription:  By observing many signing or decryption attempts, an\nattacker may have been able to determine the RSA private key. This\nissue was addressed using improved encryption algorithms. \n\nCoreText\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team\n\nData Detectors Engine\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription:  Memory corruption issues existed in the processing of\ntext files. These issues were addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5829 : M1x7e1 of Safeye Team (www.safeye.org)\n\nDev Tools\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in dyld. This was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-5876 : beist of grayhash\n\ndyld\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An application may be able to bypass code signing\nDescription:  An issue existed with validation of the code signature\nof executables. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5839 : @PanguTeam, TaiG Jailbreak Team\n\nDisk Images\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in DiskImages. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5847 : Filippo Bigarella, Luca Todesco\n\nGame Center\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious Game Center application may be able to access a\nplayer\u0027s email address\nDescription:  An issue existed in Game Center in the handling of a\nplayer\u0027s email. This issue was addressed through improved access\nrestrictions. \nCVE-ID\nCVE-2015-5855 : Nasser Alnasser\n\nICU\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Multiple vulnerabilities in ICU\nDescription:  Multiple vulnerabilities existed in ICU versions prior\nto 53.1.0. These issues were addressed by updating ICU to version\n55.1. \nCVE-ID\nCVE-2014-8146\nCVE-2015-1205\n\nIOAcceleratorFamily\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed that led to the disclosure of kernel\nmemory content. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5834 : Cererdlong of Alibaba Mobile Security Team\n\nIOAcceleratorFamily\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in\nIOAcceleratorFamily. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5848 : Filippo Bigarella\n\nIOHIDFamily\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5867 : moony li of Trend Micro\n\nIOKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5844 : Filippo Bigarella\nCVE-2015-5845 : Filippo Bigarella\nCVE-2015-5846 : Filippo Bigarella\n\nIOMobileFrameBuffer\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in\nIOMobileFrameBuffer. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5843 : Filippo Bigarella\n\nIOStorageFamily\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local attacker may be able to read kernel memory\nDescription:  A memory initialization issue existed in the kernel. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5863 : Ilja van Sprundel of IOActive\n\niTunes Store\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  AppleID credentials may persist in the keychain after sign\nout\nDescription:  An issue existed in keychain deletion. This issue was\naddressed through improved account cleanup. \nCVE-ID\nCVE-2015-5832 : Kasif Dekel from Check Point Software Technologies\n\nJavaScriptCore\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Memory corruption issues existed in WebKit. These\nissues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5791 : Apple\nCVE-2015-5793 : Apple\nCVE-2015-5814 : Apple\nCVE-2015-5816 : Apple\nCVE-2015-5822 : Mark S. Miller of Google\nCVE-2015-5823 : Apple\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team\nCVE-2015-5896 : Maxime Villard of m00nbsd\nCVE-2015-5903 : CESG\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local attacker may control the value of stack cookies\nDescription:  Multiple weaknesses existed in the generation of user\nspace stack cookies. This was addressed through improved generation\nof stack cookies. \nCVE-ID\nCVE-2013-3951 : Stefan Esser\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local process can modify other processes without\nentitlement checks\nDescription:  An issue existed where root processes using the\nprocessor_set_tasks API were allowed to retrieve the task ports of\nother processes. This issue was addressed through added entitlement\nchecks. \nCVE-ID\nCVE-2015-5882 : Pedro Vilaca, working from original research by Ming-\nchieh Pan and Sung-ting Tsai; Jonathan Levin\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker may be able to launch denial of service attacks\non targeted TCP connections without knowing the correct sequence\nnumber\nDescription:  An issue existed in xnu\u0027s validation of TCP packet\nheaders. This issues was addressed through improved TCP packet header\nvalidation. \nCVE-ID\nCVE-2015-5879 : Jonathan Looney\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker in a local LAN segment may disable IPv6 routing\nDescription:  An insufficient validation issue existed in handling of\nIPv6 router advertisements that allowed an attacker to set the hop\nlimit to an arbitrary value. This issue was addressed by enforcing a\nminimum hop limit. \nCVE-ID\nCVE-2015-5869 : Dennis Spindel Ljungmark\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in XNU that led to the disclosure of\nkernel memory. This was addressed through improved initialization of\nkernel memory structures. \nCVE-ID\nCVE-2015-5842 : beist of grayhash\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  An issue existed in HFS drive mounting. This was\naddressed by additional validation checks. \nCVE-ID\nCVE-2015-5748 : Maxime Villard of m00nbsd\n\nlibc\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse\nCorporation\n\nlibpthread\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team\n\nMail\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker can send an email that appears to come from a\ncontact in the recipient\u0027s address book\nDescription:  An issue existed in the handling of the sender\u0027s\naddress. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5857 : Emre Saglam of salesforce.com\n\nMultipeer Connectivity\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local attacker may be able to observe unprotected\nmultipeer data\nDescription:  An issue existed in convenience initializer handling in\nwhich encryption could be actively downgraded to a non-encrypted\nsession. This issue was addressed by changing the convenience\ninitializer to require encryption. \nCVE-ID\nCVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem\n\nNetworkExtension\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An uninitialized memory issue in the kernel led to the\ndisclosure of kernel memory content. This issue was addressed through\nmemory initialization. \nCVE-ID\nCVE-2015-5831 : Maxime Villard of m00nbsd\n\nOpenSSL\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Multiple vulnerabilities in OpenSSL\nDescription:  Multiple vulnerabilities existed in OpenSSL versions\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\n0.9.8zg. \nCVE-ID\nCVE-2015-0286\nCVE-2015-0287\n\nPluginKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious enterprise application can install extensions\nbefore the application has been trusted\nDescription:  An issue existed in the validation of extensions during\ninstallation. This was addressed through improved app verification. \nCVE-ID\nCVE-2015-5837 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of\nFireEye, Inc. \n\nremovefile\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Processing malicious data may lead to unexpected application\ntermination\nDescription:  An overflow fault existed in the checkint division\nroutines. This issue was addressed with improved division routines. \nCVE-ID\nCVE-2015-5840 : an anonymous researcher\n\nSafari\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to read Safari bookmarks on a\nlocked iOS device without a passcode\nDescription:  Safari bookmark data was encrypted with a key protected\nonly by the hardware UID. This issue was addressed by encrypting the\nSafari bookmark data with a key protected by the hardware UID and the\nuser\u0027s passcode. \nCVE-ID\nCVE-2015-5903 : Jonathan Zdziarski\n\nSafari\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a malicious website may lead to user interface\nspoofing\nDescription:  An issue may have allowed a website to display content\nwith a URL from a different website. This issue was addressed through\nimproved URL handling. \nCVE-ID\nCVE-2015-5904 : Erling Ellingsen of Facebook, Lukasz Pilorz\n\nSafari\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a malicious website may lead to user interface\nspoofing\nDescription:  Navigating to a malicious website with a malformed\nwindow opener may have allowed the display of arbitrary URLs. This\nissue was addressed through improved handling of window openers. \nCVE-ID\nCVE-2015-5905 : Keita Haga of keitahaga.com\n\nSafari\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Users may be tracked by malicious websites using client\ncertificates\nDescription:  An issue existed in Safari\u0027s client certificate\nmatching for SSL authentication. This issue was addressed through\nimproved matching of valid client certificates. \nCVE-ID\nCVE-2015-1129 : Stefan Kraus of fluid Operations AG, Sylvain Munaut\nof Whatever s.a. \n\nSafari\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a malicious website may lead to user interface\nspoofing\nDescription:  Multiple user interface inconsistencies may have\nallowed a malicious website to display an arbitrary URL. These issues\nwere addressed through improved URL display logic. \nCVE-ID\nCVE-2015-5764 : Antonio Sanso (@asanso) of Adobe\nCVE-2015-5765 : Ron Masas\nCVE-2015-5767 : Krystian Kloskowski via Secunia, Masato Kinugawa\n\nSafari Safe Browsing\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Navigating to the IP address of a known malicious website\nmay not trigger a security warning\nDescription:  Safari\u0027s Safe Browsing feature did not warn users when\nvisiting known malicious websites by their IP addresses. The issue\nwas addressed through improved malicious site detection. \nRahul M of TagsDoc\n\nSecurity\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious app may be able to intercept communication\nbetween apps\nDescription:  An issue existed that allowed a malicious app to\nintercept URL scheme communication between apps. This was mitigated\nby displaying a dialog when a URL scheme is used for the first time. \nCVE-ID\nCVE-2015-5835 : Teun van Run of FiftyTwoDegreesNorth B.V.; XiaoFeng\nWang of Indiana University, Luyi Xing of Indiana University, Tongxin\nLi of Peking University, Tongxin Li of Peking University, Xiaolong\nBai of Tsinghua University\n\nSiri\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A person with physical access to an iOS device may be able\nto use Siri to read notifications of content that is set not to be\ndisplayed at the lock screen\nDescription:  When a request was made to Siri, client side\nrestrictions were not being checked by the server. This issue was\naddressed through improved restriction checking. \nCVE-ID\nCVE-2015-5892 : Robert S Mozayeni, Joshua Donvito\n\nSpringBoard\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A person with physical access to an iOS device can reply to\nan audio message from the lock screen when message previews from the\nlock screen are disabled\nDescription:  A lock screen issue allowed users to reply to audio\nmessages when message previews were disabled. This issue was\naddressed through improved state management. \nCVE-ID\nCVE-2015-5861 : Daniel Miedema of Meridian Apps\n\nSpringBoard\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to spoof another\napplication\u0027s dialog windows\nDescription:  An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-ID\nCVE-2015-5838 : Min (Spark) Zheng, Hui Xue, Tao (Lenx) Wei, John C.S. \nLui\n\nSQLite\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Multiple vulnerabilities in SQLite v3.8.5\nDescription:  Multiple vulnerabilities existed in SQLite v3.8.5. \nThese issues were addressed by updating SQLite to version 3.8.10.2. \nCVE-ID\nCVE-2015-5895\n\ntidy\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue existed in Tidy. This issues\nwas addressed through improved memory handling. \nCVE-ID\nCVE-2015-5522 : Fernando Munoz of NULLGroup.com\nCVE-2015-5523 : Fernando Munoz of NULLGroup.com\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Object references may be leaked between isolated origins on\ncustom events, message events and pop state events\nDescription:  An object leak issue broke the isolation boundary\nbetween origins. This issue was addressed through improved isolation\nbetween origins. \nCVE-ID\nCVE-2015-5827 : Gildas\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Memory corruption issues existed in WebKit. These\nissues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5789 : Apple\nCVE-2015-5790 : Apple\nCVE-2015-5792 : Apple\nCVE-2015-5794 : Apple\nCVE-2015-5795 : Apple\nCVE-2015-5796 : Apple\nCVE-2015-5797 : Apple\nCVE-2015-5799 : Apple\nCVE-2015-5800 : Apple\nCVE-2015-5801 : Apple\nCVE-2015-5802 : Apple\nCVE-2015-5803 : Apple\nCVE-2015-5804 : Apple\nCVE-2015-5805\nCVE-2015-5806 : Apple\nCVE-2015-5807 : Apple\nCVE-2015-5809 : Apple\nCVE-2015-5810 : Apple\nCVE-2015-5811 : Apple\nCVE-2015-5812 : Apple\nCVE-2015-5813 : Apple\nCVE-2015-5817 : Apple\nCVE-2015-5818 : Apple\nCVE-2015-5819 : Apple\nCVE-2015-5821 : Apple\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a malicious website may lead to unintended dialing\nDescription:  An issue existed in handling of tel://, facetime://,\nand facetime-audio:// URLs. This issue was addressed through improved\nURL handling. \nCVE-ID\nCVE-2015-5820 : Andrei Neculaesei, Guillaume Ross\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  QuickType may learn the last character of a password in a\nfilled-in web form\nDescription:  An issue existed in WebKit\u0027s handling of password input\ncontext. This issue was addressed through improved input context\nhandling. \nCVE-ID\nCVE-2015-5906 : Louis Romero of Google Inc. \n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker in a privileged network position may be able to\nredirect to a malicious domain\nDescription:  An issue existed in the handling of resource caches on\nsites with invalid certificates. The issue was addressed by rejecting\nthe application cache of domains with invalid certificates. \nCVE-ID\nCVE-2015-5907 : Yaoqi Jia of National University of Singapore (NUS)\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious website may exfiltrate data cross-origin\nDescription:  Safari allowed cross-origin stylesheets to be loaded\nwith non-CSS MIME types which could be used for cross-origin data\nexfiltration. This issue was addressed by limiting MIME types for\ncross-origin stylesheets. \nCVE-ID\nCVE-2015-5826 : filedescriptor, Chris Evans\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  The Performance API may allow a malicious website to leak\nbrowsing history, network activity, and mouse movements\nDescription:  WebKit\u0027s Performance API could have allowed a malicious\nwebsite to leak browsing history, network activity, and mouse\nmovements by measuring time. This issue was addressed by limiting\ntime resolution. \nCVE-ID\nCVE-2015-5825 : Yossi Oren et al. of Columbia University\u0027s Network\nSecurity Lab\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription:  An issue existed with Content-Disposition headers\ncontaining type attachment. This issue was addressed by disallowing\nsome functionality for type attachment pages. \nCVE-ID\nCVE-2015-5921 : Mickey Shkatov of the Intel(r) Advanced Threat\nResearch Team, Daoyuan Wu of Singapore Management University, Rocky\nK. C. Chang of Hong Kong Polytechnic University, Lukasz Pilorz,\nsuperhei of www.knownsec.com\n\nWebKit Canvas\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a malicious website may disclose image data from\nanother website\nDescription:  A cross-origin issue existed with \"canvas\" element\nimages in WebKit. This was addressed through improved tracking of\nsecurity origins. \nCVE-ID\nCVE-2015-5788 : Apple\n\nWebKit Page Loading\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  WebSockets may bypass mixed content policy enforcement\nDescription:  An insufficient policy enforcement issue allowed\nWebSockets to load mixed content. This issue was addressed by\nextending mixed content policy enforcement to WebSockets. \nKevin G Jones of Higher Logic\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"9\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJV+avFAAoJEBcWfLTuOo7tAOsQAKVBs+YG3HuMy0mc0rnpbRtU\n+bjdnzwBeQE6C6Fp/SlZroyYtutnPw9QoFbUpY9Kkcer08uPap6kUAcF72fD51tG\nUYmIe5WvDSMWD98pKsgDGUVfGdU1h135KpSfDgoiQrZK2GAPe2xCDupD42jIPLk2\n3qSyrYnVzfrCZ8uBk9j4gqoF5Ki6JSP/3Qm7hiPfhQXcMyQyIQ+2tJyQcSyGf5OM\nRgkmHwjIjkEb8jwwQ6h4LPMNuvqq8Kv6P4wQQeUl7RdtLJfafmFg+mV7bSmV/b28\nHk5EHQrQJ5fVl9jBFxti6aZrhrNr5yRL9yAdrpNB0rWfDN0z9emyGRrW2vli+Zv+\n0xXBZfAiNVAP53ou4gyVkLDZ+zx5lsWSADU1QWbIR2DY+WXUIN5QJ/ayFkNN9gqD\nWrFGHOc/l+Rq82uQi4ND0jTcYqhBG0MyooJf29orPA2tZeKvrcA4/6w12w6eJ7qA\naW5J+BByErqWft42I/JT3CbnK+GBEDHnj4GAeSMHuNolPNsoH5cv0G4yKigW0zLS\n81AzADTcBtKtaSD9aBAPAL6TTGUySmupF8flhHTMcpZh1MbAqo+bObMXUMvCrmST\nyq+5/R0gVuMN0BQ7adwI0akYApuqrNi/Mp9zT+JlU2wiSfaHm58Ugf8YAmc+sfjT\nrHWi1bvzskkrxRfuQ4mX\n=MnPh\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2015:0715-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-0715.html\nIssue date:        2015-03-23\nCVE Names:         CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 \n                   CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 \n                   CVE-2015-0293 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n(CVE-2015-0286)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in the\nway OpenSSL decoded malformed Base64-encoded inputs. Note: this flaw is not exploitable via the TLS/SSL protocol because\nthe data being transferred is not Base64-encoded. (CVE-2015-0292)\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. A remote attacker could use this flaw to cause a\nTLS/SSL server using OpenSSL to exit on a failed assertion if it had both\nthe SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)\n\nA use-after-free flaw was found in the way OpenSSL imported malformed\nElliptic Curve private keys. A specially crafted key file could cause an\napplication using OpenSSL to crash when imported. (CVE-2015-0209)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused certain\nASN.1 structures. An attacker able to make an application using OpenSSL\nverify, decrypt, or parse a specially crafted PKCS#7 input could cause that\napplication to crash. (CVE-2015-0289)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292,\nand CVE-2015-0293. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.7.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.7.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.7.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.7.ppc.rpm\nopenssl-1.0.1e-30.el6_6.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.7.s390.rpm\nopenssl-1.0.1e-30.el6_6.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.7.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.7.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.7.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0209\nhttps://access.redhat.com/security/cve/CVE-2015-0286\nhttps://access.redhat.com/security/cve/CVE-2015-0287\nhttps://access.redhat.com/security/cve/CVE-2015-0288\nhttps://access.redhat.com/security/cve/CVE-2015-0289\nhttps://access.redhat.com/security/cve/CVE-2015-0292\nhttps://access.redhat.com/security/cve/CVE-2015-0293\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150319.txt\nhttps://access.redhat.com/articles/1384453\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVEJ3JXlSAg2UNWIIRAsnPAJsFc2cGj1Hg8zbtE3wCCEj2hRaLaQCfaVRX\nz2xamw9PEJVbuKTXaQeLRmQ=\n=ZkF+\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1m-i486-1_slack14.1.txz:  Upgraded. \n  Fixes several bugs and security issues:\n   o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)\n   o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)\n   o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)\n   o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)\n   o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)\n   o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)\n   o Removed the export ciphers from the DEFAULT ciphers\n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n9ba57b2971962ceb6205ec7b7e6b84e7  openssl-0.9.8zf-i486-1_slack13.0.txz\n706ef57bb71992961584a3d957c5dbcb  openssl-solibs-0.9.8zf-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n5f581b663798eacc8e7df4c292f33dbf  openssl-0.9.8zf-x86_64-1_slack13.0.txz\nfe5f33f4d2db08b4f8d724e62bf6e514  openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1ef0ba15454da786993361c927084438  openssl-0.9.8zf-i486-1_slack13.1.txz\n2b3e20bcaa77f39512b6edcbc41b5471  openssl-solibs-0.9.8zf-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\nf8fae10a1936cf900d362b65d9b2c8df  openssl-0.9.8zf-x86_64-1_slack13.1.txz\n0093e35c46382eeef03a51421895ed65  openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n7d4dd0f76252c98622a5f5939f6f0674  openssl-0.9.8zf-i486-1_slack13.37.txz\ne5cde01c0773ac78d33964e4107878df  openssl-solibs-0.9.8zf-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n379424e15bd378e00a5ba0c709432429  openssl-0.9.8zf-x86_64-1_slack13.37.txz\n54832ad7e5440ce1c496be47fec9140d  openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n8abafa33d2bf90b6cd8be849c0d9a643  openssl-1.0.1m-i486-1_slack14.0.txz\nbac56213a540586d801d7b57608396de  openssl-solibs-1.0.1m-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\nb4c6c971e74b678c68671feed18fa7dc  openssl-1.0.1m-x86_64-1_slack14.0.txz\nacac871e22b5de998544c2f6431c0139  openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\nc1f47f1f1ba5a13d6ac2ef2ae48bfb4c  openssl-1.0.1m-i486-1_slack14.1.txz\nb7b1761ae1585f406d303273812043d3  openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1c6e11e2e3454836d5a3e9243f7c7738  openssl-1.0.1m-x86_64-1_slack14.1.txz\n25b7a704816a2123463ddbfabbc1b86d  openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n0926b2429e1326c8ab9bcbbda056dc66  a/openssl-solibs-1.0.1m-i486-1.txz\nb6252d0f141eba7b0a8e8c5bbdc314f0  n/openssl-1.0.1m-i486-1.txz\n\nSlackware x86_64 -current packages:\n99b903f556c7a2d5ec283f04c2f5a650  a/openssl-solibs-1.0.1m-x86_64-1.txz\n9ecb47e0b70bd7f8064c96fb2211c4b7  n/openssl-1.0.1m-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update\n2015-005\n\nOS X Yosemite v10.10.4 and Security Update 2015-005 are now available\nand address the following:\n\nAdmin Framework\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A process may gain admin privileges without proper\nauthentication\nDescription:  An issue existed when checking XPC entitlements. \nCVE-ID\nCVE-2015-3671 : Emil Kvarnhammar at TrueSec\n\nAdmin Framework\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A non-admin user may obtain admin rights\nDescription:  An issue existed in the handling of user\nauthentication. \nCVE-ID\nCVE-2015-3672 : Emil Kvarnhammar at TrueSec\n\nAdmin Framework\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker may abuse Directory Utility to gain root\nprivileges\nDescription:  Directory Utility was able to be moved and modified to\nachieve code execution within an entitled process. \nCVE-ID\nCVE-2015-3674 : Dean Jerkovich of NCC Group\n\napache\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker may be able to access directories that are\nprotected with HTTP authentication without knowing the correct\ncredentials\nDescription:  The default Apache configuration did not include\nmod_hfs_apple. If Apache was manually enabled and the configuration\nwas not changed, some files that should not be accessible might have\nbeen accessible using a specially crafted URL. \nCVE-ID\nCVE-2015-1157\nCVE-2015-3685 : Apple\nCVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3689 : Apple\n\ncoreTLS\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription:  coreTLS accepted short ephemeral Diffie-Hellman (DH)\nkeys, as used in export-strength ephemeral DH cipher suites. This\nissue, also known as Logjam, allowed an attacker with a privileged\nnetwork position to downgrade security to 512-bit DH if the server\nsupported an export-strength ephemeral DH cipher suite. The issue was\naddressed by increasing the default minimum size allowed for DH\nephemeral keys to 768 bits. \nCVE-ID\nCVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah\nand Corey Kallenberg of LegbaCore LLC, Pedro Vilaca\n\nEFI\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may induce memory corruption to\nescalate privileges\nDescription:  A disturbance error, also known as Rowhammer, exists\nwith some DDR3 RAM that could have led to memory corruption. \nCVE-ID\nCVE-2015-3712 : Ian Beer of Google Project Zero\n\nIntel Graphics Driver\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Multiple buffer overflow issues exist in the Intel graphics\ndriver, the most serious of which may lead to arbitrary code\nexecution with system privileges\nDescription:  Multiple buffer overflow issues existed in the Intel\ngraphics driver. \nCVE-ID\nCVE-2015-3695 : Ian Beer of Google Project Zero\nCVE-2015-3696 : Ian Beer of Google Project Zero\nCVE-2015-3697 : Ian Beer of Google Project Zero\nCVE-2015-3698 : Ian Beer of Google Project Zero\nCVE-2015-3699 : Ian Beer of Google Project Zero\nCVE-2015-3700 : Ian Beer of Google Project Zero\nCVE-2015-3701 : Ian Beer of Google Project Zero\nCVE-2015-3702 : KEEN Team\n\nImageIO\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Multiple vulnerabilities existed in libtiff, the most\nserious of which may lead to arbitrary code execution\nDescription:  Multiple vulnerabilities existed in libtiff versions\nprior to 4.0.4. \nCVE-ID\nCVE-2015-3709 : Ian Beer of Google Project Zero\n\nMail\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A maliciously crafted email can replace the message content\nwith an arbitrary webpage when the message is viewed\nDescription:  An issue existed in the support for HTML email which\nallowed message content to be refreshed with an arbitrary webpage. \nCVE-ID\nCVE-2015-3711 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nntp\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker in a privileged position may be able to perform\na denial of service attack against two ntp clients\nDescription:  Multiple issues existed in the authentication of ntp\npackets being received by configured end-points. Geshev working with HP\u0027s Zero Day Initiative\nCVE-2015-3662 : kdot working with HP\u0027s Zero Day Initiative\nCVE-2015-3663 : kdot working with HP\u0027s Zero Day Initiative\nCVE-2015-3666 : Steven Seeley of Source Incite working with HP\u0027s Zero\nDay Initiative\nCVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai\nLu of Fortinet\u0027s FortiGuard Labs, Ryan Pentney, and Richard Johnson\nof Cisco Talos and Kai Lu of Fortinet\u0027s FortiGuard Labs\nCVE-2015-3668 : Kai Lu of Fortinet\u0027s FortiGuard Labs\nCVE-2015-3713 : Apple\n\nSecurity\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription:  An integer overflow existed in the Security framework\ncode for parsing S/MIME e-mail and some other signed or encrypted\nobjects. \nCVE-ID\nCVE-2013-1741\n\nSecurity\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Tampered applications may not be prevented from launching\nDescription:  Apps using custom resource rules may have been\nsusceptible to tampering that would not have invalidated the\nsignature. \nCVE-ID\nCVE-2015-3715 : Patrick Wardle of Synack\n\nSpotlight\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Searching for a malicious file with Spotlight may lead to\ncommand injection\nDescription:  A command injection vulnerability existed in the\nhandling of filenames of photos added to the local photo library. By sending a maliciously\nformatted message to systemstatsd, it may have been possible to\nexecute arbitrary code as the systemstatsd process. \nCVE-ID\n\nCVE-2014-8139\nCVE-2014-8140\nCVE-2014-8141\n\n\nOS X Yosemite 10.10.4 includes the security content of Safari 8.0.7",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0286"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001881"
      },
      {
        "db": "BID",
        "id": "73225"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0286"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "131308"
      },
      {
        "db": "PACKETSTORM",
        "id": "130933"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "133616"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "130982"
      },
      {
        "db": "PACKETSTORM",
        "id": "131086"
      },
      {
        "db": "PACKETSTORM",
        "id": "131585"
      },
      {
        "db": "PACKETSTORM",
        "id": "132518"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0286",
        "trust": 3.2
      },
      {
        "db": "BID",
        "id": "73225",
        "trust": 1.4
      },
      {
        "db": "JUNIPER",
        "id": "JSA10680",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1032917",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031929",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10110",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU99970459",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97220341",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95877131",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001881",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0286",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133318",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131308",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130933",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131044",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133616",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133325",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130982",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131086",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131585",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132518",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0286"
      },
      {
        "db": "BID",
        "id": "73225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001881"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "131308"
      },
      {
        "db": "PACKETSTORM",
        "id": "130933"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "133616"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "130982"
      },
      {
        "db": "PACKETSTORM",
        "id": "131086"
      },
      {
        "db": "PACKETSTORM",
        "id": "131585"
      },
      {
        "db": "PACKETSTORM",
        "id": "132518"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0286"
      }
    ]
  },
  "id": "VAR-201503-0055",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22222222
  },
  "last_update_date": "2024-07-23T19:31:48.325000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-09-16-1 iOS 9",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html"
      },
      {
        "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "title": "APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
      },
      {
        "title": "HT204942",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht204942"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205267"
      },
      {
        "title": "HT205212",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205212"
      },
      {
        "title": "HT204942",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht204942"
      },
      {
        "title": "HT205212",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205212"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205267"
      },
      {
        "title": "cisco-sa-20150320-openssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150320-openssl"
      },
      {
        "title": "HPSBGN03306 SSRT102007",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04626468"
      },
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95877131/522154/index.html"
      },
      {
        "title": "NV15-015",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-015.html"
      },
      {
        "title": "Fix ASN1_TYPE_cmp",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1"
      },
      {
        "title": "Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150319.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - January 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "title": "Bug 1202366",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202366"
      },
      {
        "title": "OpenSSL Updates of 19 March 2015",
        "trust": 0.8,
        "url": "https://access.redhat.com/articles/1384453"
      },
      {
        "title": "RHSA-2015:0715",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0715.html"
      },
      {
        "title": "RHSA-2015:0716",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0716.html"
      },
      {
        "title": "RHSA-2015:0752",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0752.html"
      },
      {
        "title": "SA92",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa92"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "July 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
      },
      {
        "title": "October 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "OpenSSL\u306b\u8907\u6570\u306e\u8106\u5f31\u6027 (19 Mar 2015)",
        "trust": 0.8,
        "url": "http://www.seil.jp/support/security/a01545.html"
      },
      {
        "title": "cisco-sa-20150320-openssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128874_cisco-sa-20150320-openssl-j.html"
      },
      {
        "title": "Red Hat: CVE-2015-0286",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-0286"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2537-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-498",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-498"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "Tenable Security Advisories: [R6] OpenSSL \u002720150319\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-04"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=2a43c5799a7dd07d6c0a92a3b040d12f"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150320-openssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
      },
      {
        "title": "Symantec Security Advisories: SA92 : OpenSSL Security Advisory 19-Mar-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=07adc2b6f5910b64efc7296f227b9f10"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-0286 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0286"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001881"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-17",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001881"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0286"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 1.4,
        "url": "https://access.redhat.com/articles/1384453"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0752.html"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0715.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/73225"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202366"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152844.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152733.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152734.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3197"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15%3a06.openssl.asc"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2537-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031929"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0716.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:063"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156823.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157177.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht204942"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht205212"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht205267"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa92"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10680"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10110"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032917"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95877131/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97220341/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu99970459/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0286"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-0286"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/4885/security-advisory-alienvault-v5-0-"
      },
      {
        "trust": 0.3,
        "url": "https://support.asperasoft.com/entries/93038317-security-bulletin-vulnerabilities-in-openssl"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/apr/37"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/137"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/134"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/136"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679334"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005226"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005241"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005254"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958089"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21961293"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962334"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966177"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098144"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020693"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory13.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958903"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963024"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-04-16.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://networks.unify.com/security/advisories/obso-1512-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005341"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964676"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701028"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005375"
      },
      {
        "trust": 0.3,
        "url": "www-01.ibm.com/support/docview.wss?uid=swg21701256"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10680\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21882710"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022183"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964164"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903799"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022382"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701238"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099273"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902449"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882644"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701054"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957922"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902544"
      },
      {
        "trust": 0.3,
        "url": "www-01.ibm.com/support/docview.wss?uid=swg21701086"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21702160"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903269"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022367"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883028"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098141"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902519"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020716"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022103"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902673"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883593"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099272"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700167"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005257"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903425"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21722409"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960212"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960210"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701354"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21883249"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098564"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098563"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098568"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964410"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964686"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?rs=630\u0026uid=swg21970748"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960588"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960668"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903261"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903729"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701326"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883221"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883222"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21713653"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701334"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882955"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.3,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/en-"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0288"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0292"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0209"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0293"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0287"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0289"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/17.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2537-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39581"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/jp/icewall_patchaccess"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayinstallinfo.do?product"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5800"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5765"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5802"
      },
      {
        "trust": 0.1,
        "url": "https://www.knownsec.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5795"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5788"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5799"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8146"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5794"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1129"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5791"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-3951"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5522"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5789"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1205"
      },
      {
        "trust": 0.1,
        "url": "https://www.safeye.org)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5793"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5764"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8611"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5523"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5801"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5796"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5790"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3801"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5792"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5767"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5748"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/insightupdates"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3673"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8140"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht204938"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3672"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8127"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3661"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3671"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1741"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8130"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8139"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3662"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8129"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1157"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht204950"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3663"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3668"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1799"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3666"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1798"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3667"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0286"
      },
      {
        "db": "BID",
        "id": "73225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001881"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "131308"
      },
      {
        "db": "PACKETSTORM",
        "id": "130933"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "133616"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "130982"
      },
      {
        "db": "PACKETSTORM",
        "id": "131086"
      },
      {
        "db": "PACKETSTORM",
        "id": "131585"
      },
      {
        "db": "PACKETSTORM",
        "id": "132518"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0286"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0286"
      },
      {
        "db": "BID",
        "id": "73225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001881"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "131308"
      },
      {
        "db": "PACKETSTORM",
        "id": "130933"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "133616"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "130982"
      },
      {
        "db": "PACKETSTORM",
        "id": "131086"
      },
      {
        "db": "PACKETSTORM",
        "id": "131585"
      },
      {
        "db": "PACKETSTORM",
        "id": "132518"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0286"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-0286"
      },
      {
        "date": "2015-03-19T00:00:00",
        "db": "BID",
        "id": "73225"
      },
      {
        "date": "2015-03-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001881"
      },
      {
        "date": "2015-08-26T01:33:25",
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "date": "2015-04-07T15:56:20",
        "db": "PACKETSTORM",
        "id": "131308"
      },
      {
        "date": "2015-03-20T05:46:26",
        "db": "PACKETSTORM",
        "id": "130933"
      },
      {
        "date": "2015-03-27T20:42:44",
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "date": "2015-09-19T15:18:18",
        "db": "PACKETSTORM",
        "id": "133616"
      },
      {
        "date": "2015-08-26T01:35:08",
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "date": "2015-03-24T17:03:13",
        "db": "PACKETSTORM",
        "id": "130982"
      },
      {
        "date": "2015-03-30T21:19:09",
        "db": "PACKETSTORM",
        "id": "131086"
      },
      {
        "date": "2015-04-22T20:14:53",
        "db": "PACKETSTORM",
        "id": "131585"
      },
      {
        "date": "2015-07-01T05:31:53",
        "db": "PACKETSTORM",
        "id": "132518"
      },
      {
        "date": "2015-03-19T22:59:04.677000",
        "db": "NVD",
        "id": "CVE-2015-0286"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-0286"
      },
      {
        "date": "2017-05-02T03:08:00",
        "db": "BID",
        "id": "73225"
      },
      {
        "date": "2016-11-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001881"
      },
      {
        "date": "2023-11-07T02:23:23.180000",
        "db": "NVD",
        "id": "CVE-2015-0286"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "73225"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/asn1/a_type.c of  ASN1_TYPE_cmp Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001881"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "73225"
      }
    ],
    "trust": 0.3
  }
}

var-201501-0338
Vulnerability from variot

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. Man-in-the-middle attacks against such software (man-in-the-middle attack) Is performed, the key used for encryption is decrypted, SSL/TLS The traffic content may be decrypted. this is" FREAK It is also called “attack”. Algorithm downgrade (CWE-757) CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') https://cwe.mitre.org/data/definitions/757.html Incorrect cipher strength (CWE-326) CWE-326: Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326.html SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. If a man-in-the-middle attack is performed on such software, it is guided to use a weak key in the negotiation at the start of communication, and as a result, encrypted information may be decrypted. The discoverer has released detailed information about this matter. FREAK: Factoring RSA Export Keys https://www.smacktls.com/#freakMan-in-the-middle attacks (man-in-the-middle attack) By SSL/TLS The contents of the communication may be decrypted. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks.

Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209).

The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature (CVE-2015-0286).

The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287).

The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (CVE-2015-0288).

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Web Server 2.1.1 security update Advisory ID: RHSA-2016:1650-01 Product: Red Hat JBoss Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1650.html Issue date: 2016-08-22 CVE Names: CVE-2014-3570 CVE-2015-0204 CVE-2016-2105 CVE-2016-2106 CVE-2016-3110 CVE-2016-5387 =====================================================================

  1. Summary:

An update is now available for Red Hat JBoss Web Server.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.

This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.1 Release Notes, linked to in the References section, for information on the most significant of these changes.

Security Fix(es):

  • It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)

  • An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105)

  • An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2106)

  • It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-3110)

  • It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)

Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5387; the OpenSSL project for reporting CVE-2016-2105 and CVE-2016-2106; and Michal Karm Babacek for reporting CVE-2016-3110. Upstream acknowledges Guido Vranken as the original reporter of CVE-2016-2105 and CVE-2016-2106.

  1. Solution:

Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

The References section of this erratum contains a download link (you must log in to download the update).

Refer to the Red Hat JBoss Enterprise Web Server 2.1.1 Release Notes for a list of non security related fixes.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK) 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results 1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1337151 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow [jbews-2.1.0] 1337155 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow [jbews-2.1.0] 1353755 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header 1358118 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header [jbews-2.1.0]

  1. References:

https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-3110 https://access.redhat.com/security/cve/CVE-2016-5387 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=distributions&version=2.1.1 https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/2.1/html/2.1.1_Release_Notes/index.html https://access.redhat.com/site/documentation/ https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html https://access.redhat.com/security/vulnerabilities/httpoxy

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFXuz/AXlSAg2UNWIIRAnGKAJ9OG0AmFsej7cbv8xXILF5Lo7krOACdHUkC VkvGRKSu76E7WPtB8TOdqyw= =7UQL -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe

Easy Update Via ThinPro / EasyUpdate (x86):

http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar

Via ThinPro / EasyUpdate (ARM):

http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar

Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem.

A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion (CVE-2015-0206).

When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference (CVE-2014-3569). This effectively removes forward secrecy from the ciphersuite (CVE-2014-3572). A server could present a weak temporary key and downgrade the security of the session (CVE-2015-0204).

An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered (CVE-2015-0205).

OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected (CVE-2014-8275).

The updated packages have been upgraded to the 1.0.0p version where these security flaws has been fixed.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 https://www.openssl.org/news/secadv_20150108.txt

Updated Packages:

Mandriva Business Server 1/X86_64: 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb LHbCdAkBpYHYSuaUwpiAu1w= =ePa9 -----END PGP SIGNATURE----- . HP SSL for OpenVMS: All versions prior to 1.4-502.

HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the following locations:

- HP SSL for OpenVMS website:

  http://h71000.www7.hp.com/openvms/products/ssl/ssl.html

- HP Support Center website:

  https://h20566.www2.hp.com/portal/site/hpsc/patch/home

  Note: Login using your HP Passport account. -----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04774019

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04774019 Version: 1

HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-08-24 Last Updated: 2015-08-24

Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.

References:

CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:

HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment

HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:

http://www.hp.com/go/insightupdates

Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.

HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.

HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location

HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744

HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=

HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169

HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115

HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021

HISTORY Version:1 (rev.1) - 24 August 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.

References:

CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101885

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The updates are available from either of the following sites:

ftp://sl098ze:Secure12@h2.usa.hp.com

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I

HP-UX Release HP-UX OpenSSL depot name

B.11.11 (11i v1) OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot

B.11.23 (11i v2) OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot

B.11.31 (11i v3) OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot

MANUAL ACTIONS: Yes - Update

Install OpenSSL A.00.09.08ze or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0338",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "jre 1.7.0 17",
        "scope": null,
        "trust": 1.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v4 to  v5.1"
      },
      {
        "model": "csview",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "/faq navigator"
      },
      {
        "model": "csview",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "/web questionnaire"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "ver6.0 to  ver8.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "infocage",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "security risk management  v1.0.2 to  v2.1.4"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "a series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "d series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "e series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "m series  (nas including options )"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "s series"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "enterprise edition v4.2 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "uddi registry v1.1 to  v7.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "web edition v4.1 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "enterprise edition v7.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "express v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "web edition v7.1 to  v8.1"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v6.4 to  v9.2"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "jobcenter cl/web r13.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "jobcenter cl/web r13.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "jdk 1.7.0 17",
        "scope": null,
        "trust": 1.5,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.7.0 13",
        "scope": null,
        "trust": 1.5,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.6.0 43",
        "scope": null,
        "trust": 1.5,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.6.0 39",
        "scope": null,
        "trust": 1.5,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.5.0:update 65",
        "scope": null,
        "trust": 1.2,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "oracle",
        "version": "1.7.072"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "oracle",
        "version": "1.8.025"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "oracle",
        "version": "1.6.085"
      },
      {
        "model": "jdk 1.6.0 43",
        "scope": null,
        "trust": 1.2,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.7.0 45",
        "scope": null,
        "trust": 1.2,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.6.0 38",
        "scope": null,
        "trust": 1.2,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "oracle",
        "version": "1.6.085"
      },
      {
        "model": "jre 1.7.0 13",
        "scope": null,
        "trust": 1.2,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "oracle",
        "version": "1.8.025"
      },
      {
        "model": "communications core session manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "7.3.5"
      },
      {
        "model": "communications core session manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "7.2.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zc"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "jre 17",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jre 1.6.0 31",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.7.0 8",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.7.0 21",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.5.0 32",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.6.081"
      },
      {
        "model": "jre 1.5.0 39",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.6.0 40",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.5.0 16",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jre 1.6.0 65",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 1.5.0 55",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 1.6.0 41",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.6.0:update 75",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.7.0:update 60",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.5.0 61",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 1.6.0 03",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.7.0 2",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jdk 1.5.0:update 65",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.5.0 45",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 1.6.0 41",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.6.081"
      },
      {
        "model": "jre 1.5.0 11",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.6.0:update 75",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.840"
      },
      {
        "model": "jre 1.6.0 39",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.5.0 40",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jre 1.6.0 23",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.6.0 60",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.7.0 51",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.5.0 35",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.5.0 25",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.5.0 32",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.7.072"
      },
      {
        "model": "jdk 1.7.0 45",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.691"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jre 1.5.0 55",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.8.0:update 5",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.5.0 29",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.6.0 28",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.6.0 11",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jre 1.5.0 17",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.8.0:update 5",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.5.0 27",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.6.0 60",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.6.0 03",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.7.0 4",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.776"
      },
      {
        "model": "jdk 01",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 1.6.0 28",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.6.0 26",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.7.0 10",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.7.0 14",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.7.0 10",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.6.0 45",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.7.0 15",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jre 1.7.0 21",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.6.0 71",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 1.5.0 23",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jdk 1.5.0 26",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.7.0 40",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.5.0 61",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.5.0 29",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.6.0 40",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.581"
      },
      {
        "model": "jdk 1.5.0 31",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 16",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 1.5.0 20",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.5.0 30",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 18",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.5.071"
      },
      {
        "model": "jdk 0 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 1.5.0 10",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.6.0 24",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.5.0 41",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.5.0 27",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 1.5.0 33",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.581"
      },
      {
        "model": "jre 1.5.0 14",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.5.0 24",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.7.0 25",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.6.0 32",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.7.0 2",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.5.0 25",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.6.0 24",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk .0 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jre 1.5.0 41",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.5.0 28",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.7.0 12",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.5.0 13",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.6.0 15",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.5.075"
      },
      {
        "model": "jre 1.7.0 9",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.6.0 21",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 15",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 1.6.0 18",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.6.0 22",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.6.0 32",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.5.0 31",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.7.0 8",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.6.0 21",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.7.0 25",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.5.0 38",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.6.0 37",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.6.0 27",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.6.0 15",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.840"
      },
      {
        "model": "jre 1.6.0 02",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.5.0 28",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.6.0 30",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.6.0 45",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.7.0 51",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.5.075"
      },
      {
        "model": "jre 15",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 17",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jdk 1.5.0 12",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.6.0 71",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.5.0 51",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.8.020"
      },
      {
        "model": "jre 1.5.0 26",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.7.0 40",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.6.0 26",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.5.0 30",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.7.0 15",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.5.0 39",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.7.0 14",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 17",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 18",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.7"
      },
      {
        "model": "jre 1.6.0 30",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.6.0 02",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.7.0 11",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.6.0 01",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jdk 07",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jdk 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 1.5.0 12",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.691"
      },
      {
        "model": "jre 1.5.0 13",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.6.0 25",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 22",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 1.5.0 35",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.5.0 45",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.6.0 23",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.6.0 65",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.6.0 20",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.5.0 51",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.6.0 27",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.7.0:update 60",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.7.067"
      },
      {
        "model": "jdk 1.7.0 12",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jdk 1.5.0 38",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.7.0 11",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.5.071"
      },
      {
        "model": "jdk 1.7.0 4",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.6.0 19",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.7.067"
      },
      {
        "model": "jdk 1.5.0 20",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.5.0 23",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.6.0 22",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 06",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.776"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "oracle",
        "version": "1.8.020"
      },
      {
        "model": "jre 1.6.0 25",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.5.0 40",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.7.0 9",
        "scope": null,
        "trust": 0.9,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk 1.6.0 18",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.6.0 19",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.6.0 14",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.5.0 33",
        "scope": null,
        "trust": 0.9,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 22",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "google",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "research in motion rim",
        "version": null
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "hs series"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v4.2 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard-j edition v4.1 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v7.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard-j edition v7.1 to  v8.1"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v7.1 to  v8.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator v3.1.0.x to  v4.1.0.x"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "hs series all versions"
      },
      {
        "model": "sparc enterprise m3000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.2"
      },
      {
        "model": "cosminexus studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 5"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.5.1.1"
      },
      {
        "model": "jdk",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "6 update 21 and earlier"
      },
      {
        "model": "xcp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "2260"
      },
      {
        "model": "ucosminexus client",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "sparc enterprise m4000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "ix3000 series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver.8.7.22 all subsequent versions"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.63"
      },
      {
        "model": "ucosminexus developer standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver2.0 to  8.0"
      },
      {
        "model": "jre",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.0 update 81 and earlier"
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.3.0.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v7.1 to  v8.1"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.22 and earlier"
      },
      {
        "model": "cosminexus developer version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jre",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "5.0 update 33 and earlier"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v4.2 to  v6.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.2"
      },
      {
        "model": "cosminexus developer standard version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "xcp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "(fujitsu m10-1/m10-4/m10-4s server )"
      },
      {
        "model": "cosminexus developer professional version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "server 12.1.0.2"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base (hs15-019)"
      },
      {
        "model": "application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "sparc enterprise m5000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional for plug-in"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle business intelligence enterprise edition 11.1.1.7"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- messaging"
      },
      {
        "model": "cosminexus application server version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.71"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.6.1.0.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sigmablade em card (n8405-019/019a/043) firmware  rev.14.02 before"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "3.0"
      },
      {
        "model": "cosminexus developer\u0027s kit for java",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "server 12.1.0.1"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "certd 10.0"
      },
      {
        "model": "ucosminexus developer light",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.2"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7500/nv5500/nv3500 series"
      },
      {
        "model": "cosminexus developer light version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "st ard-r"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7400/nv5400/nv3400 series"
      },
      {
        "model": "cosminexus client",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "-r"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.3.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.4.0.0"
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "ucosminexus server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "st ard-r"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.1"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c cmm all versions"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator probe option ver3.1.0.x to  ver4.1.0.x"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "jre",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "6 update 91 and earlier"
      },
      {
        "model": "ucosminexus operator",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle business intelligence enterprise edition 11.1.1.9"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "jdk",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.0 update 81 and earlier"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1"
      },
      {
        "model": "xcp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "certd 8.0r3 (with db plugin  patch 2)"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "jobcenter r14.1"
      },
      {
        "model": "application server for developers",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v4.1 to  v6.5"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base version 6 (hs15-018)"
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "hp icewall federation agent",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "3.0"
      },
      {
        "model": "cosminexus application server standard",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.1"
      },
      {
        "model": "systemdirector enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "for java ( all models ) v5.1 to  v7.2"
      },
      {
        "model": "developer\u0027s kit for java",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus client",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "for plug-in"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "express"
      },
      {
        "model": "jdk",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "6 update 91 and earlier"
      },
      {
        "model": "sparc enterprise m9000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ne series  ver.002.05.00 later versions"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- security enhancement"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1 to  v8.1"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "light"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator agent ver3.3 to  ver4.1"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle mobile security suite mss 3.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r2"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "01"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c ucm v8.5.4 before"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "ix2000 series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver.8.7.22 all subsequent versions"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.2.0"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r1"
      },
      {
        "model": "jrockit",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "r28.3.5 and earlier"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 10.0"
      },
      {
        "model": "xcp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1120"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator manager ver3.2.2 to  ver4.1"
      },
      {
        "model": "jre",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "6 update 21 and earlier"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle exalogic infrastructure 2.0.6.2"
      },
      {
        "model": "ucosminexus application server standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "sparc enterprise m8000 server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "jdk",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "5.0 update 33 and earlier"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.2.1"
      },
      {
        "model": "jdk 01-b06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "jre 1.5.0.0 09",
        "scope": null,
        "trust": 0.6,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "1.8"
      },
      {
        "model": "jdk .0 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 1.5.0.0 08",
        "scope": null,
        "trust": 0.6,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jdk .0 03",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 1.6.0 38",
        "scope": null,
        "trust": 0.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jre 1.6.0 2",
        "scope": null,
        "trust": 0.6,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "jdk 07-b03",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jdk 06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 1.5.0.0 08",
        "scope": null,
        "trust": 0.6,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.5.0.0 12",
        "scope": null,
        "trust": 0.6,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.6.0 34",
        "scope": null,
        "trust": 0.6,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "1.8"
      },
      {
        "model": "jdk 1.5.0.0 09",
        "scope": null,
        "trust": 0.6,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.5.0.0 11",
        "scope": null,
        "trust": 0.6,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 11-b03",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "jre 1.5.0.0 07",
        "scope": null,
        "trust": 0.6,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk 1.6.0 01",
        "scope": null,
        "trust": 0.6,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jre 1.6.0 20",
        "scope": null,
        "trust": 0.6,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.1"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.1"
      },
      {
        "model": "bes12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "12.0"
      },
      {
        "model": "bbm protected on blackberry",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1010.3.1.1767"
      },
      {
        "model": "rational doors next generation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "bbm on blackberry os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1010.3.1.1767"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.039"
      },
      {
        "model": "jdk update17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.17"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22025850"
      },
      {
        "model": "rational developer for power systems software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "rational developer for power systems software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.22"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.0.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.7"
      },
      {
        "model": "buildforge ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.28"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "websphere real time sr8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "85100"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.1"
      },
      {
        "model": "jdk update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "tivoli monitoring fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.306"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.5.055"
      },
      {
        "model": "netezza platform software 7.2.0.4-p3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.5"
      },
      {
        "model": "hunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1"
      },
      {
        "model": "control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.1"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.42"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.025"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.6.1.0.0"
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "prime security manager 04.8 qa08",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rational automation framework ifix5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "sametime community server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.04"
      },
      {
        "model": "cognos planning interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0-68"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355041980"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.47"
      },
      {
        "model": "rational application developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "cloud manager interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.12"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.22"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "sterling control center ifix01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.21"
      },
      {
        "model": "java sdk sr16-fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "java sdk sr4-fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37001.1"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.8"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310025820"
      },
      {
        "model": "websphere real time sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "tivoli storage flashcopy manager for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.2"
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2.00"
      },
      {
        "model": "tivoli asset discovery for distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2.0"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.7"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.5.039"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.43"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "notes fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.35"
      },
      {
        "model": "license metric tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.8.06"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.04"
      },
      {
        "model": "sterling connect:direct browser user interface ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.208"
      },
      {
        "model": "jre update22",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0.220"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50001.1"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.15"
      },
      {
        "model": "chassis management module 2pet12g",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "java sdk ga",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "system management homepage c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "db2 workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4(7.26)"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8.0.10"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.043"
      },
      {
        "model": "tivoli network performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "communications session border controller scz7.3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "domino fp if",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.121"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3"
      },
      {
        "model": "os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1010.3.1.1779"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.35"
      },
      {
        "model": "jre update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "cognos tm1 interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.2"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "dataquant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.3"
      },
      {
        "model": "tivoli storage manager for virtual environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.3"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.39"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "flashsystem 9848-ac2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v90000"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "sterling connect:direct browser ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.11.03"
      },
      {
        "model": "work space manager for bes10/bes12 23584 14",
        "scope": null,
        "trust": 0.3,
        "vendor": "blackberry",
        "version": null
      },
      {
        "model": "jdk update26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.0.260"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "nextscale nx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54550"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.14"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.22"
      },
      {
        "model": "tivoli network performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "link for mac os (build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1.1.139)"
      },
      {
        "model": "websphere dashboard framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "jdk 1.5.0 11",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "rational engineering lifecycle manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.5.036"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.1"
      },
      {
        "model": "chassis management module 2pet10e",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "workcentre 3025ni",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "3.50.01.10"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0-95"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.6"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "flashcopy manager for unix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.0"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.51"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0.180"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1.1"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571480"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.16"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.17"
      },
      {
        "model": "java sdk sr16-fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.5"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3"
      },
      {
        "model": "chassis management module 2pet10p",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "jdk 1.5.0.0 06",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.7"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.0.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "chassis management module 2peo12r",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "tivoli storage manager for virtual environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.3"
      },
      {
        "model": "control center ifix01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.0"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087220"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "java sdk 6r1 sr8-fp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "netezza platform software 7.1.0.4-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.6.1"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.3"
      },
      {
        "model": "bes12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "12.0.1"
      },
      {
        "model": "tivoli storage manager client management services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.200"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "32253.50.01.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "java sdk sr16",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "multi-enterprise integration gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "bbm meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "100"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.7"
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "java sdk sr16-fp10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "tivoli access manager for e-business",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "wag310g residential gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0-14"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.2"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.8"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "sterling control center ifix02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.10"
      },
      {
        "model": "flashcopy manager for oracle",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.5"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.7"
      },
      {
        "model": "tivoli storage manager operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "link for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1.2.1.31"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "agent desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.13"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "hp-ux b.11.31 (11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v3)"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.1"
      },
      {
        "model": "chassis management module 2pet12r",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "chassis management module 2pet10b",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "java sdk sr7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7"
      },
      {
        "model": "chassis management module 2peo12o",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ctpos 7.0r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.038"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational engineering lifecycle manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "system management homepage a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11.197"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15210"
      },
      {
        "model": "rational engineering lifecycle manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.3"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.31"
      },
      {
        "model": "rational application developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.3"
      },
      {
        "model": "domino fp if",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.365"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "java sdk sr16-fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "system management homepage 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.411"
      },
      {
        "model": "java sdk sr12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6"
      },
      {
        "model": "java sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.1"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "tape subsystems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.018"
      },
      {
        "model": "system idataplex dx360 m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x73210"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.019"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.15"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.11"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.51"
      },
      {
        "model": "sterling connect:direct browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.01"
      },
      {
        "model": "flashsystem 9846-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v90000"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.1"
      },
      {
        "model": "secure work space for bes10/bes12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "12.1.0.150361"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.0.1"
      },
      {
        "model": "rational engineering lifecycle manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "notes fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "flashcopy manager for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.1.1"
      },
      {
        "model": "os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "7.0"
      },
      {
        "model": "commoncryptolib",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "0"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "model": "jdk 1.5.0 11-b03",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bes10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.3"
      },
      {
        "model": "db2 connect unlimited advanced edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0"
      },
      {
        "model": "vgw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "flashcopy manager for db2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.0"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "flashcopy manager for db2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.2"
      },
      {
        "model": "tivoli storage manager for virtual environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.0"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.3"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325025830"
      },
      {
        "model": "jdk update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "systems insight manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "domino fix pack if",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.133"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "system management homepage 7.3.2.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "phaser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "30203.50.01.10"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.32"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.5.1.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5"
      },
      {
        "model": "bbm protected on ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "2.1"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.13"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.7"
      },
      {
        "model": "smartcloud entry fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.110"
      },
      {
        "model": "rational build utility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "84200"
      },
      {
        "model": "cms r16.3 r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.12"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079470"
      },
      {
        "model": "db2 connect enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.16"
      },
      {
        "model": "infosphere information analyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.01"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.032"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "websphere service registry and repository",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "2"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.0"
      },
      {
        "model": "os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "5.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      },
      {
        "model": "tivoli netcool configuration manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x363071580"
      },
      {
        "model": "ctpos 7.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mq appliance m2000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "jre update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "content analysis system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "jre update15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "dataquant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.19"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.801"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "java",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.590"
      },
      {
        "model": "java",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.600"
      },
      {
        "model": "tivoli storage manager for virtual environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.2.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux enterprise server sp4 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.3"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.0.50"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24078630"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "workcentre r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "6400061.070.105.25200"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "rational application developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "rational application developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "db2 connect application server advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.1"
      },
      {
        "model": "network node manager ispi for ip telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4"
      },
      {
        "model": "gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "flex system manager node types",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "87310"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.5"
      },
      {
        "model": "system m4 hdtype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054600"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2.3"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.13"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "websphere service registry and repository studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "java sdk sr fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7910"
      },
      {
        "model": "mobile security suite mss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "jre 1.5.0 08",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.8.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.6"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.5"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.01"
      },
      {
        "model": "aura application server sip core pb5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "jdk update33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "dataquant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.21"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.13"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.2"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.03"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.15"
      },
      {
        "model": "sterling connect:direct browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087180"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.045"
      },
      {
        "model": "jre update10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "websphere real time sr9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "rational developer for power systems software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "domino fix pack interim f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.12"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "sterling connect:direct browser user interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.52"
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "jdk update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.0"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.03"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.37"
      },
      {
        "model": "jre update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.01"
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.01"
      },
      {
        "model": "jdk update10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "rational doors next generation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "infosphere optim data masking solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3.0.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "java sdk sr16-fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "link for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1.2.0.28"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.0.9"
      },
      {
        "model": "system idataplex dx360 m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x73230"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "domino fp if4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.36"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "java",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.0"
      },
      {
        "model": "jre update13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "security appscan standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.6"
      },
      {
        "model": "workcentre spar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "355025.003.33.000"
      },
      {
        "model": "buildforge ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.37"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.2(3.1)"
      },
      {
        "model": "netezza platform software 7.1.0.5-p3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "jdk update21",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "dataquant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.18"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8"
      },
      {
        "model": "domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1.5"
      },
      {
        "model": "tivoli composite application manager for soa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "db2 query management facility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "network node manager i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x57145"
      },
      {
        "model": "java sdk sr5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "java",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.00"
      },
      {
        "model": "vds service broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.0.60"
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35001.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.5.041"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.6"
      },
      {
        "model": "flashsystem 9846-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "app for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "cognos tm1 interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.2"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.1"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "jdk update25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "chassis management module 2pet12h",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "xiv storage system gen3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.2.0"
      },
      {
        "model": "tivoli storage flashcopy manager for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "control center ifix02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.0"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "bbm protected on ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "2.7.0.32"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "flashcopy manager for custom applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "security identity governance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "tivoli storage manager operations center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.2.200"
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.5"
      },
      {
        "model": "jdk update27",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.43"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.103"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.24"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.04"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jdk update15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "platform cluster manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "network node manager ispi performance for qa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "domino fp if",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.122"
      },
      {
        "model": "tivoli provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.027"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "db2 enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "db2 connect application server advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "content analysis system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2.3.1"
      },
      {
        "model": "chassis management module 2pet12d",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x571460"
      },
      {
        "model": "rational doors next generation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.6"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.025"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x44079170"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "work browser for bes10/bes12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1.1.17483.17"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.8.05"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.0"
      },
      {
        "model": "rational doors next generation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5"
      },
      {
        "model": "rational agent controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3.3"
      },
      {
        "model": "tivoli asset management for it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1.0"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.18"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational application developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.4"
      },
      {
        "model": "network node manager ispi performance for metrics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "jdk update25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.0.250"
      },
      {
        "model": "db2 advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "hp-ux b.11.23 (11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v2)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.5"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.12"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.21"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.4"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.4"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "websphere mq mqipt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.033"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "flashcopy manager for db2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.0"
      },
      {
        "model": "mq light",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.0.1"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "cognos tm1 fp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.7"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.12"
      },
      {
        "model": "jdk 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.2"
      },
      {
        "model": "cms r16.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "rational application developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.43"
      },
      {
        "model": "sterling connect:direct browser user interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.11"
      },
      {
        "model": "rational doors next generation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "bbm protected on android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "2.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.19"
      },
      {
        "model": "domino interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.03"
      },
      {
        "model": "db2 recovery expert for linux unix and windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "rational sap connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.2"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "java",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "domino fix pack interim f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.15"
      },
      {
        "model": "mashup center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.7"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "flashcopy manager for unix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "netezza platform software 7.0.2.16-p3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "jdk update9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.043"
      },
      {
        "model": "jre update26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0.260"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "7"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.060"
      },
      {
        "model": "sterling connect:direct browser user interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.411"
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.2.2.2"
      },
      {
        "model": "network configuration and change management service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6.0"
      },
      {
        "model": "db2 recovery expert for linux unix and windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "6.0"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.2"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "java sdk sr14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.2"
      },
      {
        "model": "link for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1.2.1.16"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "10.0"
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.5"
      },
      {
        "model": "linux enterprise server sp2 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "tivoli network performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24087380"
      },
      {
        "model": "rational engineering lifecycle manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.41"
      },
      {
        "model": "network node manager ispi for ip multicast qa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3"
      },
      {
        "model": "domino fp if3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.24"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.10"
      },
      {
        "model": "websphere process server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.2"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.96"
      },
      {
        "model": "jre update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.3"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.2"
      },
      {
        "model": "cognos tm1 fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.238"
      },
      {
        "model": "ns oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1"
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.5.036"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "db2 connect unlimited edition for system i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "websphere service registry and repository",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.1"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.11"
      },
      {
        "model": "rational sap connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "systems insight manager sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.3"
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "work connect for bes10/bes12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1.0.17483.21"
      },
      {
        "model": "jdk update24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.1.8"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.1"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.051"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "5"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.8.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.4"
      },
      {
        "model": "domino if",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.06"
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "tivoli monitoring fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.29"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.9"
      },
      {
        "model": "one-x client enablement services sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "content analysis system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.102"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "jre update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0.50"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "blend for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "0"
      },
      {
        "model": "java sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.15"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "java",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.195"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.034"
      },
      {
        "model": "java sdk sr16",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.2"
      },
      {
        "model": "security appscan standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "xiv storage system gen3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.1.0"
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.0.1"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "web experience factory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "work space manager for bes10/bes12 24755 137",
        "scope": null,
        "trust": 0.3,
        "vendor": "blackberry",
        "version": null
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.13"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.3.3"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.5.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "operations analytics predictive insights",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "infosphere global name management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "jdk 1.5.0.0 04",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "network node manager ispi performance for qa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4"
      },
      {
        "model": "hp-ux b.11.11 (11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v1)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "jdk update28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0.280"
      },
      {
        "model": "domino fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.36"
      },
      {
        "model": "secure work space for bes10/bes12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "12.1.0.150360"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.6"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.6"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.7"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "tivoli asset management for it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.010"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1.2"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.038"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "dataquant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2"
      },
      {
        "model": "websphere service registry and repository studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "rational engineering lifecycle manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.4"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350073800"
      },
      {
        "model": "sterling connect:direct browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.11"
      },
      {
        "model": "jdk update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.9"
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.00"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.04"
      },
      {
        "model": "network node manager ispi performance for metrics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      },
      {
        "model": "phaser",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "36001.70.03.06"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1-73"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "jre update11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.0"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.4"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "network node manager ispi performance for qa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.0"
      },
      {
        "model": "system idataplex dx360 m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x63910"
      },
      {
        "model": "infosphere master data management server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "flashcopy manager for oracle with sap environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "aura utility services sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1.6"
      },
      {
        "model": "jre update27",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "jre update17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "jdk update27",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.0.270"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.32"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0"
      },
      {
        "model": "tivoli monitoring fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.303"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.56"
      },
      {
        "model": "chassis management module 2pet10h",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.12"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(0.625)"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x88079030"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "tivoli asset discovery for distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.19"
      },
      {
        "model": "network node manager ispi performance for metrics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.0"
      },
      {
        "model": "tivoli asset management for it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.12"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "flashsystem 9848-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.25"
      },
      {
        "model": "blend for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "100"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.013"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.21"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "java sdk 6r1 sr8-fp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.0"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "sterling control center ifix03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.41"
      },
      {
        "model": "rational application developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.3"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3.2"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.740"
      },
      {
        "model": "jdk 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.4"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "32153.50.01.10"
      },
      {
        "model": "websphere appliance management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22279160"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "jdk update31",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.11"
      },
      {
        "model": "os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "3.6"
      },
      {
        "model": "flashsystem 9846-ac2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v90000"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.5"
      },
      {
        "model": "chassis management module 2pet12i",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2.1"
      },
      {
        "model": "tivoli monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.2"
      },
      {
        "model": "domino fp if",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.366"
      },
      {
        "model": "jdk update13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "chassis management module 2pet10m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "tivoli system automation for integrated operations management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.032"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.45"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "jdk update19",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "chassis management module 2pete5o",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem 9848-ac2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v90007.5.1.0"
      },
      {
        "model": "communications session border controller scz7.2.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "rational developer for aix and cobol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.21"
      },
      {
        "model": "multi-enterprise integration gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.0.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.2"
      },
      {
        "model": "src series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.3.0"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.8"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.7"
      },
      {
        "model": "buildforge ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.66"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079440"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.32"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "42000"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flashcopy manager for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2.0"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14.20"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.760"
      },
      {
        "model": "websphere real time sr7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "websphere service registry and repository",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "sterling connect:direct browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2"
      },
      {
        "model": "jdk update30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0.300"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x571430"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "tivoli storage manager operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.07"
      },
      {
        "model": "bbm on blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "100"
      },
      {
        "model": "rational sap connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.1"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.5.051"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "rational doors next generation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "bes12 client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "12.0.0.70"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "ctp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.14"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.3"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.19"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.0"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.37"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.045"
      },
      {
        "model": "work space manager for bes10/bes12 24144 68",
        "scope": null,
        "trust": 0.3,
        "vendor": "blackberry",
        "version": null
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.5"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "java sdk sr16-fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.14"
      },
      {
        "model": "sametime community server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "tivoli monitoring fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.303"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "content collector for sap applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "business process manager advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087330"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.024"
      },
      {
        "model": "dataquant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.20"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.2"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.3"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4"
      },
      {
        "model": "rational engineering lifecycle manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.0.1"
      },
      {
        "model": "rational application developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.23"
      },
      {
        "model": "enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2.2"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.7"
      },
      {
        "model": "mate live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.02"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "flashsystem 9848-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v90000"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.5.038"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1.104"
      },
      {
        "model": "chassis management module 2pet12f",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.10"
      },
      {
        "model": "nsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.5.040"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.4"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.10"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "bbm protected on android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "2.7.0.6"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.11"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "work space manager for bes10/bes12 25374 241",
        "scope": null,
        "trust": 0.3,
        "vendor": "blackberry",
        "version": null
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pulse secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.5.041"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.029"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "flashcopy manager for unix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "websphere real time",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.2"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.5"
      },
      {
        "model": "java sdk r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1.73"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "java sdk 7r1 sr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310054570"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "network node manager ispi for ip multicast qa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flashcopy manager for db2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.9"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "websphere process server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x363073770"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "cics transaction gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "aura conferencing sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1841"
      },
      {
        "model": "database 12c release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "112.11"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "linux enterprise module for legacy software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "infosphere identity insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.21"
      },
      {
        "model": "flashsystem 9846-ae2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v90007.5.1.0"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.179"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "web experience factory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "tivoli netcool configuration manager if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.6003"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.027"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.022"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.4"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "sterling connect:direct browser ifix10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.5.3"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "security appscan standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "rational doors next generation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x638370"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "cognos insight standard edition fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.124"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "rational agent controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "sterling control center ifix04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.2.1"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "websphere service registry and repository",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.6.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "java sdk sr16-fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054540"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "platform cluster manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "jdk update17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "ctpos 6.6r5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.7"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.13"
      },
      {
        "model": "websphere real time sr fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3810"
      },
      {
        "model": "domino if",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.07"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "tivoli asset management for it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "rational developer for aix and cobol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "workcentre 3025bi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "3.50.01.10"
      },
      {
        "model": "sterling connect:direct browser ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.212"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.033"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "sterling control center ifix03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.1.0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "53000"
      },
      {
        "model": "jre 1.6.0 31",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.021"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "jdk 0 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "java sdk sr9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7"
      },
      {
        "model": "jdk update20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "db2 query management facility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.1"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "bbm on ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "tivoli monitoring fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.302"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.3"
      },
      {
        "model": "cics transaction gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.10"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "network node manager ispi performance for qa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1"
      },
      {
        "model": "systems insight manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "model": "blend for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "0"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.4"
      },
      {
        "model": "rational build utility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.750"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325054580"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "chassis management module 2peo12i",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "model": "notes fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.36"
      },
      {
        "model": "tivoli storage manager for virtual environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "lotus quickr for websphere portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "flashcopy manager for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.0"
      },
      {
        "model": "flashcopy manager for custom applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.1"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.060"
      },
      {
        "model": "flashcopy manager for unix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "chassis management module 2pet10c",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.02"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "chassis management module 2pet10f",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "tivoli network performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3"
      },
      {
        "model": "sterling control center ifix02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.34"
      },
      {
        "model": "jdk update21",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.10"
      },
      {
        "model": "rational developer for aix and cobol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "java sdk sr13-fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355042540"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "network node manager ispi performance for metrics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.029"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.6"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.5"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.2"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.0.1"
      },
      {
        "model": "one-x client enablement services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.7"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.5.2"
      },
      {
        "model": "blend for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "0"
      },
      {
        "model": "sterling connect:direct browser user interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.10"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.06"
      },
      {
        "model": "tivoli monitoring fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1.5"
      },
      {
        "model": "websphere process server hypervisor edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "phaser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "30523.50.01.11"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "work space manager for bes10/bes12 24651 124",
        "scope": null,
        "trust": 0.3,
        "vendor": "blackberry",
        "version": null
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.3"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.842"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.28"
      },
      {
        "model": "xiv storage system gen3 a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.0.0"
      },
      {
        "model": "telepresence te software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.030"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.1.11"
      },
      {
        "model": "java sdk sr13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6"
      },
      {
        "model": "tivoli monitoring fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.209"
      },
      {
        "model": "jre 1.5.0 09-b03",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "rational application developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.41"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "tivoli storage manager for virtual environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "enterprise linux server eus 6.6.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.0.4"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.051"
      },
      {
        "model": "security appscan standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "flashcopy manager for oracle with sap environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.0"
      },
      {
        "model": "db2 connect application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bbm on windows phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "2.0.0.25"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "flashcopy manager for oracle with sap environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "rational application developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.42"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "jre update30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0.300"
      },
      {
        "model": "java sdk 7r1 sr1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6.156"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.10"
      },
      {
        "model": "link for mac os (build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1.0.16)"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.13"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.034"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.27"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "rational application developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.7"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere application server community edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.0.4"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jre update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "tivoli system automation for integrated operations management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.4"
      },
      {
        "model": "app for stream",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "rational sap connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.8"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.035"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.6"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.1"
      },
      {
        "model": "rational application developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1(5.106)"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "jdk update11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.0"
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "java sdk sr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.42"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.3"
      },
      {
        "model": "work space manager for bes10/bes12 23853 47",
        "scope": null,
        "trust": 0.3,
        "vendor": "blackberry",
        "version": null
      },
      {
        "model": "java",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.480"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.026"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x638370"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1.1"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "tivoli netcool configuration manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.2"
      },
      {
        "model": "work space manager for bes10/bes12 25616 10",
        "scope": null,
        "trust": 0.3,
        "vendor": "blackberry",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "operations analytics predictive insights",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.4"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.0.0"
      },
      {
        "model": "domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.33"
      },
      {
        "model": "rational doors next generation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "network node manager i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.20"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2.2"
      },
      {
        "model": "workcentre spar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "35500"
      },
      {
        "model": "os image for aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.0"
      },
      {
        "model": "application policy infrastructure controller 1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.31"
      },
      {
        "model": "tivoli monitoring fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.24"
      },
      {
        "model": "web experience factory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.18"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "aura conferencing sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365042550"
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0-103"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12.201"
      },
      {
        "model": "rational application developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.2"
      },
      {
        "model": "java sdk sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.040"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.31"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ace30 application control engine module 3.0 a5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified computing system b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.96"
      },
      {
        "model": "rational doors next generation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.012"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2.127"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "rational sap connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.3"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.10"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.3"
      },
      {
        "model": "db2 advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "bbm meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "0"
      },
      {
        "model": "cms r17 r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.9"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.065"
      },
      {
        "model": "cognos insight standard edition fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.214"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9"
      },
      {
        "model": "tivoli monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.11"
      },
      {
        "model": "tivoli storage manager operations center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.200"
      },
      {
        "model": "network node manager ispi for ip telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "tivoli monitoring fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.305"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.01"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.5"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.10"
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.5.03.00"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.45"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1.4"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "hunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "database 12c release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "112.12"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.2"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.037"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.01"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli storage manager client management services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "bbm meetings for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.17"
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "sametime community server limited use",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "platform cluster manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "jdk update22",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0.220"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.12"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571470"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24087370"
      },
      {
        "model": "dataquant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "rational developer for power systems software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.31"
      },
      {
        "model": "content collector for sap applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "db2 developer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "sterling connect:direct browser user interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.0.10"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.0"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.5"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.8"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365041990"
      },
      {
        "model": "flashcopy manager for oracle with sap environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.1.1"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.11"
      },
      {
        "model": "network node manager ispi for net",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.2"
      },
      {
        "model": "flex system manager node types",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "87340"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.041"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "domino fix pack interim f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.24"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.12"
      },
      {
        "model": "secure work space for bes10/bes12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "12.1.0.150359"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.015"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "flashcopy manager for oracle",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "cms r17 r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0.180"
      },
      {
        "model": "network node manager i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "flashcopy manager for db2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.045"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.16"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.22"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "db2 enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "ringmaster appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "integrated management module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.47"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "domino interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.06"
      },
      {
        "model": "websphere process server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.15"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.5.051"
      },
      {
        "model": "java sdk sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7"
      },
      {
        "model": "java sdk sr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8"
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "websphere real time sr7 fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bbm meetings for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "0"
      },
      {
        "model": "business process manager advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.2"
      },
      {
        "model": "bes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "50"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0"
      },
      {
        "model": "system m4 bd type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365054660"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "jre update28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.19"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "iptv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.11"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "jdk update13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "dataquant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "web security appliance 9.0.0 -fcs",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "work space manager for bes10/bes12 24998 176",
        "scope": null,
        "trust": 0.3,
        "vendor": "blackberry",
        "version": null
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.6"
      },
      {
        "model": "mint",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "bes12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "12.1"
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "3"
      },
      {
        "model": "sterling control center ifix04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.0.1"
      },
      {
        "model": "flashcopy manager for oracle with sap environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.0"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.2"
      },
      {
        "model": "link for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1.0.1.12"
      },
      {
        "model": "jdk update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "tivoli monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.3"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.024"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "jdk update23",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.5.045"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.03"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.5"
      },
      {
        "model": "java sdk 7r1 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571490"
      },
      {
        "model": "domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.3.6"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jre 1.6.0 33",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "aura application server sip core pb3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.5.038"
      },
      {
        "model": "db2 purescale feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.5.040"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "tivoli storage flashcopy manager for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.1.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.5"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "network node manager ispi performance for traffic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.029"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.5"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network node manager ispi for mpls vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "chassis management module 2pete6l",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2.3"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.2"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.11"
      },
      {
        "model": "integrated management module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.00"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.12"
      },
      {
        "model": "os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1010.3.1.1154"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "mobile wireless transport manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "mate design",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "java",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.85"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "infosphere master data management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.143"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "chassis management module 2peo12p",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "dataquant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.16"
      },
      {
        "model": "powervu d9190 conditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.4"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.05"
      },
      {
        "model": "bes12 client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "12.0.0.74"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.023"
      },
      {
        "model": "jre update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "flashcopy manager for db2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.41"
      },
      {
        "model": "lotus widget factory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.1"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x353071600"
      },
      {
        "model": "tivoli access manager for e-business",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "cics transaction gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "jdk 0 09",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5"
      },
      {
        "model": "network node manager ispi for ip telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      },
      {
        "model": "flashcopy manager for custom applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.0"
      },
      {
        "model": "aura conferencing sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "java",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.470"
      },
      {
        "model": "java sdk sr16-fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0-12"
      },
      {
        "model": "flashcopy manager for custom applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.13"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.022"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.7"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.2"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "flashcopy manager for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "flashcopy manager for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.021"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.5"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.11"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.29"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "4"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "45000"
      },
      {
        "model": "bbm meetings for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "java sdk 6r1 sr8-fp3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "websphere real time sr5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "sterling control center ifix03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.2.1"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "domino fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.36"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network node manager ispi for ip telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "jdk update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "websphere real time sr8 fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.4"
      },
      {
        "model": "rational agent controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.06"
      },
      {
        "model": "flashsystem 9846-ac2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v90007.5.1.0"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "rational developer for power systems software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.07"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.11"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "network node manager ispi for net",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.3"
      },
      {
        "model": "sterling connect:direct browser ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.213"
      },
      {
        "model": "jdk update25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.12"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2.3"
      },
      {
        "model": "phaser 3300mfp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "20.105.52.000"
      },
      {
        "model": "rational sap connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.6"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079140"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "os image for red hat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.0.0"
      },
      {
        "model": "domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.4"
      },
      {
        "model": "flashsystem 9848-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.5"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.0.160"
      },
      {
        "model": "jre update28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0.280"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.2"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.51"
      },
      {
        "model": "jdk 1.6.0 01-b06",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "blend for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x571910"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.017"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "b2b advanced communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.0.3"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.32"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.4"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "004.000(1233)"
      },
      {
        "model": "tivoli storage flashcopy manager for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2.10"
      },
      {
        "model": "jdk 1.5.0.0 03",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "network node manager ispi for net",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.1"
      },
      {
        "model": "chassis management module 2pet10i",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.16"
      },
      {
        "model": "jre update33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "bes12 client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "12.0.0.69"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.1.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "link for mac os (build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1.1.135)"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.27"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x571450"
      },
      {
        "model": "network node manager i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "java sdk sr11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "java sdk sr15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "aura conferencing sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.0.121"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "jdk update18",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.5"
      },
      {
        "model": "mashup center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.0.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.8"
      },
      {
        "model": "security appscan standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.7"
      },
      {
        "model": "rational sap connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.5"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "domino fix pack if",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.367"
      },
      {
        "model": "jre update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.3"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.12"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.20"
      },
      {
        "model": "rational developer for power systems software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "aura messaging sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.1"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.1.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.031"
      },
      {
        "model": "rational developer for aix and cobol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "db2 connect unlimited advanced edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.030"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "websphere service registry and repository studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.17"
      },
      {
        "model": "mate collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "rational sap connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.4"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.019"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "jre 1.6.0 37",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bbm on android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "2.7.0.6"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "netezza platform software 7.0.4.7-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "network node manager ispi performance for traffic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.19"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "network node manager ispi for mpls vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.2"
      },
      {
        "model": "link for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1.2.3.48"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "flashsystem 9848-ae2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v90007.5.1.0"
      },
      {
        "model": "communications session border controller scz7.4.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.410"
      },
      {
        "model": "phaser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "32603.50.01.11"
      },
      {
        "model": "bbm protected on blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "0"
      },
      {
        "model": "db2 connect enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "phaser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "36000"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.1"
      },
      {
        "model": "cms r16.3 r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "flex system manager node types",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79550"
      },
      {
        "model": "app for netapp data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "notes fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.13"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2-77"
      },
      {
        "model": "infosphere master data management server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "rational engineering lifecycle manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350073830"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.035"
      },
      {
        "model": "network node manager ispi performance for traffic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.25"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:direct browser user interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.51"
      },
      {
        "model": "network node manager ispi for mpls vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.0"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.039"
      },
      {
        "model": "websphere process server hypervisor edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "1"
      },
      {
        "model": "license metric tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.0"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.3"
      },
      {
        "model": "rational engineering lifecycle manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:direct browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5"
      },
      {
        "model": "java sdk sr8-fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.13"
      },
      {
        "model": "cognos planning interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.12"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.026"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.4"
      },
      {
        "model": "alienvault",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.1"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.12"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "jre update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0.60"
      },
      {
        "model": "tivoli access manager for e-business",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.1"
      },
      {
        "model": "java sdk sr4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "netezza platform software 7.0.2.15-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.1"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.5.055"
      },
      {
        "model": "chassis management module 2pet12k",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.8"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.014"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.3"
      },
      {
        "model": "notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.3"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.0"
      },
      {
        "model": "system m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079450"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.19"
      },
      {
        "model": "websphere process server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.4"
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.4"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flashcopy manager for oracle",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "aura communication manager ssp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.040"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.2"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.6"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.011"
      },
      {
        "model": "flashcopy manager for custom applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.0"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "jdk update14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "chassis management module 2pet10d",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "infosphere identity insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "7.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1.8"
      },
      {
        "model": "websphere lombardi edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2.3"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x22079060"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.5.039"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "physical access gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x88042590"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "chassis management module 2pet10k",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "idataplex dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79790"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "jdk update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.23"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "dataquant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "malware analysis appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.8.06"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.44"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere real time sr6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.5.0"
      },
      {
        "model": "norman shark scada protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3.2"
      },
      {
        "model": "b2b advanced communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.0.2"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15-210"
      },
      {
        "model": "websphere mq for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v6"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.1"
      },
      {
        "model": "websphere real time sr4-fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.16"
      },
      {
        "model": "domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5"
      },
      {
        "model": "websphere service registry and repository",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.0"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "chassis management module 2pet10g",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "jre update21",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "rational doors next generation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.95"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.6"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.11"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.9"
      },
      {
        "model": "bbm on windows phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "2.0.0.24"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.11"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.08"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.037"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.1"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.7"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.45"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.8"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "chassis management module 2pet12p",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.8"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079150"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.3"
      },
      {
        "model": "tivoli monitoring fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.205"
      },
      {
        "model": "jre update32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0.320"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.2"
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1.3"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "cics transaction gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.0.170"
      },
      {
        "model": "chassis management module 2pet12o",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.18"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "norman shark network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.041"
      },
      {
        "model": "java sdk sr16-fp4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.7"
      },
      {
        "model": "work space manager for bes10/bes12 23819 44",
        "scope": null,
        "trust": 0.3,
        "vendor": "blackberry",
        "version": null
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.12"
      },
      {
        "model": "flashcopy manager for oracle with sap environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "sterling connect:direct browser ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.11.04"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.19"
      },
      {
        "model": "storediq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "sametime community server hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "as infinity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8.1"
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "sterling connect:direct browser user interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.11"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "jre 1.5.0 09",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "flashcopy manager for oracle",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "jre update25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "netezza platform software 7.0.4.8-p3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.10"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12.1"
      },
      {
        "model": "notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.010"
      },
      {
        "model": "network node manager ispi for ip multicast qa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "initiate master data service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "rational collaborative lifecycle management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "rational engineering lifecycle manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.6"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "flashcopy manager for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "hunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "systems insight manager update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.31"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.6"
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "rational engineering lifecycle manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "tririga for energy optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x571430"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.0.1"
      },
      {
        "model": "network node manager ispi for net",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.141"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.12"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "flashsystem 9846-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.4"
      },
      {
        "model": "notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.2"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.5.045"
      },
      {
        "model": "system idataplex dx360 m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x63800"
      },
      {
        "model": "java",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.205"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "content collector for sap applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "ctpview 7.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.16"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "sterling connect:direct browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.2"
      },
      {
        "model": "smartcloud entry fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.19"
      },
      {
        "model": "websphere service registry and repository",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "security appscan standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8"
      },
      {
        "model": "domino fix pack interim f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.36"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.6.1.3"
      },
      {
        "model": "jdk update16",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "domino fp if",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.123"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "rational doors next generation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "jdk update26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "websphere process server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079460"
      },
      {
        "model": "idataplex dx360 m4 water cooled type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79180"
      },
      {
        "model": "chassis management module 2pet12e",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "domino fp if",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.153"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.213"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2.106"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.110"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.020"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571920"
      },
      {
        "model": "java sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "tivoli netcool configuration manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.6"
      },
      {
        "model": "rational doors next generation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.023"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.15"
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "linux enterprise software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "java sdk sr16-fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.33"
      },
      {
        "model": "rational application developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "db2 connect unlimited edition for system i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.2"
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.14"
      },
      {
        "model": "db2 connect unlimited edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.05"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "domino fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.35"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "bbm on ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "2.7.0.32"
      },
      {
        "model": "tivoli storage flashcopy manager for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.0"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.12"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.13"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1.730"
      },
      {
        "model": "os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1010.3.0.1052"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.0"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "jdk update29",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.0.180"
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "jre update9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.13"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "bbm protected on blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "100"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.5"
      },
      {
        "model": "chassis management module 2pet10q",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "websphere real time sr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "39"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.3"
      },
      {
        "model": "web experience factory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.3"
      },
      {
        "model": "websphere service registry and repository studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "db2 connect application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "network node manager ispi performance for traffic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.09"
      },
      {
        "model": "network node manager ispi for mpls vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.1"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "flex system compute node type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x24089560"
      },
      {
        "model": "java sdk sr8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7"
      },
      {
        "model": "java",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.75"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.2"
      },
      {
        "model": "tivoli asset management for it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.1.8"
      },
      {
        "model": "rational rhapsody design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "tivoli storage flashcopy manager for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "data ontap operating in 7-mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "java sdk sr10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0(4.29)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "java sdk sr4-fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.6"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.6"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "rational developer for power systems software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.34"
      },
      {
        "model": "chassis management module 2peo12e",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "jre update9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0.90"
      },
      {
        "model": "websphere service registry and repository studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "rational requirements composer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "java sdk 7r1 sr2-fp10",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.4"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.00"
      },
      {
        "model": "web experience factory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "domino fp if",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.152"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.10"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "sterling control center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.4.2.1"
      },
      {
        "model": "rational developer for power systems software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "systems insight manager sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cognos insight standard edition fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.24"
      },
      {
        "model": "java sdk sr13-fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.14"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.1"
      },
      {
        "model": "jdk update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.6.016"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "aura application server sip core sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.1"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "jdk 1.5.0 07-b03",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "flashcopy manager for unix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.0"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "flashcopy manager for unix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.2"
      },
      {
        "model": "os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "java sdk 6r1 sr8",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mq light",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "cms r16",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "maximo asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.12"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087520"
      },
      {
        "model": "universal device service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.6.031"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.18"
      },
      {
        "model": "xiv storage system gen2 10.2.4.e-6",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.35"
      },
      {
        "model": "db2 connect unlimited edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "domino fp if",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.242"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "network node manager ispi for ip multicast qa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5.5"
      },
      {
        "model": "chassis management module 2pet10a",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.841"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "rational business developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "model": "domino fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.13"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.3"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.12"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational developer for aix and cobol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "system m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350078390"
      },
      {
        "model": "jdk update22",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "flashcopy manager for oracle",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.0"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.1"
      },
      {
        "model": "jdk update15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0"
      },
      {
        "model": "db2 workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "flashcopy manager for oracle",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11"
      },
      {
        "model": "ios 15.5 s",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "prime performance manager for sps ppm sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.6"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "jre update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.5.0.40"
      },
      {
        "model": "rational doors next generation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1"
      },
      {
        "model": "rational software architect design manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blackberry",
        "version": "1010.3.0.1418"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.8"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.33"
      },
      {
        "model": "flashcopy manager for custom applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.34"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.010"
      },
      {
        "model": "rational functional tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.12"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#243585"
      },
      {
        "db": "BID",
        "id": "71936"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-171"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0204"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zc",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0204"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2015-0204",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-0204",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 7.8,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2015-001672",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-0204",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2015-001672",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201501-171",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-0204",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0204"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-171"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0204"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue.  NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. Man-in-the-middle attacks against such software (man-in-the-middle attack) Is performed, the key used for encryption is decrypted, SSL/TLS The traffic content may be decrypted. this is\" FREAK It is also called \u201cattack\u201d. Algorithm downgrade (CWE-757) CWE-757: Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027) https://cwe.mitre.org/data/definitions/757.html Incorrect cipher strength (CWE-326) CWE-326: Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326.html SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. If a man-in-the-middle attack is performed on such software, it is guided to use a weak key in the negotiation at the start of communication, and as a result, encrypted information may be decrypted. The discoverer has released detailed information about this matter. FREAK: Factoring RSA Export Keys https://www.smacktls.com/#freakMan-in-the-middle attacks (man-in-the-middle attack) By SSL/TLS The contents of the communication may be decrypted. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. \n \n Use-after-free vulnerability in the d2i_ECPrivateKey function in\n crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r,\n 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote\n attackers to cause a denial of service (memory corruption and\n application crash) or possibly have unspecified other impact via a\n malformed Elliptic Curve (EC) private-key file that is improperly\n handled during import (CVE-2015-0209). \n \n The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before\n 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before\n 1.0.2a does not properly perform boolean-type comparisons, which allows\n remote attackers to cause a denial of service (invalid read operation\n and application crash) via a crafted X.509 certificate to an endpoint\n that uses the certificate-verification feature (CVE-2015-0286). \n \n The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a does not reinitialize CHOICE and ADB data structures,\n which might allow attackers to cause a denial of service (invalid\n write operation and memory corruption) by leveraging an application\n that relies on ASN.1 structure reuse (CVE-2015-0287). \n \n The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a might allow attackers to cause a denial of service\n (NULL pointer dereference and application crash) via an invalid\n certificate key (CVE-2015-0288). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote\n attackers to cause a denial of service (s2_lib.c assertion failure and\n daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Web Server 2.1.1 security update\nAdvisory ID:       RHSA-2016:1650-01\nProduct:           Red Hat JBoss Web Server\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1650.html\nIssue date:        2016-08-22\nCVE Names:         CVE-2014-3570 CVE-2015-0204 CVE-2016-2105 \n                   CVE-2016-2106 CVE-2016-3110 CVE-2016-5387 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Web Server. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.1.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.1\nRelease Notes, linked to in the References section, for information on the\nmost significant of these changes. \n\nSecurity Fix(es):\n\n* It was discovered that httpd used the value of the Proxy header from HTTP\nrequests to initialize the HTTP_PROXY environment variable for CGI scripts,\nwhich in turn was incorrectly used by certain HTTP client implementations\nto configure the proxy for outgoing HTTP requests. A remote attacker could\npossibly use this flaw to redirect HTTP requests performed by a CGI script\nto an attacker-controlled proxy via a malicious HTTP request. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of\ninput data. A remote attacker could use this flaw to crash an application\nusing OpenSSL or, possibly, execute arbitrary code with the permissions of\nthe user running that application. (CVE-2016-2105)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts\nof input data. A remote attacker could use this flaw to crash an\napplication using OpenSSL or, possibly, execute arbitrary code with the\npermissions of the user running that application. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-3110)\n\n* It was found that OpenSSL\u0027s BigNumber Squaring implementation could\nproduce incorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting\nCVE-2016-5387; the OpenSSL project for reporting CVE-2016-2105 and\nCVE-2016-2106; and Michal Karm Babacek for reporting CVE-2016-3110. \nUpstream acknowledges Guido Vranken as the original reporter of\nCVE-2016-2105 and CVE-2016-2106. \n\n3. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nRefer to the Red Hat JBoss Enterprise Web Server 2.1.1 Release Notes for a\nlist of non security related fixes. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1337151 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow [jbews-2.1.0]\n1337155 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow [jbews-2.1.0]\n1353755 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header\n1358118 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header [jbews-2.1.0]\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-3110\nhttps://access.redhat.com/security/cve/CVE-2016-5387\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=distributions\u0026version=2.1.1\nhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/2.1/html/2.1.1_Release_Notes/index.html\nhttps://access.redhat.com/site/documentation/\nhttps://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html\nhttps://access.redhat.com/security/vulnerabilities/httpoxy\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXuz/AXlSAg2UNWIIRAnGKAJ9OG0AmFsej7cbv8xXILF5Lo7krOACdHUkC\nVkvGRKSu76E7WPtB8TOdqyw=\n=7UQL\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. \n \n A memory leak can occur in the dtls1_buffer_record function under\n certain conditions. In particular this could occur if an attacker\n sent repeated DTLS records with the same sequence number but for the\n next epoch. The memory leak could be exploited by an attacker in a\n Denial of Service attack through memory exhaustion (CVE-2015-0206). \n \n When openssl is built with the no-ssl3 option and a SSL v3 ClientHello\n is received the ssl method would be set to NULL which could later\n result in a NULL pointer dereference (CVE-2014-3569). This effectively removes forward secrecy from\n the ciphersuite (CVE-2014-3572). A server could present\n a weak temporary key and downgrade the security of the session\n (CVE-2015-0204). \n \n An OpenSSL server will accept a DH certificate for client\n authentication without the certificate verify message. This\n only affects servers which trust a client certificate authority which\n issues certificates containing DH keys: these are extremely rare and\n hardly ever encountered (CVE-2015-0205). \n \n OpenSSL accepts several non-DER-variations of certificate signature\n algorithm and signature encodings. OpenSSL also does not enforce a\n match between the signature algorithm between the signed and unsigned\n portions of the certificate. By modifying the contents of the signature\n algorithm or the encoding of the signature, it is possible to change\n the certificate\u0026#039;s fingerprint. This does not allow an attacker to\n forge certificates, and does not affect certificate verification or\n OpenSSL servers/clients in any other way. It also does not affect\n common revocation mechanisms. Only custom applications that rely\n on the uniqueness of the fingerprint (e.g. certificate blacklists)\n may be affected (CVE-2014-8275). \n \n The updated packages have been upgraded to the 1.0.0p version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n https://www.openssl.org/news/secadv_20150108.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 08baba1b5ee61bdd0bfbcf81d465f154  mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n 51198a2b577e182d10ad72d28b67288e  mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm\n aa34fd335001d83bc71810d6c0b14e85  mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n c8b6fdaba18364b315e78761a5aa0c1c  mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm\n fc67f3da9fcd1077128845ce85be93e2  mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm \n ab8f672de2bf2f0f412034f89624aa32  mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb\nLHbCdAkBpYHYSuaUwpiAu1w=\n=ePa9\n-----END PGP SIGNATURE-----\n. \nHP SSL for OpenVMS: All versions prior to 1.4-502. \n\n  HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the\nfollowing locations:\n\n    - HP SSL for OpenVMS website:\n\n      http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\n    - HP Support Center website:\n\n      https://h20566.www2.hp.com/portal/site/hpsc/patch/home\n\n      Note: Login using your HP Passport account. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04774019\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04774019\nVersion: 1\n\nHPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5107    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2013-0248    (AV:L/AC:M/Au:N/C:N/I:P/A:P)        3.3\nCVE-2014-0118    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2014-0226    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2014-0231    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-1692    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-3523    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3569    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3570    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2014-3571    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3572    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-8142    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-8275    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-9427    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-9652    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-9653    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-9705    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0204    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2015-0205    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-0206    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0207    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0208    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-0209    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-0231    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0232    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-0273    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0285    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2015-0286    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0287    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0288    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0289    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0290    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0291    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0293    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-1787    (AV:N/AC:H/Au:N/C:N/I:N/A:P)        2.6\nCVE-2015-1788    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-2134    (AV:N/AC:M/Au:S/C:P/I:P/A:P)        6.0\nCVE-2015-2139    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\nCVE-2015-2140    (AV:N/AC:M/Au:S/C:P/I:P/A:N)        4.9\nCVE-2015-2301    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-2331    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-2348    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-2787    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-3113    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5122    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5123    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5402    (AV:L/AC:M/Au:N/C:C/I:C/A:C)        6.9\nCVE-2015-5403    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\nCVE-2015-5404    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5405    (AV:N/AC:M/Au:S/C:P/I:P/A:P)        6.0\nCVE-2015-5427    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5428    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5429    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5430    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2015-5431    (AV:N/AC:M/Au:S/C:P/I:P/A:N)        4.9\nCVE-2015-5432    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5433    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. These vulnerabilities could be exploited remotely to create a remote\nDenial of Service (DoS) and other vulnerabilites. \n\nReferences:\n\nCVE-2014-8275 Cryptographic Issues (CWE-310)\nCVE-2014-3569 Remote Denial of Service (DoS)\nCVE-2014-3570 Cryptographic Issues (CWE-310)\nCVE-2014-3571 Remote Denial of Service (DoS)\nCVE-2014-3572 Cryptographic Issues (CWE-310)\nCVE-2015-0204 Cryptographic Issues (CWE-310)\nSSRT101885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The\nupdates are available from either of the following sites:\n\nftp://sl098ze:Secure12@h2.usa.hp.com\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08ze or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0204"
      },
      {
        "db": "CERT/CC",
        "id": "VU#243585"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001009"
      },
      {
        "db": "BID",
        "id": "71936"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0204"
      },
      {
        "db": "PACKETSTORM",
        "id": "131045"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "138473"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      }
    ],
    "trust": 4.23
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0204",
        "trust": 3.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#243585",
        "trust": 1.6
      },
      {
        "db": "JVN",
        "id": "JVNVU99125992",
        "trust": 1.6
      },
      {
        "db": "BID",
        "id": "71936",
        "trust": 1.4
      },
      {
        "db": "JUNIPER",
        "id": "JSA10679",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10102",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10108",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10110",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1033378",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU98974537",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91828320",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95877131",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001009",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4252",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-171",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0204",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131045",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133318",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138473",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133317",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130987",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129870",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131408",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133325",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130545",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#243585"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0204"
      },
      {
        "db": "BID",
        "id": "71936"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001009"
      },
      {
        "db": "PACKETSTORM",
        "id": "131045"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "138473"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-171"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0204"
      }
    ]
  },
  "id": "VAR-201501-0338",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.4675421719999999
  },
  "last_update_date": "2024-07-23T19:53:23.981000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
        "trust": 1.6,
        "url": "http://jvn.jp/vu/jvnvu99125992/522154/index.html"
      },
      {
        "title": "NV15-016",
        "trust": 1.6,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-016.html"
      },
      {
        "title": "[08 Jan 2015]",
        "trust": 1.6,
        "url": "https://www.openssl.org/news/secadv_20150108.txt"
      },
      {
        "title": "3046015",
        "trust": 0.8,
        "url": "https://technet.microsoft.com/ja-jp/library/security/3046015"
      },
      {
        "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
      },
      {
        "title": "HT204659",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht204659"
      },
      {
        "title": "HT204659",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht204659"
      },
      {
        "title": "cisco-sa-20150310-ssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
      },
      {
        "title": "Only allow ephemeral RSA keys in export ciphersuites.",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0"
      },
      {
        "title": "HS15-018",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs15-018/index.html"
      },
      {
        "title": "HS15-019",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs15-019/index.html"
      },
      {
        "title": "HPSBGN03299 SSRT101987",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04604357"
      },
      {
        "title": "HPSBHF03289",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04602055"
      },
      {
        "title": "HPSBUX03244 SSRT101885",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04556853"
      },
      {
        "title": "1883640",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
      },
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831 (JVNVU#98974537)",
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98974537/522154/index.html"
      },
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831 (JVNVU#95877131)",
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95877131/522154/index.html"
      },
      {
        "title": "NV15-015",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-015.html"
      },
      {
        "title": "NV15-017",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html"
      },
      {
        "title": "[19 Mar 2015] RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150319.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
      },
      {
        "title": "Oracle Third Party Bulletin - January 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "title": "RHSA-2015:0800",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0800.html"
      },
      {
        "title": "RHSA-2015:0849",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0849.html"
      },
      {
        "title": "RHSA-2015:0066",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0066.html"
      },
      {
        "title": "July 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "April 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "http://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "CVE-2015-0204",
        "trust": 0.8,
        "url": "https://www.suse.com/security/cve/cve-2015-0204.html"
      },
      {
        "title": "OpenSSL\u306b\u8907\u6570\u306e\u8106\u5f31\u6027 (19 Mar 2015)",
        "trust": 0.8,
        "url": "http://www.seil.jp/support/security/a01545.html"
      },
      {
        "title": "cisco-sa-20150310-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html"
      },
      {
        "title": "HS15-018",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs15-018/index.html"
      },
      {
        "title": "HS15-019",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs15-019/index.html"
      },
      {
        "title": "TLSA-2015-2",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html"
      },
      {
        "title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "http://buffalo.jp/support_s/s20150327b.html"
      },
      {
        "title": "Oracle Corporation Java\u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
        "trust": 0.8,
        "url": "http://www.fmworld.net/biz/common/oracle/20150416.html"
      },
      {
        "title": "openssl-1.0.0p",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53190"
      },
      {
        "title": "openssl-0.9.8zd",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53189"
      },
      {
        "title": "openssl-1.0.1k.tar.gz",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53191"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150066 - security advisory"
      },
      {
        "title": "Cisco: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150113-cve-2015-0204"
      },
      {
        "title": "Red Hat: CVE-2015-0204",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-0204"
      },
      {
        "title": "Symantec Security Advisories: SA91 : FREAK Attack",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=fb8c9ab0a61ac1def90eef5ef6757895"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2459-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-469",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-469"
      },
      {
        "title": "Splunk Security Announcements: Splunk Enterprise versions 6.1.7, 6.0.8, and 5.0.12 address two vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=e17c368f43499efc420edc223af663db"
      },
      {
        "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=2a43c5799a7dd07d6c0a92a3b040d12f"
      },
      {
        "title": "Tenable Security Advisories: [R6] OpenSSL \u002720150319\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-04"
      },
      {
        "title": "Splunk Security Announcements: Splunk Enterprise 6.2.2 addresses two vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=d9c34d2680d213e5c9dae973a42328f1"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "FreakVulnChecker",
        "trust": 0.1,
        "url": "https://github.com/felmoltor/freakvulnchecker "
      },
      {
        "title": "Freak-Scanner",
        "trust": 0.1,
        "url": "https://github.com/scottjpack/freak-scanner "
      },
      {
        "title": "FREAK-Attack-CVE-2015-0204-Testing-Script",
        "trust": 0.1,
        "url": "https://github.com/abhishekghosh/freak-attack-cve-2015-0204-testing-script "
      },
      {
        "title": "stuff",
        "trust": 0.1,
        "url": "https://github.com/thekondrashov/stuff "
      },
      {
        "title": "non-controlflow-hijacking-datasets",
        "trust": 0.1,
        "url": "https://github.com/camel-clarkson/non-controlflow-hijacking-datasets "
      },
      {
        "title": "scz_doc_copy",
        "trust": 0.1,
        "url": "https://github.com/topcaver/scz_doc_copy "
      },
      {
        "title": "checks",
        "trust": 0.1,
        "url": "https://github.com/cryptflow/checks "
      },
      {
        "title": "tls",
        "trust": 0.1,
        "url": "https://github.com/greyleonie/tls "
      },
      {
        "title": "JPN_RIC13351-2",
        "trust": 0.1,
        "url": "https://github.com/neominds/jpn_ric13351-2 "
      },
      {
        "title": "script_a2sv",
        "trust": 0.1,
        "url": "https://github.com/f4rm0x/script_a2sv "
      },
      {
        "title": "a2sv",
        "trust": 0.1,
        "url": "https://github.com/hahwul/a2sv "
      },
      {
        "title": "a2sv",
        "trust": 0.1,
        "url": "https://github.com/84kaliplexon3/a2sv "
      },
      {
        "title": "a2sv",
        "trust": 0.1,
        "url": "https://github.com/theripperjhon/a2sv "
      },
      {
        "title": "sslscanner",
        "trust": 0.1,
        "url": "https://github.com/fireorb/sslscanner "
      },
      {
        "title": "a2sv",
        "trust": 0.1,
        "url": "https://github.com/h4ck3rt3ch/a2sv "
      },
      {
        "title": "HTTPSScan",
        "trust": 0.1,
        "url": "https://github.com/alexoslabs/httpsscan "
      },
      {
        "title": "A2SV--SSL-VUL-Scan",
        "trust": 0.1,
        "url": "https://github.com/nyctophile6/a2sv--ssl-vul-scan "
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2015/07/06/awoogah_get_ready_to_patch_severe_bug_in_openssl_this_thursday/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2015/03/13/cisco_freaks_out_starts_epic_openssl_bugsplat/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2015/03/03/government_crippleware_freaks_out_tlsssl/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0204"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-171"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.8
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001009"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0204"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://www.smacktls.com/#freak"
      },
      {
        "trust": 1.6,
        "url": "http://jvn.jp/vu/jvnvu99125992/index.html"
      },
      {
        "trust": 1.5,
        "url": "https://www.openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 1.4,
        "url": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
      },
      {
        "trust": 1.4,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "trust": 1.4,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0849.html"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1650.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/71936"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
      },
      {
        "trust": 1.1,
        "url": "http://support.novell.com/security/cve/cve-2015-0204.html"
      },
      {
        "trust": 1.1,
        "url": "https://freakattack.com/"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3125"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:063"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht204659"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0800.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa88"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa91"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/201503-11"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1033378"
      },
      {
        "trust": 1.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773241"
      },
      {
        "trust": 1.1,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10110"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99707"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.8,
        "url": "http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/757.html"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/326.html"
      },
      {
        "trust": 0.8,
        "url": "https://tools.ietf.org/html/rfc4346#appendix-f.1.1.2"
      },
      {
        "trust": 0.8,
        "url": "https://technet.microsoft.com/library/security/3046015.aspx"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/243585"
      },
      {
        "trust": 0.8,
        "url": "http://www.ipa.go.jp/security/ciadr/vul/20150415-jre.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2015/at150010.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98974537/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95877131/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91828320/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0204"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.6,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.6,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4252/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.3,
        "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.splunk.com/view/sp-caaanv8#announce1"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/feb/160"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101011689"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04773241"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679334"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022548"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022550"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005334"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902260"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903805"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960151"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960634"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963126"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21963526"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21964496"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21964610"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21964625"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964730"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966177"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857"
      },
      {
        "trust": 0.3,
        "url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/java_april2015_advisory.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960515"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/32cfd-51ec67c0f86df/cert_security_mini-_bulletin_xrx15ah_for_p3600_v1-0.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/30b1a-51f527aa71c0f/cert_security_mini-_bulletin_xrx15aj_for_wc3550_v1-0.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/38cb3-51fe2768b1a74/cert_security_mini-_bulletin_xrx15ak_for_p3635mfp_v1-0.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/3497e-521fff9cafe80/cert_security_mini-_bulletin_xrx15am_for_p30xx_p3260_wc30xx_wc3225_v1-0.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902444"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902710"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960815"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957999"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959525"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965448"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903747"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964850"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957855"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958902"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959575"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959252"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020751"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101008182"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101011698"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101011712"
      },
      {
        "trust": 0.3,
        "url": "https://service.sap.com/sap/support/notes/2163306"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903636"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005351"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903396"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967539"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903541"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903029"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957813"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965485"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964027"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903651"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958017"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903247"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903256"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903516"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965920"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961223"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903031"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965404"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962552"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958919"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958918"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957919"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962838"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960075"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902765"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902862"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902866"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959306"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903394"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957779"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961493"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005328"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964236"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957995"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902635"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700163"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097912"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699235"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700168"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701354"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700028"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022100"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005158"
      },
      {
        "trust": 0.3,
        "url": "http://www.splunk.com/view/sp-caaanxd"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005370"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960460"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963609"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965940"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967498"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967709"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967962"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968485"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968869"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098358"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959002"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699052"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699810"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2e28e-523433d609b1d/cert_security_mini-_bulletin_xrx15ap_for_wc6400_v1-0.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0204"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/310.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:0066"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/felmoltor/freakvulnchecker"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37722"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2459-1/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3110"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/site/documentation/en-us/jboss_enterprise_web_server/2/html-single/installation_guide/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5387"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/2.1/html/2.1.1_release_notes/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/site/documentation/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=distributions\u0026version=2.1.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/patch/home"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/insightupdates"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#243585"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0204"
      },
      {
        "db": "BID",
        "id": "71936"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001009"
      },
      {
        "db": "PACKETSTORM",
        "id": "131045"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "138473"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-171"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0204"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#243585"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0204"
      },
      {
        "db": "BID",
        "id": "71936"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001009"
      },
      {
        "db": "PACKETSTORM",
        "id": "131045"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "138473"
      },
      {
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-171"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0204"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#243585"
      },
      {
        "date": "2015-01-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-0204"
      },
      {
        "date": "2015-01-08T00:00:00",
        "db": "BID",
        "id": "71936"
      },
      {
        "date": "2015-03-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "date": "2015-01-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001009"
      },
      {
        "date": "2015-03-27T20:43:39",
        "db": "PACKETSTORM",
        "id": "131045"
      },
      {
        "date": "2015-08-26T01:33:25",
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "date": "2016-08-22T23:25:00",
        "db": "PACKETSTORM",
        "id": "138473"
      },
      {
        "date": "2015-08-26T01:33:18",
        "db": "PACKETSTORM",
        "id": "133317"
      },
      {
        "date": "2015-03-24T17:05:09",
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "date": "2015-01-09T17:43:35",
        "db": "PACKETSTORM",
        "id": "129870"
      },
      {
        "date": "2015-04-14T18:54:44",
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "date": "2015-08-26T01:35:08",
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "date": "2015-02-26T17:13:09",
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "date": "2015-01-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-171"
      },
      {
        "date": "2015-01-09T02:59:10.287000",
        "db": "NVD",
        "id": "CVE-2015-0204"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-10-27T00:00:00",
        "db": "CERT/CC",
        "id": "VU#243585"
      },
      {
        "date": "2018-07-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-0204"
      },
      {
        "date": "2018-10-08T07:00:00",
        "db": "BID",
        "id": "71936"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001009"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-171"
      },
      {
        "date": "2018-07-19T01:29:01.700000",
        "db": "NVD",
        "id": "CVE-2015-0204"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "131408"
      },
      {
        "db": "PACKETSTORM",
        "id": "130545"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-171"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SSL/TLS implementations accept export-grade RSA keys (FREAK attack)",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#243585"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-171"
      }
    ],
    "trust": 0.6
  }
}

var-201609-0596
Vulnerability from variot

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. Versions prior to OpenSSL 1.1.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 =====================================================================

  1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-2178)

  • It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181)

  • An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. (CVE-2016-2182)

  • A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)

This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.

  • An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. (CVE-2016-6302)

  • Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)

  • An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm

ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm

s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-48.el6_8.3.src.rpm

i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm

ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm

s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm

s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-51.el7_2.7.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/

CVE-2016-2178

Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.

CVE-2016-2179 / CVE-2016-2181

Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4.

For the unstable distribution (sid), these problems will be fixed soon. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016

openssl regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

USN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.

We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38

After a standard system update you need to reboot your computer to make all the necessary changes. OpenSSL Security Advisory [22 Sep 2016] ========================================

OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

Severity: High

A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.

Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.

OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

SSL_peek() hang on empty record (CVE-2016-6305)

Severity: Moderate

OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.

SWEET32 Mitigation (CVE-2016-2183)

Severity: Low

SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.

OOB write in MDC2_Update() (CVE-2016-6303)

Severity: Low

An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.

The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Malformed SHA512 ticket DoS (CVE-2016-6302)

Severity: Low

If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.

The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB write in BN_bn2dec() (CVE-2016-2182)

Severity: Low

The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

OOB read in TS_OBJ_print_bio() (CVE-2016-2180)

Severity: Low

The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Pointer arithmetic undefined behaviour (CVE-2016-2177)

Severity: Low

Avoid some undefined pointer arithmetic

A common idiom in the codebase is to check limits in the following manner: "p + len > limit"

Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS message).

The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.

For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

Constant time flag not preserved in DSA signing (CVE-2016-2178)

Severity: Low

Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.

DTLS buffered message DoS (CVE-2016-2179)

Severity: Low

In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.

DTLS replay protection DoS (CVE-2016-2181)

Severity: Low

A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.

Certificate message OOB reads (CVE-2016-6306)

Severity: Low

In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.

The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.

OpenSSL 1.1.0 is not affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.

Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)

Severity: Low

A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect DTLS users.

OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)

Severity: Low

This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.

A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:

1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.

Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.

This issue does not affect TLS users.

OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0596",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1t"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "(linux edition )"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "sg3600 all series"
      },
      {
        "model": "ix1000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard v8.2 to  v9.4"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "9.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "9"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "7"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "6"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "5"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "4"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "12.2"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "12.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "12"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "11.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "11"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "10.2"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "10.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "10"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.26"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.9"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.3"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9.15.9.8"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.8.15.7.15"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3.8"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.5"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.15"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.14"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.13"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.12"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.9"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.8"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.7"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.5"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.33"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.32"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.31"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.30"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.28"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.27"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.26"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.24"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.23"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.17"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.12"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.11"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.10"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.9"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.11"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.10"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.8"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.7"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.5"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.4"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.29"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.19"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.18"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.14"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.13"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.2.0.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "13.1.0.0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.2.0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9.0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7.0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.4.3.0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.11"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "project openssl 1.0.2i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl 1.0.1u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0x"
      },
      {
        "model": "project openssl 1.0.0t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "project openssl 0.9.8zh",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zg",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zf",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8."
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.405"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.403"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.402"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.401"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.400"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "email gateway 7.6.405h1165239",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "email gateway 7.6.405h1157986",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "email gateway 7.6.2h968406",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment 5.1.fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.9"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.8"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.6"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.5"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.10"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0.1"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.2"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "rrdi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.3.0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server multimedia platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client on-premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell iuh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization quality management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "unified ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager im \u0026 presence service (formerly c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs series and series fabric interconnects",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "620063000"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8200"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103200"
      },
      {
        "model": "telepresence server and mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087100"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence isdn gateway mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "telepresence isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "tandberg codian isdn gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "stealthwatch management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "stealthwatch identity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa525g 5-line ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart net total care local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "smart care",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "small business series managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "services provisioning platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "secure access control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime optical for service providers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime infrastructure plug and play standalone gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "partner support service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "onepk all-in-one virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches standalone nx-os mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus series blade switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "network performance analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nac appliance clean access server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "nac appliance clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "mxe series media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber client framework components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip series phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "ip series phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "content security appliance update servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud object storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x0"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aironet series access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27000"
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47100"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "series stackable managed switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "series digital media players",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "series smart plus switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2200"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "infinity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "13"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.28"
      },
      {
        "model": "oss support tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.15.17.3.14"
      },
      {
        "model": "project openssl",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.1"
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.406-3402.103"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13150-13"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3.1"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.5"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.11"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.23"
      },
      {
        "model": "powerkvm update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.3-6513"
      },
      {
        "model": "wireless lan controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.4"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1.30"
      },
      {
        "model": "webex meetings for windows phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82.8"
      },
      {
        "model": "webex meetings client on-premises t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings client hosted t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex centers t32",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtualization experience media edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.6"
      },
      {
        "model": "videoscape anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.7.2"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.9"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.9"
      },
      {
        "model": "video surveillance 4300e and 4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.9"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.9"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.9"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.003(002)"
      },
      {
        "model": "universal small cell iuh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "universal small cell cloudbase factory recovery root filesystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.17.3"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.23"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.23"
      },
      {
        "model": "unity express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "unified workforce optimization quality management solution 11.5 su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified sip proxy software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10"
      },
      {
        "model": "unified meetingplace 8.6mr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified ip conference phone for third-party call control 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip conference phone 10.3.1sr4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8831"
      },
      {
        "model": "unified ip phone 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6(1)"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "ucs standalone c-series rack server integrated management cont",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-3.0"
      },
      {
        "model": "ucs b-series blade servers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "uc integration for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.3"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "telepresence tx9000 series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "telepresence system tx1310",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "telepresence system ex series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system ex series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-376.1"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-326.1"
      },
      {
        "model": "telepresence system series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30006.1"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13006.1"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11006.1"
      },
      {
        "model": "telepresence system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10006.1"
      },
      {
        "model": "telepresence sx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence sx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8204.4"
      },
      {
        "model": "telepresence server on multiparty media and",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3103204.4"
      },
      {
        "model": "telepresence server and mse",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "701087104.4"
      },
      {
        "model": "telepresence profile series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence profile series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence mx series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence mx series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence mcu",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5(1.89)"
      },
      {
        "model": "telepresence integrator c series tc7.3.7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence integrator c series ce8.2.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa232d multi-line dect analog telephone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa122 analog telephone adapter with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "services provisioning platform sfp1.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.13"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.8"
      },
      {
        "model": "secure access control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.8.0.32.7"
      },
      {
        "model": "prime performance manager sp1611",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.7"
      },
      {
        "model": "prime network services controller 1.01u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.3.5"
      },
      {
        "model": "prime network registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "prime network",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "431"
      },
      {
        "model": "prime infrastructure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.7"
      },
      {
        "model": "nexus series switches standalone nx-os mode 7.0 i5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-"
      },
      {
        "model": "nexus series fabric switches aci mode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.19"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.19"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.19"
      },
      {
        "model": "nexus series switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "nexus series blade switches 4.1 e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "network analysis module 6.2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "netflow generation appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(1)"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.19"
      },
      {
        "model": "mds series multilayer switches 5.2.8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11"
      },
      {
        "model": "jabber for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "jabber for iphone and ipad",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "jabber for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "jabber client framework components",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.8"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.4"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.2"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.1"
      },
      {
        "model": "ios and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.5(3)"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.0.1"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.1.3"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1.9"
      },
      {
        "model": "firesight system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.0.10"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x8.8.3"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.9"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0.1"
      },
      {
        "model": "edge digital media player 1.2rb1.0.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "340"
      },
      {
        "model": "edge digital media player 1.6rb5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "digital media manager 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "digital media manager 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dcm series d9900 digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "content security management appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.140"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15.8.9"
      },
      {
        "model": "connected grid routers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.1"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.11"
      },
      {
        "model": "ata series analog terminal adaptors",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "asr series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500021.2"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2(1)"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "anyconnect secure mobility client for mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0.7"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.4"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.7"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.4"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.3"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.2"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270016.1"
      },
      {
        "model": "aironet series access points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "270015.5(3)"
      },
      {
        "model": "industrial router 1.2.1rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "910"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "series digital media players 5.4.1 rb4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "series digital media players 5.3.6 rb3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "92982"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004779"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2181"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-102"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2181"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-102"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-2181",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-2181",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-2181",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2181",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201609-102",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-2181",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2181"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004779"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2181"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-102"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. \nVersions prior to OpenSSL 1.1.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2016:1940-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1940.html\nIssue date:        2016-09-27\nCVE Names:         CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 \n                   CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 \n                   CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. \n(CVE-2016-2178)\n\n* It was discovered that the Datagram TLS (DTLS) implementation could fail\nto release memory in certain cases. A malicious DTLS client could cause a\nDTLS server using OpenSSL to consume an excessive amount of memory and,\npossibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw\nto make a DTLS server using OpenSSL to reject further packets sent from a\nDTLS client over an established DTLS connection. (CVE-2016-2181)\n\n* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()\nfunction. (CVE-2016-2182)\n\n* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL\nprotocol. A man-in-the-middle attacker could use this flaw to recover some\nplaintext data by capturing large amounts of encrypted traffic between\nTLS/SSL server and client if the communication used a DES/3DES based\nciphersuite. (CVE-2016-2183)\n\nThis update mitigates the CVE-2016-2183 issue by lowering priority of DES\ncipher suites so they are not preferred over cipher suites using AES. For\ncompatibility reasons, DES cipher suites remain enabled by default and\nincluded in the set of cipher suites identified by the HIGH cipher string. \nFuture updates may move them to MEDIUM or not enable them by default. \n\n* An integer underflow flaw leading to a buffer over-read was found in the\nway OpenSSL parsed TLS session tickets. (CVE-2016-6302)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* An out of bounds read flaw was found in the way OpenSSL formatted Public\nKey Infrastructure Time-Stamp Protocol data for printing. An attacker could\npossibly cause an application using OpenSSL to crash if it printed time\nstamp data from the attacker. A remote attacker could\npossibly use these flaws to crash a TLS/SSL server or client using OpenSSL. \n(CVE-2016-6306)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2179\nhttps://access.redhat.com/security/cve/CVE-2016-2180\nhttps://access.redhat.com/security/cve/CVE-2016-2181\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.openssl.org/news/secadv/20160922.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI\nxpTW7ApBLmKhVjs49DGYouI=\n=4VgY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Additional information can be found at\n    https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/    \n\nCVE-2016-2178\n\n    Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n    leak in the DSA code. \n\nCVE-2016-2179 / CVE-2016-2181\n\n    Quan Luo and the OCAP audit team discovered denial of service\n    vulnerabilities in DTLS. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4. \n\nFor the unstable distribution (sid), these problems will be fixed soon. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. This\n issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n  Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2181)\n  Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n  Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. \n (CVE-2016-2183)\n  Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)\n  Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2.  OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2181"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004779"
      },
      {
        "db": "BID",
        "id": "92982"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2181"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2181",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "92982",
        "trust": 2.0
      },
      {
        "db": "MCAFEE",
        "id": "SB10215",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1036690",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-16",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-21",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-20",
        "trust": 1.7
      },
      {
        "db": "PULSESECURE",
        "id": "SA40312",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU98667810",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004779",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-102",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2181",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138870",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138817",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138820",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138826",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169633",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2181"
      },
      {
        "db": "BID",
        "id": "92982"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004779"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2181"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-102"
      }
    ]
  },
  "id": "VAR-201609-0596",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.3797576935714285
  },
  "last_update_date": "2023-12-18T11:18:55.172000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160927-openssl",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "title": "1995039",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "title": "NV17-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "Fix DTLS replay protection",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=1fb9fdc3027b27d8eb6a1e6a846435b070980770"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Oracle Linux Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "title": "SA40312",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "title": "SA132",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "http://www.splunk.com/view/sp-caaapsv"
      },
      {
        "title": "TNS-2016-16",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "title": "OpenSSL Remediation measures for denial of service vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=63925"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-2181"
      },
      {
        "title": "Red Hat: CVE-2016-2181",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2181"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-755",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16"
      },
      {
        "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
      },
      {
        "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-2181 "
      },
      {
        "title": "alpine-cvecheck",
        "trust": 0.1,
        "url": "https://github.com/tomwillfixit/alpine-cvecheck "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2181"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004779"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-102"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-189",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004779"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2181"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.ubuntu.com/usn/usn-3087-1"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-3087-2"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/92982"
      },
      {
        "trust": 1.7,
        "url": "http://www.splunk.com/view/sp-caaapue"
      },
      {
        "trust": 1.7,
        "url": "http://www.splunk.com/view/sp-caaapsv"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa132"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-16"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1036690"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-21"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-20"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2017/jul/31"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2016/dsa-3673"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.f5.com/csp/article/k59298921"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770"
      },
      {
        "trust": 0.9,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
      },
      {
        "trust": 0.9,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=1fb9fdc3027b27d8eb6a1e6a846435b070980770"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2181"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98667810/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2181"
      },
      {
        "trust": 0.8,
        "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1"
      },
      {
        "trust": 0.6,
        "url": "https://www.openssl.org/news/vulnerabilities.html#y2017"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369113"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc"
      },
      {
        "trust": 0.3,
        "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2016-10-07.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995886"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996181"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000242"
      },
      {
        "trust": 0.2,
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/189.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-2181"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=48599"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3087-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2181"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2179"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2182"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6302"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1626883"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "https://sweet32.info)"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2181"
      },
      {
        "db": "BID",
        "id": "92982"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004779"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2181"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-102"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2181"
      },
      {
        "db": "BID",
        "id": "92982"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004779"
      },
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2181"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-102"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2181"
      },
      {
        "date": "2016-07-05T00:00:00",
        "db": "BID",
        "id": "92982"
      },
      {
        "date": "2016-09-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004779"
      },
      {
        "date": "2016-09-27T19:32:00",
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "date": "2016-09-22T22:22:00",
        "db": "PACKETSTORM",
        "id": "138817"
      },
      {
        "date": "2016-09-22T22:25:00",
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "date": "2016-09-23T19:19:00",
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "date": "2016-09-22T12:12:12",
        "db": "PACKETSTORM",
        "id": "169633"
      },
      {
        "date": "2016-09-16T05:59:01.347000",
        "db": "NVD",
        "id": "CVE-2016-2181"
      },
      {
        "date": "2016-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-102"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2181"
      },
      {
        "date": "2018-02-05T14:00:00",
        "db": "BID",
        "id": "92982"
      },
      {
        "date": "2017-07-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004779"
      },
      {
        "date": "2023-11-07T02:31:01.697000",
        "db": "NVD",
        "id": "CVE-2016-2181"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-102"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138870"
      },
      {
        "db": "PACKETSTORM",
        "id": "138820"
      },
      {
        "db": "PACKETSTORM",
        "id": "138826"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-102"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  DTLS Service disruption in the anti-replay functionality of the implementation  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004779"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "digital error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-102"
      }
    ],
    "trust": 0.6
  }
}

var-201410-1144
Vulnerability from variot

Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. OpenSSL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL prior to 0.9.8zc, 1.0.0o, and 1.0.1j are vulnerable. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected.

This issue was reported to OpenSSL on 26th September 2014, based on an original issue and patch developed by the LibreSSL project. Further analysis of the issue was performed by the OpenSSL team.

The fix was developed by the OpenSSL team.

This issue was reported to OpenSSL on 8th October 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

SSL 3.0 Fallback protection

Severity: Medium

OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade.

Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE (CVE-2014-3566).

https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 https://www.openssl.org/~bodo/ssl-poodle.pdf

Support for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller.

Build option no-ssl3 is incomplete (CVE-2014-3568)

Severity: Low

When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them.

This issue was reported to OpenSSL by Akamai Technologies on 14th October 2014.

The fix was developed by Akamai and the OpenSSL team.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20141015.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2014:1692-01 Product: Red Hat Storage Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1692.html Issue date: 2014-10-22 CVE Names: CVE-2014-3513 CVE-2014-3567 =====================================================================

  1. Summary:

Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Storage 2.1.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Storage Server 2.1 - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.

This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.

This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication.

For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123

A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. (CVE-2014-3567)

All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to mitigate the CVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

  1. Package List:

Red Hat Storage Server 2.1:

Source: openssl-1.0.1e-30.el6_6.2.src.rpm

x86_64: openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-3513 https://access.redhat.com/security/cve/CVE-2014-3567 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/1232123

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFUR/NUXlSAg2UNWIIRAlZHAJwPwsoiJDn5RhI6U8eFkIzxyQopkQCePynp RpfQCptdJIpd6WXO7pw1vVo= =T20t -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. 

This update adds support for Fallback SCSV to mitigate this issue. -----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

APPLE-SA-2015-09-16-2 Xcode 7.0

Xcode 7.0 is now available and addresses the following:

DevTools Available for: OS X Yosemite v10.10.4 or later Impact: An attacker may be able to bypass access restrictions Description: An API issue existed in the apache configuration. This issue was addressed by updating header files to use the latest version. CVE-ID CVE-2015-3185 : Branko Aibej of the Apache Software Foundation

IDE Xcode Server Available for: OS X Yosemite 10.10 or later Impact: An attacker may be able to access restricted parts of the filesystem Description: A comparison issue existed in the node.js send module prior to version 0.8.4. This issue was addressed by upgrading to version 0.12.3. CVE-ID CVE-2014-6394 : Ilya Kantor

IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilties in OpenSSL Description: Multiple vulnerabilties existed in the node.js OpenSSL module prior to version 1.0.1j. CVE-ID CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: An attacker with a privileged network position may be able to inspect traffic to Xcode Server Description: Connections to Xcode Server may have been made without encryption. This issue was addressed through improved network connection logic. CVE-ID CVE-2015-5910 : an anonymous researcher

IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Build notifications may be sent to unintended recipients Description: An access issue existed in the handling of repository email lists. This issue was addressed through improved validation. CVE-ID CVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of Anchorfree

subversion Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities existed in svn versions prior to 1.7.19 Description: Multiple vulnerabilities existed in svn versions prior to 1.7.19. These issues were addressed by updating svn to version 1.7.20. CVE-ID CVE-2015-0248 CVE-2015-0251

Xcode 7.0 may be obtained from: https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

  • Select Xcode in the menu bar
  • Select About Xcode
  • The version after applying this update will be "7.0".

Release Date: 2014-10-28 Last Updated: 2014-10-28

Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, man-in-the-middle (MitM) attack

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running OpenSSL.

This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information.

References:

CVE-2014-3566 Man-in-th-Middle (MitM) attack CVE-2014-3567 Remote Unauthorized Access CVE-2014-3568 Remote Denial of Service (DoS) SSRT101767

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8zc

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following updates to resolve these vulnerabilities. The updates are available from the following ftp site.

ftp://ssl098zc:Secure12@ftp.usa.hp.com

User name: ssl098zc Password: (NOTE: Case sensitive) Secure12

HP-UX Release HP-UX OpenSSL version

B.11.11 (11i v1) A.00.09.08zc.001_HP-UX_B.11.11_32+64.depot

B.11.23 (11i v2) A.00.09.08zc.002_HP-UX_B.11.23_IA-PA.depot

B.11.31 (11i v3) A.00.09.08zc.003_HP-UX_B.11.31_IA-PA.depot

MANUAL ACTIONS: Yes - Update

Install OpenSSL A.00.09.08zc or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.11

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zc.001 or subsequent

HP-UX B.11.23

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zc.002 or subsequent

HP-UX B.11.31

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zc.003 or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 28 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2015:062 http://www.mandriva.com/en/support/security/

Package : openssl Date : March 27, 2015 Affected: Business Server 2.0

Problem Description:

Multiple vulnerabilities has been discovered and corrected in openssl:

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298).

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).

The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt

Updated Packages:

Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . Please refer to the RESOLUTION section below for a list of impacted products.

Note: mitigation instructions are included below if the following software updates cannot be applied.

Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted 3Com Branded Products Impacted CVE

12900 Switch Series R1005P15 JG619A HP FF 12910 Switch AC Chassis JG621A HP FF 12910 Main Processing Unit JG632A HP FF 12916 Switch AC Chassis JG634A HP FF 12916 Main Processing Unit

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

12500 R1828P06 JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M) H3C 12508 DC Switch Chassis (0235A38L) H3C 12518 DC Switch Chassis (0235A38K)

CVE-2014-3566 CVE-2014-3568

12500 (Comware v7) R7328P04 JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JG497A HP 12500 MPU w/Comware V7 OS JG782A HP FF 12508E AC Switch Chassis JG783A HP FF 12508E DC Switch Chassis JG784A HP FF 12518E AC Switch Chassis JG785A HP FF 12518E DC Switch Chassis JG802A HP FF 12500E MPU H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M) H3C 12508 DC Switch Chassis (0235A38L) H3C 12518 DC Switch Chassis (0235A38K)

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

11900 Switch Series R2111P06 JG608A HP FF 11908-V Switch Chassis JG609A HP FF 11900 Main Processing Unit

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

10500 Switch Series (Comware v5) R1208P10 JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC614A HP 10500 Main Processing Unit JC748A HP 10512 Switch Chassis JG375A HP 10500 TAA Main Processing Unit JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis

CVE-2014-3566 CVE-2014-3568

10500 Switch Series (Comware v7) R2111P06 JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC748A HP 10512 Switch Chassis JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis JG496A HP 10500 Type A MPU w/Comware v7 OS

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

9500E R1828P06 JC124A HP A9508 Switch Chassis JC124B HP 9505 Switch Chassis JC125A HP A9512 Switch Chassis JC125B HP 9512 Switch Chassis JC474A HP A9508-V Switch Chassis JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6) H3C S9512E Routing-Switch Chassis (0235A0G7) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9505E Chassis w/ Fans (0235A38P) H3C S9512E Chassis w/ Fans (0235A38R)

CVE-2014-3566 CVE-2014-3568

7900 R2122 JG682A HP FlexFabric 7904 Switch Chassis JH001A HP FF 7910 2.4Tbps Fabric / MPU JG842A HP FF 7910 7.2Tbps Fabric / MPU JG841A HP FF 7910 Switch Chassis

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

7500 Switch Series R6708P10 JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T JC697A HP A7502 TAA Main Processing Unit JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE JC700A HP A7500 384 Gbps TAA Fabric / MPU JC701A HP A7510 768 Gbps TAA Fabric / MPU JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports JD194A HP 384 Gbps Fabric A7500 Module JD194B HP 7500 384Gbps Fabric Module JD195A HP 7500 384Gbps Advanced Fabric Module JD196A HP 7502 Fabric Module JD220A HP 7500 768Gbps Fabric Module JD238A HP A7510 Switch Chassis JD238B HP 7510 Switch Chassis JD239A HP A7506 Switch Chassis JD239B HP 7506 Switch Chassis JD240A HP A7503 Switch Chassis JD240B HP 7503 Switch Chassis JD241A HP A7506 Vertical Switch Chassis JD241B HP 7506-V Switch Chassis JD242A HP A7502 Switch Chassis JD242B HP 7502 Switch Chassis JD243A HP A7503 Switch Chassis w/1 Fabric Slot JD243B HP 7503-S Switch Chassis w/1 Fabric Slot H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4) H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2) H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5) H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1) H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3) H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0) H3C S7502E Chassis w/ fans (0235A29A) H3C S7503E Chassis w/ fans (0235A27R) H3C S7503E-S Chassis w/ fans (0235A33R) H3C S7506E Chassis w/ fans (0235A27Q) H3C S7506E-V Chassis w/ fans (0235A27S)

CVE-2014-3566 CVE-2014-3568

HSR6800 R3303P18 JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU

CVE-2014-3566 CVE-2014-3568

HSR6800 Russian Version R3303P18 JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU

CVE-2014-3566 CVE-2014-3568

HSR6602 R3303P18 JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router JG777A HP HSR6602-XG TAA Router

CVE-2014-3566 CVE-2014-3568

HSR6602 Russian Version R3303P18 JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router

CVE-2014-3566 CVE-2014-3568

6602 R3303P18 JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D)

CVE-2014-3566 CVE-2014-3568

6602 Russian Version R3303P18 JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D)

CVE-2014-3566 CVE-2014-3568

A6600 R3303P18 JC165A HP 6600 RPE-X1 Router Module JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR66-RPE-X1-H3 (0231A761) H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

CVE-2014-3566 CVE-2014-3568

A6600 Russian Version R3303P18 JC165A HP 6600 RPE-X1 Router Module JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR66-RPE-X1-H3 (0231A761) H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

CVE-2014-3566 CVE-2014-3568

6600 MCP R3303P18 JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

CVE-2014-3566 CVE-2014-3568

6600 MCP Russian Version R3303P18 JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router JG778A HP 6600 MCP-X2 Router TAA MPU

H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

CVE-2014-3566 CVE-2014-3568

5920 Switch Series R2311P05 JG296A HP 5920AF-24XG Switch JG555A HP 5920AF-24XG TAA Switch

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

5900 Switch Series R2311P05 JC772A HP 5900AF-48XG-4QSFP+ Switch JG336A HP 5900AF-48XGT-4QSFP+ Switch JG510A HP 5900AF-48G-4XG-2QSFP+ Switch JG554A HP 5900AF-48XG-4QSFP+ TAA Switch JG838A HP FF 5900CP-48XG-4QSFP+ Switch

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

5830 Switch Series R1118P11 JC691A HP A5830AF-48G Switch w/1 Interface Slot JC694A HP A5830AF-96G Switch JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot JG374A HP 5830AF-96G TAA Switch

CVE-2014-3566 CVE-2014-3568

5820 Switch Series R1809P03 JC102A HP 5820-24XG-SFP+ Switch JC106A HP 5820-14XG-SFP+ Switch with 2 Slots JG219A HP 5820AF-24XG Switch JG243A HP 5820-24XG-SFP+ TAA-compliant Switch JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media modules Plus OSM (0235A37L) H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T (RJ45) (0235A370)

CVE-2014-3566 CVE-2014-3568

5800 Switch Series R1809P03 JC099A HP 5800-24G-PoE Switch JC100A HP 5800-24G Switch JC101A HP 5800-48G Switch with 2 Slots JC103A HP 5800-24G-SFP Switch JC104A HP 5800-48G-PoE Switch JC105A HP 5800-48G Switch JG225A HP 5800AF-48G Switch JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots JG254A HP 5800-24G-PoE+ TAA-compliant Switch JG255A HP 5800-24G TAA-compliant Switch JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot JG258A HP 5800-48G TAA Switch w 1 Intf Slot H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot (0235A36U) H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X (SFP Plus ) Plus 1 media module PoE (0235A36S) H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus media module (no power) (0235A374) H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus ) Plus media module (0235A379) H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module (0235A378) H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM (0235A36W)

CVE-2014-3566 CVE-2014-3568

5700 R2311P05 JG894A HP FF 5700-48G-4XG-2QSFP+ Switch JG895A HP FF 5700-48G-4XG-2QSFP+ TAA Switch JG896A HP FF 5700-40XG-2QSFP+ Switch JG897A HP FF 5700-40XG-2QSFP+ TAA Switch JG898A HP FF 5700-32XGT-8XG-2QSFP+ Switch JG899A HP FF 5700-32XGT-8XG-2QSFP+ TAA Switch

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

5500 HI Switch Series R5501P06 JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt

CVE-2014-3566 CVE-2014-3568

5500 EI Switch Series R2221P08 JD373A HP 5500-24G DC EI Switch JD374A HP 5500-24G-SFP EI Switch JD375A HP 5500-48G EI Switch JD376A HP 5500-48G-PoE EI Switch JD377A HP 5500-24G EI Switch JD378A HP 5500-24G-PoE EI Switch JD379A HP 5500-24G-SFP DC EI Switch JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts H3C S5500-28C-EI Ethernet Switch (0235A253) H3C S5500-28F-EI Eth Switch AC Single (0235A24U) H3C S5500-52C-EI Ethernet Switch (0235A24X) H3C S5500-28C-EI-DC Ethernet Switch (0235A24S) H3C S5500-28C-PWR-EI Ethernet Switch (0235A255) H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259) H3C S5500-52C-PWR-EI Ethernet Switch (0235A251)

CVE-2014-3566 CVE-2014-3568

5500 SI Switch Series R2221P08 JD369A HP 5500-24G SI Switch JD370A HP 5500-48G SI Switch JD371A HP 5500-24G-PoE SI Switch JD372A HP 5500-48G-PoE SI Switch JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts H3C S5500-28C-SI Ethernet Switch (0235A04U) H3C S5500-52C-SI Ethernet Switch (0235A04V) H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H) H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)

CVE-2014-3566 CVE-2014-3568

5130 EI switch Series R3108P03 JG932A HP 5130-24G-4SFP+ EI Switch JG933A HP 5130-24G-SFP-4SFP+ EI Switch JG934A HP 5130-48G-4SFP+ EI Switch JG936A HP 5130-24G-PoE+-4SFP+ EI Swch JG937A HP 5130-48G-PoE+-4SFP+ EI Swch JG975A HP 5130-24G-4SFP+ EI BR Switch JG976A HP 5130-48G-4SFP+ EI BR Switch JG977A HP 5130-24G-PoE+-4SFP+ EI BR Swch JG978A HP 5130-48G-PoE+-4SFP+ EI BR Swch

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

5120 EI Switch Series R2221P08 JE066A HP 5120-24G EI Switch JE067A HP 5120-48G EI Switch JE068A HP 5120-24G EI Switch with 2 Slots JE069A HP 5120-48G EI Switch with 2 Slots JE070A HP 5120-24G-PoE EI Switch with 2 Slots JE071A HP 5120-48G-PoE EI Switch with 2 Slots JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ) H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS) H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR) H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT) H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU) H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)

CVE-2014-3566 CVE-2014-3568

5120 SI switch Series R1513P95 JE072A HP 5120-48G SI Switch JE073A HP 5120-16G SI Switch JE074A HP 5120-24G SI Switch JG091A HP 5120-24G-PoE+ (370W) SI Switch JG092A HP 5120-24G-PoE+ (170W) SI Switch H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W) H3C S5120-20P-SI L2 16GE Plus 4SFP (0235A42B) H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D) H3C S5120-28P-HPWR-SI (0235A0E5) H3C S5120-28P-PWR-SI (0235A0E3)

CVE-2014-3566 CVE-2014-3568

4800 G Switch Series R2221P08 JD007A HP 4800-24G Switch JD008A HP 4800-24G-PoE Switch JD009A HP 4800-24G-SFP Switch JD010A HP 4800-48G Switch JD011A HP 4800-48G-PoE Switch

3Com Switch 4800G 24-Port (3CRS48G-24-91) 3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91) 3Com Switch 4800G 48-Port (3CRS48G-48-91) 3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91) 3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91) CVE-2014-3566 CVE-2014-3568

4510G Switch Series R2221P08 JF428A HP 4510-48G Switch JF847A HP 4510-24G Switch

3Com Switch 4510G 48 Port (3CRS45G-48-91) 3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91) 3Com Switch E4510-24G (3CRS45G-24-91) CVE-2014-3566 CVE-2014-3568

4210G Switch Series R2221P08 JF844A HP 4210-24G Switch JF845A HP 4210-48G Switch JF846A HP 4210-24G-PoE Switch

3Com Switch 4210-24G (3CRS42G-24-91) 3Com Switch 4210-48G (3CRS42G-48-91) 3Com Switch E4210-24G-PoE (3CRS42G-24P-91) CVE-2014-3566 CVE-2014-3568

3610 Switch Series R5319P10 JD335A HP 3610-48 Switch JD336A HP 3610-24-4G-SFP Switch JD337A HP 3610-24-2G-2G-SFP Switch JD338A HP 3610-24-SFP Switch H3C S3610-52P - model LS-3610-52P-OVS (0235A22C) H3C S3610-28P - model LS-3610-28P-OVS (0235A22D) H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E) H3C S3610-28F - model LS-3610-28F-OVS (0235A22F)

CVE-2014-3566 CVE-2014-3568

3600 V2 Switch Series R2110P03 JG299A HP 3600-24 v2 EI Switch JG300A HP 3600-48 v2 EI Switch JG301A HP 3600-24-PoE+ v2 EI Switch JG301B HP 3600-24-PoE+ v2 EI Switch JG302A HP 3600-48-PoE+ v2 EI Switch JG302B HP 3600-48-PoE+ v2 EI Switch JG303A HP 3600-24-SFP v2 EI Switch JG304A HP 3600-24 v2 SI Switch JG305A HP 3600-48 v2 SI Switch JG306A HP 3600-24-PoE+ v2 SI Switch JG306B HP 3600-24-PoE+ v2 SI Switch JG307A HP 3600-48-PoE+ v2 SI Switch JG307B HP 3600-48-PoE+ v2 SI Switch

CVE-2014-3566 CVE-2014-3568

3100V2 R5203P11 JD313B HP 3100-24-PoE v2 EI Switch JD318B HP 3100-8 v2 EI Switch JD319B HP 3100-16 v2 EI Switch JD320B HP 3100-24 v2 EI Switch JG221A HP 3100-8 v2 SI Switch JG222A HP 3100-16 v2 SI Switch JG223A HP 3100-24 v2 SI Switch

CVE-2014-3566 CVE-2014-3568

3100V2-48 R2110P03 JG315A HP 3100-48 v2 Switch

CVE-2014-3566 CVE-2014-3568

1920 R1105 JG920A HP 1920-8G Switch JG921A HP 1920-8G-PoE+ (65W) Switch JG922A HP 1920-8G-PoE+ (180W) Switch JG923A HP 1920-16G Switch JG924A HP 1920-24G Switch JG925A HP 1920-24G-PoE+ (180W) Switch JG926A HP 1920-24G-PoE+ (370W) Switch JG927A HP 1920-48G Switch

CVE-2014-3566 CVE-2014-3568

1910 R11XX R1107 JG536A HP 1910-8 Switch JG537A HP 1910-8 -PoE+ Switch JG538A HP 1910-24 Switch JG539A HP 1910-24-PoE+ Switch JG540A HP 1910-48 Switch

CVE-2014-3566 CVE-2014-3568

1910 R15XX R1513P95 JE005A HP 1910-16G Switch JE006A HP 1910-24G Switch JE007A HP 1910-24G-PoE (365W) Switch JE008A HP 1910-24G-PoE(170W) Switch JE009A HP 1910-48G Switch JG348A HP 1910-8G Switch JG349A HP 1910-8G-PoE+ (65W) Switch JG350A HP 1910-8G-PoE+ (180W) Switch

CVE-2014-3566 CVE-2014-3568

1620 R1104 JG912A HP 1620-8G Switch JG913A HP 1620-24G Switch JG914A HP 1620-48G Switch

CVE-2014-3566 CVE-2014-3568

MSR20-1X R2513P33 JD431A HP MSR20-10 Router JD667A HP MSR20-15 IW Multi-Service Router JD668A HP MSR20-13 Multi-Service Router JD669A HP MSR20-13 W Multi-Service Router JD670A HP MSR20-15 A Multi-Service Router JD671A HP MSR20-15 AW Multi-Service Router JD672A HP MSR20-15 I Multi-Service Router JD673A HP MSR20-11 Multi-Service Router JD674A HP MSR20-12 Multi-Service Router JD675A HP MSR20-12 W Multi-Service Router JD676A HP MSR20-12 T1 Multi-Service Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router JG209A HP MSR20-12-T-W Router (NA) JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) H3C MSR 20-10 (0235A0A7) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-11 (0235A31V) H3C MSR 20-12 (0235A32E) H3C MSR 20-12 T1 (0235A32B) H3C MSR 20-13 (0235A31W) H3C MSR 20-13 W (0235A31X) H3C MSR 20-15 A (0235A31Q) H3C MSR 20-15 A W (0235A31R) H3C MSR 20-15 I (0235A31N) H3C MSR 20-15 IW (0235A31P) H3C MSR20-12 W (0235A32G)

CVE-2014-3566 CVE-2014-3568

MSR30 R2513P33 JD654A HP MSR30-60 POE Multi-Service Router JD657A HP MSR30-40 Multi-Service Router JD658A HP MSR30-60 Multi-Service Router JD660A HP MSR30-20 POE Multi-Service Router JD661A HP MSR30-40 POE Multi-Service Router JD666A HP MSR30-20 Multi-Service Router JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF232A HP RT-MSR3040-AC-OVS-AS-H3 JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S) H3C MSR 30-20 (0235A19L) H3C MSR 30-20 POE (0235A239) H3C MSR 30-40 (0235A20J) H3C MSR 30-40 POE (0235A25R) H3C MSR 30-60 (0235A20K) H3C MSR 30-60 POE (0235A25S) H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)

CVE-2014-3566 CVE-2014-3568

MSR30-16 R2513P33 JD659A HP MSR30-16 POE Multi-Service Router JD665A HP MSR30-16 Multi-Service Router JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) H3C MSR 30-16 (0235A237) H3C MSR 30-16 POE (0235A238)

CVE-2014-3566 CVE-2014-3568

MSR30-1X R2513P33 JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) H3C RT-MSR3011-AC-OVS-H3 (0235A29L)

CVE-2014-3566 CVE-2014-3568

MSR50 R2513P33 JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR5040-DC-OVS-H3C (0235A20P) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L)

CVE-2014-3566 CVE-2014-3568

MSR50-G2 R2513P33 JD429A HP MSR50 G2 Processor Module JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q) H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD(0231A0KL)

CVE-2014-3566 CVE-2014-3568

MSR20 Russian version MSR201X_5.20.R2513L40.RU JD663B HP MSR20-21 Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326)

CVE-2014-3566 CVE-2014-3568

MSR20-1X Russian version MSR201X_5.20.R2513L40.RU JD431A HP MSR20-10 Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)

CVE-2014-3566 CVE-2014-3568

MSR30 Russian version MSR201X_5.20.R2513L40.RU JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)

CVE-2014-3566 CVE-2014-3568

MSR30-16 Russian version MSR201X_5.20.R2513L40.RU JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)

CVE-2014-3566 CVE-2014-3568

MSR30-1X Russian version MSR201X_5.20.R2513L40.RU JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L) H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)

CVE-2014-3566 CVE-2014-3568

MSR50 Russian version MSR201X_5.20.R2513L40.RU JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR 50 Processor Module (0231A791) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR5040-DC-OVS-H3C (0235A20P)

CVE-2014-3566 CVE-2014-3568

MSR50 G2 Russian version MSR201X_5.20.R2513L40.RU JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL)

CVE-2014-3566 CVE-2014-3568

MSR9XX R2513P33 JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr JG207A HP MSR900-W Router (NA) JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)

CVE-2014-3566 CVE-2014-3568

MSR93X R2513P33 JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router

CVE-2014-3566 CVE-2014-3568

MSR1000 R2513P33 JG732A HP MSR1003-8 AC Router

CVE-2014-3566 CVE-2014-3568

MSR1000 Russian version R2513L40.RU JG732A HP MSR1003-8 AC Router

CVE-2014-3566 CVE-2014-3568

MSR2000 R0106P18 JG411A HP MSR2003 AC Router

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

MSR3000 R0106P18 JG404A HP MSR3064 Router JG405A HP MSR3044 Router JG406A HP MSR3024 AC Router JG409A HP MSR3012 AC Router JG861A HP MSR3024 TAA-compliant AC Router

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

MSR4000 R0106P18 JG402A HP MSR4080 Router Chassis JG403A HP MSR4060 Router Chassis JG412A HP MSR4000 MPU-100 Main Processing Unit

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

F5000 F3210P22 JG216A HP F5000 Firewall Standalone Chassis JD259A HP A5000-A5 VPN Firewall Chassis H3C SecPath F5000-A5 Host System (0150A0AG)

CVE-2014-3566 CVE-2014-3568

F5000-C R3811P03 JG650A HP F5000-C VPN Firewall Appliance

CVE-2014-3566 CVE-2014-3568

F5000-S R3811P03 JG370A HP F5000-S VPN Firewall Appliance

CVE-2014-3566 CVE-2014-3568

U200S and CS F5123P30 JD268A HP 200-CS UTM Appliance JD273A HP U200-S UTM Appliance H3C SecPath U200-S (0235A36N)

CVE-2014-3566 CVE-2014-3568

U200A and M F5123P30 JD274A HP 200-M UTM Appliance JD275A HP U200-A UTM Appliance H3C SecPath U200-A (0235A36Q)

CVE-2014-3566 CVE-2014-3568

SecBlade III R3820P03 JG371A HP 12500 20Gbps VPN Firewall Module JG372A HP 10500/11900/7500 20Gbps VPN FW Mod

CVE-2014-3566 CVE-2014-3568

SecBlade FW R3181P05 JC635A HP 12500 VPN Firewall Module JD245A HP 9500 VPN Firewall Module JD249A HP 10500/7500 Advanced VPN Firewall Mod JD250A HP 6600 Firewall Processing Rtr Module JD251A HP 8800 Firewall Processing Module JD255A HP 5820 VPN Firewall Module H3C S9500E SecBlade VPN Firewall Module (0231A0AV) H3C S7500E SecBlade VPN Firewall Module (0231A832) H3C SR66 Gigabit Firewall Module (0231A88A) H3C SR88 Firewall Processing Module (0231A88L) H3C S5820 SecBlade VPN Firewall Module (0231A94J)

CVE-2014-3566 CVE-2014-3568

F1000-E R3181P05 JD272A HP F1000-E VPN Firewall Appliance

CVE-2014-3566 CVE-2014-3568

F1000-A R3734P06 JG214A HP F1000-A-EI VPN Firewall Appliance

CVE-2014-3566 CVE-2014-3568

F1000-S R3734P06 JG213A HP F1000-S-EI VPN Firewall Appliance

CVE-2014-3566 CVE-2014-3568

SecBlade SSL VPN Fix in Progress Use Mitigation JD253A HP 10500/7500 SSL VPN Mod w 500-user Lic

CVE-2014-3566 CVE-2014-3568

VSR1000 R0204P01 JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software JG811AAE HP VSR1001 Comware 7 Virtual Services Router JG812AAE HP VSR1004 Comware 7 Virtual Services Router JG813AAE HP VSR1008 Comware 7 Virtual Services Router

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

WX5002/5004 R2507P34 JD441A HP 5800 ACM for 64-256 APs JD447B HP WX5002 Access Controller JD448A HP A-WX5004 Access Controller JD448B HP WX5004 Access Controller JD469A HP A-WX5004 (3Com) Access Controller JG261A HP 5800 Access Controller OAA TAA Mod

CVE-2014-3566 CVE-2014-3568

HP 850/870 R2607P34 JG723A HP 870 Unified Wired-WLAN Appliance JG725A HP 870 Unifd Wrd-WLAN TAA Applnc JG722A HP 850 Unified Wired-WLAN Appliance JG724A HP 850 Unifd Wrd-WLAN TAA Applnc

CVE-2014-3566 CVE-2014-3568

HP 830 R3507P34 JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch

CVE-2014-3566 CVE-2014-3568

HP 6000 R2507P34 JG639A HP 10500/7500 20G Unified Wired-WLAN Mod JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod

CVE-2014-3566 CVE-2014-3568

VCX Fix in Progress Use Mitigation J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr JC517A HP VCX V7205 Platform w/DL 360 G6 Server JE355A HP VCX V6000 Branch Platform 9.0 JC516A HP VCX V7005 Platform w/DL 120 G6 Server JC518A HP VCX Connect 200 Primry 120 G6 Server J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr JE341A HP VCX Connect 100 Secondary JE252A HP VCX Connect Primary MIM Module JE253A HP VCX Connect Secondary MIM Module JE254A HP VCX Branch MIM Module JE355A HP VCX V6000 Branch Platform 9.0 JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod JD023A HP MSR30-40 Router with VCX MIM Module JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS JE340A HP VCX Connect 100 Pri Server 9.0 JE342A HP VCX Connect 100 Sec Server 9.0

CVE-2014-3566 CVE-2014-3568

iMC PLAT iMC PLAT v7.1 E0303P06 JD125A HP IMC Std S/W Platform w/100-node JD126A HP IMC Ent S/W Platform w/100-node JD808A HP IMC Ent Platform w/100-node License JD815A HP IMC Std Platform w/100-node License JF377A HP IMC Std S/W Platform w/100-node Lic JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU JF378A HP IMC Ent S/W Platform w/200-node Lic JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU JG546AAE HP IMC Basic SW Platform w/50-node E-LTU JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU JG659AAE HP IMC Smart Connect VAE E-LTU JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU

CVE-2014-3566

iMC UAM iMC UAM v7.1 E0302P07 JD144A HP IMC UAM S/W Module w/200-User License JF388A HP IMC UAM S/W Module w/200-user License JF388AAE HP IMC UAM S/W Module w/200-user E-LTU JG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU

CVE-2014-3513 CVE-2014-3566 CVE-2014-3567

iMC WSM Fix in Progress Use Mitigation JD456A HP WSM Plug-in for IMC Includes 50 Aps JF414A HP IMC WSM S/W Module with 50-AP License JF414AAE HP IMC WSM S/W Module with 50-AP E-LTU JG551AAE HP PMM to IMC WSM Upgr w/250 AP E-LTU JG769AAE HP PMM to IMC WSM Upg w/ 250-node E-LTU

CVE-2014-3513 CVE-2014-3566 CVE-2014-3567

A Fixes in progress use mitigations J9565A HP 2615-8-PoE Switch J9562A HP 2915-8G-PoE Switch

E Fixes in progress use mitigations J4850A HP ProCurve Switch 5304xl J8166A HP ProCurve Switch 5304xl-32G J4819A HP ProCurve Switch 5308xl J8167A HP ProCurve Switch 5308xl-48G J4849A HP ProCurve Switch 5348xl J4849B HP ProCurve Switch 5348xl J4848A HP ProCurve Switch 5372xl J4848B HP ProCurve Switch 5372xl

F Fixes in progress use mitigations J4812A HP ProCurve 2512 Switch J4813A HP ProCurve 2524 Switch J4817A HP ProCurve 2312 Switch J4818A HP ProCurve 2324 Switch

H.07 Fixes in progress use mitigations J4902A HP ProCurve 6108 Switch

H.10 Fixes in progress use mitigations J8762A HP E2600-8-PoE Switch J4900A HP PROCURVE SWITCH 2626 J4900B HP ProCurve Switch 2626 J4900C ProCurve Switch 2626 J4899A HP ProCurve Switch 2650 J4899B HP ProCurve Switch 2650 J4899C ProCurve Switch 2650 J8164A ProCurve Switch 2626-PWR J8165A HP ProCurve Switch 2650-PWR

i.10 Fixes in progress use mitigations J4903A ProCurve Switch 2824 J4904A HP ProCurve Switch 2848

J Fixes in progress use mitigations J9299A HP 2520-24G-PoE Switch J9298A HP 2520-8G-PoE Switch

K Fixes in progress use mitigations J8692A HP 3500-24G-PoE yl Switch J8693A HP 3500-48G-PoE yl Switch J9310A HP 3500-24G-PoE+ yl Switch J9311A HP 3500-48G-PoE+ yl Switch J9470A HP 3500-24 Switch J9471A HP 3500-24-PoE Switch J9472A HP 3500-48 Switch J9473A HP 3500-48-PoE Switch J8697A HP E5406 zl Switch Chassis J8699A HP 5406-48G zl Switch J9447A HP 5406-44G-PoE+-4SFP zl Switch J9533A HP 5406-44G-PoE+-2XG v2 zl Swch w Pm SW J9539A HP 5406-44G-PoE+-4G v2 zl Swch w Prm SW J9642A HP 5406 zl Switch with Premium Software J9866A HP 5406 8p10GT 8p10GE Swch and Psw J8698A HP E5412 zl Switch Chassis J8700A HP 5412-96G zl Switch J9448A HP 5412-92G-PoE+-4SFP zl Switch J9532A HP 5412-92G-PoE+-2XG v2 zl Swch w Pm SW J9540A HP 5412-92G-PoE+-4G v2 zl Swch w Prm SW J9643A HP 5412 zl Switch with Premium Software J8992A HP 6200-24G-mGBIC yl Switch J9263A HP E6600-24G Switch J9264A HP 6600-24G-4XG Switch J9265A HP 6600-24XG Switch J9451A HP E6600-48G Switch J9452A HP 6600-48G-4XG Switch J9475A HP E8206 zl Switch Base System J9638A HP 8206-44G-PoE+-2XG v2 zl Swch w Pm SW J9640A HP 8206 zl Switch w/Premium Software J8715A ProCurve Switch 8212zl Base System J8715B HP E8212 zl Switch Base System J9091A ProCurve Switch 8212zl Chassis&Fan Tray J9639A HP 8212-92G-PoE+-2XG v2 zl Swch w Pm SW J9641A HP 8212 zl Switch with Premium SW

KA Fixes in progress use mitigations J9573A HP 3800-24G-PoE+-2SFP+ Switch J9574A HP 3800-48G-PoE+-4SFP+ Switch J9575A HP 3800-24G-2SFP+ Switch J9576A HP 3800-48G-4SFP+ Switch J9584A HP 3800-24SFP-2SFP+ Switch J9585A HP 3800-24G-2XG Switch J9586A HP 3800-48G-4XG Switch J9587A HP 3800-24G-PoE+-2XG Switch J9588A HP 3800-48G-PoE+-4XG Switch

KB Fixes in progress use mitigations J9821A HP 5406R zl2 Switch J9822A HP 5412R zl2 Switch J9823A HP 5406R-Gig-T-PoE+/SFP+ v2 zl2 Swch J9824A HP 5406R-Gig-T-PoE+/SFP v2 zl2 Swch J9825A HP 5412R-Gig-T-PoE+/SFP+ v2 zl2 Swch J9826A HP 5412R-Gig-T-PoE+/SFP v2 zl2 Swch J9850A HP 5406R zl2 Switch J9851A HP 5412R zl2 Switch J9868A HP 5406R-8XGT/8SFP+ v2 zl2 Swch

L Fixes in progress use mitigations J8772B HP 4202-72 Vl Switch J8770A HP 4204 Vl Switch Chassis J9064A HP 4204-44G-4SFP Vl Switch J8773A HP 4208 Vl Switch Chassis J9030A HP 4208-68G-4SFP Vl Switch J8775B HP 4208-96 Vl Switch J8771A ProCurve Switch 4202VL-48G J8772A ProCurve Switch 4202VL-72 J8774A ProCurve Switch 4208VL-64G J8775A ProCurve Switch 4208VL-96

M.08 Fixes in progress use mitigations J8433A HP 6400-6XG cl Switch J8474A HP 6410-6XG cl Switch

M.10 Fixes in progress use mitigations J4906A HP E3400-48G cl Switch J4905A HP ProCurve Switch 3400cl-24G

N Fixes in progress use mitigations J9021A HP 2810-24G Switch J9022A HP 2810-48G Switch

PA Fixes in progress use mitigations J9029A ProCurve Switch 1800-8G

PB Fixes in progress use mitigations J9028A ProCurve Switch 1800-24G J9028B ProCurve Switch 1800-24G

Q Fixes in progress use mitigations J9019B HP 2510-24 Switch J9019A ProCurve Switch 2510-24

R Fixes in progress use mitigations J9085A HP 2610-24 Switch J9087A HP 2610-24-PoE Switch J9086A HP 2610-24-PPoE Switch J9088A HP 2610-48 Switch J9089A HP 2610-48-PoE Switch

RA Fixes in progress use mitigations J9623A HP 2620-24 Switch J9624A HP 2620-24-PPoE+ Switch J9625A HP 2620-24-PoE+ Switch J9626A HP 2620-48 Switch J9627A HP 2620-48-PoE+ Switch

S Fixes in progress use mitigations J9138A HP 2520-24-PoE Switch J9137A HP 2520-8-PoE Switch

T Fixes in progress use mitigations J9049A ProCurve Switch 2900- 24G J9050A ProCurve Switch 2900 48G

U Fixes in progress use mitigations J9020A HP 2510-48 Switch

VA Fixes in progress use mitigations J9079A HP 1700-8 Switch

VB Fixes in progress use mitigations J9080A HP 1700-24 Switch

W Fixes in progress use mitigations J9145A HP 2910-24G al Switch J9146A HP 2910-24G-PoE+ al Switch J9147A HP 2910-48G al Switch J9148A HP 2910-48G-PoE+ al Switch

WB Fixes in progress use mitigations J9726A HP 2920-24G Switch J9727A HP 2920-24G-POE+ Switch J9728A HP 2920-48G Switch J9729A HP 2920-48G-POE+ Switch J9836A HP 2920-48G-POE+ 740W Switch

Y Fixes in progress use mitigations J9279A HP 2510-24G Switch J9280A HP 2510-48G Switch

YA Fixes in progress use mitigations J9772A HP 2530-48G-PoE+ Switch J9773A HP 2530-24G-PoE+ Switch J9774A HP 2530-8G-PoE+ Switch J9775A HP 2530-48G Switch J9776A HP 2530-24G Switch J9777A HP 2530-8G Switch J9778A HP 2530-48-PoE+ Switch J9781A HP 2530-48 Switch J9853A HP 2530-48G-PoE+-2SFP+ Switch J9854A HP 2530-24G-PoE+-2SFP+ Switch J9855A HP 2530-48G-2SFP+ Switch J9856A HP 2530-24G-2SFP+ Switch

YB Fixes in progress use mitigations J9779A HP 2530-24-PoE+ Switch J9780A HP 2530-8-PoE+ Switch J9782A HP 2530-24 Switch J9783A HP 2530-8 Switch

MSM 6.5 6.5.1.0 J9420A HP MSM760 Premium Mobility Controller J9421A HP MSM760 Access Controller J9370A HP MSM765 Zl Premium Mobility Controller J9693A HP MSM720 Access Controller (WW) J9694A HP MSM720 Premium Mobility Cntlr (WW) J9695A HP MSM720 TAA Access Controller J9696A HP MSM720 TAA Premium Mobility Cntlr J9840A HP MSM775 zl Premium Controller Module J9845A HP 560 Wireless 802.11ac (AM) AP J9846A HP 560 Wireless 802.11ac (WW) AP J9847A HP 560 Wireless 802.11ac (JP) AP J9848A HP 560 Wireless 802.11ac (IL) AP J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL) J9426A HP E-MSM410 Access Point (US) J9426B HP MSM410 Access Point (US) J9427A HP E-MSM410 Access Point (WW) J9427B HP MSM410 Access Point (WW) J9427C HP MSM410 Access Point (WW) J9529A HP E-MSM410 Access Point (JP) J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)

MSM 6.4 6.4.2.1 J9840A HP MSM775 zl Premium Controller Module J9370A HP MSM765 Zl Premium Mobility Controller J9420A HP MSM760 Premium Mobility Controller J9421A HP MSM760 Access Controller J9693A HP MSM720 Access Controller (WW) J9694A HP MSM720 Premium Mobility Cntlr (WW) J9695A HP MSM720 TAA Access Controller J9696A HP MSM720 TAA Premium Mobility Cntlr J9426A HP E-MSM410 Access Point (US) J9426B HP MSM410 Access Point (US) J9427A HP E-MSM410 Access Point (WW) J9427B HP MSM410 Access Point (WW) J9427C HP MSM410 Access Point (WW) J9529A HP E-MSM410 Access Point (JP) J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL) J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL)

MSM 6.3 6.3.1.0 J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL) J9356A HP E-MSM335 Access Point (US) J9356B HP MSM335 Access Point (US) J9357A HP E-MSM335 Access Point (WW) J9357B HP MSM335 Access Point (WW) J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL) J9360A HP E-MSM320 Access Point (US) J9360B HP MSM320 Access Point (US) J9364A HP E-MSM320 Access Point (WW) J9364B HP MSM320 Access Point (WW) J9365A HP MSM320-R Access Point (US) J9365B HP MSM320-R Access Point (US) J9368A HP E-MSM320-R Access Point (WW) J9368B HP MSM320-R Access Point (WW) J9373A HP E-MSM325 Access Point (WW) J9373B HP MSM325 Access Point (WW) J9374A HP E-MSM310 Access Point (US) J9374B HP MSM310 Access Point (US) J9379A HP MSM310 Access Point (WW) J9379B HP MSM310 Access Point (WW) J9380A HP E-MSM310-R Access Point (US) J9380B HP MSM310-R Access Point (US) J9383A HP E-MSM310-R Access Point (WW) J9383B HP MSM310-R Access Point (WW) J9524A HP E-MSM310 Access Point (JP) J9524B HP MSM310 Access Point (JP) J9527A HP E-MSM320 Access Point (JP) J9527B HP MSM320 Access Point (JP) J9528A HP E-MSM320-R Access Point (JP) J9528B HP MSM320-R Access Point (JP)

MSM 6.2 6.2.1.2 J9370A HP MSM765 Zl Premium Mobility Controller J9356A HP E-MSM335 Access Point (US) J9356B HP MSM335 Access Point (US) J9357A HP E-MSM335 Access Point (WW) J9357B HP MSM335 Access Point (WW) J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL) J9420A HP MSM760 Premium Mobility Controller J9421A HP MSM760 Access Controller J9840A HP MSM775 zl Premium Controller Module J9360A HP E-MSM320 Access Point (US) J9360B HP MSM320 Access Point (US) J9364A HP E-MSM320 Access Point (WW) J9364B HP MSM320 Access Point (WW) J9365A HP MSM320-R Access Point (US) J9365B HP MSM320-R Access Point (US) J9368A HP E-MSM320-R Access Point (WW) J9368B HP MSM320-R Access Point (WW) J9373A HP E-MSM325 Access Point (WW) J9373B HP MSM325 Access Point (WW) J9374A HP E-MSM310 Access Point (US) J9374B HP MSM310 Access Point (US) J9379A HP MSM310 Access Point (WW) J9379B HP MSM310 Access Point (WW) J9380A HP E-MSM310-R Access Point (US) J9380B HP MSM310-R Access Point (US) J9383A HP E-MSM310-R Access Point (WW) J9383B HP MSM310-R Access Point (WW) J9524A HP E-MSM310 Access Point (JP) J9524B HP MSM310 Access Point (JP) J9527A HP E-MSM320 Access Point (JP) J9527B HP MSM320 Access Point (JP) J9528A HP E-MSM320-R Access Point (JP) J9528B HP MSM320-R Access Point (JP) J9426A HP E-MSM410 Access Point (US) J9426B HP MSM410 Access Point (US) J9427A HP E-MSM410 Access Point (WW) J9427B HP MSM410 Access Point (WW) J9427C HP MSM410 Access Point (WW) J9529A HP E-MSM410 Access Point (JP) J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL) J9693A HP MSM720 Access Controller (WW) J9694A HP MSM720 Premium Mobility Cntlr (WW) J9695A HP MSM720 TAA Access Controller J9696A HP MSM720 TAA Premium Mobility Cntlr

M220 Fixes in progress use mitigations J9798A HP M220 802.11n (AM) Access Point J9799A HP M220 802.11n (WW) Access Point

M210 Fixes in progress use mitigations JL023A HP M210 802.11n (AM) Access Point JL024A HP M210 802.11n (WW) Access Point

PS110 Fixes in progress use mitigations JL065A HP PS110 Wireless 802.11n VPN AM Router JL066A HP PS110 Wireless 802.11n VPN WW Router

HP Office Connect 1810 PK Fixes in progress use mitigations J9660A HP 1810-48G Switch

HP Office Connect 1810 P Fixes in progress use mitigations J9450A HP 1810-24G Switch J9449A HP 1810-8G Switch

HP Office Connect 1810 PL Fixes in progress use mitigations J9802A HP 1810-8G v2 Switch J9803A HP 1810-24G v2 Switch

RF Manager Fixes in progress use mitigations J9522A HP E-MSM415 RF Security Sensor J9521A HP RF Manager Controller with 50 Sensor License J9838AAE HP RF Manager for VMware 50 Sensor E-LTU

HP Office Connect 1810 PM Fixes in progress use mitigations J9800A HP 1810-8 v2 Switch J9801A HP 1810-24 v2 Switch

HP Office Connect PS1810 Fixes in progress use mitigations J9833A HP PS1810-8G Switch J9834A HP PS1810-24G Switch

Mitigation Instructions

For SSLv3 Server Functionality on Impacted Products:

Disable SSLv3 on clients and/or disable CBC ciphers on clients Use Access Control functionality to control client access

For SSLv3 Client Functionality on Impacted Products:

Go to SSL server and disable SSLv3 and/or disable CBC ciphers Use Access Control functionality to control access to servers

HISTORY Version:1 (rev.1) - 2 April 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. The HP Matrix Operating Environment v7.2.3 Update kit applicable to HP Matrix Operating Environment 7.2.x installations is available at the following location:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPID

NOTE: Please read the readme.txt file before proceeding with the installation. HP BladeSystem c-Class Onboard Administrator (OA) 4.30 and earlier.

Go to http://www.hp.com/go/oa

Select "Onboard Administrator Firmware" Select product name as ""HP BLc3000 Onboard Administrator Option" or "HP BLc7000 Onboard Administrator Option" Select the operating system from the list of choices Select Firmware version 4.40 for download Refer to the HP BladeSystem Onboard Administrator User Guide for steps to update the Onboard Administrator firmware. ============================================================================ Ubuntu Security Notice USN-2385-1 October 16, 2014

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.7

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.20

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.22

After a standard system update you need to reboot your computer to make all the necessary changes

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201410-1144",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "flex system chassis management module",
        "scope": null,
        "trust": 3.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flex system chassis management module",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "ibm",
        "version": "1.50.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "flex system chassis management module 1.1.1",
        "scope": null,
        "trust": 1.2,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zb"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "bladecenter advanced management module 3.66n",
        "scope": "ne",
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter advanced management module 3.66k",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flex system chassis management module 1.50.0",
        "scope": null,
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "global console manager",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.26.1.23978"
      },
      {
        "model": "global console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.4.2.15036"
      },
      {
        "model": "global console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.20.20.23447"
      },
      {
        "model": "flex system chassis management module",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.50.0"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "local console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.39.0"
      },
      {
        "model": "local console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.27.00"
      },
      {
        "model": "local console manager",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.40.00"
      },
      {
        "model": "flex system chassis management module 1.40.1",
        "scope": null,
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet23g-2.06",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "rational software architect realtime edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "bladecenter advanced management module 25r5778",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "q",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1948"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.11"
      },
      {
        "model": "k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.21"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.0"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.5"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2.3"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "flex system chassis management module 1.20.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "connect:enterprise secure client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloudsystem enterprise software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.2"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "wb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "n",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "policycenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "m210",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "vsr1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.2"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "flex system ib6131 40gb infiniband switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.40"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.2"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "119000"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.2"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "10.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11150-11"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet21c-2.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "norman shark scada protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2.3"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "megaraid storage manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "15.03.01.00"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.0.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.23"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.1"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.22"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70000"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "r2122",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7900"
      },
      {
        "model": "flex system chassis management module 1.40.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.1"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "netcool/system service monitor fp1 p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0-"
      },
      {
        "model": "flex system en6131 40gb ethernet switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "flex system ib6131 40gb infiniband switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4.1110"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "policycenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2.10"
      },
      {
        "model": "netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.10"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "office connect ps1810",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aura communication manager ssp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "ex series network switches for ibm products pre 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.0"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.0.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "m.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "connect:enterprise command line client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79000"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "aspera proxy",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.4"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "aspera mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "cloudsystem foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "h.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.20"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "aspera drive",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.9"
      },
      {
        "model": "content analysis system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.53"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.4"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "flex system chassis management module 1.20.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security analytics platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6.10"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "norman shark scada protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "12500(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v7)0"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "57000"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5.0"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5"
      },
      {
        "model": "r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.1"
      },
      {
        "model": "esxi esxi550-20150110",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "kb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.8.0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129000"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet24d-2.08",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.6"
      },
      {
        "model": "i.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.0"
      },
      {
        "model": "m.08",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.1"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.8"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.3"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11150-11"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-493"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.8"
      },
      {
        "model": "ssl visibility 3.8.2f",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "cloudsystem enterprise software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.6"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.6"
      },
      {
        "model": "rational software architect realtime edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0"
      },
      {
        "model": "director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1.16.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-109"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.4"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "vb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "connect:enterprise secure client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56001"
      },
      {
        "model": "ka",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "security analytics platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1.6"
      },
      {
        "model": "office connect pk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v5000-"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet21e-2.05",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aspera proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "norman shark network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "yb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aspera connect server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.1"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.1"
      },
      {
        "model": "flex system chassis management module 1.40.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet24b-2.07",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.5.03.00"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.41"
      },
      {
        "model": "aspera ondemand for google cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.21"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "aura utility services sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.5.2"
      },
      {
        "model": "aspera console",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.5.3"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.20"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.2"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.10"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.20"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.11"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "aspera faspex",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.9"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.40"
      },
      {
        "model": "msr2000 r0106p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "va",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.32"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aspera ondemand for softlayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.4"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "aspera ondemand for azure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5700"
      },
      {
        "model": "aspera shares",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.9"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "qradar risk manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.46.4.2.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "aspera connect server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "aspera client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.4"
      },
      {
        "model": "aspera outlook plugin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.4.2"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.01"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "system management homepage 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.0"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1.131"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.5"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.7"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56003"
      },
      {
        "model": "sterling connect:enterprise http option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.2"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "flex system chassis management module 1.20.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-108"
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.1"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "packetshaper",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2.10"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1.2"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cloudsystem foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3.2"
      },
      {
        "model": "ps110",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "aspera point to point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.33"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.0"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.7"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.1.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70000"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "imc uam e0302p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v7)0"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "qradar vulnerability manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.1.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "ra",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tuxedo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1.0"
      },
      {
        "model": "proxysg sgos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5.6.1"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "rf manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.9.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.6.0"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.1"
      },
      {
        "model": "h.07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-495"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2.2"
      },
      {
        "model": "office connect pm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "content analysis system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "ya",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "switch series r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5900"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "bladecenter t advanced management module 32r0835",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.26.2.1.2"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.30"
      },
      {
        "model": "cloudsystem enterprise software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.80"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "12500(comware r7328p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v7)"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.0.1"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "w",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.1.1"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.1.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.7.0"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "pb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet13a-2.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.56.5.1.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "flex system chassis management module 1.1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.10"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.4"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.7"
      },
      {
        "model": "xcode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "switch series r2111p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11900"
      },
      {
        "model": "imc uam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.5"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "packetshaper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "aspera orchestrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.10"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.0"
      },
      {
        "model": "sterling connect:enterprise http option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51300"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "y",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59200"
      },
      {
        "model": "u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.34"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "flex system chassis management module 2.5.3t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3500-"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "m220",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56002"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "flex system chassis management module 1.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "imc wsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aspera ondemand for amazon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.36.3.1.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3700-"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59000"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.5"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "msr2000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet17a-2.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.1"
      },
      {
        "model": "f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet24j-2.10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aspera enterprise server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "qradar risk manager mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "switch series r1005p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12900"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "office connect p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "aspera orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "norman shark network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2.3"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "oneview",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.20"
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.10"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet24g-2.09",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "manager for sle sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "111.7"
      },
      {
        "model": "studio onsite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.8"
      },
      {
        "model": "cloudsystem foundation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "office connect pl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "content analysis system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2.3.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "reporter\u0027s iso",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.4"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.05"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "systems insight manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vsr1000 r0204p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3"
      },
      {
        "model": "flex system en6131 40gb ethernet switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4.1110"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "switch series r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5920"
      },
      {
        "model": "aspera point to point",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "ei switch series r3108p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5130"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "70586"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zb",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "131306"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "128921"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2014-3567",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-3567",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3567",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201410-636",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3567",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. OpenSSL is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. \nOpenSSL prior to 0.9.8zc, 1.0.0o, and 1.0.1j are vulnerable. This could be\nexploited in a Denial Of Service attack. This issue affects OpenSSL\n1.0.1 server implementations for both SSL/TLS and DTLS regardless of\nwhether SRTP is used or configured. Implementations of OpenSSL that\nhave been compiled with OPENSSL_NO_SRTP defined are not affected. \n\nThis issue was reported to OpenSSL on 26th September 2014, based on an original\nissue and patch developed by the LibreSSL project. Further analysis of the issue\nwas performed by the OpenSSL team. \n\nThe fix was developed by the OpenSSL team. \n\nThis issue was reported to OpenSSL on 8th October 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nSSL 3.0 Fallback protection\n===========================\n\nSeverity: Medium\n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol\ndowngrade. \n\nSome client applications (such as browsers) will reconnect using a\ndowngraded protocol to work around interoperability bugs in older\nservers. This could be exploited by an active man-in-the-middle to\ndowngrade connections to SSL 3.0 even if both sides of the connection\nsupport higher protocols. SSL 3.0 contains a number of weaknesses\nincluding POODLE (CVE-2014-3566). \n\nhttps://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\nhttps://www.openssl.org/~bodo/ssl-poodle.pdf\n\nSupport for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller. \n\n\nBuild option no-ssl3 is incomplete (CVE-2014-3568)\n==================================================\n\nSeverity: Low\n\nWhen OpenSSL is configured with \"no-ssl3\" as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them. \n\nThis issue was reported to OpenSSL by Akamai Technologies on 14th October 2014. \n\nThe fix was developed by Akamai and the OpenSSL team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20141015.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2014:1692-01\nProduct:           Red Hat Storage\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-1692.html\nIssue date:        2014-10-22\nCVE Names:         CVE-2014-3513 CVE-2014-3567 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that contain a backported patch to mitigate the\nCVE-2014-3566 issue and fix two security issues are now available for Red\nHat Storage 2.1. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Storage Server 2.1 - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails. \n\nThis can prevent a forceful downgrade of the communication to SSL 3.0. \nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode. \nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication. \n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Storage Server 2.1:\n\nSource:\nopenssl-1.0.1e-30.el6_6.2.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3513\nhttps://access.redhat.com/security/cve/CVE-2014-3567\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/1232123\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUR/NUXlSAg2UNWIIRAlZHAJwPwsoiJDn5RhI6U8eFkIzxyQopkQCePynp\nRpfQCptdJIpd6WXO7pw1vVo=\n=T20t\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. This flaw allows a man-in-the-middle (MITM)\n    attacker to decrypt a selected byte of a cipher text in as few as 256\n    tries if they are able to force a victim application to repeatedly send\n    the same data over newly created SSL 3.0 connections. \n\n    This update adds support for Fallback SCSV to mitigate this issue. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-2 Xcode 7.0\n\nXcode 7.0 is now available and addresses the following:\n\nDevTools\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  An attacker may be able to bypass access restrictions\nDescription:  An API issue existed in the apache configuration. This\nissue was addressed by updating header files to use the latest\nversion. \nCVE-ID\nCVE-2015-3185 : Branko Aibej of the Apache Software Foundation\n\nIDE Xcode Server\nAvailable for:  OS X Yosemite 10.10 or later\nImpact:  An attacker may be able to access restricted parts of the\nfilesystem\nDescription:  A comparison issue existed in the node.js send module\nprior to version 0.8.4. This issue was addressed by upgrading to\nversion 0.12.3. \nCVE-ID\nCVE-2014-6394 : Ilya Kantor\n\nIDE Xcode Server\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  Multiple vulnerabilties in OpenSSL\nDescription:  Multiple vulnerabilties existed in the node.js OpenSSL\nmodule prior to version 1.0.1j. \nCVE-ID\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nIDE Xcode Server\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  An attacker with a privileged network position may be able\nto inspect traffic to Xcode Server\nDescription:  Connections to Xcode Server may have been made without\nencryption. This issue was addressed through improved network\nconnection logic. \nCVE-ID\nCVE-2015-5910 : an anonymous researcher\n\nIDE Xcode Server\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  Build notifications may be sent to unintended recipients\nDescription:  An access issue existed in the handling of repository\nemail lists. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of\nAnchorfree\n\nsubversion\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  Multiple vulnerabilities existed in svn versions prior to\n1.7.19\nDescription:  Multiple vulnerabilities existed in svn versions prior\nto 1.7.19. These issues were addressed by updating svn to version\n1.7.20. \nCVE-ID\nCVE-2015-0248\nCVE-2015-0251\n\n\nXcode 7.0 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"7.0\". \n\nRelease Date: 2014-10-28\nLast Updated: 2014-10-28\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized\naccess, man-in-the-middle (MitM) attack\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nOpenSSL. \n\nThis is the SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely to\nallow disclosure of information. \n\nReferences:\n\nCVE-2014-3566 Man-in-th-Middle (MitM) attack\nCVE-2014-3567 Remote Unauthorized Access\nCVE-2014-3568 Remote Denial of Service (DoS)\nSSRT101767\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8zc\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3566    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-3567    (AV:N/AC:M/Au:N/C:N/I:N/A:C)       7.1\nCVE-2014-3568    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to resolve these vulnerabilities. The\nupdates are available from the following ftp site. \n\nftp://ssl098zc:Secure12@ftp.usa.hp.com\n\nUser name: ssl098zc Password: (NOTE: Case sensitive) Secure12\n\nHP-UX Release\n HP-UX OpenSSL version\n\nB.11.11 (11i v1)\n A.00.09.08zc.001_HP-UX_B.11.11_32+64.depot\n\nB.11.23 (11i v2)\n A.00.09.08zc.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n A.00.09.08zc.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08zc or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zc.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zc.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zc.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 28 October 2014 Initial release\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2015:062\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : openssl\n Date    : March 27, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in openssl:\n \n Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows\n remote attackers to inject data across sessions or cause a denial of\n service (use-after-free and parsing error) via an SSL connection in\n a multithreaded environment (CVE-2010-5298). \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue\n became relevant after the CVE-2014-3568 fix (CVE-2014-3569). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599  mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f  mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b  mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a  mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784  mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1  mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. \nPlease refer to the RESOLUTION\n section below for a list of impacted products. \n\nNote: mitigation instructions are included below if the following software\nupdates cannot be applied. \n\nFamily\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n 3Com Branded Products Impacted\n CVE\n\n12900 Switch Series\n R1005P15\n JG619A HP FF 12910 Switch AC Chassis\nJG621A HP FF 12910 Main Processing Unit\nJG632A HP FF 12916 Switch AC Chassis\nJG634A HP FF 12916 Main Processing Unit\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n12500\n R1828P06\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJC808A HP 12500 TAA Main Processing Unit\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\nH3C 12508 DC Switch Chassis (0235A38L)\nH3C 12518 DC Switch Chassis (0235A38K)\n\n CVE-2014-3566\nCVE-2014-3568\n\n12500 (Comware v7)\n R7328P04\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJG497A HP 12500 MPU w/Comware V7 OS\nJG782A HP FF 12508E AC Switch Chassis\nJG783A HP FF 12508E DC Switch Chassis\nJG784A HP FF 12518E AC Switch Chassis\nJG785A HP FF 12518E DC Switch Chassis\nJG802A HP FF 12500E MPU\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\nH3C 12508 DC Switch Chassis (0235A38L)\nH3C 12518 DC Switch Chassis (0235A38K)\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n11900 Switch Series\n R2111P06\n JG608A HP FF 11908-V Switch Chassis\nJG609A HP FF 11900 Main Processing Unit\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n10500 Switch Series (Comware v5)\n R1208P10\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC614A HP 10500 Main Processing Unit\nJC748A HP 10512 Switch Chassis\nJG375A HP 10500 TAA Main Processing Unit\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\n\n CVE-2014-3566\nCVE-2014-3568\n\n10500 Switch Series (Comware v7)\n R2111P06\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC748A HP 10512 Switch Chassis\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\nJG496A HP 10500 Type A MPU w/Comware v7 OS\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n9500E\n R1828P06\n JC124A HP A9508 Switch Chassis\nJC124B HP 9505 Switch Chassis\nJC125A HP A9512 Switch Chassis\nJC125B HP 9512 Switch Chassis\nJC474A HP A9508-V Switch Chassis\nJC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6)\nH3C S9512E Routing-Switch Chassis (0235A0G7)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9505E Chassis w/ Fans (0235A38P)\nH3C S9512E Chassis w/ Fans (0235A38R)\n\n CVE-2014-3566\nCVE-2014-3568\n\n7900\n R2122\n JG682A HP FlexFabric 7904 Switch Chassis\nJH001A HP FF 7910 2.4Tbps Fabric / MPU\nJG842A HP FF 7910 7.2Tbps Fabric / MPU\nJG841A HP FF 7910 Switch Chassis\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n7500 Switch Series\n R6708P10\n JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T\nJC697A HP A7502 TAA Main Processing Unit\nJC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE\nJC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE\nJC700A HP A7500 384 Gbps TAA Fabric / MPU\nJC701A HP A7510 768 Gbps TAA Fabric / MPU\nJD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports\nJD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports\nJD194A HP 384 Gbps Fabric A7500 Module\nJD194B HP 7500 384Gbps Fabric Module\nJD195A HP 7500 384Gbps Advanced Fabric Module\nJD196A HP 7502 Fabric Module\nJD220A HP 7500 768Gbps Fabric Module\nJD238A HP A7510 Switch Chassis\nJD238B HP 7510 Switch Chassis\nJD239A HP A7506 Switch Chassis\nJD239B HP 7506 Switch Chassis\nJD240A HP A7503 Switch Chassis\nJD240B HP 7503 Switch Chassis\nJD241A HP A7506 Vertical Switch Chassis\nJD241B HP 7506-V Switch Chassis\nJD242A HP A7502 Switch Chassis\nJD242B HP 7502 Switch Chassis\nJD243A HP A7503 Switch Chassis w/1 Fabric Slot\nJD243B HP 7503-S Switch Chassis w/1 Fabric Slot\n H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4)\nH3C S7503E Ethernet Switch Chassis with Fan (0235A0G2)\nH3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5)\nH3C S7506E Ethernet Switch Chassis with Fan (0235A0G1)\nH3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3)\nH3C S7510E Ethernet Switch Chassis with Fan (0235A0G0)\nH3C S7502E Chassis w/ fans (0235A29A)\nH3C S7503E Chassis w/ fans (0235A27R)\nH3C S7503E-S Chassis w/ fans (0235A33R)\nH3C S7506E Chassis w/ fans (0235A27Q)\nH3C S7506E-V Chassis w/ fans (0235A27S)\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6800\n R3303P18\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6800 Russian Version\n R3303P18\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6602\n R3303P18\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\nJG777A HP HSR6602-XG TAA Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6602 Russian Version\n R3303P18\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\n CVE-2014-3566\nCVE-2014-3568\n\n6602\n R3303P18\n JC176A HP 6602 Router Chassis\n H3C SR6602 1U Router Host (0235A27D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n6602 Russian Version\n R3303P18\n JC176A HP 6602 Router Chassis\n H3C SR6602 1U Router Host (0235A27D)\n\n CVE-2014-3566\nCVE-2014-3568\n\nA6600\n R3303P18\n JC165A HP 6600 RPE-X1 Router Module\nJC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR66-RPE-X1-H3 (0231A761)\nH3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\nA6600 Russian Version\n R3303P18\n JC165A HP 6600 RPE-X1 Router Module\nJC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR66-RPE-X1-H3 (0231A761)\nH3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n6600 MCP\n R3303P18\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n6600 MCP Russian Version\n R3303P18\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\nJG778A HP 6600 MCP-X2 Router TAA MPU\n\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5920 Switch Series\n R2311P05\n JG296A HP 5920AF-24XG Switch\nJG555A HP 5920AF-24XG TAA Switch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5900 Switch Series\n R2311P05\n JC772A HP 5900AF-48XG-4QSFP+ Switch\nJG336A HP 5900AF-48XGT-4QSFP+ Switch\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch\nJG554A HP 5900AF-48XG-4QSFP+ TAA Switch\nJG838A HP FF 5900CP-48XG-4QSFP+ Switch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5830 Switch Series\n R1118P11\n JC691A HP A5830AF-48G Switch w/1 Interface Slot\nJC694A HP A5830AF-96G Switch\nJG316A HP 5830AF-48G TAA Switch w/1 Intf Slot\nJG374A HP 5830AF-96G TAA Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n5820 Switch Series\n R1809P03\n JC102A HP 5820-24XG-SFP+ Switch\nJC106A HP 5820-14XG-SFP+ Switch with 2 Slots\nJG219A HP 5820AF-24XG Switch\nJG243A HP 5820-24XG-SFP+ TAA-compliant Switch\nJG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots\n H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media\nmodules Plus OSM (0235A37L)\nH3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T\n(RJ45) (0235A370)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5800 Switch Series\n R1809P03\n JC099A HP 5800-24G-PoE Switch\nJC100A HP 5800-24G Switch\nJC101A HP 5800-48G Switch with 2 Slots\nJC103A HP 5800-24G-SFP Switch\nJC104A HP 5800-48G-PoE Switch\nJC105A HP 5800-48G Switch\nJG225A HP 5800AF-48G Switch\nJG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots\nJG254A HP 5800-24G-PoE+ TAA-compliant Switch\nJG255A HP 5800-24G TAA-compliant Switch\nJG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt\nJG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot\nJG258A HP 5800-48G TAA Switch w 1 Intf Slot\n H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot\n(0235A36U)\nH3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X\n(SFP Plus ) Plus 1 media module PoE (0235A36S)\nH3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus\nmedia module (no power) (0235A374)\nH3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus\n) Plus media module (0235A379)\nH3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module\n(0235A378)\nH3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM\n(0235A36W)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5700\n R2311P05\n JG894A HP FF 5700-48G-4XG-2QSFP+ Switch\nJG895A HP FF 5700-48G-4XG-2QSFP+ TAA Switch\nJG896A HP FF 5700-40XG-2QSFP+ Switch\nJG897A HP FF 5700-40XG-2QSFP+ TAA Switch\nJG898A HP FF 5700-32XGT-8XG-2QSFP+ Switch\nJG899A HP FF 5700-32XGT-8XG-2QSFP+ TAA Switch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5500 HI Switch Series\n R5501P06\n JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch\nJG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch\nJG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt\nJG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt\nJG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt\nJG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt\nJG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt\nJG681A HP 5500-24G-SFP HI TAA Swch w/2Slt\n\n CVE-2014-3566\nCVE-2014-3568\n\n5500 EI Switch Series\n R2221P08\n JD373A HP 5500-24G DC EI Switch\nJD374A HP 5500-24G-SFP EI Switch\nJD375A HP 5500-48G EI Switch\nJD376A HP 5500-48G-PoE EI Switch\nJD377A HP 5500-24G EI Switch\nJD378A HP 5500-24G-PoE EI Switch\nJD379A HP 5500-24G-SFP DC EI Switch\nJG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts\nJG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts\nJG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts\nJG250A HP 5500-24G EI TAA Switch w 2 Intf Slts\nJG251A HP 5500-48G EI TAA Switch w 2 Intf Slts\nJG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts\nJG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts\n H3C S5500-28C-EI Ethernet Switch (0235A253)\nH3C S5500-28F-EI Eth Switch AC Single (0235A24U)\nH3C S5500-52C-EI Ethernet Switch (0235A24X)\nH3C S5500-28C-EI-DC Ethernet Switch (0235A24S)\nH3C S5500-28C-PWR-EI Ethernet Switch (0235A255)\nH3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259)\nH3C S5500-52C-PWR-EI Ethernet Switch (0235A251)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5500 SI Switch Series\n R2221P08\n JD369A HP 5500-24G SI Switch\nJD370A HP 5500-48G SI Switch\nJD371A HP 5500-24G-PoE SI Switch\nJD372A HP 5500-48G-PoE SI Switch\nJG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts\nJG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts\n H3C S5500-28C-SI Ethernet Switch (0235A04U)\nH3C S5500-52C-SI Ethernet Switch (0235A04V)\nH3C S5500-28C-PWR-SI Ethernet Switch (0235A05H)\nH3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5130 EI switch Series\n R3108P03\n JG932A HP 5130-24G-4SFP+ EI Switch\nJG933A HP 5130-24G-SFP-4SFP+ EI Switch\nJG934A HP 5130-48G-4SFP+ EI Switch\nJG936A HP 5130-24G-PoE+-4SFP+ EI Swch\nJG937A HP 5130-48G-PoE+-4SFP+ EI Swch\nJG975A HP 5130-24G-4SFP+ EI BR Switch\nJG976A HP 5130-48G-4SFP+ EI BR Switch\nJG977A HP 5130-24G-PoE+-4SFP+ EI BR Swch\nJG978A HP 5130-48G-PoE+-4SFP+ EI BR Swch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5120 EI Switch Series\n R2221P08\n JE066A HP 5120-24G EI Switch\nJE067A HP 5120-48G EI Switch\nJE068A HP 5120-24G EI Switch with 2 Slots\nJE069A HP 5120-48G EI Switch with 2 Slots\nJE070A HP 5120-24G-PoE EI Switch with 2 Slots\nJE071A HP 5120-48G-PoE EI Switch with 2 Slots\nJG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts\nJG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts\nJG245A HP 5120-24G EI TAA Switch w 2 Intf Slts\nJG246A HP 5120-48G EI TAA Switch w 2 Intf Slts\nJG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts\nJG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts\n H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ)\nH3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS)\nH3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR)\nH3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT)\nH3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU)\nH3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5120 SI switch Series\n R1513P95\n JE072A HP 5120-48G SI Switch\nJE073A HP 5120-16G SI Switch\nJE074A HP 5120-24G SI Switch\nJG091A HP 5120-24G-PoE+ (370W) SI Switch\nJG092A HP 5120-24G-PoE+ (170W) SI Switch\n H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W)\nH3C S5120-20P-SI L2\n16GE Plus 4SFP (0235A42B)\nH3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D)\nH3C S5120-28P-HPWR-SI (0235A0E5)\nH3C S5120-28P-PWR-SI (0235A0E3)\n\n CVE-2014-3566\nCVE-2014-3568\n\n4800 G Switch Series\n R2221P08\n JD007A HP 4800-24G Switch\nJD008A HP 4800-24G-PoE Switch\nJD009A HP 4800-24G-SFP Switch\nJD010A HP 4800-48G Switch\nJD011A HP 4800-48G-PoE Switch\n\n 3Com Switch 4800G 24-Port (3CRS48G-24-91)\n3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91)\n3Com Switch 4800G 48-Port (3CRS48G-48-91)\n3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91)\n3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)\n CVE-2014-3566\nCVE-2014-3568\n\n4510G Switch Series\n R2221P08\n JF428A HP 4510-48G Switch\nJF847A HP 4510-24G Switch\n\n 3Com Switch 4510G 48 Port (3CRS45G-48-91)\n3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91)\n3Com Switch E4510-24G (3CRS45G-24-91)\n CVE-2014-3566\nCVE-2014-3568\n\n4210G Switch Series\n R2221P08\n JF844A HP 4210-24G Switch\nJF845A HP 4210-48G Switch\nJF846A HP 4210-24G-PoE Switch\n\n 3Com Switch 4210-24G (3CRS42G-24-91)\n3Com Switch 4210-48G (3CRS42G-48-91)\n3Com Switch E4210-24G-PoE (3CRS42G-24P-91)\n CVE-2014-3566\nCVE-2014-3568\n\n3610 Switch Series\n R5319P10\n JD335A HP 3610-48 Switch\nJD336A HP 3610-24-4G-SFP Switch\nJD337A HP 3610-24-2G-2G-SFP Switch\nJD338A HP 3610-24-SFP Switch\n H3C S3610-52P - model LS-3610-52P-OVS (0235A22C)\nH3C S3610-28P - model LS-3610-28P-OVS (0235A22D)\nH3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E)\nH3C S3610-28F - model LS-3610-28F-OVS (0235A22F)\n\n CVE-2014-3566\nCVE-2014-3568\n\n3600 V2 Switch Series\n R2110P03\n JG299A HP 3600-24 v2 EI Switch\nJG300A HP 3600-48 v2 EI Switch\nJG301A HP 3600-24-PoE+ v2 EI Switch\nJG301B HP 3600-24-PoE+ v2 EI Switch\nJG302A HP 3600-48-PoE+ v2 EI Switch\nJG302B HP 3600-48-PoE+ v2 EI Switch\nJG303A HP 3600-24-SFP v2 EI Switch\nJG304A HP 3600-24 v2 SI Switch\nJG305A HP 3600-48 v2 SI Switch\nJG306A HP 3600-24-PoE+ v2 SI Switch\nJG306B HP 3600-24-PoE+ v2 SI Switch\nJG307A HP 3600-48-PoE+ v2 SI Switch\nJG307B HP 3600-48-PoE+ v2 SI Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n3100V2\n R5203P11\n JD313B HP 3100-24-PoE v2 EI Switch\nJD318B HP 3100-8 v2 EI Switch\nJD319B HP 3100-16 v2 EI Switch\nJD320B HP 3100-24 v2 EI Switch\nJG221A HP 3100-8 v2 SI Switch\nJG222A HP 3100-16 v2 SI Switch\nJG223A HP 3100-24 v2 SI Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n3100V2-48\n R2110P03\n JG315A HP 3100-48 v2 Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1920\n R1105\n JG920A HP 1920-8G Switch\nJG921A HP 1920-8G-PoE+ (65W) Switch\nJG922A HP 1920-8G-PoE+ (180W) Switch\nJG923A HP 1920-16G Switch\nJG924A HP 1920-24G Switch\nJG925A HP 1920-24G-PoE+ (180W) Switch\nJG926A HP 1920-24G-PoE+ (370W) Switch\nJG927A HP 1920-48G Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1910 R11XX\n R1107\n JG536A HP 1910-8 Switch\nJG537A HP 1910-8 -PoE+ Switch\nJG538A HP 1910-24 Switch\nJG539A HP 1910-24-PoE+ Switch\nJG540A HP 1910-48 Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1910 R15XX\n R1513P95\n JE005A HP 1910-16G Switch\nJE006A HP 1910-24G Switch\nJE007A HP 1910-24G-PoE (365W) Switch\nJE008A HP 1910-24G-PoE(170W) Switch\nJE009A HP 1910-48G Switch\nJG348A HP 1910-8G Switch\nJG349A HP 1910-8G-PoE+ (65W) Switch\nJG350A HP 1910-8G-PoE+ (180W) Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1620\n R1104\n JG912A HP 1620-8G Switch\nJG913A HP 1620-24G Switch\nJG914A HP 1620-48G Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR20-1X\n R2513P33\n JD431A HP MSR20-10 Router\nJD667A HP MSR20-15 IW Multi-Service Router\nJD668A HP MSR20-13 Multi-Service Router\nJD669A HP MSR20-13 W Multi-Service Router\nJD670A HP MSR20-15 A Multi-Service Router\nJD671A HP MSR20-15 AW Multi-Service Router\nJD672A HP MSR20-15 I Multi-Service Router\nJD673A HP MSR20-11 Multi-Service Router\nJD674A HP MSR20-12 Multi-Service Router\nJD675A HP MSR20-12 W Multi-Service Router\nJD676A HP MSR20-12 T1 Multi-Service Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\nJG209A HP MSR20-12-T-W Router (NA)\nJG210A HP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\nH3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-11 (0235A31V)\nH3C MSR 20-12 (0235A32E)\nH3C MSR 20-12 T1 (0235A32B)\nH3C MSR 20-13 (0235A31W)\nH3C MSR 20-13 W (0235A31X)\nH3C MSR 20-15 A (0235A31Q)\nH3C MSR 20-15 A W (0235A31R)\nH3C MSR 20-15 I (0235A31N)\nH3C MSR 20-15 IW (0235A31P)\nH3C MSR20-12 W (0235A32G)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30\n R2513P33\n JD654A HP MSR30-60 POE Multi-Service Router\nJD657A HP MSR30-40 Multi-Service Router\nJD658A HP MSR30-60 Multi-Service Router\nJD660A HP MSR30-20 POE Multi-Service Router\nJD661A HP MSR30-40 POE Multi-Service Router\nJD666A HP MSR30-20 Multi-Service Router\nJF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF232A HP RT-MSR3040-AC-OVS-AS-H3\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)\nH3C MSR 30-20 (0235A19L)\nH3C MSR 30-20 POE (0235A239)\nH3C MSR 30-40 (0235A20J)\nH3C MSR 30-40 POE (0235A25R)\nH3C MSR 30-60 (0235A20K)\nH3C MSR 30-60 POE (0235A25S)\nH3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-16\n R2513P33\n JD659A HP MSR30-16 POE Multi-Service Router\nJD665A HP MSR30-16 Multi-Service Router\nJF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\nH3C MSR 30-16 (0235A237)\nH3C MSR 30-16 POE (0235A238)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-1X\n R2513P33\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\nH3C RT-MSR3011-AC-OVS-H3 (0235A29L)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50\n R2513P33\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50-G2\n R2513P33\n JD429A HP MSR50 G2 Processor Module\nJD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q)\nH3C MSR 50 High Performance Main Processing Unit 3GE (Combo)\n256F/1GD(0231A0KL)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR20 Russian version\n MSR201X_5.20.R2513L40.RU\n JD663B HP MSR20-21 Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR20-1X Russian version\n MSR201X_5.20.R2513L40.RU\n JD431A HP MSR20-10 Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30 Russian version\n MSR201X_5.20.R2513L40.RU\n JF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-16 Russian version\n MSR201X_5.20.R2513L40.RU\n JF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-1X Russian version\n MSR201X_5.20.R2513L40.RU\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L)\nH3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50 Russian version\n MSR201X_5.20.R2513L40.RU\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR 50 Processor Module (0231A791)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50 G2 Russian version\n MSR201X_5.20.R2513L40.RU\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR9XX\n R2513P33\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\nJG207A HP MSR900-W Router (NA)\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2)\nH3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR93X\n R2513P33\n JG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR1000\n R2513P33\n JG732A HP MSR1003-8 AC Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR1000 Russian version\n R2513L40.RU\n JG732A HP MSR1003-8 AC Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR2000\n R0106P18\n JG411A HP MSR2003 AC Router\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nMSR3000\n R0106P18\n JG404A HP MSR3064 Router\nJG405A HP MSR3044 Router\nJG406A HP MSR3024 AC Router\nJG409A HP MSR3012 AC Router\nJG861A HP MSR3024 TAA-compliant AC Router\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nMSR4000\n R0106P18\n JG402A HP MSR4080 Router Chassis\nJG403A HP MSR4060 Router Chassis\nJG412A HP MSR4000 MPU-100 Main Processing Unit\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nF5000\n F3210P22\n JG216A HP F5000 Firewall Standalone Chassis\nJD259A HP A5000-A5 VPN Firewall Chassis\n H3C SecPath F5000-A5 Host System (0150A0AG)\n\n CVE-2014-3566\nCVE-2014-3568\n\nF5000-C\n R3811P03\n JG650A HP F5000-C VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nF5000-S\n R3811P03\n JG370A HP F5000-S VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nU200S and CS\n F5123P30\n JD268A HP 200-CS UTM Appliance\nJD273A HP U200-S UTM Appliance\n H3C SecPath U200-S (0235A36N)\n\n CVE-2014-3566\nCVE-2014-3568\n\nU200A and M\n F5123P30\n JD274A HP 200-M UTM Appliance\nJD275A HP U200-A UTM Appliance\n H3C SecPath U200-A (0235A36Q)\n\n CVE-2014-3566\nCVE-2014-3568\n\nSecBlade III\n R3820P03\n JG371A HP 12500 20Gbps VPN Firewall Module\nJG372A HP 10500/11900/7500 20Gbps VPN FW Mod\n\n CVE-2014-3566\nCVE-2014-3568\n\nSecBlade FW\n R3181P05\n JC635A HP 12500 VPN Firewall Module\nJD245A HP 9500 VPN Firewall Module\nJD249A HP 10500/7500 Advanced VPN Firewall Mod\nJD250A HP 6600 Firewall Processing Rtr Module\nJD251A HP 8800 Firewall Processing Module\nJD255A HP 5820 VPN Firewall Module\n H3C S9500E SecBlade VPN Firewall Module (0231A0AV)\nH3C S7500E SecBlade VPN Firewall Module (0231A832)\nH3C SR66 Gigabit Firewall Module (0231A88A)\nH3C SR88 Firewall Processing Module (0231A88L)\nH3C S5820 SecBlade VPN Firewall Module (0231A94J)\n\n CVE-2014-3566\nCVE-2014-3568\n\nF1000-E\n R3181P05\n JD272A HP F1000-E VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nF1000-A\n R3734P06\n JG214A HP F1000-A-EI VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nF1000-S\n R3734P06\n JG213A HP F1000-S-EI VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nSecBlade SSL VPN\n Fix in Progress\nUse Mitigation\n JD253A HP 10500/7500 SSL VPN Mod w 500-user Lic\n\n CVE-2014-3566\nCVE-2014-3568\n\nVSR1000\n R0204P01\n JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software\nJG811AAE HP VSR1001 Comware 7 Virtual Services Router\nJG812AAE HP VSR1004 Comware 7 Virtual Services Router\nJG813AAE HP VSR1008 Comware 7 Virtual Services Router\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nWX5002/5004\n R2507P34\n JD441A HP 5800 ACM for 64-256 APs\nJD447B HP WX5002 Access Controller\nJD448A HP A-WX5004 Access Controller\nJD448B HP WX5004 Access Controller\nJD469A HP A-WX5004 (3Com) Access Controller\nJG261A HP 5800 Access Controller OAA TAA Mod\n\n CVE-2014-3566\nCVE-2014-3568\n\nHP 850/870\n R2607P34\n JG723A HP 870 Unified Wired-WLAN Appliance\nJG725A HP 870 Unifd Wrd-WLAN TAA Applnc\nJG722A HP 850 Unified Wired-WLAN Appliance\nJG724A HP 850 Unifd Wrd-WLAN TAA Applnc\n\n CVE-2014-3566\nCVE-2014-3568\n\nHP 830\n R3507P34\n JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch\nJG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch\nJG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch\nJG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\nHP 6000\n R2507P34\n JG639A HP 10500/7500 20G Unified Wired-WLAN Mod\nJG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod\n\n CVE-2014-3566\nCVE-2014-3568\n\nVCX\n Fix in Progress\nUse Mitigation\n J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\nJ9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\nJC517A HP VCX V7205 Platform w/DL 360 G6 Server\nJE355A HP VCX V6000 Branch Platform 9.0\nJC516A HP VCX V7005 Platform w/DL 120 G6 Server\nJC518A HP VCX Connect 200 Primry 120 G6 Server\nJ9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\nJE341A HP VCX Connect 100 Secondary\nJE252A HP VCX Connect Primary MIM Module\nJE253A HP VCX Connect Secondary MIM Module\nJE254A HP VCX Branch MIM Module\nJE355A HP VCX V6000 Branch Platform 9.0\nJD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\nJD023A HP MSR30-40 Router with VCX MIM Module\nJD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\nJD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\nJD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\nJD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\nJD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\nJE340A HP VCX Connect 100 Pri Server 9.0\nJE342A HP VCX Connect 100 Sec Server 9.0\n\n CVE-2014-3566\nCVE-2014-3568\n\niMC PLAT\n iMC PLAT v7.1 E0303P06\n JD125A HP IMC Std S/W Platform w/100-node\nJD126A HP IMC Ent S/W Platform w/100-node\nJD808A HP IMC Ent Platform w/100-node License\nJD815A HP IMC Std Platform w/100-node License\nJF377A HP IMC Std S/W Platform w/100-node Lic\nJF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU\nJF378A HP IMC Ent S/W Platform w/200-node Lic\nJF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU\nJG546AAE HP IMC Basic SW Platform w/50-node E-LTU\nJG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\nJG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\nJG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\nJG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\nJG659AAE HP IMC Smart Connect VAE E-LTU\nJG660AAE HP IMC Smart Connect w/WLM VAE E-LTU\nJG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU\nJG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU\nJG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU\nJG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\nJG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n\n CVE-2014-3566\n\niMC UAM\n iMC UAM v7.1 E0302P07\n JD144A HP IMC UAM S/W Module w/200-User License\nJF388A HP IMC UAM S/W Module w/200-user License\nJF388AAE HP IMC UAM S/W Module w/200-user E-LTU\nJG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU\n\n CVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\n\niMC WSM\n Fix in Progress\nUse Mitigation\n JD456A HP WSM Plug-in for IMC\nIncludes 50 Aps\nJF414A HP IMC WSM S/W Module with 50-AP License\nJF414AAE HP IMC WSM S/W Module with 50-AP E-LTU\nJG551AAE HP PMM to IMC WSM Upgr w/250 AP E-LTU\nJG769AAE HP PMM to IMC WSM Upg w/ 250-node E-LTU\n\n CVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\n\nA\n Fixes in progress\nuse mitigations\n J9565A HP 2615-8-PoE Switch\nJ9562A HP 2915-8G-PoE Switch\n\nE\n Fixes in progress\nuse mitigations\n J4850A HP ProCurve Switch 5304xl\nJ8166A HP ProCurve Switch 5304xl-32G\nJ4819A HP ProCurve Switch 5308xl\nJ8167A HP ProCurve Switch 5308xl-48G\nJ4849A HP ProCurve Switch 5348xl\nJ4849B HP ProCurve Switch 5348xl\nJ4848A HP ProCurve Switch 5372xl\nJ4848B HP ProCurve Switch 5372xl\n\nF\n Fixes in progress\nuse mitigations\n J4812A HP ProCurve 2512 Switch\nJ4813A HP ProCurve 2524 Switch\nJ4817A HP ProCurve 2312 Switch\nJ4818A HP ProCurve 2324 Switch\n\nH.07\n Fixes in progress\nuse mitigations\n J4902A HP ProCurve 6108 Switch\n\nH.10\n Fixes in progress\nuse mitigations\n J8762A HP E2600-8-PoE Switch\nJ4900A HP PROCURVE SWITCH 2626\nJ4900B HP ProCurve Switch 2626\nJ4900C ProCurve Switch 2626\nJ4899A HP ProCurve Switch 2650\nJ4899B HP ProCurve Switch 2650\nJ4899C ProCurve Switch 2650\nJ8164A ProCurve Switch 2626-PWR\nJ8165A HP ProCurve Switch 2650-PWR\n\ni.10\n Fixes in progress\nuse mitigations\n J4903A ProCurve Switch 2824\nJ4904A HP ProCurve Switch 2848\n\nJ\n Fixes in progress\nuse mitigations\n J9299A HP 2520-24G-PoE Switch\nJ9298A HP 2520-8G-PoE Switch\n\nK\n Fixes in progress\nuse mitigations\n J8692A HP 3500-24G-PoE yl Switch\nJ8693A HP 3500-48G-PoE yl Switch\nJ9310A HP 3500-24G-PoE+ yl Switch\nJ9311A HP 3500-48G-PoE+ yl Switch\nJ9470A HP 3500-24 Switch\nJ9471A HP 3500-24-PoE Switch\nJ9472A HP 3500-48 Switch\nJ9473A HP 3500-48-PoE Switch\nJ8697A HP E5406 zl Switch Chassis\nJ8699A HP 5406-48G zl Switch\nJ9447A HP 5406-44G-PoE+-4SFP zl Switch\nJ9533A HP 5406-44G-PoE+-2XG v2 zl Swch w Pm SW\nJ9539A HP 5406-44G-PoE+-4G v2 zl Swch w Prm SW\nJ9642A HP 5406 zl Switch with Premium Software\nJ9866A HP 5406 8p10GT 8p10GE Swch and Psw\nJ8698A HP E5412 zl Switch Chassis\nJ8700A HP 5412-96G zl Switch\nJ9448A HP 5412-92G-PoE+-4SFP zl Switch\nJ9532A HP 5412-92G-PoE+-2XG v2 zl Swch w Pm SW\nJ9540A HP 5412-92G-PoE+-4G v2 zl Swch w Prm SW\nJ9643A HP 5412 zl Switch with Premium Software\nJ8992A HP 6200-24G-mGBIC yl Switch\nJ9263A HP E6600-24G Switch\nJ9264A HP 6600-24G-4XG Switch\nJ9265A HP 6600-24XG Switch\nJ9451A HP E6600-48G Switch\nJ9452A HP 6600-48G-4XG Switch\nJ9475A HP E8206 zl Switch Base System\nJ9638A HP 8206-44G-PoE+-2XG v2 zl Swch w Pm SW\nJ9640A HP 8206 zl Switch w/Premium Software\nJ8715A ProCurve Switch 8212zl Base System\nJ8715B HP E8212 zl Switch Base System\nJ9091A ProCurve Switch 8212zl Chassis\u0026Fan Tray\nJ9639A HP 8212-92G-PoE+-2XG v2 zl Swch w Pm SW\nJ9641A HP 8212 zl Switch with Premium SW\n\nKA\n Fixes in progress\nuse mitigations\n J9573A HP 3800-24G-PoE+-2SFP+ Switch\nJ9574A HP 3800-48G-PoE+-4SFP+ Switch\nJ9575A HP 3800-24G-2SFP+ Switch\nJ9576A HP 3800-48G-4SFP+ Switch\nJ9584A HP 3800-24SFP-2SFP+ Switch\nJ9585A HP 3800-24G-2XG Switch\nJ9586A HP 3800-48G-4XG Switch\nJ9587A HP 3800-24G-PoE+-2XG Switch\nJ9588A HP 3800-48G-PoE+-4XG Switch\n\nKB\n Fixes in progress\nuse mitigations\n J9821A HP 5406R zl2 Switch\nJ9822A HP 5412R zl2 Switch\nJ9823A HP 5406R-Gig-T-PoE+/SFP+ v2 zl2 Swch\nJ9824A HP 5406R-Gig-T-PoE+/SFP v2 zl2 Swch\nJ9825A HP 5412R-Gig-T-PoE+/SFP+ v2 zl2 Swch\nJ9826A HP 5412R-Gig-T-PoE+/SFP v2 zl2 Swch\nJ9850A HP 5406R zl2 Switch\nJ9851A HP 5412R zl2 Switch\nJ9868A HP 5406R-8XGT/8SFP+ v2 zl2 Swch\n\nL\n Fixes in progress\nuse mitigations\n J8772B HP 4202-72 Vl Switch\nJ8770A HP 4204 Vl Switch Chassis\nJ9064A HP 4204-44G-4SFP Vl Switch\nJ8773A HP 4208 Vl Switch Chassis\nJ9030A HP 4208-68G-4SFP Vl Switch\nJ8775B HP 4208-96 Vl Switch\nJ8771A ProCurve Switch 4202VL-48G\nJ8772A ProCurve Switch 4202VL-72\nJ8774A ProCurve Switch 4208VL-64G\nJ8775A ProCurve Switch 4208VL-96\n\nM.08\n Fixes in progress\nuse mitigations\n J8433A HP 6400-6XG cl Switch\nJ8474A HP 6410-6XG cl Switch\n\nM.10\n Fixes in progress\nuse mitigations\n J4906A HP E3400-48G cl Switch\nJ4905A HP ProCurve Switch 3400cl-24G\n\nN\n Fixes in progress\nuse mitigations\n J9021A HP 2810-24G Switch\nJ9022A HP 2810-48G Switch\n\nPA\n Fixes in progress\nuse mitigations\n J9029A ProCurve Switch 1800-8G\n\nPB\n Fixes in progress\nuse mitigations\n J9028A ProCurve Switch 1800-24G\nJ9028B ProCurve Switch 1800-24G\n\nQ\n Fixes in progress\nuse mitigations\n J9019B HP 2510-24 Switch\nJ9019A ProCurve Switch 2510-24\n\nR\n Fixes in progress\nuse mitigations\n J9085A HP 2610-24 Switch\nJ9087A HP 2610-24-PoE Switch\nJ9086A HP 2610-24-PPoE Switch\nJ9088A HP 2610-48 Switch\nJ9089A HP 2610-48-PoE Switch\n\nRA\n Fixes in progress\nuse mitigations\n J9623A HP 2620-24 Switch\nJ9624A HP 2620-24-PPoE+ Switch\nJ9625A HP 2620-24-PoE+ Switch\nJ9626A HP 2620-48 Switch\nJ9627A HP 2620-48-PoE+ Switch\n\nS\n Fixes in progress\nuse mitigations\n J9138A HP 2520-24-PoE Switch\nJ9137A HP 2520-8-PoE Switch\n\nT\n Fixes in progress\nuse mitigations\n J9049A ProCurve Switch 2900- 24G\nJ9050A ProCurve Switch 2900 48G\n\nU\n Fixes in progress\nuse mitigations\n J9020A HP 2510-48 Switch\n\nVA\n Fixes in progress\nuse mitigations\n J9079A HP 1700-8 Switch\n\nVB\n Fixes in progress\nuse mitigations\n J9080A HP 1700-24 Switch\n\nW\n Fixes in progress\nuse mitigations\n J9145A HP 2910-24G al Switch\nJ9146A HP 2910-24G-PoE+ al Switch\nJ9147A HP 2910-48G al Switch\nJ9148A HP 2910-48G-PoE+ al Switch\n\nWB\n Fixes in progress\nuse mitigations\n J9726A HP 2920-24G Switch\nJ9727A HP 2920-24G-POE+ Switch\nJ9728A HP 2920-48G Switch\nJ9729A HP 2920-48G-POE+ Switch\nJ9836A HP 2920-48G-POE+ 740W Switch\n\nY\n Fixes in progress\nuse mitigations\n J9279A HP 2510-24G Switch\nJ9280A HP 2510-48G Switch\n\nYA\n Fixes in progress\nuse mitigations\n J9772A HP 2530-48G-PoE+ Switch\nJ9773A HP 2530-24G-PoE+ Switch\nJ9774A HP 2530-8G-PoE+ Switch\nJ9775A HP 2530-48G Switch\nJ9776A HP 2530-24G Switch\nJ9777A HP 2530-8G Switch\nJ9778A HP 2530-48-PoE+ Switch\nJ9781A HP 2530-48 Switch\nJ9853A HP 2530-48G-PoE+-2SFP+ Switch\nJ9854A HP 2530-24G-PoE+-2SFP+ Switch\nJ9855A HP 2530-48G-2SFP+ Switch\nJ9856A HP 2530-24G-2SFP+ Switch\n\nYB\n Fixes in progress\nuse mitigations\n J9779A HP 2530-24-PoE+ Switch\nJ9780A HP 2530-8-PoE+ Switch\nJ9782A HP 2530-24 Switch\nJ9783A HP 2530-8 Switch\n\nMSM 6.5\n 6.5.1.0\n J9420A HP MSM760 Premium Mobility Controller\nJ9421A HP MSM760 Access Controller\nJ9370A HP MSM765 Zl Premium Mobility Controller\nJ9693A HP MSM720 Access Controller (WW)\nJ9694A HP MSM720 Premium Mobility Cntlr (WW)\nJ9695A HP MSM720 TAA Access Controller\nJ9696A HP MSM720 TAA Premium Mobility Cntlr\nJ9840A HP MSM775 zl Premium Controller Module\nJ9845A HP 560 Wireless 802.11ac (AM) AP\nJ9846A HP 560 Wireless 802.11ac (WW) AP\nJ9847A HP 560 Wireless 802.11ac (JP) AP\nJ9848A HP 560 Wireless 802.11ac (IL) AP\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\nJ9426A HP E-MSM410 Access Point (US)\nJ9426B HP MSM410 Access Point (US)\nJ9427A HP E-MSM410 Access Point (WW)\nJ9427B HP MSM410 Access Point (WW)\nJ9427C HP MSM410 Access Point (WW)\nJ9529A HP E-MSM410 Access Point (JP)\nJ9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\n\nMSM 6.4\n 6.4.2.1\n J9840A HP MSM775 zl Premium Controller Module\nJ9370A HP MSM765 Zl Premium Mobility Controller\nJ9420A HP MSM760 Premium Mobility Controller\nJ9421A HP MSM760 Access Controller\nJ9693A HP MSM720 Access Controller (WW)\nJ9694A HP MSM720 Premium Mobility Cntlr (WW)\nJ9695A HP MSM720 TAA Access Controller\nJ9696A HP MSM720 TAA Premium Mobility Cntlr\nJ9426A HP E-MSM410 Access Point (US)\nJ9426B HP MSM410 Access Point (US)\nJ9427A HP E-MSM410 Access Point (WW)\nJ9427B HP MSM410 Access Point (WW)\nJ9427C HP MSM410 Access Point (WW)\nJ9529A HP E-MSM410 Access Point (JP)\nJ9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\n\nMSM 6.3\n 6.3.1.0\n J9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\nJ9356A HP E-MSM335 Access Point (US)\nJ9356B HP MSM335 Access Point (US)\nJ9357A HP E-MSM335 Access Point (WW)\nJ9357B HP MSM335 Access Point (WW)\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\nJ9360A HP E-MSM320 Access Point (US)\nJ9360B HP MSM320 Access Point (US)\nJ9364A HP E-MSM320 Access Point (WW)\nJ9364B HP MSM320 Access Point (WW)\nJ9365A HP MSM320-R Access Point (US)\nJ9365B HP MSM320-R Access Point (US)\nJ9368A HP E-MSM320-R Access Point (WW)\nJ9368B HP MSM320-R Access Point (WW)\nJ9373A HP E-MSM325 Access Point (WW)\nJ9373B HP MSM325 Access Point (WW)\nJ9374A HP E-MSM310 Access Point (US)\nJ9374B HP MSM310 Access Point (US)\nJ9379A HP MSM310 Access Point (WW)\nJ9379B HP MSM310 Access Point (WW)\nJ9380A HP E-MSM310-R Access Point (US)\nJ9380B HP MSM310-R Access Point (US)\nJ9383A HP E-MSM310-R Access Point (WW)\nJ9383B HP MSM310-R Access Point (WW)\nJ9524A HP E-MSM310 Access Point (JP)\nJ9524B HP MSM310 Access Point (JP)\nJ9527A HP E-MSM320 Access Point (JP)\nJ9527B HP MSM320 Access Point (JP)\nJ9528A HP E-MSM320-R Access Point (JP)\nJ9528B HP MSM320-R Access Point (JP)\n\nMSM 6.2\n 6.2.1.2\n J9370A HP MSM765 Zl Premium Mobility Controller\nJ9356A HP E-MSM335 Access Point (US)\nJ9356B HP MSM335 Access Point (US)\nJ9357A HP E-MSM335 Access Point (WW)\nJ9357B HP MSM335 Access Point (WW)\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\nJ9420A HP MSM760 Premium Mobility Controller\nJ9421A HP MSM760 Access Controller\nJ9840A HP MSM775 zl Premium Controller Module\nJ9360A HP E-MSM320 Access Point (US)\nJ9360B HP MSM320 Access Point (US)\nJ9364A HP E-MSM320 Access Point (WW)\nJ9364B HP MSM320 Access Point (WW)\nJ9365A HP MSM320-R Access Point (US)\nJ9365B HP MSM320-R Access Point (US)\nJ9368A HP E-MSM320-R Access Point (WW)\nJ9368B HP MSM320-R Access Point (WW)\nJ9373A HP E-MSM325 Access Point (WW)\nJ9373B HP MSM325 Access Point (WW)\nJ9374A HP E-MSM310 Access Point (US)\nJ9374B HP MSM310 Access Point (US)\nJ9379A HP MSM310 Access Point (WW)\nJ9379B HP MSM310 Access Point (WW)\nJ9380A HP E-MSM310-R Access Point (US)\nJ9380B HP MSM310-R Access Point (US)\nJ9383A HP E-MSM310-R Access Point (WW)\nJ9383B HP MSM310-R Access Point (WW)\nJ9524A HP E-MSM310 Access Point (JP)\nJ9524B HP MSM310 Access Point (JP)\nJ9527A HP E-MSM320 Access Point (JP)\nJ9527B HP MSM320 Access Point (JP)\nJ9528A HP E-MSM320-R Access Point (JP)\nJ9528B HP MSM320-R Access Point (JP)\nJ9426A HP E-MSM410 Access Point (US)\nJ9426B HP MSM410 Access Point (US)\nJ9427A HP E-MSM410 Access Point (WW)\nJ9427B HP MSM410 Access Point (WW)\nJ9427C HP MSM410 Access Point (WW)\nJ9529A HP E-MSM410 Access Point (JP)\nJ9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\nJ9693A HP MSM720 Access Controller (WW)\nJ9694A HP MSM720 Premium Mobility Cntlr (WW)\nJ9695A HP MSM720 TAA Access Controller\nJ9696A HP MSM720 TAA Premium Mobility Cntlr\n\nM220\n Fixes in progress\nuse mitigations\n J9798A HP M220 802.11n (AM) Access Point\nJ9799A HP M220 802.11n (WW) Access Point\n\nM210\n Fixes in progress\nuse mitigations\n JL023A HP M210 802.11n (AM) Access Point\nJL024A HP M210 802.11n (WW) Access Point\n\nPS110\n Fixes in progress\nuse mitigations\n JL065A HP PS110 Wireless 802.11n VPN AM Router\nJL066A HP PS110 Wireless 802.11n VPN WW Router\n\nHP Office Connect 1810 PK\n Fixes in progress\nuse mitigations\n J9660A HP 1810-48G Switch\n\nHP Office Connect 1810 P\n Fixes in progress\nuse mitigations\n J9450A HP 1810-24G Switch\nJ9449A HP 1810-8G Switch\n\nHP Office Connect 1810 PL\n Fixes in progress\nuse mitigations\n J9802A HP 1810-8G v2 Switch\nJ9803A HP 1810-24G v2 Switch\n\nRF Manager\n Fixes in progress\nuse mitigations\n J9522A HP E-MSM415 RF Security Sensor J9521A HP RF Manager Controller with\n50 Sensor License J9838AAE HP RF Manager for VMware 50 Sensor E-LTU\n\nHP Office Connect 1810 PM\n Fixes in progress\nuse mitigations\n J9800A HP 1810-8 v2 Switch\nJ9801A HP 1810-24 v2 Switch\n\nHP Office Connect PS1810\n Fixes in progress\nuse mitigations\n J9833A HP PS1810-8G Switch\nJ9834A HP PS1810-24G Switch\n\nMitigation Instructions\n\nFor SSLv3 Server Functionality on Impacted Products:\n\nDisable SSLv3 on clients\nand/or disable CBC ciphers on clients\nUse Access Control functionality to control client access\n\nFor SSLv3 Client Functionality on Impacted Products:\n\nGo to SSL server and disable SSLv3\nand/or disable CBC ciphers\nUse Access Control functionality to control access to servers\n\nHISTORY\nVersion:1 (rev.1) - 2 April 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. The HP Matrix\nOperating Environment v7.2.3 Update kit applicable to HP Matrix Operating\nEnvironment 7.2.x installations is available at the following location:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=HPID\n\nNOTE: Please read the readme.txt file before proceeding with the\ninstallation. \nHP BladeSystem c-Class Onboard Administrator (OA) 4.30 and earlier. \n\nGo to\nhttp://www.hp.com/go/oa\n\nSelect \"Onboard Administrator Firmware\"\nSelect product name as \"\"HP BLc3000 Onboard Administrator Option\" or \"HP\nBLc7000 Onboard Administrator Option\"\nSelect the operating system from the list of choices\nSelect Firmware version 4.40 for download\nRefer to the HP BladeSystem Onboard Administrator User Guide for steps to\nupdate the Onboard Administrator firmware. ============================================================================\nUbuntu Security Notice USN-2385-1\nOctober 16, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \nThis issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.7\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.20\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.22\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      },
      {
        "db": "BID",
        "id": "70586"
      },
      {
        "db": "PACKETSTORM",
        "id": "169664"
      },
      {
        "db": "PACKETSTORM",
        "id": "128793"
      },
      {
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "128921"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "db": "PACKETSTORM",
        "id": "128838"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "131306"
      },
      {
        "db": "PACKETSTORM",
        "id": "128708"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3567",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "70586",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "62124",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "62030",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61058",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59627",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61819",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61130",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61207",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61837",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61990",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61298",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "62070",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61073",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61959",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031052",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10091",
        "trust": 1.1
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2148",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3567",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131306",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130815",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128838",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131273",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131014",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132085",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131044",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128708",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128921",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132081",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133617",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132080",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128728",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128793",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169664",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "BID",
        "id": "70586"
      },
      {
        "db": "PACKETSTORM",
        "id": "131306"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "128838"
      },
      {
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "128708"
      },
      {
        "db": "PACKETSTORM",
        "id": "128921"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "db": "PACKETSTORM",
        "id": "128793"
      },
      {
        "db": "PACKETSTORM",
        "id": "169664"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "id": "VAR-201410-1144",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.3025641
  },
  "last_update_date": "2024-07-23T21:24:46.357000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl-1.0.0o",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52068"
      },
      {
        "title": "openssl-0.9.8zc",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52067"
      },
      {
        "title": "openssl-1.0.1j",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52069"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/10/15/openssl_ddos_vulns/"
      },
      {
        "title": "Red Hat: Critical: rhev-hypervisor6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150126 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2014-3567",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3567"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2385-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3053-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=89bdef3607a7448566a930eca0e94cb3"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-427",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-427"
      },
      {
        "title": "Symantec Security Advisories: SA87 : OpenSSL Security Advisory 15-Oct-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=374cff59719675d8235f907c21b99bfc"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720141015\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2014-11"
      },
      {
        "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
      },
      {
        "title": "Splunk Security Announcements: Splunk Enterprise versions 6.0.7 and 5.0.11 address three vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=555e6256ba536e4a20d40e659e367839"
      },
      {
        "title": "Splunk Security Announcements: Splunk Enterprise 6.1.5 addresses two vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=dfed8c47fbdf5e7bb5fbbdd725bdfb67"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
      },
      {
        "title": "rhsecapi",
        "trust": 0.1,
        "url": "https://github.com/redhatofficial/rhsecapi "
      },
      {
        "title": "cve-pylib",
        "trust": 0.1,
        "url": "https://github.com/redhatproductsecurity/cve-pylib "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://www.openssl.org/news/secadv_20141015.txt"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "trust": 1.4,
        "url": "http://www.splunk.com/view/sp-caaanst"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "trust": 1.4,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/70586"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1692.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2385-1"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:203"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1652.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2014/dsa-3053"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61130"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61073"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62070"
      },
      {
        "trust": 1.1,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031052"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61207"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62030"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61819"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61058"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61990"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61837"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62124"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/ht204244"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0126.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142834685803386\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10091"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61959"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61298"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59627"
      },
      {
        "trust": 1.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0416.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht205217"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=7fd4ce6a997be5f5c9e744ac527725c2850de203"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.8,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.8,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.8,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.4,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21687676"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "https://bto.bluecoat.com/security-advisory/sa87"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690537"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959161"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691210"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/may/158"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/may/156"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/may/157"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/may/159"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/feb/151"
      },
      {
        "trust": 0.3,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:23.openssl.asc"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04492722"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04540692"
      },
      {
        "trust": 0.3,
        "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04561445"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04616259"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/apr/35"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04533567 "
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04533567 "
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686792"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098196"
      },
      {
        "trust": 0.3,
        "url": "https://support.asperasoft.com/entries/103000206-security-advisory-cve-2014-3513-cve-2014-3566-poodle-cve-2014-3567-cve-2014-3568"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097074"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21884030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959134"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21688284"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697995"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697165"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687801"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21689482"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097375"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689101"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098265"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021548"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097587"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701452"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098251"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098105"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693662"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689347"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097159"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097913"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097867"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097911"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097807"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098586"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689743"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020593"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691140"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2015-0001.html "
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101009000"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699200"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700489"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687863"
      },
      {
        "trust": 0.3,
        "url": "www-01.ibm.com/support/docview.wss?uid=ssg1s1005003"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-3567"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:0126"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2385-1/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37192"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/oa"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.7"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.22"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5910"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://developer.apple.com/xcode/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6394"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5909"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/1232123"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/~bodo/ssl-poodle.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "BID",
        "id": "70586"
      },
      {
        "db": "PACKETSTORM",
        "id": "131306"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "128838"
      },
      {
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "128708"
      },
      {
        "db": "PACKETSTORM",
        "id": "128921"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "db": "PACKETSTORM",
        "id": "128793"
      },
      {
        "db": "PACKETSTORM",
        "id": "169664"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "BID",
        "id": "70586"
      },
      {
        "db": "PACKETSTORM",
        "id": "131306"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "128838"
      },
      {
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "128708"
      },
      {
        "db": "PACKETSTORM",
        "id": "128921"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "db": "PACKETSTORM",
        "id": "128793"
      },
      {
        "db": "PACKETSTORM",
        "id": "169664"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-10-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "date": "2014-10-15T00:00:00",
        "db": "BID",
        "id": "70586"
      },
      {
        "date": "2015-04-06T19:11:05",
        "db": "PACKETSTORM",
        "id": "131306"
      },
      {
        "date": "2015-03-13T17:11:00",
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "date": "2014-10-24T20:07:16",
        "db": "PACKETSTORM",
        "id": "128838"
      },
      {
        "date": "2015-04-03T15:45:16",
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "date": "2015-03-25T00:42:25",
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "date": "2015-05-29T23:37:43",
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "date": "2015-03-27T20:42:44",
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "date": "2014-10-17T00:03:35",
        "db": "PACKETSTORM",
        "id": "128708"
      },
      {
        "date": "2014-10-31T23:08:29",
        "db": "PACKETSTORM",
        "id": "128921"
      },
      {
        "date": "2015-05-29T23:37:11",
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "date": "2015-09-19T15:31:48",
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "date": "2015-05-29T23:37:04",
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "date": "2014-10-17T14:50:20",
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "date": "2014-10-22T18:52:41",
        "db": "PACKETSTORM",
        "id": "128793"
      },
      {
        "date": "2014-10-15T12:12:12",
        "db": "PACKETSTORM",
        "id": "169664"
      },
      {
        "date": "2014-10-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      },
      {
        "date": "2014-10-19T01:55:13.933000",
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "date": "2016-09-09T15:00:00",
        "db": "BID",
        "id": "70586"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      },
      {
        "date": "2023-11-07T02:20:13.200000",
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "128708"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Memory leak denial of service vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      }
    ],
    "trust": 0.6
  }
}

var-200609-0914
Vulnerability from variot

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

~ VMware Security Advisory

Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340

  1. Summary:

~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

  1. Relevant releases:

~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

  1. Problem description:

~ a. Host to guest shared folder (HGFS) traversal vulnerability

~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ b. Insecure named pipes

~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ d. Updated OpenSSL library to address various security vulnerabilities

~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion is not affected by this issue.

~ e. VIX API default setting changed to a more secure default value

~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

~ g. DHCP denial of service vulnerability

~ A potential denial of service issue affects DHCP service running ~ on the host.

~ VMware would like to thank Martin O'Neal for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

~ VMware would like to thank Sun Bing for reporting the issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

  1. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

  1. References:

~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

  1. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- .

References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540 Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17 Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23

hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation

To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache

Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache

Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation

The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND

RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline

Gentoo Linux Security Advisory GLSA 200610-11

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11

Synopsis

OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

All OpenSSL 0.9.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

References

[ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. (CVE-2006-4343)

Updated packages are patched to address these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Updated Packages:

Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

  1. Certain types of public key can take disproportionate amounts of time to process.

Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

Acknowledgements

The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

SSLv2 Client Crash (CVE-2006-4343)

Vulnerability

A flaw in the SSLv2 client code was discovered.

Recommendations

These vulnerabilities are resolved in the following versions of OpenSSL:

  • in the 0.9.7 branch, version 0.9.7l (or later);
  • in the 0.9.8 branch, version 0.9.8d (or later).

OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.8d.tar.gz
  MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
  SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2

o openssl-0.9.7l.tar.gz
  MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
  SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz

After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20060928.txt

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0914",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.30"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "wide area file services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/32"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "call manager sr2c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1.79"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.5"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.16"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "computing snapgear sg565",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.2"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.3"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "hardware management console for pseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "bind a5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "hardware management console for iseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76650"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/3"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "project openssl b-36.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.00"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "s8700 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8300 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "3.0"
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.11"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.2"
      },
      {
        "model": "hardware management console for iseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.680404"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "s8710 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "server c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "karagulle cwrsync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.9"
      },
      {
        "model": "grid engine update5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "hardware management console for pseries r5.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.380004"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.7"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.334685"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "grid engine update7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "hardware management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.5"
      },
      {
        "model": "server 0.9.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.4.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "call manager es32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "call manager 4.1 sr4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "karagulle cwrsync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tevfik",
        "version": "2.0.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1-1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.9"
      },
      {
        "model": "server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "propack sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "bind a4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "computing snapgear sg560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "hardware management console for pseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.2"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.6.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3"
      },
      {
        "model": "server 0.8.6a",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "hardware management console for pseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "3.0/31"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "firewalll",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.60"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "hardware management console for iseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.680404"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "bind a1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind rc3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "call manager sr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.2.0.1"
      },
      {
        "model": "call manager sr2b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.0.201"
      },
      {
        "model": "hardware management console for iseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "call manager es07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "hardware management console for pseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.8"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "operating system enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.7"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "232"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "76550"
      },
      {
        "model": "wireless control system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "hardware management console for iseries r2.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.2"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.3"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.5.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.17"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.3"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.5"
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "bind rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "hardware management console for pseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.4"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "amc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/6"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0.1"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.61"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.1.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.1"
      },
      {
        "model": "access registrar",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.7.1"
      },
      {
        "model": "hardware management console for iseries r3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "server 0.9.4d",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "grid engine update7 1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.4"
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "bind a2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "call manager es40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.19"
      },
      {
        "model": "call manager es50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "amc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0/5"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.4"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.04"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ids",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "security agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.659"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.4"
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "reflection for secure it sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.22"
      },
      {
        "model": "bind a3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "hardware management console for iseries r3.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "reflection for secure it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "grid engine update1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "css11500 content services switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44900"
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.2"
      },
      {
        "model": "call manager es56",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.0"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0x86"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.11"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "bind -p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "ipcop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.12"
      },
      {
        "model": "hardware management console for iseries r1.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3)4.2"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "1.4.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "predictive dialer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.3.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.0"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "works common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "bind b3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "grid engine update2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.193"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "filezilla",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.15"
      },
      {
        "model": "hardware management console for iseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.2"
      },
      {
        "model": "security mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "call manager sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "predictive dialing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.1"
      },
      {
        "model": "hardware management console for pseries r4.0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.5"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "ipcop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipcop",
        "version": "1.4.13"
      },
      {
        "model": "insight management agents for tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "call manager es33",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.5"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.0"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.8"
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.3"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "beta11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/2"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.6"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hardware management console for pseries r3.6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "openpkg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openpkg",
        "version": "2.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "filezilla",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "2.2.28"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/4"
      },
      {
        "model": "bind rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "bind b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.9"
      },
      {
        "model": "hardware management console for pseries r3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.4"
      },
      {
        "model": "computing snapgear sg710",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.3"
      },
      {
        "model": "call manager es62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.444386"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "fast360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/5"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.2"
      },
      {
        "model": "css11500 content services switch s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.10"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.2.1"
      },
      {
        "model": "groupware server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kolab",
        "version": "2.0.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "bind b1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "fast360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "4.0/1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "255"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "secure acs build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)23"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.2"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "openvms secure web server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "server b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.8"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.1.3"
      },
      {
        "model": "ace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "275"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.2.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "bind b2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "grid engine update3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "s8500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.639"
      },
      {
        "model": "workcentre pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "245"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.9"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.2"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.1.0.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.342958"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "s8500 cm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "hat red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4.2"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.0"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "hat enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "2.1"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.0.7"
      },
      {
        "model": "grid engine update4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "ons mspp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.3.30"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.3.728"
      },
      {
        "model": "call manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3(1)"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bind -p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3.2"
      },
      {
        "model": "grid engine update6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "ciscoworks common management foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.4"
      },
      {
        "model": "bind a6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "hardware management console for iseries r2.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.3"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "tru64 b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.4.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "call manager es55",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "css11500 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.5"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server 0.9.4e",
        "scope": null,
        "trust": 0.3,
        "vendor": "filezilla",
        "version": null
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.380004"
      },
      {
        "model": "tru64 b-3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "security agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5.1.657"
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.400"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "265"
      },
      {
        "model": "call manager es24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "hardware management console for pseries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.3.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44910"
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2006.0"
      },
      {
        "model": "computing snapgear u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "secure",
        "version": "3.1.4"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ssl360",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "serv u",
        "version": "6.01"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "4.5.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.9.6"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "filezilla",
        "version": "0.8.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "download accelarator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "prozilla",
        "version": "1.3.2"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.3"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "computing snapgear sg580",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "isc",
        "version": "9.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "openvms secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1-1"
      },
      {
        "model": "application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44920"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)4.2"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "238"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.5"
      },
      {
        "model": "server build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.580187"
      },
      {
        "model": "ons mstp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "ssl360",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arkoon",
        "version": "2.0/3"
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. S. N. Henson  of the OpenSSL core team and Open Network Security is credited  with the discovery of this vulnerability. He created the test suite that uncovered this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-2937",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2937",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#247744",
            "trust": 0.8,
            "value": "0.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20060928.txt\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      }
    ],
    "trust": 4.68
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 3.4
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#247744",
        "trust": 2.1
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "23155",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23340",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22671",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23351",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22385",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "23131",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22544",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "20248",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "22799",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "25889",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "26329",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22772",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22626",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31531",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22460",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23680",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23915",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "30124",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22298",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22487",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "22758",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "23038",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24950",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "31492",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "24930",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3936",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4019",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4264",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3860",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4750",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4036",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4417",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4980",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4329",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2315",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0343",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2396",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3820",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3869",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4401",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0905",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3902",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4327",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4761",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2783",
        "trust": 1.0
      },
      {
        "db": "OSVDB",
        "id": "29260",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "28276",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "64684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50548",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169663",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "id": "VAR-200609-0914",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.30152614
  },
  "last_update_date": "2024-06-17T03:17:25.544000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.6,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 2.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
      },
      {
        "trust": 1.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
      },
      {
        "trust": 1.3,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
      },
      {
        "trust": 1.3,
        "url": "http://www.kb.cert.org/vuls/id/247744"
      },
      {
        "trust": 1.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
      },
      {
        "trust": 1.0,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
      },
      {
        "trust": 1.0,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
      },
      {
        "trust": 1.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304829"
      },
      {
        "trust": 1.0,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
      },
      {
        "trust": 1.0,
        "url": "http://issues.rpath.com/browse/rpl-613"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
      },
      {
        "trust": 1.0,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
      },
      {
        "trust": 1.0,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
      },
      {
        "trust": 1.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://openbsd.org/errata.html#openssl2"
      },
      {
        "trust": 1.0,
        "url": "http://openvpn.net/changelog.html"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22094"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22116"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22130"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22165"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22166"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22172"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22186"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22193"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22207"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22212"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22216"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22220"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22240"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22259"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22260"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22284"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22298"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22330"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22385"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22487"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22544"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22626"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22671"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22758"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22772"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/22799"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23038"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23131"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23155"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23280"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23309"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23340"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23351"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23680"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/23915"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24930"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/24950"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/25889"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/26329"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/30124"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31492"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/31531"
      },
      {
        "trust": 1.0,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
      },
      {
        "trust": 1.0,
        "url": "http://securitytracker.com/id?1016943"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
      },
      {
        "trust": 1.0,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
      },
      {
        "trust": 1.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
      },
      {
        "trust": 1.0,
        "url": "http://support.attachmate.com/techdocs/2374.html"
      },
      {
        "trust": 1.0,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 1.0,
        "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.debian.org/security/2006/dsa-1185"
      },
      {
        "trust": 1.0,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
      },
      {
        "trust": 1.0,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.osvdb.org/29260"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/20248"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/28276"
      },
      {
        "trust": 1.0,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.0,
        "url": "http://www.trustix.org/errata/2006/0054"
      },
      {
        "trust": 1.0,
        "url": "http://www.ubuntu.com/usn/usn-353-1"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3820"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3860"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3869"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3902"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3936"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4019"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4036"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4264"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4327"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4329"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4417"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4750"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4761"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/4980"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0343"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1401"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2315"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2783"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0905/references"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2396"
      },
      {
        "trust": 1.0,
        "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
      },
      {
        "trust": 1.0,
        "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
      },
      {
        "trust": 0.9,
        "url": "http://www.openssl.org/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23131/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22544/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22385/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22671/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23155/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23340/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23351/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
      },
      {
        "trust": 0.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
      },
      {
        "trust": 0.3,
        "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
      },
      {
        "trust": 0.3,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
      },
      {
        "trust": 0.3,
        "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-452.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.cyberguard.info/snapgear/releases.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
      },
      {
        "trust": 0.3,
        "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
      },
      {
        "trust": 0.3,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
      },
      {
        "trust": 0.2,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.2,
        "url": "https://www.niscc.gov.uk)."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ace/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/player/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/ws5.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/fusion/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/ws/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://pgp.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.openpkg.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
      },
      {
        "trust": 0.1,
        "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "20248"
      },
      {
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2008-03-19T02:18:56",
        "db": "PACKETSTORM",
        "id": "64684"
      },
      {
        "date": "2006-10-04T01:20:54",
        "db": "PACKETSTORM",
        "id": "50560"
      },
      {
        "date": "2007-01-27T02:35:42",
        "db": "PACKETSTORM",
        "id": "53990"
      },
      {
        "date": "2007-08-08T07:19:47",
        "db": "PACKETSTORM",
        "id": "58346"
      },
      {
        "date": "2006-10-25T21:37:36",
        "db": "PACKETSTORM",
        "id": "51324"
      },
      {
        "date": "2006-10-04T00:46:38",
        "db": "PACKETSTORM",
        "id": "50548"
      },
      {
        "date": "2006-09-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169663"
      },
      {
        "date": "2006-09-28T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#247744"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2015-03-19T08:40:00",
        "db": "BID",
        "id": "20248"
      },
      {
        "date": "2018-10-18T16:43:56.543000",
        "db": "NVD",
        "id": "CVE-2006-2937"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#247744"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "20248"
      }
    ],
    "trust": 0.3
  }
}